1# @ohos.privacyManager (Privacy Management) (System API) 2 3The **privacyManager** module provides APIs for privacy management, such as management of permission usage records. 4 5> **NOTE** 6> 7> - The initial APIs of this module are supported since API version 9. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8> - The APIs provided by this module are system APIs. 9 10## Modules to Import 11 12```ts 13import { privacyManager } from '@kit.AbilityKit'; 14``` 15 16 17## privacyManager.addPermissionUsedRecord 18 19addPermissionUsedRecord(tokenID: number, permissionName: Permissions, successCount: number, failCount: number, options?: AddPermissionUsedRecordOptions): Promise<void> 20 21Adds a permission usage record when an application protected by the permission is called by another service or application. This API uses a promise to return the result. 22The permission usage record includes the application identity (token ID) of the caller, name of the permission used, and number of successful and failed accesses to the target application. 23 24**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 25 26**System capability**: SystemCapability.Security.AccessToken 27 28**Parameters** 29 30| Name | Type | Mandatory| Description | 31| -------- | ------------------- | ---- | ------------------------------------------ | 32| tokenID | number | Yes | Token ID of the caller, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 33| permissionName | Permissions | Yes | Name of the permission.| 34| successCount | number | Yes | Number of successful accesses.| 35| failCount | number | Yes | Number of failed accesses.| 36| options<sup>12+</sup> | [AddPermissionUsedRecordOptions](#addpermissionusedrecordoptions12) | No | Options for adding a permission usage record. This parameter is supported since API version 12.| 37 38**Return value** 39 40| Type | Description | 41| :------------ | :---------------------------------- | 42| Promise<void> | Promise that returns no value.| 43 44**Error codes** 45 46For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 47 48| ID| Error Message| 49| -------- | -------- | 50| 201 | Permission denied. Interface caller does not have permission. | 51| 202 | Not System App. Interface caller is not a system app. | 52| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 53| 12100001 | Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, the count value is invalid, or usedType in AddPermissionUsedRecordOptions is invalid. | 54| 12100002 | The specified tokenID does not exist or refer to an application process. | 55| 12100003 | The specified permission does not exist or is not an user_grant permission. | 56| 12100007 | The service is abnormal. | 57| 12100008 | Out of memory. | 58 59**Example** 60 61```ts 62import { privacyManager } from '@kit.AbilityKit'; 63import { BusinessError } from '@kit.BasicServicesKit'; 64 65let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 66privacyManager.addPermissionUsedRecord(tokenID, 'ohos.permission.READ_AUDIO', 1, 0).then(() => { 67 console.log('addPermissionUsedRecord success'); 68}).catch((err: BusinessError) => { 69 console.error(`addPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 70}); 71// with options param 72let options: privacyManager.AddPermissionUsedRecordOptions = { 73 usedType: privacyManager.PermissionUsedType.PICKER_TYPE 74}; 75privacyManager.addPermissionUsedRecord(tokenID, 'ohos.permission.READ_AUDIO', 1, 0, options).then(() => { 76 console.log('addPermissionUsedRecord success'); 77}).catch((err: BusinessError) => { 78 console.error(`addPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 79}); 80``` 81 82## privacyManager.addPermissionUsedRecord 83 84addPermissionUsedRecord(tokenID: number, permissionName: Permissions, successCount: number, failCount: number, callback: AsyncCallback<void>): void 85 86Adds a permission usage record when an application protected by the permission is called by another service or application. This API uses an asynchronous callback to return the result. 87The permission usage record includes the application identity (token ID) of the caller, name of the permission used, and number of successful and failed accesses to the target application. 88 89**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 90 91**System capability**: SystemCapability.Security.AccessToken 92 93**Parameters** 94 95| Name | Type | Mandatory| Description | 96| -------- | ------------------- | ---- | ------------------------------------------ | 97| tokenID | number | Yes | Token ID of the caller, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 98| permissionName | Permissions | Yes | Permission name. For details, see [Application Permissions](../../security/AccessToken/app-permissions.md).| 99| successCount | number | Yes | Number of successful accesses.| 100| failCount | number | Yes | Number of failed accesses.| 101| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 102 103**Error codes** 104 105For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 106 107| ID| Error Message| 108| -------- | -------- | 109| 201 | Permission denied. Interface caller does not have permission. | 110| 202 | Not System App. Interface caller is not a system app. | 111| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 112| 12100001 | Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the count value is invalid. | 113| 12100002 | The specified tokenID does not exist or refer to an application process. | 114| 12100003 | The specified permission does not exist or is not an user_grant permission. | 115| 12100007 | The service is abnormal. | 116| 12100008 | Out of memory. | 117 118**Example** 119 120```ts 121import { privacyManager } from '@kit.AbilityKit'; 122import { BusinessError } from '@kit.BasicServicesKit'; 123 124let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 125privacyManager.addPermissionUsedRecord(tokenID, 'ohos.permission.READ_AUDIO', 1, 0, (err: BusinessError, data: void) => { 126 if (err) { 127 console.error(`addPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 128 } else { 129 console.log('addPermissionUsedRecord success'); 130 } 131}); 132``` 133 134## privacyManager.getPermissionUsedRecord 135 136getPermissionUsedRecord(request: PermissionUsedRequest): Promise<PermissionUsedResponse> 137 138Obtains historical permission usage records. This API uses a promise to return the result. 139 140**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 141 142**System capability**: SystemCapability.Security.AccessToken 143 144**Parameters** 145 146| Name | Type | Mandatory| Description | 147| -------- | ------------------- | ---- | ------------------------------------------ | 148| request | [PermissionUsedRequest](#permissionusedrequest) | Yes | Request for querying permission usage records. | 149 150**Return value** 151 152| Type | Description | 153| :------------ | :---------------------------------- | 154| Promise<[PermissionUsedResponse](#permissionusedresponse)> | Promise used to return the permission usage records.| 155 156**Error codes** 157 158For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 159 160| ID| Error Message| 161| -------- | -------- | 162| 201 | Permission denied. Interface caller does not have permission. | 163| 202 | Not System App. Interface caller is not a system app. | 164| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 165| 12100001 | Invalid parameter. The value of flag in request is invalid. | 166| 12100002 | The specified tokenID does not exist or refer to an application process. | 167| 12100003 | The specified permission does not exist or is not an user_grant permission. | 168| 12100007 | The service is abnormal. | 169| 12100008 | Out of memory. | 170 171**Example** 172 173```ts 174import { privacyManager } from '@kit.AbilityKit'; 175import { BusinessError } from '@kit.BasicServicesKit'; 176 177let request: privacyManager.PermissionUsedRequest = { 178 'tokenId': 1, 179 'isRemote': false, 180 'deviceId': 'device', 181 'bundleName': 'bundle', 182 'permissionNames': [], 183 'beginTime': 0, 184 'endTime': 1, 185 'flag':privacyManager.PermissionUsageFlag.FLAG_PERMISSION_USAGE_DETAIL, 186}; 187 188privacyManager.getPermissionUsedRecord(request).then((data) => { 189 console.log(`getPermissionUsedRecord success, data->${JSON.stringify(data)}`); 190}).catch((err: BusinessError) => { 191 console.error(`getPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 192}); 193``` 194 195## privacyManager.getPermissionUsedRecord 196 197getPermissionUsedRecord(request: PermissionUsedRequest, callback: AsyncCallback<PermissionUsedResponse>): void 198 199Obtains historical permission usage records. This API uses an asynchronous callback to return the result. 200 201**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 202 203**System capability**: SystemCapability.Security.AccessToken 204 205**Parameters** 206 207| Name | Type | Mandatory| Description | 208| -------- | ------------------- | ---- | ------------------------------------------ | 209| request | [PermissionUsedRequest](#permissionusedrequest) | Yes| Request for querying permission usage records.| 210| callback | AsyncCallback<[PermissionUsedResponse](#permissionusedresponse)> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined** and **data** is the permission usage record obtained. Otherwise, **err** is an error object.| 211 212**Error codes** 213 214For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 215 216| ID| Error Message| 217| -------- | -------- | 218| 201 | Permission denied. Interface caller does not have permission. | 219| 202 | Not System App. Interface caller is not a system app. | 220| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 221| 12100001 | Invalid parameter. The value of flag in request is invalid. | 222| 12100002 | The specified tokenID does not exist or refer to an application process. | 223| 12100003 | The specified permission does not exist or is not an user_grant permission. | 224| 12100007 | The service is abnormal. | 225| 12100008 | Out of memory. | 226 227**Example** 228 229```ts 230import { privacyManager } from '@kit.AbilityKit'; 231import { BusinessError } from '@kit.BasicServicesKit'; 232 233let request: privacyManager.PermissionUsedRequest = { 234 'tokenId': 1, 235 'isRemote': false, 236 'deviceId': 'device', 237 'bundleName': 'bundle', 238 'permissionNames': [], 239 'beginTime': 0, 240 'endTime': 1, 241 'flag':privacyManager.PermissionUsageFlag.FLAG_PERMISSION_USAGE_DETAIL, 242}; 243 244privacyManager.getPermissionUsedRecord(request, (err: BusinessError, data: privacyManager.PermissionUsedResponse) => { 245 if (err) { 246 console.error(`getPermissionUsedRecord fail, err->${JSON.stringify(err)}`); 247 } else { 248 console.log(`getPermissionUsedRecord success, data->${JSON.stringify(data)}`); 249 } 250}); 251``` 252 253## privacyManager.setPermissionUsedRecordToggleStatus<sup>18+</sup> 254 255setPermissionUsedRecordToggleStatus(status: boolean): Promise<void> 256 257Sets whether to record the permission usage of this user. This API uses a promise to return the result. 258 259If **status** is **true**, [addPermissionUsedRecord](#privacymanageraddpermissionusedrecord) can be called to add permission usage records. If **status** is set **false**, [addPermissionUsedRecord](#privacymanageraddpermissionusedrecord) does not add permission usage records. Instead, it deletes the historical records of the user. 260 261**Required permissions**: ohos.permission.PERMISSION_RECORD_TOGGLE (available only to system applications) 262 263**System capability**: SystemCapability.Security.AccessToken 264 265**Parameters** 266 267| Name | Type | Mandatory| Description | 268| -------------- | ------ | ---- | ------------------------------------ | 269| status | boolean | Yes | Setting of the permission usage record switch. The value **true** means the switch is toggled on; the value **false** means the opposite.| 270 271**Return value** 272 273| Type | Description | 274| ------------- | --------------------------------------- | 275| Promise<void> | Promise that returns no value.| 276 277**Error codes** 278 279For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 280 281| ID| Error Message| 282| -------- | -------- | 283| 201 | Permission denied. Interface caller does not have permission. | 284| 202 | Not System App. Interface caller is not a system app. | 285| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 286| 12100007 | The service is abnormal. | 287| 12100009 | Common inner error. | 288 289**Example** 290 291```ts 292import { privacyManager } from '@kit.AbilityKit'; 293import { BusinessError } from '@kit.BasicServicesKit'; 294 295privacyManager.setPermissionUsedRecordToggleStatus(true).then(() => { 296 console.log('setPermissionUsedRecordToggleStatus success'); 297}).catch((err: BusinessError) => { 298 console.error(`setPermissionUsedRecordToggleStatus fail, err->${JSON.stringify(err)}`); 299}); 300``` 301 302## privacyManager.getPermissionUsedRecordToggleStatus<sup>18+</sup> 303 304getPermissionUsedRecordToggleStatus(): Promise<boolean> 305 306Obtains the settings of the permission usage record switch for this user. This API uses a promise to return the result. 307 308**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 309 310**System capability**: SystemCapability.Security.AccessToken 311 312**Return value** 313 314| Type | Description | 315| ------------- | --------------------------------------- | 316| Promise<boolean> | Promise used to return the switch settings.| 317 318**Error codes** 319 320For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 321 322| ID| Error Message| 323| -------- | -------- | 324| 201 | Permission denied. Interface caller does not have permission. | 325| 202 | Not System App. Interface caller is not a system app. | 326| 12100007 | The service is abnormal. | 327 328**Example** 329 330```ts 331import { privacyManager } from '@kit.AbilityKit'; 332import { BusinessError } from '@kit.BasicServicesKit'; 333 334privacyManager.getPermissionUsedRecordToggleStatus().then((res) => { 335 console.log('getPermissionUsedRecordToggleStatus success'); 336 if (res == true) { 337 console.log('get status is TRUE'); 338 } else { 339 console.log('get status is FALSE'); 340 } 341}).catch((err: BusinessError) => { 342 console.error(`getPermissionUsedRecordToggleStatus fail, err->${JSON.stringify(err)}`); 343}); 344``` 345 346## privacyManager.startUsingPermission 347 348startUsingPermission(tokenID: number, permissionName: Permissions): Promise<void> 349 350Starts using a permission. This API is called by a system application to report the permission usage of an application in the foreground and background, allowing the privacy service to respond based on the application lifecycle. This API uses a promise to return the result. 351 352When an application starts to use a permission, the privacy service notifies the privacy indicator that the application is using the permission. Upon the application's exit, the privacy service notifies the privacy indicator that the application has stopped using the permission and clears the corresponding cache. 353 354**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 355 356**System capability**: SystemCapability.Security.AccessToken 357 358**Parameters** 359 360| Name | Type | Mandatory| Description | 361| -------------- | ------ | ---- | ------------------------------------ | 362| tokenID | number | Yes | Token ID of the caller, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 363| permissionName | Permissions | Yes | Permission to use. For details, see [Application Permissions](../../security/AccessToken/app-permissions.md).| 364 365**Return value** 366 367| Type | Description | 368| ------------- | --------------------------------------- | 369| Promise<void> | Promise that returns no value.| 370 371**Error codes** 372 373For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 374 375| ID| Error Message| 376| -------- | -------- | 377| 201 | Permission denied. Interface caller does not have permission. | 378| 202 | Not System App. Interface caller is not a system app. | 379| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 380| 12100001 | Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the count value is invalid. | 381| 12100002 | The specified tokenID does not exist or refer to an application process. | 382| 12100003 | The specified permission does not exist or is not an user_grant permission. | 383| 12100004 | The API is used repeatedly with the same input. It means the application specified by the tokenID has been using the specified permission. | 384| 12100007 | The service is abnormal. | 385| 12100008 | Out of memory. | 386 387**Example** 388 389```ts 390import { privacyManager } from '@kit.AbilityKit'; 391import { BusinessError } from '@kit.BasicServicesKit'; 392 393let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 394privacyManager.startUsingPermission(tokenID, 'ohos.permission.READ_AUDIO').then(() => { 395 console.log('startUsingPermission success'); 396}).catch((err: BusinessError) => { 397 console.error(`startUsingPermission fail, err->${JSON.stringify(err)}`); 398}); 399``` 400 401## privacyManager.startUsingPermission<sup>18+</sup> 402 403startUsingPermission(tokenID: number, permissionName: Permissions, pid?: number, usedType?: PermissionUsedType): Promise<void> 404 405Starts using a permission. This API is called by a system application to report the permission usage of an application in the foreground and background, allowing the privacy service to respond based on the application lifecycle. This API uses a promise to return the result. 406 407When an application starts to use a permission, the privacy service notifies the privacy indicator that the application is using the permission. Upon the application's exit, the privacy service notifies the privacy indicator that the application has stopped using the permission and clears the corresponding cache. 408 409For a multi-process application, you can specify the process ID (PID) of the application when reporting the permission usage. If no PID is specified, the privacy service responds by application. When the application exits, the privacy service notifies the privacy indicator and clears the cache. 410 411If a PID is specified, the privacy service responds by process. when the process exits, the privacy service notifies the privacy indicator and clears the cache. In this case, the PID must be that of the application corresponding to the token ID. 412 413**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 414 415**System capability**: SystemCapability.Security.AccessToken 416 417**Parameters** 418 419| Name | Type | Mandatory| Description | 420| -------------- | ------ | ---- | ------------------------------------ | 421| tokenID | number | Yes | Token ID of the caller, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 422| permissionName | Permissions | Yes | Permission to use. For details, see [Permissions for All Applications](../../security/AccessToken/app-permissions.md).| 423| pid | number | No | PID of the caller. The default value is **-1**, which indicates that the privacy service does not respond based on the process lifecycle.| 424| usedType | [PermissionUsedType](#permissionusedtype12) | No| Sensitive permission access mode. The default value is **NORMAL_TYPE**.| 425 426**Return value** 427 428| Type | Description | 429| ------------- | --------------------------------------- | 430| Promise<void> | Promise that returns no value.| 431 432**Error codes** 433 434For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 435 436| ID| Error Message| 437| -------- | -------- | 438| 201 | Permission denied. Interface caller does not have permission. | 439| 202 | Not System App. Interface caller is not a system app. | 440| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 441| 12100001 | Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the count value is invalid. | 442| 12100002 | The specified tokenID does not exist or refer to an application process. | 443| 12100003 | The specified permission does not exist or is not an user_grant permission. | 444| 12100004 | The API is used repeatedly with the same input. It means the application specified by the tokenID has been using the specified permission. | 445| 12100007 | The service is abnormal. | 446| 12100008 | Out of memory. | 447 448**Example** 449 450```ts 451import { privacyManager } from '@kit.AbilityKit'; 452import { BusinessError } from '@kit.BasicServicesKit'; 453import { rpc } from '@kit.IPCKit' 454 455let tokenID: number = rpc.IPCSkeleton.getCallingTokenId(); // accessTokenId can also be obtained by using bundleManager.getBundleInfoForSelfSync. 456let pid: number = rpc.IPCSkeleton.getCallingPid(); 457let usedType: privacyManager.PermissionUsedType = privacyManager.PermissionUsedType.PICKER_TYPE; 458 459// without pid and usedType 460privacyManager.startUsingPermission(tokenID, 'ohos.permission.READ_AUDIO').then(() => { 461 console.log('startUsingPermission success'); 462}).catch((err: BusinessError) => { 463 console.error(`startUsingPermission fail, err->${JSON.stringify(err)}`); 464}); 465// with pid 466privacyManager.startUsingPermission(tokenID, 'ohos.permission.READ_AUDIO', pid).then(() => { 467 console.log('startUsingPermission success'); 468}).catch((err: BusinessError) => { 469 console.error(`startUsingPermission fail, err->${JSON.stringify(err)}`); 470}); 471// with usedType 472privacyManager.startUsingPermission(tokenID, 'ohos.permission.READ_AUDIO', -1, usedType).then(() => { 473 console.log('startUsingPermission success'); 474}).catch((err: BusinessError) => { 475 console.error(`startUsingPermission fail, err->${JSON.stringify(err)}`); 476}); 477// with pid and usedType 478privacyManager.startUsingPermission(tokenID, 'ohos.permission.READ_AUDIO', pid, usedType).then(() => { 479 console.log('startUsingPermission success'); 480}).catch((err: BusinessError) => { 481 console.error(`startUsingPermission fail, err->${JSON.stringify(err)}`); 482}); 483``` 484 485## privacyManager.startUsingPermission 486 487startUsingPermission(tokenID: number, permissionName: Permissions, callback: AsyncCallback<void>): void 488 489Starts using a permission. This API is called by a system application to report the permission usage of an application in the foreground and background, allowing the privacy service to respond based on the application lifecycle. This API uses an asynchronous callback to return the result. 490 491When an application starts to use a permission, the privacy service notifies the privacy indicator that the application is using the permission. Upon the application's exit, the privacy service notifies the privacy indicator that the application has stopped using the permission and clears the corresponding cache. 492 493**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 494 495**System capability**: SystemCapability.Security.AccessToken 496 497**Parameters** 498 499| Name | Type | Mandatory| Description | 500| -------------- | --------------------- | ---- | ------------------------------------ | 501| tokenID | number | Yes | Token ID of the caller, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 502| permissionName | Permissions | Yes | Permission to use. For details, see [Application Permissions](../../security/AccessToken/app-permissions.md).| 503| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 504 505**Error codes** 506 507For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 508 509| ID| Error Message| 510| -------- | -------- | 511| 201 | Permission denied. Interface caller does not have permission. | 512| 202 | Not System App. Interface caller is not a system app. | 513| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 514| 12100001 | Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the count value is invalid. | 515| 12100002 | The specified tokenID does not exist or refer to an application process. | 516| 12100003 | The specified permission does not exist or is not an user_grant permission. | 517| 12100004 | The API is used repeatedly with the same input. It means the application specified by the tokenID has been using the specified permission. | 518| 12100007 | The service is abnormal. | 519| 12100008 | Out of memory. | 520 521**Example** 522 523```ts 524import { privacyManager } from '@kit.AbilityKit'; 525import { BusinessError } from '@kit.BasicServicesKit'; 526 527let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 528privacyManager.startUsingPermission(tokenID, 'ohos.permission.READ_AUDIO', (err: BusinessError, data: void) => { 529 if (err) { 530 console.error(`startUsingPermission fail, err->${JSON.stringify(err)}`); 531 } else { 532 console.log('startUsingPermission success'); 533 } 534}); 535``` 536 537## privacyManager.stopUsingPermission 538 539stopUsingPermission(tokenID: number, permissionName: Permissions): Promise<void> 540 541Stops using a permission. This API must be called by a system application, and used with **startUsingPermission** in pairs. This API uses a promise to return the result. 542 543**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 544 545**System capability**: SystemCapability.Security.AccessToken 546 547**Parameters** 548 549| Name | Type | Mandatory| Description | 550| -------------- | ------ | ---- | ------------------------------------ | 551| tokenID | number | Yes | Token ID of the caller, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 552| permissionName | Permissions | Yes | Permission to stop using. For details, see [Application Permissions](../../security/AccessToken/app-permissions.md).| 553 554**Return value** 555 556| Type | Description | 557| ------------- | --------------------------------------- | 558| Promise<void> | Promise that returns no value.| 559 560**Error codes** 561 562For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 563 564| ID| Error Message| 565| -------- | -------- | 566| 201 | Permission denied. Interface caller does not have permission. | 567| 202 | Not System App. Interface caller is not a system app. | 568| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 569| 12100001 | Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the count value is invalid. | 570| 12100002 | The specified tokenID does not exist or refer to an application process. | 571| 12100003 | The specified permission does not exist or is not an user_grant permission. | 572| 12100004 | The API is not used in pair with 'startUsingPermission'. | 573| 12100007 | The service is abnormal. | 574| 12100008 | Out of memory. | 575 576**Example** 577 578```ts 579import { privacyManager } from '@kit.AbilityKit'; 580import { BusinessError } from '@kit.BasicServicesKit'; 581 582let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 583privacyManager.stopUsingPermission(tokenID, 'ohos.permission.READ_AUDIO').then(() => { 584 console.log('stopUsingPermission success'); 585}).catch((err: BusinessError) => { 586 console.error(`stopUsingPermission fail, err->${JSON.stringify(err)}`); 587}); 588``` 589 590## privacyManager.stopUsingPermission<sup>18+</sup> 591 592stopUsingPermission(tokenID: number, permissionName: Permissions, pid?: number): Promise<void> 593 594Stops using a permission. This API must be called by a system application, and used with **startUsingPermission** in pairs. This API uses a promise to return the result. 595 596The value of **pid** must match that used in **startUsingPermission**. 597 598**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 599 600**System capability**: SystemCapability.Security.AccessToken 601 602**Parameters** 603 604| Name | Type | Mandatory| Description | 605| -------------- | ------ | ---- | ------------------------------------ | 606| tokenID | number | Yes | Token ID of the caller, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 607| permissionName | Permissions | Yes | Permission to stop using. For details, see [Application Permissions](../../security/AccessToken/app-permissions.md).| 608| pid | number | No | PID of the application. The value must match that used in **startUsingPermission**. The default value is **-1**.| 609 610**Return value** 611 612| Type | Description | 613| ------------- | --------------------------------------- | 614| Promise<void> | Promise that returns no value.| 615 616**Error codes** 617 618For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 619 620| ID| Error Message| 621| -------- | -------- | 622| 201 | Permission denied. Interface caller does not have permission. | 623| 202 | Not System App. Interface caller is not a system app. | 624| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 625| 12100001 | Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the count value is invalid. | 626| 12100002 | The specified tokenID does not exist or refer to an application process. | 627| 12100003 | The specified permission does not exist or is not an user_grant permission. | 628| 12100004 | The API is not used in pair with 'startUsingPermission'. | 629| 12100007 | The service is abnormal. | 630| 12100008 | Out of memory. | 631 632**Example** 633 634```ts 635import { privacyManager } from '@kit.AbilityKit'; 636import { BusinessError } from '@kit.BasicServicesKit'; 637import { rpc } from '@kit.IPCKit' 638 639let tokenID: number = rpc.IPCSkeleton.getCallingTokenId(); // accessTokenId can also be obtained by using bundleManager.getBundleInfoForSelfSync. 640let pid: number = rpc.IPCSkeleton.getCallingPid(); 641 642// without pid 643privacyManager.stopUsingPermission(tokenID, 'ohos.permission.READ_AUDIO').then(() => { 644 console.log('stopUsingPermission success'); 645}).catch((err: BusinessError) => { 646 console.error(`stopUsingPermission fail, err->${JSON.stringify(err)}`); 647}); 648 649// with pid 650privacyManager.stopUsingPermission(tokenID, 'ohos.permission.READ_AUDIO', pid).then(() => { 651 console.log('stopUsingPermission success'); 652}).catch((err: BusinessError) => { 653 console.error(`stopUsingPermission fail, err->${JSON.stringify(err)}`); 654}); 655``` 656 657## privacyManager.stopUsingPermission 658 659stopUsingPermission(tokenID: number, permissionName: Permissions, callback: AsyncCallback<void>): void 660 661Stops using a permission. This API must be called by a system application, and used with **startUsingPermission** in pairs. This API uses an asynchronous callback to return the result. 662 663**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 664 665**System capability**: SystemCapability.Security.AccessToken 666 667**Parameters** 668 669| Name | Type | Mandatory| Description | 670| -------------- | --------------------- | ---- | ------------------------------------ | 671| tokenID | number | Yes | Token ID of the caller, which is the value of **accessTokenId** in [ApplicationInfo](js-apis-bundleManager-applicationInfo.md).| 672| permissionName | Permissions | Yes | Permission to stop using. For details, see [Application Permissions](../../security/AccessToken/app-permissions.md).| 673| callback | AsyncCallback<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 674 675**Error codes** 676 677For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 678 679| ID| Error Message| 680| -------- | -------- | 681| 201 | Permission denied. Interface caller does not have permission. | 682| 202 | Not System App. Interface caller is not a system app. | 683| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 684| 12100001 | Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the count value is invalid. | 685| 12100002 | The specified tokenID does not exist or refer to an application process. | 686| 12100003 | The specified permission does not exist or is not an user_grant permission. | 687| 12100004 | The API is not used in pair with 'startUsingPermission'. | 688| 12100007 | The service is abnormal. | 689| 12100008 | Out of memory. | 690 691**Example** 692 693```ts 694import { privacyManager } from '@kit.AbilityKit'; 695import { BusinessError } from '@kit.BasicServicesKit'; 696 697let tokenID: number = 0; // You can use getApplicationInfo to obtain accessTokenId. 698privacyManager.stopUsingPermission(tokenID, 'ohos.permission.READ_AUDIO', (err: BusinessError, data: void) => { 699 if (err) { 700 console.error(`stopUsingPermission fail, err->${JSON.stringify(err)}`); 701 } else { 702 console.log('stopUsingPermission success'); 703 } 704}); 705``` 706 707## privacyManager.on 708 709on(type: 'activeStateChange', permissionList: Array<Permissions>, callback: Callback<ActiveChangeResponse>): void 710 711Subscribes to changes in the permission usage status of the specified permissions. 712 713Multiple callbacks can be registered for the same **permissionList**. 714 715The same callback cannot be registered for the **permissionList**s with overlapping values. 716 717**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 718 719**System capability**: SystemCapability.Security.AccessToken 720 721**Parameters** 722 723| Name | Type | Mandatory| Description | 724| ------------------ | --------------------- | ---- | ------------------------------------------------------------ | 725| type | string | Yes | Event type. The value is **'activeStateChange'**, which indicates the permission usage change. | 726| permissionList | Array<Permissions> | Yes | List of target permissions. If this parameter is not specified, this API will subscribe to usage changes of all permissions. For details about the permissions, see [Application Permissions](../../security/AccessToken/app-permissions.md).| 727| callback | Callback<[ActiveChangeResponse](#activechangeresponse)> | Yes| Callback used to return the permission usage change.| 728 729**Error codes** 730 731For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 732 733| ID| Error Message| 734| -------- | -------- | 735| 201 | Permission denied. Interface caller does not have permission. | 736| 202 | Not System App. Interface caller is not a system app. | 737| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 738| 12100001 | Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. | 739| 12100004 | The API is used repeatedly with the same input. | 740| 12100005 | The registration time has exceeded the limitation. | 741| 12100007 | The service is abnormal. | 742| 12100008 | Out of memory. | 743 744**Example** 745 746```ts 747import { privacyManager, Permissions } from '@kit.AbilityKit'; 748import { BusinessError } from '@kit.BasicServicesKit'; 749 750let permissionList: Array<Permissions> = []; 751try { 752 privacyManager.on('activeStateChange', permissionList, (data: privacyManager.ActiveChangeResponse) => { 753 console.debug('receive permission state change, data:' + JSON.stringify(data)); 754 }); 755} catch(err) { 756 console.error(`catch err->${JSON.stringify(err)}`); 757} 758``` 759 760## privacyManager.off 761 762off(type: 'activeStateChange', permissionList: Array<Permissions>, callback?: Callback<ActiveChangeResponse>): void 763 764Unsubscribes from changes in the permission usage of the specified permissions. 765 766If **callback** is not specified, this API will unregister all callbacks for **permissionList**. 767 768**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 769 770**System capability**: SystemCapability.Security.AccessToken 771 772**Parameters** 773 774| Name | Type | Mandatory| Description | 775| ------------------ | --------------------- | ---- | ------------------------------------------------------------ | 776| type | string | Yes | Event type. The value is **'activeStateChange'**, which indicates the permission usage change. | 777| permissionList | Array<Permissions> | Yes | List of target permissions. The value must be the same as that in **on()**. If this parameter is not specified, this API will unsubscribe from usage changes for all permissions. For details about the permissions, see [Application Permissions](../../security/AccessToken/app-permissions.md).| 778| callback | Callback<[ActiveChangeResponse](#activechangeresponse)> | No| Callback to unregister.| 779 780**Error codes** 781 782For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 783 784| ID| Error Message| 785| -------- | -------- | 786| 201 | Permission denied. Interface caller does not have permission. | 787| 202 | Not System App. Interface caller is not a system app. | 788| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. | 789| 12100001 | Invalid parameter. The permissionNames in the list are all invalid, or the list size exceeds 1024 bytes. | 790| 12100004 | The API is not used in pair with 'on'. | 791| 12100007 | The service is abnormal. | 792| 12100008 | Out of memory. | 793 794**Example** 795 796```ts 797import { privacyManager, Permissions } from '@kit.AbilityKit'; 798 799let permissionList: Array<Permissions> = []; 800try { 801 privacyManager.off('activeStateChange', permissionList); 802} catch(err) { 803 console.error(`catch err->${JSON.stringify(err)}`); 804} 805``` 806 807## privacyManager.getPermissionUsedTypeInfos<sup>12+</sup> 808 809getPermissionUsedTypeInfos(tokenId?: number, permissionName?: Permissions): Promise<Array<PermissionUsedTypeInfo>> 810 811Obtains information about how a sensitive permission is used by an application. 812 813**Required permissions**: ohos.permission.PERMISSION_USED_STATS (available only to system applications) 814 815**System capability**: SystemCapability.Security.AccessToken 816 817**Parameters** 818 819| Name | Type | Mandatory| Description | 820| ------------------ | --------------------- | ---- | ------------------------------------------------------------ | 821| tokenId | number | No | ID of the application that uses the sensitive permission. If this parameter is left empty, this API obtains the sensitive permission access information of all applications. | 822| permissionName | Permissions | No | Name of the sensitive permission used. If this parameter is left blank, this API obtains the access information about all sensitive permissions. | 823 824**Return value** 825 826| Type | Description | 827| ------------- | --------------------------------------- | 828| Promise<Array<[PermissionUsedTypeInfo](#permissionusedtypeinfo12)>> | Promise used to return the information obtained.| 829 830**Error codes** 831 832For details about the error codes, see [Access Control Error Codes](errorcode-access-token.md). 833 834| ID| Error Message| 835| -------- | -------- | 836| 201 | Permission denied. Interface caller does not have permission. | 837| 202 | Not System App. Interface caller is not a system app. | 838| 401 | Parameter error. Possible causes: 1.Incorrect parameter types. | 839| 12100001 | Invalid parameter. PermissionName exceeds 256 characters. | 840| 12100002 | The input tokenId does not exist. | 841| 12100003 | The input permissionName does not exist. | 842 843**Example** 844 845```ts 846import { privacyManager, Permissions } from '@kit.AbilityKit'; 847import { BusinessError } from '@kit.BasicServicesKit'; 848 849let tokenId: number = 0; // You can use bundleManager.getApplicationInfo to obtain accessTokenId. 850let permissionName: Permissions = 'ohos.permission.CAMERA'; 851// Without any parameter. 852privacyManager.getPermissionUsedTypeInfos().then(() => { 853 console.log('getPermissionUsedTypeInfos success'); 854}).catch((err: BusinessError) => { 855 console.error(`getPermissionUsedTypeInfos fail, err->${JSON.stringify(err)}`); 856}); 857// Pass in tokenId only. 858privacyManager.getPermissionUsedTypeInfos(tokenId).then(() => { 859 console.log('getPermissionUsedTypeInfos success'); 860}).catch((err: BusinessError) => { 861 console.error(`getPermissionUsedTypeInfos fail, err->${JSON.stringify(err)}`); 862}); 863// Pass in permissionName only. 864privacyManager.getPermissionUsedTypeInfos(null, permissionName).then(() => { 865 console.log('getPermissionUsedTypeInfos success'); 866}).catch((err: BusinessError) => { 867 console.error(`getPermissionUsedTypeInfos fail, err->${JSON.stringify(err)}`); 868}); 869// Pass in tokenId and permissionName. 870privacyManager.getPermissionUsedTypeInfos(tokenId, permissionName).then(() => { 871 console.log('getPermissionUsedTypeInfos success'); 872}).catch((err: BusinessError) => { 873 console.error(`getPermissionUsedTypeInfos fail, err->${JSON.stringify(err)}`); 874}); 875``` 876 877## PermissionUsageFlag 878 879Enumerates the modes for querying the permission usage records. 880 881**System capability**: SystemCapability.Security.AccessToken 882 883| Name | Value| Description | 884| ----------------------- | ------ | ---------------------- | 885| FLAG_PERMISSION_USAGE_SUMMARY | 0 | Query the permission usage summary.| 886| FLAG_PERMISSION_USAGE_DETAIL | 1 | Query detailed permission usage records. | 887 888## PermissionUsedRequest 889 890Represents the request for querying permission usage records. 891 892**System capability**: SystemCapability.Security.AccessToken 893 894| Name | Type | Mandatory | Description | 895| -------- | -------------- | ---- | ---------------------------------------- | 896| tokenId | number | No | Token ID of the application (caller).<br>By default, all applications are queried. | 897| isRemote | boolean | No | Whether to query the permission usage records of the remote device.<br>The default value is **false**, which means the permission usage records of the local device are queried by default.| 898| deviceId | string | No | ID of the device hosting the target application.<br>The default value is the local device ID. | 899| bundleName | string | No | Bundle name of the target application.<br>By default, all applications are queried.| 900| permissionNames | Array<Permissions> | No | Permissions to query.<br>By default, the usage records of all permissions are queried. | 901| beginTime | number | No | Start time of the query, in ms.<br>The default value is **0**, which means the start time is not set.| 902| endTime | number | No | End time of the query, in ms.<br>The default value is **0**, which means the end time is not set.| 903| flag | [PermissionUsageFlag](#permissionusageflag) | Yes | Query mode.| 904 905## PermissionUsedResponse 906 907Represents the permission usage records of all applications. 908 909**System capability**: SystemCapability.Security.AccessToken 910 911| Name | Type | Readable| Writable| Description | 912| --------- | -------------- | ---- | ---- | ---------------------------------------- | 913| beginTime | number | Yes | No | Start time of the query, in ms.| 914| endTime | number | Yes | No | End time of the query, in ms.| 915| bundleRecords | Array<[BundleUsedRecord](#bundleusedrecord)> | Yes | No | Permission usage records. | 916 917## BundleUsedRecord 918 919Represents the permission access records of an application. 920 921**System capability**: SystemCapability.Security.AccessToken 922 923| Name | Type | Readable| Writable| Description | 924| -------- | -------------- | ---- | ---- | ---------------------------------------- | 925| tokenId | number | Yes | No | Token ID of the application (caller). | 926| isRemote | boolean | Yes | No | Whether it is a distributed device. The default value is **false**, which indicates that the device is not a distributed device.| 927| deviceId | string | Yes | No | ID of the device hosting the target application. | 928| bundleName | string | Yes | No | Bundle name of the target application.| 929| permissionRecords | Array<[PermissionUsedRecord](#permissionusedrecord)> | Yes | No | Permission usage records of the target application. | 930 931## PermissionUsedRecord 932 933Represents the usage records of a permission. 934 935**System capability**: SystemCapability.Security.AccessToken 936 937| Name | Type | Readable| Writable| Description | 938| -------- | -------------- | ---- | ---- | ---------------------------------------- | 939| permissionName | Permissions | Yes | No | Name of the permission. | 940| accessCount | number | Yes | No | Total number of times that the permission is accessed.| 941| rejectCount | number | Yes | No | Total number of times that the access to the permission is rejected.| 942| lastAccessTime | number | Yes | No | Last time when the permission was accessed, accurate to ms.| 943| lastRejectTime | number | Yes | No | Last time when the access to the permission was rejected, accurate to ms.| 944| lastAccessDuration | number | Yes | No | Last access duration, in ms.| 945| accessRecords | Array<[UsedRecordDetail](#usedrecorddetail)> | Yes | No | Successful access records. This parameter is valid only when **flag** is **FLAG_PERMISSION_USAGE_DETAIL**. By default, 10 records are provided. | 946| rejectRecords | Array<[UsedRecordDetail](#usedrecorddetail)> | Yes | No | Rejected access records. This parameter is valid only when **flag** is **FLAG_PERMISSION_USAGE_DETAIL**. By default, 10 records are provided. | 947 948## UsedRecordDetail 949 950Represents the details of a single access record. 951 952**System capability**: SystemCapability.Security.AccessToken 953 954| Name | Type | Readable| Writable| Description | 955| -------- | -------------- | ---- | ---- | ---------------------------------------- | 956| status | number | Yes | No | Access status. | 957| lockScreenStatus<sup>11+</sup> | number | Yes | No | Status of the screen during the access.<br>- **1**: The screen is not locked when the permission is used.<br>- **2**: The screen is locked when the permission is used. | 958| timestamp | number | Yes | No | Access timestamp, in ms.| 959| accessDuration | number | Yes | No | Access duration, in ms. | 960| count<sup>11+</sup> | number | Yes| No | Number of successful or failed accesses.| 961| usedType<sup>12+</sup> | [PermissionUsedType](#permissionusedtype12) | Yes| No | Means for using the sensitive permission.| 962 963## PermissionActiveStatus 964 965Enumerates the permission usage statuses. 966 967**System capability**: SystemCapability.Security.AccessToken 968 969| Name | Value | Description | 970| ------------------------- | ------ | ---------------- | 971| PERM_INACTIVE | 0 | The permission is not used. | 972| PERM_ACTIVE_IN_FOREGROUND | 1 | The permission is being used by an application running in the foreground.| 973| PERM_ACTIVE_IN_BACKGROUND | 2 | The permission is being used by an application running in the background.| 974 975## ActiveChangeResponse 976 977Defines the detailed permission usage information. 978 979 **System capability**: SystemCapability.Security.AccessToken 980 981| Name | Type | Readable| Writable| Description | 982| -------------- | ---------------------- | ---- | ---- | --------------------- | 983| callingTokenId<sup>18+</sup> | number | Yes | No | Token ID of the caller. This parameter is invalid when **activeStatus** is **INACTIVE**.| 984| tokenId | number | Yes | No | Token ID of the application whose permission usage changes are subscribed to. | 985| permissionName | Permissions | Yes | No | Permissions whose usage status changes.| 986| deviceId | string | Yes | No | Device ID. | 987| activeStatus | [PermissionActiveStatus](#permissionactivestatus) | Yes | No | Permission usage status. | 988| usedType<sup>18+</sup> | [PermissionUsedType](#permissionusedtype12) | Yes | No | Sensitive permission access mode. This parameter is invalid when **activeStatus** is **INACTIVE**.| 989 990## PermissionUsedType<sup>12+</sup> 991 992Enumerates the means for using a sensitive permission. 993 994**System capability**: SystemCapability.Security.AccessToken 995 996| Name | Value| Description | 997| ----------------------- | -- | ---------------- | 998| NORMAL_TYPE | 0 | The sensitive permission is used after authorization through a dialog box or a system settings page. | 999| PICKER_TYPE | 1 | The sensitive permission is used through a system picker. This access mode does not grant the permissions to the application.| 1000| SECURITY_COMPONENT_TYPE | 2 | The sensitive permission is used through a security component, which comes with the authorization.| 1001 1002## PermissionUsedTypeInfo<sup>12+</sup> 1003 1004Represents detailed information about the use of a permission. 1005 1006 **System capability**: SystemCapability.Security.AccessToken 1007 1008| Name | Type | Readable| Writable| Description | 1009| -------------- | ---------------------- | ---- | ---- | --------------------- | 1010| tokenId | number | Yes | No | Token ID of the application that uses the sensitive permission.| 1011| permissionName | Permissions | Yes | No | Name of the sensitive permission.| 1012| usedType | [PermissionUsedType](#permissionusedtype12) | Yes| No | Access mode of the sensitive permission.| 1013 1014## AddPermissionUsedRecordOptions<sup>12+</sup> 1015 1016Represents the options for adding a permission usage record. 1017 1018 **System capability**: SystemCapability.Security.AccessToken 1019 1020| Name | Type | Readable| Writable| Description | 1021| -------------- | ---------------------- | ---- | ---- | --------------------- | 1022| usedType | [PermissionUsedType](#permissionusedtype12) | Yes| No | Access mode of the sensitive permission.| 1023