1# @ohos.enterprise.networkManager(网络管理) 2 3本模块提供设备网络管理能力,包括查询设备IP地址、MAC地址信息等。 4 5> **说明:** 6> 7> 本模块首批接口从API version 12开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。 8> 9> 本模块接口仅可在Stage模型下使用。 10> 11> 本模块接口仅对[设备管理应用](../../mdm/mdm-kit-guide.md#功能介绍)开放,需将设备管理应用激活后调用,实现相应功能。 12> 13 14## 导入模块 15 16```ts 17import { networkManager } from '@kit.MDMKit'; 18``` 19 20## networkManager.getAllNetworkInterfacesSync 21 22getAllNetworkInterfacesSync(admin: Want): Array<string> 23 24获取所有激活的有线网络接口。 25 26**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 27 28**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 29 30 31**参数:** 32 33| 参数名 | 类型 | 必填 | 说明 | 34| ------ | ------------------------------------------------------- | ---- | -------------- | 35| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 36 37**返回值:** 38 39| 类型 | 说明 | 40| ------------------- | ---------------------- | 41| Array<string> | 返回所有激活的有线网络接口名称数组。 | 42 43**错误码**: 44 45以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 46 47| 错误码ID | 错误信息 | 48| -------- | ------------------------------------------------------------ | 49| 9200001 | The application is not an administrator application of the device. | 50| 9200002 | The administrator application does not have permission to manage the device. | 51| 201 | Permission verification failed. The application does not have the permission required to call the API. | 52| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 53 54**示例:** 55 56```ts 57import { Want } from '@kit.AbilityKit'; 58let wantTemp: Want = { 59 bundleName: 'com.example.myapplication', 60 abilityName: 'EntryAbility', 61}; 62 63try { 64 let result: Array<string> = networkManager.getAllNetworkInterfacesSync(wantTemp); 65 console.info(`Succeeded in getting all network interfaces, result : ${JSON.stringify(result)}`); 66} catch (err) { 67 console.error(`Failed to get all network interfaces. Code: ${err.code}, message: ${err.message}`); 68} 69``` 70 71## networkManager.getIpAddressSync 72 73getIpAddressSync(admin: Want, networkInterface: string): string 74 75根据网络接口获取设备IP地址。 76 77**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 78 79**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 80 81 82**参数:** 83 84| 参数名 | 类型 | 必填 | 说明 | 85| ---------------- | ------------------------------------------------------- | ---- | -------------- | 86| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 87| networkInterface | string | 是 | 指定网络接口。 | 88 89**返回值:** 90 91| 类型 | 说明 | 92| ------ | ---------------- | 93| string | 返回设备指定网络接口的IP地址。 | 94 95**错误码**: 96 97以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 98 99| 错误码ID | 错误信息 | 100| -------- | ------------------------------------------------------------ | 101| 9200001 | The application is not an administrator application of the device. | 102| 9200002 | The administrator application does not have permission to manage the device. | 103| 201 | Permission verification failed. The application does not have the permission required to call the API. | 104| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 105 106**示例:** 107 108```ts 109import { Want } from '@kit.AbilityKit'; 110let wantTemp: Want = { 111 bundleName: 'com.example.myapplication', 112 abilityName: 'EntryAbility', 113}; 114 115try { 116 let result: string = networkManager.getIpAddressSync(wantTemp, 'eth0'); 117 console.info(`Succeeded in getting ip address, result : ${result}`); 118} catch (err) { 119 console.error(`Failed to get ip address. Code: ${err.code}, message: ${err.message}`); 120} 121``` 122 123## networkManager.getMacSync 124 125getMacSync(admin: Want, networkInterface: string): string 126 127根据网络接口获取设备MAC地址。 128 129**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 130 131**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 132 133 134**参数:** 135 136| 参数名 | 类型 | 必填 | 说明 | 137| ---------------- | ------------------------------------------------------- | ---- | -------------- | 138| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 139| networkInterface | string | 是 | 指定网络接口。 | 140 141**返回值:** 142 143| 类型 | 说明 | 144| ------ | ----------------- | 145| string | 返回设备指定网络接口的MAC地址。 | 146 147**错误码**: 148 149以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 150 151| 错误码ID | 错误信息 | 152| -------- | ------------------------------------------------------------ | 153| 9200001 | The application is not an administrator application of the device. | 154| 9200002 | The administrator application does not have permission to manage the device. | 155| 201 | Permission verification failed. The application does not have the permission required to call the API. | 156| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 157 158**示例:** 159 160```ts 161import { Want } from '@kit.AbilityKit'; 162let wantTemp: Want = { 163 bundleName: 'com.example.myapplication', 164 abilityName: 'EntryAbility', 165}; 166 167try { 168 let result: string = networkManager.getMacSync(wantTemp, 'eth0'); 169 console.info(`Succeeded in getting mac, result : ${result}`); 170} catch (err) { 171 console.error(`Failed to get mac. Code: ${err.code}, message: ${err.message}`); 172} 173``` 174 175## networkManager.isNetworkInterfaceDisabledSync 176 177isNetworkInterfaceDisabledSync(admin: Want, networkInterface: string): boolean 178 179查询指定网络接口是否被禁用。 180 181**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 182 183**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 184 185 186**参数:** 187 188| 参数名 | 类型 | 必填 | 说明 | 189| ---------------- | ------------------------------------------------------- | ---- | -------------- | 190| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 191| networkInterface | string | 是 | 指定网络接口。 | 192 193**返回值:** 194 195| 类型 | 说明 | 196| ------- | ------------------------------------------------------------ | 197| boolean | 返回指定网络接口是否被禁用,true表示该网络接口被禁用,false表示该网络接口未被禁用。 | 198 199**错误码**: 200 201以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 202 203| 错误码ID | 错误信息 | 204| -------- | ------------------------------------------------------------ | 205| 9200001 | The application is not an administrator application of the device. | 206| 9200002 | The administrator application does not have permission to manage the device. | 207| 201 | Permission verification failed. The application does not have the permission required to call the API. | 208| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 209 210**示例:** 211 212```ts 213import { Want } from '@kit.AbilityKit'; 214let wantTemp: Want = { 215 bundleName: 'com.example.myapplication', 216 abilityName: 'EntryAbility', 217}; 218 219try { 220 let result: boolean = networkManager.isNetworkInterfaceDisabledSync(wantTemp, 'eth0'); 221 console.info(`Succeeded in querying network interface is disabled or not, result : ${result}`); 222} catch (err) { 223 console.error(`Failed to query network interface is disabled or not. Code: ${err.code}, message: ${err.message}`); 224} 225``` 226 227## networkManager.setNetworkInterfaceDisabledSync 228 229setNetworkInterfaceDisabledSync(admin: Want, networkInterface: string, isDisabled: boolean): void 230 231禁止设备使用指定网络接口。 232 233**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 234 235**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 236 237 238**参数:** 239 240| 参数名 | 类型 | 必填 | 说明 | 241| ---------------- | ------------------------------------------------------- | ---- | ------------------------------------------------- | 242| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 243| networkInterface | string | 是 | 指定网络接口。 | 244| isDisabled | boolean | 是 | true表示禁用该网络接口,false表示开启该网络接口。 | 245 246**错误码**: 247 248以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 249 250| 错误码ID | 错误信息 | 251| -------- | ------------------------------------------------------------ | 252| 9200001 | The application is not an administrator application of the device. | 253| 9200002 | The administrator application does not have permission to manage the device. | 254| 201 | Permission verification failed. The application does not have the permission required to call the API. | 255| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 256 257**示例:** 258 259```ts 260import { Want } from '@kit.AbilityKit'; 261import { BusinessError } from '@kit.BasicServicesKit'; 262let wantTemp: Want = { 263 bundleName: 'com.example.myapplication', 264 abilityName: 'EntryAbility', 265}; 266 267try { 268 networkManager.setNetworkInterfaceDisabledSync(wantTemp, 'eth0', true); 269 console.info(`Succeeded in setting network interface disabled`); 270} catch (err) { 271 console.error(`Failed to set network interface disabled. Code: ${err.code}, message: ${err.message}`); 272} 273``` 274 275## networkManager.setGlobalProxySync 276 277setGlobalProxySync(admin: Want, httpProxy: connection.HttpProxy): void 278 279设置网络全局代理。 280 281**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 282 283**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 284 285 286**参数:** 287 288| 参数名 | 类型 | 必填 | 说明 | 289| --------- | ------------------------------------------------------------ | ---- | -------------------------- | 290| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 291| httpProxy | [connection.HttpProxy](../apis-network-kit/js-apis-net-connection.md#httpproxy10) | 是 | 网络全局Http代理配置信息。 | 292 293**错误码**: 294 295以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 296 297| 错误码ID | 错误信息 | 298| -------- | ------------------------------------------------------------ | 299| 9200001 | The application is not an administrator application of the device. | 300| 9200002 | The administrator application does not have permission to manage the device. | 301| 201 | Permission verification failed. The application does not have the permission required to call the API. | 302| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 303 304**示例:** 305 306```ts 307import { Want } from '@kit.AbilityKit'; 308import { connection } from '@kit.NetworkKit'; 309let wantTemp: Want = { 310 bundleName: 'com.example.myapplication', 311 abilityName: 'EntryAbility', 312}; 313let exclusionStr: string = "192.168,baidu.com" 314let exclusionArray: Array<string> = exclusionStr.split(','); 315let httpProxy: connection.HttpProxy = { 316 host: "192.168.xx.xxx", 317 port: 8080, 318 exclusionList: exclusionArray 319}; 320 321try { 322 networkManager.setGlobalProxySync(wantTemp, httpProxy); 323 console.info(`Succeeded in setting network global proxy.`); 324} catch (err) { 325 console.error(`Failed to set network global proxy. Code: ${err.code}, message: ${err.message}`); 326} 327``` 328 329## networkManager.setGlobalProxyForAccount<sup>15+</sup> 330 331setGlobalProxyForAccount(admin: Want, httpProxy: connection.HttpProxy, accountId: number): void 332 333设置指定用户下的网络代理,当前仅支持2in1设备。 334 335**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 336 337**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 338 339 340**参数:** 341 342| 参数名 | 类型 | 必填 | 说明 | 343| --------- | ------------------------------------------------------------ | ---- | -------------------------- | 344| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | 345| accountId | number | 是 | 用户ID,取值范围:大于等于0。<br> accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。| 346| httpProxy | [connection.HttpProxy](../apis-network-kit/js-apis-net-connection.md#httpproxy10) | 是 | 网络代理配置信息。 | 347 348**错误码**: 349 350以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 351 352| 错误码ID | 错误信息 | 353| -------- | ------------------------------------------------------------ | 354| 9200001 | The application is not an administrator application of the device. | 355| 9200002 | The administrator application does not have permission to manage the device. | 356| 201 | Permission verification failed. The application does not have the permission required to call the API. | 357| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 358 359**示例:** 360 361```ts 362import { Want } from '@kit.AbilityKit'; 363import { connection } from '@kit.NetworkKit'; 364let wantTemp: Want = { 365 bundleName: 'com.example.myapplication', 366 abilityName: 'EntryAbility', 367}; 368let httpProxy: connection.HttpProxy = { 369 host: '192.168.xx.xxx', 370 port: 8080, 371 exclusionList: ['192.168', 'baidu.com'] 372}; 373 374try { 375 networkManager.setGlobalProxyForAccount(wantTemp, httpProxy, 100); 376 console.info(`Succeeded in setting network global proxy.`); 377} catch (err) { 378 console.error(`Failed to set network global proxy. Code: ${err.code}, message: ${err.message}`); 379} 380``` 381 382## networkManager.getGlobalProxySync 383 384getGlobalProxySync(admin: Want): connection.HttpProxy 385 386获取网络全局代理。 387 388**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 389 390**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 391 392 393**参数:** 394 395| 参数名 | 类型 | 必填 | 说明 | 396| ------ | ------------------------------------------------------- | ---- | -------------- | 397| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 398 399**返回值:** 400 401| 类型 | 说明 | 402| ------------------------------------------------------------ | ------------------------------ | 403| [connection.HttpProxy](../apis-network-kit/js-apis-net-connection.md#httpproxy10) | 返回网络全局Http代理配置信息。 | 404 405**错误码**: 406 407以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 408 409| 错误码ID | 错误信息 | 410| -------- | ------------------------------------------------------------ | 411| 9200001 | The application is not an administrator application of the device. | 412| 9200002 | The administrator application does not have permission to manage the device. | 413| 201 | Permission verification failed. The application does not have the permission required to call the API. | 414| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 415 416**示例:** 417 418```ts 419import { Want } from '@kit.AbilityKit'; 420import { connection } from '@kit.NetworkKit'; 421let wantTemp: Want = { 422 bundleName: 'com.example.myapplication', 423 abilityName: 'EntryAbility', 424}; 425 426try { 427 let result: connection.HttpProxy = networkManager.getGlobalProxySync(wantTemp); 428 console.info(`Succeeded in getting network global proxy, result : ${JSON.stringify(result)}`); 429} catch (err) { 430 console.error(`Failed to get network global proxy. Code: ${err.code}, message: ${err.message}`); 431} 432``` 433 434## networkManager.getGlobalProxyForAccount<sup>15+</sup> 435 436getGlobalProxyForAccount(admin: Want, accountId: number): connection.HttpProxy 437 438获取指定用户下的网络代理,当前仅支持2in1设备。 439 440**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 441 442**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 443 444 445**参数:** 446 447| 参数名 | 类型 | 必填 | 说明 | 448| ------ | ------------------------------------------------------- | ---- | -------------- | 449| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | 450| accountId | number | 是 | 用户ID,取值范围:大于等于0。<br> accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。| 451 452**返回值:** 453 454| 类型 | 说明 | 455| ------------------------------------------------------------ | ------------------------------ | 456| [connection.HttpProxy](../apis-network-kit/js-apis-net-connection.md#httpproxy10) | 网络代理配置信息。 | 457 458**错误码**: 459 460以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 461 462| 错误码ID | 错误信息 | 463| -------- | ------------------------------------------------------------ | 464| 9200001 | The application is not an administrator application of the device. | 465| 9200002 | The administrator application does not have permission to manage the device. | 466| 201 | Permission verification failed. The application does not have the permission required to call the API. | 467| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 468 469**示例:** 470 471```ts 472import { Want } from '@kit.AbilityKit'; 473import { connection } from '@kit.NetworkKit'; 474let wantTemp: Want = { 475 bundleName: 'com.example.myapplication', 476 abilityName: 'EntryAbility', 477}; 478 479try { 480 let result: connection.HttpProxy = networkManager.getGlobalProxyForAccount(wantTemp, 100); 481 console.info(`Succeeded in getting network global proxy, result : ${JSON.stringify(result)}`); 482} catch (err) { 483 console.error(`Failed to get network global proxy. Code: ${err.code}, message: ${err.message}`); 484} 485``` 486 487## networkManager.addFirewallRule 488 489addFirewallRule(admin: Want, firewallRule: FirewallRule): void 490 491为设备添加防火墙过滤规则。<br/> 492添加了[Action](#action)为ALLOW规则后,将会默认添加DENY规则,不在ALLOW规则之内的网络数据包将会被丢弃或拦截。 493 494**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 495 496**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 497 498 499**参数:** 500 501| 参数名 | 类型 | 必填 | 说明 | 502| ------------ | ------------------------------------------------------- | ---- | -------------------- | 503| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 504| firewallRule | [FirewallRule](#firewallrule) | 是 | 添加防火墙过滤规则。 | 505 506**错误码**: 507 508以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 509 510| 错误码ID | 错误信息 | 511| -------- | ------------------------------------------------------------ | 512| 9200001 | The application is not an administrator application of the device. | 513| 9200002 | The administrator application does not have permission to manage the device. | 514| 201 | Permission verification failed. The application does not have the permission required to call the API. | 515| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 516 517**示例:** 518 519```ts 520import { Want } from '@kit.AbilityKit'; 521 522let wantTemp: Want = { 523 bundleName: 'com.example.myapplication', 524 abilityName: 'EntryAbility', 525}; 526let firewallRule: networkManager.FirewallRule = { 527 "srcAddr": "192.168.1.1-192.188.22.66", 528 "destAddr": "10.1.1.1", 529 "srcPort": "8080", 530 "destPort": "8080", 531 "appUid": "9696", 532 "direction": networkManager.Direction.OUTPUT, 533 "action": networkManager.Action.DENY, 534 "protocol": networkManager.Protocol.UDP, 535} 536 537networkManager.addFirewallRule(wantTemp, firewallRule); 538``` 539 540## networkManager.removeFirewallRule 541 542removeFirewallRule(admin: Want, firewallRule?: FirewallRule): void 543 544移除设备防火墙过滤规则。<br/> 545移除规则后如果不存在[Action](#action)为ALLOW规则后,会将[addFirewallRule](#networkmanageraddfirewallrule)添加的默认DENY规则清空。 546 547**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 548 549**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 550 551 552**参数:** 553 554| 参数名 | 类型 | 必填 | 说明 | 555| ------------ | ------------------------------------------------------- | ---- | ---------------------------------------------------- | 556| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 557| firewallRule | [FirewallRule](#firewallrule) | 否 | 移除防火墙过滤规则。值为空时,清空所有的防火墙规则。 | 558 559**错误码**: 560 561以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 562 563| 错误码ID | 错误信息 | 564| -------- | ------------------------------------------------------------ | 565| 9200001 | The application is not an administrator application of the device. | 566| 9200002 | The administrator application does not have permission to manage the device. | 567| 201 | Permission verification failed. The application does not have the permission required to call the API. | 568| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 569 570**示例:** 571 572```ts 573import { Want } from '@kit.AbilityKit'; 574 575let wantTemp: Want = { 576 bundleName: 'com.example.myapplication', 577 abilityName: 'EntryAbility', 578}; 579// 移除指定的规则 580let firewallRule: networkManager.FirewallRule = { 581 "srcAddr": "192.168.1.1-192.188.22.66", 582 "destAddr": "10.1.1.1", 583 "srcPort": "8080", 584 "destPort": "8080", 585 "appUid": "9696", 586 "direction": networkManager.Direction.OUTPUT, 587 "action": networkManager.Action.DENY, 588 "protocol": networkManager.Protocol.UDP, 589} 590networkManager.removeFirewallRule(wantTemp, firewallRule); 591 592// 清空所有规则 593networkManager.removeFirewallRule(wantTemp); 594``` 595 596## networkManager.getFirewallRules 597 598getFirewallRules(admin: Want): Array\<FirewallRule> 599 600查询设备防火墙过滤规则。 601 602**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 603 604**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 605 606 607**参数:** 608 609| 参数名 | 类型 | 必填 | 说明 | 610| ------ | ------------------------------------------------------- | ---- | -------------- | 611| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 612 613**返回值:** 614 615| 类型 | 说明 | 616| ------------------------------------- | ------------------------------------------------------------ | 617| Array\<[FirewallRule](#firewallrule)> | 返回当前设备配置的防火墙过滤规则列表,当方法调用错误时会抛出异常。 | 618 619**错误码**: 620 621以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 622 623| 错误码ID | 错误信息 | 624| -------- | ------------------------------------------------------------ | 625| 9200001 | The application is not an administrator application of the device. | 626| 9200002 | The administrator application does not have permission to manage the device. | 627| 201 | Permission verification failed. The application does not have the permission required to call the API. | 628| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 629 630**示例:** 631 632```ts 633import { Want } from '@kit.AbilityKit'; 634 635let wantTemp: Want = { 636 bundleName: 'com.example.myapplication', 637 abilityName: 'EntryAbility', 638}; 639let firewallRule: Array<networkManager.FirewallRule>; 640firewallRule = networkManager.getFirewallRules(wantTemp); 641``` 642 643## networkManager.addDomainFilterRule 644 645addDomainFilterRule(admin: Want, domainFilterRule: DomainFilterRule): void 646 647为设备添加域名过滤规则。<br/> 648添加了[Action](#action)为ALLOW规则后,将会默认添加DENY规则,不在ALLOW规则之内的域名解析数据包将会被丢弃或拦截。 649 650**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 651 652**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 653 654 655**参数:** 656 657| 参数名 | 类型 | 必填 | 说明 | 658| ---------------- | ------------------------------------------------------- | ---- | ------------------ | 659| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 660| domainFilterRule | [DomainFilterRule](#domainfilterrule) | 是 | 添加域名过滤规则。 | 661 662**错误码**: 663 664以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 665 666| 错误码ID | 错误信息 | 667| -------- | ------------------------------------------------------------ | 668| 9200001 | The application is not an administrator application of the device. | 669| 9200002 | The administrator application does not have permission to manage the device. | 670| 201 | Permission verification failed. The application does not have the permission required to call the API. | 671| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 672 673**示例:** 674 675```ts 676import { Want } from '@kit.AbilityKit'; 677 678let wantTemp: Want = { 679 bundleName: 'com.example.myapplication', 680 abilityName: 'EntryAbility', 681}; 682let domainFilterRule: networkManager.DomainFilterRule = { 683 "domainName": "www.example.com", 684 "appUid": "9696", 685 "action": networkManager.Action.DENY, 686} 687 688networkManager.addDomainFilterRule(wantTemp, domainFilterRule); 689``` 690 691## networkManager.removeDomainFilterRule 692 693removeDomainFilterRule(admin: Want, domainFilterRule?: DomainFilterRule): void 694 695移除设备域名过滤规则。<br/> 696移除规则后如果不存在[Action](#action)为ALLOW规则后,会将[addDomainFilterRule](#networkmanageradddomainfilterrule)添加的默认DENY规则清空。 697 698**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 699 700**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 701 702 703**参数:** 704 705| 参数名 | 类型 | 必填 | 说明 | 706| ---------------- | ------------------------------------------------------- | ---- | ------------------------------------------------ | 707| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 708| domainFilterRule | [DomainFilterRule](#domainfilterrule) | 否 | 移除域名过滤规则。值为空时,清空所有的域名规则。 | 709 710**错误码**: 711 712以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 713 714| 错误码ID | 错误信息 | 715| -------- | ------------------------------------------------------------ | 716| 9200001 | The application is not an administrator application of the device. | 717| 9200002 | The administrator application does not have permission to manage the device. | 718| 201 | Permission verification failed. The application does not have the permission required to call the API. | 719| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 720 721**示例:** 722 723```ts 724import { Want } from '@kit.AbilityKit'; 725 726let wantTemp: Want = { 727 bundleName: 'com.example.myapplication', 728 abilityName: 'EntryAbility', 729}; 730// 移除指定的规则 731let domainFilterRule: networkManager.DomainFilterRule = { 732 "domainName": "www.example.com", 733 "appUid": "9696", 734 "action": networkManager.Action.DENY, 735} 736networkManager.removeDomainFilterRule(wantTemp, domainFilterRule); 737 738// 清空所有规则 739networkManager.removeDomainFilterRule(wantTemp); 740``` 741 742## networkManager.getDomainFilterRules 743 744getDomainFilterRules(admin: Want): Array\<DomainFilterRule> 745 746查询设备域名过滤规则。 747 748**需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK 749 750**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 751 752 753**参数:** 754 755| 参数名 | 类型 | 必填 | 说明 | 756| ------ | ------------------------------------------------------- | ---- | -------------- | 757| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 758 759**返回值:** 760 761| 类型 | 说明 | 762| --------------------------------------------- | ------------------------------------------------------------ | 763| Array\<[DomainFilterRule](#domainfilterrule)> | 返回当前设备配置的域名过滤规则列表,当方法调用错误时会抛出异常。 | 764 765**错误码**: 766 767以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 768 769| 错误码ID | 错误信息 | 770| -------- | ------------------------------------------------------------ | 771| 9200001 | The application is not an administrator application of the device. | 772| 9200002 | The administrator application does not have permission to manage the device. | 773| 201 | Permission verification failed. The application does not have the permission required to call the API. | 774| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 775 776**示例:** 777 778```ts 779import { Want } from '@kit.AbilityKit'; 780 781let wantTemp: Want = { 782 bundleName: 'com.example.myapplication', 783 abilityName: 'EntryAbility', 784}; 785let domainFilterRule: Array<networkManager.DomainFilterRule>; 786domainFilterRule = networkManager.getDomainFilterRules(wantTemp); 787``` 788 789## FirewallRule 790 791防火墙过滤规则。 792 793**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 794 795 796| 名称 | 类型 | 必填 | 说明 | 797| --------- | ----------------------- | ---- | ------------------------------------------------------------ | 798| srcAddr | string | 否 | ip源地址。支持IP段,例如:192.168.0.0/22或者192.168.1.100-192.168.1.200 | 799| destAddr | string | 否 | ip目标地址。支持IP段,例如:192.168.0.0/22或者192.168.1.100-192.168.1.200 | 800| srcPort | string | 否 | 源端口。 | 801| destPort | string | 否 | 目标端口。 | 802| appUid | string | 否 | 应用uid。 | 803| direction | [Direction](#direction) | 否 | 规则链。<br/>添加防护墙过滤规则时必填;<br/>移除防火墙时非必填,当值为空时,表示清空所有的[Direction](#direction)链,且srcAddr,destAddr,srcPort,destPort,appUid也必须传入空值。 | 804| action | [Action](#action) | 否 | 接收或者丢弃数据包。<br/>添加防护墙过滤规则时必填;<br/>移除防火墙时非必填,当值为空时,表示清空所有的匹配[Action](#action)规则的链,且srcAddr,destAddr,srcPort,destPort,appUid也必须传入空值。 | 805| protocol | [Protocol](#protocol) | 否 | 网络协议。当值为ALL或者ICMP时,不允许设置srcPort与destPort。 | 806 807## DomainFilterRule 808 809域名过滤规则。 810 811**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 812 813 814| 名称 | 类型 | 必填 | 说明 | 815| ---------- | ----------------- | ---- | ------------------------------------------------------------ | 816| domainName | string | 否 | 域名。添加域名过滤规则时必填。 | 817| appUid | string | 否 | 应用uid。 | 818| action | [Action](#action) | 否 | 接收或者丢弃数据包。<br/>添加域名过滤规则时必填;<br/>移除域名过滤规则时非必填,当值为空时,表示清空所有的匹配[Action](#action)规则的链,且domainName,appUid也必须传入空值。 | 819| direction<sup>15+</sup> | [Direction](#direction) | 否 |规则链。<br/>添加防护墙过滤规则时必填;<br/>移除防火墙时非必填,当值为空时,表示清空所有的[Direction](#direction)链,且domainName,appUid也必须传入空值。| 820 821## Direction 822 823规则链。 824 825**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 826 827 828| 名称 | 值 | 说明 | 829| ------ | ---- | -------- | 830| INPUT | 0 | 输入链。 | 831| OUTPUT | 1 | 输出链。 | 832| FORWARD<sup>15+</sup> | 2 | 转发链。 | 833 834## Action 835 836数据包的行为。 837 838**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 839 840 841| 名称 | 值 | 说明 | 842| ----- | ---- | ------------ | 843| ALLOW | 0 | 接收数据包。 | 844| DENY | 1 | 丢弃数据包。 | 845| REJECT<sup>15+</sup> | 2 | 拒绝数据包。 | 846 847## Protocol 848 849网络协议。 850 851**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 852 853 854| 名称 | 值 | 说明 | 855| ---- | ---- | -------------- | 856| ALL | 0 | 全部网络协议。 | 857| TCP | 1 | 网络协议TCP。 | 858| UDP | 2 | 网络协议UDP。 | 859| ICMP | 3 | 网络协议ICMP。 |