1# @ohos.enterprise.securityManager(安全管理) 2 3本模块提供设备安全管理的能力,包括查询安全补丁状态、查询文件加密状态等。 4 5> **说明:** 6> 7> 本模块首批接口从API version 12开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。 8> 9> 本模块接口仅可在Stage模型下使用。 10> 11> 本模块接口仅对[设备管理应用](../../mdm/mdm-kit-guide.md#功能介绍)开放,需将设备管理应用激活后调用,实现相应功能。 12 13## 导入模块 14 15```ts 16import { securityManager } from '@kit.MDMKit'; 17``` 18 19## securityManager.uninstallUserCertificate 20 21uninstallUserCertificate(admin: Want, certUri: string): Promise<void> 22 23卸载用户证书,使用Promise异步回调。 24 25**需要权限:** ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 26 27**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 28 29**参数:** 30 31| 参数名 | 类型 | 必填 | 说明 | 32| ------- | ------------------------------------------------------- | ---- | --------------------------------- | 33| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 34| certUri | string | 是 | 证书uri,由安装用户证书接口[installUserCertificate](#securitymanagerinstallusercertificate)设置返回。 | 35 36**返回值:** 37 38| 类型 | 说明 | 39| ------------------- | ------------------------------------------------------------ | 40| Promise<void> | 无返回结果的Promise对象。当指定设备管理应用卸载用户证书失败时会抛出错误对象。 | 41 42**错误码**: 43 44以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 45 46| 错误码ID | 错误信息 | 47| -------- | ------------------------------------------------------------ | 48| 9200001 | The application is not an administrator application of the device. | 49| 9200002 | The administrator application does not have permission to manage the device. | 50| 9201001 | Failed to manage the certificate. | 51| 201 | Permission verification failed. The application does not have the permission required to call the API. | 52| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 53 54**示例:** 55 56```ts 57import { Want } from '@kit.AbilityKit'; 58import { BusinessError } from '@kit.BasicServicesKit'; 59let wantTemp: Want = { 60 bundleName: 'com.example.myapplication', 61 abilityName: 'EntryAbility', 62}; 63let aliasStr = "certName" 64securityManager.uninstallUserCertificate(wantTemp, aliasStr).then(() => { 65 console.info(`Succeeded in uninstalling user certificate.`); 66}).catch((err: BusinessError) => { 67 console.error(`Failed to uninstall user certificate. Code is ${err.code}, message is ${err.message}`); 68}); 69``` 70 71## securityManager.installUserCertificate 72 73installUserCertificate(admin: Want, certificate: CertBlob): Promise<string> 74 75安装用户证书,使用Promise异步回调。 76 77**需要权限:** ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 78 79**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 80 81**参数:** 82 83| 参数名 | 类型 | 必填 | 说明 | 84| ----------- | ------------------------------------------------------- | ---- | -------------- | 85| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 86| certificate | [CertBlob](#certblob) | 是 | 证书信息。证书文件应放在应用沙箱路径等应用有权限访问的路径下。 | 87 88**返回值:** 89 90| 类型 | 说明 | 91| --------------------- | ---------------------------------------------------- | 92| Promise<string> | Promise对象,返回当前证书安装后的uri,用于卸载证书。 | 93 94**错误码**: 95 96以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 97 98| 错误码ID | 错误信息 | 99| -------- | ------------------------------------------------------------ | 100| 9200001 | The application is not an administrator application of the device. | 101| 9200002 | The administrator application does not have permission to manage the device. | 102| 9201001 | Failed to manage the certificate. | 103| 201 | Permission verification failed. The application does not have the permission required to call the API. | 104| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 105 106**示例:** 107 108```ts 109import { common, Want } from '@kit.AbilityKit'; 110import { BusinessError } from '@kit.BasicServicesKit'; 111let wantTemp: Want = { 112 bundleName: 'com.example.myapplication', 113 abilityName: 'EntryAbility', 114}; 115let certFileArray: Uint8Array = new Uint8Array(); 116// The variable context needs to be initialized in MainAbility's onCreate callback function 117// test.cer needs to be placed in the rawfile directory 118const context = this.getUIContext().getHostContext() as common.UIAbilityContext; 119context.resourceManager.getRawFileContent("test.cer").then((value) => { 120 certFileArray = value; 121 securityManager.installUserCertificate(wantTemp, { inData: certFileArray, alias: "cert_alias_xts" }) 122 .then((result) => { 123 console.info(`Succeeded in installing user certificate, result : ${JSON.stringify(result)}`); 124 }).catch((err: BusinessError) => { 125 console.error(`Failed to install user certificate. Code: ${err.code}, message: ${err.message}`); 126 }) 127}).catch((err: BusinessError) => { 128 console.error(`Failed to get row file content. message: ${err.message}`); 129 return; 130}); 131``` 132 133## securityManager.installUserCertificate<sup>18+</sup> 134 135installUserCertificate(admin: Want, certificate: CertBlob, accountId: number): string 136 137支持按系统账户安装用户证书。 138 139**需要权限:** ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 140 141**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 142 143**参数:** 144 145| 参数名 | 类型 | 必填 | 说明 | 146| ----------- | ------------------------------------------------------- | ---- | -------------- | 147| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 148| certificate | [CertBlob](#certblob) | 是 | 证书信息。证书文件应放在应用沙箱路径等应用有权限访问的路径下。 | 149| accountId | number | 是 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 | 150 151**返回值:** 152 153| 类型 | 说明 | 154| --------------------- | ---------------------------------------------------- | 155| string | 返回当前证书安装后的uri,用于卸载证书。 | 156 157**错误码**: 158 159以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 160 161| 错误码ID | 错误信息 | 162| -------- | ------------------------------------------------------------ | 163| 9200001 | The application is not an administrator application of the device. | 164| 9200002 | The administrator application does not have permission to manage the device. | 165| 9201001 | Failed to manage the certificate. | 166| 201 | Permission verification failed. The application does not have the permission required to call the API. | 167 168**示例:** 169 170```ts 171import { common, Want } from '@kit.AbilityKit'; 172let wantTemp: Want = { 173 bundleName: 'com.example.myapplication', 174 abilityName: 'EntryAbility', 175}; 176let certFileArray: Uint8Array = new Uint8Array(); 177let accountId: number = 100; 178// The variable context needs to be initialized in MainAbility's onCreate callback function 179// test.cer needs to be placed in the rawfile directory 180const context = this.getUIContext().getHostContext() as common.UIAbilityContext; 181context.resourceManager.getRawFileContent("test.cer").then((value) => { 182 certFileArray = value; 183 try { 184 let result: string = securityManager.installUserCertificate(wantTemp, { inData: certFileArray, alias: "cert_alias_xts" }, accountId); 185 console.info(`Succeeded in installing user certificate. result: ${result}`); 186 } catch (err) { 187 console.error(`Failed to install user certificate. Code: ${err.code}, message: ${err.message}`); 188 } 189}); 190``` 191## securityManager.getUserCertificates<sup>18+</sup> 192 193getUserCertificates(admin: Want, accountId: number): Array<string> 194 195获取指定系统账户下的用户证书。 196 197**需要权限:** ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 198 199**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 200 201**参数:** 202 203| 参数名 | 类型 | 必填 | 说明 | 204| ------ | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 205| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 206| accountId | number | 是 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 | 207 208**返回值:** 209 210| 类型 | 说明 | 211| ------ | -------------------- | 212| Array<string> | 返回在指定用户ID下安装的所有用户证书。 | 213 214**错误码**: 215 216以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 217 218| 错误码ID | 错误信息 | 219| -------- | ------------------------------------------------------------ | 220| 9200001 | The application is not an administrator application of the device. | 221| 9200002 | The administrator application does not have permission to manage the device. | 222| 201 | Permission verification failed. The application does not have the permission required to call the API. | 223 224**示例:** 225 226```ts 227import { Want } from '@kit.AbilityKit'; 228let wantTemp: Want = { 229 bundleName: 'com.example.myapplication', 230 abilityName: 'EntryAbility', 231}; 232let accountId: number = 100; 233try { 234 let result: Array<string> = securityManager.getUserCertificates(wantTemp, accountId); 235 console.info(`Succeeded in getting the uri list of user Certificates. result: ${JSON.stringify(result)}`); 236} catch (err) { 237 console.error(`Failed to get the uri list of user Certificates. Code: ${err.code}, message: ${err.message}`); 238} 239``` 240 241## securityManager.getSecurityStatus 242 243getSecurityStatus(admin: Want, item: string): string 244 245获取安全策略信息。 246 247**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 248 249**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 250 251**参数:** 252 253| 参数名 | 类型 | 必填 | 说明 | 254| ------ | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 255| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 256| item | string | 是 | 安全策略名称。<br/>- patch:设备安全补丁。<br/>- encryption:设备文件系统加密。 <!--RP1--><!--RP1End-->| 257 258**返回值:** 259 260| 类型 | 说明 | 261| ------ | -------------------- | 262| string | 返回安全策略状态值。 | 263 264**错误码**: 265 266以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 267 268| 错误码ID | 错误信息 | 269| -------- | ------------------------------------------------------------ | 270| 9200001 | The application is not an administrator application of the device. | 271| 9200002 | The administrator application does not have permission to manage the device. | 272| 201 | Permission verification failed. The application does not have the permission required to call the API. | 273| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 274 275**示例:** 276 277```ts 278import { Want } from '@kit.AbilityKit'; 279let wantTemp: Want = { 280 bundleName: 'com.example.myapplication', 281 abilityName: 'EntryAbility', 282}; 283 284try { 285 let result: string = securityManager.getSecurityStatus(wantTemp, 'patch'); 286 console.info(`Succeeded in getting security patch tag. tag: ${result}`); 287} catch (err) { 288 console.error(`Failed to get security patch tag. Code: ${err.code}, message: ${err.message}`); 289} 290``` 291 292## securityManager.setPasswordPolicy 293 294setPasswordPolicy(admin: Want, policy: PasswordPolicy): void 295 296设置设备口令策略。 297 298**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 299 300**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 301 302**参数:** 303 304| 参数名 | 类型 | 必填 | 说明 | 305| -------- | ---------------------------------------- | ---- | ------------------------------- | 306| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 307| policy | [PasswordPolicy](#passwordpolicy) | 是 | 设备口令策略。 | 308 309**错误码**: 310 311以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 312 313| 错误码ID | 错误信息 | 314| ------- | ---------------------------------------------------------------------------- | 315| 9200001 | The application is not an administrator application of the device. | 316| 9200002 | The administrator application does not have permission to manage the device. | 317| 201 | Permission verification failed. The application does not have the permission required to call the API. | 318| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 319 320**示例:** 321 322```ts 323import { Want } from '@kit.AbilityKit'; 324let wantTemp: Want = { 325 bundleName: 'com.example.myapplication', 326 abilityName: 'EntryAbility', 327}; 328 329let policy: securityManager.PasswordPolicy = { 330 complexityRegex: '^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$', 331 validityPeriod: 1, 332 additionalDescription: '至少八个字符,至少一个大写字母,一个小写字母,一个数字和一个特殊字符', 333} 334try { 335 securityManager.setPasswordPolicy(wantTemp, policy); 336 console.info(`Succeeded in setting password policy.`); 337} catch(err) { 338 console.error(`Failed to set password policy. Code: ${err.code}, message: ${err.message}`); 339} 340``` 341 342## securityManager.getPasswordPolicy 343 344getPasswordPolicy(admin: Want): PasswordPolicy 345 346获取设备口令策略。 347 348**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 349 350**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 351 352**参数:** 353 354| 参数名 | 类型 | 必填 | 说明 | 355| -------- | ---------------------------------------- | ---- | ------------------------------- | 356| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 357 358**返回值:** 359 360| 类型 | 说明 | 361| --------------------- | ------------------------- | 362| [PasswordPolicy](#passwordpolicy) | 设备口令策略。 | 363 364**错误码**: 365 366以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 367 368| 错误码ID | 错误信息 | 369| ------- | ---------------------------------------------------------------------------- | 370| 9200001 | The application is not an administrator application of the device. | 371| 9200002 | The administrator application does not have permission to manage the device. | 372| 201 | Permission verification failed. The application does not have the permission required to call the API. | 373| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 374 375**示例:** 376 377```ts 378import { Want } from '@kit.AbilityKit'; 379let wantTemp: Want = { 380 bundleName: 'com.example.myapplication', 381 abilityName: 'EntryAbility', 382}; 383 384try { 385 let result: securityManager.PasswordPolicy = securityManager.getPasswordPolicy(wantTemp); 386 console.info(`Succeeded in getting password policy, result : ${JSON.stringify(result)}`); 387} catch(err) { 388 console.error(`Failed to get password policy. Code: ${err.code}, message: ${err.message}`); 389} 390``` 391 392## securityManager.setAppClipboardPolicy 393 394setAppClipboardPolicy(admin: Want, tokenId: number, policy: ClipboardPolicy): void 395 396设置设备剪贴板策略。 397 398**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 399 400**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 401 402**参数:** 403 404| 参数名 | 类型 | 必填 | 说明 | 405| -------- | ---------------------------------------- | ---- | ------------------------------- | 406| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 407| tokenId | number | 是 | 目标应用的身份标识。可通过[bundleManager.getApplicationInfo](../apis-ability-kit/js-apis-bundleManager-applicationInfo.md)再去获取accessTokenId获得。当前只支持最多100个tokenId被保存策略。 | 408| policy | [ClipboardPolicy](#clipboardpolicy) | 是 | 剪贴板策略。 | 409 410**错误码**: 411 412以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 413 414| 错误码ID | 错误信息 | 415| ------- | ---------------------------------------------------------------------------- | 416| 9200001 | The application is not an administrator application of the device. | 417| 9200002 | The administrator application does not have permission to manage the device. | 418| 201 | Permission verification failed. The application does not have the permission required to call the API. | 419| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 420 421**示例:** 422 423```ts 424import { Want } from '@kit.AbilityKit'; 425let wantTemp: Want = { 426 bundleName: 'com.example.myapplication', 427 abilityName: 'EntryAbility', 428}; 429let tokenId: number = 586874394; 430try { 431 securityManager.setAppClipboardPolicy(wantTemp, tokenId, securityManager.ClipboardPolicy.IN_APP); 432 console.info(`Succeeded in setting clipboard policy.`); 433} catch(err) { 434 console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`); 435} 436``` 437 438## securityManager.getAppClipboardPolicy 439 440getAppClipboardPolicy(admin: Want, tokenId?: number): string 441 442获取设备剪贴板策略。 443 444**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 445 446**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 447 448**参数:** 449 450| 参数名 | 类型 | 必填 | 说明 | 451| -------- | ---------------------------------------- | ---- | ------------------------------- | 452| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 453| tokenId | number | 否 | 目标应用的身份标识。可通过[bundleManager.getApplicationInfo](../apis-ability-kit/js-apis-bundleManager-applicationInfo.md)再去获取accessTokenId获得。当前只支持最多100个tokenId被保存策略。 | 454 455**返回值:** 456 457| 类型 | 说明 | 458| --------------------- | ------------------------- | 459| string | 返回JSON字符串形式的设备剪贴板策略。| 460 461**错误码**: 462 463以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 464 465| 错误码ID | 错误信息 | 466| ------- | ---------------------------------------------------------------------------- | 467| 9200001 | The application is not an administrator application of the device. | 468| 9200002 | The administrator application does not have permission to manage the device. | 469| 201 | Permission verification failed. The application does not have the permission required to call the API. | 470| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 471 472**示例:** 473 474```ts 475import { Want } from '@kit.AbilityKit'; 476let wantTemp: Want = { 477 bundleName: 'com.example.myapplication', 478 abilityName: 'EntryAbility', 479}; 480let tokenId: number = 586874394; 481try { 482 let result: string = securityManager.getAppClipboardPolicy(wantTemp, tokenId); 483 console.info(`Succeeded in getting password policy, result : ${result}`); 484} catch(err) { 485 console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`); 486} 487``` 488 489## securityManager.setAppClipboardPolicy<sup>18+</sup> 490 491setAppClipboardPolicy(admin: Want, bundleName: string, accountId: number, policy: ClipboardPolicy): void 492 493设置指定包名和用户Id的设备剪贴板策略。当前只支持最多保存100个策略。 494 495**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 496 497**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 498 499**参数:** 500 501| 参数名 | 类型 | 必填 | 说明 | 502| ------- | ------------------------------------------------------- | --- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | 503| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 504| bundleName | string | 是 | 被设置剪贴板策略的应用包名。 | 505| accountId | number | 是 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 | 506| policy | [ClipboardPolicy](#clipboardpolicy) | 是 | 剪贴板策略。 | 507 508**错误码**: 509 510以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 511 512| 错误码ID | 错误信息 | 513| ------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | 514| 9200001 | The application is not an administrator application of the device. | 515| 9200002 | The administrator application does not have permission to manage the device. | 516| 201 | Permission verification failed. The application does not have the permission required to call the API. | 517 518**示例:** 519 520```ts 521import { Want } from '@kit.AbilityKit'; 522 523let wantTemp: Want = { 524 bundleName: 'com.example.myapplication', 525 abilityName: 'EntryAbility', 526}; 527let bundleName: string = 'com.example.myapplication'; 528let accountId: number = 100; 529try { 530 securityManager.setAppClipboardPolicy(wantTemp, bundleName, accountId, securityManager.ClipboardPolicy.IN_APP); 531 console.info(`Succeeded in setting clipboard policy.`); 532} catch(err) { 533 console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`); 534} 535``` 536 537## securityManager.getAppClipboardPolicy<sup>18+</sup> 538 539getAppClipboardPolicy(admin: Want, bundleName: string, accountId: number): string 540 541获取指定包名和用户Id的设备剪贴板策略。 542 543**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 544 545**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 546 547**参数:** 548 549| 参数名 | 类型 | 必填 | 说明 | 550| ------- | ------------------------------------------------------- | --- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | 551| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 552| bundleName | string | 是 | 被设置剪贴板策略的应用包名。 | 553| accountId | number | 是 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 | 554 555**返回值:** 556 557| 类型 | 说明 | 558| ----------------------------------- | -------- | 559| string | 返回JSON字符串形式的设备剪贴板策略。 | 560 561**错误码**: 562 563以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 564 565| 错误码ID | 错误信息 | 566| ------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | 567| 9200001 | The application is not an administrator application of the device. | 568| 9200002 | The administrator application does not have permission to manage the device. | 569| 201 | Permission verification failed. The application does not have the permission required to call the API. | 570 571**示例:** 572 573```ts 574import { Want } from '@kit.AbilityKit'; 575 576let wantTemp: Want = { 577 bundleName: 'com.example.myapplication', 578 abilityName: 'EntryAbility', 579}; 580let bundleName: string = 'com.example.myapplication'; 581let accountId: number = 100; 582try { 583 let result: string = securityManager.getAppClipboardPolicy(wantTemp, bundleName, accountId); 584 console.info(`Succeeded in getting password policy, result : ${result}`); 585} catch(err) { 586 console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`); 587} 588``` 589 590## securityManager.setWatermarkImage<sup>14+</sup> 591 592setWatermarkImage(admin: Want, bundleName: string, source: string | image.PixelMap, accountId: number): void 593 594设置水印策略,当前仅支持2in1设备使用。 595 596**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 597 598**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 599 600**参数:** 601 602| 参数名 | 类型 | 必填 | 说明 | 603| -------- | ---------------------------------------- | ---- | ------------------------------- | 604| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 605| bundleName | string | 是 | 被设置水印的应用包名。 | 606| source | string \| [image.PixelMap](../apis-image-kit/js-apis-image.md) | 是 | string表示图像路径,图像路径为应用沙箱路径等应用有权限访问的路径。<br>image.PixelMap表示图像对象,图像像素占用大小不能超过500KB。 | 607| accountId | number | 是 | 用户ID。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 | 608 609**错误码**: 610 611以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 612 613| 错误码ID | 错误信息 | 614| ------- | ---------------------------------------------------------------------------- | 615| 9200001 | The application is not an administrator application of the device. | 616| 9200002 | The administrator application does not have permission to manage the device. | 617| 201 | Permission verification failed. The application does not have the permission required to call the API. | 618| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 619 620**示例:** 621 622```ts 623import { Want } from '@kit.AbilityKit'; 624let wantTemp: Want = { 625 bundleName: 'com.example.myapplication', 626 abilityName: 'EntryAbility', 627}; 628let bundleName: string = 'com.example.myapplication'; 629let source: string = '/data/storage/el1/base/test.png'; 630let accountId: number = 100; 631try { 632 securityManager.setWatermarkImage(wantTemp, bundleName, source, accountId); 633 console.info(`Succeeded in setting set watermarkImage policy.`); 634} catch(err) { 635 console.error(`Failed to set watermarkImage policy. Code: ${err.code}, message: ${err.message}`); 636} 637``` 638 639## securityManager.cancelWatermarkImage<sup>14+</sup> 640 641cancelWatermarkImage(admin: Want, bundleName: string, accountId: number): void 642 643取消水印策略,当前仅支持2in1设备使用。 644 645**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY 646 647**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 648 649**参数:** 650 651| 参数名 | 类型 | 必填 | 说明 | 652| -------- | ---------------------------------------- | ---- | ------------------------------- | 653| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 | 654| bundleName | string | 是 | 被取消水印的应用包名。 | 655| accountId | number | 是 | 用户ID。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 | 656 657**错误码**: 658 659以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 660 661| 错误码ID | 错误信息 | 662| ------- | ---------------------------------------------------------------------------- | 663| 9200001 | The application is not an administrator application of the device. | 664| 9200002 | The administrator application does not have permission to manage the device. | 665| 201 | Permission verification failed. The application does not have the permission required to call the API. | 666| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 667 668**示例:** 669 670```ts 671import { Want } from '@kit.AbilityKit'; 672let wantTemp: Want = { 673 bundleName: 'com.example.myapplication', 674 abilityName: 'EntryAbility', 675}; 676let bundleName: string = 'com.example.myapplication'; 677let accountId: number = 100; 678try { 679 securityManager.cancelWatermarkImage(wantTemp, bundleName, accountId); 680 console.info(`Succeeded in setting cancel watermarkImage policy.`); 681} catch(err) { 682 console.error(`Failed to cancel watermarkImage policy. Code: ${err.code}, message: ${err.message}`); 683} 684``` 685 686## CertBlob 687 688证书信息。 689 690**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 691 692| 名称 | 类型 | 必填 | 说明 | 693| ------ | ---------- | ---- | ------------------ | 694| inData | Uint8Array | 是 | 证书的二进制内容。 | 695| alias | string | 是 | 证书别名。 | 696 697## PasswordPolicy 698 699设备口令策略。 700 701**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 702 703| 名称 | 类型 | 必填 | 说明 | 704| ----------- | --------| ---- | ------------------------------- | 705| complexityRegex | string | 否 | 口令复杂度正则表达式。 | 706| validityPeriod | number | 否 | 密码有效期(单位:毫秒)。 | 707| additionalDescription | string | 否 | 描述文本。 | 708 709## ClipboardPolicy 710 711设备剪贴板策略。 712 713**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager 714 715| 名称 | 值 | 说明 | 716| ----------- | -------- | ------------------------------- | 717| DEFAULT | 0 | 默认。 | 718| IN_APP | 1 | 剪贴板可在同一应用使用。 | 719| LOCAL_DEVICE | 2 | 剪贴板可在同一设备使用。 | 720| CROSS_DEVICE | 3 | 剪贴板可跨设备使用。 |
