1/* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit AbilityKit 19 */ 20 21import { AsyncCallback, Callback } from './@ohos.base'; 22import { Permissions } from './permissions'; 23import type _Context from './application/Context'; 24import type _PermissionRequestResult from './security/PermissionRequestResult'; 25 26/** 27 * @namespace abilityAccessCtrl 28 * @syscap SystemCapability.Security.AccessToken 29 * @since 8 30 */ 31/** 32 * @namespace abilityAccessCtrl 33 * @syscap SystemCapability.Security.AccessToken 34 * @atomicservice 35 * @since 11 36 */ 37/** 38 * @namespace abilityAccessCtrl 39 * @syscap SystemCapability.Security.AccessToken 40 * @crossplatform 41 * @atomicservice 42 * @since 12 43 */ 44declare namespace abilityAccessCtrl { 45 /** 46 * Obtains the AtManager instance. 47 * 48 * @returns { AtManager } Returns the instance of the AtManager. 49 * @syscap SystemCapability.Security.AccessToken 50 * @since 8 51 */ 52 /** 53 * Obtains the AtManager instance. 54 * 55 * @returns { AtManager } returns the instance of the AtManager. 56 * @syscap SystemCapability.Security.AccessToken 57 * @crossplatform 58 * @since 10 59 */ 60 /** 61 * Obtains the AtManager instance. 62 * 63 * @returns { AtManager } returns the instance of the AtManager. 64 * @syscap SystemCapability.Security.AccessToken 65 * @crossplatform 66 * @atomicservice 67 * @since 11 68 */ 69 function createAtManager(): AtManager; 70 71 /** 72 * Provides methods for managing access_token. 73 * 74 * @interface AtManager 75 * @syscap SystemCapability.Security.AccessToken 76 * @since 8 77 */ 78 /** 79 * Provides methods for managing access_token. 80 * 81 * @interface AtManager 82 * @syscap SystemCapability.Security.AccessToken 83 * @atomicservice 84 * @since 11 85 */ 86 interface AtManager { 87 /** 88 * Checks whether a specified application has been granted the given permission. 89 * 90 * @param { number } tokenID - Token ID of the application. 91 * @param { Permissions } permissionName - Name of the permission to be verified. The Permissions type supports only valid permission names. 92 * @returns { Promise<GrantStatus> } Returns permission verify result. 93 * @syscap SystemCapability.Security.AccessToken 94 * @since 9 95 */ 96 verifyAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus>; 97 98 /** 99 * Checks whether a specified application has been granted the given permission. 100 * 101 * @param { number } tokenID - Token ID of the application. 102 * @param { string } permissionName - Name of the permission to be verified. 103 * @returns { Promise<GrantStatus> } Returns permission verify result. 104 * @syscap SystemCapability.Security.AccessToken 105 * @since 8 106 * @deprecated since 9 107 * @useinstead ohos.abilityAccessCtrl.AtManager#checkAccessToken 108 */ 109 verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus>; 110 111 /** 112 * Checks whether a specified application has been granted the given permission synchronously. 113 * 114 * @param { number } tokenID - Token ID of the application. 115 * @param { Permissions } permissionName - Name of the permission to be verified. 116 * @returns { GrantStatus } Returns permission verify result. 117 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 118 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 119 * @syscap SystemCapability.Security.AccessToken 120 * @since 9 121 */ 122 verifyAccessTokenSync(tokenID: number, permissionName: Permissions): GrantStatus; 123 124 /** 125 * Checks whether a specified application has been granted the given permission. 126 * 127 * @param { number } tokenID - Token ID of the application. 128 * @param { Permissions } permissionName - Name of the permission to be verified. 129 * @returns { Promise<GrantStatus> } Returns permission verify result. 130 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 131 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 132 * @syscap SystemCapability.Security.AccessToken 133 * @since 9 134 */ 135 /** 136 * Checks whether a specified application has been granted the given permission. 137 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 138 * 139 * @param { number } tokenID - Token ID of the application. 140 * @param { Permissions } permissionName - Name of the permission to be verified. 141 * @returns { Promise<GrantStatus> } Returns permission verify result. 142 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 143 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 144 * @syscap SystemCapability.Security.AccessToken 145 * @crossplatform 146 * @since 10 147 */ 148 /** 149 * Checks whether a specified application has been granted the given permission. 150 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 151 * 152 * @param { number } tokenID - Token ID of the application. 153 * @param { Permissions } permissionName - Name of the permission to be verified. 154 * @returns { Promise<GrantStatus> } Returns permission verify result. 155 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 156 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 157 * @syscap SystemCapability.Security.AccessToken 158 * @crossplatform 159 * @atomicservice 160 * @since 11 161 */ 162 checkAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus>; 163 164 /** 165 * Checks whether a specified application has been granted the given permission. 166 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 167 * 168 * @param { number } tokenID - Token ID of the application. 169 * @param { Permissions } permissionName - Name of the permission to be verified. 170 * @returns { GrantStatus } Returns permission verify result. 171 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 172 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 173 * @syscap SystemCapability.Security.AccessToken 174 * @crossplatform 175 * @since 10 176 */ 177 /** 178 * Checks whether a specified application has been granted the given permission. 179 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 180 * 181 * @param { number } tokenID - Token ID of the application. 182 * @param { Permissions } permissionName - Name of the permission to be verified. 183 * @returns { GrantStatus } Returns permission verify result. 184 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 185 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 186 * @syscap SystemCapability.Security.AccessToken 187 * @crossplatform 188 * @atomicservice 189 * @since 11 190 */ 191 checkAccessTokenSync(tokenID: number, permissionName: Permissions): GrantStatus; 192 193 /** 194 * Requests certain permissions from the user. 195 * 196 * @param { Context } context - The context that initiates the permission request. 197 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 198 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 199 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 200 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 201 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 202 * @syscap SystemCapability.Security.AccessToken 203 * @stagemodelonly 204 * @since 9 205 */ 206 /** 207 * Requests certain permissions from the user. 208 * 209 * @param { Context } context - The context that initiates the permission request. 210 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 211 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 212 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 213 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 214 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 215 * @syscap SystemCapability.Security.AccessToken 216 * @stagemodelonly 217 * @crossplatform 218 * @since 10 219 */ 220 /** 221 * Requests certain permissions from the user. 222 * 223 * @param { Context } context - The context that initiates the permission request. 224 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 225 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 226 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 227 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 228 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 229 * @syscap SystemCapability.Security.AccessToken 230 * @stagemodelonly 231 * @crossplatform 232 * @atomicservice 233 * @since 12 234 */ 235 requestPermissionsFromUser( 236 context: Context, 237 permissionList: Array<Permissions>, 238 requestCallback: AsyncCallback<PermissionRequestResult> 239 ): void; 240 241 /** 242 * Requests certain permissions from the user. 243 * 244 * @param { Context } context - The context that initiates the permission request. 245 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 246 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 247 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 248 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 249 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 250 * @syscap SystemCapability.Security.AccessToken 251 * @stagemodelonly 252 * @since 9 253 */ 254 /** 255 * Requests certain permissions from the user. 256 * 257 * @param { Context } context - The context that initiates the permission request. 258 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 259 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 260 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 261 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 262 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 263 * @syscap SystemCapability.Security.AccessToken 264 * @stagemodelonly 265 * @crossplatform 266 * @since 10 267 */ 268 /** 269 * Requests certain permissions from the user. 270 * 271 * @param { Context } context - The context that initiates the permission request. 272 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 273 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 274 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 275 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 276 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 277 * @syscap SystemCapability.Security.AccessToken 278 * @stagemodelonly 279 * @crossplatform 280 * @atomicservice 281 * @since 11 282 */ 283 requestPermissionsFromUser(context: Context, permissionList: Array<Permissions>): Promise<PermissionRequestResult>; 284 285 /** 286 * Grants a specified user_grant permission to the given application. 287 * 288 * @permission ohos.permission.GRANT_SENSITIVE_PERMISSIONS 289 * @param { number } tokenID - Token ID of the application. 290 * @param { Permissions } permissionName - Name of the permission to be granted. 291 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 292 * @returns { Promise<void> } The promise returned by the function. 293 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 294 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GRANT_SENSITIVE_PERMISSIONS". 295 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 296 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the flags value is invalid. 297 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 298 * @throws { BusinessError } 12100003 - The specified permission does not exist. 299 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be granted with the specified permission. 300 * Either the application is a sandbox or the tokenID is from a remote device. 301 * @throws { BusinessError } 12100007 - The service is abnormal. 302 * @syscap SystemCapability.Security.AccessToken 303 * @systemapi 304 * @since 8 305 */ 306 grantUserGrantedPermission(tokenID: number, permissionName: Permissions, permissionFlags: number): Promise<void>; 307 308 /** 309 * Grants a specified user_grant permission to the given application. 310 * 311 * @permission ohos.permission.GRANT_SENSITIVE_PERMISSIONS 312 * @param { number } tokenID - Token ID of the application. 313 * @param { Permissions } permissionName - Name of the permission to be granted. 314 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 315 * @param { AsyncCallback<void> } callback - Asynchronous callback interface. 316 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 317 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GRANT_SENSITIVE_PERMISSIONS". 318 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 319 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the flags value is invalid. 320 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 321 * @throws { BusinessError } 12100003 - The specified permission does not exist. 322 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be granted with the specified permission. 323 * Either the application is a sandbox or the tokenID is from a remote device. 324 * @throws { BusinessError } 12100007 - The service is abnormal. 325 * @syscap SystemCapability.Security.AccessToken 326 * @systemapi 327 * @since 8 328 */ 329 grantUserGrantedPermission( 330 tokenID: number, 331 permissionName: Permissions, 332 permissionFlags: number, 333 callback: AsyncCallback<void> 334 ): void; 335 336 /** 337 * Revoke a specified user_grant permission to the given application. 338 * 339 * @permission ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 340 * @param { number } tokenID - Token ID of the application. 341 * @param { Permissions } permissionName - Name of the permission to be revoked. 342 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 343 * @returns { Promise<void> } The promise returned by the function. 344 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 345 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS". 346 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 347 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the flags value is invalid. 348 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 349 * @throws { BusinessError } 12100003 - The specified permission does not exist. 350 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be revoked with the specified permission. 351 * Either the application is a sandbox or the tokenID is from a remote device. 352 * @throws { BusinessError } 12100007 - The service is abnormal. 353 * @syscap SystemCapability.Security.AccessToken 354 * @systemapi 355 * @since 8 356 */ 357 revokeUserGrantedPermission(tokenID: number, permissionName: Permissions, permissionFlags: number): Promise<void>; 358 359 /** 360 * Revoke a specified user_grant permission to the given application. 361 * 362 * @permission ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 363 * @param { number } tokenID - Token ID of the application. 364 * @param { Permissions } permissionName - Name of the permission to be revoked. 365 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 366 * @param { AsyncCallback<void> } callback - Asynchronous callback interface. 367 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 368 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS". 369 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 370 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the flags value is invalid. 371 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 372 * @throws { BusinessError } 12100003 - The specified permission does not exist. 373 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be revoked with the specified permission. 374 * Either the application is a sandbox or the tokenID is from a remote device. 375 * @throws { BusinessError } 12100007 - The service is abnormal. 376 * @syscap SystemCapability.Security.AccessToken 377 * @systemapi 378 * @since 8 379 */ 380 revokeUserGrantedPermission( 381 tokenID: number, 382 permissionName: Permissions, 383 permissionFlags: number, 384 callback: AsyncCallback<void> 385 ): void; 386 387 /** 388 * Queries specified permission flags of the given application. 389 * 390 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS or ohos.permission.GRANT_SENSITIVE_PERMISSIONS or ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 391 * @param { number } tokenID - Token ID of the application. 392 * @param { Permissions } permissionName - Name of the permission to be get. 393 * @returns { Promise<number> } Return permission flags. 394 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 395 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 396 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 397 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 398 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 399 * @throws { BusinessError } 12100003 - The specified permission does not exist. 400 * @throws { BusinessError } 12100006 - The operation is not allowed. Either the application is a sandbox or the tokenID is from a remote device. 401 * @throws { BusinessError } 12100007 - The service is abnormal. 402 * @syscap SystemCapability.Security.AccessToken 403 * @systemapi 404 * @since 8 405 */ 406 getPermissionFlags(tokenID: number, permissionName: Permissions): Promise<number>; 407 408 /** 409 * Set the toggle status of one permission flag. 410 * 411 * @permission ohos.permission.DISABLE_PERMISSION_DIALOG 412 * @param { Permissions } permissionName - Name of the permission associated with the toggle status to be set. 413 * @param { PermissionRequestToggleStatus } status - The toggle status to be set. 414 * @returns { Promise<void> } The promise returned by the function. 415 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 416 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 417 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 418 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionName exceeds 256 characters, or the status value is invalid. 419 * @throws { BusinessError } 12100003 - The specified permission does not exist. 420 * @throws { BusinessError } 12100007 - The service is abnormal. 421 * @syscap SystemCapability.Security.AccessToken 422 * @systemapi 423 * @since 12 424 */ 425 setPermissionRequestToggleStatus(permissionName: Permissions, status: PermissionRequestToggleStatus): Promise<void>; 426 427 /** 428 * Get the toggle status of one permission flag. 429 * 430 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 431 * @param { Permissions } permissionName - Name of the permission associated with the toggle status to be get. 432 * @returns { Promise<PermissionRequestToggleStatus> } Return the toggle status. 433 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 434 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 435 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 436 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionName exceeds 256 characters. 437 * @throws { BusinessError } 12100003 - The specified permission does not exist. 438 * @throws { BusinessError } 12100007 - The service is abnormal. 439 * @syscap SystemCapability.Security.AccessToken 440 * @systemapi 441 * @since 12 442 */ 443 getPermissionRequestToggleStatus(permissionName: Permissions): Promise<PermissionRequestToggleStatus>; 444 445 /** 446 * Queries permission management version. 447 * 448 * @returns { Promise<number> } Return permission version. 449 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 450 * @syscap SystemCapability.Security.AccessToken 451 * @systemapi 452 * @since 9 453 */ 454 getVersion(): Promise<number>; 455 456 /** 457 * Queries permissions status of the given application. 458 * 459 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 460 * @param { number } tokenID - Token ID of the application. 461 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be queried. This parameter cannot be null or empty. 462 * @returns { Promise<Array<PermissionStatus>> } Return permission status. 463 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 464 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 465 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 466 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionList is empty. 467 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 468 * @throws { BusinessError } 12100007 - The service is abnormal. 469 * @syscap SystemCapability.Security.AccessToken 470 * @systemapi 471 * @since 12 472 */ 473 getPermissionsStatus(tokenID: number, permissionList: Array<Permissions>): Promise<Array<PermissionStatus>>; 474 475 /** 476 * Registers a permission state callback so that the application can be notified upon specified permission state of specified applications changes. 477 * 478 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 479 * @param { 'permissionStateChange' } type - Event type. 480 * @param { Array<number> } tokenIDList - A list of permissions that specify the permissions to be listened on. The value in the list can be: 481 * <br> {@code empty} - Indicates that the application can be notified if the specified permission state of any applications changes. 482 * <br> {@code non-empty} - Indicates that the application can only be notified if the specified permission state of the specified applications change. 483 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. The value in the list can be: 484 * <br> {@code empty} - Indicates that the application can be notified if any permission state of the specified applications changes. 485 * <br> {@code non-empty} - Indicates that the application can only be notified if the specified permission state of the specified applications changes. 486 * @param { Callback<PermissionStateChangeInfo> } callback - Callback for the result from registering permissions. 487 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 488 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 489 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 490 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 491 * @throws { BusinessError } 12100004 - The API is used repeatedly with the same input. 492 * @throws { BusinessError } 12100005 - The registration time has exceeded the limitation. 493 * @throws { BusinessError } 12100007 - The service is abnormal. 494 * @throws { BusinessError } 12100008 - Out of memory. 495 * @syscap SystemCapability.Security.AccessToken 496 * @systemapi 497 * @since 9 498 */ 499 on( 500 type: 'permissionStateChange', 501 tokenIDList: Array<number>, 502 permissionList: Array<Permissions>, 503 callback: Callback<PermissionStateChangeInfo> 504 ): void; 505 506 /** 507 * Registers a permission state callback so that the application can be notified upon specified permission state changes. 508 * 509 * @param { 'selfPermissionStateChange' } type - Event type. 510 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. The value in the list can be: 511 * <br> {@code empty} - Indicates that the application can be notified if any permission state changes. 512 * <br> {@code non-empty} - Indicates that the application can only be notified if the specified permission state changes. 513 * @param { Callback<PermissionStateChangeInfo> } callback - Callback for the result from registering permissions. 514 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 515 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionName exceeds 256 characters. 516 * @throws { BusinessError } 12100004 - The API is used repeatedly with the same input. 517 * @throws { BusinessError } 12100005 - The registration time has exceeded the limitation. 518 * @throws { BusinessError } 12100007 - The service is abnormal. 519 * @syscap SystemCapability.Security.AccessToken 520 * @atomicservice 521 * @since 18 522 */ 523 on( 524 type: 'selfPermissionStateChange', 525 permissionList: Array<Permissions>, 526 callback: Callback<PermissionStateChangeInfo> 527 ): void; 528 529 /** 530 * Unregisters a permission state callback so that the specified applications cannot be notified upon specified permissions state changes anymore. 531 * 532 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 533 * @param { 'permissionStateChange' } type - Event type. 534 * @param { Array<number> } tokenIDList - A list of permissions that specify the permissions to be listened on. 535 * It should correspond to the value registered by function of "on", whose type is "permissionStateChange". 536 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. 537 * It should correspond to the value registered by function of "on", whose type is "permissionStateChange". 538 * @param { Callback<PermissionStateChangeInfo> } callback - Callback for the result from unregistering permissions. 539 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 540 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 541 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 542 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenIDs or permissionNames in the list are all invalid. 543 * @throws { BusinessError } 12100004 - The API is not used in pair with 'on'. 544 * @throws { BusinessError } 12100007 - The service is abnormal. 545 * @throws { BusinessError } 12100008 - Out of memory. 546 * @syscap SystemCapability.Security.AccessToken 547 * @systemapi 548 * @since 9 549 */ 550 off( 551 type: 'permissionStateChange', 552 tokenIDList: Array<number>, 553 permissionList: Array<Permissions>, 554 callback?: Callback<PermissionStateChangeInfo> 555 ): void; 556 557 /** 558 * Unregisters a permission state callback so that the application cannot be notified upon specified permissions state changes anymore. 559 * 560 * @param { 'selfPermissionStateChange' } type - Event type. 561 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. 562 * It should correspond to the value registered by function of "on", whose type is "selfPermissionStateChange". 563 * @param { Callback<PermissionStateChangeInfo> } callback - Callback for the result from unregistering permissions. 564 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 565 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionNames in the list are all invalid. 566 * @throws { BusinessError } 12100004 - The API is not used in pair with 'on'. 567 * @throws { BusinessError } 12100007 - The service is abnormal. 568 * @syscap SystemCapability.Security.AccessToken 569 * @atomicservice 570 * @since 18 571 */ 572 off( 573 type: 'selfPermissionStateChange', 574 permissionList: Array<Permissions>, 575 callback?: Callback<PermissionStateChangeInfo> 576 ): void; 577 578 /** 579 * Requests certain permissions on setting from the user. 580 * 581 * @param { Context } context - The context that initiates the permission request. 582 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 583 * @param { Array<Permissions> } permissionList - Indicates the list of permission to be requested. This parameter cannot be null or empty. 584 * @returns { Promise<Array<GrantStatus>> } Returns the list of status of the specified permission. 585 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types. 586 * @throws { BusinessError } 12100001 - Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 587 * 2. The permission list contains the permission that is not declared in the module.json file; 3. The permission list is invalid because the permissions in it do not belong to the same permission group. 588 * @throws { BusinessError } 12100010 - The request already exists. 589 * @throws { BusinessError } 12100011 - All permissions in the permission list have been granted. 590 * @throws { BusinessError } 12100012 - The permission list contains the permission that has not been revoked by the user. 591 * @syscap SystemCapability.Security.AccessToken 592 * @stagemodelonly 593 * @atomicservice 594 * @since 12 595 */ 596 requestPermissionOnSetting(context: Context, permissionList: Array<Permissions>): Promise<Array<GrantStatus>>; 597 598 /** 599 * Requests certain global switch status on setting from the user. 600 * 601 * @param { Context } context - The context that initiates the permission request. 602 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 603 * @param { SwitchType } type - Indicates the type of global switch to be requested. This parameter cannot be null or empty. 604 * @returns { Promise<boolean> } Returns the status of the specified global switch. 605 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types. 606 * @throws { BusinessError } 12100001 - Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 2. The type of global switch is not support. 607 * @throws { BusinessError } 12100010 - The request already exists. 608 * @throws { BusinessError } 12100013 - The specific global switch is already open. 609 * @syscap SystemCapability.Security.AccessToken 610 * @stagemodelonly 611 * @atomicservice 612 * @since 12 613 */ 614 requestGlobalSwitch(context: Context, type: SwitchType): Promise<boolean>; 615 616 /** 617 * Starts the permission manager page of an application. 618 * 619 * @param { number } tokenID - Token ID of the application. 620 * @returns { Promise<void> } The promise returned by the function. 621 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 622 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 623 * @throws { BusinessError } 12100007 - The service is abnormal. 624 * @syscap SystemCapability.Security.AccessToken 625 * @systemapi 626 * @stagemodelonly 627 * @since 18 628 */ 629 requestPermissionOnApplicationSetting(tokenID: number): Promise<void>; 630 } 631 632 /** 633 * GrantStatus. 634 * 635 * @enum { number } 636 * @syscap SystemCapability.Security.AccessToken 637 * @since 8 638 */ 639 /** 640 * GrantStatus. 641 * 642 * @enum { number } 643 * @syscap SystemCapability.Security.AccessToken 644 * @crossplatform 645 * @since 10 646 */ 647 /** 648 * GrantStatus. 649 * 650 * @enum { number } 651 * @syscap SystemCapability.Security.AccessToken 652 * @crossplatform 653 * @atomicservice 654 * @since 11 655 */ 656 export enum GrantStatus { 657 /** 658 * access_token permission check fail 659 * 660 * @syscap SystemCapability.Security.AccessToken 661 * @since 8 662 */ 663 /** 664 * access_token permission check fail 665 * 666 * @syscap SystemCapability.Security.AccessToken 667 * @crossplatform 668 * @since 10 669 */ 670 /** 671 * access_token permission check fail 672 * 673 * @syscap SystemCapability.Security.AccessToken 674 * @crossplatform 675 * @atomicservice 676 * @since 11 677 */ 678 PERMISSION_DENIED = -1, 679 /** 680 * access_token permission check success 681 * 682 * @syscap SystemCapability.Security.AccessToken 683 * @since 8 684 */ 685 /** 686 * access_token permission check success 687 * 688 * @syscap SystemCapability.Security.AccessToken 689 * @crossplatform 690 * @since 10 691 */ 692 /** 693 * access_token permission check success 694 * 695 * @syscap SystemCapability.Security.AccessToken 696 * @crossplatform 697 * @atomicservice 698 * @since 11 699 */ 700 PERMISSION_GRANTED = 0 701 } 702 703 /** 704 * Enum for permission state change type. 705 * 706 * @enum { number } 707 * @syscap SystemCapability.Security.AccessToken 708 * @atomicservice 709 * @since 18 710 */ 711 export enum PermissionStateChangeType { 712 /** 713 * A granted user_grant permission is revoked. 714 * 715 * @syscap SystemCapability.Security.AccessToken 716 * @atomicservice 717 * @since 18 718 */ 719 PERMISSION_REVOKED_OPER = 0, 720 /** 721 * A user_grant permission is granted. 722 * 723 * @syscap SystemCapability.Security.AccessToken 724 * @atomicservice 725 * @since 18 726 */ 727 PERMISSION_GRANTED_OPER = 1 728 } 729 730 /** 731 * Enum for permission request toggle status. 732 * 733 * @enum { number } 734 * @syscap SystemCapability.Security.AccessToken 735 * @systemapi 736 * @since 12 737 */ 738 export enum PermissionRequestToggleStatus { 739 /** 740 * The toggle status of one permission flag is closed. 741 * 742 * @syscap SystemCapability.Security.AccessToken 743 * @systemapi 744 * @since 12 745 */ 746 CLOSED = 0, 747 /** 748 * The toggle status of one permission flag is open. 749 * 750 * @syscap SystemCapability.Security.AccessToken 751 * @systemapi 752 * @since 12 753 */ 754 OPEN = 1, 755 } 756 757 /** 758 * Indicates the information of permission state change. 759 * 760 * @interface PermissionStateChangeInfo 761 * @syscap SystemCapability.Security.AccessToken 762 * @atomicservice 763 * @since 18 764 * @name PermissionStateChangeInfo 765 */ 766 interface PermissionStateChangeInfo { 767 /** 768 * Indicates the permission state change type. 769 * 770 * @type { PermissionStateChangeType } 771 * @syscap SystemCapability.Security.AccessToken 772 * @atomicservice 773 * @since 18 774 */ 775 change: PermissionStateChangeType; 776 777 /** 778 * Indicates the application whose permission state has been changed. 779 * 780 * @type { number } 781 * @syscap SystemCapability.Security.AccessToken 782 * @atomicservice 783 * @since 18 784 */ 785 tokenID: number; 786 787 /** 788 * Indicates the permission whose state has been changed. 789 * 790 * @type { Permissions } 791 * @syscap SystemCapability.Security.AccessToken 792 * @atomicservice 793 * @since 18 794 */ 795 permissionName: Permissions; 796 } 797 798 /** 799 * PermissionStatus. 800 * 801 * @enum { number } 802 * @syscap SystemCapability.Security.AccessToken 803 * @systemapi 804 * @since 12 805 */ 806 export enum PermissionStatus { 807 /** 808 * permission has been denied, only can change it in settings 809 * 810 * @syscap SystemCapability.Security.AccessToken 811 * @systemapi 812 * @since 12 813 */ 814 DENIED = -1, 815 /** 816 * permission has been granted 817 * 818 * @syscap SystemCapability.Security.AccessToken 819 * @systemapi 820 * @since 12 821 */ 822 GRANTED = 0, 823 /** 824 * permission is not determined 825 * 826 * @syscap SystemCapability.Security.AccessToken 827 * @systemapi 828 * @since 12 829 */ 830 NOT_DETERMINED = 1, 831 /** 832 * permission is invalid 833 * 834 * @syscap SystemCapability.Security.AccessToken 835 * @systemapi 836 * @since 12 837 */ 838 INVALID = 2, 839 /** 840 * permission has been restricted 841 * 842 * @syscap SystemCapability.Security.AccessToken 843 * @systemapi 844 * @since 12 845 */ 846 RESTRICTED = 3 847 } 848 849 /** 850 * SwitchType. 851 * 852 * @enum { number } 853 * @syscap SystemCapability.Security.AccessToken 854 * @atomicservice 855 * @since 12 856 */ 857 export enum SwitchType { 858 /** 859 * switch of camera 860 * 861 * @syscap SystemCapability.Security.AccessToken 862 * @atomicservice 863 * @since 12 864 */ 865 CAMERA = 0, 866 /** 867 * switch of microphone 868 * 869 * @syscap SystemCapability.Security.AccessToken 870 * @atomicservice 871 * @since 12 872 */ 873 MICROPHONE = 1, 874 /** 875 * switch of location 876 * 877 * @syscap SystemCapability.Security.AccessToken 878 * @atomicservice 879 * @since 12 880 */ 881 LOCATION = 2, 882 } 883} 884 885export default abilityAccessCtrl; 886export { Permissions }; 887/** 888 * PermissionRequestResult interface. 889 * 890 * @typedef { _PermissionRequestResult } 891 * @syscap SystemCapability.Security.AccessToken 892 * @stagemodelonly 893 * @crossplatform 894 * @since 10 895 */ 896/** 897 * PermissionRequestResult interface. 898 * 899 * @typedef { _PermissionRequestResult } 900 * @syscap SystemCapability.Security.AccessToken 901 * @stagemodelonly 902 * @crossplatform 903 * @atomicservice 904 * @since 11 905 */ 906export type PermissionRequestResult = _PermissionRequestResult; 907/** 908 * Context interface. 909 * 910 * @typedef { _Context } 911 * @syscap SystemCapability.Security.AccessToken 912 * @stagemodelonly 913 * @crossplatform 914 * @since 10 915 */ 916/** 917 * Context interface. 918 * 919 * @typedef { _Context } 920 * @syscap SystemCapability.Security.AccessToken 921 * @stagemodelonly 922 * @crossplatform 923 * @atomicservice 924 * @since 11 925 */ 926export type Context = _Context; 927