# @ohos.dlpPermission (DLP) (System API)
Data loss prevention (DLP) is a system solution provided to prevent data disclosure. The **dlpPermission** module provides APIs for cross-device file access management, encrypted storage, and access authorization.
> **NOTE**
>
> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version.
> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.dlpPermission](js-apis-dlppermission.md).
## Modules to Import
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
```
## dlpPermission.getDLPGatheringPolicy
getDLPGatheringPolicy(): Promise<GatheringPolicyType>
Obtains the DLP sandbox gathering policy. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<[GatheringPolicyType](#gatheringpolicytype)> | Promise used to return the DLP sandbox gathering policy obtained.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { BusinessError } from '@kit.BasicServicesKit';
try {
let res: dlpPermission.GatheringPolicyType = await dlpPermission.getDLPGatheringPolicy(); // Obtain the sandbox gathering policy.
console.info('res', JSON.stringify(res));
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
}
```
## dlpPermission.getDLPGatheringPolicy
getDLPGatheringPolicy(callback: AsyncCallback<GatheringPolicyType>): void
Obtains the DLP sandbox gathering policy. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| callback | AsyncCallback<[GatheringPolicyType](#gatheringpolicytype)> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { BusinessError } from '@kit.BasicServicesKit';
try {
dlpPermission.getDLPGatheringPolicy((err, res) => {
if (err !== undefined) {
console.error('getDLPGatheringPolicy error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
}); // Obtain the sandbox gathering policy.
} catch (err) {
console.error('getDLPGatheringPolicy error,', (err as BusinessError).code, (err as BusinessError).message);
}
```
## dlpPermission.installDLPSandbox
installDLPSandbox(bundleName: string, access: DLPFileAccess, userId: number, uri: string): Promise<DLPSandboxInfo>
Installs a DLP sandbox application for an application. This API uses a promise to return the sandbox application installed.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.|
| access | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | Yes| Permission on the DLP file.|
| userId | number | Yes| Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**.|
| uri | string | Yes| URI of the DLP file. The value contains up to 4095 bytes.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<[DLPSandboxInfo](#dlpsandboxinfo)> | Promise used to return the information about the sandbox application installed.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { BusinessError } from '@kit.BasicServicesKit';
try {
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let res: dlpPermission.DLPSandboxInfo = await dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri); // Install a DLP sandbox application.
console.info('res', JSON.stringify(res));
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
}
```
## dlpPermission.installDLPSandbox
installDLPSandbox(bundleName: string, access: DLPFileAccess, userId: number, uri:string, callback: AsyncCallback<DLPSandboxInfo>): void
Installs a DLP sandbox application for an application. This API uses an asynchronous callback to return the index of the sandbox application installed.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.|
| access | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | Yes| Permission on the DLP file.|
| userId | number | Yes| Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**.|
| uri | string | Yes| URI of the DLP file. The value contains up to 4095 bytes.|
| callback | AsyncCallback<[DLPSandboxInfo](#dlpsandboxinfo)> | Yes| Callback used to return the information about the sandbox application installed.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
try {
dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri, (err, res) => {
if (err !== undefined) {
console.error('installDLPSandbox error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
}); // Install a DLP sandbox application.
} catch (err) {
console.error('installDLPSandbox error,', (err as BusinessError).code, (err as BusinessError).message);
}
```
## dlpPermission.uninstallDLPSandbox
uninstallDLPSandbox(bundleName: string, userId: number, appIndex: number): Promise<void>
Uninstalls a DLP sandbox application for an application. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.|
| userId | number | Yes| Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**.|
| appIndex | number | Yes| DLP sandbox index.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
try {
let res = await dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri);
console.info('res', JSON.stringify(res));
await dlpPermission.uninstallDLPSandbox('com.ohos.note', 100, res.appIndex); // UnInstall a DLP sandbox application.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
}
```
## dlpPermission.uninstallDLPSandbox
uninstallDLPSandbox(bundleName: string, userId: number, appIndex: number, callback: AsyncCallback<void>): void
Uninstalls a DLP sandbox application for an application. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.|
| userId | number | Yes| Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**.|
| appIndex | number | Yes| DLP sandbox index, which is the value returned after **installDLPSandbox** is successfully called.|
| callback | AsyncCallback<void> | Yes| Callback used to return the uninstallation result.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
try {
let res = await dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri) // Install a DLP sandbox application.
console.info('res', JSON.stringify(res));
dlpPermission.uninstallDLPSandbox('com.ohos.note', 100, res.appIndex, (err, res) => {
if (err !== undefined) {
console.error('uninstallDLPSandbox error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
});
} catch (err) {
console.error('uninstallDLPSandbox error,', (err as BusinessError).code, (err as BusinessError).message);
}
```
## dlpPermission.on('uninstallDLPSandbox')
on(type: 'uninstallDLPSandbox', listener: Callback<DLPSandboxState>): void
Subscribes to a DLP sandbox uninstall event.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| type | 'uninstallDLPSandbox' | Yes| Event type. It has a fixed value of **uninstallDLPSandbox**, which indicates the DLP sandbox application uninstall event.|
| listener | Callback<[DLPSandboxState](#dlpsandboxstate)> | Yes| Callback used when a sandbox application is uninstalled.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { BusinessError } from '@kit.BasicServicesKit';
try {
dlpPermission.on('uninstallDLPSandbox', (info: dlpPermission.DLPSandboxState) => {
console.info('uninstallDLPSandbox event', info.appIndex, info.bundleName)
}); // Subscribe to the DLP sandbox application uninstall event.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
}
```
## dlpPermission.off('uninstallDLPSandbox')
off(type: 'uninstallDLPSandbox', listener?: Callback<DLPSandboxState>): void
Unsubscribes from the DLP sandbox uninstall event.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| type | 'uninstallDLPSandbox' | Yes| Event type. It has a fixed value of **uninstallDLPSandbox**, which indicates the DLP sandbox application uninstall event.|
| listener | Callback<[DLPSandboxState](#dlpsandboxstate)> | No| Callback used when a sandbox application is uninstalled. By default, this parameter is left blank, which unregisters all callbacks for the sandbox uninstall event.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { BusinessError } from '@kit.BasicServicesKit';
try {
dlpPermission.off('uninstallDLPSandbox', (info: dlpPermission.DLPSandboxState) => {
console.info('uninstallDLPSandbox event', info.appIndex, info.bundleName)
}); // Unsubscribe from the DLP sandbox application uninstall event.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
}
```
## DLPFile
Provides APIs for managing DLP files. A **DLPFile** instance indicates a DLP file object. You can use [generateDLPFile](#dlppermissiongeneratedlpfile) or [openDLPFile](#dlppermissionopendlpfile11) to obtain a **DLPFile** instance.
### Attributes
**System API**: This is a system API.
**System capability**: SystemCapability.Security.DataLossPrevention
| Name| Type| Read Only| Mandatory| Description|
| -------- | -------- | -------- | -------- | -------- |
| dlpProperty | [DLPProperty](#dlpproperty) | No| Yes| Authorized user information.|
### addDLPLinkFile
addDLPLinkFile(linkFileName: string): Promise<void>
Adds a link file to the Filesystem in Userspace (FUSE). The link file is a virtual file mapped to the ciphertext in the FUSE. The read and write operations on the link file will be synchronized to the DLP file. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
} finally {
dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
}
```
### addDLPLinkFile
addDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void
Adds a link file to the FUSE. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.|
| callback | AsyncCallback<void> | Yes| Callback used to return the result.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
dlpFile.addDLPLinkFile('test.txt.dlp.link', async (err, res) => {
if (err !== undefined) {
console.error('addDLPLinkFile error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
await dlpFile?.closeDLPFile(); // Close the DLP object.
fileIo.closeSync(file);
});
} catch (err) {
console.error('addDLPLinkFile error,', (err as BusinessError).code, (err as BusinessError).message);
await dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
}
```
### stopFuseLink
stopFuseLink(): Promise<void>
Stops the read and write on the FUSE. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId) // Open a DLP file.
dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
dlpFile.stopFuseLink(); // Stop read/write on the link file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
} finally {
dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
}
```
### stopFuseLink
stopFuseLink(callback: AsyncCallback<void>): void
Stops the read and write on the FUSE. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| callback | AsyncCallback<void> | Yes| Callback used to return the result.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
dlpFile.stopFuseLink(async (err, res) => {
if (err !== undefined) {
console.error('stopFuseLink error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
await dlpFile?.closeDLPFile(); // Close the DLP object.
fileIo.closeSync(file);
});
} catch (err) {
console.error('stopFuseLink error,', (err as BusinessError).code, (err as BusinessError).message);
await dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
}
```
### resumeFuseLink
resumeFuseLink(): Promise<void>
Resumes the read and write on the FUSE. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
await dlpFile.stopFuseLink(); // Stop the read and write on the FUSE.
await dlpFile.resumeFuseLink(); // Resume read/write on the link file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
} finally {
dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
```
### resumeFuseLink
resumeFuseLink(callback: AsyncCallback<void>): void
Resumes the read and write on the FUSE. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| callback | AsyncCallback<void> | Yes| Callback used to return the result.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
await dlpFile.stopFuseLink(); // Stop the read and write on the FUSE.
dlpFile.resumeFuseLink(async (err, res) => {
if (err !== undefined) {
console.error('resumeFuseLink error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
await dlpFile?.closeDLPFile(); // Close the DLP object.
fileIo.closeSync(file);
});
} catch (err) {
console.error('resumeFuseLink error,', (err as BusinessError).code, (err as BusinessError).message);
await dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
```
### replaceDLPLinkFile
replaceDLPLinkFile(linkFileName: string): Promise<void>
Replaces a link file. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
await dlpFile.stopFuseLink(); // Stop the read and write on the FUSE.
await dlpFile.replaceDLPLinkFile('test_new.txt.dlp.link'); // Replace a link file.
await dlpFile.resumeFuseLink(); // Resume read/write on the link file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
} finally {
await dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
```
### replaceDLPLinkFile
replaceDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void
Replaces a link file. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.|
| callback | AsyncCallback<void> | Yes| Callback used to return the result.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
await dlpFile.stopFuseLink(); // Stop the read and write on the FUSE.
dlpFile.replaceDLPLinkFile('test_new.txt.dlp.link', async (err, res) => { // Replace a link file.
if (err !== undefined) {
console.error('replaceDLPLinkFile error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
await dlpFile?.resumeFuseLink(); // Resume the read and write on the FUSE.
}
await dlpFile?.closeDLPFile(); // Close the DLP object.
fileIo.closeSync(file);
});
} catch (err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
await dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
```
### deleteDLPLinkFile
deleteDLPLinkFile(linkFileName: string): Promise<void>
Deletes a link file from the FUSE. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
await dlpFile.deleteDLPLinkFile('test.txt.dlp.link'); // Delete a link file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
} finally {
await dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
```
### deleteDLPLinkFile
deleteDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void
Deletes a link file. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.|
| callback | AsyncCallback<void> | Yes| Callback used to return the result.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file.
dlpFile.deleteDLPLinkFile('test.txt.dlp.link', async (err, res) => { // Delete a link file.
if (err !== undefined) {
console.error('deleteDLPLinkFile error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
await dlpFile?.closeDLPFile(); // Close the DLP object.
fileIo.closeSync(file);
});
} catch (err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
await dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
```
### recoverDLPFile
recoverDLPFile(plaintextFd: number): Promise<void>
Recovers the plaintext of a DLP file. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| plaintextFd | number | Yes| FD of the target plaintext file.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100002 | Credential task error. |
| 19100003 | Credential task time out. |
| 19100004 | Credential service error. |
| 19100005 | Credential authentication server error. |
| 19100008 | The file is not a DLP file. |
| 19100009 | Failed to operate the DLP file. |
| 19100010 | The DLP file is read only. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let destFile: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
destFile = fileIo.openSync('destUri').fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
await dlpFile.recoverDLPFile(destFile); // Recover the plaintext of a DLP file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
} finally {
dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
if (destFile) {
fileIo.closeSync(destFile);
}
}
```
### recoverDLPFile
recoverDLPFile(plaintextFd: number, callback: AsyncCallback<void>): void
Recovers the plaintext of a DLP file. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| plaintextFd | number | Yes| FD of the target plaintext file.|
| callback | AsyncCallback<void> | Yes| Callback used to return the result.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100002 | Credential task error. |
| 19100003 | Credential task time out. |
| 19100004 | Credential service error. |
| 19100005 | Credential authentication server error. |
| 19100008 | The file is not a DLP file. |
| 19100009 | Failed to operate the DLP file. |
| 19100010 | The DLP file is read only. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let destFile: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
destFile = fileIo.openSync('destUri').fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
dlpFile.recoverDLPFile(destFile, async (err, res) => { // Recover the plaintext of a DLP file.
if (err !== undefined) {
console.error('recoverDLPFile error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
await dlpFile?.closeDLPFile(); // Close the DLP object.
fileIo.closeSync(file);
fileIo.closeSync(destFile);
});
} catch (err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
await dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
if (destFile) {
fileIo.closeSync(destFile);
}
}
```
### closeDLPFile
closeDLPFile(): Promise<void>
Closes this **DLPFile** instance. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
> **NOTE**
>
> If a DLP file is no longer used, close the **dlpFile** instance to release the memory.
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
} finally {
dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
}
```
### closeDLPFile
closeDLPFile(callback: AsyncCallback<void>): void
Closes this **DLPFile** instance. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
> **NOTE**
>
> If a DLP file is no longer used, close the **dlpFile** instance to release the memory.
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| callback | AsyncCallback<void> | Yes| Callback used to return the result.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
dlpFile.closeDLPFile((err, res) => {// Close the DLP file.
if (err !== undefined) {
console.error('closeDLPFile error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
fileIo.closeSync(file);
});
} catch (err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
if (file) {
fileIo.closeSync(file);
}
}
```
## dlpPermission.generateDLPFile
generateDLPFile(plaintextFd: number, ciphertextFd: number, property: DLPProperty): Promise<DLPFile>
Generates a DLP file, which is an encrypted file that can be accessed only by authorized users. The users can have the full control permission or read-only permission on the DLP file. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| plaintextFd | number | Yes| FD of the plaintext file to be encrypted.|
| ciphertextFd | number | Yes| FD of the encrypted file.|
| property | [DLPProperty](#dlpproperty) | Yes| Authorization information, which includes the authorized user list, owner account, and contact account information.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<[DLPFile](#dlpfile)> | Promise If the operation is successful, a **DLPFile** instance is returned. Otherwise, **null** is returned.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100002 | Credential task error. |
| 19100003 | Credential task time out. |
| 19100004 | Credential service error. |
| 19100005 | Credential authentication server error. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { BusinessError } from '@kit.BasicServicesKit';
let dlpUri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt';
let file: number | undefined = undefined;
let dlp: number | undefined = undefined;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try {
file = fileIo.openSync(uri).fd;
dlp = fileIo.openSync(dlpUri).fd;
let dlpProperty: dlpPermission.DLPProperty = {
ownerAccount: 'zhangsan',
ownerAccountType: dlpPermission.AccountType.DOMAIN_ACCOUNT,
authUserList: [],
contactAccount: 'zhangsan',
offlineAccess: true,
ownerAccountID: 'xxxxxxx',
everyoneAccessList: []
};
dlpFile = await dlpPermission.generateDLPFile(file, dlp, dlpProperty); // Generate a DLP file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
} finally {
dlpFile?.closeDLPFile(); // Close the DLP object.
if (file) {
fileIo.closeSync(file);
}
if (dlp) {
fileIo.closeSync(dlp);
}
}
```
## dlpPermission.generateDLPFile
generateDLPFile(plaintextFd: number, ciphertextFd: number, property: DLPProperty, callback: AsyncCallback<DLPFile>): void
Generates a DLP file, which is an encrypted file that can be accessed only by authorized users. The users can have the full control permission or read-only permission on the DLP file. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| plaintextFd | number | Yes| FD of the plaintext file to be encrypted.|
| ciphertextFd | number | Yes| FD of the encrypted file.|
| property | [DLPProperty](#dlpproperty) | Yes| Authorization information, which includes the authorized user list, owner account, and contact account information.|
| callback | AsyncCallback<[DLPFile](#dlpfile)> | Yes| Callback used to return the **DLPFile** instance created.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100002 | Credential task error. |
| 19100003 | Credential task time out. |
| 19100004 | Credential service error. |
| 19100005 | Credential authentication server error. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { BusinessError } from '@kit.BasicServicesKit';
let dlpUri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt';
let file: number | undefined = undefined;
let dlp: number | undefined = undefined;
try {
file = fileIo.openSync(uri).fd;
dlp = fileIo.openSync(dlpUri).fd;
let dlpProperty: dlpPermission.DLPProperty = {
ownerAccount: 'zhangsan',
ownerAccountType: dlpPermission.AccountType.DOMAIN_ACCOUNT,
authUserList: [],
contactAccount: 'zhangsan',
offlineAccess: true,
ownerAccountID: 'xxxxxxx',
everyoneAccessList: []
};
dlpPermission.generateDLPFile(file, dlp, dlpProperty, (err, res) => { // Generate a DLP file.
if (err !== undefined) {
console.error('generateDLPFile error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
fileIo.closeSync(file);
fileIo.closeSync(dlp);
});
} catch (err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
if (file) {
fileIo.closeSync(file);
}
if (dlp) {
fileIo.closeSync(dlp);
}
}
}
```
## dlpPermission.openDLPFile11+
openDLPFile(ciphertextFd: number, appId: string): Promise<DLPFile>
Opens a DLP file. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| ciphertextFd | number | Yes| FD of the encrypted file.|
| appId | string | Yes| ID of the caller. The value contains 8 to 1024 bytes.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<[DLPFile](#dlpfile)> | Promise If the operation is successful, a **DLPFile** instance is returned. Otherwise, **null** is returned.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100002 | Credential task error. |
| 19100003 | Credential task time out. |
| 19100004 | Credential service error. |
| 19100005 | Credential authentication server error. |
| 19100008 | The file is not a DLP file. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
| 19100018 | Not authorized application. |
| 19100019 | The DLP file has expired. |
| 19100020 | No network connection. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
let dlpFile: dlpPermission.DLPFile | undefined = undefined;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file.
} catch (err) {
console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails.
dlpFile?.closeDLPFile(); // Close the DLP object.
} finally {
if (file) {
fileIo.closeSync(file);
}
}
```
## dlpPermission.openDLPFile11+
openDLPFile(ciphertextFd: number, appId: string, callback: AsyncCallback<DLPFile>): void
Opens a DLP file. This API uses an asynchronous callback to return the result.
**System API**: This is a system API.
**Required permissions**: ohos.permission.ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| ciphertextFd | number | Yes| FD of the encrypted file.|
| appId | string | Yes| ID of the caller. The value contains 8 to 1024 bytes.|
| callback | AsyncCallback<[DLPFile](#dlpfile)> | Yes| Callback used to return the **DLPFile** instance created.|
**Error codes**
For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. |
| 19100001 | Invalid parameter value. |
| 19100002 | Credential task error. |
| 19100003 | Credential task time out. |
| 19100004 | Credential service error. |
| 19100005 | Credential authentication server error. |
| 19100008 | The file is not a DLP file. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
| 19100018 | Not authorized application. |
| 19100019 | The DLP file has expired. |
| 19100020 | No network connection. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp';
let file: number | undefined = undefined;
let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO;
let appId = '';
let bundleName = 'com.ohos.note';
let userId = 100;
try{
let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId);
appId = data.signatureInfo.appId;
} catch (err) {
console.error('error', err.code, err.message);
}
try {
file = fileIo.openSync(uri).fd;
dlpPermission.openDLPFile(file, appId, (err, res) => { // Open a DLP file.
if (err !== undefined) {
console.error('openDLPFile error,', err.code, err.message);
} else {
console.info('res', JSON.stringify(res));
}
if (file) {
fileIo.closeSync(file);
}
});
} catch (err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
if (file) {
fileIo.closeSync(file);
}
}
```
## dlpPermission.generateDlpFileForEnterprise20+
generateDLPFileForEnterprise(plaintextFd: number, dlpFd: number, property: DLPProperty, customProperty: CustomProperty): Promise<void>
Obtains a **DLPFile** object. This API uses a promise to return the result.
>**NOTE**
>
> This API generates a DLP file, which is an encrypted file that can be accessed only by users with full control permissions.
**System API**: This is a system API.
**Required permissions:** ohos.permission.ENTERPEISE_ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| plaintextFd | number | Yes| FD of the plaintext file.|
| dlpFd | number | Yes| FD of the encrypted file.|
| property | [DLPProperty](#dlpproperty) | Yes| General properties of the DLP file.|
| customProperty | [CustomProperty](#customproperty20) | Yes| Custom properties.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [DLP Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 19100001 | Invalid parameter value. |
| 19100002 | Credential service busy due to too many tasks or duplicate tasks. |
| 19100003 | Credential task time out. |
| 19100004 | Credential service error. |
| 19100005 | Credential authentication server error. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { BusinessError } from '@kit.BasicServicesKit';
async function ExampleFunction(plainFilePath: string, dlpFilePath: string) {
let plaintextFd: number | undefined = undefined;
let dlpFd: number | undefined = undefined;
try {
plaintextFd = fileIo.openSync(plainFilePath, fileIo.OpenMode.READ_ONLY).fd;
dlpFd = fileIo.openSync(dlpFilePath, fileIo.OpenMode.READ_WRITE | fileIo.OpenMode.CREATE).fd;
let dlpProperty: dlpPermission.DLPProperty = {
ownerAccount: 'zhangsan',
ownerAccountType: dlpPermission.AccountType.DOMAIN_ACCOUNT,
authUserList: [],
contactAccount: 'zhangsan',
offlineAccess: true,
ownerAccountID: 'xxxxxxx',
everyoneAccessList: []
};
let customProperty: dlpPermission.CustomProperty = {
enterprise: 'customProperty'
};
await dlpPermission.generateDlpFileForEnterprise(plaintextFd, dlpFd, dlpProperty, customProperty);
console.info('Successfully generate DLP file for enterprise.');
} catch(err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
} finally {
if (dlpFd) {
fileIo.closeSync(dlpFd);
}
if (plaintextFd) {
fileIo.closeSync(plaintextFd);
}
}
}
```
## dlpPermission.decryptDlpFile20+
decryptDlpFile(dlpFd: number, plaintextFd: number): Promise<void>
Decrypts a DLP file to generate a plaintext file. This API uses a promise to return the result.
>**NOTE**
>
> This API can decrypt DLP files only by users with full control permissions.
**System API**: This is a system API.
**Required permissions:** ohos.permission.ENTERPEISE_ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| dlpFd | number | Yes| FD of the file to be decrypted.|
| plaintextFd | number | Yes| FD of the decrypted file.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<void> | Promise that returns no value.|
**Error codes**
For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [DLP Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 19100001 | Invalid parameter value. |
| 19100002 | Credential service busy due to too many tasks or duplicate tasks. |
| 19100003 | Credential task time out. |
| 19100004 | Credential service error. |
| 19100005 | Credential authentication server error. |
| 19100009 | Failed to operate the DLP file. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { BusinessError } from '@kit.BasicServicesKit';
async function ExampleFunction(plainFilePath: string, dlpFilePath: string) {
let plaintextFd: number | undefined = undefined;
let dlpFd: number | undefined = undefined;
try {
plaintextFd = fileIo.openSync(plainFilePath, fileIo.OpenMode.READ_WRITE | fileIo.OpenMode.CREATE).fd;
dlpFd = fileIo.openSync(dlpFilePath, fileIo.OpenMode.READ_ONLY).fd;
await dlpPermission.decryptDlpFile(dlpFd, plaintextFd);
console.info('Successfully decrypt DLP file.');
} catch(err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
} finally {
if (dlpFd) {
fileIo.closeSync(dlpFd);
}
if (plaintextFd) {
fileIo.closeSync(plaintextFd);
}
}
}
```
## dlpPermission.queryDlpPolicy20+
queryDlpPolicy(dlpFd: number): Promise<string>
Parses the file header in a DLP file to obtain the DLP plaintext policy. This API uses a promise to return the result.
**System API**: This is a system API.
**Required permissions:** ohos.permission.ENTERPEISE_ACCESS_DLP_FILE
**System capability**: SystemCapability.Security.DataLossPrevention
**Parameters**
| Name| Type| Mandatory| Description|
| -------- | -------- | -------- | -------- |
| dlpFd | number | Yes| FD of the file to be decrypted.|
**Return value**
| Type| Description|
| -------- | -------- |
| Promise<string> | Promise used to return the JSON string of the DLP policy.|
**Error codes**
For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [DLP Error Codes](errorcode-dlp.md).
| ID| Error Message|
| -------- | -------- |
| 201 | Permission denied. |
| 202 | Non-system applications use system APIs. |
| 19100001 | Invalid parameter value. |
| 19100011 | The system ability works abnormally. |
**Example**
```ts
import { dlpPermission } from '@kit.DataProtectionKit';
import { fileIo } from '@kit.CoreFileKit';
import { BusinessError } from '@kit.BasicServicesKit';
async function ExampleFunction(dlpFilePath: string) {
let dlpFd : number | undefined = undefined;
try {
dlpFd = fileIo.openSync(dlpFilePath, fileIo.OpenMode.READ_ONLY).fd;
let policy: string = await dlpPermission.queryDlpPolicy(dlpFd);
console.info('DLP policy:' + policy);
} catch(err) {
console.error('error,', (err as BusinessError).code, (err as BusinessError).message);
} finally {
if (dlpFd) {
fileIo.closeSync(dlpFd);
}
}
}
```
## DLPSandboxInfo
Represents the DLP sandbox information.
**System API**: This is a system API.
**System capability**: SystemCapability.Security.DataLossPrevention
| Name| Type| Readable| Writable| Description|
| -------- | -------- | -------- | -------- | -------- |
| appIndex | number | Yes| No| Index of the DLP sandbox application.|
| tokenID | number | Yes| No| Token ID of the DLP sandbox application.|
## DLPSandboxState
DLP sandbox identity.
**System API**: This is a system API.
**System capability**: SystemCapability.Security.DataLossPrevention
| Name| Type| Readable| Writable| Description|
| -------- | -------- | -------- | -------- | -------- |
| bundleName | string | Yes| No| Bundle name of the application. The value contains 7 to 128 bytes.|
| appIndex | number | Yes| No| Index of the DLP sandbox application.|
## AccountType
Enumerates the types of authorized accounts.
**System API**: This is a system API.
**System capability**: SystemCapability.Security.DataLossPrevention
| Name| Value| Description|
| -------- | -------- | -------- |
| CLOUD_ACCOUNT | 1 | Cloud account.|
| DOMAIN_ACCOUNT | 2 | Domain account.|
## ActionType20+
Specifies the action to be performed when the file's permission expiration time is reached. The default value is **NOT_OPEN**.
**System API**: This is a system API.
**System capability**: SystemCapability.Security.DataLossPrevention
| Name| Value| Description|
| -------- | -------- | -------- |
| NOT_OPEN | 0 | Users are not allowed to open the DLP file when the file's permission expiration time is reached.|
| OPEN | 1 | Logged-in users are allowed to edit the DLP file when the file's permission expiration time is reached.|
## AuthUser
Represents the user authorization information.
**System API**: This is a system API.
**System capability**: SystemCapability.Security.DataLossPrevention
| Name| Type| Read Only| Mandatory| Description|
| -------- | -------- | -------- | -------- | -------- |
| authAccount | string | No| Yes| Account of the user who can access the DLP file. The value contains up to 255 bytes.|
| authAccountType | [AccountType](#accounttype) | No| Yes| Type of the account.|
| dlpFileAccess | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | No| Yes| Permission granted to the user.|
| permExpiryTime | number | No| Yes| Time when the authorization expires.|
## CustomProperty20+
Indicates custom properties.
**System API**: This is a system API.
**System capability**: SystemCapability.Security.DataLossPrevention
| Name| Type| Read Only| Optional| Description|
| -------- | -------- | -------- | -------- | -------- |
| enterprise | string | No| No| JSON string of enterprise custom properties. The length cannot exceed 4 MB.|
## DLPProperty
Represents the authorization information.
**System API**: This is a system API.
**System capability**: SystemCapability.Security.DataLossPrevention
| Name| Type| Read Only| Mandatory| Description|
| -------- | -------- | -------- | -------- | -------- |
| ownerAccount | string | No| Yes| Account of the owner who can set the permission. The value contains up to 255 bytes.|
| ownerAccountID | string | No| Yes| Account ID of the owner. The value contains up to 255 bytes.|
| ownerAccountType | [AccountType](#accounttype) | No| Yes| Account type of the owner.|
| authUserList | Array<[AuthUser](#authuser)> | No| No| List of users who are authorized to access the DLP file. By default, this parameter is left blank.|
| contactAccount | string | No| Yes| Indicates the account of a contact. The value contains up to 255 bytes.|
| offlineAccess | boolean | No| Yes| Whether the file can be accessed offline. **true**: yes; **false**: no.|
| everyoneAccessList | Array<[DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess)> | No| No| Permission granted to everyone. This parameter is left blank by default.|
| expireTime11+ | number | No| No| Timestamp when the file permission has expired. This parameter is left blank by default.|
| actionUponExpiry20+ | [ActionType](#actiontype20) | No| No| Whether the file can be opened after the permission expires (with the editing permission). This parameter is valid only when **expireTime** is not empty.|
## GatheringPolicyType
Enumerates the DLP sandbox gathering policy types. **GATHERING** allows the DLP files of the same permission type to be opened in a sandbox. For example, open different tab pages in a sandbox. **NON_GATHERING** allows different DLP files to be opened in different sandboxes.
**System capability**: SystemCapability.Security.DataLossPrevention
**System API**: This is a system API.
**Parameters**
| Name| Value| Description|
| -------- | -------- | -------- |
| GATHERING | 1 | Allows the DLP files of the same permission type to be opened in a sandbox. For example, the files of the same permission type can be opened in tab pages of a window.|
| NON_GATHERING | 2 | Allows the DLP files of different permission types to be opened in different sandboxes.|