# @ohos.enterprise.usbManager (USB Management) The **usbManager** module provides APIs for USB management. > **NOTE** > > - The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version. > > - The APIs of this module can be used only in the stage model. > > - The APIs of this module can be called only by a device administrator application that is enabled. For details, see [MDM Kit Development](../../mdm/mdm-kit-guide.md). > > - The global restriction policy is provided by **restrictions**. To disable USB globally, see [@ohos.enterprise.restrictions (restriction policy)](js-apis-enterprise-restrictions.md). ## Modules to Import ```ts import { usbManager } from '@kit.MDMKit'; ``` ## usbManager.addAllowedUsbDevices addAllowedUsbDevices(admin: Want, usbDeviceIds: Array\): void Adds allowed USB devices. A policy conflict is reported when this API is called in the following scenarios: 1. The USB capability of the device has been disabled using the [setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy) API. 2. The USB storage device access policy has been disabled using the [setUsbStorageDeviceAccessPolicy](#usbmanagersetusbstoragedeviceaccesspolicy) API. 3. Disallowed USB device types have been added using the [addDisallowedUsbDevices](#usbmanageradddisallowedusbdevices14) API. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_USB **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Parameters** | Name | Type | Mandatory| Description | | ------------ | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility. | | usbDeviceIds | Array<[UsbDeviceId](#usbdeviceid)> | Yes | USB device IDs, which can be obtained through [getDevices](../apis-basic-services-kit/js-apis-usbManager.md#usbmanagergetdevices). This array can hold a maximum of 1000 USB device IDs.| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 9200010 | A conflict policy has been configured. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let usbDeviceIds: Array = [{ vendorId: 1, productId: 1 }]; usbManager.addAllowedUsbDevices(wantTemp, usbDeviceIds); console.info(`Succeeded in adding allowed USB devices.`); } catch (err) { console.error(`Failed to add allowed USB devices. Code: ${err.code}, message: ${err.message}`); } ``` ## usbManager.removeAllowedUsbDevices removeAllowedUsbDevices(admin: Want, usbDeviceIds: Array\): void Removes allowed USB devices. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_USB **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Parameters** | Name | Type | Mandatory| Description | | ------------ | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility. | | usbDeviceIds | Array<[UsbDeviceId](#usbdeviceid)> | Yes | USB device IDs, which can be obtained through [getDevices](../apis-basic-services-kit/js-apis-usbManager.md#usbmanagergetdevices).| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let usbDeviceIds: Array = [{ vendorId: 1, productId: 1 }]; usbManager.removeAllowedUsbDevices(wantTemp, usbDeviceIds); console.info(`Succeeded in removing allowed USB devices.`); } catch (err) { console.error(`Failed to remove allowed USB devices. Code: ${err.code}, message: ${err.message}`); } ``` ## usbManager.getAllowedUsbDevices getAllowedUsbDevices(admin: Want): Array\ Obtains allowed USB devices. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_USB **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Parameters** | Name| Type | Mandatory| Description | | ------ | ------------------------------------------------------- | ---- | -------------------------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| **Return value** | Type | Description | | ---------------------------------- | ------------------------- | | Array<[UsbDeviceId](#usbdeviceid)> | Allowed USB devices obtained.| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let result: Array = usbManager.getAllowedUsbDevices(wantTemp); console.info(`Succeeded in getting allowed USB devices. Result: ${JSON.stringify(result)}`); } catch (err) { console.error(`Failed to get allowed USB devices. Code: ${err.code}, message: ${err.message}`); } ``` ## usbManager.setUsbStorageDeviceAccessPolicy setUsbStorageDeviceAccessPolicy(admin: Want, usbPolicy: UsbPolicy): void Sets the access policy of the USB storage device. A policy conflict occurs when you set the USB storage device access policy to read, write, or read-only in the following scenarios: 1. The USB capability of the device has been disabled using the [setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy) API. 2. A USB storage device has been disallowed to use through [addDisallowedUsbDevices](#usbmanageradddisallowedusbdevices14). A policy conflict is reported if the USB storage device access policy is disabled by calling this API in the following scenarios: 1. The USB capability of the device has been disabled using the [setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy) API. 2. The available USB devices have been added through [addAllowedUsbDevices](#usbmanageraddallowedusbdevices). You can disable a USB storage device by calling this API or [addDisallowedUsbDevices](#usbmanageradddisallowedusbdevices14). The latter is recommended. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_USB **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------------------------------- | ---- | -------------------------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| | usbPolicy | [UsbPolicy](#usbpolicy) | Yes | Access policy of the USB storage device. | **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 9200010 | A conflict policy has been configured. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let policy: usbManager.UsbPolicy = usbManager.UsbPolicy.DISABLED; usbManager.setUsbStorageDeviceAccessPolicy(wantTemp, policy); console.info(`Succeeded in setting USB storage device access policy.`); } catch (err) { console.error(`Failed to set USB storage device access policy. Code: ${err.code}, message: ${err.message}`); } ``` ## usbManager.getUsbStorageDeviceAccessPolicy getUsbStorageDeviceAccessPolicy(admin: Want): UsbPolicy Obtains the access policy of the USB storage device. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_USB **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Parameters** | Name| Type | Mandatory| Description | | ------ | ------------------------------------------------------- | ---- | -------------------------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| **Return value** | Type | Description | | ----------------------- | --------------------- | | [UsbPolicy](#usbpolicy) | Access policy of the USB storage device.| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let result: usbManager.UsbPolicy = usbManager.getUsbStorageDeviceAccessPolicy(wantTemp); console.info(`Succeeded in getting USB storage device access policy. Result: ${JSON.stringify(result)}`); } catch (err) { console.error(`Failed to get USB storage device access policy. Code: ${err.code}, message: ${err.message}`); } ``` ## usbManager.addDisallowedUsbDevices14+ addDisallowedUsbDevices(admin: Want, usbDevices: Array\): void Adds disallowed USB device types. A policy conflict is reported when this API is called in the following scenarios: 1. The USB capability of the device has been disabled using the [setDisallowedPolicy](js-apis-enterprise-restrictions.md#restrictionssetdisallowedpolicy) API. 2. The available USB devices have been added through [addAllowedUsbDevices](#usbmanageraddallowedusbdevices). **Required permission**: ohos.permission.ENTERPRISE_MANAGE_USB **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Parameters** | Name | Type | Mandatory| Description | | ---------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility. | | usbDevices | Array<[UsbDeviceType](#usbdevicetype14)> | Yes | Array of the USB devices to be added, which can be obtained through [getDevices](../apis-basic-services-kit/js-apis-usbManager.md#usbmanagergetdevices). This array can hold a maximum of 200 USB device IDs.| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 9200010 | A conflict policy has been configured. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let usbDevices: Array = [{ baseClass: 8, subClass: 0, protocol: 0, descriptor: usbManager.Descriptor.INTERFACE }]; usbManager.addDisallowedUsbDevices(wantTemp, usbDevices); console.info(`Succeeded in adding disallowed USB devices.`); } catch (err) { console.error(`Failed to add disallowed USB devices. Code: ${err.code}, message: ${err.message}`); } ``` ## usbManager.removeDisallowedUsbDevices14+ removeDisallowedUsbDevices(admin: Want, usbDevices: Array\): void Removes the disallowed USB device types. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_USB **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Parameters** | Name | Type | Mandatory| Description | | ---------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility. | | usbDevices | Array<[UsbDeviceType](#usbdevicetype14)> | Yes | Array of the USB devices to be removed, which can be obtained through [getDevices](../apis-basic-services-kit/js-apis-usbManager.md#usbmanagergetdevices).| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let usbDevices: Array = [{ baseClass: 8, subClass: 0, protocol: 0, descriptor: usbManager.Descriptor.INTERFACE }]; usbManager.removeDisallowedUsbDevices(wantTemp, usbDevices); console.info(`Succeeded in removing disallowed USB devices.`); } catch (err) { console.error(`Failed to remove disallowed USB devices. Code: ${err.code}, message: ${err.message}`); } ``` ## usbManager.getDisallowedUsbDevices14+ getDisallowedUsbDevices(admin: Want): Array\ Obtains the disallowed USB device types. **Required permission**: ohos.permission.ENTERPRISE_MANAGE_USB **System capability**: SystemCapability.Customization.EnterpriseDeviceManager **Parameters** | Name| Type | Mandatory| Description | | ------ | ------------------------------------------------------- | ---- | -------------------------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | EnterpriseAdminExtensionAbility.| **Return value** | Type | Description | | ---------------------------------------- | ----------------------- | | Array<[UsbDeviceType](#usbdevicetype14)> | Disallowed USB device types obtained.| **Error codes** For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). | ID| Error Message | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **Example** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let result: Array = usbManager.getDisallowedUsbDevices(wantTemp); console.info(`Succeeded in getting disallowed USB devices. Result: ${JSON.stringify(result)}`); } catch (err) { console.error(`Failed to get disallowed USB devices. Code: ${err.code}, message: ${err.message}`); } ``` ## UsbDeviceId Represents the USB device identity information. **System capability**: SystemCapability.Customization.EnterpriseDeviceManager | Name | Type | Read-Only| Optional| Description | | --------- | ------ | ---- | ---- | -------- | | vendorId | number | No | No| Vendor ID.| | productId | number | No | No| Product ID.| ## UsbDeviceType14+ Represents the USB device type information. For details about the ID, see [defined-class-codes](https://www.usb.org/defined-class-codes). **System capability**: SystemCapability.Customization.EnterpriseDeviceManager | Name | Type | Read-Only| Optional| Description | | ---------- | --------------------------- | ---- | ---- | ------------------------------------------------------------ | | baseClass | number | No | No| Type ID, which can be obtained through [getDevices](../apis-basic-services-kit/js-apis-usbManager.md#usbmanagergetdevices). If the value of descriptor is **DEVICE**, obtain the **USBDevice.clazz** field. If the value of descriptor is **INTERFACE**, obtain the **USBDevice.configs.interfaces.clazz** field.| | subClass | number | No | No| Subtype ID, which can be obtained through [getDevices](../apis-basic-services-kit/js-apis-usbManager.md#usbmanagergetdevices). If the value of descriptor is **DEVICE**, obtain the **USBDevice.subClass** field. If the value of descriptor is **INTERFACE**, obtain the **USBDevice.configs.interfaces.subClass** field.| | protocol | number | No | No| Protocol ID, which can be obtained through [getDevices](../apis-basic-services-kit/js-apis-usbManager.md#usbmanagergetdevices). If the value of descriptor is **DEVICE**, obtain the **USBDevice.protocol** field. If the value of descriptor is **INTERFACE**, obtain the **USBDevice.configs.interfaces.protocol** field.| | descriptor | [Descriptor](#descriptor14) | No | No| USB descriptor. Obtain the value of Descriptor Usage corresponding to **baseClass** as the input parameter based on [defined-class-codes](https://www.usb.org/defined-class-codes). If the value of Descriptor Usage is set to **Both**, **DEVICE** is input for disallowed devices, and **INTERFACE** is input for disallowed interfaces.| ## UsbPolicy Enumerates the USB access policies. **System capability**: SystemCapability.Customization.EnterpriseDeviceManager | Name | Value | Description | | ---------- | ---- | ---------- | | READ_WRITE | 0 | Read and write.| | READ_ONLY | 1 | Read only. | | DISABLED | 2 | Disabled. | ## Descriptor14+ Enumerates USB descriptors. **System capability**: SystemCapability.Customization.EnterpriseDeviceManager | Name | Value | Description | | --------- | ---- | ------------ | | INTERFACE | 0 | Interface descriptor.| | DEVICE | 1 | Device descriptor.|