# @ohos.enterprise.securityManager(安全管理)
本模块提供设备安全管理的能力,包括查询安全补丁状态、查询文件加密状态等。
> **说明:**
>
> 本模块首批接口从API version 12开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。
>
> 本模块接口仅可在Stage模型下使用。
>
> 本模块接口仅对设备管理应用开放,且调用接口前需激活设备管理应用,具体请参考[MDM Kit开发指南](../../mdm/mdm-kit-guide.md)。
## 导入模块
```ts
import { securityManager } from '@kit.MDMKit';
```
## securityManager.uninstallUserCertificate
uninstallUserCertificate(admin: Want, certUri: string): Promise<void>
卸载用户证书,使用Promise异步回调。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ------- | ------------------------------------------------------- | ---- | --------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| certUri | string | 是 | 证书uri,由安装用户证书接口[installUserCertificate](#securitymanagerinstallusercertificate)设置返回。 |
**返回值:**
| 类型 | 说明 |
| ------------------- | ------------------------------------------------------------ |
| Promise<void> | 无返回结果的Promise对象。当卸载用户证书失败时会抛出错误对象。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9201001 | Failed to manage the certificate. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
// 需根据实际情况进行替换
let aliasStr = "certName";
securityManager.uninstallUserCertificate(wantTemp, aliasStr).then(() => {
console.info(`Succeeded in uninstalling user certificate.`);
}).catch((err: BusinessError) => {
console.error(`Failed to uninstall user certificate. Code is ${err.code}, message is ${err.message}`);
});
```
## securityManager.installUserCertificate
installUserCertificate(admin: Want, certificate: CertBlob): Promise<string>
安装用户证书,使用Promise异步回调。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ----------- | ------------------------------------------------------- | ---- | -------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| certificate | [CertBlob](#certblob) | 是 | 证书信息。证书文件应放在应用沙箱路径等应用有权限访问的路径下。 |
**返回值:**
| 类型 | 说明 |
| --------------------- | ---------------------------------------------------- |
| Promise<string> | Promise对象,返回当前证书安装后的uri,用于卸载证书。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9201001 | Failed to manage the certificate. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { common, Want } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
let certFileArray: Uint8Array = new Uint8Array();
// 变量context需要在MainAbility的onCreate回调函数中进行初始化
// test.cer需要放置在rawfile目录下
// 请在组件内获取context,确保this.getUIContext().getHostContext()返回结果为UIAbilityContext
const context = this.getUIContext().getHostContext() as common.UIAbilityContext;
context.resourceManager.getRawFileContent("test.cer").then((value) => {
certFileArray = value;
securityManager.installUserCertificate(wantTemp, { inData: certFileArray, alias: "cert_alias_xts" })
.then((result) => {
console.info(`Succeeded in installing user certificate, result : ${JSON.stringify(result)}`);
}).catch((err: BusinessError) => {
console.error(`Failed to install user certificate. Code: ${err.code}, message: ${err.message}`);
})
}).catch((err: BusinessError) => {
console.error(`Failed to get raw file content. message: ${err.message}`);
return;
});
```
## securityManager.installUserCertificate18+
installUserCertificate(admin: Want, certificate: CertBlob, accountId: number): string
支持按系统账户安装用户证书。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ----------- | ------------------------------------------------------- | ---- | -------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| certificate | [CertBlob](#certblob) | 是 | 证书信息。证书文件应放在应用沙箱路径等应用有权限访问的路径下。 |
| accountId | number | 是 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 |
**返回值:**
| 类型 | 说明 |
| --------------------- | ---------------------------------------------------- |
| string | 返回当前证书安装后的uri,用于卸载证书。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9201001 | Failed to manage the certificate. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { common, Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
let certFileArray: Uint8Array = new Uint8Array();
let accountId: number = 100;
// 变量context需要在MainAbility的onCreate回调函数中进行初始化
// test.cer需要放置在rawfile目录下
// 请在组件内获取context,确保this.getUIContext().getHostContext()返回结果为UIAbilityContext
const context = this.getUIContext().getHostContext() as common.UIAbilityContext;
context.resourceManager.getRawFileContent("test.cer").then((value) => {
certFileArray = value;
try {
let result: string = securityManager.installUserCertificate(wantTemp, { inData: certFileArray, alias: "cert_alias_xts" }, accountId);
console.info(`Succeeded in installing user certificate. result: ${result}`);
} catch (err) {
console.error(`Failed to install user certificate. Code: ${err.code}, message: ${err.message}`);
}
});
```
## securityManager.getUserCertificates18+
getUserCertificates(admin: Want, accountId: number): Array<string>
获取指定系统账户下的用户证书信息。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ------ | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| accountId | number | 是 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 |
**返回值:**
| 类型 | 说明 |
| ------ | -------------------- |
| Array<string> | 返回在指定用户ID下安装的所有用户证书。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
// 需根据实际情况进行替换
let accountId: number = 100;
try {
let result: Array = securityManager.getUserCertificates(wantTemp, accountId);
console.info(`Succeeded in getting the uri list of user Certificates. result: ${JSON.stringify(result)}`);
} catch (err) {
console.error(`Failed to get the uri list of user Certificates. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.getSecurityStatus
getSecurityStatus(admin: Want, item: string): string
获取当前设备安全策略信息。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ------ | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| item | string | 是 | 安全策略名称。
- patch:设备安全补丁。
- encryption:设备文件系统加密。 |
**返回值:**
| 类型 | 说明 |
| ------ | -------------------- |
| string | 返回安全策略状态值。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
try {
let result: string = securityManager.getSecurityStatus(wantTemp, 'patch');
console.info(`Succeeded in getting security patch tag. tag: ${result}`);
} catch (err) {
console.error(`Failed to get security patch tag. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.setPasswordPolicy
setPasswordPolicy(admin: Want, policy: PasswordPolicy): void
设置设备口令策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| policy | [PasswordPolicy](#passwordpolicy) | 是 | 设备口令策略。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
let policy: securityManager.PasswordPolicy = {
complexityRegex: '^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[!@#$%^&*])[a-zA-Z\\d!@#$%^&*]{8,}$',
validityPeriod: 1,
additionalDescription: '至少八个字符,至少一个大写字母,一个小写字母,一个数字和一个特殊字符',
};
try {
securityManager.setPasswordPolicy(wantTemp, policy);
console.info(`Succeeded in setting password policy.`);
} catch(err) {
console.error(`Failed to set password policy. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.getPasswordPolicy
getPasswordPolicy(admin: Want): PasswordPolicy
获取设备口令策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
**返回值:**
| 类型 | 说明 |
| --------------------- | ------------------------- |
| [PasswordPolicy](#passwordpolicy) | 设备口令策略。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
try {
let result: securityManager.PasswordPolicy = securityManager.getPasswordPolicy(wantTemp);
console.info(`Succeeded in getting password policy, result : ${JSON.stringify(result)}`);
} catch(err) {
console.error(`Failed to get password policy. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.setAppClipboardPolicy
setAppClipboardPolicy(admin: Want, tokenId: number, policy: ClipboardPolicy): void
设置设备剪贴板策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| tokenId | number | 是 | 目标应用的身份标识。可通过[bundleManager.getApplicationInfo](../apis-ability-kit/js-apis-bundleManager-applicationInfo.md)获取accessTokenId。当前只支持最多100个tokenId被保存策略。 |
| policy | [ClipboardPolicy](#clipboardpolicy) | 是 | 剪贴板策略。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
// 需根据实际情况进行替换
let tokenId: number = 586874394;
try {
securityManager.setAppClipboardPolicy(wantTemp, tokenId, securityManager.ClipboardPolicy.IN_APP);
console.info(`Succeeded in setting clipboard policy.`);
} catch(err) {
console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.getAppClipboardPolicy
getAppClipboardPolicy(admin: Want, tokenId?: number): string
获取设备剪贴板策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| tokenId | number | 否 | 目标应用的身份标识。可通过[bundleManager.getApplicationInfo](../apis-ability-kit/js-apis-bundleManager-applicationInfo.md)获取accessTokenId。当前只支持最多100个tokenId被保存策略。 |
**返回值:**
| 类型 | 说明 |
| --------------------- | ------------------------- |
| string | 返回JSON字符串形式的设备剪贴板策略。|
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
// 需根据实际情况进行替换
let tokenId: number = 586874394;
try {
let result: string = securityManager.getAppClipboardPolicy(wantTemp, tokenId);
console.info(`Succeeded in getting password policy, result : ${result}`);
} catch(err) {
console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.setAppClipboardPolicy18+
setAppClipboardPolicy(admin: Want, bundleName: string, accountId: number, policy: ClipboardPolicy): void
设置指定用户下指定应用的设备剪贴板策略。当前只支持最多保存100个策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ------- | ------------------------------------------------------- | --- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| bundleName | string | 是 | 被设置剪贴板策略的应用包名。 |
| accountId | number | 是 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 |
| policy | [ClipboardPolicy](#clipboardpolicy) | 是 | 剪贴板策略。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
// 需根据实际情况进行替换
let bundleName: string = 'com.example.myapplication';
let accountId: number = 100;
try {
securityManager.setAppClipboardPolicy(wantTemp, bundleName, accountId, securityManager.ClipboardPolicy.IN_APP);
console.info(`Succeeded in setting clipboard policy.`);
} catch(err) {
console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.getAppClipboardPolicy18+
getAppClipboardPolicy(admin: Want, bundleName: string, accountId: number): string
获取指定用户下指定应用的设备剪贴板策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ------- | ------------------------------------------------------- | --- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| bundleName | string | 是 | 被设置剪贴板策略的应用包名。 |
| accountId | number | 是 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 |
**返回值:**
| 类型 | 说明 |
| ----------------------------------- | -------- |
| string | 返回JSON字符串形式的设备剪贴板策略。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
// 需根据实际情况进行替换
let bundleName: string = 'com.example.myapplication';
let accountId: number = 100;
try {
let result: string = securityManager.getAppClipboardPolicy(wantTemp, bundleName, accountId);
console.info(`Succeeded in getting password policy, result : ${result}`);
} catch(err) {
console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.setWatermarkImage14+
setWatermarkImage(admin: Want, bundleName: string, source: string | image.PixelMap, accountId: number): void
给指定用户设置水印策略。当前只支持最多保存100个策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| bundleName | string | 是 | 被设置水印的应用包名。 |
| source | string \| [image.PixelMap](../apis-image-kit/arkts-apis-image-PixelMap.md) | 是 | string表示图像路径,图像路径为应用沙箱路径等应用有权限访问的路径。
image.PixelMap表示图像对象,图像像素占用大小不能超过500KB。 |
| accountId | number | 是 | 用户ID。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
// 需根据实际情况进行替换
let bundleName: string = 'com.example.myapplication';
let source: string = '/data/storage/el1/base/test.png';
let accountId: number = 100;
try {
securityManager.setWatermarkImage(wantTemp, bundleName, source, accountId);
console.info(`Succeeded in setting set watermarkImage policy.`);
} catch(err) {
console.error(`Failed to set watermarkImage policy. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.cancelWatermarkImage14+
cancelWatermarkImage(admin: Want, bundleName: string, accountId: number): void
取消指定用户的水印策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_SECURITY
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| bundleName | string | 是 | 被取消水印的应用包名。 |
| accountId | number | 是 | 用户ID。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { securityManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
// 需根据实际情况进行替换
let bundleName: string = 'com.example.myapplication';
let accountId: number = 100;
try {
securityManager.cancelWatermarkImage(wantTemp, bundleName, accountId);
console.info(`Succeeded in setting cancel watermarkImage policy.`);
} catch(err) {
console.error(`Failed to cancel watermarkImage policy. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.setPermissionManagedState20+
setPermissionManagedState(admin: Want, applicationInstance: ApplicationInstance, permissions: Array\, managedState: PermissionManagedState): void
设置指定应用的[user_grant权限](../../security/AccessToken/permissions-for-all-user.md)的管理策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_USER_GRANT_PERMISSION
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| applicationInstance | [ApplicationInstance](#applicationinstance20) | 是 | 指定应用实例。 |
| permissions | Array<string> | 是 | 需要管理的权限名称列表,仅支持user_grant权限。 |
| managedState | [PermissionManagedState](#permissionmanagedstate20) | 是 | 应用权限的管理策略。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200010 | A conflict policy has been configured. |
| 9200012 | Parameter verification failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
import { securityManager } from '@kit.MDMKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
let appInstanceTemp: securityManager.ApplicationInstance = {
// 需根据实际情况进行替换
appIdentifier: '736498586',
appIndex: 0,
accountId: 100
};
let permissionsTemp: Array = ['ohos.permission.CAMERA', 'ohos.permission.LOCATION'];
try {
securityManager.setPermissionManagedState(wantTemp, appInstanceTemp, permissionsTemp, securityManager.PermissionManagedState.GRANTED);
console.info('Succeeded in setting permission managed state.');
} catch(err) {
console.error(`Failed to set permission managed state. Code: ${err.code}, message: ${err.message}`);
}
```
## securityManager.getPermissionManagedState20+
getPermissionManagedState(admin: Want, applicationInstance: ApplicationInstance, permission: string): PermissionManagedState
获取指定应用的指定[user_grant权限](../../security/AccessToken/permissions-for-all-user.md)的管理策略。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_USER_GRANT_PERMISSION
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------- | ---- | ------------------------------- |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 企业设备管理扩展组件。 |
| applicationInstance | [ApplicationInstance](#applicationinstance20) | 是 | 指定应用实例。 |
| permission | string | 是 | 需要获取管理策略的权限名称,仅支持user_grant权限。 |
**返回值:**
| 类型 | 说明 |
| --------------------- | ------------------------- |
| [PermissionManagedState](#permissionmanagedstate20) | 应用权限的管理策略。|
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| ------- | ---------------------------------------------------------------------------- |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200012 | Parameter verification failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
import { securityManager } from '@kit.MDMKit';
let wantTemp: Want = {
// 需根据实际情况进行替换
bundleName: 'com.example.myapplication',
abilityName: 'EntryAbility'
};
let appInstanceTemp: securityManager.ApplicationInstance = {
// 需根据实际情况进行替换
appIdentifier: '736498586',
appIndex: 0,
accountId: 100
};
let permissionTemp: string = 'ohos.permission.ENTERPRISE_MANAGE_USER_GRANT_PERMISSION';
try {
let result: securityManager.PermissionManagedState = securityManager.getPermissionManagedState(wantTemp, appInstanceTemp, permissionTemp);
console.info(`Succeeded in getting permission managed state, result : ${result}`);
} catch(err) {
console.error(`Failed to get permission managed state. Code: ${err.code}, message: ${err.message}`);
}
```
## CertBlob
证书信息。
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
| 名称 | 类型 | 只读 | 可选 | 说明 |
| ------ | ---------- | ---- | ---- | ------------------ |
| inData | Uint8Array | 否 | 否 |证书的二进制内容。 |
| alias | string | 否 | 否 |证书别名。 |
## PasswordPolicy
设备口令策略。
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
| 名称 | 类型 | 只读 | 可选 | 说明 |
| ----------- | --------| ---- | ---- | --------------------------- |
| complexityRegex | string | 否 | 是 | 口令复杂度正则表达式。 |
| validityPeriod | number | 否 | 是 | 密码有效期(单位:毫秒)。 |
| additionalDescription | string | 否 | 是 | 描述文本。 |
## ClipboardPolicy
设备剪贴板策略。
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
| 名称 | 值 | 说明 |
| ----------- | -------- | ------------------------------- |
| DEFAULT | 0 | 默认,表示无策略。 |
| IN_APP | 1 | 剪贴板可在同一应用使用。 |
| LOCAL_DEVICE | 2 | 剪贴板可在同一设备使用。 |
| CROSS_DEVICE | 3 | 剪贴板可跨设备使用。 |
## ApplicationInstance20+
应用实例。
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
| 名称 | 类型 | 只读 | 可选 | 说明 |
| ----------- | --------| ---- | ---- | --------------------------- |
| appIdentifier | string | 否 | 否 | 应用[唯一标识符](../apis-ability-kit/js-apis-bundleManager-bundleInfo.md#signatureinfo),如果应用没有appIdentifier可使用appId代替,可以通过接口[bundleManager.getBundleInfo](../apis-ability-kit/js-apis-bundleManager.md#bundlemanagergetbundleinfo14-2)获取bundleInfo.signatureInfo.appIdentifier和bundleInfo.signatureInfo.appId。|
| accountId | number | 否 | 否 | 用户ID,指定具体用户,取值范围:大于等于0。accountId可以通过@ohos.account.osAccount中的[getOsAccountLocalId](../apis-basic-services-kit/js-apis-osAccount.md#getosaccountlocalid9-1)等接口来获取。 |
| appIndex | number | 否 | 否 | 表示分身应用的索引,默认值为0。
appIndex为0时,表示主应用。appIndex大于0时,表示指定的分身应用。 |
## PermissionManagedState20+
应用权限的管理状态。
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**模型约束:** 此接口仅可在Stage模型下使用。
| 名称 | 值 | 说明 |
| ----------- | -------- | ------------------------------- |
| DEFAULT | 1 | 默认由用户授予。 |
| GRANTED | 0 | 已静默授予。 |
| DENIED | -1 | 已静默拒绝。 |