1# @ohos.dlpPermission (DLP) (System API) 2<!--Kit: Data Protection Kit--> 3<!--Subsystem: Security--> 4<!--Owner: @winnieHuYu--> 5<!--SE: @lucky-jinduo--> 6<!--TSE: @nacyli--> 7 8Data loss prevention (DLP) is a system solution provided to prevent data disclosure. The **dlpPermission** module provides APIs for cross-device file access management, encrypted storage, and access authorization. 9 10> **NOTE** 11> 12> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version. 13> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.dlpPermission](js-apis-dlppermission.md). 14 15## Modules to Import 16 17```ts 18import { dlpPermission } from '@kit.DataProtectionKit'; 19``` 20 21## dlpPermission.getDLPGatheringPolicy 22 23getDLPGatheringPolicy(): Promise<GatheringPolicyType> 24 25Obtains the DLP sandbox gathering policy. This API uses a promise to return the result. 26 27**System API**: This is a system API. 28 29**Required permissions**: ohos.permission.ACCESS_DLP_FILE 30 31**System capability**: SystemCapability.Security.DataLossPrevention 32 33**Return value** 34 35| Type| Description| 36| -------- | -------- | 37| Promise<[GatheringPolicyType](#gatheringpolicytype)> | Promise used to return the DLP sandbox gathering policy obtained.| 38 39**Error codes** 40 41For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 42 43| ID| Error Message| 44| -------- | -------- | 45| 201 | Permission denied. | 46| 202 | Non-system applications use system APIs. | 47| 19100001 | Invalid parameter value. | 48| 19100011 | The system ability works abnormally. | 49 50**Example** 51 52```ts 53import { dlpPermission } from '@kit.DataProtectionKit'; 54import { BusinessError } from '@kit.BasicServicesKit'; 55 56try { 57 let res: dlpPermission.GatheringPolicyType = await dlpPermission.getDLPGatheringPolicy(); // Obtain the sandbox gathering policy. 58 console.info('res', JSON.stringify(res)); 59} catch (err) { 60 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 61} 62``` 63 64## dlpPermission.getDLPGatheringPolicy 65 66getDLPGatheringPolicy(callback: AsyncCallback<GatheringPolicyType>): void 67 68Obtains the DLP sandbox gathering policy. This API uses an asynchronous callback to return the result. 69 70**System API**: This is a system API. 71 72**Required permissions**: ohos.permission.ACCESS_DLP_FILE 73 74**System capability**: SystemCapability.Security.DataLossPrevention 75 76**Parameters** 77 78| Name| Type| Mandatory| Description| 79| -------- | -------- | -------- | -------- | 80| callback | AsyncCallback<[GatheringPolicyType](#gatheringpolicytype)> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 81 82**Error codes** 83 84For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 85 86| ID| Error Message| 87| -------- | -------- | 88| 201 | Permission denied. | 89| 202 | Non-system applications use system APIs. | 90| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 91| 19100001 | Invalid parameter value. | 92| 19100011 | The system ability works abnormally. | 93 94**Example** 95 96```ts 97import { dlpPermission } from '@kit.DataProtectionKit'; 98import { BusinessError } from '@kit.BasicServicesKit'; 99 100try { 101 dlpPermission.getDLPGatheringPolicy((err, res) => { 102 if (err !== undefined) { 103 console.error('getDLPGatheringPolicy error,', err.code, err.message); 104 } else { 105 console.info('res', JSON.stringify(res)); 106 } 107 }); // Obtain the sandbox gathering policy. 108} catch (err) { 109 console.error('getDLPGatheringPolicy error,', (err as BusinessError).code, (err as BusinessError).message); 110} 111``` 112 113## dlpPermission.installDLPSandbox 114 115installDLPSandbox(bundleName: string, access: DLPFileAccess, userId: number, uri: string): Promise<DLPSandboxInfo> 116 117Installs a DLP sandbox application for an application. This API uses a promise to return the sandbox application installed. 118 119**System API**: This is a system API. 120 121**Required permissions**: ohos.permission.ACCESS_DLP_FILE 122 123**System capability**: SystemCapability.Security.DataLossPrevention 124 125**Parameters** 126 127| Name| Type| Mandatory| Description| 128| -------- | -------- | -------- | -------- | 129| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.| 130| access | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | Yes| Permission on the DLP file.| 131| userId | number | Yes| Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**.| 132| uri | string | Yes| URI of the DLP file. The value contains up to 4095 bytes.| 133 134**Return value** 135 136| Type| Description| 137| -------- | -------- | 138| Promise<[DLPSandboxInfo](#dlpsandboxinfo)> | Promise used to return the information about the sandbox application installed.| 139 140**Error codes** 141 142For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 143 144| ID| Error Message| 145| -------- | -------- | 146| 201 | Permission denied. | 147| 202 | Non-system applications use system APIs. | 148| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 149| 19100001 | Invalid parameter value. | 150| 19100011 | The system ability works abnormally. | 151 152**Example** 153 154```ts 155import { dlpPermission } from '@kit.DataProtectionKit'; 156import { BusinessError } from '@kit.BasicServicesKit'; 157 158try { 159 let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 160 let res: dlpPermission.DLPSandboxInfo = await dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri); // Install a DLP sandbox application. 161 console.info('res', JSON.stringify(res)); 162} catch (err) { 163 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 164} 165``` 166 167## dlpPermission.installDLPSandbox 168 169installDLPSandbox(bundleName: string, access: DLPFileAccess, userId: number, uri:string, callback: AsyncCallback<DLPSandboxInfo>): void 170 171Installs a DLP sandbox application for an application. This API uses an asynchronous callback to return the index of the sandbox application installed. 172 173**System API**: This is a system API. 174 175**Required permissions**: ohos.permission.ACCESS_DLP_FILE 176 177**System capability**: SystemCapability.Security.DataLossPrevention 178 179**Parameters** 180 181| Name| Type| Mandatory| Description| 182| -------- | -------- | -------- | -------- | 183| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.| 184| access | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | Yes| Permission on the DLP file.| 185| userId | number | Yes| Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**.| 186| uri | string | Yes| URI of the DLP file. The value contains up to 4095 bytes.| 187| callback | AsyncCallback<[DLPSandboxInfo](#dlpsandboxinfo)> | Yes| Callback used to return the information about the sandbox application installed.| 188 189**Error codes** 190 191For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 192 193| ID| Error Message| 194| -------- | -------- | 195| 201 | Permission denied. | 196| 202 | Non-system applications use system APIs. | 197| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 198| 19100001 | Invalid parameter value. | 199| 19100011 | The system ability works abnormally. | 200 201**Example** 202 203```ts 204import { dlpPermission } from '@kit.DataProtectionKit'; 205import { BusinessError } from '@kit.BasicServicesKit'; 206 207let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 208try { 209 dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri, (err, res) => { 210 if (err !== undefined) { 211 console.error('installDLPSandbox error,', err.code, err.message); 212 } else { 213 console.info('res', JSON.stringify(res)); 214 } 215 }); // Install a DLP sandbox application. 216} catch (err) { 217 console.error('installDLPSandbox error,', (err as BusinessError).code, (err as BusinessError).message); 218} 219``` 220 221## dlpPermission.uninstallDLPSandbox 222 223uninstallDLPSandbox(bundleName: string, userId: number, appIndex: number): Promise<void> 224 225Uninstalls a DLP sandbox application for an application. This API uses a promise to return the result. 226 227**System API**: This is a system API. 228 229**Required permissions**: ohos.permission.ACCESS_DLP_FILE 230 231**System capability**: SystemCapability.Security.DataLossPrevention 232 233**Parameters** 234 235| Name| Type| Mandatory| Description| 236| -------- | -------- | -------- | -------- | 237| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.| 238| userId | number | Yes| Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**.| 239| appIndex | number | Yes| DLP sandbox index.| 240 241**Return value** 242 243| Type| Description| 244| -------- | -------- | 245| Promise<void> | Promise that returns no value.| 246 247**Error codes** 248 249For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 250 251| ID| Error Message| 252| -------- | -------- | 253| 201 | Permission denied. | 254| 202 | Non-system applications use system APIs. | 255| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 256| 19100001 | Invalid parameter value. | 257| 19100011 | The system ability works abnormally. | 258 259**Example** 260 261```ts 262import { dlpPermission } from '@kit.DataProtectionKit'; 263import { BusinessError } from '@kit.BasicServicesKit'; 264 265let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 266try { 267 let res = await dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri); 268 console.info('res', JSON.stringify(res)); 269 await dlpPermission.uninstallDLPSandbox('com.ohos.note', 100, res.appIndex); // UnInstall a DLP sandbox application. 270} catch (err) { 271 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 272} 273``` 274 275## dlpPermission.uninstallDLPSandbox 276 277uninstallDLPSandbox(bundleName: string, userId: number, appIndex: number, callback: AsyncCallback<void>): void 278 279Uninstalls a DLP sandbox application for an application. This API uses an asynchronous callback to return the result. 280 281**System API**: This is a system API. 282 283**Required permissions**: ohos.permission.ACCESS_DLP_FILE 284 285**System capability**: SystemCapability.Security.DataLossPrevention 286 287**Parameters** 288 289| Name| Type| Mandatory| Description| 290| -------- | -------- | -------- | -------- | 291| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.| 292| userId | number | Yes| Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**.| 293| appIndex | number | Yes| DLP sandbox index, which is the value returned after **installDLPSandbox** is successfully called.| 294| callback | AsyncCallback<void> | Yes| Callback used to return the uninstallation result.| 295 296**Error codes** 297 298For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 299 300| ID| Error Message| 301| -------- | -------- | 302| 201 | Permission denied. | 303| 202 | Non-system applications use system APIs. | 304| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 305| 19100001 | Invalid parameter value. | 306| 19100011 | The system ability works abnormally. | 307 308**Example** 309 310```ts 311import { dlpPermission } from '@kit.DataProtectionKit'; 312import { BusinessError } from '@kit.BasicServicesKit'; 313 314let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 315try { 316 let res = await dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri) // Install a DLP sandbox application. 317 console.info('res', JSON.stringify(res)); 318 dlpPermission.uninstallDLPSandbox('com.ohos.note', 100, res.appIndex, (err, res) => { 319 if (err !== undefined) { 320 console.error('uninstallDLPSandbox error,', err.code, err.message); 321 } else { 322 console.info('res', JSON.stringify(res)); 323 } 324 }); 325} catch (err) { 326 console.error('uninstallDLPSandbox error,', (err as BusinessError).code, (err as BusinessError).message); 327} 328``` 329 330## dlpPermission.on('uninstallDLPSandbox') 331 332on(type: 'uninstallDLPSandbox', listener: Callback<DLPSandboxState>): void 333 334Subscribes to a DLP sandbox uninstall event. 335 336**System API**: This is a system API. 337 338**Required permissions**: ohos.permission.ACCESS_DLP_FILE 339 340**System capability**: SystemCapability.Security.DataLossPrevention 341 342**Parameters** 343| Name| Type| Mandatory| Description| 344| -------- | -------- | -------- | -------- | 345| type | 'uninstallDLPSandbox' | Yes| Event type. It has a fixed value of **uninstallDLPSandbox**, which indicates the DLP sandbox application uninstall event.| 346| listener | Callback<[DLPSandboxState](#dlpsandboxstate)> | Yes| Callback used when a sandbox application is uninstalled.| 347 348**Error codes** 349 350For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 351 352| ID| Error Message| 353| -------- | -------- | 354| 201 | Permission denied. | 355| 202 | Non-system applications use system APIs. | 356| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 357| 19100001 | Invalid parameter value. | 358| 19100011 | The system ability works abnormally. | 359 360**Example** 361 362```ts 363import { dlpPermission } from '@kit.DataProtectionKit'; 364import { BusinessError } from '@kit.BasicServicesKit'; 365 366try { 367 dlpPermission.on('uninstallDLPSandbox', (info: dlpPermission.DLPSandboxState) => { 368 console.info('uninstallDLPSandbox event', info.appIndex, info.bundleName) 369 }); // Subscribe to the DLP sandbox application uninstall event. 370} catch (err) { 371 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 372} 373``` 374 375## dlpPermission.off('uninstallDLPSandbox') 376 377off(type: 'uninstallDLPSandbox', listener?: Callback<DLPSandboxState>): void 378 379Unsubscribes from the DLP sandbox uninstall event. 380 381**System API**: This is a system API. 382 383**Required permissions**: ohos.permission.ACCESS_DLP_FILE 384 385**System capability**: SystemCapability.Security.DataLossPrevention 386 387**Parameters** 388| Name| Type| Mandatory| Description| 389| -------- | -------- | -------- | -------- | 390| type | 'uninstallDLPSandbox' | Yes| Event type. It has a fixed value of **uninstallDLPSandbox**, which indicates the DLP sandbox application uninstall event.| 391| listener | Callback<[DLPSandboxState](#dlpsandboxstate)> | No| Callback used when a sandbox application is uninstalled. By default, this parameter is left blank, which unregisters all callbacks for the sandbox uninstall event.| 392 393**Error codes** 394 395For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 396 397| ID| Error Message| 398| -------- | -------- | 399| 201 | Permission denied. | 400| 202 | Non-system applications use system APIs. | 401| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 402| 19100001 | Invalid parameter value. | 403| 19100011 | The system ability works abnormally. | 404 405**Example** 406 407```ts 408import { dlpPermission } from '@kit.DataProtectionKit'; 409import { BusinessError } from '@kit.BasicServicesKit'; 410 411try { 412 dlpPermission.off('uninstallDLPSandbox', (info: dlpPermission.DLPSandboxState) => { 413 console.info('uninstallDLPSandbox event', info.appIndex, info.bundleName) 414 }); // Unsubscribe from the DLP sandbox application uninstall event. 415} catch (err) { 416 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 417} 418``` 419 420## DLPFile 421 422Provides APIs for managing DLP files. A **DLPFile** instance indicates a DLP file object. You can use [generateDLPFile](#dlppermissiongeneratedlpfile) or [openDLPFile](#dlppermissionopendlpfile11) to obtain a **DLPFile** instance. 423 424### Attributes 425 426**System API**: This is a system API. 427 428**System capability**: SystemCapability.Security.DataLossPrevention 429 430| Name| Type| Read Only| Mandatory| Description| 431| -------- | -------- | -------- | -------- | -------- | 432| dlpProperty | [DLPProperty](#dlpproperty) | No| Yes| Authorized user information.| 433 434### addDLPLinkFile 435 436addDLPLinkFile(linkFileName: string): Promise<void> 437 438Adds a link file to the Filesystem in Userspace (FUSE). The link file is a virtual file mapped to the ciphertext in the FUSE. The read and write operations on the link file will be synchronized to the DLP file. This API uses a promise to return the result. 439 440**System API**: This is a system API. 441 442**Required permissions**: ohos.permission.ACCESS_DLP_FILE 443 444**System capability**: SystemCapability.Security.DataLossPrevention 445 446**Parameters** 447 448| Name| Type| Mandatory| Description| 449| -------- | -------- | -------- | -------- | 450| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.| 451 452**Return value** 453 454| Type| Description| 455| -------- | -------- | 456| Promise<void> | Promise that returns no value.| 457 458**Error codes** 459 460For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 461 462| ID| Error Message| 463| -------- | -------- | 464| 201 | Permission denied. | 465| 202 | Non-system applications use system APIs. | 466| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 467| 19100001 | Invalid parameter value. | 468| 19100009 | Failed to operate the DLP file. | 469| 19100011 | The system ability works abnormally. | 470 471**Example** 472 473```ts 474import { dlpPermission } from '@kit.DataProtectionKit'; 475import { fileIo } from '@kit.CoreFileKit'; 476import { bundleManager } from '@kit.AbilityKit'; 477import { BusinessError } from '@kit.BasicServicesKit'; 478 479let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 480let file: number | undefined = undefined; 481let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 482let appId = ''; 483let bundleName = 'com.ohos.note'; 484let userId = 100; 485let dlpFile: dlpPermission.DLPFile | undefined = undefined; 486 487try{ 488 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 489 appId = data.signatureInfo.appId; 490} catch (err) { 491 console.error('error', err.code, err.message); 492} 493 494try { 495 file = fileIo.openSync(uri).fd; 496 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 497 await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 498} catch (err) { 499 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 500} finally { 501 dlpFile?.closeDLPFile(); // Close the DLP object. 502 if (file) { 503 fileIo.closeSync(file); 504 } 505} 506} 507``` 508 509### addDLPLinkFile 510 511addDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void 512 513Adds a link file to the FUSE. This API uses an asynchronous callback to return the result. 514 515**System API**: This is a system API. 516 517**Required permissions**: ohos.permission.ACCESS_DLP_FILE 518 519**System capability**: SystemCapability.Security.DataLossPrevention 520 521**Parameters** 522 523| Name| Type| Mandatory| Description| 524| -------- | -------- | -------- | -------- | 525| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.| 526| callback | AsyncCallback<void> | Yes| Callback used to return the result.| 527 528**Error codes** 529 530For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 531 532| ID| Error Message| 533| -------- | -------- | 534| 201 | Permission denied. | 535| 202 | Non-system applications use system APIs. | 536| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 537| 19100001 | Invalid parameter value. | 538| 19100009 | Failed to operate the DLP file. | 539| 19100011 | The system ability works abnormally. | 540 541**Example** 542 543```ts 544import { dlpPermission } from '@kit.DataProtectionKit'; 545import { fileIo } from '@kit.CoreFileKit'; 546import { bundleManager } from '@kit.AbilityKit'; 547import { BusinessError } from '@kit.BasicServicesKit'; 548 549let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 550let file: number | undefined = undefined; 551let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 552let appId = ''; 553let bundleName = 'com.ohos.note'; 554let userId = 100; 555let dlpFile: dlpPermission.DLPFile | undefined = undefined; 556 557try{ 558 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 559 appId = data.signatureInfo.appId; 560} catch (err) { 561 console.error('error', err.code, err.message); 562} 563 564try { 565 file = fileIo.openSync(uri).fd; 566 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 567 dlpFile.addDLPLinkFile('test.txt.dlp.link', async (err, res) => { 568 if (err !== undefined) { 569 console.error('addDLPLinkFile error,', err.code, err.message); 570 } else { 571 console.info('res', JSON.stringify(res)); 572 } 573 await dlpFile?.closeDLPFile(); // Close the DLP object. 574 fileIo.closeSync(file); 575 }); 576} catch (err) { 577 console.error('addDLPLinkFile error,', (err as BusinessError).code, (err as BusinessError).message); 578 await dlpFile?.closeDLPFile(); // Close the DLP object. 579 if (file) { 580 fileIo.closeSync(file); 581 } 582} 583} 584``` 585 586### stopFuseLink 587 588stopFuseLink(): Promise<void> 589 590Stops the read and write on the FUSE. This API uses a promise to return the result. 591 592**System API**: This is a system API. 593 594**Required permissions**: ohos.permission.ACCESS_DLP_FILE 595 596**System capability**: SystemCapability.Security.DataLossPrevention 597 598**Return value** 599 600| Type| Description| 601| -------- | -------- | 602| Promise<void> | Promise that returns no value.| 603 604**Error codes** 605 606For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 607 608| ID| Error Message| 609| -------- | -------- | 610| 201 | Permission denied. | 611| 202 | Non-system applications use system APIs. | 612| 19100001 | Invalid parameter value. | 613| 19100009 | Failed to operate the DLP file. | 614| 19100011 | The system ability works abnormally. | 615 616**Example** 617 618```ts 619import { dlpPermission } from '@kit.DataProtectionKit'; 620import { fileIo } from '@kit.CoreFileKit'; 621import { bundleManager } from '@kit.AbilityKit'; 622import { BusinessError } from '@kit.BasicServicesKit'; 623 624let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 625let file: number | undefined = undefined; 626let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 627let appId = ''; 628let bundleName = 'com.ohos.note'; 629let userId = 100; 630let dlpFile: dlpPermission.DLPFile | undefined = undefined; 631 632try{ 633 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 634 appId = data.signatureInfo.appId; 635} catch (err) { 636 console.error('error', err.code, err.message); 637} 638 639try { 640 file = fileIo.openSync(uri).fd; 641 dlpFile = await dlpPermission.openDLPFile(file, appId) // Open a DLP file. 642 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 643 dlpFile.stopFuseLink(); // Stop read/write on the link file. 644} catch (err) { 645 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 646} finally { 647 dlpFile?.closeDLPFile(); // Close the DLP object. 648 if (file) { 649 fileIo.closeSync(file); 650 } 651} 652} 653``` 654 655### stopFuseLink 656 657stopFuseLink(callback: AsyncCallback<void>): void 658 659Stops the read and write on the FUSE. This API uses an asynchronous callback to return the result. 660 661**System API**: This is a system API. 662 663**Required permissions**: ohos.permission.ACCESS_DLP_FILE 664 665**System capability**: SystemCapability.Security.DataLossPrevention 666 667**Parameters** 668 669| Name| Type| Mandatory| Description| 670| -------- | -------- | -------- | -------- | 671| callback | AsyncCallback<void> | Yes| Callback used to return the result.| 672 673**Error codes** 674 675For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 676 677| ID| Error Message| 678| -------- | -------- | 679| 201 | Permission denied. | 680| 202 | Non-system applications use system APIs. | 681| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 682| 19100001 | Invalid parameter value. | 683| 19100009 | Failed to operate the DLP file. | 684| 19100011 | The system ability works abnormally. | 685 686**Example** 687 688```ts 689import { dlpPermission } from '@kit.DataProtectionKit'; 690import { fileIo } from '@kit.CoreFileKit'; 691import { bundleManager } from '@kit.AbilityKit'; 692import { BusinessError } from '@kit.BasicServicesKit'; 693 694let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 695let file: number | undefined = undefined; 696let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 697let appId = ''; 698let bundleName = 'com.ohos.note'; 699let userId = 100; 700let dlpFile: dlpPermission.DLPFile | undefined = undefined; 701 702try{ 703 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 704 appId = data.signatureInfo.appId; 705} catch (err) { 706 console.error('error', err.code, err.message); 707} 708 709try { 710 file = fileIo.openSync(uri).fd; 711 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 712 await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 713 dlpFile.stopFuseLink(async (err, res) => { 714 if (err !== undefined) { 715 console.error('stopFuseLink error,', err.code, err.message); 716 } else { 717 console.info('res', JSON.stringify(res)); 718 } 719 await dlpFile?.closeDLPFile(); // Close the DLP object. 720 fileIo.closeSync(file); 721 }); 722} catch (err) { 723 console.error('stopFuseLink error,', (err as BusinessError).code, (err as BusinessError).message); 724 await dlpFile?.closeDLPFile(); // Close the DLP object. 725 if (file) { 726 fileIo.closeSync(file); 727 } 728} 729} 730``` 731 732### resumeFuseLink 733 734resumeFuseLink(): Promise<void> 735 736Resumes the read and write on the FUSE. This API uses a promise to return the result. 737 738**System API**: This is a system API. 739 740**Required permissions**: ohos.permission.ACCESS_DLP_FILE 741 742**System capability**: SystemCapability.Security.DataLossPrevention 743 744**Return value** 745 746| Type| Description| 747| -------- | -------- | 748| Promise<void> | Promise that returns no value.| 749 750**Error codes** 751 752For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 753 754| ID| Error Message| 755| -------- | -------- | 756| 201 | Permission denied. | 757| 202 | Non-system applications use system APIs. | 758| 19100001 | Invalid parameter value. | 759| 19100009 | Failed to operate the DLP file. | 760| 19100011 | The system ability works abnormally. | 761 762**Example** 763 764```ts 765import { dlpPermission } from '@kit.DataProtectionKit'; 766import { fileIo } from '@kit.CoreFileKit'; 767import { bundleManager } from '@kit.AbilityKit'; 768import { BusinessError } from '@kit.BasicServicesKit'; 769 770let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 771let file: number | undefined = undefined; 772let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 773let appId = ''; 774let bundleName = 'com.ohos.note'; 775let userId = 100; 776let dlpFile: dlpPermission.DLPFile | undefined = undefined; 777 778try{ 779 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 780 appId = data.signatureInfo.appId; 781} catch (err) { 782 console.error('error', err.code, err.message); 783} 784 785try { 786 file = fileIo.openSync(uri).fd; 787 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 788 await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 789 await dlpFile.stopFuseLink(); // Stop the read and write on the FUSE. 790 await dlpFile.resumeFuseLink(); // Resume read/write on the link file. 791} catch (err) { 792 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 793} finally { 794 dlpFile?.closeDLPFile(); // Close the DLP object. 795 if (file) { 796 fileIo.closeSync(file); 797 } 798} 799``` 800 801### resumeFuseLink 802 803resumeFuseLink(callback: AsyncCallback<void>): void 804 805Resumes the read and write on the FUSE. This API uses an asynchronous callback to return the result. 806 807**System API**: This is a system API. 808 809**Required permissions**: ohos.permission.ACCESS_DLP_FILE 810 811**System capability**: SystemCapability.Security.DataLossPrevention 812 813**Parameters** 814 815| Name| Type| Mandatory| Description| 816| -------- | -------- | -------- | -------- | 817| callback | AsyncCallback<void> | Yes| Callback used to return the result.| 818 819**Error codes** 820 821For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 822 823| ID| Error Message| 824| -------- | -------- | 825| 201 | Permission denied. | 826| 202 | Non-system applications use system APIs. | 827| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 828| 19100001 | Invalid parameter value. | 829| 19100009 | Failed to operate the DLP file. | 830| 19100011 | The system ability works abnormally. | 831 832**Example** 833 834```ts 835import { dlpPermission } from '@kit.DataProtectionKit'; 836import { fileIo } from '@kit.CoreFileKit'; 837import { bundleManager } from '@kit.AbilityKit'; 838import { BusinessError } from '@kit.BasicServicesKit'; 839 840let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 841let file: number | undefined = undefined; 842let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 843let appId = ''; 844let bundleName = 'com.ohos.note'; 845let userId = 100; 846let dlpFile: dlpPermission.DLPFile | undefined = undefined; 847 848try{ 849 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 850 appId = data.signatureInfo.appId; 851} catch (err) { 852 console.error('error', err.code, err.message); 853} 854 855try { 856 file = fileIo.openSync(uri).fd; 857 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 858 await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 859 await dlpFile.stopFuseLink(); // Stop the read and write on the FUSE. 860 dlpFile.resumeFuseLink(async (err, res) => { 861 if (err !== undefined) { 862 console.error('resumeFuseLink error,', err.code, err.message); 863 } else { 864 console.info('res', JSON.stringify(res)); 865 } 866 await dlpFile?.closeDLPFile(); // Close the DLP object. 867 fileIo.closeSync(file); 868 }); 869} catch (err) { 870 console.error('resumeFuseLink error,', (err as BusinessError).code, (err as BusinessError).message); 871 await dlpFile?.closeDLPFile(); // Close the DLP object. 872 if (file) { 873 fileIo.closeSync(file); 874 } 875} 876``` 877 878### replaceDLPLinkFile 879 880replaceDLPLinkFile(linkFileName: string): Promise<void> 881 882Replaces a link file. This API uses a promise to return the result. 883 884**System API**: This is a system API. 885 886**Required permissions**: ohos.permission.ACCESS_DLP_FILE 887 888**System capability**: SystemCapability.Security.DataLossPrevention 889 890**Parameters** 891 892| Name| Type| Mandatory| Description| 893| -------- | -------- | -------- | -------- | 894| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.| 895 896**Return value** 897 898| Type| Description| 899| -------- | -------- | 900| Promise<void> | Promise that returns no value.| 901 902**Error codes** 903 904For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 905 906| ID| Error Message| 907| -------- | -------- | 908| 201 | Permission denied. | 909| 202 | Non-system applications use system APIs. | 910| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 911| 19100001 | Invalid parameter value. | 912| 19100009 | Failed to operate the DLP file. | 913| 19100011 | The system ability works abnormally. | 914 915**Example** 916 917```ts 918import { dlpPermission } from '@kit.DataProtectionKit'; 919import { fileIo } from '@kit.CoreFileKit'; 920import { bundleManager } from '@kit.AbilityKit'; 921import { BusinessError } from '@kit.BasicServicesKit'; 922 923let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 924let file: number | undefined = undefined; 925let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 926let appId = ''; 927let bundleName = 'com.ohos.note'; 928let userId = 100; 929let dlpFile: dlpPermission.DLPFile | undefined = undefined; 930 931try{ 932 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 933 appId = data.signatureInfo.appId; 934} catch (err) { 935 console.error('error', err.code, err.message); 936} 937 938try { 939 file = fileIo.openSync(uri).fd; 940 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 941 await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 942 await dlpFile.stopFuseLink(); // Stop the read and write on the FUSE. 943 await dlpFile.replaceDLPLinkFile('test_new.txt.dlp.link'); // Replace a link file. 944 await dlpFile.resumeFuseLink(); // Resume read/write on the link file. 945} catch (err) { 946 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 947} finally { 948 await dlpFile?.closeDLPFile(); // Close the DLP object. 949 if (file) { 950 fileIo.closeSync(file); 951 } 952} 953``` 954 955### replaceDLPLinkFile 956 957replaceDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void 958 959Replaces a link file. This API uses an asynchronous callback to return the result. 960 961**System API**: This is a system API. 962 963**Required permissions**: ohos.permission.ACCESS_DLP_FILE 964 965**System capability**: SystemCapability.Security.DataLossPrevention 966 967**Parameters** 968 969| Name| Type| Mandatory| Description| 970| -------- | -------- | -------- | -------- | 971| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.| 972| callback | AsyncCallback<void> | Yes| Callback used to return the result.| 973 974**Error codes** 975 976For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 977 978| ID| Error Message| 979| -------- | -------- | 980| 201 | Permission denied. | 981| 202 | Non-system applications use system APIs. | 982| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 983| 19100001 | Invalid parameter value. | 984| 19100009 | Failed to operate the DLP file. | 985| 19100011 | The system ability works abnormally. | 986 987**Example** 988 989```ts 990import { dlpPermission } from '@kit.DataProtectionKit'; 991import { fileIo } from '@kit.CoreFileKit'; 992import { bundleManager } from '@kit.AbilityKit'; 993import { BusinessError } from '@kit.BasicServicesKit'; 994 995let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 996let file: number | undefined = undefined; 997let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 998let appId = ''; 999let bundleName = 'com.ohos.note'; 1000let userId = 100; 1001let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1002 1003try{ 1004 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1005 appId = data.signatureInfo.appId; 1006} catch (err) { 1007 console.error('error', err.code, err.message); 1008} 1009 1010try { 1011 file = fileIo.openSync(uri).fd; 1012 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 1013 await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 1014 await dlpFile.stopFuseLink(); // Stop the read and write on the FUSE. 1015 dlpFile.replaceDLPLinkFile('test_new.txt.dlp.link', async (err, res) => { // Replace a link file. 1016 if (err !== undefined) { 1017 console.error('replaceDLPLinkFile error,', err.code, err.message); 1018 } else { 1019 console.info('res', JSON.stringify(res)); 1020 await dlpFile?.resumeFuseLink(); // Resume the read and write on the FUSE. 1021 } 1022 await dlpFile?.closeDLPFile(); // Close the DLP object. 1023 fileIo.closeSync(file); 1024 }); 1025} catch (err) { 1026 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1027 await dlpFile?.closeDLPFile(); // Close the DLP object. 1028 if (file) { 1029 fileIo.closeSync(file); 1030 } 1031} 1032``` 1033 1034### deleteDLPLinkFile 1035 1036deleteDLPLinkFile(linkFileName: string): Promise<void> 1037 1038Deletes a link file from the FUSE. This API uses a promise to return the result. 1039 1040**System API**: This is a system API. 1041 1042**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1043 1044**System capability**: SystemCapability.Security.DataLossPrevention 1045 1046**Parameters** 1047 1048| Name| Type| Mandatory| Description| 1049| -------- | -------- | -------- | -------- | 1050| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.| 1051 1052**Return value** 1053 1054| Type| Description| 1055| -------- | -------- | 1056| Promise<void> | Promise that returns no value.| 1057 1058**Error codes** 1059 1060For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1061 1062| ID| Error Message| 1063| -------- | -------- | 1064| 201 | Permission denied. | 1065| 202 | Non-system applications use system APIs. | 1066| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1067| 19100001 | Invalid parameter value. | 1068| 19100009 | Failed to operate the DLP file. | 1069| 19100011 | The system ability works abnormally. | 1070 1071**Example** 1072 1073```ts 1074import { dlpPermission } from '@kit.DataProtectionKit'; 1075import { fileIo } from '@kit.CoreFileKit'; 1076import { bundleManager } from '@kit.AbilityKit'; 1077import { BusinessError } from '@kit.BasicServicesKit'; 1078 1079let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1080let file: number | undefined = undefined; 1081let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1082let appId = ''; 1083let bundleName = 'com.ohos.note'; 1084let userId = 100; 1085let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1086 1087try{ 1088 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1089 appId = data.signatureInfo.appId; 1090} catch (err) { 1091 console.error('error', err.code, err.message); 1092} 1093 1094try { 1095 file = fileIo.openSync(uri).fd; 1096 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 1097 await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 1098 await dlpFile.deleteDLPLinkFile('test.txt.dlp.link'); // Delete a link file. 1099} catch (err) { 1100 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1101} finally { 1102 await dlpFile?.closeDLPFile(); // Close the DLP object. 1103 if (file) { 1104 fileIo.closeSync(file); 1105 } 1106} 1107``` 1108 1109### deleteDLPLinkFile 1110 1111deleteDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void 1112 1113Deletes a link file. This API uses an asynchronous callback to return the result. 1114 1115**System API**: This is a system API. 1116 1117**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1118 1119**System capability**: SystemCapability.Security.DataLossPrevention 1120 1121**Parameters** 1122 1123| Name| Type| Mandatory| Description| 1124| -------- | -------- | -------- | -------- | 1125| linkFileName | string | Yes| Name of the link file. The value contains up to 255 bytes.| 1126| callback | AsyncCallback<void> | Yes| Callback used to return the result.| 1127 1128**Error codes** 1129 1130For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1131 1132| ID| Error Message| 1133| -------- | -------- | 1134| 201 | Permission denied. | 1135| 202 | Non-system applications use system APIs. | 1136| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1137| 19100001 | Invalid parameter value. | 1138| 19100009 | Failed to operate the DLP file. | 1139| 19100011 | The system ability works abnormally. | 1140 1141**Example** 1142 1143```ts 1144import { dlpPermission } from '@kit.DataProtectionKit'; 1145import { fileIo } from '@kit.CoreFileKit'; 1146import { bundleManager } from '@kit.AbilityKit'; 1147import { BusinessError } from '@kit.BasicServicesKit'; 1148 1149let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1150let file: number | undefined = undefined; 1151let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1152let appId = ''; 1153let bundleName = 'com.ohos.note'; 1154let userId = 100; 1155let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1156 1157try{ 1158 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1159 appId = data.signatureInfo.appId; 1160} catch (err) { 1161 console.error('error', err.code, err.message); 1162} 1163 1164try { 1165 file = fileIo.openSync(uri).fd; 1166 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 1167 await dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 1168 dlpFile.deleteDLPLinkFile('test.txt.dlp.link', async (err, res) => { // Delete a link file. 1169 if (err !== undefined) { 1170 console.error('deleteDLPLinkFile error,', err.code, err.message); 1171 } else { 1172 console.info('res', JSON.stringify(res)); 1173 } 1174 await dlpFile?.closeDLPFile(); // Close the DLP object. 1175 fileIo.closeSync(file); 1176 }); 1177} catch (err) { 1178 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1179 await dlpFile?.closeDLPFile(); // Close the DLP object. 1180 if (file) { 1181 fileIo.closeSync(file); 1182 } 1183} 1184``` 1185 1186### recoverDLPFile 1187 1188recoverDLPFile(plaintextFd: number): Promise<void> 1189 1190Recovers the plaintext of a DLP file. This API uses a promise to return the result. 1191 1192**System API**: This is a system API. 1193 1194**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1195 1196**System capability**: SystemCapability.Security.DataLossPrevention 1197 1198**Parameters** 1199 1200| Name| Type| Mandatory| Description| 1201| -------- | -------- | -------- | -------- | 1202| plaintextFd | number | Yes| FD of the target plaintext file.| 1203 1204**Return value** 1205 1206| Type| Description| 1207| -------- | -------- | 1208| Promise<void> | Promise that returns no value.| 1209 1210**Error codes** 1211 1212For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1213 1214| ID| Error Message| 1215| -------- | -------- | 1216| 201 | Permission denied. | 1217| 202 | Non-system applications use system APIs. | 1218| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1219| 19100001 | Invalid parameter value. | 1220| 19100002 | Credential task error. | 1221| 19100003 | Credential task time out. | 1222| 19100004 | Credential service error. | 1223| 19100005 | Credential authentication server error. | 1224| 19100008 | The file is not a DLP file. | 1225| 19100009 | Failed to operate the DLP file. | 1226| 19100010 | The DLP file is read only. | 1227| 19100011 | The system ability works abnormally. | 1228 1229**Example** 1230 1231```ts 1232import { dlpPermission } from '@kit.DataProtectionKit'; 1233import { fileIo } from '@kit.CoreFileKit'; 1234import { bundleManager } from '@kit.AbilityKit'; 1235import { BusinessError } from '@kit.BasicServicesKit'; 1236 1237let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1238let file: number | undefined = undefined; 1239let destFile: number | undefined = undefined; 1240let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1241let appId = ''; 1242let bundleName = 'com.ohos.note'; 1243let userId = 100; 1244let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1245 1246try{ 1247 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1248 appId = data.signatureInfo.appId; 1249} catch (err) { 1250 console.error('error', err.code, err.message); 1251} 1252 1253try { 1254 file = fileIo.openSync(uri).fd; 1255 destFile = fileIo.openSync('destUri').fd; 1256 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 1257 await dlpFile.recoverDLPFile(destFile); // Recover the plaintext of a DLP file. 1258} catch (err) { 1259 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1260} finally { 1261 dlpFile?.closeDLPFile(); // Close the DLP object. 1262 if (file) { 1263 fileIo.closeSync(file); 1264 } 1265 if (destFile) { 1266 fileIo.closeSync(destFile); 1267 } 1268} 1269``` 1270 1271### recoverDLPFile 1272 1273recoverDLPFile(plaintextFd: number, callback: AsyncCallback<void>): void 1274 1275Recovers the plaintext of a DLP file. This API uses an asynchronous callback to return the result. 1276 1277**System API**: This is a system API. 1278 1279**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1280 1281**System capability**: SystemCapability.Security.DataLossPrevention 1282 1283**Parameters** 1284 1285| Name| Type| Mandatory| Description| 1286| -------- | -------- | -------- | -------- | 1287| plaintextFd | number | Yes| FD of the target plaintext file.| 1288| callback | AsyncCallback<void> | Yes| Callback used to return the result.| 1289 1290**Error codes** 1291 1292For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1293 1294| ID| Error Message| 1295| -------- | -------- | 1296| 201 | Permission denied. | 1297| 202 | Non-system applications use system APIs. | 1298| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1299| 19100001 | Invalid parameter value. | 1300| 19100002 | Credential task error. | 1301| 19100003 | Credential task time out. | 1302| 19100004 | Credential service error. | 1303| 19100005 | Credential authentication server error. | 1304| 19100008 | The file is not a DLP file. | 1305| 19100009 | Failed to operate the DLP file. | 1306| 19100010 | The DLP file is read only. | 1307| 19100011 | The system ability works abnormally. | 1308 1309**Example** 1310 1311```ts 1312import { dlpPermission } from '@kit.DataProtectionKit'; 1313import { fileIo } from '@kit.CoreFileKit'; 1314import { bundleManager } from '@kit.AbilityKit'; 1315import { BusinessError } from '@kit.BasicServicesKit'; 1316 1317let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1318let file: number | undefined = undefined; 1319let destFile: number | undefined = undefined; 1320let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1321let appId = ''; 1322let bundleName = 'com.ohos.note'; 1323let userId = 100; 1324let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1325 1326try{ 1327 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1328 appId = data.signatureInfo.appId; 1329} catch (err) { 1330 console.error('error', err.code, err.message); 1331} 1332 1333try { 1334 file = fileIo.openSync(uri).fd; 1335 destFile = fileIo.openSync('destUri').fd; 1336 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 1337 dlpFile.recoverDLPFile(destFile, async (err, res) => { // Recover the plaintext of a DLP file. 1338 if (err !== undefined) { 1339 console.error('recoverDLPFile error,', err.code, err.message); 1340 } else { 1341 console.info('res', JSON.stringify(res)); 1342 } 1343 await dlpFile?.closeDLPFile(); // Close the DLP object. 1344 fileIo.closeSync(file); 1345 fileIo.closeSync(destFile); 1346 }); 1347} catch (err) { 1348 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1349 await dlpFile?.closeDLPFile(); // Close the DLP object. 1350 if (file) { 1351 fileIo.closeSync(file); 1352 } 1353 if (destFile) { 1354 fileIo.closeSync(destFile); 1355 } 1356} 1357``` 1358 1359### closeDLPFile 1360 1361closeDLPFile(): Promise<void> 1362 1363Closes this **DLPFile** instance. This API uses a promise to return the result. 1364 1365**System API**: This is a system API. 1366 1367**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1368 1369**System capability**: SystemCapability.Security.DataLossPrevention 1370 1371> **NOTE** 1372> 1373> If a DLP file is no longer used, close the **dlpFile** instance to release the memory. 1374 1375**Return value** 1376 1377| Type| Description| 1378| -------- | -------- | 1379| Promise<void> | Promise that returns no value.| 1380 1381**Error codes** 1382 1383For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1384 1385| ID| Error Message| 1386| -------- | -------- | 1387| 201 | Permission denied. | 1388| 202 | Non-system applications use system APIs. | 1389| 19100001 | Invalid parameter value. | 1390| 19100009 | Failed to operate the DLP file. | 1391| 19100011 | The system ability works abnormally. | 1392 1393**Example** 1394 1395```ts 1396import { dlpPermission } from '@kit.DataProtectionKit'; 1397import { fileIo } from '@kit.CoreFileKit'; 1398import { bundleManager } from '@kit.AbilityKit'; 1399import { BusinessError } from '@kit.BasicServicesKit'; 1400 1401let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1402let file: number | undefined = undefined; 1403let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1404let appId = ''; 1405let bundleName = 'com.ohos.note'; 1406let userId = 100; 1407let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1408 1409try{ 1410 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1411 appId = data.signatureInfo.appId; 1412} catch (err) { 1413 console.error('error', err.code, err.message); 1414} 1415 1416try { 1417 file = fileIo.openSync(uri).fd; 1418 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 1419} catch (err) { 1420 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1421} finally { 1422 dlpFile?.closeDLPFile(); // Close the DLP object. 1423 if (file) { 1424 fileIo.closeSync(file); 1425 } 1426} 1427``` 1428 1429### closeDLPFile 1430 1431closeDLPFile(callback: AsyncCallback<void>): void 1432 1433Closes this **DLPFile** instance. This API uses an asynchronous callback to return the result. 1434 1435**System API**: This is a system API. 1436 1437**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1438 1439**System capability**: SystemCapability.Security.DataLossPrevention 1440 1441> **NOTE** 1442> 1443> If a DLP file is no longer used, close the **dlpFile** instance to release the memory. 1444 1445**Parameters** 1446 1447| Name| Type| Mandatory| Description| 1448| -------- | -------- | -------- | -------- | 1449| callback | AsyncCallback<void> | Yes| Callback used to return the result.| 1450 1451**Error codes** 1452 1453For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1454 1455| ID| Error Message| 1456| -------- | -------- | 1457| 201 | Permission denied. | 1458| 202 | Non-system applications use system APIs. | 1459| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 1460| 19100001 | Invalid parameter value. | 1461| 19100009 | Failed to operate the DLP file. | 1462| 19100011 | The system ability works abnormally. | 1463 1464**Example** 1465 1466```ts 1467import { dlpPermission } from '@kit.DataProtectionKit'; 1468import { fileIo } from '@kit.CoreFileKit'; 1469import { bundleManager } from '@kit.AbilityKit'; 1470import { BusinessError } from '@kit.BasicServicesKit'; 1471 1472let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1473let file: number | undefined = undefined; 1474let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1475let appId = ''; 1476let bundleName = 'com.ohos.note'; 1477let userId = 100; 1478let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1479 1480try{ 1481 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1482 appId = data.signatureInfo.appId; 1483} catch (err) { 1484 console.error('error', err.code, err.message); 1485} 1486 1487try { 1488 file = fileIo.openSync(uri).fd; 1489 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 1490 dlpFile.closeDLPFile((err, res) => {// Close the DLP file. 1491 if (err !== undefined) { 1492 console.error('closeDLPFile error,', err.code, err.message); 1493 } else { 1494 console.info('res', JSON.stringify(res)); 1495 } 1496 fileIo.closeSync(file); 1497 }); 1498} catch (err) { 1499 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1500 if (file) { 1501 fileIo.closeSync(file); 1502 } 1503} 1504``` 1505 1506## dlpPermission.generateDLPFile 1507 1508generateDLPFile(plaintextFd: number, ciphertextFd: number, property: DLPProperty): Promise<DLPFile> 1509 1510Generates a DLP file, which is an encrypted file that can be accessed only by authorized users. The users can have the full control permission or read-only permission on the DLP file. This API uses a promise to return the result. 1511 1512**System API**: This is a system API. 1513 1514**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1515 1516**System capability**: SystemCapability.Security.DataLossPrevention 1517 1518**Parameters** 1519 1520| Name| Type| Mandatory| Description| 1521| -------- | -------- | -------- | -------- | 1522| plaintextFd | number | Yes| FD of the plaintext file to be encrypted.| 1523| ciphertextFd | number | Yes| FD of the encrypted file.| 1524| property | [DLPProperty](#dlpproperty) | Yes| Authorization information, which includes the authorized user list, owner account, and contact account information.| 1525 1526**Return value** 1527 1528| Type| Description| 1529| -------- | -------- | 1530| Promise<[DLPFile](#dlpfile)> | Promise If the operation is successful, a **DLPFile** instance is returned. Otherwise, **null** is returned.| 1531 1532**Error codes** 1533 1534For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1535 1536| ID| Error Message| 1537| -------- | -------- | 1538| 201 | Permission denied. | 1539| 202 | Non-system applications use system APIs. | 1540| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1541| 19100001 | Invalid parameter value. | 1542| 19100002 | Credential task error. | 1543| 19100003 | Credential task time out. | 1544| 19100004 | Credential service error. | 1545| 19100005 | Credential authentication server error. | 1546| 19100009 | Failed to operate the DLP file. | 1547| 19100011 | The system ability works abnormally. | 1548 1549**Example** 1550 1551```ts 1552import { dlpPermission } from '@kit.DataProtectionKit'; 1553import { fileIo } from '@kit.CoreFileKit'; 1554import { BusinessError } from '@kit.BasicServicesKit'; 1555 1556let dlpUri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1557let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt'; 1558let file: number | undefined = undefined; 1559let dlp: number | undefined = undefined; 1560let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1561 1562try { 1563 file = fileIo.openSync(uri).fd; 1564 dlp = fileIo.openSync(dlpUri).fd; 1565 let dlpProperty: dlpPermission.DLPProperty = { 1566 ownerAccount: 'zhangsan', 1567 ownerAccountType: dlpPermission.AccountType.DOMAIN_ACCOUNT, 1568 authUserList: [], 1569 contactAccount: 'zhangsan', 1570 offlineAccess: true, 1571 ownerAccountID: 'xxxxxxx', 1572 everyoneAccessList: [] 1573 }; 1574 dlpFile = await dlpPermission.generateDLPFile(file, dlp, dlpProperty); // Generate a DLP file. 1575} catch (err) { 1576 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1577} finally { 1578 dlpFile?.closeDLPFile(); // Close the DLP object. 1579 if (file) { 1580 fileIo.closeSync(file); 1581 } 1582 if (dlp) { 1583 fileIo.closeSync(dlp); 1584 } 1585} 1586``` 1587 1588## dlpPermission.generateDLPFile 1589 1590generateDLPFile(plaintextFd: number, ciphertextFd: number, property: DLPProperty, callback: AsyncCallback<DLPFile>): void 1591 1592Generates a DLP file, which is an encrypted file that can be accessed only by authorized users. The users can have the full control permission or read-only permission on the DLP file. This API uses an asynchronous callback to return the result. 1593 1594**System API**: This is a system API. 1595 1596**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1597 1598**System capability**: SystemCapability.Security.DataLossPrevention 1599 1600**Parameters** 1601 1602| Name| Type| Mandatory| Description| 1603| -------- | -------- | -------- | -------- | 1604| plaintextFd | number | Yes| FD of the plaintext file to be encrypted.| 1605| ciphertextFd | number | Yes| FD of the encrypted file.| 1606| property | [DLPProperty](#dlpproperty) | Yes| Authorization information, which includes the authorized user list, owner account, and contact account information.| 1607| callback | AsyncCallback<[DLPFile](#dlpfile)> | Yes| Callback used to return the **DLPFile** instance created.| 1608 1609**Error codes** 1610 1611For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1612 1613| ID| Error Message| 1614| -------- | -------- | 1615| 201 | Permission denied. | 1616| 202 | Non-system applications use system APIs. | 1617| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1618| 19100001 | Invalid parameter value. | 1619| 19100002 | Credential task error. | 1620| 19100003 | Credential task time out. | 1621| 19100004 | Credential service error. | 1622| 19100005 | Credential authentication server error. | 1623| 19100009 | Failed to operate the DLP file. | 1624| 19100011 | The system ability works abnormally. | 1625 1626**Example** 1627 1628```ts 1629import { dlpPermission } from '@kit.DataProtectionKit'; 1630import { fileIo } from '@kit.CoreFileKit'; 1631import { BusinessError } from '@kit.BasicServicesKit'; 1632 1633let dlpUri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1634let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt'; 1635let file: number | undefined = undefined; 1636let dlp: number | undefined = undefined; 1637 1638try { 1639 file = fileIo.openSync(uri).fd; 1640 dlp = fileIo.openSync(dlpUri).fd; 1641 let dlpProperty: dlpPermission.DLPProperty = { 1642 ownerAccount: 'zhangsan', 1643 ownerAccountType: dlpPermission.AccountType.DOMAIN_ACCOUNT, 1644 authUserList: [], 1645 contactAccount: 'zhangsan', 1646 offlineAccess: true, 1647 ownerAccountID: 'xxxxxxx', 1648 everyoneAccessList: [] 1649 }; 1650 dlpPermission.generateDLPFile(file, dlp, dlpProperty, (err, res) => { // Generate a DLP file. 1651 if (err !== undefined) { 1652 console.error('generateDLPFile error,', err.code, err.message); 1653 } else { 1654 console.info('res', JSON.stringify(res)); 1655 } 1656 fileIo.closeSync(file); 1657 fileIo.closeSync(dlp); 1658 }); 1659} catch (err) { 1660 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1661 if (file) { 1662 fileIo.closeSync(file); 1663 } 1664 if (dlp) { 1665 fileIo.closeSync(dlp); 1666 } 1667} 1668} 1669``` 1670 1671## dlpPermission.openDLPFile<sup>11+</sup> 1672 1673openDLPFile(ciphertextFd: number, appId: string): Promise<DLPFile> 1674 1675Opens a DLP file. This API uses a promise to return the result. 1676 1677**System API**: This is a system API. 1678 1679**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1680 1681**System capability**: SystemCapability.Security.DataLossPrevention 1682 1683**Parameters** 1684 1685| Name| Type| Mandatory| Description| 1686| -------- | -------- | -------- | -------- | 1687| ciphertextFd | number | Yes| FD of the encrypted file.| 1688| appId | string | Yes| ID of the caller. The value contains 8 to 1024 bytes.| 1689 1690**Return value** 1691 1692| Type| Description| 1693| -------- | -------- | 1694| Promise<[DLPFile](#dlpfile)> | Promise If the operation is successful, a **DLPFile** instance is returned. Otherwise, **null** is returned.| 1695 1696**Error codes** 1697 1698For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1699 1700| ID| Error Message| 1701| -------- | -------- | 1702| 201 | Permission denied. | 1703| 202 | Non-system applications use system APIs. | 1704| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1705| 19100001 | Invalid parameter value. | 1706| 19100002 | Credential task error. | 1707| 19100003 | Credential task time out. | 1708| 19100004 | Credential service error. | 1709| 19100005 | Credential authentication server error. | 1710| 19100008 | The file is not a DLP file. | 1711| 19100009 | Failed to operate the DLP file. | 1712| 19100011 | The system ability works abnormally. | 1713| 19100018 | Not authorized application. | 1714| 19100019 | The DLP file has expired. | 1715| 19100020 | No network connection. | 1716 1717**Example** 1718 1719```ts 1720import { dlpPermission } from '@kit.DataProtectionKit'; 1721import { fileIo } from '@kit.CoreFileKit'; 1722import { bundleManager } from '@kit.AbilityKit'; 1723import { BusinessError } from '@kit.BasicServicesKit'; 1724 1725let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1726let file: number | undefined = undefined; 1727let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1728let appId = ''; 1729let bundleName = 'com.ohos.note'; 1730let userId = 100; 1731let dlpFile: dlpPermission.DLPFile | undefined = undefined; 1732 1733try{ 1734 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1735 appId = data.signatureInfo.appId; 1736} catch (err) { 1737 console.error('error', err.code, err.message); 1738} 1739 1740try { 1741 file = fileIo.openSync(uri).fd; 1742 dlpFile = await dlpPermission.openDLPFile(file, appId); // Open a DLP file. 1743} catch (err) { 1744 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1745 dlpFile?.closeDLPFile(); // Close the DLP object. 1746} finally { 1747 if (file) { 1748 fileIo.closeSync(file); 1749 } 1750} 1751``` 1752 1753## dlpPermission.openDLPFile<sup>11+</sup> 1754 1755openDLPFile(ciphertextFd: number, appId: string, callback: AsyncCallback<DLPFile>): void 1756 1757Opens a DLP file. This API uses an asynchronous callback to return the result. 1758 1759**System API**: This is a system API. 1760 1761**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1762 1763**System capability**: SystemCapability.Security.DataLossPrevention 1764 1765**Parameters** 1766 1767| Name| Type| Mandatory| Description| 1768| -------- | -------- | -------- | -------- | 1769| ciphertextFd | number | Yes| FD of the encrypted file.| 1770| appId | string | Yes| ID of the caller. The value contains 8 to 1024 bytes.| 1771| callback | AsyncCallback<[DLPFile](#dlpfile)> | Yes| Callback used to return the **DLPFile** instance created.| 1772 1773**Error codes** 1774 1775For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1776 1777| ID| Error Message| 1778| -------- | -------- | 1779| 201 | Permission denied. | 1780| 202 | Non-system applications use system APIs. | 1781| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1782| 19100001 | Invalid parameter value. | 1783| 19100002 | Credential task error. | 1784| 19100003 | Credential task time out. | 1785| 19100004 | Credential service error. | 1786| 19100005 | Credential authentication server error. | 1787| 19100008 | The file is not a DLP file. | 1788| 19100009 | Failed to operate the DLP file. | 1789| 19100011 | The system ability works abnormally. | 1790| 19100018 | Not authorized application. | 1791| 19100019 | The DLP file has expired. | 1792| 19100020 | No network connection. | 1793 1794**Example** 1795 1796```ts 1797import { dlpPermission } from '@kit.DataProtectionKit'; 1798import { fileIo } from '@kit.CoreFileKit'; 1799import { bundleManager } from '@kit.AbilityKit'; 1800import { BusinessError } from '@kit.BasicServicesKit'; 1801 1802let uri = 'file://docs/storage/Users/currentUser/Desktop/test.txt.dlp'; 1803let file: number | undefined = undefined; 1804let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1805let appId = ''; 1806let bundleName = 'com.ohos.note'; 1807let userId = 100; 1808 1809try{ 1810 let data = bundleManager.getBundleInfoSync(bundleName, bundleFlags, userId); 1811 appId = data.signatureInfo.appId; 1812} catch (err) { 1813 console.error('error', err.code, err.message); 1814} 1815 1816try { 1817 file = fileIo.openSync(uri).fd; 1818 dlpPermission.openDLPFile(file, appId, (err, res) => { // Open a DLP file. 1819 if (err !== undefined) { 1820 console.error('openDLPFile error,', err.code, err.message); 1821 } else { 1822 console.info('res', JSON.stringify(res)); 1823 } 1824 if (file) { 1825 fileIo.closeSync(file); 1826 } 1827 }); 1828} catch (err) { 1829 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1830 if (file) { 1831 fileIo.closeSync(file); 1832 } 1833} 1834``` 1835 1836## dlpPermission.generateDlpFileForEnterprise<sup>20+</sup> 1837 1838generateDLPFileForEnterprise(plaintextFd: number, dlpFd: number, property: DLPProperty, customProperty: CustomProperty): Promise<void> 1839 1840Obtains a **DLPFile** object. This API uses a promise to return the result. 1841>**NOTE** 1842> 1843> This API generates a DLP file, which is an encrypted file that can be accessed only by users with full control permissions. 1844 1845**System API**: This is a system API. 1846 1847**Required permissions:** ohos.permission.ENTERPEISE_ACCESS_DLP_FILE 1848 1849**System capability**: SystemCapability.Security.DataLossPrevention 1850 1851**Parameters** 1852 1853| Name| Type| Mandatory| Description| 1854| -------- | -------- | -------- | -------- | 1855| plaintextFd | number | Yes| FD of the plaintext file.| 1856| dlpFd | number | Yes| FD of the encrypted file.| 1857| property | [DLPProperty](#dlpproperty) | Yes| General properties of the DLP file.| 1858| customProperty | [CustomProperty](#customproperty20) | Yes| Custom properties.| 1859 1860**Return value** 1861 1862| Type| Description| 1863| -------- | -------- | 1864| Promise<void> | Promise that returns no value.| 1865 1866**Error codes** 1867 1868For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [DLP Error Codes](errorcode-dlp.md). 1869 1870| ID| Error Message| 1871| -------- | -------- | 1872| 201 | Permission denied. | 1873| 202 | Non-system applications use system APIs. | 1874| 19100001 | Invalid parameter value. | 1875| 19100002 | Credential service busy due to too many tasks or duplicate tasks. | 1876| 19100003 | Credential task time out. | 1877| 19100004 | Credential service error. | 1878| 19100005 | Credential authentication server error. | 1879| 19100009 | Failed to operate the DLP file. | 1880| 19100011 | The system ability works abnormally. | 1881 1882**Example** 1883 1884```ts 1885import { dlpPermission } from '@kit.DataProtectionKit'; 1886import { fileIo } from '@kit.CoreFileKit'; 1887import { BusinessError } from '@kit.BasicServicesKit'; 1888 1889async function ExampleFunction(plainFilePath: string, dlpFilePath: string) { 1890 let plaintextFd: number | undefined = undefined; 1891 let dlpFd: number | undefined = undefined; 1892 try { 1893 plaintextFd = fileIo.openSync(plainFilePath, fileIo.OpenMode.READ_ONLY).fd; 1894 dlpFd = fileIo.openSync(dlpFilePath, fileIo.OpenMode.READ_WRITE | fileIo.OpenMode.CREATE).fd; 1895 let dlpProperty: dlpPermission.DLPProperty = { 1896 ownerAccount: 'zhangsan', 1897 ownerAccountType: dlpPermission.AccountType.DOMAIN_ACCOUNT, 1898 authUserList: [], 1899 contactAccount: 'zhangsan', 1900 offlineAccess: true, 1901 ownerAccountID: 'xxxxxxx', 1902 everyoneAccessList: [] 1903 }; 1904 let customProperty: dlpPermission.CustomProperty = { 1905 enterprise: 'customProperty' 1906 }; 1907 await dlpPermission.generateDlpFileForEnterprise(plaintextFd, dlpFd, dlpProperty, customProperty); 1908 console.info('Successfully generate DLP file for enterprise.'); 1909 } catch(err) { 1910 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1911 } finally { 1912 if (dlpFd) { 1913 fileIo.closeSync(dlpFd); 1914 } 1915 if (plaintextFd) { 1916 fileIo.closeSync(plaintextFd); 1917 } 1918 } 1919} 1920``` 1921 1922## dlpPermission.decryptDlpFile<sup>20+</sup> 1923 1924decryptDlpFile(dlpFd: number, plaintextFd: number): Promise<void> 1925 1926Decrypts a DLP file to generate a plaintext file. This API uses a promise to return the result. 1927>**NOTE** 1928> 1929> This API can decrypt DLP files only by users with full control permissions. 1930 1931**System API**: This is a system API. 1932 1933**Required permissions:** ohos.permission.ENTERPEISE_ACCESS_DLP_FILE 1934 1935**System capability**: SystemCapability.Security.DataLossPrevention 1936 1937**Parameters** 1938 1939| Name| Type| Mandatory| Description| 1940| -------- | -------- | -------- | -------- | 1941| dlpFd | number | Yes| FD of the file to be decrypted.| 1942| plaintextFd | number | Yes| FD of the decrypted file.| 1943 1944**Return value** 1945 1946| Type| Description| 1947| -------- | -------- | 1948| Promise<void> | Promise that returns no value.| 1949 1950**Error codes** 1951 1952For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [DLP Error Codes](errorcode-dlp.md). 1953 1954| ID| Error Message| 1955| -------- | -------- | 1956| 201 | Permission denied. | 1957| 202 | Non-system applications use system APIs. | 1958| 19100001 | Invalid parameter value. | 1959| 19100002 | Credential service busy due to too many tasks or duplicate tasks. | 1960| 19100003 | Credential task time out. | 1961| 19100004 | Credential service error. | 1962| 19100005 | Credential authentication server error. | 1963| 19100009 | Failed to operate the DLP file. | 1964| 19100011 | The system ability works abnormally. | 1965 1966**Example** 1967 1968```ts 1969import { dlpPermission } from '@kit.DataProtectionKit'; 1970import { fileIo } from '@kit.CoreFileKit'; 1971import { BusinessError } from '@kit.BasicServicesKit'; 1972 1973async function ExampleFunction(plainFilePath: string, dlpFilePath: string) { 1974 let plaintextFd: number | undefined = undefined; 1975 let dlpFd: number | undefined = undefined; 1976 try { 1977 plaintextFd = fileIo.openSync(plainFilePath, fileIo.OpenMode.READ_WRITE | fileIo.OpenMode.CREATE).fd; 1978 dlpFd = fileIo.openSync(dlpFilePath, fileIo.OpenMode.READ_ONLY).fd; 1979 await dlpPermission.decryptDlpFile(dlpFd, plaintextFd); 1980 console.info('Successfully decrypt DLP file.'); 1981 } catch(err) { 1982 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1983 } finally { 1984 if (dlpFd) { 1985 fileIo.closeSync(dlpFd); 1986 } 1987 if (plaintextFd) { 1988 fileIo.closeSync(plaintextFd); 1989 } 1990 } 1991} 1992``` 1993 1994## dlpPermission.queryDlpPolicy<sup>20+</sup> 1995 1996queryDlpPolicy(dlpFd: number): Promise<string> 1997 1998Parses the file header in a DLP file to obtain the DLP plaintext policy. This API uses a promise to return the result. 1999 2000**System API**: This is a system API. 2001 2002**Required permissions:** ohos.permission.ENTERPEISE_ACCESS_DLP_FILE 2003 2004**System capability**: SystemCapability.Security.DataLossPrevention 2005 2006**Parameters** 2007 2008| Name| Type| Mandatory| Description| 2009| -------- | -------- | -------- | -------- | 2010| dlpFd | number | Yes| FD of the file to be decrypted.| 2011 2012**Return value** 2013 2014| Type| Description| 2015| -------- | -------- | 2016| Promise<string> | Promise used to return the JSON string of the DLP policy.| 2017 2018**Error codes** 2019 2020For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [DLP Error Codes](errorcode-dlp.md). 2021 2022| ID| Error Message| 2023| -------- | -------- | 2024| 201 | Permission denied. | 2025| 202 | Non-system applications use system APIs. | 2026| 19100001 | Invalid parameter value. | 2027| 19100011 | The system ability works abnormally. | 2028 2029**Example** 2030 2031```ts 2032import { dlpPermission } from '@kit.DataProtectionKit'; 2033import { fileIo } from '@kit.CoreFileKit'; 2034import { BusinessError } from '@kit.BasicServicesKit'; 2035 2036async function ExampleFunction(dlpFilePath: string) { 2037 let dlpFd : number | undefined = undefined; 2038 try { 2039 dlpFd = fileIo.openSync(dlpFilePath, fileIo.OpenMode.READ_ONLY).fd; 2040 let policy: string = await dlpPermission.queryDlpPolicy(dlpFd); 2041 console.info('DLP policy:' + policy); 2042 } catch(err) { 2043 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 2044 } finally { 2045 if (dlpFd) { 2046 fileIo.closeSync(dlpFd); 2047 } 2048 } 2049} 2050``` 2051 2052## DLPSandboxInfo 2053 2054Represents the DLP sandbox information. 2055 2056**System API**: This is a system API. 2057 2058**System capability**: SystemCapability.Security.DataLossPrevention 2059 2060| Name| Type| Readable| Writable| Description| 2061| -------- | -------- | -------- | -------- | -------- | 2062| appIndex | number | Yes| No| Index of the DLP sandbox application.| 2063| tokenID | number | Yes| No| Token ID of the DLP sandbox application.| 2064 2065## DLPSandboxState 2066 2067DLP sandbox identity. 2068 2069**System API**: This is a system API. 2070 2071**System capability**: SystemCapability.Security.DataLossPrevention 2072 2073| Name| Type| Readable| Writable| Description| 2074| -------- | -------- | -------- | -------- | -------- | 2075| bundleName | string | Yes| No| Bundle name of the application. The value contains 7 to 128 bytes.| 2076| appIndex | number | Yes| No| Index of the DLP sandbox application.| 2077 2078## AccountType 2079 2080Enumerates the types of authorized accounts. 2081 2082**System API**: This is a system API. 2083 2084**System capability**: SystemCapability.Security.DataLossPrevention 2085 2086| Name| Value| Description| 2087| -------- | -------- | -------- | 2088| CLOUD_ACCOUNT | 1 | Cloud account.| 2089| DOMAIN_ACCOUNT | 2 | Domain account.| 2090 2091## ActionType<sup>20+</sup> 2092 2093Specifies the action to be performed when the file's permission expiration time is reached. The default value is **NOT_OPEN**. 2094 2095**System API**: This is a system API. 2096 2097**System capability**: SystemCapability.Security.DataLossPrevention 2098 2099| Name| Value| Description| 2100| -------- | -------- | -------- | 2101| NOT_OPEN | 0 | Users are not allowed to open the DLP file when the file's permission expiration time is reached.| 2102| OPEN | 1 | Logged-in users are allowed to edit the DLP file when the file's permission expiration time is reached.| 2103 2104## AuthUser 2105 2106Represents the user authorization information. 2107 2108**System API**: This is a system API. 2109 2110**System capability**: SystemCapability.Security.DataLossPrevention 2111 2112| Name| Type| Read Only| Mandatory| Description| 2113| -------- | -------- | -------- | -------- | -------- | 2114| authAccount | string | No| Yes| Account of the user who can access the DLP file. The value contains up to 255 bytes.| 2115| authAccountType | [AccountType](#accounttype) | No| Yes| Type of the account.| 2116| dlpFileAccess | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | No| Yes| Permission granted to the user.| 2117| permExpiryTime | number | No| Yes| Time when the authorization expires.| 2118 2119## CustomProperty<sup>20+</sup> 2120 2121Indicates custom properties. 2122 2123**System API**: This is a system API. 2124 2125**System capability**: SystemCapability.Security.DataLossPrevention 2126 2127| Name| Type| Read Only| Optional| Description| 2128| -------- | -------- | -------- | -------- | -------- | 2129| enterprise | string | No| No| JSON string of enterprise custom properties. The length cannot exceed 4 MB.| 2130 2131## DLPProperty 2132 2133Represents the authorization information. 2134 2135**System API**: This is a system API. 2136 2137**System capability**: SystemCapability.Security.DataLossPrevention 2138 2139| Name| Type| Read Only| Mandatory| Description| 2140| -------- | -------- | -------- | -------- | -------- | 2141| ownerAccount | string | No| Yes| Account of the owner who can set the permission. The value contains up to 255 bytes.| 2142| ownerAccountID | string | No| Yes| Account ID of the owner. The value contains up to 255 bytes.| 2143| ownerAccountType | [AccountType](#accounttype) | No| Yes| Account type of the owner.| 2144| authUserList | Array<[AuthUser](#authuser)> | No| No| List of users who are authorized to access the DLP file. By default, this parameter is left blank.| 2145| contactAccount | string | No| Yes| Indicates the account of a contact. The value contains up to 255 bytes.| 2146| offlineAccess | boolean | No| Yes| Whether the file can be accessed offline. **true**: yes; **false**: no.| 2147| everyoneAccessList | Array<[DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess)> | No| No| Permission granted to everyone. This parameter is left blank by default.| 2148| expireTime<sup>11+</sup> | number | No| No| Timestamp when the file permission has expired. This parameter is left blank by default.| 2149| actionUponExpiry<sup>20+</sup> | [ActionType](#actiontype20) | No| No| Whether the file can be opened after the permission expires (with the editing permission). This parameter is valid only when **expireTime** is not empty.| 2150 2151## GatheringPolicyType 2152 2153Enumerates the DLP sandbox gathering policy types. **GATHERING** allows the DLP files of the same permission type to be opened in a sandbox. For example, open different tab pages in a sandbox. **NON_GATHERING** allows different DLP files to be opened in different sandboxes. 2154 2155**System capability**: SystemCapability.Security.DataLossPrevention 2156 2157**System API**: This is a system API. 2158 2159**Parameters** 2160 2161| Name| Value| Description| 2162| -------- | -------- | -------- | 2163| GATHERING | 1 | Allows the DLP files of the same permission type to be opened in a sandbox. For example, the files of the same permission type can be opened in tab pages of a window.| 2164| NON_GATHERING | 2 | Allows the DLP files of different permission types to be opened in different sandboxes.| 2165