1# @ohos.dlpPermission (DLP) 2<!--Kit: Data Protection Kit--> 3<!--Subsystem: Security--> 4<!--Owner: @winnieHuYu--> 5<!--SE: @lucky-jinduo--> 6<!--TSE: @nacyli--> 7 8Data loss prevention (DLP) is a system solution provided to prevent data disclosure. The **dlpPermission** module provides APIs for cross-device file access management, encrypted storage, and access authorization. 9 10> **NOTE** 11> 12> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version. 13> - The kit to which **@ohos.dlpPermission** belongs has been changed from **DataLossPreventionKit** to **DataProtectionKit**. You are advised to use the new module name **@kit.DataProtectionKit** to import the module. If **@kit.DataLossPreventionKit** is imported, only the APIs before the change can be called and the APIs after the change cannot be used. 14 15## Modules to Import 16 17```ts 18import { dlpPermission } from '@kit.DataProtectionKit'; 19``` 20 21## dlpPermission.isDLPFile 22 23isDLPFile(fd: number): Promise<boolean> 24 25Checks whether a file is a DLP file based on the file descriptor (FD). This API uses a promise to return the result. 26 27**System capability**: SystemCapability.Security.DataLossPrevention 28 29**Parameters** 30 31| Name| Type| Mandatory| Description| 32| -------- | -------- | -------- | -------- | 33| fd | number | Yes| FD of the file to be checked.| 34 35**Return value** 36| Type| Description| 37| -------- | -------- | 38| Promise<boolean> | Promise used to return the result. The value **true** means the file is a DLP file; the value **false** means the opposite.| 39 40**Error codes** 41 42For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 43 44| ID| Error Message| 45| -------- | -------- | 46| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 47| 19100001 | Invalid parameter value. | 48| 19100011 | The system ability works abnormally. | 49 50**Example** 51 52```ts 53import { dlpPermission } from '@kit.DataProtectionKit'; 54import { fileIo } from '@kit.CoreFileKit'; 55import { BusinessError } from '@kit.BasicServicesKit'; 56 57let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 58let file: number | undefined = undefined; 59try { 60 file = fileIo.openSync(uri).fd; 61 let res = dlpPermission.isDLPFile(file); // Check whether the file is a DLP file. 62 console.info('res', res); 63} catch (err) { 64 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 65} finally { 66 if (file !== undefined) { 67 fileIo.closeSync(file); 68 } 69} 70``` 71 72## dlpPermission.isDLPFile 73 74isDLPFile(fd: number, callback: AsyncCallback<boolean>): void 75 76Checks whether a file is a DLP file based on the FD. This API uses an asynchronous callback to return the result. 77 78**System capability**: SystemCapability.Security.DataLossPrevention 79 80**Parameters** 81 82| Name| Type| Mandatory| Description| 83| -------- | -------- | -------- | -------- | 84| fd | number | Yes| FD of the file to be checked.| 85| callback | AsyncCallback<boolean> | Yes| Callback used to return the result. The value **true** means the file is a DLP file; the value **false** means the opposite.| 86 87**Error codes** 88 89For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 90 91| ID| Error Message| 92| -------- | -------- | 93| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 94| 19100001 | Invalid parameter value. | 95| 19100011 | The system ability works abnormally. | 96 97**Example** 98 99```ts 100import { dlpPermission } from '@kit.DataProtectionKit'; 101import { fileIo } from '@kit.CoreFileKit'; 102import { BusinessError } from '@kit.BasicServicesKit'; 103 104let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 105 106let file: number | undefined = undefined; 107try { 108 file = fileIo.openSync(uri).fd; 109 dlpPermission.isDLPFile(file, (err, res) => { 110 if (err != undefined) { 111 console.error('isDLPFile error,', err.code, err.message); 112 } else { 113 console.info('res', res); 114 } 115 fileIo.closeSync(file); 116 }); 117} catch (err) { 118 console.error('isDLPFile error,', (err as BusinessError).code, (err as BusinessError).message); 119 if (file !== undefined) { 120 fileIo.closeSync(file); 121 } 122} 123``` 124 125## dlpPermission.getDLPPermissionInfo 126 127getDLPPermissionInfo(): Promise<DLPPermissionInfo> 128 129Obtains the permission information of this DLP file. This API uses a promise to return the result. 130 131**System capability**: SystemCapability.Security.DataLossPrevention 132 133**Return value** 134 135| Type| Description| 136| -------- | -------- | 137| Promise<[DLPPermissionInfo](#dlppermissioninfo)> | Promise used to return the permission information about the DLP file. The operation is successful if no error is reported.| 138 139**Error codes** 140 141For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 142 143| ID| Error Message| 144| -------- | -------- | 145| 19100001 | Invalid parameter value. | 146| 19100006 | No permission to call this API, which is available only for DLP sandbox applications. | 147| 19100011 | The system ability works abnormally. | 148 149**Example** 150 151```ts 152import { dlpPermission } from '@kit.DataProtectionKit'; 153import { BusinessError } from '@kit.BasicServicesKit'; 154 155try { 156 dlpPermission.isInSandbox().then((inSandbox) => { // Check whether the application is running in a sandbox. 157 if (inSandbox) { 158 let res: dlpPermission.DLPPermissionInfo = await dlpPermission.getDLPPermissionInfo(); // Obtain the permission information. 159 console.info('res', JSON.stringify(res)); 160 } 161 }); 162} catch (err) { 163 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 164} 165``` 166 167## dlpPermission.getDLPPermissionInfo 168 169getDLPPermissionInfo(callback: AsyncCallback<DLPPermissionInfo>): void 170 171Obtains the permission information of this DLP file. This API uses an asynchronous callback to return the result. 172 173**System capability**: SystemCapability.Security.DataLossPrevention 174 175**Parameters** 176 177| Name| Type| Mandatory| Description| 178| -------- | -------- | -------- | -------- | 179| callback | AsyncCallback<[DLPPermissionInfo](#dlppermissioninfo)> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 180 181**Error codes** 182 183For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 184 185| ID| Error Message| 186| -------- | -------- | 187| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 188| 19100001 | Invalid parameter value. | 189| 19100006 | No permission to call this API, which is available only for DLP sandbox applications. | 190| 19100011 | The system ability works abnormally. | 191 192**Example** 193 194```ts 195import { dlpPermission } from '@kit.DataProtectionKit'; 196import { fileIo } from '@kit.CoreFileKit'; 197import { BusinessError } from '@kit.BasicServicesKit'; 198 199try { 200 dlpPermission.isInSandbox().then((inSandbox) => { // Check whether the application is running in a sandbox. 201 if (inSandbox) { 202 dlpPermission.getDLPPermissionInfo((err, res) => { 203 if (err != undefined) { 204 console.error('getDLPPermissionInfo error,', err.code, err.message); 205 } else { 206 console.info('res', JSON.stringify(res)); 207 } 208 }); // Obtain the permission information. 209 } 210 }); 211} catch (err) { 212 console.error('getDLPPermissionInfo error,', (err as BusinessError).code, (err as BusinessError).message); 213} 214``` 215 216## dlpPermission.getOriginalFileName 217 218getOriginalFileName(fileName: string): string 219 220Obtains the original file name of a DLP file. This API returns the result synchronously. 221 222**System capability**: SystemCapability.Security.DataLossPrevention 223 224**Parameters** 225 226| Name| Type| Mandatory| Description| 227| -------- | -------- | -------- | -------- | 228| fileName | string | Yes| Name of the target file. The value contains up to 255 bytes.| 229 230**Return value** 231 232| Type| Description| 233| -------- | -------- | 234| string | Original name of the DLP file obtained. For example, if the DLP file name is **test.txt.dlp**, the original file name returned is **test.txt**.| 235 236**Error codes** 237 238For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 239 240| ID| Error Message| 241| -------- | -------- | 242| 19100001 | Invalid parameter value. | 243| 19100011 | The system ability works abnormally. | 244 245**Example** 246 247```ts 248import { dlpPermission } from '@kit.DataProtectionKit'; 249import { BusinessError } from '@kit.BasicServicesKit'; 250 251try { 252 let res = dlpPermission.getOriginalFileName('test.txt.dlp'); // Obtain the original file name. 253 console.info('res', res); 254} catch (err) { 255 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 256} 257``` 258 259## dlpPermission.getDLPSuffix 260 261getDLPSuffix(): string 262 263Obtains the DLP file name extension. This API returns the result synchronously. 264 265**System capability**: SystemCapability.Security.DataLossPrevention 266 267**Return value** 268 269| Type| Description| 270| -------- | -------- | 271| string | DLP file name extension obtained. For example, if the original file name is **text.txt**, the encrypted DLP file name is **test.txt.dlp**, and the returned extension is **.dlp**.| 272 273**Error codes** 274 275For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 276 277| ID| Error Message| 278| -------- | -------- | 279| 19100011 | The system ability works abnormally. | 280 281**Example** 282 283```ts 284import { dlpPermission } from '@kit.DataProtectionKit'; 285import { BusinessError } from '@kit.BasicServicesKit'; 286 287try { 288 let res = dlpPermission.getDLPSuffix(); // Obtain the DLP file name extension. 289 console.info('res', res); 290} catch (err) { 291 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 292} 293``` 294 295## dlpPermission.on('openDLPFile') 296 297on(type: 'openDLPFile', listener: Callback<AccessedDLPFileInfo>): void 298 299Subscribes to a DLP file open event. The application will be notified when the DLP file is opened. 300 301**System capability**: SystemCapability.Security.DataLossPrevention 302 303**Parameters** 304 305| Name| Type| Mandatory| Description| 306| -------- | -------- | -------- | -------- | 307| type | 'openDLPFile' | Yes| Event type. It has a fixed value of **openDLPFile**, which indicates the DLP file open event.| 308| listener | Callback<[AccessedDLPFileInfo](#accesseddlpfileinfo)> | Yes| Callback invoked when a DLP file is opened. The application will be notified when the DLP file is opened.| 309 310**Error codes** 311 312For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 313 314| ID| Error Message| 315| -------- | -------- | 316| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 317| 19100001 | Invalid parameter value. | 318| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 319| 19100011 | The system ability works abnormally. | 320 321**Example** 322 323```ts 324import { dlpPermission } from '@kit.DataProtectionKit'; 325import { BusinessError } from '@kit.BasicServicesKit'; 326 327try { 328 dlpPermission.on('openDLPFile', (info: dlpPermission.AccessedDLPFileInfo) => { 329 console.info('openDlpFile event', info.uri, info.lastOpenTime) 330 }); // Subscribe to a DLP file open event. 331} catch (err) { 332 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 333} 334``` 335 336## dlpPermission.off('openDLPFile') 337 338off(type: 'openDLPFile', listener?: Callback<AccessedDLPFileInfo>): void 339 340Unsubscribes from the DLP file open event. The application will not be notified when a DLP file is opened. 341 342**System capability**: SystemCapability.Security.DataLossPrevention 343 344**Parameters** 345| Name| Type| Mandatory| Description| 346| -------- | -------- | -------- | -------- | 347| type | 'openDLPFile' | Yes| Event type. It has a fixed value of **openDLPFile**, which indicates the DLP file open event.| 348| listener | Callback<[AccessedDLPFileInfo](#accesseddlpfileinfo)> | No| Callback for the DLP file open event. The application will not be notified when a DLP file is opened. By default, this parameter is left blank, which unregisters all callbacks for the file open event.| 349 350**Error codes** 351 352For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 353 354| ID| Error Message| 355| -------- | -------- | 356| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 357| 19100001 | Invalid parameter value. | 358| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 359| 19100011 | The system ability works abnormally. | 360 361**Example** 362 363```ts 364import { dlpPermission } from '@kit.DataProtectionKit'; 365import { BusinessError } from '@kit.BasicServicesKit'; 366 367try { 368 dlpPermission.off('openDLPFile', (info: dlpPermission.AccessedDLPFileInfo) => { 369 console.info('openDlpFile event', info.uri, info.lastOpenTime) 370 }); // Unsubscribe from the DLP file open event. 371} catch (err) { 372 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 373} 374``` 375 376## dlpPermission.isInSandbox 377 378isInSandbox(): Promise<boolean> 379 380Checks whether this application is running in a DLP sandbox environment. This API uses a promise to return the result. 381 382**System capability**: SystemCapability.Security.DataLossPrevention 383 384**Return value** 385 386| Type| Description| 387| -------- | -------- | 388| Promise<boolean> | Promise used to return the result. The value **true** means the application is running in a sandbox; the value **false** means the opposite.| 389 390**Error codes** 391 392For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 393 394| ID| Error Message| 395| -------- | -------- | 396| 19100001 | Invalid parameter value. | 397| 19100011 | The system ability works abnormally. | 398 399**Example** 400 401```ts 402import { dlpPermission } from '@kit.DataProtectionKit'; 403import { BusinessError } from '@kit.BasicServicesKit'; 404 405try { 406 let inSandbox = dlpPermission.isInSandbox(); // Check whether the application is running in a sandbox. 407 console.info('res', inSandbox); 408} catch (err) { 409 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 410} 411``` 412 413## dlpPermission.isInSandbox 414 415isInSandbox(callback: AsyncCallback<boolean>): void 416 417Checks whether this application is running in a DLP sandbox environment. This API uses an asynchronous callback to return the result. 418 419**System capability**: SystemCapability.Security.DataLossPrevention 420 421**Parameters** 422 423| Name| Type| Mandatory| Description| 424| -------- | -------- | -------- | -------- | 425| callback | AsyncCallback<boolean> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. The value **true** means the application is running in a sandbox; the value **false** means the opposite.| 426 427**Error codes** 428 429For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 430 431| ID| Error Message| 432| -------- | -------- | 433| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 434| 19100001 | Invalid parameter value. | 435| 19100011 | The system ability works abnormally. | 436 437**Example** 438 439```ts 440import { dlpPermission } from '@kit.DataProtectionKit'; 441import { BusinessError } from '@kit.BasicServicesKit'; 442 443try { 444 dlpPermission.isInSandbox((err, data) => { 445 if (err) { 446 console.error('isInSandbox error,', err.code, err.message); 447 } else { 448 console.info('isInSandbox, data', JSON.stringify(data)); 449 } 450 }); // Whether the application is running in a sandbox. 451} catch (err) { 452 console.error('isInSandbox error,', (err as BusinessError).code, (err as BusinessError).message); 453} 454``` 455 456## dlpPermission.getDLPSupportedFileTypes 457 458getDLPSupportedFileTypes(): Promise<Array<string>> 459 460Obtains the file name extension types that support DLP. This API uses a promise to return the result. 461 462**System capability**: SystemCapability.Security.DataLossPrevention 463 464**Return value** 465 466| Type| Description| 467| -------- | -------- | 468| Promise<Array<string>> | Promise used to return the file name extension types obtained.| 469 470**Error codes** 471 472For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 473 474| ID| Error Message| 475| -------- | -------- | 476| 19100001 | Invalid parameter value. | 477| 19100011 | The system ability works abnormally. | 478 479**Example** 480 481```ts 482import { dlpPermission } from '@kit.DataProtectionKit'; 483import { BusinessError } from '@kit.BasicServicesKit'; 484 485try { 486 let res = dlpPermission.getDLPSupportedFileTypes(); // Obtain the file types that support DLP. 487 console.info('res', JSON.stringify(res)); 488} catch (err) { 489 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 490} 491``` 492 493## dlpPermission.getDLPSupportedFileTypes 494 495getDLPSupportedFileTypes(callback: AsyncCallback<Array<string>>): void 496 497Obtains the file name extension types that support DLP. This API uses an asynchronous callback to return the result. 498 499**System capability**: SystemCapability.Security.DataLossPrevention 500 501**Parameters** 502 503| Name| Type| Mandatory| Description| 504| -------- | -------- | -------- | -------- | 505| callback | AsyncCallback<Array<string>> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 506 507**Error codes** 508 509For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 510 511| ID| Error Message| 512| -------- | -------- | 513| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 514| 19100001 | Invalid parameter value. | 515| 19100011 | The system ability works abnormally. | 516 517**Example** 518 519```ts 520import { dlpPermission } from '@kit.DataProtectionKit'; 521import { BusinessError } from '@kit.BasicServicesKit'; 522 523try { 524 dlpPermission.getDLPSupportedFileTypes((err, res) => { 525 if (err != undefined) { 526 console.error('getDLPSupportedFileTypes error,', err.code, err.message); 527 } else { 528 console.info('res', JSON.stringify(res)); 529 } 530 }); // Obtain the file types that support DLP. 531} catch (err) { 532 console.error('getDLPSupportedFileTypes error,', (err as BusinessError).code, (err as BusinessError).message); 533} 534``` 535 536## dlpPermission.setRetentionState 537 538setRetentionState(docUris: Array<string>): Promise<void> 539 540Sets the sandbox retention state. This API uses an asynchronous callback to return the result. A sandbox application is automatically installed when a DLP file is opened, and automatically uninstalled when the DLP file is closed. Once the sandbox retention state is set for a DLP file, the sandbox application will not be automatically uninstalled when the DLP file is closed. This API uses a promise to return the result. 541 542**System capability**: SystemCapability.Security.DataLossPrevention 543 544**Parameters** 545 546| Name| Type| Mandatory| Description| 547| -------- | -------- | -------- | -------- | 548| docUris | Array<string> | Yes| URIs of the files to be set with the retention state.| 549 550**Return value** 551 552| Type| Description| 553| -------- | -------- | 554| Promise<void> | Promise that returns no value.| 555 556**Error codes** 557 558For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 559 560| ID| Error Message| 561| -------- | -------- | 562| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 563| 19100001 | Invalid parameter value. | 564| 19100006 | No permission to call this API, which is available only for DLP sandbox applications. | 565| 19100011 | The system ability works abnormally. | 566 567**Example** 568 569```ts 570import { dlpPermission } from '@kit.DataProtectionKit'; 571import { BusinessError } from '@kit.BasicServicesKit'; 572 573let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 574try { 575 let inSandbox = await dlpPermission.isInSandbox(); // Check whether the application is running in a sandbox. 576 if (inSandbox) { 577 dlpPermission.setRetentionState([uri]); // Set the retention state for a sandbox application. 578 } 579} catch (err) { 580 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 581} 582``` 583 584## dlpPermission.setRetentionState 585 586setRetentionState(docUris: Array<string>, callback: AsyncCallback<void>): void 587 588Sets the sandbox retention state. This API uses an asynchronous callback to return the result. A sandbox application is automatically installed when a DLP file is opened, and automatically uninstalled when the DLP file is closed. Once the sandbox retention state is set for a DLP file, the sandbox application will not be automatically uninstalled when the DLP file is closed. This API uses an asynchronous callback to return the result. 589 590**System capability**: SystemCapability.Security.DataLossPrevention 591 592**Parameters** 593 594| Name| Type| Mandatory| Description| 595| -------- | -------- | -------- | -------- | 596| docUris | Array<string> | Yes| URIs of the files to be set with the retention state. The array has no length limit, but each string cannot exceed 4095 bytes.| 597| callback | AsyncCallback<void> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 598 599**Error codes** 600 601For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 602 603| ID| Error Message| 604| -------- | -------- | 605| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 606| 19100001 | Invalid parameter value. | 607| 19100006 | No permission to call this API, which is available only for DLP sandbox applications. | 608| 19100011 | The system ability works abnormally. | 609 610**Example** 611 612```ts 613import { dlpPermission } from '@kit.DataProtectionKit'; 614import { BusinessError } from '@kit.BasicServicesKit'; 615 616let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 617try { 618 dlpPermission.setRetentionState([uri], (err, res) => { 619 if (err != undefined) { 620 console.error('setRetentionState error,', err.code, err.message); 621 } else { 622 console.info('setRetentionState success'); 623 console.info('res', JSON.stringify(res)); 624 } 625 }); // Set the sandbox retention state. 626} catch (err) { 627 console.error('setRetentionState error,', (err as BusinessError).code, (err as BusinessError).message); 628} 629``` 630 631## dlpPermission.cancelRetentionState 632 633cancelRetentionState(docUris: Array<string>): Promise<void> 634 635Cancels the sandbox retention state, that is, allows the sandbox application to be automatically uninstalled when the DLP file is closed. This API uses a promise to return the result. 636 637**System capability**: SystemCapability.Security.DataLossPrevention 638 639**Parameters** 640 641| Name| Type| Mandatory| Description| 642| -------- | -------- | -------- | -------- | 643| docUris | Array<string> | Yes| URIs of the files to be set with the retention state. The array has no length limit, but each string cannot exceed 4095 bytes.| 644 645**Return value** 646 647| Type| Description| 648| -------- | -------- | 649| Promise<void> | Promise that returns no value.| 650 651**Error codes** 652 653For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 654 655| ID| Error Message| 656| -------- | -------- | 657| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 658| 19100001 | Invalid parameter value. | 659| 19100011 | The system ability works abnormally. | 660 661**Example** 662 663```ts 664import { dlpPermission } from '@kit.DataProtectionKit'; 665import { BusinessError } from '@kit.BasicServicesKit'; 666 667let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 668try { 669 dlpPermission.cancelRetentionState([uri]); // Cancel the retention state for a sandbox application. 670} catch (err) { 671 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 672} 673``` 674 675## dlpPermission.cancelRetentionState 676 677cancelRetentionState(docUris: Array<string>, callback: AsyncCallback<void>): void 678 679Cancels the sandbox retention state, that is, allows the sandbox application to be automatically uninstalled when the DLP file is closed. This API uses an asynchronous callback to return the result. 680 681**System capability**: SystemCapability.Security.DataLossPrevention 682 683**Parameters** 684 685| Name| Type| Mandatory| Description| 686| -------- | -------- | -------- | -------- | 687| docUris | Array<string> | Yes| URIs of the files to be set with the retention state. The array has no length limit, but each string cannot exceed 4095 bytes.| 688| callback | AsyncCallback<void> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 689 690**Error codes** 691 692For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 693 694| ID| Error Message| 695| -------- | -------- | 696| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 697| 19100001 | Invalid parameter value. | 698| 19100011 | The system ability works abnormally. | 699 700**Example** 701 702```ts 703import { dlpPermission } from '@kit.DataProtectionKit'; 704import { BusinessError } from '@kit.BasicServicesKit'; 705 706let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 707try { 708 dlpPermission.cancelRetentionState([uri], (err, res) => { 709 if (err != undefined) { 710 console.error('cancelRetentionState error,', err.code, err.message); 711 } else { 712 console.info('cancelRetentionState success'); 713 } 714 }); // Cancel the sandbox retention state. 715} catch (err) { 716 console.error('cancelRetentionState error,', (err as BusinessError).code, (err as BusinessError).message); 717} 718``` 719 720## dlpPermission.getRetentionSandboxList 721 722getRetentionSandboxList(bundleName?: string): Promise<Array<RetentionSandboxInfo>> 723 724Obtains the sandbox applications in the retention state of an application. This API uses a promise to return the result. 725 726**System capability**: SystemCapability.Security.DataLossPrevention 727 728**Parameters** 729 730| Name| Type| Mandatory| Description| 731| -------- | -------- | -------- | -------- | 732| bundleName | string | No| Bundle name of the application. By default, this parameter is left empty, which obtains the sandbox retention information about the current application. The value contains 7 to 128 bytes.| 733 734**Return value** 735 736| Type| Description| 737| -------- | -------- | 738| Promise<Array<[RetentionSandboxInfo](#retentionsandboxinfo)>> | Promise used to return the sandbox retention information obtained.| 739 740**Error codes** 741 742For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 743 744| ID| Error Message| 745| -------- | -------- | 746| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 747| 19100001 | Invalid parameter value. | 748| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 749| 19100011 | The system ability works abnormally. | 750 751**Example** 752 753```ts 754import { dlpPermission } from '@kit.DataProtectionKit'; 755import { BusinessError } from '@kit.BasicServicesKit'; 756 757try { 758 let res:Array<dlpPermission.RetentionSandboxInfo> = await dlpPermission.getRetentionSandboxList(); // Obtain the sandbox apps in the retention state. 759 console.info('res', JSON.stringify(res)) 760} catch (err) { 761 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 762} 763``` 764 765## dlpPermission.getRetentionSandboxList 766 767getRetentionSandboxList(bundleName: string, callback: AsyncCallback<Array<RetentionSandboxInfo>>): void 768 769Obtains the sandbox applications in the retention state of an application. This API uses an asynchronous callback to return the result. 770 771**System capability**: SystemCapability.Security.DataLossPrevention 772 773**Parameters** 774 775| Name| Type| Mandatory| Description| 776| -------- | -------- | -------- | -------- | 777| bundleName | string | Yes| Bundle name of the application. The value contains 7 to 128 bytes.| 778| callback | AsyncCallback<Array<[RetentionSandboxInfo](#retentionsandboxinfo)>> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 779 780**Error codes** 781 782For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 783 784| ID| Error Message| 785| -------- | -------- | 786| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 787| 19100001 | Invalid parameter value. | 788| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 789| 19100011 | The system ability works abnormally. | 790 791**Example** 792 793```ts 794import { dlpPermission } from '@kit.DataProtectionKit'; 795import { BusinessError } from '@kit.BasicServicesKit'; 796 797try { 798 dlpPermission.getRetentionSandboxList("bundleName", (err, res) => { 799 if (err != undefined) { 800 console.error('getRetentionSandboxList error,', err.code, err.message); 801 } else { 802 console.info('res', JSON.stringify(res)); 803 } 804 }); // Obtain the sandbox retention information. 805} catch (err) { 806 console.error('getRetentionSandboxList error,', (err as BusinessError).code, (err as BusinessError).message); 807} 808``` 809 810## dlpPermission.getRetentionSandboxList 811 812getRetentionSandboxList(callback: AsyncCallback<Array<RetentionSandboxInfo>>): void 813 814Obtains the sandbox applications in the retention state of an application. This API uses an asynchronous callback to return the result. 815 816**System capability**: SystemCapability.Security.DataLossPrevention 817 818**Parameters** 819 820| Name| Type| Mandatory| Description| 821| -------- | -------- | -------- | -------- | 822| callback | AsyncCallback<Array<[RetentionSandboxInfo](#retentionsandboxinfo)>> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 823 824**Error codes** 825 826For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 827 828| ID| Error Message| 829| -------- | -------- | 830| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 831| 19100001 | Invalid parameter value. | 832| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 833| 19100011 | The system ability works abnormally. | 834 835**Example** 836 837```ts 838import { dlpPermission } from '@kit.DataProtectionKit'; 839import { BusinessError } from '@kit.BasicServicesKit'; 840 841try { 842 dlpPermission.getRetentionSandboxList((err, res) => { 843 if (err != undefined) { 844 console.error('getRetentionSandboxList error,', err.code, err.message); 845 } else { 846 console.info('res', JSON.stringify(res)); 847 } 848 }); // Obtain the sandbox retention information. 849} catch (err) { 850 console.error('getRetentionSandboxList error,', (err as BusinessError).code, (err as BusinessError).message); 851} 852``` 853 854## dlpPermission.getDLPFileAccessRecords 855 856getDLPFileAccessRecords(): Promise<Array<AccessedDLPFileInfo>> 857 858Obtains the list of DLP files that are accessed recently. This API uses a promise to return the result. 859 860**System capability**: SystemCapability.Security.DataLossPrevention 861 862**Return value** 863 864| Type| Description| 865| -------- | -------- | 866| Promise<Array<[AccessedDLPFileInfo](#accesseddlpfileinfo)>> | Promise used to return the list of recently accessed files obtained.| 867 868**Error codes** 869 870For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 871 872| ID| Error Message| 873| -------- | -------- | 874| 19100001 | Invalid parameter value. | 875| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 876| 19100011 | The system ability works abnormally. | 877 878**Example** 879 880```ts 881import { dlpPermission } from '@kit.DataProtectionKit'; 882import { BusinessError } from '@kit.BasicServicesKit'; 883 884try { 885 let res:Array<dlpPermission.AccessedDLPFileInfo> = await dlpPermission.getDLPFileAccessRecords(); // Obtain the list of recently accessed DLP files. 886 console.info('res', JSON.stringify(res)) 887} catch (err) { 888 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 889} 890``` 891 892## dlpPermission.getDLPFileAccessRecords 893 894getDLPFileAccessRecords(callback: AsyncCallback<Array<AccessedDLPFileInfo>>): void 895 896Obtains the list of DLP files that are accessed recently. This API uses an asynchronous callback to return the result. 897 898**System capability**: SystemCapability.Security.DataLossPrevention 899 900**Parameters** 901 902| Name| Type| Mandatory| Description| 903| -------- | -------- | -------- | -------- | 904| callback | AsyncCallback<Array<[AccessedDLPFileInfo](#accesseddlpfileinfo)>> | Yes| Callback used to return the result. If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object.| 905 906**Error codes** 907 908For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 909 910| ID| Error Message| 911| -------- | -------- | 912| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 913| 19100001 | Invalid parameter value. | 914| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 915| 19100011 | The system ability works abnormally. | 916 917**Example** 918 919```ts 920import { dlpPermission } from '@kit.DataProtectionKit'; 921import { BusinessError } from '@kit.BasicServicesKit'; 922 923try { 924 dlpPermission.getDLPFileAccessRecords((err, res) => { 925 if (err != undefined) { 926 console.error('getDLPFileAccessRecords error,', err.code, err.message); 927 } else { 928 console.info('res', JSON.stringify(res)); 929 } 930 }); // Obtain the list of recently accessed DLP files. 931} catch (err) { 932 console.error('getDLPFileAccessRecords error,', (err as BusinessError).code, (err as BusinessError).message); 933} 934``` 935 936## dlpPermission.startDLPManagerForResult<sup>11+</sup> 937 938startDLPManagerForResult(context: common.UIAbilityContext, want: Want): Promise<DLPManagerResult> 939 940Starts the DLP manager application on the current UIAbility page in borderless mode. This API uses a promise to return the result. 941 942**Model restriction**: This API can be used only in the stage model. 943 944**System capability**: SystemCapability.Security.DataLossPrevention 945 946**Parameters** 947 948| Name| Type| Mandatory| Description| 949| -------- | -------- | -------- | -------- | 950| context | [common.UIAbilityContext](../apis-ability-kit/js-apis-inner-application-uiAbilityContext.md) | Yes| UIAbility context.| 951| want | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes| Object that requests the start of the DLP manager application.| 952 953**Return value** 954 955| Type| Description| 956| -------- | -------- | 957| Promise<[DLPManagerResult](#dlpmanagerresult11)> | Promise used to return the **DLPManagerResult** object.| 958 959**Error codes** 960 961For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 962 963| ID| Error Message| 964| -------- | -------- | 965| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 966| 19100001 | Invalid parameter value. | 967| 19100011 | The system ability works abnormally. | 968| 19100016 | The uri field is missing in the want parameter. | 969| 19100017 | The displayName field is missing in the want parameter. | 970 971**Example** 972 973```ts 974import { dlpPermission } from '@kit.DataProtectionKit'; 975import { common, Want } from '@kit.AbilityKit'; 976import { UIContext } from '@kit.ArkUI'; 977 978try { 979 let context = new UIContext().getHostContext() as common.UIAbilityContext; // Obtain the current UIAbilityContext. 980 let want: Want = { 981 "uri": "file://docs/storage/Users/currentUser/Desktop/1.txt", 982 "parameters": { 983 "displayName": "1.txt" 984 } 985 }; // Request parameters. 986 dlpPermission.startDLPManagerForResult(context, want).then((res) => { 987 console.info('res.resultCode', res.resultCode); 988 console.info('res.want', JSON.stringify(res.want)); 989 }); // Start the DLP manager application. 990} catch (err) { 991 console.error('error', err.code, err.message); // Throw an error if the operation fails. 992} 993``` 994 995## dlpPermission.setSandboxAppConfig<sup>11+<sup> 996setSandboxAppConfig(configInfo: string): Promise<void> 997 998Sets sandbox application configuration. This API uses a promise to return the result. 999 1000**System capability**: SystemCapability.Security.DataLossPrevention 1001 1002**Parameters** 1003 1004| Name| Type| Mandatory| Description| 1005| -------- | -------- | -------- | -------- | 1006| configInfo | string | Yes| Sandbox application configuration. The length is less than 4 MB.| 1007 1008**Return value** 1009 1010| Type| Description| 1011| -------- | -------- | 1012| Promise<void> | Promise that returns no value.| 1013 1014**Error codes** 1015 1016For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1017 1018| ID| Error Message| 1019| -------- | -------- | 1020| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1021| 19100001 | Invalid parameter value. | 1022| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 1023| 19100011 | The system ability works abnormally. | 1024| 19100018 | The application is not authorized. | 1025 1026**Example** 1027 1028```ts 1029import { dlpPermission } from '@kit.DataProtectionKit'; 1030import { BusinessError } from '@kit.BasicServicesKit'; 1031 1032try { 1033 dlpPermission.setSandboxAppConfig('configInfo'); // Set sandbox application configuration. 1034} catch (err) { 1035 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1036} 1037``` 1038 1039## dlpPermission.cleanSandboxAppConfig<sup>11+<sup> 1040cleanSandboxAppConfig(): Promise<void> 1041 1042Cleans sandbox application configuration. This API uses a promise to return the result. 1043 1044**System capability**: SystemCapability.Security.DataLossPrevention 1045 1046**Return value** 1047 1048| Type| Description| 1049| -------- | -------- | 1050| Promise<void> | Promise that returns no value.| 1051 1052**Error codes** 1053 1054For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1055 1056| ID| Error Message| 1057| -------- | -------- | 1058| 19100001 | Invalid parameter value. | 1059| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 1060| 19100011 | The system ability works abnormally. | 1061| 19100018 | The application is not authorized. | 1062 1063**Example** 1064 1065```ts 1066import { dlpPermission } from '@kit.DataProtectionKit'; 1067import { BusinessError } from '@kit.BasicServicesKit'; 1068 1069try { 1070 dlpPermission.cleanSandboxAppConfig(); // Clean sandbox application configuration. 1071} catch (err) { 1072 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1073} 1074``` 1075 1076## dlpPermission.getSandboxAppConfig<sup>11+<sup> 1077getSandboxAppConfig(): Promise<string> 1078 1079Obtains sandbox application configuration. This API uses a promise to return the result. 1080 1081**System capability**: SystemCapability.Security.DataLossPrevention 1082 1083**Return value** 1084| Type| Description| 1085| -------- | -------- | 1086| Promise<string> | Promise used to return the sandbox application configuration obtained.| 1087 1088**Error codes** 1089 1090For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1091 1092| ID| Error Message| 1093| -------- | -------- | 1094| 19100001 | Invalid parameter value. | 1095| 19100011 | The system ability works abnormally. | 1096| 19100018 | The application is not authorized. | 1097 1098**Example** 1099 1100```ts 1101import { dlpPermission } from '@kit.DataProtectionKit'; 1102import { BusinessError } from '@kit.BasicServicesKit'; 1103 1104try { 1105 let res = await dlpPermission.getSandboxAppConfig() // Obtain the sandbox application configuration. 1106 console.info('res', JSON.stringify(res)); 1107} catch (err) { 1108 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1109} 1110``` 1111 1112## dlpPermission.isDLPFeatureProvided<sup>12+<sup> 1113isDLPFeatureProvided(): Promise<boolean> 1114 1115Queries whether the current system provides the DLP feature. This API uses a promise to return the result. 1116 1117**System capability**: SystemCapability.Security.DataLossPrevention 1118 1119**Return value** 1120| Type| Description| 1121| -------- | -------- | 1122| Promise<boolean> | Promise used to return the result. The value **true** means the current system provides the DLP feature; the value **false** means the opposite.| 1123 1124**Error codes** 1125 1126For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1127 1128| ID| Error Message| 1129| -------- | -------- | 1130| 19100011 | The system ability works abnormally. | 1131 1132**Example** 1133 1134```ts 1135import { dlpPermission } from '@kit.DataProtectionKit'; 1136import { BusinessError } from '@kit.BasicServicesKit'; 1137 1138dlpPermission.isDLPFeatureProvided().then((res) => { 1139 console.info('res', JSON.stringify(res)); 1140}).catch((err: BusinessError) => { 1141 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Throw an error if the operation fails. 1142}); 1143``` 1144 1145## ActionFlagType 1146 1147Enumerates the operations that can be performed on a DLP file. For example, the DLP sandbox application can dim its button based on this parameter. 1148 1149**System capability**: SystemCapability.Security.DataLossPrevention 1150 1151| Name| Value| Description| 1152| -------- | -------- | -------- | 1153| ACTION_VIEW | 0x00000001 | View the file.| 1154| ACTION_SAVE | 0x00000002 | Save the file.| 1155| ACTION_SAVE_AS | 0x00000004 | Save the file as another file.| 1156| ACTION_EDIT | 0x00000008 | Edit the file.| 1157| ACTION_SCREEN_CAPTURE | 0x00000010 | Capture screenshots of the file.| 1158| ACTION_SCREEN_SHARE | 0x00000020 | Share the screen of the file.| 1159| ACTION_SCREEN_RECORD | 0x00000040 | Record the screen on which the file is open.| 1160| ACTION_COPY | 0x00000080 | Copy the file.| 1161| ACTION_PRINT | 0x00000100 | Print the file.| 1162| ACTION_EXPORT | 0x00000200 | Export the file.| 1163| ACTION_PERMISSION_CHANGE | 0x00000400 | Modify the permissions on the file.| 1164 1165## DLPFileAccess 1166 1167Enumerates the permissions on a DLP file. 1168 1169**System capability**: SystemCapability.Security.DataLossPrevention 1170 1171| Name| Value| Description| 1172| -------- | -------- | -------- | 1173| NO_PERMISSION | 0 | The user has no permission on the file.| 1174| READ_ONLY | 1 | The user has only the permission to read the file.| 1175| CONTENT_EDIT | 2 | The user has the permission to edit the file.| 1176| FULL_CONTROL | 3 | The user has full control on the file.| 1177 1178## DLPPermissionInfo 1179 1180Represents the permission information about a DLP file. 1181 1182**System capability**: SystemCapability.Security.DataLossPrevention 1183 1184| Name| Type| Readable| Writable| Description| 1185| -------- | -------- | -------- | -------- | -------- | 1186| dlpFileAccess | [DLPFileAccess](#dlpfileaccess) | Yes| No| User permission on the DLP file, for example, read-only.| 1187| flags | number | Yes| No| Operations that can be performed on the DLP file. It is a combination of different [ActionFlagTypes](#actionflagtype).| 1188 1189## AccessedDLPFileInfo 1190 1191Represents the information about a DLP file opened. 1192 1193**System capability**: SystemCapability.Security.DataLossPrevention 1194 1195| Name| Type| Readable| Writable| Description| 1196| -------- | -------- | -------- | -------- | -------- | 1197| uri | string | Yes| No| URI of the DLP file. The value contains up to 4095 bytes.| 1198| lastOpenTime | number | Yes| No| Time when the file was last opened.| 1199 1200## DLPManagerResult<sup>11+</sup> 1201 1202Represents information about the trigger of the DLP manager application. 1203 1204**Model restriction**: This API can be used only in the stage model. 1205 1206**System capability**: SystemCapability.Security.DataLossPrevention 1207 1208| Name| Type| Readable| Writable| Description| 1209| -------- | -------- | -------- | -------- | -------- | 1210| resultCode | number | Yes| No| Result code returned after the DLP manager application is started and exits.| 1211| want | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes| No| Data returned after the DLP manager application is started and exits.| 1212 1213## RetentionSandboxInfo 1214 1215Represents the sandbox retention information. 1216 1217**System capability**: SystemCapability.Security.DataLossPrevention 1218 1219| Name| Type| Readable| Writable| Description| 1220| -------- | -------- | -------- | -------- | -------- | 1221| appIndex | number | Yes| No| Index of the DLP sandbox application.| 1222| bundleName | string | Yes| No| Bundle name of the application. The value contains 7 to 128 bytes.| 1223| docUris | Array<string> | Yes| No| URI list of the DLP files. The array has no length limit, but each string cannot exceed 4095 bytes.| 1224