• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# @ohos.enterprise.securityManager (Security Management) (System API)
2
3The **securityManager** module provides device security management capabilities, including obtaining the security patch status and file system encryption status.
4
5> **NOTE**
6>
7> - The initial APIs of this module are supported since API version 11. Newly added APIs will be marked with a superscript to indicate their earliest API version.
8>
9> - The APIs of this module can be used only in the stage model.
10>
11> - The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is [enabled](js-apis-enterprise-adminManager-sys.md#adminmanagerenableadmin-2).
12>
13> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.enterprise.securityManager](js-apis-enterprise-securityManager.md).
14
15## Modules to Import
16
17```ts
18import { securityManager } from '@kit.MDMKit';
19```
20
21## securityManager.getSecurityPatchTag
22
23getSecurityPatchTag(admin: Want): string
24
25Queries the security patch tag of a device.
26
27**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY
28
29**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
30
31**System API**: This is a system API.
32
33**Parameters**
34
35| Name| Type                                                   | Mandatory| Description                  |
36| ------ | ------------------------------------------------------- | ---- | ---------------------- |
37| admin  | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes  | EnterpriseAdminExtensionAbility.|
38
39**Return value**
40
41| Type                  | Description                     |
42| --------------------- | ------------------------- |
43| string | Patch tag obtained.|
44
45**Error codes**
46
47For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
48
49| ID| Error Message                                                                    |
50| ------- | ---------------------------------------------------------------------------- |
51| 9200001 | The application is not an administrator application of the device. |
52| 9200002 | The administrator application does not have permission to manage the device. |
53| 201 | Permission verification failed. The application does not have the permission required to call the API. |
54| 202 | Permission verification failed. A non-system application calls a system API. |
55| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
56
57**Example**
58
59```ts
60import { Want } from '@kit.AbilityKit';
61
62let wantTemp: Want = {
63  bundleName: 'com.example.myapplication',
64  abilityName: 'EntryAbility',
65};
66
67try {
68    let res: string = securityManager.getSecurityPatchTag(wantTemp);
69    console.info(`Succeeded in getting security patch tag. tag: ${res}`);
70} catch(err) {
71    console.error(`Failed to get security patch tag. Code: ${err.code}, message: ${err.message}`);
72}
73```
74## securityManager.getDeviceEncryptionStatus
75
76getDeviceEncryptionStatus(admin: Want): DeviceEncryptionStatus
77
78Queries the encryption status of the device file system.
79
80**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY
81
82**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
83
84**System API**: This is a system API.
85
86**Parameters**
87
88| Name     | Type                                      | Mandatory  | Description                      |
89| -------- | ---------------------------------------- | ---- | ------------------------------- |
90| admin    | [Want](../apis-ability-kit/js-apis-app-ability-want.md)     | Yes   | EnterpriseAdminExtensionAbility.           |
91
92**Return value**
93
94| Type                                             | Description                                                  |
95| ------------------------------------------------- | ------------------------------------------------------ |
96| [DeviceEncryptionStatus](#deviceencryptionstatus) | File system encryption status. Currently, only a boolean value indicating whether the file system is encrypted is returned.|
97
98**Error codes**
99
100For details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
101
102| ID| Error Message                                                                      |
103| ------- | ---------------------------------------------------------------------------- |
104| 9200001 | The application is not an administrator application of the device. |
105| 9200002 | The administrator application does not have permission to manage the device. |
106| 201 | Permission verification failed. The application does not have the permission required to call the API. |
107| 202 | Permission verification failed. A non-system application calls a system API. |
108| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
109
110**Example**
111
112```ts
113import { Want } from '@kit.AbilityKit';
114
115let wantTemp: Want = {
116  bundleName: 'com.example.myapplication',
117  abilityName: 'EntryAbility',
118};
119
120try {
121    let result: securityManager.DeviceEncryptionStatus = securityManager.getDeviceEncryptionStatus(wantTemp);
122    console.info(`Succeeded in getting device encryption status. isEncrypted: ${result.isEncrypted}`);
123} catch(err) {
124    console.error(`Failed to get device encryption status. Code: ${err.code}, message: ${err.message}`);
125}
126```
127
128## securityManager.getPasswordPolicy<sup>12+</sup>
129
130getPasswordPolicy(): PasswordPolicy
131
132Obtains the password policy of this device.
133
134**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
135
136**System API**: This is a system API.
137
138**Return value**
139
140| Type                  | Description                     |
141| --------------------- | ------------------------- |
142| [PasswordPolicy](./js-apis-enterprise-securityManager.md#passwordpolicy) | Device password policy obtained.|
143
144**Error codes**
145
146For details about the error codes, see [Universal Error Codes](../errorcode-universal.md).
147
148| ID| Error Message                                                                      |
149| ------- | ---------------------------------------------------------------------------- |
150| 202 | Permission verification failed. A non-system application calls a system API. |
151
152**Example**
153
154```ts
155try {
156    let result: securityManager.PasswordPolicy = securityManager.getPasswordPolicy();
157    console.info(`Succeeded in getting password policy, result : ${JSON.stringify(result)}`);
158} catch(err) {
159    console.error(`Failed to get password policy. Code: ${err.code}, message: ${err.message}`);
160}
161```
162
163## DeviceEncryptionStatus
164
165Represents the file system encryption status.
166
167**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
168
169**System API**: This is a system API.
170
171| Name        | Type    | Read-Only| Optional|  Description                           |
172| ----------- | --------| ---- | ----| ---------------------------- |
173| isEncrypted | boolean | No  | No| Whether the file system of the device is encrypted. <br>The value **true** means the file system of the device is encrypted; the value **false** means the opposite.|
174