1/* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit AbilityKit 19 */ 20 21import { AsyncCallback, Callback } from './@ohos.base'; 22import { Permissions } from './permissions'; 23import type _Context from './application/Context'; 24import type _PermissionRequestResult from './security/PermissionRequestResult'; 25 26/** 27 * @namespace abilityAccessCtrl 28 * @syscap SystemCapability.Security.AccessToken 29 * @since 8 30 */ 31/** 32 * @namespace abilityAccessCtrl 33 * @syscap SystemCapability.Security.AccessToken 34 * @atomicservice 35 * @since 11 36 */ 37/** 38 * @namespace abilityAccessCtrl 39 * @syscap SystemCapability.Security.AccessToken 40 * @crossplatform 41 * @atomicservice 42 * @since arkts {'1.1':'12', '1.2':'20'} 43 * @arkts 1.1&1.2 44 */ 45declare namespace abilityAccessCtrl { 46 /** 47 * Obtains the AtManager instance. 48 * 49 * @returns { AtManager } Returns the instance of the AtManager. 50 * @syscap SystemCapability.Security.AccessToken 51 * @since 8 52 */ 53 /** 54 * Obtains the AtManager instance. 55 * 56 * @returns { AtManager } returns the instance of the AtManager. 57 * @syscap SystemCapability.Security.AccessToken 58 * @crossplatform 59 * @since 10 60 */ 61 /** 62 * Obtains the AtManager instance. 63 * 64 * @returns { AtManager } returns the instance of the AtManager. 65 * @syscap SystemCapability.Security.AccessToken 66 * @crossplatform 67 * @atomicservice 68 * @since arkts {'1.1':'11', '1.2':'20'} 69 * @arkts 1.1&1.2 70 */ 71 function createAtManager(): AtManager; 72 73 /** 74 * Provides methods for managing access_token. 75 * 76 * @interface AtManager 77 * @syscap SystemCapability.Security.AccessToken 78 * @since 8 79 */ 80 /** 81 * Provides methods for managing access_token. 82 * 83 * @interface AtManager 84 * @syscap SystemCapability.Security.AccessToken 85 * @atomicservice 86 * @since arkts {'1.1':'11', '1.2':'20'} 87 * @arkts 1.1&1.2 88 */ 89 interface AtManager { 90 /** 91 * Checks whether a specified application has been granted the given permission. 92 * 93 * @param { int } tokenID - Token ID of the application. 94 * @param { Permissions } permissionName - Name of the permission to be verified. The Permissions type supports only valid permission names. 95 * @returns { Promise<GrantStatus> } Returns permission verify result. 96 * @syscap SystemCapability.Security.AccessToken 97 * @since arkts {'1.1':'9', '1.2':'20'} 98 * @arkts 1.1&1.2 99 */ 100 verifyAccessToken(tokenID: int, permissionName: Permissions): Promise<GrantStatus>; 101 102 /** 103 * Checks whether a specified application has been granted the given permission. 104 * 105 * @param { number } tokenID - Token ID of the application. 106 * @param { string } permissionName - Name of the permission to be verified. 107 * @returns { Promise<GrantStatus> } Returns permission verify result. 108 * @syscap SystemCapability.Security.AccessToken 109 * @since 8 110 * @deprecated since 9 111 * @useinstead ohos.abilityAccessCtrl.AtManager#checkAccessToken 112 */ 113 verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus>; 114 115 /** 116 * Checks whether a specified application has been granted the given permission synchronously. 117 * 118 * @param { int } tokenID - Token ID of the application. 119 * @param { Permissions } permissionName - Name of the permission to be verified. 120 * @returns { GrantStatus } Returns permission verify result. 121 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 122 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 123 * @syscap SystemCapability.Security.AccessToken 124 * @since arkts {'1.1':'9', '1.2':'20'} 125 * @arkts 1.1&1.2 126 */ 127 verifyAccessTokenSync(tokenID: int, permissionName: Permissions): GrantStatus; 128 129 /** 130 * Checks whether a specified application has been granted the given permission. 131 * 132 * @param { int } tokenID - Token ID of the application. 133 * @param { Permissions } permissionName - Name of the permission to be verified. 134 * @returns { Promise<GrantStatus> } Returns permission verify result. 135 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 136 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 137 * @syscap SystemCapability.Security.AccessToken 138 * @since 9 139 */ 140 /** 141 * Checks whether a specified application has been granted the given permission. 142 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 143 * 144 * @param { int } tokenID - Token ID of the application. 145 * @param { Permissions } permissionName - Name of the permission to be verified. 146 * @returns { Promise<GrantStatus> } Returns permission verify result. 147 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 148 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 149 * @syscap SystemCapability.Security.AccessToken 150 * @crossplatform 151 * @since 10 152 */ 153 /** 154 * Checks whether a specified application has been granted the given permission. 155 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 156 * 157 * @param { int } tokenID - Token ID of the application. 158 * @param { Permissions } permissionName - Name of the permission to be verified. 159 * @returns { Promise<GrantStatus> } Returns permission verify result. 160 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 161 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 162 * @syscap SystemCapability.Security.AccessToken 163 * @crossplatform 164 * @atomicservice 165 * @since arkts {'1.1':'11', '1.2':'20'} 166 * @arkts 1.1&1.2 167 */ 168 checkAccessToken(tokenID: int, permissionName: Permissions): Promise<GrantStatus>; 169 170 /** 171 * Checks whether a specified application has been granted the given permission. 172 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 173 * 174 * @param { int } tokenID - Token ID of the application. 175 * @param { Permissions } permissionName - Name of the permission to be verified. 176 * @returns { GrantStatus } Returns permission verify result. 177 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 178 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 179 * @syscap SystemCapability.Security.AccessToken 180 * @crossplatform 181 * @since 10 182 */ 183 /** 184 * Checks whether a specified application has been granted the given permission. 185 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 186 * 187 * @param { int } tokenID - Token ID of the application. 188 * @param { Permissions } permissionName - Name of the permission to be verified. 189 * @returns { GrantStatus } Returns permission verify result. 190 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 191 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 192 * @syscap SystemCapability.Security.AccessToken 193 * @crossplatform 194 * @atomicservice 195 * @since arkts {'1.1':'11', '1.2':'20'} 196 * @arkts 1.1&1.2 197 */ 198 checkAccessTokenSync(tokenID: int, permissionName: Permissions): GrantStatus; 199 200 /** 201 * Requests certain permissions from the user. 202 * 203 * @param { Context } context - The context that initiates the permission request. 204 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 205 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 206 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 207 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 208 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 209 * @syscap SystemCapability.Security.AccessToken 210 * @stagemodelonly 211 * @since 9 212 */ 213 /** 214 * Requests certain permissions from the user. 215 * 216 * @param { Context } context - The context that initiates the permission request. 217 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 218 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 219 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 220 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 221 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 222 * @syscap SystemCapability.Security.AccessToken 223 * @stagemodelonly 224 * @crossplatform 225 * @since 10 226 */ 227 /** 228 * Requests certain permissions from the user. 229 * 230 * @param { Context } context - The context that initiates the permission request. 231 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 232 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 233 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 234 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 235 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 236 * @syscap SystemCapability.Security.AccessToken 237 * @stagemodelonly 238 * @crossplatform 239 * @atomicservice 240 * @since arkts {'1.1':'12', '1.2':'20'} 241 * @arkts 1.1&1.2 242 */ 243 requestPermissionsFromUser( 244 context: Context, 245 permissionList: Array<Permissions>, 246 requestCallback: AsyncCallback<PermissionRequestResult> 247 ): void; 248 249 /** 250 * Requests certain permissions from the user. 251 * 252 * @param { Context } context - The context that initiates the permission request. 253 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 254 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 255 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 256 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 257 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 258 * @syscap SystemCapability.Security.AccessToken 259 * @stagemodelonly 260 * @since 9 261 */ 262 /** 263 * Requests certain permissions from the user. 264 * 265 * @param { Context } context - The context that initiates the permission request. 266 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 267 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 268 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 269 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 270 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 271 * @syscap SystemCapability.Security.AccessToken 272 * @stagemodelonly 273 * @crossplatform 274 * @since 10 275 */ 276 /** 277 * Requests certain permissions from the user. 278 * 279 * @param { Context } context - The context that initiates the permission request. 280 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 281 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 282 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 283 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 284 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 285 * @syscap SystemCapability.Security.AccessToken 286 * @stagemodelonly 287 * @crossplatform 288 * @atomicservice 289 * @since arkts {'1.1':'11', '1.2':'20'} 290 * @arkts 1.1&1.2 291 */ 292 requestPermissionsFromUser(context: Context, permissionList: Array<Permissions>): Promise<PermissionRequestResult>; 293 294 /** 295 * Grants a specified user_grant permission to the given application. 296 * 297 * @permission ohos.permission.GRANT_SENSITIVE_PERMISSIONS 298 * @param { number } tokenID - Token ID of the application. 299 * @param { Permissions } permissionName - Name of the permission to be granted. 300 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 301 * @returns { Promise<void> } The promise returned by the function. 302 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 303 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GRANT_SENSITIVE_PERMISSIONS". 304 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 305 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters or is not declared in the module.json file, 306 * or the flags value is invalid. 307 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 308 * @throws { BusinessError } 12100003 - The specified permission does not exist or is not a user_grant permission. 309 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be granted with the specified permission. 310 * Either the application is a sandbox or the tokenID is from a remote device. 311 * @throws { BusinessError } 12100007 - The service is abnormal. 312 * @syscap SystemCapability.Security.AccessToken 313 * @systemapi 314 * @since 8 315 */ 316 grantUserGrantedPermission(tokenID: number, permissionName: Permissions, permissionFlags: number): Promise<void>; 317 318 /** 319 * Grants a specified user_grant permission to the given application. 320 * 321 * @permission ohos.permission.GRANT_SENSITIVE_PERMISSIONS 322 * @param { number } tokenID - Token ID of the application. 323 * @param { Permissions } permissionName - Name of the permission to be granted. 324 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 325 * @param { AsyncCallback<void> } callback - Asynchronous callback interface. 326 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 327 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GRANT_SENSITIVE_PERMISSIONS". 328 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 329 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters or is not declared in the module.json file, 330 * or the flags value is invalid. 331 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 332 * @throws { BusinessError } 12100003 - The specified permission does not exist or is not a user_grant permission. 333 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be granted with the specified permission. 334 * Either the application is a sandbox or the tokenID is from a remote device. 335 * @throws { BusinessError } 12100007 - The service is abnormal. 336 * @syscap SystemCapability.Security.AccessToken 337 * @systemapi 338 * @since 8 339 */ 340 grantUserGrantedPermission( 341 tokenID: number, 342 permissionName: Permissions, 343 permissionFlags: number, 344 callback: AsyncCallback<void> 345 ): void; 346 347 /** 348 * Revoke a specified user_grant permission to the given application. 349 * 350 * @permission ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 351 * @param { number } tokenID - Token ID of the application. 352 * @param { Permissions } permissionName - Name of the permission to be revoked. 353 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 354 * @returns { Promise<void> } The promise returned by the function. 355 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 356 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS". 357 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 358 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters or is not declared in the module.json file, 359 * or the flags value is invalid. 360 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 361 * @throws { BusinessError } 12100003 - The specified permission does not exist or is not a user_grant permission. 362 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be revoked with the specified permission. 363 * Either the application is a sandbox or the tokenID is from a remote device. 364 * @throws { BusinessError } 12100007 - The service is abnormal. 365 * @syscap SystemCapability.Security.AccessToken 366 * @systemapi 367 * @since 8 368 */ 369 revokeUserGrantedPermission(tokenID: number, permissionName: Permissions, permissionFlags: number): Promise<void>; 370 371 /** 372 * Revoke a specified user_grant permission to the given application. 373 * 374 * @permission ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 375 * @param { number } tokenID - Token ID of the application. 376 * @param { Permissions } permissionName - Name of the permission to be revoked. 377 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 378 * @param { AsyncCallback<void> } callback - Asynchronous callback interface. 379 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 380 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS". 381 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 382 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters or is not declared in the module.json file, 383 * or the flags value is invalid. 384 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 385 * @throws { BusinessError } 12100003 - The specified permission does not exist or is not a user_grant permission. 386 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be revoked with the specified permission. 387 * Either the application is a sandbox or the tokenID is from a remote device. 388 * @throws { BusinessError } 12100007 - The service is abnormal. 389 * @syscap SystemCapability.Security.AccessToken 390 * @systemapi 391 * @since 8 392 */ 393 revokeUserGrantedPermission( 394 tokenID: number, 395 permissionName: Permissions, 396 permissionFlags: number, 397 callback: AsyncCallback<void> 398 ): void; 399 400 /** 401 * Queries specified permission flags of the given application. 402 * 403 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS or ohos.permission.GRANT_SENSITIVE_PERMISSIONS or ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 404 * @param { number } tokenID - Token ID of the application. 405 * @param { Permissions } permissionName - Name of the permission to be get. 406 * @returns { Promise<number> } Return permission flags. 407 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 408 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 409 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 410 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 411 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 412 * @throws { BusinessError } 12100003 - The specified permission does not exist or is not declared in the module.json file. 413 * @throws { BusinessError } 12100006 - The operation is not allowed. Either the application is a sandbox or the tokenID is from a remote device. 414 * @throws { BusinessError } 12100007 - The service is abnormal. 415 * @syscap SystemCapability.Security.AccessToken 416 * @systemapi 417 * @since 8 418 */ 419 getPermissionFlags(tokenID: number, permissionName: Permissions): Promise<number>; 420 421 /** 422 * Set the toggle status of one permission flag. 423 * 424 * @permission ohos.permission.DISABLE_PERMISSION_DIALOG 425 * @param { Permissions } permissionName - Name of the permission associated with the toggle status to be set. 426 * @param { PermissionRequestToggleStatus } status - The toggle status to be set. 427 * @returns { Promise<void> } The promise returned by the function. 428 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 429 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 430 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 431 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionName exceeds 256 characters, the specified permission is not a user_grant permission, 432 * or the status value is invalid. 433 * @throws { BusinessError } 12100003 - The specified permission does not exist. 434 * @throws { BusinessError } 12100007 - The service is abnormal. 435 * @syscap SystemCapability.Security.AccessToken 436 * @systemapi 437 * @since 12 438 */ 439 setPermissionRequestToggleStatus(permissionName: Permissions, status: PermissionRequestToggleStatus): Promise<void>; 440 441 /** 442 * Get the toggle status of one permission flag. 443 * 444 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 445 * @param { Permissions } permissionName - Name of the permission associated with the toggle status to be get. 446 * @returns { Promise<PermissionRequestToggleStatus> } Return the toggle status. 447 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 448 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 449 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 450 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionName exceeds 256 characters, or the specified permission is not a user_grant permission. 451 * @throws { BusinessError } 12100003 - The specified permission does not exist. 452 * @throws { BusinessError } 12100007 - The service is abnormal. 453 * @syscap SystemCapability.Security.AccessToken 454 * @systemapi 455 * @since 12 456 */ 457 getPermissionRequestToggleStatus(permissionName: Permissions): Promise<PermissionRequestToggleStatus>; 458 459 /** 460 * Queries permission management version. 461 * 462 * @returns { Promise<number> } Return permission version. 463 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 464 * @syscap SystemCapability.Security.AccessToken 465 * @systemapi 466 * @since 9 467 */ 468 getVersion(): Promise<number>; 469 470 /** 471 * Queries permissions status of the given application. 472 * 473 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 474 * @param { number } tokenID - Token ID of the application. 475 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be queried. This parameter cannot be null or empty. 476 * @returns { Promise<Array<PermissionStatus>> } Return permission status. 477 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 478 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 479 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 480 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0 or the permissionList is empty or exceeds the size limit. 481 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 482 * @throws { BusinessError } 12100007 - The service is abnormal. 483 * @syscap SystemCapability.Security.AccessToken 484 * @systemapi 485 * @since 12 486 */ 487 getPermissionsStatus(tokenID: number, permissionList: Array<Permissions>): Promise<Array<PermissionStatus>>; 488 489 /** 490 * Registers a permission state callback so that the application can be notified upon specified permission state of specified applications changes. 491 * 492 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 493 * @param { 'permissionStateChange' } type - Event type. 494 * @param { Array<number> } tokenIDList - A list of permissions that specify the permissions to be listened on. The value in the list can be: 495 * <br> {@code empty} - Indicates that the application can be notified if the specified permission state of any applications changes. 496 * <br> {@code non-empty} - Indicates that the application can only be notified if the specified permission state of the specified applications change. 497 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. The value in the list can be: 498 * <br> {@code empty} - Indicates that the application can be notified if any permission state of the specified applications changes. 499 * <br> {@code non-empty} - Indicates that the application can only be notified if the specified permission state of the specified applications changes. 500 * @param { Callback<PermissionStateChangeInfo> } callback - Callback for the result from registering permissions. 501 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 502 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 503 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 504 * @throws { BusinessError } 12100001 - Invalid parameter. Possible causes: 1. The tokenIDList or permissionList exceeds the size limit; 505 * 2. The tokenIDs or permissionNames in the list are all invalid. 506 * @throws { BusinessError } 12100004 - The API is used repeatedly with the same input. 507 * @throws { BusinessError } 12100005 - The registration time has exceeded the limit. 508 * @throws { BusinessError } 12100007 - The service is abnormal. 509 * @throws { BusinessError } 12100008 - Out of memory. 510 * @syscap SystemCapability.Security.AccessToken 511 * @systemapi 512 * @since 9 513 */ 514 on( 515 type: 'permissionStateChange', 516 tokenIDList: Array<number>, 517 permissionList: Array<Permissions>, 518 callback: Callback<PermissionStateChangeInfo> 519 ): void; 520 521 /** 522 * Subscribes to the permission changes of this application. 523 * 524 * @param { 'selfPermissionStateChange' } type - Event type. 525 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be 526 * listened on. The value in the list can be: 527 * <br> {@code empty} - Indicates that the application can be notified if any permission state changes. 528 * <br> {@code non-empty} - Indicates that the application can only be notified if the specified permission 529 * state changes. 530 * @param { Callback<PermissionStateChangeInfo> } callback - Callback for the result from registering 531 * permissions. 532 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left 533 * unspecified; 2.Incorrect parameter types. 534 * @throws { BusinessError } 12100001 - Invalid parameter. Possible causes: 1. The permissionList exceeds 535 * the size limit; 2. The permissionNames in the list are all invalid. 536 * @throws { BusinessError } 12100004 - The API is used repeatedly with the same input. 537 * @throws { BusinessError } 12100005 - The registration time has exceeded the limit. 538 * @throws { BusinessError } 12100007 - The service is abnormal. 539 * @syscap SystemCapability.Security.AccessToken 540 * @atomicservice 541 * @since 18 542 */ 543 on( 544 type: 'selfPermissionStateChange', 545 permissionList: Array<Permissions>, 546 callback: Callback<PermissionStateChangeInfo> 547 ): void; 548 549 /** 550 * Unregisters a permission state callback so that the specified applications cannot be notified upon specified permissions state changes anymore. 551 * 552 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 553 * @param { 'permissionStateChange' } type - Event type. 554 * @param { Array<number> } tokenIDList - A list of permissions that specify the permissions to be listened on. 555 * It should correspond to the value registered by function of "on", whose type is "permissionStateChange". 556 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. 557 * It should correspond to the value registered by function of "on", whose type is "permissionStateChange". 558 * @param { Callback<PermissionStateChangeInfo> } [callback] - Callback for the result from unregistering permissions. 559 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 560 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 561 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 562 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenIDList or permissionList is not in the listening list. 563 * @throws { BusinessError } 12100004 - The API is not used in pair with 'on'. 564 * @throws { BusinessError } 12100007 - The service is abnormal. 565 * @throws { BusinessError } 12100008 - Out of memory. 566 * @syscap SystemCapability.Security.AccessToken 567 * @systemapi 568 * @since 9 569 */ 570 off( 571 type: 'permissionStateChange', 572 tokenIDList: Array<number>, 573 permissionList: Array<Permissions>, 574 callback?: Callback<PermissionStateChangeInfo> 575 ): void; 576 577 /** 578 * Unregisters a permission state callback so that the application cannot be notified upon specified permissions state changes anymore. 579 * 580 * @param { 'selfPermissionStateChange' } type - Event type. 581 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. 582 * It should correspond to the value registered by function of "on", whose type is "selfPermissionStateChange". 583 * @param { Callback<PermissionStateChangeInfo> } [callback] - Callback for the result from unregistering permissions. 584 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 585 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionNames in the list are all invalid. 586 * @throws { BusinessError } 12100004 - The API is not used in pair with 'on'. 587 * @throws { BusinessError } 12100007 - The service is abnormal. 588 * @syscap SystemCapability.Security.AccessToken 589 * @atomicservice 590 * @since 18 591 */ 592 off( 593 type: 'selfPermissionStateChange', 594 permissionList: Array<Permissions>, 595 callback?: Callback<PermissionStateChangeInfo> 596 ): void; 597 598 /** 599 * Requests certain permissions on setting from the user. 600 * 601 * @param { Context } context - The context that initiates the permission request. 602 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 603 * @param { Array<Permissions> } permissionList - Indicates the list of permission to be requested. This parameter cannot be null or empty. 604 * @returns { Promise<Array<GrantStatus>> } Returns the list of status of the specified permission. 605 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types. 606 * @throws { BusinessError } 12100001 - Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 607 * 2. The permission list contains the permission that is not declared in the module.json file; 3. The permission list is invalid because the permissions in it do not belong to the same permission group. 608 * @throws { BusinessError } 12100010 - The request already exists. 609 * @throws { BusinessError } 12100011 - All permissions in the permission list have been granted. 610 * @throws { BusinessError } 12100012 - The permission list contains the permission that has not been revoked by the user. 611 * @syscap SystemCapability.Security.AccessToken 612 * @stagemodelonly 613 * @atomicservice 614 * @since arkts {'1.1':'12', '1.2':'20'} 615 * @arkts 1.1&1.2 616 */ 617 requestPermissionOnSetting(context: Context, permissionList: Array<Permissions>): Promise<Array<GrantStatus>>; 618 619 /** 620 * Requests certain global switch status on setting from the user. 621 * 622 * @param { Context } context - The context that initiates the permission request. 623 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 624 * @param { SwitchType } type - Indicates the type of global switch to be requested. This parameter cannot be null or empty. 625 * @returns { Promise<boolean> } Returns the status of the specified global switch. 626 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types. 627 * @throws { BusinessError } 12100001 - Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 2. The type of global switch is not support. 628 * @throws { BusinessError } 12100010 - The request already exists. 629 * @throws { BusinessError } 12100013 - The specific global switch is already open. 630 * @syscap SystemCapability.Security.AccessToken 631 * @stagemodelonly 632 * @atomicservice 633 * @since 12 634 */ 635 requestGlobalSwitch(context: Context, type: SwitchType): Promise<boolean>; 636 637 /** 638 * Starts the permission manager page of an application. 639 * 640 * @param { number } tokenID - Token ID of the application. 641 * @returns { Promise<void> } The promise returned by the function. 642 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 643 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 644 * @throws { BusinessError } 12100007 - The service is abnormal. 645 * @syscap SystemCapability.Security.AccessToken 646 * @systemapi 647 * @stagemodelonly 648 * @since 18 649 */ 650 requestPermissionOnApplicationSetting(tokenID: number): Promise<void>; 651 652 /** 653 * Queries permission status of the application synchronously. 654 * 655 * @param { Permissions } permissionName - Indicates the permission to be queried. This parameter cannot be null or empty. 656 * @returns { PermissionStatus } Return permission status. 657 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionName is empty or exceeds 256 characters. 658 * @throws { BusinessError } 12100007 - The service is abnormal. 659 * @syscap SystemCapability.Security.AccessToken 660 * @atomicservice 661 * @since 20 662 */ 663 getSelfPermissionStatus(permissionName: Permissions): PermissionStatus; 664 } 665 666 /** 667 * GrantStatus. 668 * 669 * @enum { int } 670 * @syscap SystemCapability.Security.AccessToken 671 * @since 8 672 */ 673 /** 674 * GrantStatus. 675 * 676 * @enum { int } 677 * @syscap SystemCapability.Security.AccessToken 678 * @crossplatform 679 * @since 10 680 */ 681 /** 682 * GrantStatus. 683 * 684 * @enum { int } 685 * @syscap SystemCapability.Security.AccessToken 686 * @crossplatform 687 * @atomicservice 688 * @since arkts {'1.1':'11', '1.2':'20'} 689 * @arkts 1.1&1.2 690 */ 691 export enum GrantStatus { 692 /** 693 * access_token permission check fail 694 * 695 * @syscap SystemCapability.Security.AccessToken 696 * @since 8 697 */ 698 /** 699 * access_token permission check fail 700 * 701 * @syscap SystemCapability.Security.AccessToken 702 * @crossplatform 703 * @since 10 704 */ 705 /** 706 * access_token permission check fail 707 * 708 * @syscap SystemCapability.Security.AccessToken 709 * @crossplatform 710 * @atomicservice 711 * @since arkts {'1.1':'11', '1.2':'20'} 712 * @arkts 1.1&1.2 713 */ 714 PERMISSION_DENIED = -1, 715 /** 716 * access_token permission check success 717 * 718 * @syscap SystemCapability.Security.AccessToken 719 * @since 8 720 */ 721 /** 722 * access_token permission check success 723 * 724 * @syscap SystemCapability.Security.AccessToken 725 * @crossplatform 726 * @since 10 727 */ 728 /** 729 * access_token permission check success 730 * 731 * @syscap SystemCapability.Security.AccessToken 732 * @crossplatform 733 * @atomicservice 734 * @since arkts {'1.1':'11', '1.2':'20'} 735 * @arkts 1.1&1.2 736 */ 737 PERMISSION_GRANTED = 0 738 } 739 740 /** 741 * Enum for permission state change type. 742 * 743 * @enum { number } 744 * @syscap SystemCapability.Security.AccessToken 745 * @atomicservice 746 * @since 18 747 */ 748 export enum PermissionStateChangeType { 749 /** 750 * A granted user_grant permission is revoked. 751 * 752 * @syscap SystemCapability.Security.AccessToken 753 * @atomicservice 754 * @since 18 755 */ 756 PERMISSION_REVOKED_OPER = 0, 757 /** 758 * A user_grant permission is granted. 759 * 760 * @syscap SystemCapability.Security.AccessToken 761 * @atomicservice 762 * @since 18 763 */ 764 PERMISSION_GRANTED_OPER = 1 765 } 766 767 /** 768 * Enum for permission request toggle status. 769 * 770 * @enum { number } 771 * @syscap SystemCapability.Security.AccessToken 772 * @systemapi 773 * @since 12 774 */ 775 export enum PermissionRequestToggleStatus { 776 /** 777 * The toggle status of one permission flag is closed. 778 * 779 * @syscap SystemCapability.Security.AccessToken 780 * @systemapi 781 * @since 12 782 */ 783 CLOSED = 0, 784 /** 785 * The toggle status of one permission flag is open. 786 * 787 * @syscap SystemCapability.Security.AccessToken 788 * @systemapi 789 * @since 12 790 */ 791 OPEN = 1, 792 } 793 794 /** 795 * Indicates the information of permission state change. 796 * 797 * @interface PermissionStateChangeInfo 798 * @syscap SystemCapability.Security.AccessToken 799 * @atomicservice 800 * @since 18 801 * @name PermissionStateChangeInfo 802 */ 803 interface PermissionStateChangeInfo { 804 /** 805 * Indicates the permission state change type. 806 * 807 * @type { PermissionStateChangeType } 808 * @syscap SystemCapability.Security.AccessToken 809 * @atomicservice 810 * @since 18 811 */ 812 change: PermissionStateChangeType; 813 814 /** 815 * Indicates the application whose permission state has been changed. 816 * 817 * @type { number } 818 * @syscap SystemCapability.Security.AccessToken 819 * @atomicservice 820 * @since 18 821 */ 822 tokenID: number; 823 824 /** 825 * Indicates the permission whose state has been changed. 826 * 827 * @type { Permissions } 828 * @syscap SystemCapability.Security.AccessToken 829 * @atomicservice 830 * @since 18 831 */ 832 permissionName: Permissions; 833 } 834 835 /** 836 * PermissionStatus. 837 * 838 * @enum { number } 839 * @syscap SystemCapability.Security.AccessToken 840 * @atomicservice 841 * @since 20 842 */ 843 export enum PermissionStatus { 844 /** 845 * permission has been denied, only can change it in settings 846 * 847 * @syscap SystemCapability.Security.AccessToken 848 * @atomicservice 849 * @since 20 850 */ 851 DENIED = -1, 852 /** 853 * permission has been granted 854 * 855 * @syscap SystemCapability.Security.AccessToken 856 * @atomicservice 857 * @since 20 858 */ 859 GRANTED = 0, 860 /** 861 * permission is not determined 862 * 863 * @syscap SystemCapability.Security.AccessToken 864 * @atomicservice 865 * @since 20 866 */ 867 NOT_DETERMINED = 1, 868 /** 869 * permission is invalid 870 * 871 * @syscap SystemCapability.Security.AccessToken 872 * @atomicservice 873 * @since 20 874 */ 875 INVALID = 2, 876 /** 877 * permission has been restricted 878 * 879 * @syscap SystemCapability.Security.AccessToken 880 * @atomicservice 881 * @since 20 882 */ 883 RESTRICTED = 3 884 } 885 886 /** 887 * SwitchType. 888 * 889 * @enum { number } 890 * @syscap SystemCapability.Security.AccessToken 891 * @atomicservice 892 * @since 12 893 */ 894 export enum SwitchType { 895 /** 896 * switch of camera 897 * 898 * @syscap SystemCapability.Security.AccessToken 899 * @atomicservice 900 * @since 12 901 */ 902 CAMERA = 0, 903 /** 904 * switch of microphone 905 * 906 * @syscap SystemCapability.Security.AccessToken 907 * @atomicservice 908 * @since 12 909 */ 910 MICROPHONE = 1, 911 /** 912 * switch of location 913 * 914 * @syscap SystemCapability.Security.AccessToken 915 * @atomicservice 916 * @since 12 917 */ 918 LOCATION = 2, 919 } 920} 921 922export default abilityAccessCtrl; 923export { Permissions }; 924/** 925 * PermissionRequestResult interface. 926 * 927 * @typedef { _PermissionRequestResult } 928 * @syscap SystemCapability.Security.AccessToken 929 * @stagemodelonly 930 * @crossplatform 931 * @since 10 932 */ 933/** 934 * PermissionRequestResult interface. 935 * 936 * @typedef { _PermissionRequestResult } 937 * @syscap SystemCapability.Security.AccessToken 938 * @stagemodelonly 939 * @crossplatform 940 * @atomicservice 941 * @since arkts {'1.1':'11', '1.2':'20'} 942 * @arkts 1.1&1.2 943 */ 944export type PermissionRequestResult = _PermissionRequestResult; 945/** 946 * Context interface. 947 * 948 * @typedef { _Context } 949 * @syscap SystemCapability.Security.AccessToken 950 * @stagemodelonly 951 * @crossplatform 952 * @since 10 953 */ 954/** 955 * Context interface. 956 * 957 * @typedef { _Context } 958 * @syscap SystemCapability.Security.AccessToken 959 * @stagemodelonly 960 * @crossplatform 961 * @atomicservice 962 * @since arkts {'1.1':'11', '1.2':'20'} 963 * @arkts 1.1&1.2 964 */ 965export type Context = _Context; 966