1/* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit DataProtectionKit 19 */ 20 21import type { AsyncCallback, Callback } from './@ohos.base'; 22import type common from './@ohos.app.ability.common'; 23import type Want from './@ohos.app.ability.Want'; 24 25/** 26 * Provides the capability to access the data loss prevention (DLP) files. 27 * 28 * @namespace dlpPermission 29 * @syscap SystemCapability.Security.DataLossPrevention 30 * @since 10 31 */ 32declare namespace dlpPermission { 33 /** 34 * Enumerates the types of actions that can be performed on a DLP file. 35 * 36 * @enum { number } 37 * @syscap SystemCapability.Security.DataLossPrevention 38 * @since 10 39 */ 40 export enum ActionFlagType { 41 /** 42 * View a DLP file. 43 * 44 * @syscap SystemCapability.Security.DataLossPrevention 45 * @since 10 46 */ 47 ACTION_VIEW = 0x00000001, 48 49 /** 50 * Save a DLP file. 51 * 52 * @syscap SystemCapability.Security.DataLossPrevention 53 * @since 10 54 */ 55 ACTION_SAVE = 0x00000002, 56 57 /** 58 * Save a DLP file as another file. 59 * 60 * @syscap SystemCapability.Security.DataLossPrevention 61 * @since 10 62 */ 63 ACTION_SAVE_AS = 0x00000004, 64 65 /** 66 * Edit a DLP file. 67 * 68 * @syscap SystemCapability.Security.DataLossPrevention 69 * @since 10 70 */ 71 ACTION_EDIT = 0x00000008, 72 73 /** 74 * Take a screenshot of a DLP file. 75 * 76 * @syscap SystemCapability.Security.DataLossPrevention 77 * @since 10 78 */ 79 ACTION_SCREEN_CAPTURE = 0x00000010, 80 81 /** 82 * Share the screen, on which a DLP file is opened. 83 * 84 * @syscap SystemCapability.Security.DataLossPrevention 85 * @since 10 86 */ 87 ACTION_SCREEN_SHARE = 0x00000020, 88 89 /** 90 * Record the screen, on which a DLP file is opened. 91 * 92 * @syscap SystemCapability.Security.DataLossPrevention 93 * @since 10 94 */ 95 ACTION_SCREEN_RECORD = 0x00000040, 96 97 /** 98 * Copy in the editor, on which a DLP file is opened. 99 * 100 * @syscap SystemCapability.Security.DataLossPrevention 101 * @since 10 102 */ 103 ACTION_COPY = 0x00000080, 104 105 /** 106 * Print a DLP file. 107 * 108 * @syscap SystemCapability.Security.DataLossPrevention 109 * @since 10 110 */ 111 ACTION_PRINT = 0x00000100, 112 113 /** 114 * Export a DLP file. 115 * 116 * @syscap SystemCapability.Security.DataLossPrevention 117 * @since 10 118 */ 119 ACTION_EXPORT = 0x00000200, 120 121 /** 122 * Change the permissions for a DLP file. 123 * 124 * @syscap SystemCapability.Security.DataLossPrevention 125 * @since 10 126 */ 127 ACTION_PERMISSION_CHANGE = 0x00000400 128 } 129 130 /** 131 * Enumerates the access permissions for a DLP file. 132 * 133 * @enum { number } 134 * @syscap SystemCapability.Security.DataLossPrevention 135 * @since 10 136 */ 137 export enum DLPFileAccess { 138 /** 139 * No permission. 140 * 141 * @syscap SystemCapability.Security.DataLossPrevention 142 * @since 10 143 */ 144 NO_PERMISSION = 0, 145 146 /** 147 * Read-only. 148 * 149 * @syscap SystemCapability.Security.DataLossPrevention 150 * @since 10 151 */ 152 READ_ONLY = 1, 153 154 /** 155 * Edit. 156 * 157 * @syscap SystemCapability.Security.DataLossPrevention 158 * @since 10 159 */ 160 CONTENT_EDIT = 2, 161 162 /** 163 * Full control. 164 * 165 * @syscap SystemCapability.Security.DataLossPrevention 166 * @since 10 167 */ 168 FULL_CONTROL = 3 169 } 170 171 /** 172 * Represents the permission info of a DLP file. 173 * 174 * @interface DLPPermissionInfo 175 * @syscap SystemCapability.Security.DataLossPrevention 176 * @since 10 177 */ 178 export interface DLPPermissionInfo { 179 /** 180 * Access permission for the DLP file. 181 * 182 * @type { DLPFileAccess } 183 * @syscap SystemCapability.Security.DataLossPrevention 184 * @since 10 185 */ 186 dlpFileAccess: DLPFileAccess; 187 188 /** 189 * Actions allowed for the DLP file. The value is a combination of flags in {@link ActionFlagType}. 190 * 191 * @type { number } 192 * @syscap SystemCapability.Security.DataLossPrevention 193 * @since 10 194 */ 195 flags: number; 196 } 197 198 /** 199 * Represents the accessed DLP file info. 200 * 201 * @interface AccessedDLPFileInfo 202 * @syscap SystemCapability.Security.DataLossPrevention 203 * @since 10 204 */ 205 export interface AccessedDLPFileInfo { 206 /** 207 * URI of the DLP file. 208 * 209 * @type { string } 210 * @syscap SystemCapability.Security.DataLossPrevention 211 * @since 10 212 */ 213 uri: string; 214 215 /** 216 * Time when the DLP file was last opened. 217 * 218 * @type { number } 219 * @syscap SystemCapability.Security.DataLossPrevention 220 * @since 10 221 */ 222 lastOpenTime: number; 223 } 224 225 /** 226 * Represents the retention sandbox info. 227 * 228 * @interface RetentionSandboxInfo 229 * @syscap SystemCapability.Security.DataLossPrevention 230 * @since 10 231 */ 232 export interface RetentionSandboxInfo { 233 /** 234 * Application index of the DLP sandbox. 235 * 236 * @type { number } 237 * @syscap SystemCapability.Security.DataLossPrevention 238 * @since 10 239 */ 240 appIndex: number; 241 242 /** 243 * Bundle name of the application. 244 * 245 * @type { string } 246 * @syscap SystemCapability.Security.DataLossPrevention 247 * @since 10 248 */ 249 bundleName: string; 250 251 /** 252 * List of file URIs. 253 * 254 * @type { Array<string> } 255 * @syscap SystemCapability.Security.DataLossPrevention 256 * @since 10 257 */ 258 docUris: Array<string>; 259 } 260 261 /** 262 * Checks whether a file is a DLP file. This method uses a promise to return the result. 263 * 264 * @param { number } fd - Indicates the file descriptor of the file to check. 265 * @returns { Promise<boolean> } Returns {@code true} if {@link fd} is a DLP file; returns {@code false} otherwise. 266 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 267 * 2. Incorrect parameter types. 268 * @throws { BusinessError } 19100001 - Invalid parameter value. 269 * @throws { BusinessError } 19100011 - The system ability works abnormally. 270 * @syscap SystemCapability.Security.DataLossPrevention 271 * @since 10 272 */ 273 function isDLPFile(fd: number): Promise<boolean>; 274 275 /** 276 * Checks whether a file is a DLP file. This method uses an asynchronous callback to return the result. 277 * 278 * @param { number } fd - Indicates the file descriptor of the file to check. 279 * @param { AsyncCallback<boolean> } callback - Indicates the callback of isDLPFile. 280 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 281 * 2. Incorrect parameter types. 282 * @throws { BusinessError } 19100001 - Invalid parameter value. 283 * @throws { BusinessError } 19100011 - The system ability works abnormally. 284 * @syscap SystemCapability.Security.DataLossPrevention 285 * @since 10 286 */ 287 function isDLPFile(fd: number, callback: AsyncCallback<boolean>): void; 288 289 /** 290 * Obtains the permission info of this DLP file. This method uses a promise to return the result. 291 * 292 * @returns { Promise<DLPPermissionInfo> } Returns the {@link DLPPermissionInfo}. 293 * @throws { BusinessError } 19100001 - Invalid parameter value. 294 * @throws { BusinessError } 19100006 - No permission to call this API, 295 * which is available only for DLP sandbox applications. 296 * @throws { BusinessError } 19100011 - The system ability works abnormally. 297 * @syscap SystemCapability.Security.DataLossPrevention 298 * @since 10 299 */ 300 function getDLPPermissionInfo(): Promise<DLPPermissionInfo>; 301 302 /** 303 * Obtains the permission info of this DLP file. This method uses an asynchronous callback to return the result. 304 * 305 * @param { AsyncCallback<DLPPermissionInfo> } callback - Indicates the callback of getDLPPermissionInfo. 306 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 307 * @throws { BusinessError } 19100001 - Invalid parameter value. 308 * @throws { BusinessError } 19100006 - No permission to call this API, 309 * which is available only for DLP sandbox applications. 310 * @throws { BusinessError } 19100011 - The system ability works abnormally. 311 * @syscap SystemCapability.Security.DataLossPrevention 312 * @since 10 313 */ 314 function getDLPPermissionInfo(callback: AsyncCallback<DLPPermissionInfo>): void; 315 316 /** 317 * Obtains the original file name from a DLP file name. This method removes the DLP file name extension from the DLP file name. 318 * 319 * @param { string } fileName - Indicates the DLP file name. 320 * @returns { string } Returns the original file name obtained. 321 * @throws { BusinessError } 19100001 - Invalid parameter value. 322 * @throws { BusinessError } 19100011 - The system ability works abnormally. 323 * @syscap SystemCapability.Security.DataLossPrevention 324 * @since 10 325 */ 326 function getOriginalFileName(fileName: string): string; 327 328 /** 329 * Obtains the DLP file name extension. 330 * 331 * @returns { string } Returns the DLP file name extension obtained. 332 * @throws { BusinessError } 19100011 - The system ability works abnormally. 333 * @syscap SystemCapability.Security.DataLossPrevention 334 * @since 10 335 */ 336 function getDLPSuffix(): string; 337 338 /** 339 * Subscribes to the event reported when a DLP file is opened by current application. 340 * 341 * @param { 'openDLPFile' } type - Indicates the type of the event to subscribe to. 342 * The value of type must be openDLPFile. 343 * @param { Callback<AccessedDLPFileInfo> } listener - Indicates the callback invoked when a DLP file is opened by current application. 344 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 345 * 2. Incorrect parameter types. 3. Parameter verification failed. 346 * @throws { BusinessError } 19100001 - Invalid parameter value. 347 * @throws { BusinessError } 19100007 - No permission to call this API, 348 * which is available only for non-DLP sandbox applications. 349 * @throws { BusinessError } 19100011 - The system ability works abnormally. 350 * @syscap SystemCapability.Security.DataLossPrevention 351 * @since 10 352 */ 353 function on(type: 'openDLPFile', listener: Callback<AccessedDLPFileInfo>): void; 354 355 /** 356 * Unsubscribes from the event reported when a DLP file is opened by current application. 357 * 358 * @param { 'openDLPFile' } type - Indicates the type of the event to unsubscribe from. 359 * The value of type must be openDLPFile. 360 * @param { Callback<AccessedDLPFileInfo> } listener - Indicates the callback invoked when a DLP file is opened by current application. 361 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 362 * 2. Incorrect parameter types. 3. Parameter verification failed. 363 * @throws { BusinessError } 19100001 - Invalid parameter value. 364 * @throws { BusinessError } 19100007 - No permission to call this API, 365 * which is available only for non-DLP sandbox applications. 366 * @throws { BusinessError } 19100011 - The system ability works abnormally. 367 * @syscap SystemCapability.Security.DataLossPrevention 368 * @since 10 369 */ 370 function off(type: 'openDLPFile', listener?: Callback<AccessedDLPFileInfo>): void; 371 372 /** 373 * Checks whether current application is in the DLP sandbox. This method uses a promise to return the result. 374 * 375 * @returns { Promise<boolean> } Returns {@code true} if current application is in a DLP sandbox; returns {@code false} otherwise. 376 * @throws { BusinessError } 19100001 - Invalid parameter value. 377 * @throws { BusinessError } 19100011 - The system ability works abnormally. 378 * @syscap SystemCapability.Security.DataLossPrevention 379 * @since 10 380 */ 381 function isInSandbox(): Promise<boolean>; 382 383 /** 384 * Checks whether current application is in the DLP sandbox. This method uses an asynchronous callback to return the result. 385 * 386 * @param { AsyncCallback<boolean> } callback - Indicates the callback of isInSandbox. 387 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 388 * @throws { BusinessError } 19100001 - Invalid parameter value. 389 * @throws { BusinessError } 19100011 - The system ability works abnormally. 390 * @syscap SystemCapability.Security.DataLossPrevention 391 * @since 10 392 */ 393 function isInSandbox(callback: AsyncCallback<boolean>): void; 394 395 /** 396 * Obtains the file types supported by DLP. This method uses a promise to return the result. 397 * 398 * @returns { Promise<Array<string>> } Returns the list of file types supported. 399 * @throws { BusinessError } 19100001 - Invalid parameter value. 400 * @throws { BusinessError } 19100011 - The system ability works abnormally. 401 * @syscap SystemCapability.Security.DataLossPrevention 402 * @since 10 403 */ 404 function getDLPSupportedFileTypes(): Promise<Array<string>>; 405 406 /** 407 * Obtains the file types supported by DLP. This method uses an asynchronous callback to return the result. 408 * 409 * @param { AsyncCallback<Array<string>> } callback - Indicates the callback of getDLPSupportedFileTypes. 410 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 411 * @throws { BusinessError } 19100001 - Invalid parameter value. 412 * @throws { BusinessError } 19100011 - The system ability works abnormally. 413 * @syscap SystemCapability.Security.DataLossPrevention 414 * @since 10 415 */ 416 function getDLPSupportedFileTypes(callback: AsyncCallback<Array<string>>): void; 417 418 /** 419 * Sets the retention status for the files specified by URI list. This method uses a promise to return the result. 420 * 421 * @param { Array<string> } docUris - Indicates the URIs of the files, for which the retention status is to set. 422 * @returns { Promise<void> } The promise returned by the function. 423 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 424 * 2. Incorrect parameter types. 425 * @throws { BusinessError } 19100001 - Invalid parameter value. 426 * @throws { BusinessError } 19100006 - No permission to call this API, 427 * which is available only for DLP sandbox applications. 428 * @throws { BusinessError } 19100011 - The system ability works abnormally. 429 * @syscap SystemCapability.Security.DataLossPrevention 430 * @since 10 431 */ 432 function setRetentionState(docUris: Array<string>): Promise<void>; 433 434 /** 435 * Sets the retention status for the files specified by URI list. This method uses an asynchronous callback to return the result. 436 * 437 * @param { Array<string> } docUris - Indicates the URIs of the files, for which the retention status is to set. 438 * @param { AsyncCallback<void> } callback - Indicates the callback of setRetentionState. 439 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 440 * 2. Incorrect parameter types. 441 * @throws { BusinessError } 19100001 - Invalid parameter value. 442 * @throws { BusinessError } 19100006 - No permission to call this API, 443 * which is available only for DLP sandbox applications. 444 * @throws { BusinessError } 19100011 - The system ability works abnormally. 445 * @syscap SystemCapability.Security.DataLossPrevention 446 * @since 10 447 */ 448 function setRetentionState(docUris: Array<string>, callback: AsyncCallback<void>): void; 449 450 /** 451 * Cancels the retention status for the files specified by URI list. This method uses a promise to return the result. 452 * 453 * @param { Array<string> } docUris - Indicates the list of the file URIs. 454 * @returns { Promise<void> } The promise returned by the function. 455 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 456 * 2. Incorrect parameter types. 457 * @throws { BusinessError } 19100001 - Invalid parameter value. 458 * @throws { BusinessError } 19100011 - The system ability works abnormally. 459 * @syscap SystemCapability.Security.DataLossPrevention 460 * @since 10 461 */ 462 function cancelRetentionState(docUris: Array<string>): Promise<void>; 463 464 /** 465 * Cancels the retention status for the files specified by URI list. This method uses an asynchronous callback to return the result. 466 * 467 * @param { Array<string> } docUris - Indicates the list of the file URIs. 468 * @param { AsyncCallback<void> } callback - Indicates the callback of cancelRetentionState. 469 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 470 * 2. Incorrect parameter types. 471 * @throws { BusinessError } 19100001 - Invalid parameter value. 472 * @throws { BusinessError } 19100011 - The system ability works abnormally. 473 * @syscap SystemCapability.Security.DataLossPrevention 474 * @since 10 475 */ 476 function cancelRetentionState(docUris: Array<string>, callback: AsyncCallback<void>): void; 477 478 /** 479 * Obtains information about the retained DLP sandboxes of an application. This method uses a promise to return the result. 480 * 481 * @param { string } bundleName - Indicates the bundle name of the application. 482 * @returns { Promise<Array<RetentionSandboxInfo>> } Returns a list of {@link RetentionSandboxInfo}. 483 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 484 * @throws { BusinessError } 19100001 - Invalid parameter value. 485 * @throws { BusinessError } 19100007 - No permission to call this API, 486 * which is available only for non-DLP sandbox applications. 487 * @throws { BusinessError } 19100011 - The system ability works abnormally. 488 * @syscap SystemCapability.Security.DataLossPrevention 489 * @since 10 490 */ 491 function getRetentionSandboxList(bundleName?: string): Promise<Array<RetentionSandboxInfo>>; 492 493 /** 494 * Obtains information about the retained DLP sandboxes of an application. This method uses an asynchronous callback to return the result. 495 * 496 * @param { string } bundleName - Indicates the bundle name of the application. 497 * @param { AsyncCallback<Array<RetentionSandboxInfo>> } callback - Indicates the callback of getRetentionSandboxList. 498 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 499 * @throws { BusinessError } 19100001 - Invalid parameter value. 500 * @throws { BusinessError } 19100007 - No permission to call this API, 501 * which is available only for non-DLP sandbox applications. 502 * @throws { BusinessError } 19100011 - The system ability works abnormally. 503 * @syscap SystemCapability.Security.DataLossPrevention 504 * @since 10 505 */ 506 function getRetentionSandboxList(bundleName: string, callback: AsyncCallback<Array<RetentionSandboxInfo>>): void; 507 508 /** 509 * Obtains information about the retained DLP sandboxes of an application. This method uses an asynchronous callback to return the result. 510 * 511 * @param { AsyncCallback<Array<RetentionSandboxInfo>> } callback - Indicates the callback of getRetentionSandboxList. 512 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 513 * @throws { BusinessError } 19100001 - Invalid parameter value. 514 * @throws { BusinessError } 19100007 - No permission to call this API, 515 * which is available only for non-DLP sandbox applications. 516 * @throws { BusinessError } 19100011 - The system ability works abnormally. 517 * @syscap SystemCapability.Security.DataLossPrevention 518 * @since 10 519 */ 520 function getRetentionSandboxList(callback: AsyncCallback<Array<RetentionSandboxInfo>>): void; 521 522 /** 523 * Obtains the DLP file access records. This method uses a promise to return the result. 524 * 525 * @returns { Promise<Array<AccessedDLPFileInfo>> } Returns a list of {@link AccessedDLPFileInfo}. 526 * @throws { BusinessError } 19100001 - Invalid parameter value. 527 * @throws { BusinessError } 19100007 - No permission to call this API, 528 * which is available only for non-DLP sandbox applications. 529 * @throws { BusinessError } 19100011 - The system ability works abnormally. 530 * @syscap SystemCapability.Security.DataLossPrevention 531 * @since 10 532 */ 533 function getDLPFileAccessRecords(): Promise<Array<AccessedDLPFileInfo>>; 534 535 /** 536 * Obtains the DLP file access records. This method uses an asynchronous callback to return the result. 537 * 538 * @param { AsyncCallback<Array<AccessedDLPFileInfo>> } callback - Indicates the callback of getDLPFileAccessRecords. 539 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 540 * @throws { BusinessError } 19100001 - Invalid parameter value. 541 * @throws { BusinessError } 19100007 - No permission to call this API, 542 * which is available only for non-DLP sandbox applications. 543 * @throws { BusinessError } 19100011 - The system ability works abnormally. 544 * @syscap SystemCapability.Security.DataLossPrevention 545 * @since 10 546 */ 547 function getDLPFileAccessRecords(callback: AsyncCallback<Array<AccessedDLPFileInfo>>): void; 548 549 /** 550 * Represents the return value of the function startDLPManagerForResult. 551 * 552 * @interface DLPManagerResult 553 * @syscap SystemCapability.Security.DataLossPrevention 554 * @StageModelOnly 555 * @since 11 556 */ 557 export interface DLPManagerResult { 558 /** 559 * Indicates the result code returned after the DLP manager is destroyed. 560 * 561 * @type { number } 562 * @syscap SystemCapability.Security.DataLossPrevention 563 * @StageModelOnly 564 * @since 11 565 */ 566 resultCode: number; 567 568 /** 569 * Indicates the data returned after the DLP manager is destroyed. 570 * 571 * @type { Want } 572 * @syscap SystemCapability.Security.DataLossPrevention 573 * @StageModelOnly 574 * @since 11 575 */ 576 want: Want; 577 } 578 579 /** 580 * Starts the DLP manager. This method uses a promise to return the result. 581 * 582 * @param { common.UIAbilityContext } context - Indicates the UIAbility context of the caller. 583 * @param { Want } want - Indicates the request to the DLP manager. 584 * @returns { Promise<DLPManagerResult> } Returns the {@link DLPManagerResult}. 585 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 586 * 2. Incorrect parameter types. 587 * @throws { BusinessError } 19100001 - Invalid parameter value. 588 * @throws { BusinessError } 19100011 - The system ability works abnormally. 589 * @throws { BusinessError } 19100016 - The uri field is missing in the want parameter. 590 * @throws { BusinessError } 19100017 - The displayName field is missing in the want parameter. 591 * @syscap SystemCapability.Security.DataLossPrevention 592 * @StageModelOnly 593 * @since 11 594 */ 595 function startDLPManagerForResult(context: common.UIAbilityContext, want: Want): Promise<DLPManagerResult>; 596 597 /** 598 * Enumerates the gathering policy types for DLP files. 599 * 600 * @enum { number } 601 * @syscap SystemCapability.Security.DataLossPrevention 602 * @systemapi Hide this for inner system use. 603 * @since 10 604 */ 605 export enum GatheringPolicyType { 606 /** 607 * Gathering, which allows multiple DLP files to be opened in a sandbox. 608 * 609 * @syscap SystemCapability.Security.DataLossPrevention 610 * @systemapi Hide this for inner system use. 611 * @since 10 612 */ 613 GATHERING = 1, 614 615 /** 616 * Non-gathering, which allows only one DLP file to be opened in a sandbox. 617 * 618 * @syscap SystemCapability.Security.DataLossPrevention 619 * @systemapi Hide this for inner system use. 620 * @since 10 621 */ 622 NON_GATHERING = 2 623 } 624 625 /** 626 * Obtains the DLP sandbox gathering policy. This method uses a promise to return the result. 627 * 628 * @permission ohos.permission.ACCESS_DLP_FILE 629 * @returns { Promise<GatheringPolicyType> } Returns the {@link GatheringPolicyType}. 630 * @throws { BusinessError } 201 - Permission denied. 631 * @throws { BusinessError } 202 - Non-system applications use system APIs. 632 * @throws { BusinessError } 19100001 - Invalid parameter value. 633 * @throws { BusinessError } 19100011 - The system ability works abnormally. 634 * @syscap SystemCapability.Security.DataLossPrevention 635 * @systemapi Hide this for inner system use. 636 * @since 10 637 */ 638 function getDLPGatheringPolicy(): Promise<GatheringPolicyType>; 639 640 /** 641 * Obtains the DLP sandbox gathering policy. This method uses an asynchronous callback to return the result. 642 * 643 * @permission ohos.permission.ACCESS_DLP_FILE 644 * @param { AsyncCallback<GatheringPolicyType> } callback - Indicates the callback of getDLPGatheringPolicy. 645 * @throws { BusinessError } 201 - Permission denied. 646 * @throws { BusinessError } 202 - Non-system applications use system APIs. 647 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 648 * @throws { BusinessError } 19100001 - Invalid parameter value. 649 * @throws { BusinessError } 19100011 - The system ability works abnormally. 650 * @syscap SystemCapability.Security.DataLossPrevention 651 * @systemapi Hide this for inner system use. 652 * @since 10 653 */ 654 function getDLPGatheringPolicy(callback: AsyncCallback<GatheringPolicyType>): void; 655 656 /** 657 * Represents the installed DLP sandbox application info. 658 * 659 * @interface DLPSandboxInfo 660 * @syscap SystemCapability.Security.DataLossPrevention 661 * @systemapi Hide this for inner system use. 662 * @since 10 663 */ 664 export interface DLPSandboxInfo { 665 /** 666 * Index of the installed DLP sandbox application. 667 * 668 * @type { number } 669 * @syscap SystemCapability.Security.DataLossPrevention 670 * @systemapi Hide this for inner system use. 671 * @since 10 672 */ 673 appIndex: number; 674 675 /** 676 * Token ID of the installed DLP sandbox application. 677 * 678 * @type { number } 679 * @syscap SystemCapability.Security.DataLossPrevention 680 * @systemapi Hide this for inner system use. 681 * @since 10 682 */ 683 tokenID: number; 684 } 685 686 /** 687 * Installs a DLP sandbox application. This method uses a promise to return the result. 688 * 689 * @permission ohos.permission.ACCESS_DLP_FILE 690 * @param { string } bundleName - Indicates the bundle name of the application. 691 * @param { DLPFileAccess } access - Indicates the access permission for the DLP file. 692 * @param { number } userId - Indicates the user ID. 693 * @param { string } uri - Indicates the URI of the file. 694 * @returns { Promise<DLPSandboxInfo> } Returns the {@link DLPSandboxInfo}. 695 * @throws { BusinessError } 201 - Permission denied. 696 * @throws { BusinessError } 202 - Non-system applications use system APIs. 697 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 698 * 2. Incorrect parameter types. 699 * @throws { BusinessError } 19100001 - Invalid parameter value. 700 * @throws { BusinessError } 19100011 - The system ability works abnormally. 701 * @syscap SystemCapability.Security.DataLossPrevention 702 * @systemapi Hide this for inner system use. 703 * @since 10 704 */ 705 function installDLPSandbox( 706 bundleName: string, 707 access: DLPFileAccess, 708 userId: number, 709 uri: string 710 ): Promise<DLPSandboxInfo>; 711 712 /** 713 * Installs a DLP sandbox application. This method uses an asynchronous callback to return the result. 714 * 715 * @permission ohos.permission.ACCESS_DLP_FILE 716 * @param { string } bundleName - Indicates the bundle name of the application. 717 * @param { DLPFileAccess } access - Indicates the access permission for the DLP file. 718 * @param { number } userId - Indicates the user ID. 719 * @param { string } uri - Indicates the URI of the file. 720 * @param { AsyncCallback<DLPSandboxInfo> } callback - Indicates the callback of installDLPSandbox. 721 * @throws { BusinessError } 201 - Permission denied. 722 * @throws { BusinessError } 202 - Non-system applications use system APIs. 723 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 724 * 2. Incorrect parameter types. 725 * @throws { BusinessError } 19100001 - Invalid parameter value. 726 * @throws { BusinessError } 19100011 - The system ability works abnormally. 727 * @syscap SystemCapability.Security.DataLossPrevention 728 * @systemapi Hide this for inner system use. 729 * @since 10 730 */ 731 function installDLPSandbox( 732 bundleName: string, 733 access: DLPFileAccess, 734 userId: number, 735 uri: string, 736 callback: AsyncCallback<DLPSandboxInfo> 737 ): void; 738 739 /** 740 * Uninstalls a DLP sandbox application. This method uses a promise to return the result. 741 * 742 * @permission ohos.permission.ACCESS_DLP_FILE 743 * @param { string } bundleName - Indicates the bundle name of the application. 744 * @param { number } userId - Indicates the user ID. 745 * @param { number } appIndex - Indicates the index of DLP sandbox. 746 * @returns { Promise<void> } The promise returned by the function. 747 * @throws { BusinessError } 201 - Permission denied. 748 * @throws { BusinessError } 202 - Non-system applications use system APIs. 749 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 750 * 2. Incorrect parameter types. 751 * @throws { BusinessError } 19100001 - Invalid parameter value. 752 * @throws { BusinessError } 19100011 - The system ability works abnormally. 753 * @syscap SystemCapability.Security.DataLossPrevention 754 * @systemapi Hide this for inner system use. 755 * @since 10 756 */ 757 function uninstallDLPSandbox(bundleName: string, userId: number, appIndex: number): Promise<void>; 758 759 /** 760 * Uninstalls a DLP sandbox application. This method uses an asynchronous callback to return the result. 761 * 762 * @permission ohos.permission.ACCESS_DLP_FILE 763 * @param { string } bundleName - Indicates the bundle name of the application. 764 * @param { number } userId - Indicates the user ID. 765 * @param { number } appIndex - Indicates the index of DLP sandbox. 766 * @param { AsyncCallback<void> } callback - Indicates the callback of uninstallDLPSandbox. 767 * @throws { BusinessError } 201 - Permission denied. 768 * @throws { BusinessError } 202 - Non-system applications use system APIs. 769 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 770 * 2. Incorrect parameter types. 771 * @throws { BusinessError } 19100001 - Invalid parameter value. 772 * @throws { BusinessError } 19100011 - The system ability works abnormally. 773 * @syscap SystemCapability.Security.DataLossPrevention 774 * @systemapi Hide this for inner system use. 775 * @since 10 776 */ 777 function uninstallDLPSandbox( 778 bundleName: string, 779 userId: number, 780 appIndex: number, 781 callback: AsyncCallback<void> 782 ): void; 783 784 /** 785 * Represents the DLP sandbox state. 786 * 787 * @interface DLPSandboxState 788 * @syscap SystemCapability.Security.DataLossPrevention 789 * @systemapi Hide this for inner system use. 790 * @since 10 791 */ 792 export interface DLPSandboxState { 793 /** 794 * Bundle name of the application. 795 * 796 * @type { string } 797 * @syscap SystemCapability.Security.DataLossPrevention 798 * @systemapi Hide this for inner system use. 799 * @since 10 800 */ 801 bundleName: string; 802 803 /** 804 * Application index of the DLP sandbox. 805 * 806 * @type { number } 807 * @syscap SystemCapability.Security.DataLossPrevention 808 * @systemapi Hide this for inner system use. 809 * @since 10 810 */ 811 appIndex: number; 812 } 813 814 /** 815 * Subscribes to the event reported when a DLP sandbox application is uninstalled. 816 * 817 * @permission ohos.permission.ACCESS_DLP_FILE 818 * @param { 'uninstallDLPSandbox' } type - Indicates the type of event to subscribe to. 819 * The value of type must be uninstallDLPSandbox. 820 * @param { Callback<DLPSandboxState> } listener - Indicates the callback for the DLP sandbox application uninstall event. 821 * @throws { BusinessError } 201 - Permission denied. 822 * @throws { BusinessError } 202 - Non-system applications use system APIs. 823 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 824 * 2. Incorrect parameter types. 3. Parameter verification failed. 825 * @throws { BusinessError } 19100001 - Invalid parameter value. 826 * @throws { BusinessError } 19100011 - The system ability works abnormally. 827 * @syscap SystemCapability.Security.DataLossPrevention 828 * @systemapi Hide this for inner system use. 829 * @since 10 830 */ 831 function on(type: 'uninstallDLPSandbox', listener: Callback<DLPSandboxState>): void; 832 833 /** 834 * Unsubscribes from the event reported when a DLP sandbox application is uninstalled. 835 * 836 * @permission ohos.permission.ACCESS_DLP_FILE 837 * @param { 'uninstallDLPSandbox' } type - Indicates the type of event to unsubscribe from. 838 * The value of type must be uninstallDLPSandbox. 839 * @param { Callback<DLPSandboxState> } listener - Indicates the callback for the DLP sandbox application uninstall event. 840 * @throws { BusinessError } 201 - Permission denied. 841 * @throws { BusinessError } 202 - Non-system applications use system APIs. 842 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 843 * 2. Incorrect parameter types. 3. Parameter verification failed. 844 * @throws { BusinessError } 19100001 - Invalid parameter value. 845 * @throws { BusinessError } 19100011 - The system ability works abnormally. 846 * @syscap SystemCapability.Security.DataLossPrevention 847 * @systemapi Hide this for inner system use. 848 * @since 10 849 */ 850 function off(type: 'uninstallDLPSandbox', listener?: Callback<DLPSandboxState>): void; 851 852 /** 853 * Enumerates the account types for a DLP file. 854 * 855 * @enum { number } 856 * @syscap SystemCapability.Security.DataLossPrevention 857 * @systemapi Hide this for inner system use. 858 * @since 10 859 */ 860 export enum AccountType { 861 /** 862 * Cloud account. 863 * 864 * @syscap SystemCapability.Security.DataLossPrevention 865 * @systemapi Hide this for inner system use. 866 * @since 10 867 */ 868 CLOUD_ACCOUNT = 1, 869 870 /** 871 * Domain account. 872 * 873 * @syscap SystemCapability.Security.DataLossPrevention 874 * @systemapi Hide this for inner system use. 875 * @since 10 876 */ 877 DOMAIN_ACCOUNT = 2 878 } 879 880 /** 881 * Represents the authorized user information. 882 * 883 * @interface AuthUser 884 * @syscap SystemCapability.Security.DataLossPrevention 885 * @systemapi Hide this for inner system use. 886 * @since 10 887 */ 888 export interface AuthUser { 889 /** 890 * Authorized account of the DLP file. 891 * 892 * @type { string } 893 * @syscap SystemCapability.Security.DataLossPrevention 894 * @systemapi Hide this for inner system use. 895 * @since 10 896 */ 897 authAccount: string; 898 899 /** 900 * Type of the authorized account. 901 * 902 * @type { AccountType } 903 * @syscap SystemCapability.Security.DataLossPrevention 904 * @systemapi Hide this for inner system use. 905 * @since 10 906 */ 907 authAccountType: AccountType; 908 909 /** 910 * Authorized permission for the DLP file. 911 * 912 * @type { DLPFileAccess } 913 * @syscap SystemCapability.Security.DataLossPrevention 914 * @systemapi Hide this for inner system use. 915 * @since 10 916 */ 917 dlpFileAccess: DLPFileAccess; 918 919 /** 920 * Authorization expiration time of the DLP file. 921 * 922 * @type { number } 923 * @syscap SystemCapability.Security.DataLossPrevention 924 * @systemapi Hide this for inner system use. 925 * @since 10 926 */ 927 permExpiryTime: number; 928 } 929 930 /** 931 * Represents the DLP file property. 932 * 933 * @interface DLPProperty 934 * @syscap SystemCapability.Security.DataLossPrevention 935 * @systemapi Hide this for inner system use. 936 * @since 10 937 */ 938 export interface DLPProperty { 939 /** 940 * Owner account of the DLP file. 941 * 942 * @type { string } 943 * @syscap SystemCapability.Security.DataLossPrevention 944 * @systemapi Hide this for inner system use. 945 * @since 10 946 */ 947 ownerAccount: string; 948 949 /** 950 * Owner account ID of the DLP file. 951 * 952 * @type { string } 953 * @syscap SystemCapability.Security.DataLossPrevention 954 * @systemapi Hide this for inner system use. 955 * @since 10 956 */ 957 ownerAccountID: string; 958 959 /** 960 * Type of the owner account of the DLP file. 961 * 962 * @type { AccountType } 963 * @syscap SystemCapability.Security.DataLossPrevention 964 * @systemapi Hide this for inner system use. 965 * @since 10 966 */ 967 ownerAccountType: AccountType; 968 969 /** 970 * Authorized users of the DLP file. 971 * 972 * @type { ?Array<AuthUser> } 973 * @syscap SystemCapability.Security.DataLossPrevention 974 * @systemapi Hide this for inner system use. 975 * @since 10 976 */ 977 authUserList?: Array<AuthUser>; 978 979 /** 980 * Contact account of the DLP file. 981 * 982 * @type { string } 983 * @syscap SystemCapability.Security.DataLossPrevention 984 * @systemapi Hide this for inner system use. 985 * @since 10 986 */ 987 contactAccount: string; 988 989 /** 990 * Whether the DLP file can be accessed offline. 991 * If the DLP file supports offline access, the credential server needs to be connected to the network only when the DLP file is opened for the first time. 992 * 993 * @type { boolean } 994 * @syscap SystemCapability.Security.DataLossPrevention 995 * @systemapi Hide this for inner system use. 996 * @since 10 997 */ 998 offlineAccess: boolean; 999 1000 /** 1001 * Everyone access list for the DLP file. 1002 * 1003 * @type { ?Array<DLPFileAccess> } 1004 * @syscap SystemCapability.Security.DataLossPrevention 1005 * @systemapi Hide this for inner system use. 1006 * @since 10 1007 */ 1008 everyoneAccessList?: Array<DLPFileAccess>; 1009 1010 /** 1011 * Timestamp of the time when the DLP file expires. 1012 * 1013 * @type { ?number } 1014 * @syscap SystemCapability.Security.DataLossPrevention 1015 * @systemapi Hide this for inner system use. 1016 * @since 11 1017 */ 1018 expireTime?: number; 1019 1020 /** 1021 * Defines the action to perform when the DLP file has expired. 1022 * @type { ?ActionType } 1023 * @syscap SystemCapability.Security.DataLossPrevention 1024 * @systemapi Hide this for inner system use. 1025 * @since 20 1026 */ 1027 actionUponExpiry?: ActionType; 1028 } 1029 1030 /** 1031 * Defines the DLP file object. 1032 * 1033 * @interface DLPFile 1034 * @syscap SystemCapability.Security.DataLossPrevention 1035 * @systemapi Hide this for inner system use. 1036 * @since 10 1037 */ 1038 export interface DLPFile { 1039 /** 1040 * DLP file property. 1041 * 1042 * @type { DLPProperty } 1043 * @syscap SystemCapability.Security.DataLossPrevention 1044 * @systemapi Hide this for inner system use. 1045 * @since 10 1046 */ 1047 dlpProperty: DLPProperty; 1048 1049 /** 1050 * Adds a link file for the DLP file. This method uses a promise to return the result. 1051 * The link file is implemented through the Filesystem in Userspace (FUSE). 1052 * 1053 * @permission ohos.permission.ACCESS_DLP_FILE 1054 * @param { string } linkFileName - Indicates the name of link file to add. 1055 * @returns { Promise<void> } The promise returned by the function. 1056 * @throws { BusinessError } 201 - Permission denied. 1057 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1058 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1059 * 2. Incorrect parameter types. 1060 * @throws { BusinessError } 19100001 - Invalid parameter value. 1061 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1062 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1063 * @syscap SystemCapability.Security.DataLossPrevention 1064 * @systemapi Hide this for inner system use. 1065 * @since 10 1066 */ 1067 addDLPLinkFile(linkFileName: string): Promise<void>; 1068 1069 /** 1070 * Adds a link file for the DLP file. This method uses an asynchronous callback to return the result. 1071 * The link file is implemented through the FUSE. 1072 * 1073 * @permission ohos.permission.ACCESS_DLP_FILE 1074 * @param { string } linkFileName - Indicates the name of link file to add. 1075 * @param { AsyncCallback<void> } callback - Indicates the callback of addDLPLinkFile. 1076 * @throws { BusinessError } 201 - Permission denied. 1077 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1078 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1079 * 2. Incorrect parameter types. 1080 * @throws { BusinessError } 19100001 - Invalid parameter value. 1081 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1082 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1083 * @syscap SystemCapability.Security.DataLossPrevention 1084 * @systemapi Hide this for inner system use. 1085 * @since 10 1086 */ 1087 addDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void; 1088 1089 /** 1090 * Stops the FUSE link between the DLP file and a link file. This method uses a promise to return the result. 1091 * 1092 * @permission ohos.permission.ACCESS_DLP_FILE 1093 * @returns { Promise<void> } The promise returned by the function. 1094 * @throws { BusinessError } 201 - Permission denied. 1095 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1096 * @throws { BusinessError } 19100001 - Invalid parameter value. 1097 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1098 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1099 * @syscap SystemCapability.Security.DataLossPrevention 1100 * @systemapi Hide this for inner system use. 1101 * @since 10 1102 */ 1103 stopFuseLink(): Promise<void>; 1104 1105 /** 1106 * Stops the FUSE link between the DLP file and a link file. This method uses an asynchronous callback to return the result. 1107 * 1108 * @permission ohos.permission.ACCESS_DLP_FILE 1109 * @param { AsyncCallback<void> } callback - Indicates the callback of stopFuseLink. 1110 * @throws { BusinessError } 201 - Permission denied. 1111 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1112 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 1113 * @throws { BusinessError } 19100001 - Invalid parameter value. 1114 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1115 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1116 * @syscap SystemCapability.Security.DataLossPrevention 1117 * @systemapi Hide this for inner system use. 1118 * @since 10 1119 */ 1120 stopFuseLink(callback: AsyncCallback<void>): void; 1121 1122 /** 1123 * Resumes the FUSE link between the DLP file and a link file. This method uses a promise to return the result. 1124 * 1125 * @permission ohos.permission.ACCESS_DLP_FILE 1126 * @returns { Promise<void> } The promise returned by the function. 1127 * @throws { BusinessError } 201 - Permission denied. 1128 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1129 * @throws { BusinessError } 19100001 - Invalid parameter value. 1130 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1131 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1132 * @syscap SystemCapability.Security.DataLossPrevention 1133 * @systemapi Hide this for inner system use. 1134 * @since 10 1135 */ 1136 resumeFuseLink(): Promise<void>; 1137 1138 /** 1139 * Resumes the FUSE link between the DLP file and a link file. This method uses an asynchronous callback to return the result. 1140 * 1141 * @permission ohos.permission.ACCESS_DLP_FILE 1142 * @param { AsyncCallback<void> } callback - Indicates the callback of resumeFuseLink. 1143 * @throws { BusinessError } 201 - Permission denied. 1144 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1145 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 1146 * @throws { BusinessError } 19100001 - Invalid parameter value. 1147 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1148 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1149 * @syscap SystemCapability.Security.DataLossPrevention 1150 * @systemapi Hide this for inner system use. 1151 * @since 10 1152 */ 1153 resumeFuseLink(callback: AsyncCallback<void>): void; 1154 1155 /** 1156 * Replaces the link file of the DLP file. This method uses a promise to return the result. 1157 * 1158 * @permission ohos.permission.ACCESS_DLP_FILE 1159 * @param { string } linkFileName - Indicates the name of link file. 1160 * @returns { Promise<void> } The promise returned by the function. 1161 * @throws { BusinessError } 201 - Permission denied. 1162 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1163 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1164 * 2. Incorrect parameter types. 1165 * @throws { BusinessError } 19100001 - Invalid parameter value. 1166 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1167 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1168 * @syscap SystemCapability.Security.DataLossPrevention 1169 * @systemapi Hide this for inner system use. 1170 * @since 10 1171 */ 1172 replaceDLPLinkFile(linkFileName: string): Promise<void>; 1173 1174 /** 1175 * Replaces the link file of the DLP file. This method uses an asynchronous callback to return the result. 1176 * 1177 * @permission ohos.permission.ACCESS_DLP_FILE 1178 * @param { string } linkFileName - Indicates the name of link file. 1179 * @param { AsyncCallback<void> } callback - Indicates the callback of replaceDLPLinkFile. 1180 * @throws { BusinessError } 201 - Permission denied. 1181 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1182 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1183 * 2. Incorrect parameter types. 1184 * @throws { BusinessError } 19100001 - Invalid parameter value. 1185 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1186 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1187 * @syscap SystemCapability.Security.DataLossPrevention 1188 * @systemapi Hide this for inner system use. 1189 * @since 10 1190 */ 1191 replaceDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void; 1192 1193 /** 1194 * Deletes a link file of the DLP file. This method uses a promise to return the result. 1195 * 1196 * @permission ohos.permission.ACCESS_DLP_FILE 1197 * @param { string } linkFileName - Indicates the name of link file to delete. 1198 * @returns { Promise<void> } The promise returned by the function. 1199 * @throws { BusinessError } 201 - Permission denied. 1200 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1201 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1202 * 2. Incorrect parameter types. 1203 * @throws { BusinessError } 19100001 - Invalid parameter value. 1204 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1205 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1206 * @syscap SystemCapability.Security.DataLossPrevention 1207 * @systemapi Hide this for inner system use. 1208 * @since 10 1209 */ 1210 deleteDLPLinkFile(linkFileName: string): Promise<void>; 1211 1212 /** 1213 * Deletes a link file of the DLP file. This method uses an asynchronous callback to return the result. 1214 * 1215 * @permission ohos.permission.ACCESS_DLP_FILE 1216 * @param { string } linkFileName - Indicates the name of link file to delete. 1217 * @param { AsyncCallback<void> } callback - Indicates the callback of deleteDLPLinkFile. 1218 * @throws { BusinessError } 201 - Permission denied. 1219 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1220 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1221 * 2. Incorrect parameter types. 1222 * @throws { BusinessError } 19100001 - Invalid parameter value. 1223 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1224 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1225 * @syscap SystemCapability.Security.DataLossPrevention 1226 * @systemapi Hide this for inner system use. 1227 * @since 10 1228 */ 1229 deleteDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void; 1230 1231 /** 1232 * Recovers the file in plaintext from the DLP file. This method uses a promise to return the result. 1233 * 1234 * @permission ohos.permission.ACCESS_DLP_FILE 1235 * @param { number } plaintextFd - Indicates the file descriptor of the file in plaintext. 1236 * @returns { Promise<void> } The promise returned by the function. 1237 * @throws { BusinessError } 201 - Permission denied. 1238 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1239 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1240 * 2. Incorrect parameter types. 1241 * @throws { BusinessError } 19100001 - Invalid parameter value. 1242 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1243 * @throws { BusinessError } 19100003 - Credential task time out. 1244 * @throws { BusinessError } 19100004 - Credential service error. 1245 * @throws { BusinessError } 19100005 - Credential authentication server error. 1246 * @throws { BusinessError } 19100008 - The file is not a DLP file. 1247 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1248 * @throws { BusinessError } 19100010 - The DLP file is read only. 1249 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1250 * @syscap SystemCapability.Security.DataLossPrevention 1251 * @systemapi Hide this for inner system use. 1252 * @since 10 1253 */ 1254 recoverDLPFile(plaintextFd: number): Promise<void>; 1255 1256 /** 1257 * Recovers the file in plaintext from the DLP file. This method uses an asynchronous callback to return the result. 1258 * 1259 * @permission ohos.permission.ACCESS_DLP_FILE 1260 * @param { number } plaintextFd - Indicates the file descriptor of the file in plaintext. 1261 * @param { AsyncCallback<void> } callback - Indicates the callback of recoverDLPFile. 1262 * @throws { BusinessError } 201 - Permission denied. 1263 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1264 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1265 * 2. Incorrect parameter types. 1266 * @throws { BusinessError } 19100001 - Invalid parameter value. 1267 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1268 * @throws { BusinessError } 19100003 - Credential task time out. 1269 * @throws { BusinessError } 19100004 - Credential service error. 1270 * @throws { BusinessError } 19100005 - Credential authentication server error. 1271 * @throws { BusinessError } 19100008 - The file is not a DLP file. 1272 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1273 * @throws { BusinessError } 19100010 - The DLP file is read only. 1274 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1275 * @syscap SystemCapability.Security.DataLossPrevention 1276 * @systemapi Hide this for inner system use. 1277 * @since 10 1278 */ 1279 recoverDLPFile(plaintextFd: number, callback: AsyncCallback<void>): void; 1280 1281 /** 1282 * Closes the DLP file when the object is no longer used. This method uses a promise to return the result. 1283 * 1284 * @permission ohos.permission.ACCESS_DLP_FILE 1285 * @returns { Promise<void> } The promise returned by the function. 1286 * @throws { BusinessError } 201 - Permission denied. 1287 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1288 * @throws { BusinessError } 19100001 - Invalid parameter value. 1289 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1290 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1291 * @syscap SystemCapability.Security.DataLossPrevention 1292 * @systemapi Hide this for inner system use. 1293 * @since 10 1294 */ 1295 closeDLPFile(): Promise<void>; 1296 1297 /** 1298 * Closes the DLP file when the object is no longer used. This method uses an asynchronous callback to return the result. 1299 * 1300 * @permission ohos.permission.ACCESS_DLP_FILE 1301 * @param { AsyncCallback<void> } callback - Indicates the callback of closeDLPFile. 1302 * @throws { BusinessError } 201 - Permission denied. 1303 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1304 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Incorrect parameter types. 1305 * @throws { BusinessError } 19100001 - Invalid parameter value. 1306 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1307 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1308 * @syscap SystemCapability.Security.DataLossPrevention 1309 * @systemapi Hide this for inner system use. 1310 * @since 10 1311 */ 1312 closeDLPFile(callback: AsyncCallback<void>): void; 1313 } 1314 1315 /** 1316 * Generates a DLP file. This method uses a promise to return the result. 1317 * 1318 * @permission ohos.permission.ACCESS_DLP_FILE 1319 * @param { number } plaintextFd - Indicates the file descriptor of the file in plaintext. 1320 * @param { number } ciphertextFd - Indicates the file descriptor of the DLP file. 1321 * @param { DLPProperty } property - Indicates the property of the DLP file. 1322 * @returns { Promise<DLPFile> } Returns the {@link DLPFile}. 1323 * @throws { BusinessError } 201 - Permission denied. 1324 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1325 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1326 * 2. Incorrect parameter types. 1327 * @throws { BusinessError } 19100001 - Invalid parameter value. 1328 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1329 * @throws { BusinessError } 19100003 - Credential task time out. 1330 * @throws { BusinessError } 19100004 - Credential service error. 1331 * @throws { BusinessError } 19100005 - Credential authentication server error. 1332 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1333 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1334 * @syscap SystemCapability.Security.DataLossPrevention 1335 * @systemapi Hide this for inner system use. 1336 * @since 10 1337 */ 1338 function generateDLPFile(plaintextFd: number, ciphertextFd: number, property: DLPProperty): Promise<DLPFile>; 1339 1340 /** 1341 * Generates a DLP file. This method uses an asynchronous callback to return the result. 1342 * 1343 * @permission ohos.permission.ACCESS_DLP_FILE 1344 * @param { number } plaintextFd - Indicates the file descriptor of the file in plaintext. 1345 * @param { number } ciphertextFd - Indicates the file descriptor of the DLP file. 1346 * @param { DLPProperty } property - Indicates the property of the DLP file. 1347 * @param { AsyncCallback<DLPFile> } callback - Indicates the callback of generateDLPFile. 1348 * @throws { BusinessError } 201 - Permission denied. 1349 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1350 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1351 * 2. Incorrect parameter types. 1352 * @throws { BusinessError } 19100001 - Invalid parameter value. 1353 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1354 * @throws { BusinessError } 19100003 - Credential task time out. 1355 * @throws { BusinessError } 19100004 - Credential service error. 1356 * @throws { BusinessError } 19100005 - Credential authentication server error. 1357 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1358 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1359 * @syscap SystemCapability.Security.DataLossPrevention 1360 * @systemapi Hide this for inner system use. 1361 * @since 10 1362 */ 1363 function generateDLPFile( 1364 plaintextFd: number, 1365 ciphertextFd: number, 1366 property: DLPProperty, 1367 callback: AsyncCallback<DLPFile> 1368 ): void; 1369 1370 /** 1371 * Opens a DLP file. This method uses a promise to return the result. 1372 * 1373 * @permission ohos.permission.ACCESS_DLP_FILE 1374 * @param { number } ciphertextFd - Indicates the file descriptor of the DLP file to open. 1375 * @param { string } appId - Indicates the app ID of the application which opens the DLP file. 1376 * @returns { Promise<DLPFile> } Returns the {@link DLPFile}. 1377 * @throws { BusinessError } 201 - Permission denied. 1378 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1379 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1380 * 2. Incorrect parameter types. 1381 * @throws { BusinessError } 19100001 - Invalid parameter value. 1382 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1383 * @throws { BusinessError } 19100003 - Credential task time out. 1384 * @throws { BusinessError } 19100004 - Credential service error. 1385 * @throws { BusinessError } 19100005 - Credential authentication server error. 1386 * @throws { BusinessError } 19100008 - The file is not a DLP file. 1387 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1388 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1389 * @throws { BusinessError } 19100018 - The application is not authorized. 1390 * @throws { BusinessError } 19100019 - The DLP file has expired. 1391 * @throws { BusinessError } 19100020 - No network connection. 1392 * @syscap SystemCapability.Security.DataLossPrevention 1393 * @systemapi Hide this for inner system use. 1394 * @since 11 1395 */ 1396 function openDLPFile(ciphertextFd: number, appId: string): Promise<DLPFile>; 1397 1398 /** 1399 * Opens a DLP file. This method uses an asynchronous callback to return the result. 1400 * 1401 * @permission ohos.permission.ACCESS_DLP_FILE 1402 * @param { number } ciphertextFd - Indicates the file descriptor of the DLP file to open. 1403 * @param { string } appId - Indicates the app ID of the application which opens the DLP file. 1404 * @param { AsyncCallback<DLPFile> } callback - Indicates the callback of openDLPFile. 1405 * @throws { BusinessError } 201 - Permission denied. 1406 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1407 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1408 * 2. Incorrect parameter types. 1409 * @throws { BusinessError } 19100001 - Invalid parameter value. 1410 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1411 * @throws { BusinessError } 19100003 - Credential task time out. 1412 * @throws { BusinessError } 19100004 - Credential service error. 1413 * @throws { BusinessError } 19100005 - Credential authentication server error. 1414 * @throws { BusinessError } 19100008 - The file is not a DLP file. 1415 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1416 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1417 * @throws { BusinessError } 19100018 - The application is not authorized. 1418 * @throws { BusinessError } 19100019 - The DLP file has expired. 1419 * @throws { BusinessError } 19100020 - No network connection. 1420 * @syscap SystemCapability.Security.DataLossPrevention 1421 * @systemapi Hide this for inner system use. 1422 * @since 11 1423 */ 1424 function openDLPFile(ciphertextFd: number, appId: string, callback: AsyncCallback<DLPFile>): void; 1425 1426 /** 1427 * Sets sandbox application configuration. This method uses a promise to return the result. 1428 * 1429 * @param { string } configInfo - Configuration of the sandbox application. 1430 * @returns { Promise<void> } Promise used to return the result. 1431 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 1432 * 2. Incorrect parameter types. 1433 * @throws { BusinessError } 19100001 - Invalid parameter value. 1434 * @throws { BusinessError } 19100007 - No permission to call this API, 1435 * which is available only for non-DLP sandbox applications. 1436 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1437 * @throws { BusinessError } 19100018 - The application is not authorized. 1438 * @syscap SystemCapability.Security.DataLossPrevention 1439 * @since 11 1440 */ 1441 function setSandboxAppConfig(configInfo: string): Promise<void>; 1442 1443 /** 1444 * Cleans sandbox application configuration. This method uses a promise to return the result. 1445 * 1446 * @returns { Promise<void> } Promise used to return the result. 1447 * @throws { BusinessError } 19100001 - Invalid parameter value. 1448 * @throws { BusinessError } 19100007 - No permission to call this API, 1449 * which is available only for non-DLP sandbox applications. 1450 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1451 * @throws { BusinessError } 19100018 - The application is not authorized. 1452 * @syscap SystemCapability.Security.DataLossPrevention 1453 * @since 11 1454 */ 1455 function cleanSandboxAppConfig(): Promise<void>; 1456 1457 /** 1458 * Obtains sandbox application configuration. This method uses a promise to return the result. 1459 * 1460 * @returns { Promise<string> } Promise used to return the result. 1461 * @throws { BusinessError } 19100001 - Invalid parameter value. 1462 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1463 * @throws { BusinessError } 19100018 - The application is not authorized. 1464 * @syscap SystemCapability.Security.DataLossPrevention 1465 * @since 11 1466 */ 1467 function getSandboxAppConfig(): Promise<string>; 1468 1469 /** 1470 * Checks whether the current system provides the DLP feature. This method uses a promise to return the result. 1471 * 1472 * @returns { Promise<boolean> } Promise used to return the result. 1473 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1474 * @syscap SystemCapability.Security.DataLossPrevention 1475 * @since 12 1476 */ 1477 function isDLPFeatureProvided(): Promise<boolean>; 1478 1479 /** 1480 * Enumerates the action types when exceed expiry time. 1481 * @enum { number } Valuable 1482 * @syscap SystemCapability.Security.DataLossPrevention 1483 * @systemapi Hide this for inner system use. 1484 * @since 20 1485 */ 1486 export enum ActionType { 1487 /** 1488 * NOT_OPEN, which not allows DLP files to be opened exceed expiry time. 1489 * @syscap SystemCapability.Security.DataLossPrevention 1490 * @systemapi Hide this for inner system use. 1491 * @since 20 1492 */ 1493 NOT_OPEN = 0, 1494 1495 /** 1496 * OPEN, which allows DLP files to be opened exceed expiry time. 1497 * @syscap SystemCapability.Security.DataLossPrevention 1498 * @systemapi Hide this for inner system use. 1499 * @since 20 1500 */ 1501 OPEN = 1 1502 } 1503 1504 /** 1505 * Represents the DLP file Custom property. 1506 * 1507 * @interface CustomProperty 1508 * @syscap SystemCapability.Security.DataLossPrevention 1509 * @systemapi Hide this for inner system use. 1510 * @since 20 1511 */ 1512 export interface CustomProperty { 1513 /** 1514 * User defined information for enterprise space. 1515 * 1516 * @type { string } 1517 * @syscap SystemCapability.Security.DataLossPrevention 1518 * @systemapi Hide this for inner system use. 1519 * @since 20 1520 */ 1521 enterprise: string; 1522 } 1523 1524 /** 1525 * Generates a DLP file. 1526 * 1527 * @permission ohos.permission.ENTERPRISE_ACCESS_DLP_FILE 1528 * @param { number } plaintextFd - FD of the file in plaintext. 1529 * @param { number } dlpFd - FD of the DLP file to generate. 1530 * @param { DLPProperty } property - General DLP policy to use. 1531 * @param { CustomProperty } customProperty - Custom DLP policy to use. 1532 * @returns { Promise<void> } Promise used to return the result. 1533 * @throws { BusinessError } 201 - Permission denied. 1534 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1535 * @throws { BusinessError } 19100001 - Invalid parameter value. 1536 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1537 * @throws { BusinessError } 19100003 - Credential task time out. 1538 * @throws { BusinessError } 19100004 - Credential service error. 1539 * @throws { BusinessError } 19100005 - Credential authentication server error. 1540 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1541 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1542 * @throws { BusinessError } 19100014 - Account not logged in. 1543 * @syscap SystemCapability.Security.DataLossPrevention 1544 * @systemapi Hide this for inner system use. 1545 * @since 20 1546 */ 1547 function generateDlpFileForEnterprise(plaintextFd: number, dlpFd: number, property: DLPProperty, customProperty: CustomProperty): Promise<void>; 1548 1549 /** 1550 * Queries the DLP file policy. 1551 * 1552 * @permission ohos.permission.ENTERPRISE_ACCESS_DLP_FILE 1553 * @param { number } dlpFd FD of the target DLP file. 1554 * @returns { Promise<string> } Promise that returns no value. 1555 * @throws { BusinessError } 201 - Permission denied. 1556 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1557 * @throws { BusinessError } 19100001 - Invalid parameter value. 1558 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1559 * @throws { BusinessError } 19100003 - Credential task time out. 1560 * @throws { BusinessError } 19100004 - Credential service error. 1561 * @throws { BusinessError } 19100005 - Credential authentication server error. 1562 * @throws { BusinessError } 19100008 - The file is not a DLP file. 1563 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1564 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1565 * @throws { BusinessError } 19100013 - The user does not have the permission. 1566 * @syscap SystemCapability.Security.DataLossPrevention 1567 * @systemapi Hide this for inner system use. 1568 * @since 20 1569 */ 1570 function queryDlpPolicy(dlpFd: number): Promise<string>; 1571 1572 /** 1573 * Decrypts a DLP file. This API uses a promise to return the result. 1574 * 1575 * @permission ohos.permission.ENTERPRISE_ACCESS_DLP_FILE 1576 * @param { number } dlpFd FD of the target DLP file. 1577 * @param { number } plaintextFd FD of the target DLP file. 1578 * @returns { Promise<void> } Promise that returns no value. 1579 * @throws { BusinessError } 201 - Permission denied. 1580 * @throws { BusinessError } 202 - Non-system applications use system APIs. 1581 * @throws { BusinessError } 19100001 - Invalid parameter value. 1582 * @throws { BusinessError } 19100002 - Credential service busy due to too many tasks or duplicate tasks. 1583 * @throws { BusinessError } 19100003 - Credential task time out. 1584 * @throws { BusinessError } 19100004 - Credential service error. 1585 * @throws { BusinessError } 19100005 - Credential authentication server error. 1586 * @throws { BusinessError } 19100008 - The file is not a DLP file. 1587 * @throws { BusinessError } 19100009 - Failed to operate the DLP file. 1588 * @throws { BusinessError } 19100011 - The system ability works abnormally. 1589 * @throws { BusinessError } 19100013 - The user does not have the permission. 1590 * @syscap SystemCapability.Security.DataLossPrevention 1591 * @systemapi Hide this for inner system use. 1592 * @since 20 1593 */ 1594 function decryptDlpFile(dlpFd: number, plaintextFd: number): Promise<void>; 1595 1596} 1597export default dlpPermission;