1/* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit MDMKit 19 */ 20 21import type Want from './@ohos.app.ability.Want'; 22import type image from './@ohos.multimedia.image'; 23 24/** 25 * This module provides the capability to manage the security of the enterprise devices. 26 * 27 * @namespace securityManager 28 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 29 * @stagemodelonly 30 * @since 11 31 */ 32declare namespace securityManager { 33 /** 34 * The device encryption status. 35 * 36 * @typedef DeviceEncryptionStatus 37 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 38 * @systemapi 39 * @stagemodelonly 40 * @since 11 41 */ 42 export interface DeviceEncryptionStatus { 43 /** 44 * True indicates device is encrypted. 45 * 46 * @type { boolean } 47 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 48 * @systemapi 49 * @stagemodelonly 50 * @since 11 51 */ 52 isEncrypted: boolean; 53 } 54 55 /** 56 * User certificate data. 57 * 58 * @typedef CertBlob 59 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 60 * @stagemodelonly 61 * @since 12 62 */ 63 export interface CertBlob { 64 /** 65 * The certificate content 66 * 67 * @type { Uint8Array } 68 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 69 * @stagemodelonly 70 * @since 12 71 */ 72 inData: Uint8Array; 73 74 /** 75 * The certificate alias 76 * 77 * @type { string } 78 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 79 * @stagemodelonly 80 * @since 12 81 */ 82 alias: string; 83 } 84 85 /** 86 * Application instance data. 87 * 88 * @typedef ApplicationInstance 89 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 90 * @stagemodelonly 91 * @since 20 92 */ 93 export interface ApplicationInstance { 94 /** 95 * Globally unique identifier of an application, which is allocated by the cloud. 96 * AppIdentifier does not change along the application lifecycle, including version updates, certificate changes, 97 * public and private key changes, and application transfer. 98 * 99 * @type { string } 100 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 101 * @stagemodelonly 102 * @since 20 103 */ 104 appIdentifier: string; 105 106 /** 107 * Indicates the OS account identifier. 108 * 109 * @type { number } 110 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 111 * @stagemodelonly 112 * @since 20 113 */ 114 accountId: number; 115 116 /** 117 * Indicates the index of clone app. 118 * 119 * @type { number } 120 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 121 * @stagemodelonly 122 * @since 20 123 */ 124 appIndex: number; 125 } 126 127 /** 128 * Gets device security patch tag. 129 * This function can be called by a super administrator. 130 * 131 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 132 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 133 * The admin must have the corresponding permission. 134 * @returns { string } the security patch tag of the device. 135 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 136 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 137 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 138 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 139 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 140 * 2. Incorrect parameter types; 3. Parameter verification failed. 141 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 142 * @systemapi 143 * @stagemodelonly 144 * @since 11 145 */ 146 function getSecurityPatchTag(admin: Want): string; 147 148 /** 149 * Gets device encryption status. 150 * This function can be called by a super administrator. 151 * 152 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 153 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 154 * The admin must have the corresponding permission. 155 * @returns { DeviceEncryptionStatus } device encryption status. 156 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 157 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 158 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 159 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 160 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 161 * 2. Incorrect parameter types; 3. Parameter verification failed. 162 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 163 * @systemapi 164 * @stagemodelonly 165 * @since 11 166 */ 167 function getDeviceEncryptionStatus(admin: Want): DeviceEncryptionStatus; 168 169 /** 170 * Gets device security policy of the specific type. 171 * This function can be called by a super administrator. 172 * 173 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 174 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 175 * The admin must have the corresponding permission. 176 * @param { string } item - item indicates the specified security policy that needs to be obtained, including patch and encryption. 177 * patch means the device security patch tag, and encryption means the device encryption status. 178 * @returns { string } security policy of the specific type. 179 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 180 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 181 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 182 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 183 * 2. Incorrect parameter types; 3. Parameter verification failed. 184 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 185 * @stagemodelonly 186 * @since 12 187 */ 188 function getSecurityStatus(admin: Want, item: string): string; 189 190 /** 191 * Install user certificate. 192 * This function can be called by a super administrator. 193 * 194 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 195 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 196 * The admin must have the corresponding permission. 197 * @param { CertBlob } certificate - certificate file content and alias. It cannot be empty or more than 40 characters. 198 * @returns { Promise<string> } the promise carries the uri of the certificate used to uninstall 199 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 200 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 201 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 202 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 203 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 204 * 2. Incorrect parameter types; 3. Parameter verification failed. 205 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 206 * @stagemodelonly 207 * @since 12 208 */ 209 function installUserCertificate(admin: Want, certificate: CertBlob): Promise<string>; 210 211 /** 212 * Install user certificate under specified account. 213 * This function can be called by a super administrator. 214 * 215 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 216 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 217 * The admin must have the corresponding permission. 218 * @param { CertBlob } certificate - certificate file content and alias. It cannot be empty or more than 40 characters. 219 * @param { number } accountId - accountId indicates the local ID of the OS account. 220 * @returns { string } the uri of the user certificate used to uninstall. 221 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 222 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 223 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 224 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 225 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 226 * @stagemodelonly 227 * @since 18 228 */ 229 function installUserCertificate(admin: Want, certificate: CertBlob, accountId: number): string; 230 231 /** 232 * Uninstall user certificate. 233 * This function can be called by a super administrator. 234 * 235 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 236 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 237 * The admin must have the corresponding permission. 238 * @param { string } certUri - uri of the certificate. It cannot be empty or more than 64 characters. 239 * @returns { Promise<void> } the promise returned by the uninstallUserCertificate. 240 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 241 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 242 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 243 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 244 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 245 * 2. Incorrect parameter types; 3. Parameter verification failed. 246 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 247 * @stagemodelonly 248 * @since 12 249 */ 250 function uninstallUserCertificate(admin: Want, certUri: string): Promise<void>; 251 252 /** 253 * Get user certificate under specified account. 254 * This function can be called by a super administrator. 255 * 256 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 257 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 258 * The admin must have the corresponding permission. 259 * @param { number } accountId - accountId indicates the local ID of the OS account. 260 * @returns { Array<string> } returned the uri list of user Certificates. 261 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 262 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 263 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 264 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 265 * @stagemodelonly 266 * @since 18 267 */ 268 function getUserCertificates(admin: Want, accountId: number): Array<string>; 269 270 /** 271 * Sets the password policy of the device. 272 * 273 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 274 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 275 * The admin must have the corresponding permission. 276 * @param { PasswordPolicy } policy - password policy to be set. 277 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 278 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 279 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 280 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 281 * 2. Incorrect parameter types; 3. Parameter verification failed. 282 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 283 * @stagemodelonly 284 * @since 12 285 */ 286 function setPasswordPolicy(admin: Want, policy: PasswordPolicy): void; 287 288 /** 289 * Gets the password policy of the device. 290 * 291 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 292 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 293 * The admin must have the corresponding permission. 294 * @returns { PasswordPolicy } the password policy of the device. 295 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 296 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 297 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 298 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 299 * 2. Incorrect parameter types; 3. Parameter verification failed. 300 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 301 * @stagemodelonly 302 * @since 12 303 */ 304 function getPasswordPolicy(admin: Want): PasswordPolicy; 305 306 /** 307 * Gets the password policy of the device. 308 * 309 * @returns { PasswordPolicy } the password policy of the device. 310 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 311 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 312 * @systemapi 313 * @stagemodelonly 314 * @since 12 315 */ 316 function getPasswordPolicy(): PasswordPolicy; 317 318 /** 319 * Sets the application's clipboard policy of the device. 320 * 321 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 322 * @param { Want } admin - admin indicates the administrator ability information. 323 * @param { number } tokenId - tokenId indicates the token id of the application. 324 * @param { ClipboardPolicy } policy - clipboard policy to be set. 325 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 326 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 327 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 328 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 329 * 2. Incorrect parameter types; 3. Parameter verification failed. 330 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 331 * @stagemodelonly 332 * @since 12 333 */ 334 function setAppClipboardPolicy(admin: Want, tokenId: number, policy: ClipboardPolicy): void; 335 336 /** 337 * Gets the application's clipboard policy of the device. 338 * 339 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 340 * @param { Want } admin - admin indicates the administrator ability information. 341 * @param { number } [tokenId] - tokenId indicates the token id of the application. 342 * @returns { string } the json string of clipboard policy for each application of the device. 343 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 344 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 345 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 346 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 347 * 2. Incorrect parameter types; 3. Parameter verification failed. 348 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 349 * @stagemodelonly 350 * @since 12 351 */ 352 function getAppClipboardPolicy(admin: Want, tokenId?: number): string; 353 354 /** 355 * Sets the application's clipboard policy of the device by bundle and account. 356 * 357 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 358 * @param { Want } admin - admin indicates the administrator ability information. 359 * @param { string } bundleName - bundleName indicates the name of bundle. 360 * @param { number } accountId - accountId indicates the ID of OS account. 361 * @param { ClipboardPolicy } policy - clipboard policy to be set. 362 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 363 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 364 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 365 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 366 * @stagemodelonly 367 * @since 18 368 */ 369 function setAppClipboardPolicy(admin: Want, bundleName: string, accountId: number, policy: ClipboardPolicy): void; 370 371 /** 372 * Gets the application's clipboard policy of the device by bundle and account. 373 * 374 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 375 * @param { Want } admin - admin indicates the administrator ability information. 376 * @param { string } bundleName - bundleName indicates the name of bundle. 377 * @param { number } accountId - accountId indicates the ID of OS account. 378 * @returns { string } the json string of the clipboard policy for application of the device. 379 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 380 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 381 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 382 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 383 * @stagemodelonly 384 * @since 18 385 */ 386 function getAppClipboardPolicy(admin: Want, bundleName: string, accountId: number): string; 387 388 /** 389 * Sets the application's permission managed state of the device. 390 * 391 * @permission ohos.permission.ENTERPRISE_MANAGE_USER_GRANT_PERMISSION 392 * @param { Want } admin - admin indicates the administrator ability information. 393 * @param { ApplicationInstance } applicationInstance - Application instance data. 394 * @param { Array<string> } permissions - permissions indicates the list of permission names that need to manage. 395 * @param { PermissionManagedState } managedState - the managed state of application permission. 396 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 397 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 398 * @throws { BusinessError } 9200010 - A conflict policy has been configured. 399 * @throws { BusinessError } 9200012 - Parameter verification failed. 400 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 401 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 402 * @stagemodelonly 403 * @since 20 404 */ 405 function setPermissionManagedState(admin: Want, applicationInstance: ApplicationInstance, permissions: Array<string>, managedState: PermissionManagedState): void; 406 407 /** 408 * Gets the permission managed state of an application instance. 409 * 410 * @permission ohos.permission.ENTERPRISE_MANAGE_USER_GRANT_PERMISSION 411 * @param { Want } admin - admin indicates the administrator ability information. 412 * @param { ApplicationInstance } applicationInstance - applicationInstance indicates an application instance. 413 * @param { string } permission - permission indicates the permission name which need to get state. 414 * @returns { PermissionManagedState } the managed state of application permission. 415 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 416 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 417 * @throws { BusinessError } 9200012 - Parameter verification failed. 418 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 419 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 420 * @stagemodelonly 421 * @since 20 422 */ 423 function getPermissionManagedState(admin: Want, applicationInstance: ApplicationInstance, permission: string): PermissionManagedState; 424 425 /** 426 * Sets the watermark image displayed during the application running. 427 * 428 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 429 * @param { Want } admin - admin indicates the administrator ability information. 430 * @param { string } bundleName - the bundle name of the application to be set watermark. 431 * @param { string | image.PixelMap } source - watermark's pixelMap or its url. 432 * @param { number } accountId - indicates the accountID. 433 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 434 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 435 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 436 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 437 * 2. Incorrect parameter types; 3. Parameter verification failed. 438 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 439 * @stagemodelonly 440 * @since 14 441 */ 442 function setWatermarkImage(admin: Want, bundleName: string, source: string | image.PixelMap, accountId: number): void; 443 444 /** 445 * Cancels the watermark image displayed during the application running. 446 * 447 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 448 * @param { Want } admin - admin indicates the administrator ability information. 449 * @param { string } bundleName - the bundle name of the application to be set watermark. 450 * @param { number } accountId - indicates the accountID. 451 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 452 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 453 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 454 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 455 * 2. Incorrect parameter types; 3. Parameter verification failed. 456 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 457 * @stagemodelonly 458 * @since 14 459 */ 460 function cancelWatermarkImage(admin: Want, bundleName: string, accountId: number): void; 461 462 /** 463 * Password policy. 464 * 465 * @typedef PasswordPolicy 466 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 467 * @stagemodelonly 468 * @since 12 469 */ 470 export interface PasswordPolicy { 471 /** 472 * The regex of complexity 473 * 474 * @type { ?string } 475 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 476 * @stagemodelonly 477 * @since 12 478 */ 479 complexityRegex?: string; 480 481 /** 482 * Period of validity 483 * 484 * @type { ?number } 485 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 486 * @stagemodelonly 487 * @since 12 488 */ 489 validityPeriod?: number; 490 491 /** 492 * Other supplementary description 493 * 494 * @type { ?string } 495 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 496 * @stagemodelonly 497 * @since 12 498 */ 499 additionalDescription?: string; 500 } 501 502 /** 503 * Clipboard policy. 504 * 505 * @enum { number } ClipboardPolicy 506 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 507 * @stagemodelonly 508 * @since 12 509 */ 510 export enum ClipboardPolicy { 511 /** 512 * Policy default 513 * 514 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 515 * @stagemodelonly 516 * @since 12 517 */ 518 DEFAULT = 0, 519 520 /** 521 * Policy indicates that the clipboard can be used on the same application 522 * 523 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 524 * @stagemodelonly 525 * @since 12 526 */ 527 IN_APP = 1, 528 529 /** 530 * Policy indicates that the clipboard can be used on the same device 531 * 532 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 533 * @stagemodelonly 534 * @since 12 535 */ 536 LOCAL_DEVICE = 2, 537 538 /** 539 * Policy indicates that the clipboard can be used across device 540 * 541 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 542 * @stagemodelonly 543 * @since 12 544 */ 545 CROSS_DEVICE = 3, 546 } 547 548 /** 549 * Managed State. 550 * 551 * @enum { number } PermissionManagedState 552 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 553 * @stagemodelonly 554 * @since 20 555 */ 556 export enum PermissionManagedState { 557 /** 558 * PermissionManagedState default 559 * 560 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 561 * @stagemodelonly 562 * @since 20 563 */ 564 DEFAULT = 1, 565 566 /** 567 * PermissionManagedState granted, Users do not need to authorize a second time. 568 * 569 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 570 * @stagemodelonly 571 * @since 20 572 */ 573 GRANTED = 0, 574 575 /** 576 * PermissionManagedState DENIED, Users need to authorize a second time. 577 * 578 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 579 * @stagemodelonly 580 * @since 20 581 */ 582 DENIED = -1 583 } 584 585} 586 587export default securityManager;