1/* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit MDMKit 19 */ 20 21import type Want from './@ohos.app.ability.Want'; 22 23/** 24 * This module provides the capability to manage the security of the enterprise devices. 25 * 26 * @namespace securityManager 27 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 28 * @stagemodelonly 29 * @since 11 30 */ 31declare namespace securityManager { 32 /** 33 * The device encryption status. 34 * 35 * @typedef DeviceEncryptionStatus 36 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 37 * @systemapi 38 * @stagemodelonly 39 * @since 11 40 */ 41 export interface DeviceEncryptionStatus { 42 /** 43 * True indicates device is encrypted. 44 * 45 * @type { boolean } 46 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 47 * @systemapi 48 * @stagemodelonly 49 * @since 11 50 */ 51 isEncrypted: boolean; 52 } 53 54 /** 55 * User certificate data. 56 * 57 * @typedef CertBlob 58 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 59 * @stagemodelonly 60 * @since 12 61 */ 62 export interface CertBlob { 63 /** 64 * The certificate content 65 * 66 * @type { Uint8Array } 67 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 68 * @stagemodelonly 69 * @since 12 70 */ 71 inData: Uint8Array; 72 73 /** 74 * The certificate alias 75 * 76 * @type { string } 77 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 78 * @stagemodelonly 79 * @since 12 80 */ 81 alias: string; 82 } 83 84 /** 85 * Gets device security patch tag. 86 * This function can be called by a super administrator. 87 * 88 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 89 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 90 * The admin must have the corresponding permission. 91 * @returns { string } the security patch tag of the device. 92 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 93 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 94 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 95 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 96 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 97 * 2. Incorrect parameter types; 3. Parameter verification failed. 98 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 99 * @systemapi 100 * @stagemodelonly 101 * @since 11 102 */ 103 function getSecurityPatchTag(admin: Want): string; 104 105 /** 106 * Gets device encryption status. 107 * This function can be called by a super administrator. 108 * 109 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 110 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 111 * The admin must have the corresponding permission. 112 * @returns { DeviceEncryptionStatus } device encryption status. 113 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 114 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 115 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 116 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 117 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 118 * 2. Incorrect parameter types; 3. Parameter verification failed. 119 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 120 * @systemapi 121 * @stagemodelonly 122 * @since 11 123 */ 124 function getDeviceEncryptionStatus(admin: Want): DeviceEncryptionStatus; 125 126 /** 127 * Gets device security policy of the specific type. 128 * This function can be called by a super administrator. 129 * 130 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 131 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 132 * The admin must have the corresponding permission. 133 * @param { string } item - item indicates the specified security policy that needs to be obtained, including patch and encryption. 134 * patch means the device security patch tag, and encryption means the device encryption status. 135 * @returns { string } security policy of the specific type. 136 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 137 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 138 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 139 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 140 * 2. Incorrect parameter types; 3. Parameter verification failed. 141 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 142 * @stagemodelonly 143 * @since 12 144 */ 145 function getSecurityStatus(admin: Want, item: string): string; 146 147 /** 148 * Install user certificate. 149 * This function can be called by a super administrator. 150 * 151 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 152 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 153 * The admin must have the corresponding permission. 154 * @param { CertBlob } certificate - certificate file content and alias. It cannot be empty or more than 40 characters. 155 * @returns { Promise<string> } the promise carries the uri of the certificate used to uninstall 156 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 157 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 158 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 159 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 160 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 161 * 2. Incorrect parameter types; 3. Parameter verification failed. 162 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 163 * @stagemodelonly 164 * @since 12 165 */ 166 function installUserCertificate(admin: Want, certificate: CertBlob): Promise<string>; 167 168 /** 169 * Uninstall user certificate. 170 * This function can be called by a super administrator. 171 * 172 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 173 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 174 * The admin must have the corresponding permission. 175 * @param { string } certUri - uri of the certificate. It cannot be empty or more than 64 characters. 176 * @returns { Promise<void> } the promise returned by the uninstallUserCertificate. 177 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 178 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 179 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 180 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 181 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 182 * 2. Incorrect parameter types; 3. Parameter verification failed. 183 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 184 * @stagemodelonly 185 * @since 12 186 */ 187 function uninstallUserCertificate(admin: Want, certUri: string): Promise<void>; 188 189 /** 190 * Sets the password policy of the device. 191 * 192 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 193 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 194 * The admin must have the corresponding permission. 195 * @param { PasswordPolicy } policy - password policy to be set. 196 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 197 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 198 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 199 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 200 * 2. Incorrect parameter types; 3. Parameter verification failed. 201 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 202 * @stagemodelonly 203 * @since 12 204 */ 205 function setPasswordPolicy(admin: Want, policy: PasswordPolicy): void; 206 207 /** 208 * Gets the password policy of the device. 209 * 210 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 211 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 212 * The admin must have the corresponding permission. 213 * @returns { PasswordPolicy } the password policy of the device. 214 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 215 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 216 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 217 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 218 * 2. Incorrect parameter types; 3. Parameter verification failed. 219 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 220 * @stagemodelonly 221 * @since 12 222 */ 223 function getPasswordPolicy(admin: Want): PasswordPolicy; 224 225 /** 226 * Gets the password policy of the device. 227 * 228 * @returns { PasswordPolicy } the password policy of the device. 229 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 230 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 231 * @systemapi 232 * @stagemodelonly 233 * @since 12 234 */ 235 function getPasswordPolicy(): PasswordPolicy; 236 237 /** 238 * Sets the application's clipboard policy of the device. 239 * 240 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 241 * @param { Want } admin - admin indicates the administrator ability information. 242 * @param { number } tokenId - tokenId indicates the token id of the application. 243 * @param { ClipboardPolicy } policy - clipboard policy to be set. 244 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 245 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 246 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 247 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 248 * 2. Incorrect parameter types; 3. Parameter verification failed. 249 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 250 * @stagemodelonly 251 * @since 12 252 */ 253 function setAppClipboardPolicy(admin: Want, tokenId: number, policy: ClipboardPolicy): void; 254 255 /** 256 * Gets the application's clipboard policy of the device. 257 * 258 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 259 * @param { Want } admin - admin indicates the administrator ability information. 260 * @param { number } [tokenId] - tokenId indicates the token id of the application. 261 * @returns { string } the json string of clipboard policy for each application of the device. 262 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 263 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 264 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 265 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 266 * 2. Incorrect parameter types; 3. Parameter verification failed. 267 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 268 * @stagemodelonly 269 * @since 12 270 */ 271 function getAppClipboardPolicy(admin: Want, tokenId?: number): string; 272 273 /** 274 * Password policy. 275 * 276 * @typedef PasswordPolicy 277 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 278 * @stagemodelonly 279 * @since 12 280 */ 281 export interface PasswordPolicy { 282 /** 283 * The regex of complexity 284 * 285 * @type { ?string } 286 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 287 * @stagemodelonly 288 * @since 12 289 */ 290 complexityRegex?: string; 291 292 /** 293 * Period of validity 294 * 295 * @type { ?number } 296 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 297 * @stagemodelonly 298 * @since 12 299 */ 300 validityPeriod?: number; 301 302 /** 303 * Other supplementary description 304 * 305 * @type { ?string } 306 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 307 * @stagemodelonly 308 * @since 12 309 */ 310 additionalDescription?: string; 311 } 312 313 /** 314 * Clipboard policy. 315 * 316 * @enum { number } ClipboardPolicy 317 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 318 * @stagemodelonly 319 * @since 12 320 */ 321 export enum ClipboardPolicy { 322 /** 323 * Policy default 324 * 325 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 326 * @stagemodelonly 327 * @since 12 328 */ 329 DEFAULT = 0, 330 331 /** 332 * Policy indicates that the clipboard can be used on the same application 333 * 334 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 335 * @stagemodelonly 336 * @since 12 337 */ 338 IN_APP = 1, 339 340 /** 341 * Policy indicates that the clipboard can be used on the same device 342 * 343 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 344 * @stagemodelonly 345 * @since 12 346 */ 347 LOCAL_DEVICE = 2, 348 349 /** 350 * Policy indicates that the clipboard can be used across device 351 * 352 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 353 * @stagemodelonly 354 * @since 12 355 */ 356 CROSS_DEVICE = 3, 357 } 358} 359 360export default securityManager;