1/* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit AbilityKit 19 */ 20 21import { AsyncCallback, Callback } from './@ohos.base'; 22import { Permissions } from './permissions'; 23import type _Context from './application/Context'; 24import type _PermissionRequestResult from './security/PermissionRequestResult'; 25 26/** 27 * @namespace abilityAccessCtrl 28 * @syscap SystemCapability.Security.AccessToken 29 * @since 8 30 */ 31/** 32 * @namespace abilityAccessCtrl 33 * @syscap SystemCapability.Security.AccessToken 34 * @atomicservice 35 * @since 11 36 */ 37/** 38 * @namespace abilityAccessCtrl 39 * @syscap SystemCapability.Security.AccessToken 40 * @crossplatform 41 * @atomicservice 42 * @since 12 43 */ 44declare namespace abilityAccessCtrl { 45 /** 46 * Obtains the AtManager instance. 47 * 48 * @returns { AtManager } Returns the instance of the AtManager. 49 * @syscap SystemCapability.Security.AccessToken 50 * @since 8 51 */ 52 /** 53 * Obtains the AtManager instance. 54 * 55 * @returns { AtManager } returns the instance of the AtManager. 56 * @syscap SystemCapability.Security.AccessToken 57 * @crossplatform 58 * @since 10 59 */ 60 /** 61 * Obtains the AtManager instance. 62 * 63 * @returns { AtManager } returns the instance of the AtManager. 64 * @syscap SystemCapability.Security.AccessToken 65 * @crossplatform 66 * @atomicservice 67 * @since 11 68 */ 69 function createAtManager(): AtManager; 70 71 /** 72 * Provides methods for managing access_token. 73 * 74 * @interface AtManager 75 * @syscap SystemCapability.Security.AccessToken 76 * @since 8 77 */ 78 /** 79 * Provides methods for managing access_token. 80 * 81 * @interface AtManager 82 * @syscap SystemCapability.Security.AccessToken 83 * @atomicservice 84 * @since 11 85 */ 86 interface AtManager { 87 /** 88 * Checks whether a specified application has been granted the given permission. 89 * 90 * @param { number } tokenID - Token ID of the application. 91 * @param { Permissions } permissionName - Name of the permission to be verified. The Permissions type supports only valid permission names. 92 * @returns { Promise<GrantStatus> } Returns permission verify result. 93 * @syscap SystemCapability.Security.AccessToken 94 * @since 9 95 */ 96 verifyAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus>; 97 98 /** 99 * Checks whether a specified application has been granted the given permission. 100 * 101 * @param { number } tokenID - Token ID of the application. 102 * @param { string } permissionName - Name of the permission to be verified. 103 * @returns { Promise<GrantStatus> } Returns permission verify result. 104 * @syscap SystemCapability.Security.AccessToken 105 * @since 8 106 * @deprecated since 9 107 * @useinstead ohos.abilityAccessCtrl.AtManager#checkAccessToken 108 */ 109 verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus>; 110 111 /** 112 * Checks whether a specified application has been granted the given permission synchronously. 113 * 114 * @param { number } tokenID - Token ID of the application. 115 * @param { Permissions } permissionName - Name of the permission to be verified. 116 * @returns { GrantStatus } Returns permission verify result. 117 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 118 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 119 * @syscap SystemCapability.Security.AccessToken 120 * @since 9 121 */ 122 verifyAccessTokenSync(tokenID: number, permissionName: Permissions): GrantStatus; 123 124 /** 125 * Checks whether a specified application has been granted the given permission. 126 * 127 * @param { number } tokenID - Token ID of the application. 128 * @param { Permissions } permissionName - Name of the permission to be verified. 129 * @returns { Promise<GrantStatus> } Returns permission verify result. 130 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 131 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 132 * @syscap SystemCapability.Security.AccessToken 133 * @since 9 134 */ 135 /** 136 * Checks whether a specified application has been granted the given permission. 137 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 138 * 139 * @param { number } tokenID - Token ID of the application. 140 * @param { Permissions } permissionName - Name of the permission to be verified. 141 * @returns { Promise<GrantStatus> } Returns permission verify result. 142 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 143 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 144 * @syscap SystemCapability.Security.AccessToken 145 * @crossplatform 146 * @since 10 147 */ 148 /** 149 * Checks whether a specified application has been granted the given permission. 150 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 151 * 152 * @param { number } tokenID - Token ID of the application. 153 * @param { Permissions } permissionName - Name of the permission to be verified. 154 * @returns { Promise<GrantStatus> } Returns permission verify result. 155 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 156 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 157 * @syscap SystemCapability.Security.AccessToken 158 * @crossplatform 159 * @atomicservice 160 * @since 11 161 */ 162 checkAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus>; 163 164 /** 165 * Checks whether a specified application has been granted the given permission. 166 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 167 * 168 * @param { number } tokenID - Token ID of the application. 169 * @param { Permissions } permissionName - Name of the permission to be verified. 170 * @returns { GrantStatus } Returns permission verify result. 171 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 172 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 173 * @syscap SystemCapability.Security.AccessToken 174 * @crossplatform 175 * @since 10 176 */ 177 /** 178 * Checks whether a specified application has been granted the given permission. 179 * On the cross-platform, this function can be used to check the permission grant status for the current application only. 180 * 181 * @param { number } tokenID - Token ID of the application. 182 * @param { Permissions } permissionName - Name of the permission to be verified. 183 * @returns { GrantStatus } Returns permission verify result. 184 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 185 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 186 * @syscap SystemCapability.Security.AccessToken 187 * @crossplatform 188 * @atomicservice 189 * @since 11 190 */ 191 checkAccessTokenSync(tokenID: number, permissionName: Permissions): GrantStatus; 192 193 /** 194 * Requests certain permissions from the user. 195 * 196 * @param { Context } context - The context that initiates the permission request. 197 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 198 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 199 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 200 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 201 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 202 * @syscap SystemCapability.Security.AccessToken 203 * @stagemodelonly 204 * @since 9 205 */ 206 /** 207 * Requests certain permissions from the user. 208 * 209 * @param { Context } context - The context that initiates the permission request. 210 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 211 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 212 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 213 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 214 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 215 * @syscap SystemCapability.Security.AccessToken 216 * @stagemodelonly 217 * @crossplatform 218 * @since 10 219 */ 220 /** 221 * Requests certain permissions from the user. 222 * 223 * @param { Context } context - The context that initiates the permission request. 224 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 225 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 226 * @param { AsyncCallback<PermissionRequestResult> } requestCallback Callback for the result from requesting permissions. 227 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 228 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 229 * @syscap SystemCapability.Security.AccessToken 230 * @stagemodelonly 231 * @crossplatform 232 * @atomicservice 233 * @since 12 234 */ 235 requestPermissionsFromUser( 236 context: Context, 237 permissionList: Array<Permissions>, 238 requestCallback: AsyncCallback<PermissionRequestResult> 239 ): void; 240 241 /** 242 * Requests certain permissions from the user. 243 * 244 * @param { Context } context - The context that initiates the permission request. 245 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 246 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 247 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 248 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 249 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 250 * @syscap SystemCapability.Security.AccessToken 251 * @stagemodelonly 252 * @since 9 253 */ 254 /** 255 * Requests certain permissions from the user. 256 * 257 * @param { Context } context - The context that initiates the permission request. 258 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 259 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 260 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 261 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 262 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 263 * @syscap SystemCapability.Security.AccessToken 264 * @stagemodelonly 265 * @crossplatform 266 * @since 10 267 */ 268 /** 269 * Requests certain permissions from the user. 270 * 271 * @param { Context } context - The context that initiates the permission request. 272 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 273 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be requested. This parameter cannot be null or empty. 274 * @returns { Promise<PermissionRequestResult> } Returns result of requesting permissions. 275 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 276 * @throws { BusinessError } 12100001 - Invalid parameter. The context is invalid when it does not belong to the application itself. 277 * @syscap SystemCapability.Security.AccessToken 278 * @stagemodelonly 279 * @crossplatform 280 * @atomicservice 281 * @since 11 282 */ 283 requestPermissionsFromUser(context: Context, permissionList: Array<Permissions>): Promise<PermissionRequestResult>; 284 285 /** 286 * Grants a specified user_grant permission to the given application. 287 * 288 * @permission ohos.permission.GRANT_SENSITIVE_PERMISSIONS 289 * @param { number } tokenID - Token ID of the application. 290 * @param { Permissions } permissionName - Name of the permission to be granted. 291 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 292 * @returns { Promise<void> } The promise returned by the function. 293 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 294 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GRANT_SENSITIVE_PERMISSIONS". 295 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 296 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the flags value is invalid. 297 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 298 * @throws { BusinessError } 12100003 - The specified permission does not exist. 299 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be granted with the specified permission. 300 * Either the application is a sandbox or the tokenID is from a remote device. 301 * @throws { BusinessError } 12100007 - The service is abnormal. 302 * @syscap SystemCapability.Security.AccessToken 303 * @systemapi 304 * @since 8 305 */ 306 grantUserGrantedPermission(tokenID: number, permissionName: Permissions, permissionFlags: number): Promise<void>; 307 308 /** 309 * Grants a specified user_grant permission to the given application. 310 * 311 * @permission ohos.permission.GRANT_SENSITIVE_PERMISSIONS 312 * @param { number } tokenID - Token ID of the application. 313 * @param { Permissions } permissionName - Name of the permission to be granted. 314 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 315 * @param { AsyncCallback<void> } callback - Asynchronous callback interface. 316 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 317 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GRANT_SENSITIVE_PERMISSIONS". 318 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 319 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the flags value is invalid. 320 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 321 * @throws { BusinessError } 12100003 - The specified permission does not exist. 322 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be granted with the specified permission. 323 * Either the application is a sandbox or the tokenID is from a remote device. 324 * @throws { BusinessError } 12100007 - The service is abnormal. 325 * @syscap SystemCapability.Security.AccessToken 326 * @systemapi 327 * @since 8 328 */ 329 grantUserGrantedPermission( 330 tokenID: number, 331 permissionName: Permissions, 332 permissionFlags: number, 333 callback: AsyncCallback<void> 334 ): void; 335 336 /** 337 * Revoke a specified user_grant permission to the given application. 338 * 339 * @permission ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 340 * @param { number } tokenID - Token ID of the application. 341 * @param { Permissions } permissionName - Name of the permission to be revoked. 342 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 343 * @returns { Promise<void> } The promise returned by the function. 344 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 345 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS". 346 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 347 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the flags value is invalid. 348 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 349 * @throws { BusinessError } 12100003 - The specified permission does not exist. 350 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be revoked with the specified permission. 351 * Either the application is a sandbox or the tokenID is from a remote device. 352 * @throws { BusinessError } 12100007 - The service is abnormal. 353 * @syscap SystemCapability.Security.AccessToken 354 * @systemapi 355 * @since 8 356 */ 357 revokeUserGrantedPermission(tokenID: number, permissionName: Permissions, permissionFlags: number): Promise<void>; 358 359 /** 360 * Revoke a specified user_grant permission to the given application. 361 * 362 * @permission ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 363 * @param { number } tokenID - Token ID of the application. 364 * @param { Permissions } permissionName - Name of the permission to be revoked. 365 * @param { number } permissionFlags - Flags of permission state. This parameter can be 1 or 2 or 64. 366 * @param { AsyncCallback<void> } callback - Asynchronous callback interface. 367 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 368 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS". 369 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 370 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, the permissionName exceeds 256 characters, or the flags value is invalid. 371 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 372 * @throws { BusinessError } 12100003 - The specified permission does not exist. 373 * @throws { BusinessError } 12100006 - The application specified by the tokenID is not allowed to be revoked with the specified permission. 374 * Either the application is a sandbox or the tokenID is from a remote device. 375 * @throws { BusinessError } 12100007 - The service is abnormal. 376 * @syscap SystemCapability.Security.AccessToken 377 * @systemapi 378 * @since 8 379 */ 380 revokeUserGrantedPermission( 381 tokenID: number, 382 permissionName: Permissions, 383 permissionFlags: number, 384 callback: AsyncCallback<void> 385 ): void; 386 387 /** 388 * Queries specified permission flags of the given application. 389 * 390 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS or ohos.permission.GRANT_SENSITIVE_PERMISSIONS or ohos.permission.REVOKE_SENSITIVE_PERMISSIONS 391 * @param { number } tokenID - Token ID of the application. 392 * @param { Permissions } permissionName - Name of the permission to be get. 393 * @returns { Promise<number> } Return permission flags. 394 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 395 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 396 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 397 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 398 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 399 * @throws { BusinessError } 12100003 - The specified permission does not exist. 400 * @throws { BusinessError } 12100006 - The operation is not allowed. Either the application is a sandbox or the tokenID is from a remote device. 401 * @throws { BusinessError } 12100007 - The service is abnormal. 402 * @syscap SystemCapability.Security.AccessToken 403 * @systemapi 404 * @since 8 405 */ 406 getPermissionFlags(tokenID: number, permissionName: Permissions): Promise<number>; 407 408 /** 409 * Set the toggle status of one permission flag. 410 * 411 * @permission ohos.permission.DISABLE_PERMISSION_DIALOG 412 * @param { Permissions } permissionName - Name of the permission associated with the toggle status to be set. 413 * @param { PermissionRequestToggleStatus } status - The toggle status to be set. 414 * @returns { Promise<void> } The promise returned by the function. 415 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 416 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 417 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 418 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionName exceeds 256 characters, or the status value is invalid. 419 * @throws { BusinessError } 12100003 - The specified permission does not exist. 420 * @throws { BusinessError } 12100007 - The service is abnormal. 421 * @syscap SystemCapability.Security.AccessToken 422 * @systemapi 423 * @since 12 424 */ 425 setPermissionRequestToggleStatus(permissionName: Permissions, status: PermissionRequestToggleStatus): Promise<void>; 426 427 /** 428 * Get the toggle status of one permission flag. 429 * 430 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 431 * @param { Permissions } permissionName - Name of the permission associated with the toggle status to be get. 432 * @returns { Promise<PermissionRequestToggleStatus> } Return the toggle status. 433 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 434 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission specified below. 435 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 436 * @throws { BusinessError } 12100001 - Invalid parameter. The permissionName exceeds 256 characters. 437 * @throws { BusinessError } 12100003 - The specified permission does not exist. 438 * @throws { BusinessError } 12100007 - The service is abnormal. 439 * @syscap SystemCapability.Security.AccessToken 440 * @systemapi 441 * @since 12 442 */ 443 getPermissionRequestToggleStatus(permissionName: Permissions): Promise<PermissionRequestToggleStatus>; 444 445 /** 446 * Queries permission management version. 447 * 448 * @returns { Promise<number> } Return permission version. 449 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 450 * @syscap SystemCapability.Security.AccessToken 451 * @systemapi 452 * @since 9 453 */ 454 getVersion(): Promise<number>; 455 456 /** 457 * Queries permissions status of the given application. 458 * 459 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 460 * @param { number } tokenID - Token ID of the application. 461 * @param { Array<Permissions> } permissionList - Indicates the list of permissions to be queried. This parameter cannot be null or empty. 462 * @returns { Promise<Array<PermissionStatus>> } Return permission status. 463 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 464 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 465 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 466 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionList is empty. 467 * @throws { BusinessError } 12100002 - The specified tokenID does not exist. 468 * @throws { BusinessError } 12100007 - The service is abnormal. 469 * @syscap SystemCapability.Security.AccessToken 470 * @systemapi 471 * @since 12 472 */ 473 getPermissionsStatus(tokenID: number, permissionList: Array<Permissions>): Promise<Array<PermissionStatus>>; 474 475 /** 476 * Registers a permission state callback so that the application can be notified upon specified permission state of specified applications changes. 477 * 478 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 479 * @param { 'permissionStateChange' } type - Event type. 480 * @param { Array<number> } tokenIDList - A list of permissions that specify the permissions to be listened on. The value in the list can be: 481 * <br> {@code empty} - Indicates that the application can be notified if the specified permission state of any applications changes. 482 * <br> {@code non-empty} - Indicates that the application can only be notified if the specified permission state of the specified applications change. 483 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. The value in the list can be: 484 * <br> {@code empty} - Indicates that the application can be notified if any permission state of the specified applications changes. 485 * <br> {@code non-empty} - Indicates that the application can only be notified if the specified permission state of the specified applications changes. 486 * @param { Callback<PermissionStateChangeInfo> } callback - Callback for the result from registering permissions. 487 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 488 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 489 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 490 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. 491 * @throws { BusinessError } 12100004 - The API is used repeatedly with the same input. 492 * @throws { BusinessError } 12100005 - The registration time has exceeded the limitation. 493 * @throws { BusinessError } 12100007 - The service is abnormal. 494 * @throws { BusinessError } 12100008 - Out of memory. 495 * @syscap SystemCapability.Security.AccessToken 496 * @systemapi 497 * @since 9 498 */ 499 on( 500 type: 'permissionStateChange', 501 tokenIDList: Array<number>, 502 permissionList: Array<Permissions>, 503 callback: Callback<PermissionStateChangeInfo> 504 ): void; 505 506 /** 507 * Unregisters a permission state callback so that the specified applications cannot be notified upon specified permissions state changes anymore. 508 * 509 * @permission ohos.permission.GET_SENSITIVE_PERMISSIONS 510 * @param { 'permissionStateChange' } type - Event type. 511 * @param { Array<number> } tokenIDList - A list of permissions that specify the permissions to be listened on. 512 * It should correspond to the value registered by function of "on", whose type is "permissionStateChange". 513 * @param { Array<Permissions> } permissionList - A list of permissions that specify the permissions to be listened on. 514 * It should correspond to the value registered by function of "on", whose type is "permissionStateChange". 515 * @param { Callback<PermissionStateChangeInfo> } callback - Callback for the result from unregistering permissions. 516 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. 517 * @throws { BusinessError } 201 - Permission denied. Interface caller does not have permission "ohos.permission.GET_SENSITIVE_PERMISSIONS". 518 * @throws { BusinessError } 202 - Not System App. Interface caller is not a system app. 519 * @throws { BusinessError } 12100001 - Invalid parameter. The tokenIDs or permissionNames in the list are all invalid. 520 * @throws { BusinessError } 12100004 - The API is not used in pair with 'on'. 521 * @throws { BusinessError } 12100007 - The service is abnormal. 522 * @throws { BusinessError } 12100008 - Out of memory. 523 * @syscap SystemCapability.Security.AccessToken 524 * @systemapi 525 * @since 9 526 */ 527 off( 528 type: 'permissionStateChange', 529 tokenIDList: Array<number>, 530 permissionList: Array<Permissions>, 531 callback?: Callback<PermissionStateChangeInfo> 532 ): void; 533 534 /** 535 * Requests certain permissions on setting from the user. 536 * 537 * @param { Context } context - The context that initiates the permission request. 538 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 539 * @param { Array<Permissions> } permissionList - Indicates the list of permission to be requested. This parameter cannot be null or empty. 540 * @returns { Promise<Array<GrantStatus>> } Returns the list of status of the specified permission. 541 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types. 542 * @throws { BusinessError } 12100001 - Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 543 * 2. The permission list contains the permission that is not declared in the module.json file; 3. The permission list is invalid because the permissions in it do not belong to the same permission group. 544 * @throws { BusinessError } 12100010 - The request already exists. 545 * @throws { BusinessError } 12100011 - All permissions in the permission list have been granted. 546 * @throws { BusinessError } 12100012 - The permission list contains the permission that has not been revoked by the user. 547 * @syscap SystemCapability.Security.AccessToken 548 * @stagemodelonly 549 * @atomicservice 550 * @since 12 551 */ 552 requestPermissionOnSetting(context: Context, permissionList: Array<Permissions>): Promise<Array<GrantStatus>>; 553 554 /** 555 * Requests certain global switch status on setting from the user. 556 * 557 * @param { Context } context - The context that initiates the permission request. 558 * <br> The context must belong to the Stage model and only supports UIAbilityContext and UIExtensionContext. 559 * @param { SwitchType } type - Indicates the type of global switch to be requested. This parameter cannot be null or empty. 560 * @returns { Promise<boolean> } Returns the status of the specified global switch. 561 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types. 562 * @throws { BusinessError } 12100001 - Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 2. The type of global switch is not support. 563 * @throws { BusinessError } 12100010 - The request already exists. 564 * @throws { BusinessError } 12100013 - The specific global switch is already open. 565 * @syscap SystemCapability.Security.AccessToken 566 * @stagemodelonly 567 * @atomicservice 568 * @since 12 569 */ 570 requestGlobalSwitch(context: Context, type: SwitchType): Promise<boolean>; 571 } 572 573 /** 574 * GrantStatus. 575 * 576 * @enum { number } 577 * @syscap SystemCapability.Security.AccessToken 578 * @since 8 579 */ 580 /** 581 * GrantStatus. 582 * 583 * @enum { number } 584 * @syscap SystemCapability.Security.AccessToken 585 * @crossplatform 586 * @since 10 587 */ 588 /** 589 * GrantStatus. 590 * 591 * @enum { number } 592 * @syscap SystemCapability.Security.AccessToken 593 * @crossplatform 594 * @atomicservice 595 * @since 11 596 */ 597 export enum GrantStatus { 598 /** 599 * access_token permission check fail 600 * 601 * @syscap SystemCapability.Security.AccessToken 602 * @since 8 603 */ 604 /** 605 * access_token permission check fail 606 * 607 * @syscap SystemCapability.Security.AccessToken 608 * @crossplatform 609 * @since 10 610 */ 611 /** 612 * access_token permission check fail 613 * 614 * @syscap SystemCapability.Security.AccessToken 615 * @crossplatform 616 * @atomicservice 617 * @since 11 618 */ 619 PERMISSION_DENIED = -1, 620 /** 621 * access_token permission check success 622 * 623 * @syscap SystemCapability.Security.AccessToken 624 * @since 8 625 */ 626 /** 627 * access_token permission check success 628 * 629 * @syscap SystemCapability.Security.AccessToken 630 * @crossplatform 631 * @since 10 632 */ 633 /** 634 * access_token permission check success 635 * 636 * @syscap SystemCapability.Security.AccessToken 637 * @crossplatform 638 * @atomicservice 639 * @since 11 640 */ 641 PERMISSION_GRANTED = 0 642 } 643 644 /** 645 * Enum for permission state change type. 646 * 647 * @enum { number } 648 * @syscap SystemCapability.Security.AccessToken 649 * @systemapi 650 * @since 9 651 */ 652 export enum PermissionStateChangeType { 653 /** 654 * A granted user_grant permission is revoked. 655 * 656 * @syscap SystemCapability.Security.AccessToken 657 * @systemapi 658 * @since 9 659 */ 660 PERMISSION_REVOKED_OPER = 0, 661 /** 662 * A user_grant permission is granted. 663 * 664 * @syscap SystemCapability.Security.AccessToken 665 * @systemapi 666 * @since 9 667 */ 668 PERMISSION_GRANTED_OPER = 1 669 } 670 671 /** 672 * Enum for permission request toggle status. 673 * 674 * @enum { number } 675 * @syscap SystemCapability.Security.AccessToken 676 * @systemapi 677 * @since 12 678 */ 679 export enum PermissionRequestToggleStatus { 680 /** 681 * The toggle status of one permission flag is closed. 682 * 683 * @syscap SystemCapability.Security.AccessToken 684 * @systemapi 685 * @since 12 686 */ 687 CLOSED = 0, 688 /** 689 * The toggle status of one permission flag is open. 690 * 691 * @syscap SystemCapability.Security.AccessToken 692 * @systemapi 693 * @since 12 694 */ 695 OPEN = 1, 696 } 697 698 /** 699 * Indicates the information of permission state change. 700 * 701 * @interface PermissionStateChangeInfo 702 * @syscap SystemCapability.Security.AccessToken 703 * @systemapi 704 * @since 9 705 * @name PermissionStateChangeInfo 706 */ 707 interface PermissionStateChangeInfo { 708 /** 709 * Indicates the permission state change type. 710 * 711 * @type { PermissionStateChangeType } 712 * @syscap SystemCapability.Security.AccessToken 713 * @systemapi 714 * @since 9 715 */ 716 change: PermissionStateChangeType; 717 718 /** 719 * Indicates the application whose permission state has been changed. 720 * 721 * @type { number } 722 * @syscap SystemCapability.Security.AccessToken 723 * @systemapi 724 * @since 9 725 */ 726 tokenID: number; 727 728 /** 729 * Indicates the permission whose state has been changed. 730 * 731 * @type { Permissions } 732 * @syscap SystemCapability.Security.AccessToken 733 * @systemapi 734 * @since 9 735 */ 736 permissionName: Permissions; 737 } 738 739 /** 740 * PermissionStatus. 741 * 742 * @enum { number } 743 * @syscap SystemCapability.Security.AccessToken 744 * @systemapi 745 * @since 12 746 */ 747 export enum PermissionStatus { 748 /** 749 * permission has been denied, only can change it in settings 750 * 751 * @syscap SystemCapability.Security.AccessToken 752 * @systemapi 753 * @since 12 754 */ 755 DENIED = -1, 756 /** 757 * permission has been granted 758 * 759 * @syscap SystemCapability.Security.AccessToken 760 * @systemapi 761 * @since 12 762 */ 763 GRANTED = 0, 764 /** 765 * permission is not determined 766 * 767 * @syscap SystemCapability.Security.AccessToken 768 * @systemapi 769 * @since 12 770 */ 771 NOT_DETERMINED = 1, 772 /** 773 * permission is invalid 774 * 775 * @syscap SystemCapability.Security.AccessToken 776 * @systemapi 777 * @since 12 778 */ 779 INVALID = 2, 780 /** 781 * permission has been restricted 782 * 783 * @syscap SystemCapability.Security.AccessToken 784 * @systemapi 785 * @since 12 786 */ 787 RESTRICTED = 3 788 } 789 790 /** 791 * SwitchType. 792 * 793 * @enum { number } 794 * @syscap SystemCapability.Security.AccessToken 795 * @atomicservice 796 * @since 12 797 */ 798 export enum SwitchType { 799 /** 800 * switch of camera 801 * 802 * @syscap SystemCapability.Security.AccessToken 803 * @atomicservice 804 * @since 12 805 */ 806 CAMERA = 0, 807 /** 808 * switch of microphone 809 * 810 * @syscap SystemCapability.Security.AccessToken 811 * @atomicservice 812 * @since 12 813 */ 814 MICROPHONE = 1, 815 /** 816 * switch of location 817 * 818 * @syscap SystemCapability.Security.AccessToken 819 * @atomicservice 820 * @since 12 821 */ 822 LOCATION = 2, 823 } 824} 825 826export default abilityAccessCtrl; 827export { Permissions }; 828/** 829 * PermissionRequestResult interface. 830 * 831 * @typedef { _PermissionRequestResult } 832 * @syscap SystemCapability.Security.AccessToken 833 * @stagemodelonly 834 * @crossplatform 835 * @since 10 836 */ 837/** 838 * PermissionRequestResult interface. 839 * 840 * @typedef { _PermissionRequestResult } 841 * @syscap SystemCapability.Security.AccessToken 842 * @stagemodelonly 843 * @crossplatform 844 * @atomicservice 845 * @since 11 846 */ 847export type PermissionRequestResult = _PermissionRequestResult; 848/** 849 * Context interface. 850 * 851 * @typedef { _Context } 852 * @syscap SystemCapability.Security.AccessToken 853 * @stagemodelonly 854 * @crossplatform 855 * @since 10 856 */ 857/** 858 * Context interface. 859 * 860 * @typedef { _Context } 861 * @syscap SystemCapability.Security.AccessToken 862 * @stagemodelonly 863 * @crossplatform 864 * @atomicservice 865 * @since 11 866 */ 867export type Context = _Context; 868