1/* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit MDMKit 19 */ 20 21import type Want from './@ohos.app.ability.Want'; 22import type image from './@ohos.multimedia.image'; 23 24/** 25 * This module provides the capability to manage the security of the enterprise devices. 26 * 27 * @namespace securityManager 28 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 29 * @stagemodelonly 30 * @since 11 31 */ 32declare namespace securityManager { 33 /** 34 * The device encryption status. 35 * 36 * @typedef DeviceEncryptionStatus 37 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 38 * @systemapi 39 * @stagemodelonly 40 * @since 11 41 */ 42 export interface DeviceEncryptionStatus { 43 /** 44 * True indicates device is encrypted. 45 * 46 * @type { boolean } 47 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 48 * @systemapi 49 * @stagemodelonly 50 * @since 11 51 */ 52 isEncrypted: boolean; 53 } 54 55 /** 56 * User certificate data. 57 * 58 * @typedef CertBlob 59 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 60 * @stagemodelonly 61 * @since 12 62 */ 63 export interface CertBlob { 64 /** 65 * The certificate content 66 * 67 * @type { Uint8Array } 68 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 69 * @stagemodelonly 70 * @since 12 71 */ 72 inData: Uint8Array; 73 74 /** 75 * The certificate alias 76 * 77 * @type { string } 78 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 79 * @stagemodelonly 80 * @since 12 81 */ 82 alias: string; 83 } 84 85 /** 86 * Gets device security patch tag. 87 * This function can be called by a super administrator. 88 * 89 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 90 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 91 * The admin must have the corresponding permission. 92 * @returns { string } the security patch tag of the device. 93 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 94 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 95 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 96 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 97 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 98 * 2. Incorrect parameter types; 3. Parameter verification failed. 99 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 100 * @systemapi 101 * @stagemodelonly 102 * @since 11 103 */ 104 function getSecurityPatchTag(admin: Want): string; 105 106 /** 107 * Gets device encryption status. 108 * This function can be called by a super administrator. 109 * 110 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 111 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 112 * The admin must have the corresponding permission. 113 * @returns { DeviceEncryptionStatus } device encryption status. 114 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 115 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 116 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 117 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 118 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 119 * 2. Incorrect parameter types; 3. Parameter verification failed. 120 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 121 * @systemapi 122 * @stagemodelonly 123 * @since 11 124 */ 125 function getDeviceEncryptionStatus(admin: Want): DeviceEncryptionStatus; 126 127 /** 128 * Gets device security policy of the specific type. 129 * This function can be called by a super administrator. 130 * 131 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 132 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 133 * The admin must have the corresponding permission. 134 * @param { string } item - item indicates the specified security policy that needs to be obtained, including patch and encryption. 135 * patch means the device security patch tag, and encryption means the device encryption status. 136 * @returns { string } security policy of the specific type. 137 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 138 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 139 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 140 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 141 * 2. Incorrect parameter types; 3. Parameter verification failed. 142 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 143 * @stagemodelonly 144 * @since 12 145 */ 146 function getSecurityStatus(admin: Want, item: string): string; 147 148 /** 149 * Install user certificate. 150 * This function can be called by a super administrator. 151 * 152 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 153 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 154 * The admin must have the corresponding permission. 155 * @param { CertBlob } certificate - certificate file content and alias. It cannot be empty or more than 40 characters. 156 * @returns { Promise<string> } the promise carries the uri of the certificate used to uninstall 157 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 158 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 159 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 160 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 161 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 162 * 2. Incorrect parameter types; 3. Parameter verification failed. 163 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 164 * @stagemodelonly 165 * @since 12 166 */ 167 function installUserCertificate(admin: Want, certificate: CertBlob): Promise<string>; 168 169 /** 170 * Uninstall user certificate. 171 * This function can be called by a super administrator. 172 * 173 * @permission ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 174 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 175 * The admin must have the corresponding permission. 176 * @param { string } certUri - uri of the certificate. It cannot be empty or more than 64 characters. 177 * @returns { Promise<void> } the promise returned by the uninstallUserCertificate. 178 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 179 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 180 * @throws { BusinessError } 9201001 - Failed to manage the certificate. 181 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 182 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 183 * 2. Incorrect parameter types; 3. Parameter verification failed. 184 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 185 * @stagemodelonly 186 * @since 12 187 */ 188 function uninstallUserCertificate(admin: Want, certUri: string): Promise<void>; 189 190 /** 191 * Sets the password policy of the device. 192 * 193 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 194 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 195 * The admin must have the corresponding permission. 196 * @param { PasswordPolicy } policy - password policy to be set. 197 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 198 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 199 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 200 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 201 * 2. Incorrect parameter types; 3. Parameter verification failed. 202 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 203 * @stagemodelonly 204 * @since 12 205 */ 206 function setPasswordPolicy(admin: Want, policy: PasswordPolicy): void; 207 208 /** 209 * Gets the password policy of the device. 210 * 211 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 212 * @param { Want } admin - admin indicates the enterprise admin extension ability information. 213 * The admin must have the corresponding permission. 214 * @returns { PasswordPolicy } the password policy of the device. 215 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 216 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 217 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 218 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 219 * 2. Incorrect parameter types; 3. Parameter verification failed. 220 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 221 * @stagemodelonly 222 * @since 12 223 */ 224 function getPasswordPolicy(admin: Want): PasswordPolicy; 225 226 /** 227 * Gets the password policy of the device. 228 * 229 * @returns { PasswordPolicy } the password policy of the device. 230 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 231 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 232 * @systemapi 233 * @stagemodelonly 234 * @since 12 235 */ 236 function getPasswordPolicy(): PasswordPolicy; 237 238 /** 239 * Sets the application's clipboard policy of the device. 240 * 241 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 242 * @param { Want } admin - admin indicates the administrator ability information. 243 * @param { number } tokenId - tokenId indicates the token id of the application. 244 * @param { ClipboardPolicy } policy - clipboard policy to be set. 245 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 246 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 247 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 248 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 249 * 2. Incorrect parameter types; 3. Parameter verification failed. 250 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 251 * @stagemodelonly 252 * @since 12 253 */ 254 function setAppClipboardPolicy(admin: Want, tokenId: number, policy: ClipboardPolicy): void; 255 256 /** 257 * Gets the application's clipboard policy of the device. 258 * 259 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 260 * @param { Want } admin - admin indicates the administrator ability information. 261 * @param { number } [tokenId] - tokenId indicates the token id of the application. 262 * @returns { string } the json string of clipboard policy for each application of the device. 263 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 264 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 265 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 266 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 267 * 2. Incorrect parameter types; 3. Parameter verification failed. 268 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 269 * @stagemodelonly 270 * @since 12 271 */ 272 function getAppClipboardPolicy(admin: Want, tokenId?: number): string; 273 274 /** 275 * Sets the watermark image displayed during the application running. 276 * 277 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 278 * @param { Want } admin - admin indicates the administrator ability information. 279 * @param { string } bundleName - the bundle name of the application to be set watermark. 280 * @param { string | image.PixelMap } source - watermark's pixelMap or its url. 281 * @param { number } accountId - indicates the accountID. 282 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 283 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 284 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 285 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 286 * 2. Incorrect parameter types; 3. Parameter verification failed. 287 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 288 * @stagemodelonly 289 * @since 14 290 */ 291 function setWatermarkImage(admin: Want, bundleName: string, source: string | image.PixelMap, accountId: number): void; 292 293 /** 294 * Cancels the watermark image displayed during the application running. 295 * 296 * @permission ohos.permission.ENTERPRISE_MANAGE_SECURITY 297 * @param { Want } admin - admin indicates the administrator ability information. 298 * @param { string } bundleName - the bundle name of the application to be set watermark. 299 * @param { number } accountId - indicates the accountID. 300 * @throws { BusinessError } 9200001 - The application is not an administrator application of the device. 301 * @throws { BusinessError } 9200002 - The administrator application does not have permission to manage the device. 302 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 303 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 304 * 2. Incorrect parameter types; 3. Parameter verification failed. 305 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 306 * @stagemodelonly 307 * @since 14 308 */ 309 function cancelWatermarkImage(admin: Want, bundleName: string, accountId: number): void; 310 311 /** 312 * Password policy. 313 * 314 * @typedef PasswordPolicy 315 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 316 * @stagemodelonly 317 * @since 12 318 */ 319 export interface PasswordPolicy { 320 /** 321 * The regex of complexity 322 * 323 * @type { ?string } 324 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 325 * @stagemodelonly 326 * @since 12 327 */ 328 complexityRegex?: string; 329 330 /** 331 * Period of validity 332 * 333 * @type { ?number } 334 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 335 * @stagemodelonly 336 * @since 12 337 */ 338 validityPeriod?: number; 339 340 /** 341 * Other supplementary description 342 * 343 * @type { ?string } 344 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 345 * @stagemodelonly 346 * @since 12 347 */ 348 additionalDescription?: string; 349 } 350 351 /** 352 * Clipboard policy. 353 * 354 * @enum { number } ClipboardPolicy 355 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 356 * @stagemodelonly 357 * @since 12 358 */ 359 export enum ClipboardPolicy { 360 /** 361 * Policy default 362 * 363 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 364 * @stagemodelonly 365 * @since 12 366 */ 367 DEFAULT = 0, 368 369 /** 370 * Policy indicates that the clipboard can be used on the same application 371 * 372 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 373 * @stagemodelonly 374 * @since 12 375 */ 376 IN_APP = 1, 377 378 /** 379 * Policy indicates that the clipboard can be used on the same device 380 * 381 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 382 * @stagemodelonly 383 * @since 12 384 */ 385 LOCAL_DEVICE = 2, 386 387 /** 388 * Policy indicates that the clipboard can be used across device 389 * 390 * @syscap SystemCapability.Customization.EnterpriseDeviceManager 391 * @stagemodelonly 392 * @since 12 393 */ 394 CROSS_DEVICE = 3, 395 } 396} 397 398export default securityManager;