@ohos.enterprise.securityManager (Security Management)

The securityManager module provides device security management capabilities, including obtaining the security patch status and file system encryption status.

NOTE

The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version.

The APIs of this module can be used only in the stage model.

The APIs of this module can be called only by a device administrator application that is enabled.

Modules to Import

import { securityManager } from '@kit.MDMKit';

securityManager.uninstallUserCertificate

uninstallUserCertificate(admin: Want, certUri: string): Promise<void>

Uninstalls a user certificate. This API uses a promise to return the result.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Return value

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

Example

import { Want } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let aliasStr = "certName"
securityManager.uninstallUserCertificate(wantTemp, aliasStr).then(() => {
  console.info(`Succeeded in uninstalling user certificate.`);
}).catch((err: BusinessError) => {
  console.error(`Failed to uninstall user certificate. Code is ${err.code}, message is ${err.message}`);
});

securityManager.installUserCertificate

installUserCertificate(admin: Want, certificate: CertBlob): Promise<string>

Installs a user certificate. This API uses a promise to return the result.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Return value

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

Example

import { Want } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let certFileArray: Uint8Array = new Uint8Array();
// Initialize the Context variable in the onCreate callback function of the MainAbility.
// Place the test file test.cer in the rawfile directory.
getContext().resourceManager.getRawFileContent("test.cer").then((value) => {
  certFileArray = value;
  securityManager.installUserCertificate(wantTemp, { inData: certFileArray, alias: "cert_alias_xts" })
    .then((result) => {
      console.info(`Succeeded in installing user certificate, result : ${JSON.stringify(result)}`);
    }).catch((err: BusinessError) => {
    console.error(`Failed to install user certificate. Code: ${err.code}, message: ${err.message}`);
  })
}).catch((err: BusinessError) => {
  console.error(`Failed to get row file content. message: ${err.message}`);
  return
});

securityManager.installUserCertificate¹⁸⁺

installUserCertificate(admin: Want, certificate: CertBlob, accountId: number): string

Installs a user certificate based on the system account.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Return value

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let certFileArray: Uint8Array = new Uint8Array();
let accountId: number = 100;
// Initialize the Context variable in the onCreate callback function of the MainAbility.
// Place the test file test.cer in the rawfile directory.
getContext().resourceManager.getRawFileContent("test.cer").then((value) => {
  certFileArray = value;
  try {
    let result: string = securityManager.installUserCertificate(wantTemp, { inData: certFileArray, alias: "cert_alias_xts" }, accountId);
    console.info(`Succeeded in installing user certificate. result: ${result}`);
  } catch (err) {
    console.error(`Failed to install user certificate. Code: ${err.code}, message: ${err.message}`);
  }
});

securityManager.getUserCertificates¹⁸⁺

getUserCertificates(admin: Want, accountId: number): Array<string>

Obtains the user certificate of a specified system account.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Return value

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let accountId: number = 100;
try {
  let result: Array<string> = securityManager.getUserCertificates(wantTemp, accountId);
  console.info(`Succeeded in getting the uri list of user Certificates. result: ${JSON.stringify(result)}`);
} catch (err) {
  console.error(`Failed to get the uri list of user Certificates. Code: ${err.code}, message: ${err.message}`);
}

securityManager.getSecurityStatus

getSecurityStatus(admin: Want, item: string): string

Obtains security status.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Return value

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};

try {
  let result: string = securityManager.getSecurityStatus(wantTemp, 'patch');
  console.info(`Succeeded in getting security patch tag. tag: ${result}`);
} catch (err) {
  console.error(`Failed to get security patch tag. Code: ${err.code}, message: ${err.message}`);
}

securityManager.setPasswordPolicy

setPasswordPolicy(admin: Want, policy: PasswordPolicy): void

Sets the device password policy.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

|ID|Error Message |
|——-|—————————————————————————-| |9200001|The application is not an administrator application of the device. | |9200002|The administrator application does not have permission to manage the device.| |201|Permission verification failed. The application does not have the permission required to call the API.| |401|Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed.|

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};

let policy: securityManager.PasswordPolicy = {
  complexityRegex: '^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$',
  validityPeriod: 1,
  additionalDescription: 'The password must contain at least eight characters, including at least one uppercase letter, one lowercase letter, one digit, and one special character.',
}
try {
    securityManager.setPasswordPolicy(wantTemp, policy);
    console.info(`Succeeded in setting password policy.`);
} catch(err) {
    console.error(`Failed to set password policy. Code: ${err.code}, message: ${err.message}`);
}

securityManager.getPasswordPolicy

getPasswordPolicy(admin: Want): PasswordPolicy

Obtains the device password policy.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Return value

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

|ID|Error Message |
|——-|—————————————————————————-| |9200001|The application is not an administrator application of the device. | |9200002|The administrator application does not have permission to manage the device.| |201|Permission verification failed. The application does not have the permission required to call the API.| |401|Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed.|

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};

try {
    let result: securityManager.PasswordPolicy = securityManager.getPasswordPolicy(wantTemp);
    console.info(`Succeeded in getting password policy, result : ${JSON.stringify(result)}`);
} catch(err) {
    console.error(`Failed to get password policy. Code: ${err.code}, message: ${err.message}`);
}

securityManager.setAppClipboardPolicy

setAppClipboardPolicy(admin: Want, tokenId: number, policy: ClipboardPolicy): void

Sets the device clipboard policy.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

|ID|Error Message |
|——-|—————————————————————————-| |9200001|The application is not an administrator application of the device. | |9200002|The administrator application does not have permission to manage the device.| |201|Permission verification failed. The application does not have the permission required to call the API.| |401|Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed.|

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let tokenId: number = 586874394;
try {
    securityManager.setAppClipboardPolicy(wantTemp, tokenId, securityManager.ClipboardPolicy.IN_APP);
    console.info(`Succeeded in setting clipboard policy.`);
} catch(err) {
    console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`);
}

securityManager.getAppClipboardPolicy

getAppClipboardPolicy(admin: Want, tokenId?: number): string

Obtains the device clipboard policy.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Return value

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

|ID|Error Message |
|——-|—————————————————————————-| |9200001|The application is not an administrator application of the device. | |9200002|The administrator application does not have permission to manage the device.| |201|Permission verification failed. The application does not have the permission required to call the API.| |401|Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed.|

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let tokenId: number = 586874394;
try {
    let result: string = securityManager.getAppClipboardPolicy(wantTemp, tokenId);
    console.info(`Succeeded in getting password policy, result : ${result}`);
} catch(err) {
    console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`);
}

securityManager.setAppClipboardPolicy¹⁸⁺

setAppClipboardPolicy(admin: Want, bundleName: string, accountId: number, policy: ClipboardPolicy): void

Sets the device clipboard policy with a specified bundle name and user ID. Currently, a maximum of 100 policies can be saved.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

Example

import { Want } from '@kit.AbilityKit';

let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let bundleName: string = 'com.example.myapplication';
let accountId: number = 100;
try {
    securityManager.setAppClipboardPolicy(wantTemp, bundleName, accountId, securityManager.ClipboardPolicy.IN_APP);
    console.info(`Succeeded in setting clipboard policy.`);
} catch(err) {
    console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`);
}

securityManager.getAppClipboardPolicy¹⁸⁺

getAppClipboardPolicy(admin: Want, bundleName: string, accountId: number): string

Obtains the device clipboard policy with the specified bundle name and user ID.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Return value

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

Example

import { Want } from '@kit.AbilityKit';

let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let bundleName: string = 'com.example.myapplication';
let accountId: number = 100;
try {
    let result: string = securityManager.getAppClipboardPolicy(wantTemp, bundleName, accountId);
    console.info(`Succeeded in getting password policy, result : ${result}`);
} catch(err) {
    console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`);
}

securityManager.setWatermarkImage¹⁴⁺

setWatermarkImage(admin: Want, bundleName: string, source: string|image.PixelMap, accountId: number): void

Sets the watermark policy. Currently, only 2-in-1 devices are supported.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

|ID|Error Message |
|——-|—————————————————————————-| |9200001|The application is not an administrator application of the device. | |9200002|The administrator application does not have permission to manage the device.| |201|Permission verification failed. The application does not have the permission required to call the API.| |401|Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed.|

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let bundleName: string = 'com.example.myapplication';
let source: string = '/data/storage/el1/base/test.png';
let accountId: number = 100;
try {
    securityManager.setWatermarkImage(wantTemp, bundleName, source, accountId);
    console.info(`Succeeded in setting set watermarkImage policy.`);
} catch(err) {
    console.error(`Failed to set watermarkImage policy. Code: ${err.code}, message: ${err.message}`);
}

securityManager.cancelWatermarkImage¹⁴⁺

cancelWatermarkImage(admin: Want, bundleName: string, accountId: number): void

Cancels the watermark policy. Currently, only 2-in-1 devices are supported.

Required permissions: ohos.permission.ENTERPRISE_MANAGE_SECURITY

System capability: SystemCapability.Customization.EnterpriseDeviceManager

Parameters

Error codes

For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.

|ID|Error Message |
|——-|—————————————————————————-| |9200001|The application is not an administrator application of the device. | |9200002|The administrator application does not have permission to manage the device.| |201|Permission verification failed. The application does not have the permission required to call the API.| |401|Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed.|

Example

import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
  bundleName: 'com.example.myapplication',
  abilityName: 'EntryAbility',
};
let bundleName: string = 'com.example.myapplication';
let accountId: number = 100;
try {
    securityManager.cancelWatermarkImage(wantTemp, bundleName, accountId);
    console.info(`Succeeded in setting cancel watermarkImage policy.`);
} catch(err) {
    console.error(`Failed to cancel watermarkImage policy. Code: ${err.code}, message: ${err.message}`);
}

CertBlob

Represents the certificate information.

System capability: SystemCapability.Customization.EnterpriseDeviceManager

PasswordPolicy

Represents a device password policy.

System capability: SystemCapability.Customization.EnterpriseDeviceManager

ClipboardPolicy

Represents a device clipboard policy.

System capability: SystemCapability.Customization.EnterpriseDeviceManager

你可能感兴趣的鸿蒙文章

harmony 鸿蒙MDM Kit

harmony 鸿蒙Enterprise Device Management Error Codes

harmony 鸿蒙@ohos.enterprise.EnterpriseAdminExtensionAbility (EnterpriseAdminExtensionAbility)

harmony 鸿蒙@ohos.enterprise.accountManager (Account Management) (System API)

harmony 鸿蒙@ohos.enterprise.accountManager (Account Management)

harmony 鸿蒙@ohos.enterprise.adminManager (Enterprise Device Management) (System API)

harmony 鸿蒙@ohos.enterprise.adminManager (Enterprise Device Management)

harmony 鸿蒙@ohos.enterprise.applicationManager (Application Management (System API)

harmony 鸿蒙@ohos.enterprise.applicationManager (Application Management)

harmony 鸿蒙@ohos.enterprise.bluetoothManager (Bluetooth Management) (System API)