1# @ohos.dlpPermission (DLP) (System API) 2 3Data loss prevention (DLP) is a system solution provided to prevent data disclosure. The **dlpPermission** module provides APIs for cross-device file access management, encrypted storage, and access authorization. 4 5> **NOTE** 6> 7> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8> - This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.dlpPermission](js-apis-dlppermission.md). 9 10## Modules to Import 11 12```ts 13import { dlpPermission } from '@kit.DataProtectionKit'; 14``` 15 16## dlpPermission.getDLPGatheringPolicy 17 18getDLPGatheringPolicy(): Promise<GatheringPolicyType> 19 20Obtains the DLP sandbox gathering policy. This API uses a promise to return the result. 21 22**System API**: This is a system API. 23 24**Required permissions**: ohos.permission.ACCESS_DLP_FILE 25 26**System capability**: SystemCapability.Security.DataLossPrevention 27 28**Return value** 29 30| Type | Description | 31| -------- | -------- | 32| Promise<[GatheringPolicyType](#gatheringpolicytype)> | Promise used to return the DLP sandbox aggregation policy obtained. | 33 34**Error codes** 35 36For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 37 38| ID | Error Message | 39| -------- | -------- | 40| 201 | Permission denied. | 41| 202 | Non-system applications use system APIs. | 42| 19100001 | Invalid parameter value. | 43| 19100011 | The system ability works abnormally. | 44 45**Example** 46 47```ts 48import { dlpPermission } from '@kit.DataProtectionKit'; 49import { BusinessError } from '@kit.BasicServicesKit'; 50 51try { 52 let res: Promise<dlpPermission.GatheringPolicyType> = dlpPermission.getDLPGatheringPolicy(); // Obtain the sandbox gathering policy. 53 console.info('res', JSON.stringify(res)); 54} catch (err) { 55 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 56} 57``` 58 59## dlpPermission.getDLPGatheringPolicy 60 61getDLPGatheringPolicy(callback: AsyncCallback<GatheringPolicyType>): void 62 63Obtains the DLP sandbox gathering policy. This API uses an asynchronous callback to return the result. 64 65**System API**: This is a system API. 66 67**Required permissions**: ohos.permission.ACCESS_DLP_FILE 68 69**System capability**: SystemCapability.Security.DataLossPrevention 70 71**Parameters** 72 73| Name | Type | Mandatory | Description | 74| -------- | -------- | -------- | -------- | 75| callback | AsyncCallback<[GatheringPolicyType](#gatheringpolicytype)> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 76 77**Error codes** 78 79For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 80 81| ID | Error Message | 82| -------- | -------- | 83| 201 | Permission denied. | 84| 202 | Non-system applications use system APIs. | 85| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 86| 19100001 | Invalid parameter value. | 87| 19100011 | The system ability works abnormally. | 88 89**Example** 90 91```ts 92import { dlpPermission } from '@kit.DataProtectionKit'; 93import { BusinessError } from '@kit.BasicServicesKit'; 94 95try { 96 dlpPermission.getDLPGatheringPolicy((err, res) => { 97 if (err != undefined) { 98 console.error('getDLPGatheringPolicy error,', err.code, err.message); 99 } else { 100 console.info('res', JSON.stringify(res)); 101 } 102 }); // Obtain the sandbox gathering policy. 103} catch (err) { 104 console.error('getDLPGatheringPolicy error,', (err as BusinessError).code, (err as BusinessError).message); 105} 106``` 107 108## dlpPermission.installDLPSandbox 109 110installDLPSandbox(bundleName: string, access: DLPFileAccess, userId: number, uri: string): Promise<DLPSandboxInfo> 111 112Installs a DLP sandbox application for an application. This API uses a promise to return the sandbox application installed. 113 114**System API**: This is a system API. 115 116**Required permissions**: ohos.permission.ACCESS_DLP_FILE 117 118**System capability**: SystemCapability.Security.DataLossPrevention 119 120**Parameters** 121 122| Name | Type | Mandatory | Description | 123| -------- | -------- | -------- | -------- | 124| bundleName | string | Yes | Bundle name of the application. | 125| access | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | Yes | Permission on the DLP file. | 126| userId | number | Yes | Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**. | 127| uri | string | Yes | URI of the DLP file. | 128 129**Return value** 130 131| Type | Description | 132| -------- | -------- | 133| Promise<[DLPSandboxInfo](#dlpsandboxinfo)> | Promise used to return the information about the sandbox application installed. | 134 135**Error codes** 136 137For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 138 139| ID | Error Message | 140| -------- | -------- | 141| 201 | Permission denied. | 142| 202 | Non-system applications use system APIs. | 143| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 144| 19100001 | Invalid parameter value. | 145| 19100011 | The system ability works abnormally. | 146 147**Example** 148 149```ts 150import { dlpPermission } from '@kit.DataProtectionKit'; 151import { BusinessError } from '@kit.BasicServicesKit'; 152 153let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 154try { 155 let res: Promise<dlpPermission.DLPSandboxInfo> = dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri); // Install a DLP sandbox application. 156 console.info('res', JSON.stringify(res)); 157} catch (err) { 158 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 159} 160``` 161 162## dlpPermission.installDLPSandbox 163 164installDLPSandbox(bundleName: string, access: DLPFileAccess, userId: number, uri:string, callback: AsyncCallback<DLPSandboxInfo>): void 165 166Installs a DLP sandbox application for an application. This API uses an asynchronous callback to return the index of the sandbox application installed. 167 168**System API**: This is a system API. 169 170**Required permissions**: ohos.permission.ACCESS_DLP_FILE 171 172**System capability**: SystemCapability.Security.DataLossPrevention 173 174**Parameters** 175 176| Name | Type | Mandatory | Description | 177| -------- | -------- | -------- | -------- | 178| bundleName | string | Yes | Bundle name of the application. | 179| access | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | Yes | Permission on the DLP file. | 180| userId | number | Yes | Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**. | 181| uri | string | Yes | URI of the DLP file. | 182| callback | AsyncCallback<[DLPSandboxInfo](#dlpsandboxinfo)> | Yes | Callback invoked to return the information about the sandbox application installed. | 183 184**Error codes** 185 186For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 187 188| ID | Error Message | 189| -------- | -------- | 190| 201 | Permission denied. | 191| 202 | Non-system applications use system APIs. | 192| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 193| 19100001 | Invalid parameter value. | 194| 19100011 | The system ability works abnormally. | 195 196**Example** 197 198```ts 199import { dlpPermission } from '@kit.DataProtectionKit'; 200import { BusinessError } from '@kit.BasicServicesKit'; 201 202let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 203try { 204 dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri, (err, res) => { 205 if (err != undefined) { 206 console.error('installDLPSandbox error,', err.code, err.message); 207 } else { 208 console.info('res', JSON.stringify(res)); 209 } 210 }); // Install a DLP sandbox application. 211} catch (err) { 212 console.error('installDLPSandbox error,', (err as BusinessError).code, (err as BusinessError).message); 213} 214``` 215 216## dlpPermission.uninstallDLPSandbox 217 218uninstallDLPSandbox(bundleName: string, userId: number, appIndex: number): Promise<void> 219 220Uninstalls a DLP sandbox application for an application. This API uses a promise to return the result. 221 222**System API**: This is a system API. 223 224**Required permissions**: ohos.permission.ACCESS_DLP_FILE 225 226**System capability**: SystemCapability.Security.DataLossPrevention 227 228**Parameters** 229 230| Name | Type | Mandatory | Description | 231| -------- | -------- | -------- | -------- | 232| bundleName | string | Yes | Bundle name of the application. | 233| userId | number | Yes | Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**. | 234| appIndex | number | Yes | DLP sandbox index. | 235 236**Return value** 237 238| Type | Description | 239| -------- | -------- | 240| Promise<void> | Promise that returns no value. | 241 242**Error codes** 243 244For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 245 246| ID | Error Message | 247| -------- | -------- | 248| 201 | Permission denied. | 249| 202 | Non-system applications use system APIs. | 250| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 251| 19100001 | Invalid parameter value. | 252| 19100011 | The system ability works abnormally. | 253 254**Example** 255 256```ts 257import { dlpPermission } from '@kit.DataProtectionKit'; 258import { BusinessError } from '@kit.BasicServicesKit'; 259 260let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 261try { 262 dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri).then((res)=>{ 263 console.info('res', JSON.stringify(res)); 264 dlpPermission.uninstallDLPSandbox('com.ohos.note', 100, res.appIndex); // Uninstall a DLP sandbox application. 265 }); // Install a DLP sandbox application. 266} catch (err) { 267 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 268} 269``` 270 271## dlpPermission.uninstallDLPSandbox 272 273uninstallDLPSandbox(bundleName: string, userId: number, appIndex: number, callback: AsyncCallback<void>): void 274 275Uninstalls a DLP sandbox application for an application. This API uses an asynchronous callback to return the result. 276 277**System API**: This is a system API. 278 279**Required permissions**: ohos.permission.ACCESS_DLP_FILE 280 281**System capability**: SystemCapability.Security.DataLossPrevention 282 283**Parameters** 284 285| Name | Type | Mandatory | Description | 286| -------- | -------- | -------- | -------- | 287| bundleName | string | Yes | Bundle name of the application. | 288| userId | number | Yes | Current user ID, which is the system account ID obtained by the account subsystem. The default super user ID is **100**. | 289| appIndex | number | Yes | DLP sandbox application index, which is the value returned after **installDLPSandbox** is successfully called. | 290| callback | AsyncCallback<void> | Yes | Callback invoked to return the uninstallation result. | 291 292**Error codes** 293 294For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 295 296| ID | Error Message | 297| -------- | -------- | 298| 201 | Permission denied. | 299| 202 | Non-system applications use system APIs. | 300| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 301| 19100001 | Invalid parameter value. | 302| 19100011 | The system ability works abnormally. | 303 304**Example** 305 306```ts 307import { dlpPermission } from '@kit.DataProtectionKit'; 308import { BusinessError } from '@kit.BasicServicesKit'; 309 310let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 311try { 312 dlpPermission.installDLPSandbox('com.ohos.note', dlpPermission.DLPFileAccess.READ_ONLY, 100, uri).then((res)=>{ 313 console.info('res', JSON.stringify(res)); 314 dlpPermission.uninstallDLPSandbox('com.ohos.note', 100, res.appIndex, (err, res) => { 315 if (err != undefined) { 316 console.error('uninstallDLPSandbox error,', err.code, err.message); 317 } else { 318 console.info('res', JSON.stringify(res)); 319 } 320 }); 321 }); // Install a DLP sandbox application. 322} catch (err) { 323 console.error('uninstallDLPSandbox error,', (err as BusinessError).code, (err as BusinessError).message); 324} 325``` 326 327## dlpPermission.on('uninstallDLPSandbox') 328 329on(type: 'uninstallDLPSandbox', listener: Callback<DLPSandboxState>): void 330 331Subscribes to a DLP sandbox uninstall event. 332 333**System API**: This is a system API. 334 335**Required permissions**: ohos.permission.ACCESS_DLP_FILE 336 337**System capability**: SystemCapability.Security.DataLossPrevention 338 339**Parameters** 340| Name | Type | Mandatory | Description | 341| -------- | -------- | -------- | -------- | 342| type | 'uninstallDLPSandbox' | Yes | Event type. It has a fixed value of **uninstallDLPSandbox**, which indicates the DLP sandbox application uninstall event. | 343| listener | Callback<[DLPSandboxState](#dlpsandboxstate)> | Yes | Callback invoked when a sandbox application is uninstalled. | 344 345**Error codes** 346 347For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 348 349| ID | Error Message | 350| -------- | -------- | 351| 201 | Permission denied. | 352| 202 | Non-system applications use system APIs. | 353| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 354| 19100001 | Invalid parameter value. | 355| 19100011 | The system ability works abnormally. | 356 357**Example** 358 359```ts 360import { dlpPermission } from '@kit.DataProtectionKit'; 361import { BusinessError } from '@kit.BasicServicesKit'; 362 363try { 364 dlpPermission.on('uninstallDLPSandbox', (info: dlpPermission.DLPSandboxState) => { 365 console.info('uninstallDLPSandbox event', info.appIndex, info.bundleName) 366 // Subscribe to the DLP sandbox application uninstall event. 367} catch (err) { 368 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 369} 370``` 371 372## dlpPermission.off('uninstallDLPSandbox') 373 374off(type: 'uninstallDLPSandbox', listener?: Callback<DLPSandboxState>): void 375 376Unsubscribes from the DLP sandbox uninstall event. 377 378**System API**: This is a system API. 379 380**Required permissions**: ohos.permission.ACCESS_DLP_FILE 381 382**System capability**: SystemCapability.Security.DataLossPrevention 383 384**Parameters** 385| Name | Type | Mandatory | Description | 386| -------- | -------- | -------- | -------- | 387| type | 'uninstallDLPSandbox' | Yes | Event type. It has a fixed value of **uninstallDLPSandbox**, which indicates the DLP sandbox application uninstall event. | 388| listener | Callback<[DLPSandboxState](#dlpsandboxstate)> | No | Callback for the sandbox uninstall event. By default, this parameter is left blank, which unregisters all callbacks for the sandbox uninstall event. | 389 390**Error codes** 391 392For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 393 394| ID | Error Message | 395| -------- | -------- | 396| 201 | Permission denied. | 397| 202 | Non-system applications use system APIs. | 398| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 399| 19100001 | Invalid parameter value. | 400| 19100011 | The system ability works abnormally. | 401 402**Example** 403 404```ts 405import { dlpPermission } from '@kit.DataProtectionKit'; 406import { BusinessError } from '@kit.BasicServicesKit'; 407 408try { 409 dlpPermission.off('uninstallDLPSandbox', (info: dlpPermission.DLPSandboxState) => { 410 console.info('uninstallDLPSandbox event', info.appIndex, info.bundleName) 411 // Unsubscribe from the DLP sandbox uninstall events. 412} catch (err) { 413 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 414} 415``` 416 417## DLPFile 418 419Provides APIs for managing DLP files. A **DLPFile** instance indicates a DLP file object. You can use [generateDLPFile](#dlppermissiongeneratedlpfile) or [openDLPFile](#dlppermissionopendlpfile11) to obtain a **DLPFile** instance. 420 421### Attributes 422 423**System API**: This is a system API. 424 425**System capability**: SystemCapability.Security.DataLossPrevention 426 427| Name | Type | Read Only | Mandatory | Description | 428| -------- | -------- | -------- | -------- | -------- | 429| dlpProperty | [DLPProperty](#dlpproperty) | No | Yes | Authorized user information. | 430 431### addDLPLinkFile 432 433addDLPLinkFile(linkFileName: string): Promise<void> 434 435Adds a link file to the Filesystem in Userspace (FUSE). The link file is a virtual file mapped to the ciphertext in the FUSE. The read and write operations on the link file will be synchronized to the DLP file. This API uses a promise to return the result. 436 437**System API**: This is a system API. 438 439**Required permissions**: ohos.permission.ACCESS_DLP_FILE 440 441**System capability**: SystemCapability.Security.DataLossPrevention 442 443**Parameters** 444 445| Name | Type | Mandatory | Description | 446| -------- | -------- | -------- | -------- | 447| linkFileName | string | Yes | Name of the link file to add. | 448 449**Return value** 450 451| Type | Description | 452| -------- | -------- | 453| Promise<void> | Promise that returns no value. | 454 455**Error codes** 456 457For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 458 459| ID | Error Message | 460| -------- | -------- | 461| 201 | Permission denied. | 462| 202 | Non-system applications use system APIs. | 463| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 464| 19100001 | Invalid parameter value. | 465| 19100009 | Failed to operate the DLP file. | 466| 19100011 | The system ability works abnormally. | 467 468**Example** 469 470```ts 471import { dlpPermission } from '@kit.DataProtectionKit'; 472import { fileIo } from '@kit.CoreFileKit'; 473import { bundleManager } from '@kit.AbilityKit'; 474import { BusinessError } from '@kit.BasicServicesKit'; 475 476let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 477let file = fileIo.openSync(uri); 478let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 479let appId = ""; 480let bundleName = 'com.ohos.note'; 481let userId = 100; 482 483try{ 484 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 485 if (err) { 486 console.error('error', err.code, err.message); 487 } else { 488 appId = data.signatureInfo.appId; 489 } 490 }) 491} catch (err) { 492 console.error('error', err.code, err.message); 493} 494 495try { 496 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 497 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 498 dlpFile.closeDLPFile(); // Close the DLPFile instance. 499 }); // Open a DLP file. 500} catch (err) { 501 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 502} 503fileIo.closeSync(file); 504``` 505 506### addDLPLinkFile 507 508addDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void 509 510Adds a link file to the FUSE. This API uses an asynchronous callback to return the result. 511 512**System API**: This is a system API. 513 514**Required permissions**: ohos.permission.ACCESS_DLP_FILE 515 516**System capability**: SystemCapability.Security.DataLossPrevention 517 518**Parameters** 519 520| Name | Type | Mandatory | Description | 521| -------- | -------- | -------- | -------- | 522| linkFileName | string | Yes | Name of the link file to add. | 523| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. | 524 525**Error codes** 526 527For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 528 529| ID | Error Message | 530| -------- | -------- | 531| 201 | Permission denied. | 532| 202 | Non-system applications use system APIs. | 533| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 534| 19100001 | Invalid parameter value. | 535| 19100009 | Failed to operate the DLP file. | 536| 19100011 | The system ability works abnormally. | 537 538**Example** 539 540```ts 541import { dlpPermission } from '@kit.DataProtectionKit'; 542import { fileIo } from '@kit.CoreFileKit'; 543import { bundleManager } from '@kit.AbilityKit'; 544import { BusinessError } from '@kit.BasicServicesKit'; 545 546let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 547let file = fileIo.openSync(uri); 548let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 549let appId = ""; 550let bundleName = 'com.ohos.note'; 551let userId = 100; 552 553try{ 554 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 555 if (err) { 556 console.error('error', err.code, err.message); 557 } else { 558 appId = data.signatureInfo.appId; 559 } 560 }) 561} catch (err) { 562 console.error('error', err.code, err.message); 563} 564 565try { 566 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 567 dlpFile.addDLPLinkFile('test.txt.dlp.link', async (err, res) => { 568 if (err != undefined) { 569 console.error('addDLPLinkFile error,', err.code, err.message); 570 await dlpFile.closeDLPFile(); // Close the DLPFile instance. 571 } else { 572 console.info('res', JSON.stringify(res)); 573 } 574 }); 575 }); // Open a DLP file. 576} catch (err) { 577 console.error('addDLPLinkFile error,', (err as BusinessError).code, (err as BusinessError).message); 578} 579``` 580 581### stopFuseLink 582 583stopFuseLink(): Promise<void> 584 585Stops the read and write on the FUSE. This API uses a promise to return the result. 586 587**System API**: This is a system API. 588 589**Required permissions**: ohos.permission.ACCESS_DLP_FILE 590 591**System capability**: SystemCapability.Security.DataLossPrevention 592 593**Return value** 594 595| Type | Description | 596| -------- | -------- | 597| Promise<void> | Promise that returns no value. | 598 599**Error codes** 600 601For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 602 603| ID | Error Message | 604| -------- | -------- | 605| 201 | Permission denied. | 606| 202 | Non-system applications use system APIs. | 607| 19100001 | Invalid parameter value. | 608| 19100009 | Failed to operate the DLP file. | 609| 19100011 | The system ability works abnormally. | 610 611**Example** 612 613```ts 614import { dlpPermission } from '@kit.DataProtectionKit'; 615import { fileIo } from '@kit.CoreFileKit'; 616import { bundleManager } from '@kit.AbilityKit'; 617import { BusinessError } from '@kit.BasicServicesKit'; 618 619let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 620let file = fileIo.openSync(uri); 621let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 622let appId = ""; 623let bundleName = 'com.ohos.note'; 624let userId = 100; 625 626try{ 627 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 628 if (err) { 629 console.error('error', err.code, err.message); 630 } else { 631 appId = data.signatureInfo.appId; 632 } 633 }) 634} catch (err) { 635 console.error('error', err.code, err.message); 636} 637 638try { 639 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 640 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 641 dlpFile.stopFuseLink(); // Stop read/write on the link file. 642 dlpFile.closeDLPFile(); // Close the DLPFile instance. 643 }); // Open a DLP file. 644} catch (err) { 645 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 646} 647fileIo.closeSync(file); 648``` 649 650### stopFuseLink 651 652stopFuseLink(callback: AsyncCallback<void>): void 653 654Stops the read and write on the FUSE. This API uses an asynchronous callback to return the result. 655 656**System API**: This is a system API. 657 658**Required permissions**: ohos.permission.ACCESS_DLP_FILE 659 660**System capability**: SystemCapability.Security.DataLossPrevention 661 662**Parameters** 663 664| Name | Type | Mandatory | Description | 665| -------- | -------- | -------- | -------- | 666| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. | 667 668**Error codes** 669 670For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 671 672| ID | Error Message | 673| -------- | -------- | 674| 201 | Permission denied. | 675| 202 | Non-system applications use system APIs. | 676| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 677| 19100001 | Invalid parameter value. | 678| 19100009 | Failed to operate the DLP file. | 679| 19100011 | The system ability works abnormally. | 680 681**Example** 682 683```ts 684import { dlpPermission } from '@kit.DataProtectionKit'; 685import { fileIo } from '@kit.CoreFileKit'; 686import { bundleManager } from '@kit.AbilityKit'; 687import { BusinessError } from '@kit.BasicServicesKit'; 688 689let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 690let file = fileIo.openSync(uri); 691let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 692let appId = ""; 693let bundleName = 'com.ohos.note'; 694let userId = 100; 695 696try{ 697 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 698 if (err) { 699 console.error('error', err.code, err.message); 700 } else { 701 appId = data.signatureInfo.appId; 702 } 703 }) 704} catch (err) { 705 console.error('error', err.code, err.message); 706} 707 708try { 709 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 710 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 711 dlpFile.stopFuseLink(async (err, res) => { 712 if (err != undefined) { 713 console.error('stopFuseLink error,', err.code, err.message); 714 await dlpFile.closeDLPFile(); // Close the DLPFile instance. 715 } else { 716 console.info('res', JSON.stringify(res)); 717 } 718 }); 719 }); // Open a DLP file. 720} catch (err) { 721 console.error('stopFuseLink error,', (err as BusinessError).code, (err as BusinessError).message); 722} 723``` 724 725### resumeFuseLink 726 727resumeFuseLink(): Promise<void> 728 729Resumes the read and write on the FUSE. This API uses a promise to return the result. 730 731**System API**: This is a system API. 732 733**Required permissions**: ohos.permission.ACCESS_DLP_FILE 734 735**System capability**: SystemCapability.Security.DataLossPrevention 736 737**Return value** 738 739| Type | Description | 740| -------- | -------- | 741| Promise<void> | Promise that returns no value. | 742 743**Error codes** 744 745For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 746 747| ID | Error Message | 748| -------- | -------- | 749| 201 | Permission denied. | 750| 202 | Non-system applications use system APIs. | 751| 19100001 | Invalid parameter value. | 752| 19100009 | Failed to operate the DLP file. | 753| 19100011 | The system ability works abnormally. | 754 755**Example** 756 757```ts 758import { dlpPermission } from '@kit.DataProtectionKit'; 759import { fileIo } from '@kit.CoreFileKit'; 760import { bundleManager } from '@kit.AbilityKit'; 761import { BusinessError } from '@kit.BasicServicesKit'; 762 763let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 764let file = fileIo.openSync(uri); 765let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 766let appId = ""; 767let bundleName = 'com.ohos.note'; 768let userId = 100; 769 770try{ 771 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 772 if (err) { 773 console.error('error', err.code, err.message); 774 } else { 775 appId = data.signatureInfo.appId; 776 } 777 }) 778} catch (err) { 779 console.error('error', err.code, err.message); 780} 781 782try { 783 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 784 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 785 dlpFile.stopFuseLink(); // Stop read/write on the link file. 786 dlpFile.resumeFuseLink(); // Resume read/write on the link file. 787 dlpFile.closeDLPFile(); // Close the DLPFile instance. 788 }); // Open a DLP file. 789} catch (err) { 790 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 791} 792fileIo.closeSync(file); 793``` 794 795### resumeFuseLink 796 797resumeFuseLink(callback: AsyncCallback<void>): void 798 799Resumes the read and write on the FUSE. This API uses an asynchronous callback to return the result. 800 801**System API**: This is a system API. 802 803**Required permissions**: ohos.permission.ACCESS_DLP_FILE 804 805**System capability**: SystemCapability.Security.DataLossPrevention 806 807**Parameters** 808 809| Name | Type | Mandatory | Description | 810| -------- | -------- | -------- | -------- | 811| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. | 812 813**Error codes** 814 815For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 816 817| ID | Error Message | 818| -------- | -------- | 819| 201 | Permission denied. | 820| 202 | Non-system applications use system APIs. | 821| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 822| 19100001 | Invalid parameter value. | 823| 19100009 | Failed to operate the DLP file. | 824| 19100011 | The system ability works abnormally. | 825 826**Example** 827 828```ts 829import { dlpPermission } from '@kit.DataProtectionKit'; 830import { fileIo } from '@kit.CoreFileKit'; 831import { bundleManager } from '@kit.AbilityKit'; 832import { BusinessError } from '@kit.BasicServicesKit'; 833 834let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 835let file = fileIo.openSync(uri); 836let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 837let appId = ""; 838let bundleName = 'com.ohos.note'; 839let userId = 100; 840 841try{ 842 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 843 if (err) { 844 console.error('error', err.code, err.message); 845 } else { 846 appId = data.signatureInfo.appId; 847 } 848 }) 849} catch (err) { 850 console.error('error', err.code, err.message); 851} 852 853try { 854 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 855 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 856 dlpFile.stopFuseLink(); // Stop read/write on the link file. 857 dlpFile.resumeFuseLink(async (err, res) => { 858 if (err != undefined) { 859 console.error('resumeFuseLink error,', err.code, err.message); 860 await dlpFile.closeDLPFile(); // Close the DLPFile instance. 861 } else { 862 console.info('res', JSON.stringify(res)); 863 } 864 }); 865 }); // Open a DLP file. 866} catch (err) { 867 console.error('resumeFuseLink error,', (err as BusinessError).code, (err as BusinessError).message); 868} 869``` 870 871### replaceDLPLinkFile 872 873replaceDLPLinkFile(linkFileName: string): Promise<void> 874 875Replaces a link file. This API uses a promise to return the result. 876 877**System API**: This is a system API. 878 879**Required permissions**: ohos.permission.ACCESS_DLP_FILE 880 881**System capability**: SystemCapability.Security.DataLossPrevention 882 883**Parameters** 884 885| Name | Type | Mandatory | Description | 886| -------- | -------- | -------- | -------- | 887| linkFileName | string | Yes| Name of the link file to replace.| 888 889**Return value** 890 891| Type | Description | 892| -------- | -------- | 893| Promise<void> | Promise that returns no value. | 894 895**Error codes** 896 897For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 898 899| ID | Error Message | 900| -------- | -------- | 901| 201 | Permission denied. | 902| 202 | Non-system applications use system APIs. | 903| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 904| 19100001 | Invalid parameter value. | 905| 19100009 | Failed to operate the DLP file. | 906| 19100011 | The system ability works abnormally. | 907 908**Example** 909 910```ts 911import { dlpPermission } from '@kit.DataProtectionKit'; 912import { fileIo } from '@kit.CoreFileKit'; 913import { bundleManager } from '@kit.AbilityKit'; 914import { BusinessError } from '@kit.BasicServicesKit'; 915 916let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 917let file = fileIo.openSync(uri); 918let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 919let appId = ""; 920let bundleName = 'com.ohos.note'; 921let userId = 100; 922 923try{ 924 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 925 if (err) { 926 console.error('error', err.code, err.message); 927 } else { 928 appId = data.signatureInfo.appId; 929 } 930 }) 931} catch (err) { 932 console.error('error', err.code, err.message); 933} 934 935try { 936 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 937 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 938 dlpFile.stopFuseLink(); // Stop read/write on the link file. 939 dlpFile.replaceDLPLinkFile('test_new.txt.dlp.link'); // Replace the link file. 940 dlpFile.resumeFuseLink(); // Resume read/write on the link file. 941 dlpFile.closeDLPFile(); // Close the DLPFile instance. 942 }); // Open a DLP file. 943} catch (err) { 944 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 945} 946fileIo.closeSync(file); 947``` 948 949### replaceDLPLinkFile 950 951replaceDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void 952 953Replaces a link file. This API uses an asynchronous callback to return the result. 954 955**System API**: This is a system API. 956 957**Required permissions**: ohos.permission.ACCESS_DLP_FILE 958 959**System capability**: SystemCapability.Security.DataLossPrevention 960 961**Parameters** 962 963| Name | Type | Mandatory | Description | 964| -------- | -------- | -------- | -------- | 965| linkFileName | string | Yes| Name of the link file to replace.| 966| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. | 967 968**Error codes** 969 970For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 971 972| ID | Error Message | 973| -------- | -------- | 974| 201 | Permission denied. | 975| 202 | Non-system applications use system APIs. | 976| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 977| 19100001 | Invalid parameter value. | 978| 19100009 | Failed to operate the DLP file. | 979| 19100011 | The system ability works abnormally. | 980 981**Example** 982 983```ts 984import { dlpPermission } from '@kit.DataProtectionKit'; 985import { fileIo } from '@kit.CoreFileKit'; 986import { bundleManager } from '@kit.AbilityKit'; 987import { BusinessError } from '@kit.BasicServicesKit'; 988 989let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 990let file = fileIo.openSync(uri); 991let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 992let appId = ""; 993let bundleName = 'com.ohos.note'; 994let userId = 100; 995 996try{ 997 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 998 if (err) { 999 console.error('error', err.code, err.message); 1000 } else { 1001 appId = data.signatureInfo.appId; 1002 } 1003 }) 1004} catch (err) { 1005 console.error('error', err.code, err.message); 1006} 1007 1008try { 1009 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 1010 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 1011 dlpFile.stopFuseLink(); // Stop read/write on the link file. 1012 dlpFile.replaceDLPLinkFile('test_new.txt.dlp.link', async (err, res) => { // Replace a link file. 1013 if (err != undefined) { 1014 console.error('replaceDLPLinkFile error,', err.code, err.message); 1015 await dlpFile.closeDLPFile(); // Close the DLPFile instance. 1016 } else { 1017 console.info('res', JSON.stringify(res)); 1018 await dlpFile.resumeFuseLink(); // Resume read/write on the link file. 1019 } 1020 }); 1021 }); // Open a DLP file. 1022} catch (err) { 1023 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1024} 1025``` 1026 1027### deleteDLPLinkFile 1028 1029deleteDLPLinkFile(linkFileName: string): Promise<void> 1030 1031Deletes a link file from the FUSE. This API uses a promise to return the result. 1032 1033**System API**: This is a system API. 1034 1035**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1036 1037**System capability**: SystemCapability.Security.DataLossPrevention 1038 1039**Parameters** 1040 1041| Name | Type | Mandatory | Description | 1042| -------- | -------- | -------- | -------- | 1043| linkFileName | string | Yes| Name of the link file to delete.| 1044 1045**Return value** 1046 1047| Type | Description | 1048| -------- | -------- | 1049| Promise<void> | Promise that returns no value. | 1050 1051**Error codes** 1052 1053For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1054 1055| ID | Error Message | 1056| -------- | -------- | 1057| 201 | Permission denied. | 1058| 202 | Non-system applications use system APIs. | 1059| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1060| 19100001 | Invalid parameter value. | 1061| 19100009 | Failed to operate the DLP file. | 1062| 19100011 | The system ability works abnormally. | 1063 1064**Example** 1065 1066```ts 1067import { dlpPermission } from '@kit.DataProtectionKit'; 1068import { fileIo } from '@kit.CoreFileKit'; 1069import { bundleManager } from '@kit.AbilityKit'; 1070import { BusinessError } from '@kit.BasicServicesKit'; 1071 1072let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1073let file = fileIo.openSync(uri); 1074let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1075let appId = ""; 1076let bundleName = 'com.ohos.note'; 1077let userId = 100; 1078 1079try{ 1080 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 1081 if (err) { 1082 console.error('error', err.code, err.message); 1083 } else { 1084 appId = data.signatureInfo.appId; 1085 } 1086 }) 1087} catch (err) { 1088 console.error('error', err.code, err.message); 1089} 1090 1091try { 1092 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 1093 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 1094 dlpFile.deleteDLPLinkFile('test.txt.dlp.link'); // Delete the link file. 1095 dlpFile.closeDLPFile(); // Close the DLPFile instance. 1096 }); // Open a DLP file. 1097} catch (err) { 1098 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1099} 1100fileIo.closeSync(file); 1101``` 1102 1103### deleteDLPLinkFile 1104 1105deleteDLPLinkFile(linkFileName: string, callback: AsyncCallback<void>): void 1106 1107Deletes a link file. This API uses an asynchronous callback to return the result. 1108 1109**System API**: This is a system API. 1110 1111**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1112 1113**System capability**: SystemCapability.Security.DataLossPrevention 1114 1115**Parameters** 1116 1117| Name | Type | Mandatory | Description | 1118| -------- | -------- | -------- | -------- | 1119| linkFileName | string | Yes| Name of the link file to delete.| 1120| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. | 1121 1122**Error codes** 1123 1124For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1125 1126| ID | Error Message | 1127| -------- | -------- | 1128| 201 | Permission denied. | 1129| 202 | Non-system applications use system APIs. | 1130| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1131| 19100001 | Invalid parameter value. | 1132| 19100009 | Failed to operate the DLP file. | 1133| 19100011 | The system ability works abnormally. | 1134 1135**Example** 1136 1137```ts 1138import { dlpPermission } from '@kit.DataProtectionKit'; 1139import { fileIo } from '@kit.CoreFileKit'; 1140import { bundleManager } from '@kit.AbilityKit'; 1141import { BusinessError } from '@kit.BasicServicesKit'; 1142 1143let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1144let file = fileIo.openSync(uri); 1145let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1146let appId = ""; 1147let bundleName = 'com.ohos.note'; 1148let userId = 100; 1149 1150try{ 1151 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 1152 if (err) { 1153 console.error('error', err.code, err.message); 1154 } else { 1155 appId = data.signatureInfo.appId; 1156 } 1157 }) 1158} catch (err) { 1159 console.error('error', err.code, err.message); 1160} 1161 1162try { 1163 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 1164 dlpFile.addDLPLinkFile('test.txt.dlp.link'); // Add a link file. 1165 dlpFile.deleteDLPLinkFile('test.txt.dlp.link', async (err, res) => { // Delete a link file. 1166 if (err != undefined) { 1167 console.error('deleteDLPLinkFile error,', err.code, err.message); 1168 await dlpFile.closeDLPFile(); // Close the DLPFile instance. 1169 } else { 1170 console.info('res', JSON.stringify(res)); 1171 } 1172 }); 1173 }); // Open a DLP file. 1174} catch (err) { 1175 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1176} 1177``` 1178 1179### recoverDLPFile 1180 1181recoverDLPFile(plaintextFd: number): Promise<void> 1182 1183Recovers the plaintext of a DLP file. This API uses a promise to return the result. 1184 1185**System API**: This is a system API. 1186 1187**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1188 1189**System capability**: SystemCapability.Security.DataLossPrevention 1190 1191**Parameters** 1192 1193| Name | Type | Mandatory | Description | 1194| -------- | -------- | -------- | -------- | 1195| plaintextFd | number | Yes | FD of the target plaintext file. | 1196 1197**Return value** 1198 1199| Type | Description | 1200| -------- | -------- | 1201| Promise<void> | Promise that returns no value. | 1202 1203**Error codes** 1204 1205For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1206 1207| ID | Error Message | 1208| -------- | -------- | 1209| 201 | Permission denied. | 1210| 202 | Non-system applications use system APIs. | 1211| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1212| 19100001 | Invalid parameter value. | 1213| 19100002 | Credential task error. | 1214| 19100003 | Credential task time out. | 1215| 19100004 | Credential service error. | 1216| 19100005 | Credential authentication server error. | 1217| 19100008 | The file is not a DLP file. | 1218| 19100009 | Failed to operate the DLP file. | 1219| 19100010 | The DLP file is read only. | 1220| 19100011 | The system ability works abnormally. | 1221 1222**Example** 1223 1224```ts 1225import { dlpPermission } from '@kit.DataProtectionKit'; 1226import { fileIo } from '@kit.CoreFileKit'; 1227import { bundleManager } from '@kit.AbilityKit'; 1228import { BusinessError } from '@kit.BasicServicesKit'; 1229 1230let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1231let file = fileIo.openSync(uri); 1232let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1233let appId = ""; 1234let bundleName = 'com.ohos.note'; 1235let userId = 100; 1236 1237try{ 1238 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 1239 if (err) { 1240 console.error('error', err.code, err.message); 1241 } else { 1242 appId = data.signatureInfo.appId; 1243 } 1244 }) 1245} catch (err) { 1246 console.error('error', err.code, err.message); 1247} 1248 1249let destFile = fileIo.openSync("destUri"); 1250try { 1251 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 1252 dlpFile.recoverDLPFile(destFile.fd); // Recover the plain text from the DLP file. 1253 dlpFile.closeDLPFile(); // Close the DLPFile instance. 1254 }); // Open a DLP file. 1255} catch (err) { 1256 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1257} 1258fileIo.closeSync(file); 1259fileIo.closeSync(destFile); 1260``` 1261 1262### recoverDLPFile 1263 1264recoverDLPFile(plaintextFd: number, callback: AsyncCallback<void>): void 1265 1266Recovers the plaintext of a DLP file. This API uses an asynchronous callback to return the result. 1267 1268**System API**: This is a system API. 1269 1270**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1271 1272**System capability**: SystemCapability.Security.DataLossPrevention 1273 1274**Parameters** 1275 1276| Name | Type | Mandatory | Description | 1277| -------- | -------- | -------- | -------- | 1278| plaintextFd | number | Yes | FD of the target plaintext file. | 1279| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. | 1280 1281**Error codes** 1282 1283For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1284 1285| ID | Error Message | 1286| -------- | -------- | 1287| 201 | Permission denied. | 1288| 202 | Non-system applications use system APIs. | 1289| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1290| 19100001 | Invalid parameter value. | 1291| 19100002 | Credential task error. | 1292| 19100003 | Credential task time out. | 1293| 19100004 | Credential service error. | 1294| 19100005 | Credential authentication server error. | 1295| 19100008 | The file is not a DLP file. | 1296| 19100009 | Failed to operate the DLP file. | 1297| 19100010 | The DLP file is read only. | 1298| 19100011 | The system ability works abnormally. | 1299 1300**Example** 1301 1302```ts 1303import { dlpPermission } from '@kit.DataProtectionKit'; 1304import { fileIo } from '@kit.CoreFileKit'; 1305import { bundleManager } from '@kit.AbilityKit'; 1306import { BusinessError } from '@kit.BasicServicesKit'; 1307 1308let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1309let file = fileIo.openSync(uri); 1310let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1311let appId = ""; 1312let bundleName = 'com.ohos.note'; 1313let userId = 100; 1314 1315try{ 1316 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 1317 if (err) { 1318 console.error('error', err.code, err.message); 1319 } else { 1320 appId = data.signatureInfo.appId; 1321 } 1322 }) 1323} catch (err) { 1324 console.error('error', err.code, err.message); 1325} 1326 1327let destFile = fileIo.openSync("destUri"); 1328try { 1329 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 1330 dlpFile.recoverDLPFile(destFile.fd, async (err, res) => { // Recover the plaintext of a DLP file. 1331 if (err != undefined) { 1332 console.error('recoverDLPFile error,', err.code, err.message); 1333 await dlpFile.closeDLPFile(); // Close the DLPFile instance. 1334 } else { 1335 console.info('res', JSON.stringify(res)); 1336 } 1337 }); 1338 }); // Open a DLP file. 1339} catch (err) { 1340 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1341} 1342``` 1343 1344### closeDLPFile 1345 1346closeDLPFile(): Promise<void> 1347 1348Closes this **DLPFile** instance. This API uses a promise to return the result. 1349 1350**System API**: This is a system API. 1351 1352**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1353 1354**System capability**: SystemCapability.Security.DataLossPrevention 1355 1356> **NOTE** 1357> 1358> If a DLP file is no longer used, close the **dlpFile** instance to release the memory. 1359 1360**Return value** 1361 1362| Type | Description | 1363| -------- | -------- | 1364| Promise<void> | Promise that returns no value. | 1365 1366**Error codes** 1367 1368For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1369 1370| ID | Error Message | 1371| -------- | -------- | 1372| 201 | Permission denied. | 1373| 202 | Non-system applications use system APIs. | 1374| 19100001 | Invalid parameter value. | 1375| 19100009 | Failed to operate the DLP file. | 1376| 19100011 | The system ability works abnormally. | 1377 1378**Example** 1379 1380```ts 1381import { dlpPermission } from '@kit.DataProtectionKit'; 1382import { fileIo } from '@kit.CoreFileKit'; 1383import { bundleManager } from '@kit.AbilityKit'; 1384import { BusinessError } from '@kit.BasicServicesKit'; 1385 1386let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1387let file = fileIo.openSync(uri); 1388let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1389let appId = ""; 1390let bundleName = 'com.ohos.note'; 1391let userId = 100; 1392 1393try{ 1394 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 1395 if (err) { 1396 console.error('error', err.code, err.message); 1397 } else { 1398 appId = data.signatureInfo.appId; 1399 } 1400 }) 1401} catch (err) { 1402 console.error('error', err.code, err.message); 1403} 1404 1405try { 1406 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 1407 dlpFile.closeDLPFile(); // Close the DLPFile instance. 1408 }); // Open a DLP file. 1409} catch (err) { 1410 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1411} 1412fileIo.closeSync(file); 1413``` 1414 1415### closeDLPFile 1416 1417closeDLPFile(callback: AsyncCallback<void>): void 1418 1419Closes this **DLPFile** instance. This API uses an asynchronous callback to return the result. 1420 1421**System API**: This is a system API. 1422 1423**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1424 1425**System capability**: SystemCapability.Security.DataLossPrevention 1426 1427> **NOTE** 1428> 1429> If a DLP file is no longer used, close the **dlpFile** instance to release the memory. 1430 1431**Parameters** 1432 1433| Name | Type | Mandatory | Description | 1434| -------- | -------- | -------- | -------- | 1435| callback | AsyncCallback<void> | Yes | Callback invoked to return the result. | 1436 1437**Error codes** 1438 1439For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1440 1441| ID | Error Message | 1442| -------- | -------- | 1443| 201 | Permission denied. | 1444| 202 | Non-system applications use system APIs. | 1445| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 1446| 19100001 | Invalid parameter value. | 1447| 19100009 | Failed to operate the DLP file. | 1448| 19100011 | The system ability works abnormally. | 1449 1450**Example** 1451 1452```ts 1453import { dlpPermission } from '@kit.DataProtectionKit'; 1454import { fileIo } from '@kit.CoreFileKit'; 1455import { bundleManager } from '@kit.AbilityKit'; 1456import { BusinessError } from '@kit.BasicServicesKit'; 1457 1458let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1459let file = fileIo.openSync(uri); 1460let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1461let appId = ""; 1462let bundleName = 'com.ohos.note'; 1463let userId = 100; 1464 1465try{ 1466 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 1467 if (err) { 1468 console.error('error', err.code, err.message); 1469 } else { 1470 appId = data.signatureInfo.appId; 1471 } 1472 }) 1473} catch (err) { 1474 console.error('error', err.code, err.message); 1475} 1476 1477try { 1478 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 1479 dlpFile.closeDLPFile((err, res) => {// Close the DLP file. 1480 if (err != undefined) { 1481 console.error('closeDLPFile error,', err.code, err.message); 1482 } else { 1483 console.info('res', JSON.stringify(res)); 1484 } 1485 fileIo.closeSync(file); 1486 }); 1487 }); // Open a DLP file. 1488} catch (err) { 1489 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1490 fileIo.closeSync(file); 1491} 1492``` 1493 1494## dlpPermission.generateDLPFile 1495 1496generateDLPFile(plaintextFd: number, ciphertextFd: number, property: DLPProperty): Promise<DLPFile> 1497 1498Generates a DLP file, which is an encrypted file that can be accessed only by authorized users. The users can have the full control permission or read-only permission on the DLP file. This API uses a promise to return the result. 1499 1500**System API**: This is a system API. 1501 1502**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1503 1504**System capability**: SystemCapability.Security.DataLossPrevention 1505 1506**Parameters** 1507 1508| Name | Type | Mandatory | Description | 1509| -------- | -------- | -------- | -------- | 1510| plaintextFd | number | Yes | FD of the plaintext file to be encrypted. | 1511| ciphertextFd | number | Yes | FD of the encrypted file. | 1512| property | [DLPProperty](#dlpproperty) | Yes | Authorization information, which includes the authorized user list, owner account, and contact account information. | 1513 1514**Return value** 1515 1516| Type | Description | 1517| -------- | -------- | 1518| Promise<[DLPFile](#dlpfile)> | Promise used to return the result. If the operation is successful, a **DLPFile** instance is returned. Otherwise, **null** is returned. | 1519 1520**Error codes** 1521 1522For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1523 1524| ID | Error Message | 1525| -------- | -------- | 1526| 201 | Permission denied. | 1527| 202 | Non-system applications use system APIs. | 1528| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1529| 19100001 | Invalid parameter value. | 1530| 19100002 | Credential task error. | 1531| 19100003 | Credential task time out. | 1532| 19100004 | Credential service error. | 1533| 19100005 | Credential authentication server error. | 1534| 19100009 | Failed to operate the DLP file. | 1535| 19100011 | The system ability works abnormally. | 1536 1537**Example** 1538 1539```ts 1540import { dlpPermission } from '@kit.DataProtectionKit'; 1541import { fileIo } from '@kit.CoreFileKit'; 1542import { BusinessError } from '@kit.BasicServicesKit'; 1543 1544let dlpUri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1545let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt"; 1546let file = fileIo.openSync(uri); 1547let dlp = fileIo.openSync(dlpUri); 1548try { 1549 let dlpProperty: dlpPermission.DLPProperty = { 1550 ownerAccount: 'zhangsan', 1551 ownerAccountType: dlpPermission.AccountType.DOMAIN_ACCOUNT, 1552 authUserList: [], 1553 contactAccount: 'zhangsan', 1554 offlineAccess: true, 1555 ownerAccountID: 'xxxxxxx', 1556 everyoneAccessList: [] 1557 }; 1558 dlpPermission.generateDLPFile(file.fd, dlp.fd, dlpProperty).then((dlpFile)=>{ 1559 dlpFile.closeDLPFile(); // Close the DLPFile instance. 1560 }); // Generate a DLP file. 1561} catch (err) { 1562 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1563} 1564fileIo.closeSync(file); 1565fileIo.closeSync(dlp); 1566``` 1567 1568## dlpPermission.generateDLPFile 1569 1570generateDLPFile(plaintextFd: number, ciphertextFd: number, property: DLPProperty, callback: AsyncCallback<DLPFile>): void 1571 1572Generates a DLP file, which is an encrypted file that can be accessed only by authorized users. The users can have the full control permission or read-only permission on the DLP file. This API uses an asynchronous callback to return the result. 1573 1574**System API**: This is a system API. 1575 1576**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1577 1578**System capability**: SystemCapability.Security.DataLossPrevention 1579 1580**Parameters** 1581 1582| Name | Type | Mandatory | Description | 1583| -------- | -------- | -------- | -------- | 1584| plaintextFd | number | Yes | FD of the plaintext file to be encrypted. | 1585| ciphertextFd | number | Yes | FD of the encrypted file. | 1586| property | [DLPProperty](#dlpproperty) | Yes | Authorization information, which includes the authorized user list, owner account, and contact account information. | 1587| callback | AsyncCallback<[DLPFile](#dlpfile)> | Yes | Callback invoked to return the **DLPFile** instance created. | 1588 1589**Error codes** 1590 1591For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1592 1593| ID | Error Message | 1594| -------- | -------- | 1595| 201 | Permission denied. | 1596| 202 | Non-system applications use system APIs. | 1597| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1598| 19100001 | Invalid parameter value. | 1599| 19100002 | Credential task error. | 1600| 19100003 | Credential task time out. | 1601| 19100004 | Credential service error. | 1602| 19100005 | Credential authentication server error. | 1603| 19100009 | Failed to operate the DLP file. | 1604| 19100011 | The system ability works abnormally. | 1605 1606**Example** 1607 1608```ts 1609import { dlpPermission } from '@kit.DataProtectionKit'; 1610import { fileIo } from '@kit.CoreFileKit'; 1611import { BusinessError } from '@kit.BasicServicesKit'; 1612 1613let dlpUri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1614let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt"; 1615let file = fileIo.openSync(uri); 1616let dlp = fileIo.openSync(dlpUri); 1617try { 1618 let dlpProperty: dlpPermission.DLPProperty = { 1619 ownerAccount: 'zhangsan', 1620 ownerAccountType: dlpPermission.AccountType.DOMAIN_ACCOUNT, 1621 authUserList: [], 1622 contactAccount: 'zhangsan', 1623 offlineAccess: true, 1624 ownerAccountID: 'xxxxxxx', 1625 everyoneAccessList: [] 1626 }; 1627 dlpPermission.generateDLPFile(file.fd, dlp.fd, dlpProperty, (err, res) => { // Generate a DLP file. 1628 if (err != undefined) { 1629 console.error('generateDLPFile error,', err.code, err.message); 1630 } else { 1631 console.info('res', JSON.stringify(res)); 1632 } 1633 }); 1634} catch (err) { 1635 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1636 fileIo.closeSync(file); 1637} 1638``` 1639 1640## dlpPermission.openDLPFile<sup>11+</sup> 1641 1642openDLPFile(ciphertextFd: number, appId: string): Promise<DLPFile> 1643 1644Opens a DLP file. This API uses a promise to return the result. 1645 1646**System API**: This is a system API. 1647 1648**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1649 1650**System capability**: SystemCapability.Security.DataLossPrevention 1651 1652**Parameters** 1653 1654| Name | Type | Mandatory | Description | 1655| -------- | -------- | -------- | -------- | 1656| ciphertextFd | number | Yes | FD of the encrypted file. | 1657| appId | string | Yes | ID of the caller. | 1658 1659**Return value** 1660 1661| Type | Description | 1662| -------- | -------- | 1663| Promise<[DLPFile](#dlpfile)> | Promise used to return the result. If the operation is successful, a **DLPFile** instance is returned. Otherwise, **null** is returned. | 1664 1665**Error codes** 1666 1667For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1668 1669| ID | Error Message | 1670| -------- | -------- | 1671| 201 | Permission denied. | 1672| 202 | Non-system applications use system APIs. | 1673| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1674| 19100001 | Invalid parameter value. | 1675| 19100002 | Credential task error. | 1676| 19100003 | Credential task time out. | 1677| 19100004 | Credential service error. | 1678| 19100005 | Credential authentication server error. | 1679| 19100008 | The file is not a DLP file. | 1680| 19100009 | Failed to operate the DLP file. | 1681| 19100011 | The system ability works abnormally. | 1682| 19100018 | Not authorized application. | 1683| 19100019 | The DLP file has expired. | 1684| 19100020 | No network connection. | 1685 1686**Example** 1687 1688```ts 1689import { dlpPermission } from '@kit.DataProtectionKit'; 1690import { fileIo } from '@kit.CoreFileKit'; 1691import { bundleManager } from '@kit.AbilityKit'; 1692import { BusinessError } from '@kit.BasicServicesKit'; 1693 1694let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1695let file = fileIo.openSync(uri); 1696let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1697let appId = ""; 1698let bundleName = 'com.ohos.note'; 1699let userId = 100; 1700 1701try{ 1702 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 1703 if (err) { 1704 console.error('error', err.code, err.message); 1705 } else { 1706 appId = data.signatureInfo.appId; 1707 } 1708 }) 1709} catch (err) { 1710 console.error('error', err.code, err.message); 1711} 1712 1713try { 1714 dlpPermission.openDLPFile(file.fd, appId).then((dlpFile)=>{ 1715 dlpFile.closeDLPFile(); // Close the DLPFile instance. 1716 }); // Open a DLP file. 1717} catch (err) { 1718 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1719} 1720fileIo.closeSync(file); 1721``` 1722 1723## dlpPermission.openDLPFile<sup>11+</sup> 1724 1725openDLPFile(ciphertextFd: number, appId: string, callback: AsyncCallback<DLPFile>): void 1726 1727Opens a DLP file. This API uses an asynchronous callback to return the result. 1728 1729**System API**: This is a system API. 1730 1731**Required permissions**: ohos.permission.ACCESS_DLP_FILE 1732 1733**System capability**: SystemCapability.Security.DataLossPrevention 1734 1735**Parameters** 1736 1737| Name | Type | Mandatory | Description | 1738| -------- | -------- | -------- | -------- | 1739| ciphertextFd | number | Yes | FD of the encrypted file. | 1740| appId | string | Yes | ID of the caller. | 1741| callback | AsyncCallback<[DLPFile](#dlpfile)> | Yes| Callback invoked to return the **DLPFile** instance opened.| 1742 1743**Error codes** 1744 1745For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1746 1747| ID | Error Message | 1748| -------- | -------- | 1749| 201 | Permission denied. | 1750| 202 | Non-system applications use system APIs. | 1751| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1752| 19100001 | Invalid parameter value. | 1753| 19100002 | Credential task error. | 1754| 19100003 | Credential task time out. | 1755| 19100004 | Credential service error. | 1756| 19100005 | Credential authentication server error. | 1757| 19100008 | The file is not a DLP file. | 1758| 19100009 | Failed to operate the DLP file. | 1759| 19100011 | The system ability works abnormally. | 1760| 19100018 | Not authorized application. | 1761| 19100019 | The DLP file has expired. | 1762| 19100020 | No network connection. | 1763 1764**Example** 1765 1766```ts 1767import { dlpPermission } from '@kit.DataProtectionKit'; 1768import { fileIo } from '@kit.CoreFileKit'; 1769import { bundleManager } from '@kit.AbilityKit'; 1770import { BusinessError } from '@kit.BasicServicesKit'; 1771 1772let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 1773let file = fileIo.openSync(uri); 1774let bundleFlags = bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_SIGNATURE_INFO; 1775let appId = ""; 1776let bundleName = 'com.ohos.note'; 1777let userId = 100; 1778 1779try{ 1780 bundleManager.getBundleInfo(bundleName, bundleFlags, userId, (err, data) => { 1781 if (err) { 1782 console.error('error', err.code, err.message); 1783 } else { 1784 appId = data.signatureInfo.appId; 1785 } 1786 }) 1787} catch (err) { 1788 console.error('error', err.code, err.message); 1789} 1790 1791try { 1792 dlpPermission.openDLPFile(file.fd, appId, (err, res) => { // Open a DLP file. 1793 if (err != undefined) { 1794 console.error('openDLPFile error,', err.code, err.message); 1795 } else { 1796 console.info('res', JSON.stringify(res)); 1797 } 1798 }); 1799} catch (err) { 1800 console.error('error,', (err as BusinessError).code, (err as BusinessError).message); 1801 fileIo.closeSync(file); 1802} 1803``` 1804 1805## DLPSandboxInfo 1806 1807Represents the DLP sandbox information. 1808 1809**System API**: This is a system API. 1810 1811**System capability**: SystemCapability.Security.DataLossPrevention 1812 1813| Name | Type | Readable | Writable | Description | 1814| -------- | -------- | -------- | -------- | -------- | 1815| appIndex | number | Yes | No | Index of the DLP sandbox application. | 1816| tokenID | number | Yes | No | Token ID of the DLP sandbox application. | 1817 1818## DLPSandboxState 1819 1820Represents the DLP sandbox identity information. 1821 1822**System API**: This is a system API. 1823 1824**System capability**: SystemCapability.Security.DataLossPrevention 1825 1826| Name | Type | Readable | Writable | Description | 1827| -------- | -------- | -------- | -------- | -------- | 1828| bundleName | string | Yes | No | Bundle name of the application. | 1829| appIndex | number | Yes | No | Index of the DLP sandbox application. | 1830 1831## AccountType 1832 1833Enumerates the types of authorized accounts. 1834 1835**System API**: This is a system API. 1836 1837**System capability**: SystemCapability.Security.DataLossPrevention 1838 1839| Name | Value | Description | 1840| -------- | -------- | -------- | 1841| CLOUD_ACCOUNT | 1 | Cloud account. | 1842| DOMAIN_ACCOUNT | 2 | Domain account. | 1843 1844## AuthUser 1845 1846Represents the user authorization information. 1847 1848**System API**: This is a system API. 1849 1850**System capability**: SystemCapability.Security.DataLossPrevention 1851 1852| Name | Type | Read Only | Mandatory | Description | 1853| -------- | -------- | -------- | -------- | -------- | 1854| authAccount | string | No | Yes | Account of the user who can access the DLP file. | 1855| authAccountType | [AccountType](#accounttype) | No | Yes | Type of the account. | 1856| dlpFileAccess | [DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess) | No | Yes | Permission granted to the user. | 1857| permExpiryTime | number | No | Yes | Time when the authorization expires. | 1858 1859## DLPProperty 1860 1861Represents the authorization information. 1862 1863**System API**: This is a system API. 1864 1865**System capability**: SystemCapability.Security.DataLossPrevention 1866 1867| Name | Type | Read Only | Mandatory | Description | 1868| -------- | -------- | -------- | -------- | -------- | 1869| ownerAccount | string | No | Yes | Account of the owner who can set the permission. | 1870| ownerAccountID | string | No | Yes | Account ID of the owner. | 1871| ownerAccountType | [AccountType](#accounttype) | No | Yes | Account type of the owner. | 1872| authUserList | Array<[AuthUser](#authuser)> | No | No | List of users who are authorized to access the DLP file. By default, this parameter is left blank. | 1873| contactAccount | string | No| Yes| Account of the contact.| 1874| offlineAccess | boolean | No | Yes | Whether the file can be accessed offline. | 1875| everyoneAccessList | Array<[DLPFileAccess](js-apis-dlppermission.md#dlpfileaccess)> | No | No | Permission granted to everyone. This parameter is left blank by default. | 1876| expireTime<sup>11+</sup> | number | No | No | Timestamp when the file permission has expired. This parameter is left blank by default. | 1877 1878## GatheringPolicyType 1879 1880Enumerates the DLP sandbox gathering policy types. **GATHERING** allows the DLP files of the same permission type to be opened in a sandbox. For example, open different tab pages in a sandbox. **NON_GATHERING** allows different DLP files to be opened in different sandboxes. 1881 1882**System capability**: SystemCapability.Security.DataLossPrevention 1883 1884**System API**: This is a system API. 1885 1886**Parameters** 1887 1888| Name | Value | Description | 1889| -------- | -------- | -------- | 1890| GATHERING | 1 | Allows the DLP files of the same permission type to be opened in a sandbox. For example, the files of the same permission type can be opened in tab pages of a window. | 1891| NON_GATHERING | 2 | Allows the DLP files of different permission types to be opened in different sandboxes. | 1892