1# @ohos.dlpPermission (DLP) 2 3Data loss prevention (DLP) is a system solution provided to prevent data disclosure. The **dlpPermission** module provides APIs for cross-device file access management, encrypted storage, and access authorization. 4 5> **NOTE** 6> 7> - The initial APIs of this module are supported since API version 10. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8> - The kit to which **@ohos.dlpPermission** belongs has been changed from **DataLossPreventionKit** to **DataProtectionKit**. You are advised to use the new module name **@kit.DataProtectionKit** to import the module. If **@kit.DataLossPreventionKit** is imported, only the APIs before the change can be called and the APIs after the change cannot be used. 9 10## Modules to Import 11 12```ts 13import { dlpPermission } from '@kit.DataProtectionKit'; 14``` 15 16## dlpPermission.isDLPFile 17 18isDLPFile(fd: number): Promise<boolean> 19 20Checks whether a file is a DLP file based on the file descriptor (FD). This API uses a promise to return the result. 21 22**System capability**: SystemCapability.Security.DataLossPrevention 23 24**Parameters** 25 26| Name | Type | Mandatory | Description | 27| -------- | -------- | -------- | -------- | 28| fd | number | Yes | FD of the file to check. | 29 30**Return value** 31| Type | Description | 32| -------- | -------- | 33| Promise<boolean> | Promise used to return the result. The value **true** means the file is a DLP file; the value **false** means the opposite. | 34 35**Error codes** 36 37For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 38 39| ID | Error Message | 40| -------- | -------- | 41| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 42| 19100001 | Invalid parameter value. | 43| 19100011 | The system ability works abnormally. | 44 45**Example** 46 47```ts 48import { dlpPermission } from '@kit.DataProtectionKit'; 49import { fileIo } from '@kit.CoreFileKit'; 50import { BusinessError } from '@kit.BasicServicesKit'; 51 52let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 53let file = fileIo.openSync(uri); 54 55try { 56 let res = dlpPermission.isDLPFile(file.fd); // Check whether the file is a DLP file. 57 console.info('res', res); 58} catch (err) { 59 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 60} 61fileIo.closeSync(file); 62``` 63 64## dlpPermission.isDLPFile 65 66isDLPFile(fd: number, callback: AsyncCallback<boolean>): void 67 68Checks whether a file is a DLP file based on the FD. This API uses an asynchronous callback to return the result. 69 70**System capability**: SystemCapability.Security.DataLossPrevention 71 72**Parameters** 73 74| Name | Type | Mandatory | Description | 75| -------- | -------- | -------- | -------- | 76| fd | number | Yes | FD of the file to check. | 77| callback | AsyncCallback<boolean> | Yes | Callback invoked to return the result.<br>The value **true** means the file is a DLP file; the value **false** means the opposite. | 78 79**Error codes** 80 81For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 82 83| ID | Error Message | 84| -------- | -------- | 85| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 86| 19100001 | Invalid parameter value. | 87| 19100011 | The system ability works abnormally. | 88 89**Example** 90 91```ts 92import { dlpPermission } from '@kit.DataProtectionKit'; 93import { fileIo } from '@kit.CoreFileKit'; 94import { BusinessError } from '@kit.BasicServicesKit'; 95 96let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 97let file = fileIo.openSync(uri); 98 99try { 100 dlpPermission.isDLPFile(file.fd, (err, res) => { 101 if (err != undefined) { 102 console.error('isDLPFile error,', err.code, err.message); 103 } else { 104 console.info('res', res); 105 } 106 fileIo.closeSync(file); 107 }); 108} catch (err) { 109 console.error('isDLPFile error,', (err as BusinessError).code, (err as BusinessError).message); 110 fileIo.closeSync(file); 111} 112``` 113 114## dlpPermission.getDLPPermissionInfo 115 116getDLPPermissionInfo(): Promise<DLPPermissionInfo> 117 118Obtains the permission information of this DLP file. This API uses a promise to return the result. 119 120**System capability**: SystemCapability.Security.DataLossPrevention 121 122**Return value** 123 124| Type | Description | 125| -------- | -------- | 126| Promise<[DLPPermissionInfo](#dlppermissioninfo)> | Promise used to return the permission information about the DLP file. The operation is successful if no error is reported. | 127 128**Error codes** 129 130For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 131 132| ID | Error Message | 133| -------- | -------- | 134| 19100001 | Invalid parameter value. | 135| 19100006 | No permission to call this API, which is available only for DLP sandbox applications. | 136| 19100011 | The system ability works abnormally. | 137 138**Example** 139 140```ts 141import { dlpPermission } from '@kit.DataProtectionKit'; 142import { BusinessError } from '@kit.BasicServicesKit'; 143 144try { 145 dlpPermission.isInSandbox().then((inSandbox) => {// Check whether the application is running in a sandbox. 146 if (inSandbox) { 147 let res: Promise<dlpPermission.DLPPermissionInfo> = dlpPermission.getDLPPermissionInfo(); // Obtain the permission information. 148 console.info('res', JSON.stringify(res)); 149 } 150 }); 151} catch (err) { 152 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 153} 154``` 155 156## dlpPermission.getDLPPermissionInfo 157 158getDLPPermissionInfo(callback: AsyncCallback<DLPPermissionInfo>): void 159 160Obtains the permission information of this DLP file. This API uses an asynchronous callback to return the result. 161 162**System capability**: SystemCapability.Security.DataLossPrevention 163 164**Parameters** 165 166| Name | Type | Mandatory | Description | 167| -------- | -------- | -------- | -------- | 168| callback | AsyncCallback<[DLPPermissionInfo](#dlppermissioninfo)> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 169 170**Error codes** 171 172For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 173 174| ID | Error Message | 175| -------- | -------- | 176| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 177| 19100001 | Invalid parameter value. | 178| 19100006 | No permission to call this API, which is available only for DLP sandbox applications. | 179| 19100011 | The system ability works abnormally. | 180 181**Example** 182 183```ts 184import { dlpPermission } from '@kit.DataProtectionKit'; 185import { fileIo } from '@kit.CoreFileKit'; 186import { BusinessError } from '@kit.BasicServicesKit'; 187 188try { 189 dlpPermission.isInSandbox().then((inSandbox) => {// Check whether the application is running in a sandbox. 190 if (inSandbox) { 191 dlpPermission.getDLPPermissionInfo((err, res) => { 192 if (err != undefined) { 193 console.error('getDLPPermissionInfo error,', err.code, err.message); 194 } else { 195 console.info('res', JSON.stringify(res)); 196 } 197 }); // Obtain the permission information. 198 } 199 }); 200} catch (err) { 201 console.error('getDLPPermissionInfo error,', (err as BusinessError).code, (err as BusinessError).message); 202} 203``` 204 205## dlpPermission.getOriginalFileName 206 207getOriginalFileName(fileName: string): string 208 209Obtains the original file name of a DLP file. This API returns the result synchronously. 210 211**System capability**: SystemCapability.Security.DataLossPrevention 212 213**Parameters** 214 215| Name | Type | Mandatory | Description | 216| -------- | -------- | -------- | -------- | 217| fileName | string | Yes | Name of the target file. | 218 219**Return value** 220 221| Type | Description | 222| -------- | -------- | 223| string | Original name of the DLP file obtained. For example, if the DLP file name is **test.txt.dlp**, the original file name returned is **test.txt**. | 224 225**Error codes** 226 227For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 228 229| ID | Error Message | 230| -------- | -------- | 231| 19100001 | Invalid parameter value. | 232| 19100011 | The system ability works abnormally. | 233 234**Example** 235 236```ts 237import { dlpPermission } from '@kit.DataProtectionKit'; 238import { BusinessError } from '@kit.BasicServicesKit'; 239 240try { 241 let res = dlpPermission.getOriginalFileName('test.txt.dlp'); // Obtain the original file name. 242 console.info('res', res); 243} catch (err) { 244 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 245} 246``` 247 248## dlpPermission.getDLPSuffix 249 250getDLPSuffix(): string 251 252Obtains the DLP file name extension. This API returns the result synchronously. 253 254**System capability**: SystemCapability.Security.DataLossPrevention 255 256**Return value** 257 258| Type | Description | 259| -------- | -------- | 260| string | DLP file name extension obtained. For example, if the original file is **text.txt** and the returned file name extension is .dlp, the DLP file name is **test.txt.dlp**. | 261 262**Error codes** 263 264For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 265 266| ID | Error Message | 267| -------- | -------- | 268| 19100011 | The system ability works abnormally. | 269 270**Example** 271 272```ts 273import { dlpPermission } from '@kit.DataProtectionKit'; 274import { BusinessError } from '@kit.BasicServicesKit'; 275 276try { 277 let res = dlpPermission.getDLPSuffix(); // Obtain the DLP file name extension. 278 console.info('res', res); 279} catch (err) { 280 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 281} 282``` 283 284## dlpPermission.on('openDLPFile') 285 286on(type: 'openDLPFile', listener: Callback<AccessedDLPFileInfo>): void 287 288Subscribes to a DLP file open event. The application will be notified when the DLP file is opened. 289 290**System capability**: SystemCapability.Security.DataLossPrevention 291 292**Parameters** 293 294| Name | Type | Mandatory | Description | 295| -------- | -------- | -------- | -------- | 296| type | 'openDLPFile' | Yes | Event type. It has a fixed value of **openDLPFile**, which indicates the DLP file open event. | 297| listener | Callback<[AccessedDLPFileInfo](#accesseddlpfileinfo)> | Yes | Callback invoked when a DLP file is opened. A notification will be sent to the application. | 298 299**Error codes** 300 301For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 302 303| ID | Error Message | 304| -------- | -------- | 305| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 306| 19100001 | Invalid parameter value. | 307| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 308| 19100011 | The system ability works abnormally. | 309 310**Example** 311 312```ts 313import { dlpPermission } from '@kit.DataProtectionKit'; 314import { BusinessError } from '@kit.BasicServicesKit'; 315 316try { 317 dlpPermission.on('openDLPFile', (info: dlpPermission.AccessedDLPFileInfo) => { 318 console.info('openDlpFile event', info.uri, info.lastOpenTime) 319 // Subscribe to the DLP file open event. 320} catch (err) { 321 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 322} 323``` 324 325## dlpPermission.off('openDLPFile') 326 327off(type: 'openDLPFile', listener?: Callback<AccessedDLPFileInfo>): void 328 329Unsubscribes from the DLP file open event. The application will not be notified when a DLP file is opened. 330 331**System capability**: SystemCapability.Security.DataLossPrevention 332 333**Parameters** 334| Name | Type | Mandatory | Description | 335| -------- | -------- | -------- | -------- | 336| type | 'openDLPFile' | Yes | Event type. It has a fixed value of **openDLPFile**, which indicates the DLP file open event. | 337| listener | Callback<[AccessedDLPFileInfo](#accesseddlpfileinfo)> | No | Callback for the DLP file open event. The application will not be notified when a DLP file is opened. By default, this parameter is left blank, which unregisters all callbacks for the file open event. | 338 339**Error codes** 340 341For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 342 343| ID | Error Message | 344| -------- | -------- | 345| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 346| 19100001 | Invalid parameter value. | 347| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 348| 19100011 | The system ability works abnormally. | 349 350**Example** 351 352```ts 353import { dlpPermission } from '@kit.DataProtectionKit'; 354import { BusinessError } from '@kit.BasicServicesKit'; 355 356try { 357 dlpPermission.off('openDLPFile', (info: dlpPermission.AccessedDLPFileInfo) => { 358 console.info('openDlpFile event', info.uri, info.lastOpenTime) 359 // Unsubscribe from the DLP file open events. 360} catch (err) { 361 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 362} 363``` 364 365## dlpPermission.isInSandbox 366 367isInSandbox(): Promise<boolean> 368 369Checks whether this application is running in a DLP sandbox environment. This API uses a promise to return the result. 370 371**System capability**: SystemCapability.Security.DataLossPrevention 372 373**Return value** 374 375| Type | Description | 376| -------- | -------- | 377| Promise<boolean> | Promise used to return the result. | 378 379**Error codes** 380 381For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 382 383| ID | Error Message | 384| -------- | -------- | 385| 19100001 | Invalid parameter value. | 386| 19100011 | The system ability works abnormally. | 387 388**Example** 389 390```ts 391import { dlpPermission } from '@kit.DataProtectionKit'; 392import { BusinessError } from '@kit.BasicServicesKit'; 393 394try { 395 let inSandbox = dlpPermission.isInSandbox(); // Check whether the application is running in a sandbox. 396 console.info('res', inSandbox); 397} catch (err) { 398 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 399} 400``` 401 402## dlpPermission.isInSandbox 403 404isInSandbox(callback: AsyncCallback<boolean>): void 405 406Checks whether this application is running in a DLP sandbox environment. This API uses an asynchronous callback to return the result. 407 408**System capability**: SystemCapability.Security.DataLossPrevention 409 410**Parameters** 411 412| Name | Type | Mandatory | Description | 413| -------- | -------- | -------- | -------- | 414| callback | AsyncCallback<boolean> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 415 416**Error codes** 417 418For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 419 420| ID | Error Message | 421| -------- | -------- | 422| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 423| 19100001 | Invalid parameter value. | 424| 19100011 | The system ability works abnormally. | 425 426**Example** 427 428```ts 429import { dlpPermission } from '@kit.DataProtectionKit'; 430import { BusinessError } from '@kit.BasicServicesKit'; 431 432try { 433 dlpPermission.isInSandbox((err, data) => { 434 if (err) { 435 console.error('isInSandbox error,', err.code, err.message); 436 } else { 437 console.info('isInSandbox, data', JSON.stringify(data)); 438 } 439 }); // Check whether the application is running in the sandbox. 440} catch (err) { 441 console.error('isInSandbox error,', (err as BusinessError).code, (err as BusinessError).message); 442} 443``` 444 445## dlpPermission.getDLPSupportedFileTypes 446 447getDLPSupportedFileTypes(): Promise<Array<string>> 448 449Obtains the file name extension types that support DLP. This API uses a promise to return the result. 450 451**System capability**: SystemCapability.Security.DataLossPrevention 452 453**Return value** 454 455| Type | Description | 456| -------- | -------- | 457| Promise<Array<string>> | Promise used to return the file name extension types obtained. | 458 459**Error codes** 460 461For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 462 463| ID | Error Message | 464| -------- | -------- | 465| 19100001 | Invalid parameter value. | 466| 19100011 | The system ability works abnormally. | 467 468**Example** 469 470```ts 471import { dlpPermission } from '@kit.DataProtectionKit'; 472import { BusinessError } from '@kit.BasicServicesKit'; 473 474try { 475 let res = dlpPermission.getDLPSupportedFileTypes(); // Obtain the file types that support DLP. 476 console.info('res', JSON.stringify(res)); 477} catch (err) { 478 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 479} 480``` 481 482## dlpPermission.getDLPSupportedFileTypes 483 484getDLPSupportedFileTypes(callback: AsyncCallback<Array<string>>): void 485 486Obtains the file name extension types that support DLP. This API uses an asynchronous callback to return the result. 487 488**System capability**: SystemCapability.Security.DataLossPrevention 489 490**Parameters** 491 492| Name | Type | Mandatory | Description | 493| -------- | -------- | -------- | -------- | 494| callback | AsyncCallback<Array<string>> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 495 496**Error codes** 497 498For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 499 500| ID | Error Message | 501| -------- | -------- | 502| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 503| 19100001 | Invalid parameter value. | 504| 19100011 | The system ability works abnormally. | 505 506**Example** 507 508```ts 509import { dlpPermission } from '@kit.DataProtectionKit'; 510import { BusinessError } from '@kit.BasicServicesKit'; 511 512try { 513 dlpPermission.getDLPSupportedFileTypes((err, res) => { 514 if (err != undefined) { 515 console.error('getDLPSupportedFileTypes error,', err.code, err.message); 516 } else { 517 console.info('res', JSON.stringify(res)); 518 } 519 }); // Obtain the file types that support DLP. 520} catch (err) { 521 console.error('getDLPSupportedFileTypes error,', (err as BusinessError).code, (err as BusinessError).message); 522} 523``` 524 525## dlpPermission.setRetentionState 526 527setRetentionState(docUris: Array<string>): Promise<void> 528 529Sets the sandbox retention state. This API uses a promise to return the result. 530 531A sandbox application is automatically installed when a DLP file is opened, and automatically uninstalled when the DLP file is closed. Once the sandbox retention state is set for a DLP file, the sandbox application will not be automatically uninstalled when the DLP file is closed. 532 533**System capability**: SystemCapability.Security.DataLossPrevention 534 535**Parameters** 536 537| Name | Type | Mandatory | Description | 538| -------- | -------- | -------- | -------- | 539| docUris | Array<string> | Yes | URIs of the files to be set with the retention state. | 540 541**Return value** 542 543| Type | Description | 544| -------- | -------- | 545| Promise<void> | Promise that returns no value. | 546 547**Error codes** 548 549For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 550 551| ID | Error Message | 552| -------- | -------- | 553| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 554| 19100001 | Invalid parameter value. | 555| 19100006 | No permission to call this API, which is available only for DLP sandbox applications. | 556| 19100011 | The system ability works abnormally. | 557 558**Example** 559 560```ts 561import { dlpPermission } from '@kit.DataProtectionKit'; 562import { BusinessError } from '@kit.BasicServicesKit'; 563 564let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 565try { 566 dlpPermission.isInSandbox().then((inSandbox) => {// Check whether the application is running in a sandbox. 567 if (inSandbox) { 568 dlpPermission.setRetentionState([uri]); // Set the retention state for a sandbox application. 569 } 570 }); 571} catch (err) { 572 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 573} 574``` 575 576## dlpPermission.setRetentionState 577 578setRetentionState(docUris: Array<string>, callback: AsyncCallback<void>): void 579 580Sets the sandbox retention state. This API uses an asynchronous callback to return the result. 581 582A sandbox application is automatically installed when a DLP file is opened, and automatically uninstalled when the DLP file is closed. Once the sandbox retention state is set for a DLP file, the sandbox application will not be automatically uninstalled when the DLP file is closed. 583 584**System capability**: SystemCapability.Security.DataLossPrevention 585 586**Parameters** 587 588| Name | Type | Mandatory | Description | 589| -------- | -------- | -------- | -------- | 590| docUris | Array<string> | Yes | URIs of the files to be set with the retention state. | 591| callback | AsyncCallback<void> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 592 593**Error codes** 594 595For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 596 597| ID | Error Message | 598| -------- | -------- | 599| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 600| 19100001 | Invalid parameter value. | 601| 19100006 | No permission to call this API, which is available only for DLP sandbox applications. | 602| 19100011 | The system ability works abnormally. | 603 604**Example** 605 606```ts 607import { dlpPermission } from '@kit.DataProtectionKit'; 608import { BusinessError } from '@kit.BasicServicesKit'; 609 610let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 611try { 612 dlpPermission.setRetentionState([uri], (err, res) => { 613 if (err != undefined) { 614 console.error('setRetentionState error,', err.code, err.message); 615 } else { 616 console.info('setRetentionState success'); 617 console.info('res', JSON.stringify(res)); 618 } 619 }); // Set the sandbox retention state. 620} catch (err) { 621 console.error('setRetentionState error,', (err as BusinessError).code, (err as BusinessError).message); 622} 623``` 624 625## dlpPermission.cancelRetentionState 626 627cancelRetentionState(docUris: Array<string>): Promise<void> 628 629Cancels the sandbox retention state, that is, allows the sandbox application to be automatically uninstalled when the DLP file is closed. This API uses a promise to return the result. 630 631**System capability**: SystemCapability.Security.DataLossPrevention 632 633**Parameters** 634 635| Name | Type | Mandatory | Description | 636| -------- | -------- | -------- | -------- | 637| docUris | Array<string> | Yes| URIs of the files whose retention state is to be canceled.| 638 639**Return value** 640 641| Type | Description | 642| -------- | -------- | 643| Promise<void> | Promise that returns no value. | 644 645**Error codes** 646 647For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 648 649| ID | Error Message | 650| -------- | -------- | 651| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 652| 19100001 | Invalid parameter value. | 653| 19100011 | The system ability works abnormally. | 654 655**Example** 656 657```ts 658import { dlpPermission } from '@kit.DataProtectionKit'; 659import { BusinessError } from '@kit.BasicServicesKit'; 660 661let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 662try { 663 dlpPermission.cancelRetentionState([uri]); // Cancel the retention state for a sandbox application. 664} catch (err) { 665 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 666} 667``` 668 669## dlpPermission.cancelRetentionState 670 671cancelRetentionState(docUris: Array<string>, callback: AsyncCallback<void>): void 672 673Cancels the sandbox retention state, that is, allows the sandbox application to be automatically uninstalled when the DLP file is closed. This API uses an asynchronous callback to return the result. 674 675**System capability**: SystemCapability.Security.DataLossPrevention 676 677**Parameters** 678 679| Name | Type | Mandatory | Description | 680| -------- | -------- | -------- | -------- | 681| docUris | Array<string> | Yes| URIs of the files whose retention state is to be canceled.| 682| callback | AsyncCallback<void> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 683 684**Error codes** 685 686For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 687 688| ID | Error Message | 689| -------- | -------- | 690| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 691| 19100001 | Invalid parameter value. | 692| 19100011 | The system ability works abnormally. | 693 694**Example** 695 696```ts 697import { dlpPermission } from '@kit.DataProtectionKit'; 698import { BusinessError } from '@kit.BasicServicesKit'; 699 700let uri = "file://docs/storage/Users/currentUser/Desktop/test.txt.dlp"; 701try { 702 dlpPermission.cancelRetentionState([uri], (err, res) => { 703 if (err != undefined) { 704 console.error('cancelRetentionState error,', err.code, err.message); 705 } else { 706 console.info('cancelRetentionState success'); 707 } 708 }); // Cancel the sandbox retention state. 709} catch (err) { 710 console.error('cancelRetentionState error,', (err as BusinessError).code, (err as BusinessError).message); 711} 712``` 713 714## dlpPermission.getRetentionSandboxList 715 716getRetentionSandboxList(bundleName?: string): Promise<Array<RetentionSandboxInfo>> 717 718Obtains the sandbox applications in the retention state of an application. This API uses a promise to return the result. 719 720**System capability**: SystemCapability.Security.DataLossPrevention 721 722**Parameters** 723 724| Name | Type | Mandatory | Description | 725| -------- | -------- | -------- | -------- | 726| bundleName | string | No | Bundle name of the application. By default, this parameter is left empty, which obtains the sandbox retention information about the current application. | 727 728**Return value** 729 730| Type | Description | 731| -------- | -------- | 732| Promise<Array<[RetentionSandboxInfo](#retentionsandboxinfo)>> | Promise used to return the sandbox retention information obtained. | 733 734**Error codes** 735 736For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 737 738| ID | Error Message | 739| -------- | -------- | 740| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 741| 19100001 | Invalid parameter value. | 742| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 743| 19100011 | The system ability works abnormally. | 744 745**Example** 746 747```ts 748import { dlpPermission } from '@kit.DataProtectionKit'; 749import { BusinessError } from '@kit.BasicServicesKit'; 750 751try { 752 let res: Promise<Array<dlpPermission.RetentionSandboxInfo>> = dlpPermission.getRetentionSandboxList(); // Obtain all the sandbox applications in the retention state. 753 console.info('res', JSON.stringify(res)) 754} catch (err) { 755 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 756} 757``` 758 759## dlpPermission.getRetentionSandboxList 760 761getRetentionSandboxList(bundleName: string, callback: AsyncCallback<Array<RetentionSandboxInfo>>): void 762 763Obtains the sandbox applications in the retention state of an application. This API uses an asynchronous callback to return the result. 764 765**System capability**: SystemCapability.Security.DataLossPrevention 766 767**Parameters** 768 769| Name | Type | Mandatory | Description | 770| -------- | -------- | -------- | -------- | 771| bundleName | string | Yes | Bundle name of the application. | 772| callback | AsyncCallback<Array<[RetentionSandboxInfo](#retentionsandboxinfo)>> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 773 774**Error codes** 775 776For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 777 778| ID | Error Message | 779| -------- | -------- | 780| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 781| 19100001 | Invalid parameter value. | 782| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 783| 19100011 | The system ability works abnormally. | 784 785**Example** 786 787```ts 788import { dlpPermission } from '@kit.DataProtectionKit'; 789import { BusinessError } from '@kit.BasicServicesKit'; 790 791try { 792 dlpPermission.getRetentionSandboxList("bundleName", (err, res) => { 793 if (err != undefined) { 794 console.error('getRetentionSandboxList error,', err.code, err.message); 795 } else { 796 console.info('res', JSON.stringify(res)); 797 } 798 }); // Obtain the sandbox retention information. 799} catch (err) { 800 console.error('getRetentionSandboxList error,', (err as BusinessError).code, (err as BusinessError).message); 801} 802``` 803 804## dlpPermission.getRetentionSandboxList 805 806getRetentionSandboxList(callback: AsyncCallback<Array<RetentionSandboxInfo>>): void 807 808Obtains the sandbox applications in the retention state of this application. This API uses an asynchronous callback to return the result. 809 810**System capability**: SystemCapability.Security.DataLossPrevention 811 812**Parameters** 813 814| Name | Type | Mandatory | Description | 815| -------- | -------- | -------- | -------- | 816| callback | AsyncCallback<Array<[RetentionSandboxInfo](#retentionsandboxinfo)>> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 817 818**Error codes** 819 820For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 821 822| ID | Error Message | 823| -------- | -------- | 824| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 825| 19100001 | Invalid parameter value. | 826| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 827| 19100011 | The system ability works abnormally. | 828 829**Example** 830 831```ts 832import { dlpPermission } from '@kit.DataProtectionKit'; 833import { BusinessError } from '@kit.BasicServicesKit'; 834 835try { 836 dlpPermission.getRetentionSandboxList((err, res) => { 837 if (err != undefined) { 838 console.error('getRetentionSandboxList error,', err.code, err.message); 839 } else { 840 console.info('res', JSON.stringify(res)); 841 } 842 }); // Obtain the sandbox retention information. 843} catch (err) { 844 console.error('getRetentionSandboxList error,', (err as BusinessError).code, (err as BusinessError).message); 845} 846``` 847 848## dlpPermission.getDLPFileAccessRecords 849 850getDLPFileAccessRecords(): Promise<Array<AccessedDLPFileInfo>> 851 852Obtains the list of DLP files that are accessed recently. This API uses a promise to return the result. 853 854**System capability**: SystemCapability.Security.DataLossPrevention 855 856**Return value** 857 858| Type | Description | 859| -------- | -------- | 860| Promise<Array<[AccessedDLPFileInfo](#accesseddlpfileinfo)>> | Promise used to return the list of recently accessed files obtained. | 861 862**Error codes** 863 864For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 865 866| ID | Error Message | 867| -------- | -------- | 868| 19100001 | Invalid parameter value. | 869| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 870| 19100011 | The system ability works abnormally. | 871 872**Example** 873 874```ts 875import { dlpPermission } from '@kit.DataProtectionKit'; 876import { BusinessError } from '@kit.BasicServicesKit'; 877 878try { 879 let res: Promise<Array<dlpPermission.AccessedDLPFileInfo>> = dlpPermission.getDLPFileAccessRecords(); // Obtain the list of recently accessed DLP files. 880 console.info('res', JSON.stringify(res)) 881} catch (err) { 882 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 883} 884``` 885 886## dlpPermission.getDLPFileAccessRecords 887 888getDLPFileAccessRecords(callback: AsyncCallback<Array<AccessedDLPFileInfo>>): void 889 890Obtains the list of DLP files that are accessed recently. This API uses an asynchronous callback to return the result. 891 892**System capability**: SystemCapability.Security.DataLossPrevention 893 894**Parameters** 895 896| Name | Type | Mandatory | Description | 897| -------- | -------- | -------- | -------- | 898| callback | AsyncCallback<Array<[AccessedDLPFileInfo](#accesseddlpfileinfo)>> | Yes | Callback invoked to return the result.<br>If the operation is successful, **err** is **undefined**. Otherwise, **err** is an error object. | 899 900**Error codes** 901 902For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 903 904| ID | Error Message | 905| -------- | -------- | 906| 401 | Parameter error. Possible causes: 1. Incorrect parameter types. | 907| 19100001 | Invalid parameter value. | 908| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 909| 19100011 | The system ability works abnormally. | 910 911**Example** 912 913```ts 914import { dlpPermission } from '@kit.DataProtectionKit'; 915import { BusinessError } from '@kit.BasicServicesKit'; 916 917try { 918 dlpPermission.getDLPFileAccessRecords((err, res) => { 919 if (err != undefined) { 920 console.error('getDLPFileAccessRecords error,', err.code, err.message); 921 } else { 922 console.info('res', JSON.stringify(res)); 923 } 924 }); // Obtain the list of recently accessed DLP files. 925} catch (err) { 926 console.error('getDLPFileAccessRecords error,', (err as BusinessError).code, (err as BusinessError).message); 927} 928``` 929 930## dlpPermission.startDLPManagerForResult<sup>11+</sup> 931 932startDLPManagerForResult(context: common.UIAbilityContext, want: Want): Promise<DLPManagerResult> 933 934Starts the DLP manager application on the current UIAbility page in borderless mode. This API uses a promise to return the result. 935 936**Model restriction**: This API can be used only in the stage model. 937 938**System capability**: SystemCapability.Security.DataLossPrevention 939 940**Parameters** 941 942| Name | Type | Mandatory | Description | 943| -------- | -------- | -------- | -------- | 944| context | [common.UIAbilityContext](../apis-ability-kit/js-apis-inner-application-uiAbilityContext.md) | Yes | UIAbility context. | 945| want | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Object that requests the start of the DLP manager application. | 946 947**Return value** 948 949| Type | Description | 950| -------- | -------- | 951| Promise<[DLPManagerResult](#dlpmanagerresult11)> | Promise used to return the **DLPManagerResult** object. | 952 953**Error codes** 954 955For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 956 957| ID | Error Message | 958| -------- | -------- | 959| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 960| 19100001 | Invalid parameter value. | 961| 19100011 | The system ability works abnormally. | 962| 19100016 | uri missing in want. | 963| 19100017 | displayName missing in want. | 964 965**Example** 966 967```ts 968import { dlpPermission } from '@kit.DataProtectionKit'; 969import { common, UIAbility, AbilityConstant, Want } from '@kit.AbilityKit'; 970import { BusinessError } from '@kit.BasicServicesKit'; 971 972try { 973 let context = getContext () as common.UIAbilityContext; // Obtain the UIAbility context. 974 let want: Want = { 975 "uri": "file://docs/storage/Users/currentUser/Desktop/1.txt", 976 "parameters": { 977 "displayName": "1.txt" 978 } 979 }; // Request parameters. 980 dlpPermission.startDLPManagerForResult(context, want).then((res) => { 981 console.info('res.resultCode', res.resultCode); 982 console.info('res.want', JSON.stringify(res.want)); 983 }); // Start the DLP manager application. 984} catch (err) { 985 console.error('error', err.code, err.message); // Error reported if the operation fails. 986} 987``` 988 989## dlpPermission.setSandboxAppConfig<sup>11+<sup> 990setSandboxAppConfig(configInfo: string): Promise<void> 991 992Sets sandbox application configuration. This API uses a promise to return the result. 993 994**System capability**: SystemCapability.Security.DataLossPrevention 995 996**Parameters** 997 998| Name | Type | Mandatory | Description | 999| -------- | -------- | -------- | -------- | 1000| configInfo | string | Yes | Sandbox application configuration. | 1001 1002**Return value** 1003 1004| Type | Description | 1005| -------- | -------- | 1006| Promise<void> | Promise that returns no value. | 1007 1008**Error codes** 1009 1010For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1011 1012| ID | Error Message | 1013| -------- | -------- | 1014| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. | 1015| 19100001 | Invalid parameter value. | 1016| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 1017| 19100011 | The system ability works abnormally. | 1018| 19100018 | Not authorized application. | 1019 1020**Example** 1021 1022```ts 1023import { dlpPermission } from '@kit.DataProtectionKit'; 1024import { BusinessError } from '@kit.BasicServicesKit'; 1025 1026try { 1027 dlpPermission.setSandboxAppConfig('configInfo'); // Set sandbox application configuration. 1028} catch (err) { 1029 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1030} 1031``` 1032 1033## dlpPermission.cleanSandboxAppConfig<sup>11+<sup> 1034cleanSandboxAppConfig(): Promise<void> 1035 1036Cleans sandbox application configuration. This API uses a promise to return the result. 1037 1038**System capability**: SystemCapability.Security.DataLossPrevention 1039 1040**Return value** 1041 1042| Type | Description | 1043| -------- | -------- | 1044| Promise<void> | Promise that returns no value. | 1045 1046**Error codes** 1047 1048For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1049 1050| ID | Error Message | 1051| -------- | -------- | 1052| 19100001 | Invalid parameter value. | 1053| 19100007 | No permission to call this API, which is available only for non-DLP sandbox applications. | 1054| 19100011 | The system ability works abnormally. | 1055| 19100018 | Not authorized application. | 1056 1057**Example** 1058 1059```ts 1060import { dlpPermission } from '@kit.DataProtectionKit'; 1061import { BusinessError } from '@kit.BasicServicesKit'; 1062 1063try { 1064 dlpPermission.cleanSandboxAppConfig(); // Clean sandbox application configuration. 1065} catch (err) { 1066 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1067} 1068``` 1069 1070## dlpPermission.getSandboxAppConfig<sup>11+<sup> 1071getSandboxAppConfig(): Promise<string> 1072 1073Obtains sandbox application configuration. This API uses a promise to return the result. 1074 1075**System capability**: SystemCapability.Security.DataLossPrevention 1076 1077**Return value** 1078| Type | Description | 1079| -------- | -------- | 1080| Promise<string> | Promise used to return the sandbox application configuration obtained. | 1081 1082**Error codes** 1083 1084For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1085 1086| ID | Error Message | 1087| -------- | -------- | 1088| 19100001 | Invalid parameter value. | 1089| 19100011 | The system ability works abnormally. | 1090| 19100018 | Not authorized application. | 1091 1092**Example** 1093 1094```ts 1095import { dlpPermission } from '@kit.DataProtectionKit'; 1096import { BusinessError } from '@kit.BasicServicesKit'; 1097 1098try { 1099 dlpPermission.getSandboxAppConfig().then((res) => { 1100 console.info('res', JSON.stringify(res)); 1101 }); // Obtain the sandbox application configuration. 1102} catch (err) { 1103 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1104} 1105``` 1106 1107## dlpPermission.isDLPFeatureProvided<sup>12+<sup> 1108isDLPFeatureProvided(): Promise<boolean> 1109 1110Queries whether the current system provides the DLP feature. This API uses a promise to return the result. 1111 1112**System capability**: SystemCapability.Security.DataLossPrevention 1113 1114**Return value** 1115| Type | Description | 1116| -------- | -------- | 1117| Promise<boolean> | Promise used to return the result. | 1118 1119**Error codes** 1120 1121For details about the error codes, see [DLP Service Error Codes](errorcode-dlp.md). 1122 1123| ID | Error Message | 1124| -------- | -------- | 1125| 19100011 | The system ability works abnormally. | 1126 1127**Example** 1128 1129```ts 1130import { dlpPermission } from '@kit.DataProtectionKit'; 1131import { BusinessError } from '@kit.BasicServicesKit'; 1132 1133dlpPermission.isDLPFeatureProvided().then((res) => { 1134 console.info('res', JSON.stringify(res)); 1135}).catch((err: BusinessError) => { 1136 console.error('error', (err as BusinessError).code, (err as BusinessError).message); // Error reported if the operation fails. 1137}); 1138``` 1139 1140## ActionFlagType 1141 1142Enumerates the operations that can be performed on a DLP file. For example, the DLP sandbox application can dim its button based on this parameter. 1143 1144**System capability**: SystemCapability.Security.DataLossPrevention 1145 1146| Name | Value | Description | 1147| -------- | -------- | -------- | 1148| ACTION_VIEW | 0x00000001 | View the file. | 1149| ACTION_SAVE | 0x00000002 | Save the file. | 1150| ACTION_SAVE_AS | 0x00000004 | Save the file as another file. | 1151| ACTION_EDIT | 0x00000008 | Edit the file. | 1152| ACTION_SCREEN_CAPTURE | 0x00000010 | Capture screenshots of the file. | 1153| ACTION_SCREEN_SHARE | 0x00000020 | Share the screen of the file. | 1154| ACTION_SCREEN_RECORD | 0x00000040 | Record the screen on which the file is open. | 1155| ACTION_COPY | 0x00000080 | Copy the file. | 1156| ACTION_PRINT | 0x00000100 | Print the file. | 1157| ACTION_EXPORT | 0x00000200 | Export the file. | 1158| ACTION_PERMISSION_CHANGE | 0x00000400 | Modify the permissions on the file. | 1159 1160## DLPFileAccess 1161 1162Enumerates the permissions on a DLP file. 1163 1164**System capability**: SystemCapability.Security.DataLossPrevention 1165 1166| Name | Value | Description | 1167| -------- | -------- | -------- | 1168| NO_PERMISSION | 0 | The user has no permission on the file. | 1169| READ_ONLY | 1 | The user has only the permission to read the file. | 1170| CONTENT_EDIT | 2 | The user has the permission to edit the file. | 1171| FULL_CONTROL | 3 | The user has full control on the file. | 1172 1173## DLPPermissionInfo 1174 1175Represents the permission information about a DLP file. 1176 1177**System capability**: SystemCapability.Security.DataLossPrevention 1178 1179| Name | Type | Readable | Writable | Description | 1180| -------- | -------- | -------- | -------- | -------- | 1181| dlpFileAccess | [DLPFileAccess](#dlpfileaccess) | Yes | No | User permission on the DLP file, for example, read-only. | 1182| flags | number | Yes | No | Operations that can be performed on the DLP file. It is a combination of different [ActionFlagTypes](#actionflagtype). | 1183 1184## AccessedDLPFileInfo 1185 1186Represents the information about a DLP file opened. 1187 1188**System capability**: SystemCapability.Security.DataLossPrevention 1189 1190| Name | Type | Readable | Writable | Description | 1191| -------- | -------- | -------- | -------- | -------- | 1192| uri | string | Yes | No | URI of the DLP file. | 1193| lastOpenTime | number | Yes | No | Time when the file was last opened. | 1194 1195## DLPManagerResult<sup>11+</sup> 1196 1197Represents information about the trigger of the DLP manager application. 1198 1199**Model restriction**: This API can be used only in the stage model. 1200 1201**System capability**: SystemCapability.Security.DataLossPrevention 1202 1203| Name | Type | Readable | Writable | Description | 1204| -------- | -------- | -------- | -------- | -------- | 1205| resultCode | number | Yes | No | Result code returned after the DLP manager application is started and exits. | 1206| want | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | No | Data returned after the DLP manager application is started and exits. | 1207 1208## RetentionSandboxInfo 1209 1210Represents the sandbox retention information. 1211 1212**System capability**: SystemCapability.Security.DataLossPrevention 1213 1214| Name | Type | Readable | Writable | Description | 1215| -------- | -------- | -------- | -------- | -------- | 1216| appIndex | number | Yes | No | Index of the DLP sandbox application. | 1217| bundleName | string | Yes | No | Bundle name of the application. | 1218| docUris | Array<string> | Yes | No | URI list of the DLP files. | 1219