1e41f4b71Sopenharmony_ci# @ohos.enterprise.securityManager (Security Management) (System API)
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ciThe **securityManager** module provides device security management capabilities, including obtaining the security patch status and file system encryption status.
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ci> **NOTE**
6e41f4b71Sopenharmony_ci>
7e41f4b71Sopenharmony_ci> The initial APIs of this module are supported since API version 11. Newly added APIs will be marked with a superscript to indicate their earliest API version.
8e41f4b71Sopenharmony_ci>
9e41f4b71Sopenharmony_ci> The APIs of this module can be used only in the stage model.
10e41f4b71Sopenharmony_ci>
11e41f4b71Sopenharmony_ci> The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is [enabled](js-apis-enterprise-adminManager-sys.md#adminmanagerenableadmin).
12e41f4b71Sopenharmony_ci>
13e41f4b71Sopenharmony_ci> This topic describes only the system APIs provided by the module. For details about its public APIs, see [@ohos.enterprise.securityManager](js-apis-enterprise-securityManager.md).
14e41f4b71Sopenharmony_ci
15e41f4b71Sopenharmony_ci## Modules to Import
16e41f4b71Sopenharmony_ci
17e41f4b71Sopenharmony_ci```ts
18e41f4b71Sopenharmony_ciimport { securityManager } from '@kit.MDMKit';
19e41f4b71Sopenharmony_ci```
20e41f4b71Sopenharmony_ci
21e41f4b71Sopenharmony_ci## securityManager.getSecurityPatchTag
22e41f4b71Sopenharmony_ci
23e41f4b71Sopenharmony_cigetSecurityPatchTag(admin: Want): string
24e41f4b71Sopenharmony_ci
25e41f4b71Sopenharmony_ciObtains the device security patch tag through the specified device administrator application. This API returns the result synchronously. If the operation is successful, the security patch tag is returned. If the operation fails, an exception will be thrown.
26e41f4b71Sopenharmony_ci
27e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY
28e41f4b71Sopenharmony_ci
29e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
30e41f4b71Sopenharmony_ci
31e41f4b71Sopenharmony_ci**System API**: This is a system API.
32e41f4b71Sopenharmony_ci
33e41f4b71Sopenharmony_ci**Parameters**
34e41f4b71Sopenharmony_ci
35e41f4b71Sopenharmony_ci| Name  | Type                                 | Mandatory  | Description     |
36e41f4b71Sopenharmony_ci| ----- | ----------------------------------- | ---- | ------- |
37e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes   | Device administrator application.|
38e41f4b71Sopenharmony_ci
39e41f4b71Sopenharmony_ci**Return value**
40e41f4b71Sopenharmony_ci
41e41f4b71Sopenharmony_ci| Type                  | Description                     |
42e41f4b71Sopenharmony_ci| --------------------- | ------------------------- |
43e41f4b71Sopenharmony_ci| string | Patch tag obtained.|
44e41f4b71Sopenharmony_ci
45e41f4b71Sopenharmony_ci**Error codes**
46e41f4b71Sopenharmony_ci
47e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
48e41f4b71Sopenharmony_ci
49e41f4b71Sopenharmony_ci| ID| Error Message                                                                    |
50e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- |
51e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. |
52e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. |
53e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. |
54e41f4b71Sopenharmony_ci| 202 | Permission verification failed. A non-system application calls a system API. |
55e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
56e41f4b71Sopenharmony_ci
57e41f4b71Sopenharmony_ci**Example**
58e41f4b71Sopenharmony_ci
59e41f4b71Sopenharmony_ci```ts
60e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit';
61e41f4b71Sopenharmony_ci
62e41f4b71Sopenharmony_cilet wantTemp: Want = {
63e41f4b71Sopenharmony_ci  bundleName: 'com.example.myapplication',
64e41f4b71Sopenharmony_ci  abilityName: 'EntryAbility',
65e41f4b71Sopenharmony_ci};
66e41f4b71Sopenharmony_ci
67e41f4b71Sopenharmony_citry {
68e41f4b71Sopenharmony_ci    let res: string = securityManager.getSecurityPatchTag(wantTemp);
69e41f4b71Sopenharmony_ci    console.info(`Succeeded in getting security patch tag. tag: ${res}`);
70e41f4b71Sopenharmony_ci} catch(err) {
71e41f4b71Sopenharmony_ci    console.error(`Failed to get security patch tag. Code: ${err.code}, message: ${err.message}`);
72e41f4b71Sopenharmony_ci}
73e41f4b71Sopenharmony_ci```
74e41f4b71Sopenharmony_ci## securityManager.getDeviceEncryptionStatus
75e41f4b71Sopenharmony_ci
76e41f4b71Sopenharmony_cigetDeviceEncryptionStatus(admin: Want): DeviceEncryptionStatus
77e41f4b71Sopenharmony_ci
78e41f4b71Sopenharmony_ciObtains the file system encryption status of the device. This API returns the result synchronously. If the operation is successful, the file encryption status is returned. If the operation fails, an exception will be thrown.
79e41f4b71Sopenharmony_ci
80e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY
81e41f4b71Sopenharmony_ci
82e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
83e41f4b71Sopenharmony_ci
84e41f4b71Sopenharmony_ci**System API**: This is a system API.
85e41f4b71Sopenharmony_ci
86e41f4b71Sopenharmony_ci**Parameters**
87e41f4b71Sopenharmony_ci
88e41f4b71Sopenharmony_ci| Name     | Type                                      | Mandatory  | Description                      |
89e41f4b71Sopenharmony_ci| -------- | ---------------------------------------- | ---- | ------------------------------- |
90e41f4b71Sopenharmony_ci| admin    | [Want](../apis-ability-kit/js-apis-app-ability-want.md)     | Yes   | Device administrator application.                 |
91e41f4b71Sopenharmony_ci
92e41f4b71Sopenharmony_ci**Return value**
93e41f4b71Sopenharmony_ci
94e41f4b71Sopenharmony_ci| Type                  | Description                                                  |
95e41f4b71Sopenharmony_ci| ---------------------- | ------------------------------------------------------ |
96e41f4b71Sopenharmony_ci| DeviceEncryptionStatus | File system encryption status. Currently, only a boolean value indicating whether the file system is encrypted is returned.|
97e41f4b71Sopenharmony_ci
98e41f4b71Sopenharmony_ci**Error codes**
99e41f4b71Sopenharmony_ci
100e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md).
101e41f4b71Sopenharmony_ci
102e41f4b71Sopenharmony_ci| ID| Error Message                                                                      |
103e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- |
104e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. |
105e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. |
106e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. |
107e41f4b71Sopenharmony_ci| 202 | Permission verification failed. A non-system application calls a system API. |
108e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
109e41f4b71Sopenharmony_ci
110e41f4b71Sopenharmony_ci**Example**
111e41f4b71Sopenharmony_ci
112e41f4b71Sopenharmony_ci```ts
113e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit';
114e41f4b71Sopenharmony_cilet wantTemp: Want = {
115e41f4b71Sopenharmony_ci  bundleName: 'com.example.myapplication',
116e41f4b71Sopenharmony_ci  abilityName: 'EntryAbility',
117e41f4b71Sopenharmony_ci};
118e41f4b71Sopenharmony_ci
119e41f4b71Sopenharmony_citry {
120e41f4b71Sopenharmony_ci    let result: securityManager.DeviceEncryptionStatus = securityManager.getDeviceEncryptionStatus(wantTemp);
121e41f4b71Sopenharmony_ci    console.info(`Succeeded in getting device encryption status. isEncrypted: ${result.isEncrypted}`);
122e41f4b71Sopenharmony_ci} catch(err) {
123e41f4b71Sopenharmony_ci    console.error(`Failed to get device encryption status. Code: ${err.code}, message: ${err.message}`);
124e41f4b71Sopenharmony_ci}
125e41f4b71Sopenharmony_ci```
126e41f4b71Sopenharmony_ci
127e41f4b71Sopenharmony_ci## securityManager.getPasswordPolicy<sup>12+</sup>
128e41f4b71Sopenharmony_ci
129e41f4b71Sopenharmony_cigetPasswordPolicy(): PasswordPolicy
130e41f4b71Sopenharmony_ci
131e41f4b71Sopenharmony_ciObtains the password policy of this device.
132e41f4b71Sopenharmony_ci
133e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
134e41f4b71Sopenharmony_ci
135e41f4b71Sopenharmony_ci**System API**: This is a system API.
136e41f4b71Sopenharmony_ci
137e41f4b71Sopenharmony_ci**Return value**
138e41f4b71Sopenharmony_ci
139e41f4b71Sopenharmony_ci| Type                  | Description                     |
140e41f4b71Sopenharmony_ci| --------------------- | ------------------------- |
141e41f4b71Sopenharmony_ci| [PasswordPolicy](./js-apis-enterprise-securityManager.md#passwordpolicy) | Device password policy obtained.|
142e41f4b71Sopenharmony_ci
143e41f4b71Sopenharmony_ci**Error codes**
144e41f4b71Sopenharmony_ci
145e41f4b71Sopenharmony_ciFor details about the error codes, see [Universal Error Codes](../errorcode-universal.md).
146e41f4b71Sopenharmony_ci
147e41f4b71Sopenharmony_ci| ID| Error Message                                                                      |          
148e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- |
149e41f4b71Sopenharmony_ci| 202 | Permission verification failed. A non-system application calls a system API. |
150e41f4b71Sopenharmony_ci
151e41f4b71Sopenharmony_ci**Example**
152e41f4b71Sopenharmony_ci
153e41f4b71Sopenharmony_ci```ts
154e41f4b71Sopenharmony_citry {
155e41f4b71Sopenharmony_ci    let result: securityManager.PasswordPolicy = securityManager.getPasswordPolicy();
156e41f4b71Sopenharmony_ci    console.info(`Succeeded in getting password policy, result : ${JSON.stringify(result)}`);
157e41f4b71Sopenharmony_ci} catch(err) {
158e41f4b71Sopenharmony_ci    console.error(`Failed to get password policy. Code: ${err.code}, message: ${err.message}`);
159e41f4b71Sopenharmony_ci}
160e41f4b71Sopenharmony_ci```
161e41f4b71Sopenharmony_ci
162e41f4b71Sopenharmony_ci## DeviceEncryptionStatus
163e41f4b71Sopenharmony_ci
164e41f4b71Sopenharmony_ciRepresents the file system encryption status.
165e41f4b71Sopenharmony_ci
166e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager
167e41f4b71Sopenharmony_ci
168e41f4b71Sopenharmony_ci**System API**: This is a system API.
169e41f4b71Sopenharmony_ci
170e41f4b71Sopenharmony_ci| Name        | Type    | Mandatory| Description                           |
171e41f4b71Sopenharmony_ci| ----------- | --------| ---- | ------------------------------- |
172e41f4b71Sopenharmony_ci| isEncrypted | boolean | Yes  | Whether the file system of the device is encrypted. The value **true** means the file system is encrypted; the value **false** means the opposite.|
173