1e41f4b71Sopenharmony_ci 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci# @ohos.enterprise.securityManager (Security Management) 4e41f4b71Sopenharmony_ci 5e41f4b71Sopenharmony_ciThe **securityManager** module provides device security management capabilities, including obtaining the security patch status and file system encryption status. 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ci> **NOTE** 8e41f4b71Sopenharmony_ci> 9e41f4b71Sopenharmony_ci> The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version. 10e41f4b71Sopenharmony_ci> 11e41f4b71Sopenharmony_ci> The APIs of this module can be used only in the stage model. 12e41f4b71Sopenharmony_ci> 13e41f4b71Sopenharmony_ci> The APIs of this module can be called only by a [device administrator application](../../mdm/mdm-kit-guide.md#introduction) that is enabled. 14e41f4b71Sopenharmony_ci 15e41f4b71Sopenharmony_ci## Modules to Import 16e41f4b71Sopenharmony_ci 17e41f4b71Sopenharmony_ci```ts 18e41f4b71Sopenharmony_ciimport { securityManager } from '@kit.MDMKit'; 19e41f4b71Sopenharmony_ci``` 20e41f4b71Sopenharmony_ci 21e41f4b71Sopenharmony_ci## securityManager.uninstallUserCertificate 22e41f4b71Sopenharmony_ci 23e41f4b71Sopenharmony_ciuninstallUserCertificate(admin: Want, certUri: string): Promise<void> 24e41f4b71Sopenharmony_ci 25e41f4b71Sopenharmony_ciUninstalls a user certificate through the specified device administrator application. This API uses a promise to return the result. 26e41f4b71Sopenharmony_ci 27e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 28e41f4b71Sopenharmony_ci 29e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ci**Parameters** 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 34e41f4b71Sopenharmony_ci| ------- | ------------------------------------------------------- | ---- | --------------------------------- | 35e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 36e41f4b71Sopenharmony_ci| certUri | string | Yes | Certificate URI, which is returned by **installUserCertificate()**.| 37e41f4b71Sopenharmony_ci 38e41f4b71Sopenharmony_ci**Return value** 39e41f4b71Sopenharmony_ci 40e41f4b71Sopenharmony_ci| Type | Description | 41e41f4b71Sopenharmony_ci| ------------------- | ------------------------------------------------------------ | 42e41f4b71Sopenharmony_ci| Promise<void> | Promise that returns no value. An error object will be thrown if the operation fails.| 43e41f4b71Sopenharmony_ci 44e41f4b71Sopenharmony_ci**Error codes** 45e41f4b71Sopenharmony_ci 46e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 47e41f4b71Sopenharmony_ci 48e41f4b71Sopenharmony_ci| ID| Error Message | 49e41f4b71Sopenharmony_ci| -------- | ------------------------------------------------------------ | 50e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 51e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 52e41f4b71Sopenharmony_ci| 9201001 | Failed to manage the certificate. | 53e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 54e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 55e41f4b71Sopenharmony_ci 56e41f4b71Sopenharmony_ci**Example** 57e41f4b71Sopenharmony_ci 58e41f4b71Sopenharmony_ci```ts 59e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 60e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 61e41f4b71Sopenharmony_cilet wantTemp: Want = { 62e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 63e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 64e41f4b71Sopenharmony_ci}; 65e41f4b71Sopenharmony_cilet aliasStr = "certName" 66e41f4b71Sopenharmony_cisecurityManager.uninstallUserCertificate(wantTemp, aliasStr).then(() => { 67e41f4b71Sopenharmony_ci console.info(`Succeeded in uninstalling user certificate.`); 68e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 69e41f4b71Sopenharmony_ci console.error(`Failed to uninstall user certificate. Code is ${err.code}, message is ${err.message}`); 70e41f4b71Sopenharmony_ci}); 71e41f4b71Sopenharmony_ci``` 72e41f4b71Sopenharmony_ci 73e41f4b71Sopenharmony_ci## securityManager.installUserCertificate 74e41f4b71Sopenharmony_ci 75e41f4b71Sopenharmony_ciinstallUserCertificate(admin: Want, certificate: CertBlob): Promise<string> 76e41f4b71Sopenharmony_ci 77e41f4b71Sopenharmony_ciInstalls a user certificate through the specified device administrator application. This API uses a promise to return the result. 78e41f4b71Sopenharmony_ci 79e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_CERTIFICATE 80e41f4b71Sopenharmony_ci 81e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 82e41f4b71Sopenharmony_ci 83e41f4b71Sopenharmony_ci**Parameters** 84e41f4b71Sopenharmony_ci 85e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 86e41f4b71Sopenharmony_ci| ----------- | ------------------------------------------------------- | ---- | -------------- | 87e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application.| 88e41f4b71Sopenharmony_ci| certificate | [CertBlob](#certblob) | Yes | Information about the certificate to install. | 89e41f4b71Sopenharmony_ci 90e41f4b71Sopenharmony_ci**Return value** 91e41f4b71Sopenharmony_ci 92e41f4b71Sopenharmony_ci| Type | Description | 93e41f4b71Sopenharmony_ci| --------------------- | ---------------------------------------------------- | 94e41f4b71Sopenharmony_ci| Promise<string> | Promise used to return the URI of the installed certificate. This URI can be used to uninstall the certificate.| 95e41f4b71Sopenharmony_ci 96e41f4b71Sopenharmony_ci**Error codes** 97e41f4b71Sopenharmony_ci 98e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 99e41f4b71Sopenharmony_ci 100e41f4b71Sopenharmony_ci| ID| Error Message | 101e41f4b71Sopenharmony_ci| -------- | ------------------------------------------------------------ | 102e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 103e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 104e41f4b71Sopenharmony_ci| 9201001 | Failed to manage the certificate. | 105e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 106e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 107e41f4b71Sopenharmony_ci 108e41f4b71Sopenharmony_ci**Example** 109e41f4b71Sopenharmony_ci 110e41f4b71Sopenharmony_ci```ts 111e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 112e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 113e41f4b71Sopenharmony_cilet wantTemp: Want = { 114e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 115e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 116e41f4b71Sopenharmony_ci}; 117e41f4b71Sopenharmony_cilet certFileArray: Uint8Array = new Uint8Array(); 118e41f4b71Sopenharmony_ci// The variable context needs to be initialized in MainAbility's onCreate callback function 119e41f4b71Sopenharmony_ci// test.cer needs to be placed in the rawfile directory 120e41f4b71Sopenharmony_cigetContext().resourceManager.getRawFileContent("test.cer").then((value) => { 121e41f4b71Sopenharmony_ci certFileArray = value 122e41f4b71Sopenharmony_ci securityManager.installUserCertificate(wantTemp, { inData: certFileArray, alias: "cert_alias_xts" }) 123e41f4b71Sopenharmony_ci .then((result) => { 124e41f4b71Sopenharmony_ci console.info(`Succeeded in installing user certificate, result : ${JSON.stringify(result)}`); 125e41f4b71Sopenharmony_ci }).catch((err: BusinessError) => { 126e41f4b71Sopenharmony_ci console.error(`Failed to install user certificate. Code: ${err.code}, message: ${err.message}`); 127e41f4b71Sopenharmony_ci }) 128e41f4b71Sopenharmony_ci}).catch((err: BusinessError) => { 129e41f4b71Sopenharmony_ci console.error(`Failed to get row file content. message: ${err.message}`); 130e41f4b71Sopenharmony_ci return 131e41f4b71Sopenharmony_ci}); 132e41f4b71Sopenharmony_ci``` 133e41f4b71Sopenharmony_ci 134e41f4b71Sopenharmony_ci## securityManager.getSecurityStatus 135e41f4b71Sopenharmony_ci 136e41f4b71Sopenharmony_cigetSecurityStatus(admin: Want, item: string): string 137e41f4b71Sopenharmony_ci 138e41f4b71Sopenharmony_ciObtains security status. 139e41f4b71Sopenharmony_ci 140e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY 141e41f4b71Sopenharmony_ci 142e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 143e41f4b71Sopenharmony_ci 144e41f4b71Sopenharmony_ci**Parameters** 145e41f4b71Sopenharmony_ci 146e41f4b71Sopenharmony_ci| Name| Type | Mandatory| Description | 147e41f4b71Sopenharmony_ci| ------ | ------------------------------------------------------- | ---- | ------------------------------------------------------------ | 148e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 149e41f4b71Sopenharmony_ci| item | string | Yes | Type of the security status to obtain.<br>- **patch**: device security patch.<br>- **encryption**: device file system encryption.<!--RP1--><!--RP1End-->| 150e41f4b71Sopenharmony_ci 151e41f4b71Sopenharmony_ci**Return value** 152e41f4b71Sopenharmony_ci 153e41f4b71Sopenharmony_ci| Type | Description | 154e41f4b71Sopenharmony_ci| ------ | -------------------- | 155e41f4b71Sopenharmony_ci| string | Security status obtained.| 156e41f4b71Sopenharmony_ci 157e41f4b71Sopenharmony_ci**Error codes** 158e41f4b71Sopenharmony_ci 159e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 160e41f4b71Sopenharmony_ci 161e41f4b71Sopenharmony_ci| ID| Error Message | 162e41f4b71Sopenharmony_ci| -------- | ------------------------------------------------------------ | 163e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 164e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 165e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 166e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 167e41f4b71Sopenharmony_ci 168e41f4b71Sopenharmony_ci**Example** 169e41f4b71Sopenharmony_ci 170e41f4b71Sopenharmony_ci```ts 171e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 172e41f4b71Sopenharmony_cilet wantTemp: Want = { 173e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 174e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 175e41f4b71Sopenharmony_ci}; 176e41f4b71Sopenharmony_ci 177e41f4b71Sopenharmony_citry { 178e41f4b71Sopenharmony_ci let result: string = securityManager.getSecurityStatus(wantTemp, 'patch'); 179e41f4b71Sopenharmony_ci console.info(`Succeeded in getting security patch tag. tag: ${result}`); 180e41f4b71Sopenharmony_ci} catch (err) { 181e41f4b71Sopenharmony_ci console.error(`Failed to get security patch tag. Code: ${err.code}, message: ${err.message}`); 182e41f4b71Sopenharmony_ci} 183e41f4b71Sopenharmony_ci``` 184e41f4b71Sopenharmony_ci 185e41f4b71Sopenharmony_ci## securityManager.setPasswordPolicy<sup>12+</sup> 186e41f4b71Sopenharmony_ci 187e41f4b71Sopenharmony_cisetPasswordPolicy(admin: Want, policy: PasswordPolicy): void 188e41f4b71Sopenharmony_ci 189e41f4b71Sopenharmony_ciSets the device password policy through the specified device administrator application. 190e41f4b71Sopenharmony_ci 191e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY 192e41f4b71Sopenharmony_ci 193e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 194e41f4b71Sopenharmony_ci 195e41f4b71Sopenharmony_ci**Parameters** 196e41f4b71Sopenharmony_ci 197e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 198e41f4b71Sopenharmony_ci| -------- | ---------------------------------------- | ---- | ------------------------------- | 199e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 200e41f4b71Sopenharmony_ci| policy | [PasswordPolicy](#passwordpolicy) | Yes| Device password policy to set.| 201e41f4b71Sopenharmony_ci 202e41f4b71Sopenharmony_ci**Error codes** 203e41f4b71Sopenharmony_ci 204e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 205e41f4b71Sopenharmony_ci 206e41f4b71Sopenharmony_ci| ID| Error Message | 207e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- | 208e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 209e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 210e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 211e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 212e41f4b71Sopenharmony_ci 213e41f4b71Sopenharmony_ci**Example** 214e41f4b71Sopenharmony_ci 215e41f4b71Sopenharmony_ci```ts 216e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 217e41f4b71Sopenharmony_cilet wantTemp: Want = { 218e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 219e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 220e41f4b71Sopenharmony_ci}; 221e41f4b71Sopenharmony_ci 222e41f4b71Sopenharmony_cilet policy: securityManager.PasswordPolicy = { 223e41f4b71Sopenharmony_ci complexityRegex: '^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$', 224e41f4b71Sopenharmony_ci validityPeriod: 1, 225e41f4b71Sopenharmony_ci additionalDescription: 'The password must contain at least eight characters, including at least one uppercase letter, one lowercase letter, one digit, and one special character.', 226e41f4b71Sopenharmony_ci} 227e41f4b71Sopenharmony_citry { 228e41f4b71Sopenharmony_ci securityManager.setPasswordPolicy(wantTemp, policy); 229e41f4b71Sopenharmony_ci console.info(`Succeeded in setting password policy.`); 230e41f4b71Sopenharmony_ci} catch(err) { 231e41f4b71Sopenharmony_ci console.error(`Failed to set password policy. Code: ${err.code}, message: ${err.message}`); 232e41f4b71Sopenharmony_ci} 233e41f4b71Sopenharmony_ci``` 234e41f4b71Sopenharmony_ci 235e41f4b71Sopenharmony_ci## securityManager.getPasswordPolicy<sup>12+</sup> 236e41f4b71Sopenharmony_ci 237e41f4b71Sopenharmony_cigetPasswordPolicy(admin: Want): PasswordPolicy 238e41f4b71Sopenharmony_ci 239e41f4b71Sopenharmony_ciObtains the device password policy through the specified device administrator application. 240e41f4b71Sopenharmony_ci 241e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY 242e41f4b71Sopenharmony_ci 243e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 244e41f4b71Sopenharmony_ci 245e41f4b71Sopenharmony_ci**Parameters** 246e41f4b71Sopenharmony_ci 247e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 248e41f4b71Sopenharmony_ci| -------- | ---------------------------------------- | ---- | ------------------------------- | 249e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 250e41f4b71Sopenharmony_ci 251e41f4b71Sopenharmony_ci**Return value** 252e41f4b71Sopenharmony_ci 253e41f4b71Sopenharmony_ci| Type | Description | 254e41f4b71Sopenharmony_ci| --------------------- | ------------------------- | 255e41f4b71Sopenharmony_ci| [PasswordPolicy](#passwordpolicy) | Device password policy obtained.| 256e41f4b71Sopenharmony_ci 257e41f4b71Sopenharmony_ci**Error codes** 258e41f4b71Sopenharmony_ci 259e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 260e41f4b71Sopenharmony_ci 261e41f4b71Sopenharmony_ci| ID| Error Message | 262e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- | 263e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 264e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 265e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 266e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 267e41f4b71Sopenharmony_ci 268e41f4b71Sopenharmony_ci**Example** 269e41f4b71Sopenharmony_ci 270e41f4b71Sopenharmony_ci```ts 271e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 272e41f4b71Sopenharmony_cilet wantTemp: Want = { 273e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 274e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 275e41f4b71Sopenharmony_ci}; 276e41f4b71Sopenharmony_ci 277e41f4b71Sopenharmony_citry { 278e41f4b71Sopenharmony_ci let result: securityManager.PasswordPolicy = securityManager.getPasswordPolicy(wantTemp); 279e41f4b71Sopenharmony_ci console.info(`Succeeded in getting password policy, result : ${JSON.stringify(result)}`); 280e41f4b71Sopenharmony_ci} catch(err) { 281e41f4b71Sopenharmony_ci console.error(`Failed to get password policy. Code: ${err.code}, message: ${err.message}`); 282e41f4b71Sopenharmony_ci} 283e41f4b71Sopenharmony_ci``` 284e41f4b71Sopenharmony_ci 285e41f4b71Sopenharmony_ci## securityManager.setAppClipboardPolicy<sup>12+</sup> 286e41f4b71Sopenharmony_ci 287e41f4b71Sopenharmony_cisetAppClipboardPolicy(admin: Want, tokenId: number, policy: ClipboardPolicy): void 288e41f4b71Sopenharmony_ci 289e41f4b71Sopenharmony_ciSets the device clipboard policy through the specified device administrator application. 290e41f4b71Sopenharmony_ci 291e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY 292e41f4b71Sopenharmony_ci 293e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 294e41f4b71Sopenharmony_ci 295e41f4b71Sopenharmony_ci**Parameters** 296e41f4b71Sopenharmony_ci 297e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 298e41f4b71Sopenharmony_ci| -------- | ---------------------------------------- | ---- | ------------------------------- | 299e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 300e41f4b71Sopenharmony_ci| tokenId | number | Yes| Application token ID, which can be obtained from [ApplicationInfo](../apis-ability-kit/js-apis-bundleManager-applicationInfo.md) of the application. Currently, a maximum of 100 token IDs can be saved.| 301e41f4b71Sopenharmony_ci| policy | [ClipboardPolicy](#clipboardpolicy) | Yes| Clipboard policy to set.| 302e41f4b71Sopenharmony_ci 303e41f4b71Sopenharmony_ci**Error codes** 304e41f4b71Sopenharmony_ci 305e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 306e41f4b71Sopenharmony_ci 307e41f4b71Sopenharmony_ci| ID| Error Message | 308e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- | 309e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 310e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 311e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 312e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 313e41f4b71Sopenharmony_ci 314e41f4b71Sopenharmony_ci**Example** 315e41f4b71Sopenharmony_ci 316e41f4b71Sopenharmony_ci```ts 317e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 318e41f4b71Sopenharmony_cilet wantTemp: Want = { 319e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 320e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 321e41f4b71Sopenharmony_ci}; 322e41f4b71Sopenharmony_cilet tokenId: number = 586874394; 323e41f4b71Sopenharmony_citry { 324e41f4b71Sopenharmony_ci securityManager.setAppClipboardPolicy(wantTemp, tokenId, securityManager.ClipboardPolicy.IN_APP); 325e41f4b71Sopenharmony_ci console.info(`Succeeded in setting clipboard policy.`); 326e41f4b71Sopenharmony_ci} catch(err) { 327e41f4b71Sopenharmony_ci console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`); 328e41f4b71Sopenharmony_ci} 329e41f4b71Sopenharmony_ci``` 330e41f4b71Sopenharmony_ci 331e41f4b71Sopenharmony_ci## securityManager.getAppClipboardPolicy<sup>12+</sup> 332e41f4b71Sopenharmony_ci 333e41f4b71Sopenharmony_cigetAppClipboardPolicy(admin: Want, tokenId?: number): string 334e41f4b71Sopenharmony_ci 335e41f4b71Sopenharmony_ciObtains the device clipboard policy through the specified device administrator application. 336e41f4b71Sopenharmony_ci 337e41f4b71Sopenharmony_ci**Required permissions**: ohos.permission.ENTERPRISE_MANAGE_SECURITY 338e41f4b71Sopenharmony_ci 339e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 340e41f4b71Sopenharmony_ci 341e41f4b71Sopenharmony_ci**Parameters** 342e41f4b71Sopenharmony_ci 343e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 344e41f4b71Sopenharmony_ci| -------- | ---------------------------------------- | ---- | ------------------------------- | 345e41f4b71Sopenharmony_ci| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | Yes | Device administrator application. | 346e41f4b71Sopenharmony_ci| tokenId | number | No| Application token ID, which can be obtained from [ApplicationInfo](../apis-ability-kit/js-apis-bundleManager-applicationInfo.md) of the application.| 347e41f4b71Sopenharmony_ci 348e41f4b71Sopenharmony_ci**Return value** 349e41f4b71Sopenharmony_ci 350e41f4b71Sopenharmony_ci| Type | Description | 351e41f4b71Sopenharmony_ci| --------------------- | ------------------------- | 352e41f4b71Sopenharmony_ci| ClipboardPolicy | Device clipboard policy obtained.| 353e41f4b71Sopenharmony_ci 354e41f4b71Sopenharmony_ci**Error codes** 355e41f4b71Sopenharmony_ci 356e41f4b71Sopenharmony_ciFor details about the error codes, see [Enterprise Device Management Error Codes](errorcode-enterpriseDeviceManager.md) and [Universal Error Codes](../errorcode-universal.md). 357e41f4b71Sopenharmony_ci 358e41f4b71Sopenharmony_ci| ID| Error Message | 359e41f4b71Sopenharmony_ci| ------- | ---------------------------------------------------------------------------- | 360e41f4b71Sopenharmony_ci| 9200001 | The application is not an administrator application of the device. | 361e41f4b71Sopenharmony_ci| 9200002 | The administrator application does not have permission to manage the device. | 362e41f4b71Sopenharmony_ci| 201 | Permission verification failed. The application does not have the permission required to call the API. | 363e41f4b71Sopenharmony_ci| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 364e41f4b71Sopenharmony_ci 365e41f4b71Sopenharmony_ci**Example** 366e41f4b71Sopenharmony_ci 367e41f4b71Sopenharmony_ci```ts 368e41f4b71Sopenharmony_ciimport { Want } from '@kit.AbilityKit'; 369e41f4b71Sopenharmony_cilet wantTemp: Want = { 370e41f4b71Sopenharmony_ci bundleName: 'com.example.myapplication', 371e41f4b71Sopenharmony_ci abilityName: 'EntryAbility', 372e41f4b71Sopenharmony_ci}; 373e41f4b71Sopenharmony_cilet tokenId: number = 586874394; 374e41f4b71Sopenharmony_citry { 375e41f4b71Sopenharmony_ci let result: string = securityManager.getAppClipboardPolicy(wantTemp, tokenId); 376e41f4b71Sopenharmony_ci console.info(`Succeeded in getting password policy, result : ${result}`); 377e41f4b71Sopenharmony_ci} catch(err) { 378e41f4b71Sopenharmony_ci console.error(`Failed to set clipboard policy. Code: ${err.code}, message: ${err.message}`); 379e41f4b71Sopenharmony_ci} 380e41f4b71Sopenharmony_ci``` 381e41f4b71Sopenharmony_ci 382e41f4b71Sopenharmony_ci## CertBlob 383e41f4b71Sopenharmony_ci 384e41f4b71Sopenharmony_ciRepresents the certificate information. 385e41f4b71Sopenharmony_ci 386e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 387e41f4b71Sopenharmony_ci 388e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 389e41f4b71Sopenharmony_ci| ------ | ---------- | ---- | ------------------ | 390e41f4b71Sopenharmony_ci| inData | Uint8Array | Yes | Binary content of the certificate.| 391e41f4b71Sopenharmony_ci| alias | string | Yes | Certificate alias. | 392e41f4b71Sopenharmony_ci 393e41f4b71Sopenharmony_ci## PasswordPolicy 394e41f4b71Sopenharmony_ci 395e41f4b71Sopenharmony_ciRepresents a device password policy. 396e41f4b71Sopenharmony_ci 397e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 398e41f4b71Sopenharmony_ci 399e41f4b71Sopenharmony_ci| Name | Type | Mandatory| Description | 400e41f4b71Sopenharmony_ci| ----------- | --------| ---- | ------------------------------- | 401e41f4b71Sopenharmony_ci| complexityRegex | string | No| Regular expression for password complexity.| 402e41f4b71Sopenharmony_ci| validityPeriod | number | No| Password validity period, in ms.| 403e41f4b71Sopenharmony_ci| additionalDescription | string | No| Description of the device password.| 404e41f4b71Sopenharmony_ci 405e41f4b71Sopenharmony_ci## ClipboardPolicy 406e41f4b71Sopenharmony_ci 407e41f4b71Sopenharmony_ciRepresents a device clipboard policy. 408e41f4b71Sopenharmony_ci 409e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Customization.EnterpriseDeviceManager 410e41f4b71Sopenharmony_ci 411e41f4b71Sopenharmony_ci| Name | Value| Description | 412e41f4b71Sopenharmony_ci| ----------- | -------- | ------------------------------- | 413e41f4b71Sopenharmony_ci| DEFAULT | 0 | Default policy.| 414e41f4b71Sopenharmony_ci| IN_APP | 1 | Allow the clipboard to be used in the same application.| 415e41f4b71Sopenharmony_ci| LOCAL_DEVICE | 2 | Allow the clipboard to be used on the same device.| 416e41f4b71Sopenharmony_ci| CROSS_DEVICE | 3 | Allow the clipboard to be used across devices.| 417