@ohos.enterprise.systemManager (System Management)
The systemManager module provides system management capabilities.
NOTE
The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version.
The APIs of this module can be used only in the stage model.
The APIs of this module can be called only by a device administrator application that is enabled. For details, see MDM Kit Development.
Modules to Import
import { systemManager } from '@kit.MDMKit';
systemManager.setNTPServer
setNTPServer(admin: Want, server: string): void
Sets the NTP server.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
Conflict rule: Latest configuration precedence.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| server | string | Yes | NTP server addresses separated by commas (,). For example, ntpserver1.com,ntpserver2.com. The value can contain a maximum of 96 bytes (including the end character). |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Replace with actual values.
let server: string = "ntpserver.com";
try {
systemManager.setNTPServer(wantTemp, server);
console.info('Succeeded in setting NTPserver.');
} catch (err) {
console.error(`Failed to set ntp server. Code is ${err.code}, message is ${err.message}`);
}
systemManager.getNTPServer
getNTPServer(admin: Want): string
Obtains the NTP server information.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
Return value
| Type | Description |
|---|---|
| string | NTP server information. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
try {
systemManager.getNTPServer(wantTemp);
console.info('Succeeded in getting NTP server.');
} catch (err) {
console.error(`Failed to get ntp server. Code is ${err.code}, message is ${err.message}`);
}
systemManager.setOtaUpdatePolicy
setOtaUpdatePolicy(admin: Want, policy: OtaUpdatePolicy): void
Sets the update policy. In intranet updates, call systemManager.notifyUpdatePackages to notify the system of the update packages and then call this API to set the upgrade policy.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
Conflict rule: Latest configuration precedence.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| policy | OtaUpdatePolicy | Yes | OTA update policy to set. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Default update policy.
let otaUpdatePolicy1: systemManager.OtaUpdatePolicy = {
"policyType": systemManager.PolicyType.DEFAULT,
"version": "version_1.0.0.0",
};
try {
systemManager.setOtaUpdatePolicy(wantTemp, otaUpdatePolicy1);
console.info('Succeeded in setting ota update policy.');
} catch (err) {
console.error(`Failed to set ota update policy. Code is ${err.code}, message is ${err.message}`);
}
// Prohibit update.
let otaUpdatePolicy2: systemManager.OtaUpdatePolicy = {
"policyType": systemManager.PolicyType.PROHIBIT,
"version": "version_1.0.0.1",
};
try {
systemManager.setOtaUpdatePolicy(wantTemp, otaUpdatePolicy2);
console.info('Succeeded in setting ota update policy.');
} catch (err) {
console.error(`Failed to set ota update policy. Code is ${err.code}, message is ${err.message}`);
}
// Enforce update.
let otaUpdatePolicy3: systemManager.OtaUpdatePolicy = {
"policyType": systemManager.PolicyType.UPDATE_TO_SPECIFIC_VERSION,
"version": "version_1.0.0.2",
"latestUpdateTime": 1716343200, // Timestamp
};
try {
systemManager.setOtaUpdatePolicy(wantTemp, otaUpdatePolicy3);
console.info('Succeeded in setting ota update policy.');
} catch (err) {
console.error(`Failed to set ota update policy. Code is ${err.code}, message is ${err.message}`);
}
// Update at the specified time period.
let otaUpdatePolicy4: systemManager.OtaUpdatePolicy = {
"policyType": systemManager.PolicyType.WINDOWS,
"version": "version_1.0.0.3",
"installStartTime": 1716281049, // Timestamp.
"installEndTime": 1716343200, // Timestamp.
};
try {
systemManager.setOtaUpdatePolicy(wantTemp, otaUpdatePolicy4);
console.info('Succeeded in setting ota update policy.');
} catch (err) {
console.error(`Failed to set ota update policy. Code is ${err.code}, message is ${err.message}`);
}
// Delay the update.
let otaUpdatePolicy5: systemManager.OtaUpdatePolicy = {
"policyType": systemManager.PolicyType.POSTPONE,
"version": "version_1.0.0.4",
"delayUpdateTime": 5, // Unit: hour
};
try {
systemManager.setOtaUpdatePolicy(wantTemp, otaUpdatePolicy5);
console.info('Succeeded in setting ota update policy.');
} catch (err) {
console.error(`Failed to set ota update policy. Code is ${err.code}, message is ${err.message}`);
}
// Disable public network upgrade.
let otaUpdatePolicy6: systemManager.OtaUpdatePolicy = {
"policyType": systemManager.PolicyType.DEFAULT,
"version": "version_1.0.0.5",
"disableSystemOtaUpdate": true,
};
try {
systemManager.setOtaUpdatePolicy(wantTemp, otaUpdatePolicy6);
console.info('Succeeded in setting ota update policy.');
} catch (err) {
console.error(`Failed to set ota update policy. Code is ${err.code}, message is ${err.message}`);
}
systemManager.getOtaUpdatePolicy
getOtaUpdatePolicy(admin: Want): OtaUpdatePolicy
Checks the update policy.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
Return value
| Type | Description |
|---|---|
| OtaUpdatePolicy | OtaUpdatePolicy object containing the update policy obtained. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
try {
let policy: systemManager.OtaUpdatePolicy= systemManager.getOtaUpdatePolicy(wantTemp);
console.info(`Succeeded in getting update policy: ${JSON.stringify(policy)}`);
} catch (err) {
console.error(`Failed to get update policy. Code is ${err.code}, message is ${err.message}`);
}
systemManager.notifyUpdatePackages
notifyUpdatePackages(admin: Want, packageInfo: UpdatePackageInfo): Promise<void>
Notifies the system of the update packages. In intranet updates, call this API to notify the system of the update packages, and then call systemManager.setOtaUpdatePolicy to set the update policy.
NOTE
This API is time-consuming. Subsequent calls to other synchronous APIs in the application main thread must wait for the asynchronous return of this API.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| packageInfo | UpdatePackageInfo | Yes | Information about the system update packages. Note: The input UpdatePackageInfo.packages.path must be a .zip package starting with update. If a file in other formats is input, error code 9201004 will be reported. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. An error object will be thrown if the operation fails. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9201004 | The update packages do not exist or analyzing failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
Example
import { systemManager } from '@kit.MDMKit';
import { BusinessError } from '@kit.BasicServicesKit';
import { Want } from '@kit.AbilityKit';
import { fileIo as fs } from '@kit.CoreFileKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
let notify: systemManager.NotifyDescription = {
// Replace with actual values.
"installTips": "installTips",
"installTipsDetail": "installTips detail"
};
let description: systemManager.PackageDescription = {
// Replace with actual values.
"notify": notify
};
let updatePackages: Array<systemManager.Package> = [];
// Replace the application sandbox path with the actual one.
let fileDir = "/xxxx/xxxx/";
let path1: string = "update_sd_base.zip";
let path2: string = "update_sd_cust_xxxxx_all_cn.zip";
let path3: string = "update_sd_preload_xxxxx_all_cn_R1.zip";
let fd1: number = fs.openSync(fileDir + path1, fs.OpenMode.READ_ONLY).fd;
let fd2: number = fs.openSync(fileDir + "xxxxx/" + path2, fs.OpenMode.READ_ONLY).fd;
let fd3: number = fs.openSync(fileDir + "xxxxx/" + path3, fs.OpenMode.READ_ONLY).fd;
let package1: systemManager.Package = {
// Replace with actual values.
"type": systemManager.PackageType.FIRMWARE,
"path": path1,
"fd": fd1
};
let package2: systemManager.Package = {
// Replace with actual values.
"type": systemManager.PackageType.FIRMWARE,
"path": path2,
"fd": fd2
};
let package3: systemManager.Package = {
// Replace with actual values.
"type": systemManager.PackageType.FIRMWARE,
"path": path3,
"fd": fd3
};
updatePackages.push(package1);
updatePackages.push(package2);
updatePackages.push(package3);
let updatePackageInfo: systemManager.UpdatePackageInfo = {
// Replace with actual values.
"version" : "1.0",
"packages" : updatePackages,
"description" : description
};
systemManager.notifyUpdatePackages(wantTemp, updatePackageInfo).then(() => {
console.info('Succeeded in notifying update packages.');
}).catch ((error: BusinessError) => {
console.error(`Failed to notify update packages. Code is ${error.code},message is ${error.message}`);
});
systemManager.getUpdateResult
getUpdateResult(admin: Want, version: string): Promise<UpdateResult>
Obtains the system update result.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| version | string | Yes | Version of the update package. |
Return value
| Type | Description |
|---|---|
| Promise<UpdateResult> | Promise used to return the system update result. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
Example
import { systemManager } from '@kit.MDMKit';
import { BusinessError } from '@kit.BasicServicesKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
systemManager.getUpdateResult(wantTemp, "1.0").then((result:systemManager.UpdateResult) => {
console.info(`Succeeded in getting update result: ${JSON.stringify(result)}`);
}).catch((error: BusinessError) => {
console.error(`Get update result failed. Code is ${error.code},message is ${error.message}`);
});
systemManager.getUpdateAuthData19+
getUpdateAuthData(admin: Want): Promise<string>
Obtains the authentication data for system update verification. This API uses a promise to return the result.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
Return value
| Type | Description |
|---|---|
| Promise<string> | Promise used to return the authentication data. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
Example
import { systemManager } from '@kit.MDMKit';
import { BusinessError } from '@kit.BasicServicesKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
systemManager.getUpdateAuthData(wantTemp).then((result: string) => {
console.info(`Succeeded in getting update auth data: ${JSON.stringify(result)}`);
}).catch((error: BusinessError) => {
console.error(`Get update auth data failed. Code is ${error.code},message is ${error.message}`);
});
systemManager.addDisallowedNearLinkProtocols20+
addDisallowedNearLinkProtocols(admin: Want, protocols: Array<NearLinkProtocol>, accountId: number): void
Adds a list of NearLink protocols that are not allowed to be used for a specified user. NearLink Kit provides a low-power, high-speed short-range communication service that supports connection and data interaction between NearLink devices. This API does not take effect for system services and system applications such as the keyboard and stylus.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Conflict rule: Policy merging.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| protocols | Array<NearLinkProtocol> | Yes | NearLink protocol list. |
| accountId | number | Yes | User ID, which must be greater than or equal to 0. You can call APIs such as getOsAccountLocalId to obtain the user ID. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200012 | Parameter verification failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Replace with actual values.
let protocols: systemManager.NearLinkProtocol[] = [systemManager.NearLinkProtocol.SSAP,
systemManager.NearLinkProtocol.DATA_TRANSFER];
// Replace with actual values.
let accountId: number = 100;
try {
systemManager.addDisallowedNearLinkProtocols(wantTemp, protocols, accountId);
console.info('Succeeded in adding the disabled Starlink protocol list for the specified user.');
} catch (err) {
console.error(`Failed to add the disabled Starlink protocol list for the specified user. Code is ${err.code}, message is ${err.message}`);
}
systemManager.removeDisallowedNearLinkProtocols20+
removeDisallowedNearLinkProtocols(admin: Want, protocols: Array<NearLinkProtocol>, accountId: number): void
Removes the list of disallowed NearLink protocols for a specified user.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Conflict rule: Policy merging.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| protocols | Array<NearLinkProtocol> | Yes | NearLink protocol list. |
| accountId | number | Yes | User ID, which must be greater than or equal to 0. You can call APIs such as getOsAccountLocalId to obtain the user ID. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200012 | Parameter verification failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Replace with actual values.
let protocols: systemManager.NearLinkProtocol[] = [systemManager.NearLinkProtocol.SSAP,
systemManager.NearLinkProtocol.DATA_TRANSFER];
// Replace with actual values.
let accountId: number = 100;
try {
systemManager.removeDisallowedNearLinkProtocols(wantTemp, protocols, accountId);
console.info('Succeeded in removing the disabled Starlink protocol list for the specified user.');
} catch (err) {
console.error(`Failed to remove the disabled Starlink protocol list for the specified user. Code is ${err.code}, message is ${err.message}`);
}
systemManager.getDisallowedNearLinkProtocols20+
getDisallowedNearLinkProtocols(admin: Want, accountId: number): Array<NearLinkProtocol>
Obtains the list of disallowed NearLink protocols for a specified user.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| accountId | number | Yes | User ID, which must be greater than or equal to 0. You can call APIs such as getOsAccountLocalId to obtain the user ID. |
Return value
| Type | Description |
|---|---|
| Array<NearLinkProtocol> | List of disallowed NearLink protocols for a specified user. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Replace with actual values.
let accountId: number = 100;
try {
let result: systemManager.NearLinkProtocol[] = systemManager.getDisallowedNearLinkProtocols(wantTemp, accountId);
console.info(`Succeeded in querying the disabled Starlink protocol list for the specified user: ${result}`);
} catch (err) {
console.error(`Failed to query the disabled Starlink protocol list for the specified user. Code is ${err.code}, message is ${err.message}`);
}
systemManager.setInstallLocalEnterpriseAppEnabled20+
setInstallLocalEnterpriseAppEnabled(admin: Want, isEnable: boolean): void
Sets whether local installation of enterprise applications is supported. When local installation is enabled, users can install enterprise applications (signing certificate distribution type: enterprise_normal) by double-tapping their installation packages on enterprise PCs/2-in-1 devices with the local installation capability.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices but returns error code 801 on other devices.
Model restriction: This API can be used only in the stage model.
Conflict rule: Security-first If any MDM app supports local installation of enterprise apps, the comprehensive policy is to support local installation of enterprise apps.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| isEnable | boolean | Yes | Whether local installation of enterprise applications is supported. The value true indicates that the local installation of enterprise applications is supported, and the value false indicates the opposite. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Replace with actual values.
let isEnable: boolean = true;
try {
systemManager.setInstallLocalEnterpriseAppEnabled(wantTemp, isEnable);
console.info('Succeeded in setting InstallLocalEnterpriseAppEnabled.');
} catch (err) {
console.error(`Failed to set installLocalEnterpriseAppEnabled. Code is ${err.code}, message is ${err.message}`);
}
systemManager.getInstallLocalEnterpriseAppEnabled20+
getInstallLocalEnterpriseAppEnabled(admin: Want | null): boolean
Checks whether local installation of enterprise applications is supported.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices but returns error code 801 on other devices.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | null | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. Before API version 24, this API can be called to check whether local installation of enterprise applications is supported. If the device has multiple MDM applications, you can pass admin to query the corresponding policies. Since API version 24, admin can be set to null. In this case, the policies that actually take effect on the device are returned. |
Return value
| Type | Description |
|---|---|
| boolean | Whether local installation of enterprise applications is supported. The value true indicates that local installation is supported, and the value false indicates the opposite. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
try {
let isEnable: boolean = systemManager.getInstallLocalEnterpriseAppEnabled(wantTemp);
console.info('Succeeded in getting installLocalEnterpriseAppEnabled.');
} catch (err) {
console.error(`Failed to get installLocalEnterpriseAppEnabled. Code is ${err.code}, message is ${err.message}`);
}
systemManager.setAutoUnlockAfterReboot20+
setAutoUnlockAfterReboot(admin: Want, isAllowed: boolean): void
Sets automatic unlocking upon device reboot. This setting takes effect only on devices without a screen lock password.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Conflict rule: Security-first. If any MDM app sets automatic unlocking upon device restart, the comprehensive policy is automatic unlocking upon device restart.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| isAllowed | boolean | Yes | The value true indicates that the device is automatically unlocked after reboot, and the value false indicates the opposite. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
let isAllowed: boolean = true;
try {
systemManager.setAutoUnlockAfterReboot(wantTemp, isAllowed);
console.info('Succeeded in setting setAutoUnlockAfterReboot.');
} catch (err) {
console.error(`Failed to set auto unlock after reboot. Code is ${err.code}, message is ${err.message}`);
}
systemManager.getAutoUnlockAfterReboot20+
getAutoUnlockAfterReboot(admin: Want): boolean
Checks whether the device is automatically unlocked upon reboot.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
Return value
| Type | Description |
|---|---|
| boolean | The value true indicates the device is automatically unlocked after reboot, and the value false indicates the opposite. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
try {
systemManager.getAutoUnlockAfterReboot(wantTemp);
console.info('Succeeded in getting auto unlock after reboot.');
} catch (err) {
console.error(`Failed to get auto unlock after reboot. Code is ${err.code}, message is ${err.message}`);
}
systemManager.addKeyEventPolicies23+
addKeyEventPolicies(admin: Want, keyPolicies: Array<KeyEventPolicy>): void
Adds a key event handling policy. When the system triggers a key event, if the event matches the delivered key event policy, the MDM app will be notified via the EnterpriseAdminExtensionAbility.onKeyEvent callback, with the key event information of the matched policy carried in the callback.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on phones and tablets. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| keyPolicies | Array<KeyEventPolicy> | Yes | Key policy. Physical keys (power key, volume up, and volume down) and navigation keys (back, home, and recently opened) are supported. Physical keys can be combined into a combination key, but navigation keys cannot. For details about the combination key event response, see Key Event Callback. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200010 | A conflict policy has been configured. |
| 9200012 | Parameter verification failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
let keypolicy: Array<systemManager.KeyEventPolicy> = [
{
"keyCode": systemManager.KeyCode.POWER,
"keyPolicy": systemManager.KeyPolicy.CUSTOM
},
{
"keyCode": systemManager.KeyCode.VOLUME_UP,
"keyPolicy": systemManager.KeyPolicy.CUSTOM
}
];
try {
systemManager.addKeyEventPolicies(wantTemp, keypolicy);
console.info('Succeeded in adding key event policies.');
} catch (err) {
console.error(`Failed to add key event policies. Code is ${err.code}, message is ${err.message}`);
}
systemManager.removeKeyEventPolicies23+
removeKeyEventPolicies(admin: Want, keyCodes: Array<KeyCode>): void
Removes a key event handling policy.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on phones and tablets. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| keyCodes | Array<KeyCode> | Yes | Key code. You can remove multiple key policies at a time. Removing an unsupported key will report error code 9200012. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200012 | Parameter verification failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
let keyCodes: Array<systemManager.KeyCode> = [
systemManager.KeyCode.POWER, systemManager.KeyCode.VOLUME_UP,
];
try {
systemManager.removeKeyEventPolicies(wantTemp, keyCodes);
console.info('Succeeded in removing key event policies.');
} catch (err) {
console.error(`Failed to remove key event policies. Code is ${err.code}, message is ${err.message}`);
}
systemManager.getKeyEventPolicies23+
getKeyEventPolicies(admin: Want): Array<KeyEventPolicy>
Obtains the key event handling policy.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on phones and tablets. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
Return value
| Type | Description |
|---|---|
| Array<KeyEventPolicy> | List of currently configured key event policies. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
let result: Array<systemManager.KeyEventPolicy> = [];
try {
result = systemManager.getKeyEventPolicies(wantTemp);
console.info('Succeeded in getting key event policies.');
} catch (err) {
console.error(`Failed to get key event policies. Code is ${err.code}, message is ${err.message}`);
}
systemManager.startCollectLog23+
startCollectLog(admin: Want): Promise<void>
Starts to collect the fault logs that have been generated and stored on the device. The fault logs, app service logs, and system run logs that are not stored on the hard disk cannot be collected.
- After the API is called, the system starts a log collection task. The API returns a response immediately after the task is started. The task may fail due to system performance constraints.
- This API can be called by multiple MDM apps. Logs collected by different MDM apps under different users are saved separately and do not affect each other. Only one MDM app can start a log collection task at a time. If this API is called before the task is complete, the error code 9201009 is returned, and other MDM apps may call the API only after the task finishes.
- Upon task completion, the MDM app is notified via the EnterpriseAdminExtensionAbility.onLogCollected callback. The system mounts the collected log files to the MDM app sandbox path, enabling the MDM app to read the logs within the callback.
- If the log collection task takes more than 5 minutes, the EnterpriseAdminExtensionAbility.onLogCollected callback returns a task execution failure message.
- After the app obtains the logs, you are advised to call systemManager.finishLogCollected to remove the collected logs.
Required permissions: ohos.permission.ENTERPRISE_READ_LOG
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Conflict rule: This API can be called by multiple MDM apps. Logs collected by different MDM apps under different users are stored separately and do not affect each other. Only one MDM app can start a log collection task at a time. If this API is called before the task is complete, the error code 9201009 is returned, and other MDM apps may call the API only after the task finishes.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. When a log collection task fails to be created, an error object is thrown. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9201009 | Collecting logs, please try again later. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
systemManager.startCollectLog(wantTemp).then(() => {
console.info('Succeeded in starting collect log');
}).catch((err: BusinessError) => {
console.error(`Failed to start collect log. Code: ${err.code}, message: ${err.message}`);
});
systemManager.finishLogCollected23+
finishLogCollected(admin: Want): void
Deletes the device logs collected by the current MDM app under the current user.
NOTE
After the app calls startCollectLog to initiate log collection and receives the EnterpriseAdminExtensionAbility.onLogCollected callback, you are advised to immediately copy or process the logs, and then call this API to delete the collected logs.
If this API is not called, device logs will occupy the system storage space, which does not affect the next call of startCollectLog to start a log collection task.
Required permissions: ohos.permission.ENTERPRISE_READ_LOG
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
try {
systemManager.finishLogCollected(wantTemp);
console.info('Succeeded in finishing log collected.');
} catch (err) {
console.error(`Failed to finish log collected. Code is ${err.code}, message is ${err.message}`);
}
systemManager.setActivationLockDisabled24+
setActivationLockDisabled(admin: Want, isDisabled: boolean, credential?: string): Promise<void>
Enables or disables the device activation lock. After the device activation lock is disabled, the Find Device function will no longer be available. This function applies only to specific devices.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| isDisabled | boolean | Yes | Whether to disable the activation lock. The value true indicates yes, and the value false indicates no. |
| credential | string | No | Credential for disabling the activation lock. To disable the activation lock, you must set this parameter to a valid credential. Leave this parameter empty when enabling the activation lock. |
Return value
| Type | Description |
|---|---|
| Promise<void> | Promise that returns no value. An error object is thrown when the activation lock fails to be enabled or disabled. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200012 | Parameter verification failed. |
| 9200016 | Service timeout. |
| 9201011 | The credential of the activation lock is invalid. |
| 9201012 | Failed to enable or disable the activation lock. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Replace with actual values.
let credential: string = "XXX";
let isDisabled: boolean = true;
systemManager.setActivationLockDisabled(wantTemp, isDisabled, credential).then(() => {
console.info('Succeeded in setting activation lock status.');
}).catch((err: BusinessError) => {
console.error(`Failed to set activation lock status. Code: ${err.code}, message: ${err.message}`);
});
systemManager.isActivationLockDisabled24+
isActivationLockDisabled(admin: Want): Promise<boolean>
Checks whether the device activation lock is disabled.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices. If it is called on other device types, error code 801 is returned.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return whether the device activation lock is disabled. The value true indicates that the device activation lock is disabled and the Find Device function cannot be used. The value false indicates that the device activation lock is enabled and the Find Device function is available. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200016 | Service timeout. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { Want } from '@kit.AbilityKit';
import { systemManager } from '@kit.MDMKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
systemManager.isActivationLockDisabled(wantTemp).then(result => {
console.info(`Succeeded in getting activation lock status: ${JSON.stringify(result)}`);
}).catch((err: BusinessError) => {
console.error(`Failed to set activation lock status. Code: ${err.code}, message: ${err.message}`);
});
systemManager.setInstallLocalEnterpriseAppEnabledForAccount24+
setInstallLocalEnterpriseAppEnabledForAccount(admin: Want, isEnable: boolean, accountId: number): void
Sets whether local installation of enterprise applications is supported for a specified user. After the policy of supporting local enterprise application installation is delivered to a PC/2-in-1 enterprise device that has the local installation capability, the user can double-click an enterprise application installation package on the desktop or in the Files application to install it.
Only enterprise applications signed with the enterprise_normal or enterprise_mdm signature type are supported.
NOTE
A PC/2-in-1 enterprise device supports local installation of enterprise applications for the current user if any of the following conditions is met:
- The offline installer has been enabled by calling setInstallLocalEnterpriseAppEnabled.
- Local installation of enterprise applications is enabled for the current user by calling this API.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices but returns error code 801 on other devices.
Model restriction: This API can be used only in the stage model.
Conflict rule: Security-first If any MDM app supports local installation of enterprise apps, the comprehensive policy is to support local installation of enterprise apps.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. |
| isEnable | boolean | Yes | Whether local installation of enterprise applications is supported. The value true indicates that the local installation of enterprise applications is supported, and the value false indicates the opposite. |
| accountId | number | Yes | User ID, which must be greater than or equal to 0. You can call APIs such as getOsAccountLocalId to obtain the user ID. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200012 | Parameter verification failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Replace with actual values.
let isEnable: boolean = true;
let accountId: number = 100;
try {
systemManager.setInstallLocalEnterpriseAppEnabledForAccount(wantTemp, isEnable, accountId);
console.info('Succeeded in setting InstallLocalEnterpriseAppEnabledForAccount.');
} catch (err) {
console.error(`Failed to set installLocalEnterpriseAppEnabledForAccount. Code is ${err.code}, message is ${err.message}`);
}
systemManager.getInstallLocalEnterpriseAppEnabledForAccount24+
getInstallLocalEnterpriseAppEnabledForAccount(admin: Want | null, accountId: number): boolean
Checks whether local installation of enterprise applications is supported for a specified user.
Required permissions: ohos.permission.ENTERPRISE_MANAGE_SYSTEM
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Device behavior differences: This API can be properly called on PCs/2-in-1 devices but returns error code 801 on other devices.
Model restriction: This API can be used only in the stage model.
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| admin | Want | null | Yes | EnterpriseAdminExtensionAbility. Want must contain the ability name of the EnterpriseAdminExtensionAbility and the bundle name of the application. If the device has multiple MDM applications, you can pass admin to query the corresponding policies. If null is passed, the policies that actually take effect on the device are returned. |
| accountId | number | Yes | User ID, which must be greater than or equal to 0. You can call APIs such as getOsAccountLocalId to obtain the user ID. |
Return value
| Type | Description |
|---|---|
| boolean | Whether local installation of enterprise applications is supported. The value true indicates that local installation is supported, and the value false indicates the opposite. When admin is set to null, this API checks whether local installation of enterprise applications is supported. |
Error codes
For details about the error codes, see Enterprise Device Management Error Codes and Universal Error Codes.
| ID | Error Message |
|---|---|
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 9200012 | Parameter verification failed. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 801 | Capability not supported. Failed to call the API due to limited device capabilities. |
Example
import { systemManager } from '@kit.MDMKit';
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
// Replace with actual values.
bundleName: 'com.example.myapplication',
abilityName: 'EnterpriseAdminAbility'
};
// Replace with actual values.
let accountId: number = 100;
try {
let isEnable: boolean = systemManager.getInstallLocalEnterpriseAppEnabledForAccount(wantTemp, accountId);
console.info('Succeeded in getting installLocalEnterpriseAppEnabled.');
} catch (err) {
console.error(`Failed to get installLocalEnterpriseAppEnabled. Code is ${err.code}, message is ${err.message}`);
}
SystemUpdateInfo
Represents information about the system version to update.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| versionName | string | No | No | System version to update. |
| firstReceivedTime | number | No | No | Time when the system update package is received for the first time. |
| packageType | string | No | No | Type of the system update package to update. |
OtaUpdatePolicy
Represents an OTA update policy.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| policyType | PolicyType | No | No | Type of the update policy. |
| version | string | No | No | Version of the software to update. |
| latestUpdateTime | number | No | Yes | Latest update time (timestamp). |
| delayUpdateTime | number | No | Yes | Period for which the update is postponed, in hours. |
| installStartTime | number | No | Yes | Start time (timestamp) of the installation window. |
| installEndTime | number | No | Yes | End time (timestamp) of the installation window. |
| disableSystemOtaUpdate20+ | boolean | No | Yes | Whether to disable public network upgrade. The value true indicates that public network upgrade is disabled, and the value false indicates the opposite. If this field is used as an input parameter of systemManager.setOtaUpdatePolicy, the default value can be retained. The current configuration can be obtained via the systemManager.getOtaUpdatePolicy API. After public network upgrade is disabled, you can perform intranet upgrade. |
PolicyType
Enumerates the update policy types.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Value | Description |
|---|---|---|
| DEFAULT | 0 | Default update policy, which periodically notifies the user of the update and starts the update after user confirmation. |
| PROHIBIT | 1 | Prohibit updates. |
| UPDATE_TO_SPECIFIC_VERSION | 2 | Enforce updates. In this case, latestUpdateTime must be specified. |
| WINDOWS | 3 | Update at the specified time window. In this case, installStartTime and installEndTime must be specified. |
| POSTPONE | 4 | Postpone updates. After the time specified by delayUpdateTime is over, the default update policy is used. |
UpdatePackageInfo
Represents information about the system update packages.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| version | string | No | No | Version of the system update package. |
| packages | Array<Package> | No | No | Details about the system update packages. |
| description | PackageDescription | No | Yes | Description of the system update packages. |
| authInfo19+ | string | No | Yes | Authentication information of the system update package. |
Package
Represents the details about a system update package.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| type | PackageType | No | No | Type of the system update package. |
| path | string | No | No | Path of the system update package. If fd is specified, pass in the update package name here. |
| fd | number | No | Yes | File descriptor (FD) of the system update package. Currently, you cannot pass in path only. The fd parameter must also be passed in. |
PackageDescription
Represents the description of a system update package.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| notify | NotifyDescription | No | Yes | Update notification defined by an enterprise. |
NotifyDescription
Represents the update notification defined by an enterprise.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| installTips | string | No | Yes | Update tips provided by the enterprise. |
| installTipsDetail | string | No | Yes | Details about the update tips customized by the enterprise. |
UpdateResult
Represents the update result information.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| version | string | No | No | Current version of the system. |
| status | UpdateStatus | No | No | System update status. |
| errorInfo | ErrorInfo | No | No | Error information. |
ErrorInfo
Represents the update error information.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| code | number | No | No | Error code. |
| message | string | No | No | Error message. |
PackageType
Enumerates the update package types.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Value | Description |
|---|---|---|
| FIRMWARE | 1 | Firmware. |
UpdateStatus
Enumerates the system update statuses.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
| Name | Value | Description |
|---|---|---|
| NO_UPDATE_PACKAGE | -4 | The system update package of the specified version does not exist. |
| UPDATE_WAITING | -3 | The system update package is waiting to be installed. |
| UPDATING | -2 | The system update is being performed. |
| UPDATE_FAILURE | -1 | The update failed. |
| UPDATE_SUCCESS | 0 | The update is successful. |
NearLinkProtocol20+
Enumerates NearLink protocols.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
| Name | Value | Description |
|---|---|---|
| SSAP | 0 | SparkLink Service Access Protocol (SSAP). |
| DATA_TRANSFER | 1 | Data transfer protocol. |
KeyEventPolicy23+
Enumerates key event handling policies. When a key event occurs, only the keys for which the key event handling policy has been delivered are intercepted. For key events where no handling policy has been delivered, the system executes its original response logic.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| keyCode | KeyCode | No | No | Key code. |
| keyPolicy | KeyPolicy | No | No | Key policy. |
KeyCode23+
Key code. Key codes are used to map to the actual physical keys on a device in the following scenarios: adding a key event policy, removing a key event policy, querying a key event policy, and invoking the key event callback API.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
| Name | Value | Description |
|---|---|---|
| POWER | 0 | Power key |
| VOLUME_UP | 1 | Volume up |
| VOLUME_DOWN | 2 | Volume down |
| BACK | 3 | Navigation key - back |
| HOME | 4 | Navigation key - home |
| RECENT | 5 | Navigation key - recently opened |
KeyPolicy23+
Enumerates key policies. This refers to the system behavior triggered after the key code delivered by the MDM app matches the system key event.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
| Name | Value | Description |
|---|---|---|
| INTERCEPTION | 0 | Intercepts messages. After this parameter is set, only the current key event is intercepted. The system does not process the event, and the key callback API does not respond to the key event. For example, after the power key interception policy is delivered, pressing the power key does not respond, the device cannot be powered off or locked, and only the power key event in the power-on state is affected. When the device is powered off, the power key can be used to power on the device. |
| CUSTOM | 1 | Intercepts and forwards messages. When this policy is configured, the system intercepts the current key event and does not process the event. In addition, the EnterpriseAdminExtensionAbility.onKeyEvent callback API is used to notify the MDM app of the key event, which does not block the processing of other events. |
KeyEvent23+
Enumerates key events. When the EnterpriseAdminExtensionAbility.onKeyEvent key event callback is triggered, the current key event information is transferred.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| keyCode | KeyCode | No | No | Key code. |
| keyAction | KeyAction | No | No | Key action. |
| actionTime | number | No | No | Time when the key action occurs. The value is a microsecond-level timestamp after the system is powered on. For long-press key events, this parameter remains unchanged in subsequent key events. Apps can use this timestamp to determine whether the event is a long-press event and execute the corresponding long-press event logic accordingly. |
| keyItems | Array<KeyItem> | No | No | Information about other keys that are being pressed when the current key event occurs. |
KeyAction23+
Enumerates key actions.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
| Name | Value | Description |
|---|---|---|
| UNKNOWN | -1 | Any key action other than press and release. |
| DOWN | 0 | Key press. |
| UP | 1 | Key release. |
KeyItem23+
Enumerates other key information. This refers to the information of other keys that have been pressed when the current KeyCode event occurs.
System capability: SystemCapability.Customization.EnterpriseDeviceManager
Model restriction: This API can be used only in the stage model.
| Name | Type | Read-Only | Optional | Description |
|---|---|---|---|---|
| keyCode | KeyCode | No | No | Key code. |
| pressed | boolean | No | No | Key action. It indicates whether the key is pressed: true for pressed; false for released. |
| downTime | number | No | No | Time when the key action occurs. The value is a microsecond-level timestamp after the system is powered on. Navigation keys do not support combination expansion, so their occurrence time is displayed as 0. |