# @ohos.enterprise.restrictions (限制类策略)
本模块提供设置通用限制类策略能力。可以全局禁用和解除禁用蓝牙、HDC、USB、Wi-Fi等特性。
> **说明**:
>
> 本模块首批接口从API version 12 开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。
>
> 本模块接口仅可在Stage模型下使用。
>
> 本模块接口仅对[设备管理应用](../../mdm/mdm-kit-guide.md#功能介绍)开放,需将设备管理应用激活后调用,实现相应功能。
## 导入模块
```ts
import { restrictions } from '@kit.MDMKit';
```
## restrictions.setDisallowedPolicy
setDisallowedPolicy(admin: Want, feature: string, disallow: boolean): void
设置禁用/启用某特性。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 |
| feature | string | 是 | feature名称。
- bluetooth:设备蓝牙能力。
- modifyDateTime:设备修改系统时间能力,当前仅支持2in1使用。
- printer:设备打印能力,当前仅支持2in1使用。
- hdc:设备HDC能力。
- microphone:设备麦克风能力。
- fingerprint:设备指纹认证能力。
- usb:设备USB能力。禁用后外接的USB设备无法使用。
- wifi:设备WIFI能力。
- tethering14+:网络共享能力。
- inactiveUserFreeze14+:非活跃用户运行能力。企业空间场景下,系统切换到企业空间用户,个人空间用户属于非活跃用户。
- camera14+:设备相机能力。 |
| disallow | boolean | 是 | true表示禁止使用,false表示允许使用。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
restrictions.setDisallowedPolicy(wantTemp, 'printer', true);
console.info('Succeeded in setting printer disabled');
} catch (err) {
console.error(`Failed to set printer disabled. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.getDisallowedPolicy
getDisallowedPolicy(admin: Want, feature: string): boolean
获取某特性状态。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 |
| feature | string | 是 | feature名称。
- bluetooth:设备蓝牙能力。
- modifyDateTime:设备修改系统时间能力,当前仅支持2in1使用。
- printer:设备打印能力,当前仅支持2in1使用。
- hdc:设备HDC能力。
- microphone:设备麦克风能力。
- fingerprint:设备指纹认证能力。
- usb:设备USB能力。禁用后外接的USB设备无法使用。
- wifi:设备WIFI能力。
- tethering14+:网络共享能力。
- inactiveUserFreeze14+:非活跃用户运行能力,当前仅支持2in1使用。企业空间场景下,系统切换到企业空间用户,个人空间用户属于非活跃用户。
- camera14+:设备相机能力。 |
**返回值:**
| 类型 | 说明 |
| ------- | ------------------------------------------------------------ |
| boolean | 返回true表示feature对应的某种特性被禁用,false表示feature对应的某种特性未被禁用。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
let result: boolean = restrictions.getDisallowedPolicy(wantTemp, 'printer');
console.info(`Succeeded in querying is the printing function disabled : ${result}`);
} catch (err) {
console.error(`Failed to set printer disabled. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.setDisallowedPolicyForAccount14+
setDisallowedPolicyForAccount(admin: Want, feature: string, disallow: boolean, accountId: number): void
设置禁用/启用某用户的某特性,当前仅支持2in1使用。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 |
| feature | string | 是 | feature名称。
- fingerprint:设备指纹认证能力。|
| disallow | boolean | 是 | true表示禁用,false表示启用。 |
| accountId | number | 是 | 用户ID,取值范围:大于等于0。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | the administrator application does not have permission to manage the device. |
| 9200010 | A conflict policy has been configured. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
restrictions.setDisallowedPolicyForAccount(wantTemp, 'fingerprint', true, 100);
console.info('Succeeded in setting fingerprint disabled');
} catch (err) {
console.error(`Failed to set fingerprint disabled. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.getDisallowedPolicyForAccount14+
getDisallowedPolicyForAccount(admin: Want, feature: string, accountId: number): boolean
获取某用户的某特性状态,当前仅支持2in1使用。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 |
| feature | string | 是 | feature名称。
- fingerprint:设备指纹认证能力。|
| accountId | number | 是 | 用户ID,取值范围:大于等于0。 |
**返回值:**
| 类型 | 说明 |
| ------- | ------------------------------------------------------------ |
| boolean | 返回true表示入参对应的用户的特性被禁用,false表示入参对应的用户的特性未被禁用。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | the administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
let result: boolean = restrictions.getDisallowedPolicyForAccount(wantTemp, 'fingerprint', 100);
console.info(`Succeeded in querying is the fingerprint function disabled : ${result}`);
} catch (err) {
console.error(`Failed to set fingerprint disabled. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.addDisallowedListForAccount14+
addDisallowedListForAccount(admin: Want, feature: string, list: Array\, accountId: number): void
为用户添加禁用某特征的名单,当前仅支持2in1使用。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 |
| feature | string | 是 | 特征名称。
- snapshotSkip:屏幕快照跳过。|
| list | Array\ | 是 | 包名等内容的名单集合。 |
| accountId | number | 是 | 用户ID,取值范围:大于等于0。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. | |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
let valueList:Array = ["com.xx.aa.", "com.xx.bb"];
try {
restrictions.addDisallowedListForAccount(wantTemp, 'snapshotSkip', valueList, 100);
console.info('Succeeded in adding disallowed snapshotSkip feature');
} catch (err) {
console.error(`Failed to add disallowed snapshotSkip feature. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.removeDisallowedListForAccount14+
removeDisallowedListForAccount(admin: Want, feature: string, list: Array\, accountId: number): void
为用户移除禁用的某特征的名单,当前仅支持2in1使用。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 |
| feature | string | 是 | 特征名称。
- snapshotSkip:屏幕快照跳过。|
| list | Array\ | 是 | 包名等内容的名单集合。 |
| accountId | number | 是 | 用户ID,取值范围:大于等于0。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. | |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
let valueList:Array = ["com.xx.aa.", "com.xx.bb"];
try {
restrictions.removeDisallowedListForAccount(wantTemp, 'snapshotSkip', valueList, 100);
console.info('Succeeded in removing disallowed snapshotSkip feature');
} catch (err) {
console.error(`Failed to remove disallowed snapshotSkip feature. Code is ${err.code}, message is ${err.message}`);
}
```
## restrictions.getDisallowedListForAccount14+
getDisallowedListForAccount(admin: Want, feature: string, accountId: number): Array\
获取用户禁用某特征的名单,当前仅支持2in1使用。
**需要权限:** ohos.permission.ENTERPRISE_MANAGE_RESTRICTIONS
**系统能力:** SystemCapability.Customization.EnterpriseDeviceManager
**参数:**
| 参数名 | 类型 | 必填 | 说明 |
| ------- | ------------------------------------------------------- | ---- | ------------------------------------------------------------ |
| admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 |
| feature | string | 是 | 特征名称。
- snapshotSkip:屏幕快照跳过。|
| accountId | number | 是 | 用户ID,取值范围:大于等于0。 |
**返回值:**
| 类型 | 说明 |
| ------- | ------------------------------------------------------------ |
| Array\ | 用户已添加的禁用某特征的名单。 |
**错误码**:
以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。
| 错误码ID | 错误信息 |
| -------- | ------------------------------------------------------------ |
| 9200001 | The application is not an administrator application of the device. |
| 9200002 | The administrator application does not have permission to manage the device. |
| 201 | Permission verification failed. The application does not have the permission required to call the API. |
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. |
**示例:**
```ts
import { Want } from '@kit.AbilityKit';
let wantTemp: Want = {
bundleName: 'bundleName',
abilityName: 'abilityName',
};
try {
let result: Array = restrictions.getDisallowedListForAccount(wantTemp, 'snapshotSkip', 100);
console.info('Succeeded in querying disallowed list for account');
} catch (err) {
console.error(`Failed to query disallowed list for account. Code is ${err.code}, message is ${err.message}`);
}
```