登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 238

zhangg05283106 / security_access_token

forked from OpenHarmony / security_access_token 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
README.md 6.17 KB
一键复制 编辑 原始数据 按行查看 历史
Mr_YX 提交于 2022-06-17 09:14 . Signed-off-by: mr-yx 496043997@qq.com

Access Control

Introduction

AccessTokenManager (ATM) provides unified app permission management based on access tokens on OpenHarmony.

The access token information of an app includes the app identifier (APPID), user ID, app twin index, app Ability Privilege Level (APL), and permission information. The access token of each app is identified by a 32-bit token identity (TokenID) in the device.

The ATM module provides the following functions:

  • Verifying app permissions based on the token ID before an app accesses sensitive data or calls an API.
  • Obtaining access token information (for example, APL) based on the token ID.

Directory Structure 

/base/security/access_token
├── frameworks                  # Stores code of basic functionalities.
│   ├── accesstoken             # Stores code of the ATM framework.
│   ├── tokensync               # Stores code of the access token synchronization framework.
│   └── common                  # Stores framework common code.
├── interfaces                  # Stores the APIs.
│   ├── innerkits               # Stores internal APIs.
│       ├── accesstoken         # Stores code of access token internal APIs.
│       ├── nativetoken         # Stores code of native token APIs.
│       └── tokensync           # Stores code of the internal APIs for access token synchronization.
└── services                    # Services
    ├── accesstokenmanager      # Stores ATM service code.
    └── tokensyncmanager        # Stores code of the access token synchronization service.

Usage

Available APIs

API Description
AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy); Allocates a token ID to an app.
AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); Allocates a local token ID to the app of a remote device.
int UpdateHapToken(AccessTokenID tokenID, const std::string& appIDDesc, const HapPolicyParams& policy); Updates token information.
int DeleteToken(AccessTokenID tokenID); Deletes the app's token ID and information.
int GetTokenType(AccessTokenID tokenID); Obtains the type of an access token.
int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); Checks whether the native process corresponding to the given token ID has the specified distributed capability.
AccessTokenID GetHapTokenID(int userID, const std::string& bundleName, int instIndex); Obtains the token ID of an app.
int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); Obtains the token information about a HAP.
int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); Obtains information about a native token.
int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); Checks whether an access token has the specified permission.
int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); Obtains definition information about the specified permission.
int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); Obtains the permission definition set of a HAP.
int GetReqPermissions(AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); Obtains the status set of the permission requested by a HAP.
int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); Obtains the permissions of the app with the specified token ID.
int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); Grants the specified permission to the app with the specified token ID.
int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); Revokes the specified permission from the app with the specified token ID.
int ClearUserGrantedPermissionState(AccessTokenID tokenID); Clears the user_grant permission status of the app with the specified token ID.
uint64_t GetAccessTokenId(const char *processname, const char **dcap, int32_t dacpNum, const char *aplStr); Obtains the token ID of a native process.

Usage Guidelines

ATM provides unified access control for apps and allows apps or service abilities to obtain and verify app permissions and APL. The ATM APIs can be called by a service ability started by a native process or an app HAP.

Native Process

  • Before a native process starts, it calls GetAccessTokenId to obtain a token ID, and then calls SetSelfTokenID to set the token ID to the kernel.
  • During the running of a native process, it calls GetNativeTokenInfo or CheckNativeDCap to obtain the token information, including the distributed capability and APL.

App HAP

  • When an app is installed, AllocHapToken is called to obtain the token ID of the app.
  • When an authentication is required during app running, VerifyAccessToken or GetReqPermissions is called to obtain and verify the app permissions and APL.
  • When an app is uninstalled, DeleteToken is called to delete the related access token information.

Repositories Involved

startup_init_lite

security_device_auth

security_access_token

1
https://gitee.com/zhangg05283106/security_access_token.git
git@gitee.com:zhangg05283106/security_access_token.git
zhangg05283106
security_access_token
security_access_token
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部