Ability Access Control
NOTE
The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version.
Modules to Import
import abilityAccessCtrl from '@ohos.abilityAccessCtrl'
abilityAccessCtrl.createAtManager
createAtManager(): AtManager
Creates an AtManager instance, which is used for ability access control.
System capability: SystemCapability.Security.AccessToken
Return value
| Type | Description |
|---|---|
| AtManager | AtManager instance obtained. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
AtManager
Implements ability access control.
verifyAccessToken
verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus>
Checks whether an application has been granted the specified permission. This API uses a promise to return the result.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to verify. |
Return value
| Type | Description |
|---|---|
| Promise<GrantStatus> | Promise instance used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let promise = AtManager.verifyAccessToken(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
promise.then(data => {
console.log(`promise: data->${JSON.stringify(data)}`);
});
grantUserGrantedPermission
grantUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number): Promise<number>
Grants a user granted permission to an application. This API uses a promise to return the result.
This is a system API.
Required permissions: ohos.permission.GRANT_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to grant. |
| permissionFlag | number | Yes | Permission flag. The value 1 means that a dialog box will still be displayed after the user grants or denies the permission. The value 2 means that no dialog box will be displayed after the user grants or denies the permission. The value 3 means a system permission that cannot be changed. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise instance used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let promise = AtManager.grantUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
promise.then(data => {
console.log(`promise: data->${JSON.stringify(data)}`);
});
grantUserGrantedPermission
grantUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number, callback: AsyncCallback<number>): void
Grants a user granted permission to an application. This API uses an asynchronous callback to return the result.
This is a system API.
Required permissions: ohos.permission.GRANT_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to grant. |
| permissionFlag | number | Yes | Permission flag. The value 1 means that a dialog box will still be displayed after the user grants or denies the permission. The value 2 means that no dialog box will be displayed after the user grants or denies the permission. The value 3 means a system permission that cannot be changed. |
| callback | AsyncCallback<number> | Yes | Callback used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let permissionFlag = 1;
AtManager.grantUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS",permissionFlag, data => {
console.log(`callback: data->${JSON.stringify(data)}`);
});
revokeUserGrantedPermission
revokeUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number): Promise<number>
Revokes a user granted permission given to an application. This API uses a promise to return the result.
This is a system API.
Required permissions: ohos.permission.REVOKE_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to revoke. |
| permissionFlag | number | Yes | Permission flag. The value 1 means that a dialog box will still be displayed after the user grants or denies the permission. The value 2 means that no dialog box will be displayed after the user grants or denies the permission. The value 3 means a system permission that cannot be changed. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise instance used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let permissionFlag = 1;
let promise = AtManager.revokeUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", permissionFlag);
promise.then(data => {
console.log(`promise: data->${JSON.stringify(data)}`);
});
revokeUserGrantedPermission
revokeUserGrantedPermission(tokenID: number, permissionName: string, permissionFlag: number, callback: AsyncCallback<number>): void
Revokes a user granted permission given to an application. This API uses an asynchronous callback to return the result.
This is a system API.
Required permissions: ohos.permission.REVOKE_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to revoke. |
| permissionFlag | number | Yes | Permission flag. The value 1 means that a dialog box will still be displayed after the user grants or denies the permission. The value 2 means that no dialog box will be displayed after the user grants or denies the permission. The value 3 means a system permission that cannot be changed. |
| callback | AsyncCallback<number> | Yes | Callback used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
AtManager.revokeUserGrantedPermission(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS",permissionFlag, data => {
console.log(`callback: data->${JSON.stringify(data)}`);
});
getPermissionFlags
getPermissionFlags(tokenID: number, permissionName: string): Promise<number>
Obtains the flags of the specified permission of a given application. This API uses a promise to return the result.
This is a system API.
Required permissions: ohos.permission.GET_SENSITIVE_PERMISSIONS, GRANT_SENSITIVE_PERMISSIONS, or REVOKE_SENSITIVE_PERMISSIONS
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the application. |
| permissionName | string | Yes | Name of the permission to query. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise instance used to return the result. |
Example
var AtManager = abilityAccessCtrl.createAtManager();
let tokenID = 0;
let promise = AtManager.getPermissionFlags(tokenID, "ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
promise.then(data => {
console.log(`promise: data->${JSON.stringify(data)}`);
});
GrantStatus
Enumerates the permission grant states.
System capability: SystemCapability.Security.AccessToken
| Name | Default Value | Description |
|---|---|---|
| PERMISSION_DENIED | -1 | Permission denied. |
| PERMISSION_GRANTED | 0 | Permission granted. |