@@ -4,7 +4,9 @@ Application privileges are high-level capabilities of an application, for exampl
OpenHarmony provides both general and device-specific application privileges. The latter can be configured by device vendors for applications on different devices.
Note: To avoid user dissatisfaction or even infringement, do not abuse application privileges.
> **NOTE**
> - To avoid user dissatisfaction or even infringement, do not abuse application privileges.
> - The method of changing the application's APL in its profile applies only to the applications or services in debug mode. For a commercial application, apply for a release certificate and profile in the corresponding application market.
## General Application Privileges
...
...
@@ -15,18 +17,18 @@ General application privileges are privileges available to applications on all t
| AllowAppDataNotCleared | Allows application data not to be deleted.|
| AllowAppMultiProcess | Allows the application to run on multiple processes.|
| AllowAppMultiProcess | Allows an application to run on multiple processes.|
| AllowAppDesktopIconHide | Allows the application icon to be hidden from the home screen.|
| AllowAbilityPriorityQueried | Allows an ability to configure and query the priority. |
| AllowAbilityExcludeFromMissions | Allows an ability to be hidden in the mission stack.|
| AllowAppUsePrivilegeExtension | Allows the application to use Service Extension and Data Extension abilities.|
| AllowAppUsePrivilegeExtension | Allows an application to use ServiceExtensionAbilities and DataExtensionAbilities.|
| AllowFormVisibleNotify | Allows a widget to be visible on the home screen.|
### Configuration
### How to Configure
1.In the [HarmonyAppProvision file](../../application-dev/security/app-provision-structure.md), configure the general privileges in the **app-privilege-capabilities** field.
2. Use the signing tool hapsigner to sign the HarmonyAppProvision file and generate a **.p7b** file.
3. Use the **.p7b** file to sign the HAP.
1.Add the **app-privilege-capabilities** field to the [**HarmonyAppProvision** file](../../application-dev/security/app-provision-structure.md) to configure general privilege capabilities as required.
2. Use the hapsigner tool to sign the **HarmonyAppProvision** file and generate a .p7b file.
"app-privilege-capabilities": ["AllowAppDataNotCleared", "AllowAppDesktopIconHide"] // The application data cannot be deleted, and icons can be hidden on the home screen.
"app-privilege-capabilities": ["AllowAppDataNotCleared", "AllowAppDesktopIconHide"] // The application data cannot be deleted, and the application icon can be hidden on the home screen.
}
```
...
...
@@ -55,20 +57,20 @@ In addition to general application privileges, device vendors can define device-
| removable | bool | true | Allows the application to be uninstalled. This privilege takes effect only for preset applications. |
| keepAlive | bool | false | Allows the application to keep running in the background. |
| singleton | bool | false | Allows the application to be installed for a single user (U0). |
| allowCommonEvent | string[] | - | Allows the application to be started by a static broadcast. |
| associatedWakeUp | bool | false | Allows the application in the FA model to be woken up by an associated application. |
| runningResourcesApply | bool | false | Allows the application to request running resources, such as the CPU, event notifications, and Bluetooth.|
| removable | bool | true | Allows an application to be uninstalled. This privilege takes effect only for preset applications. |
| keepAlive | bool | false | Allows an application to keep running in the background. |
| singleton | bool | false | Allows an application to be installed for a single user (User 0). |
| allowCommonEvent | string[] | - | Allows an application to be started by a static broadcast. |
| associatedWakeUp | bool | false | Allows an application in the FA model to be woken up by an associated application. |
| runningResourcesApply | bool | false | Allows an application to request running resources, such as the CPU, event notifications, and Bluetooth.|
### Configuration
### How to Configure
Configure the required privileges in [configuration files](https://gitee.com/openharmony/vendor_hihope/tree/master/rk3568/preinstall-config).
Configure the required privileges in the [configuration file](https://gitee.com/openharmony/vendor_hihope/tree/master/rk3568/preinstall-config).
### Example
#### Configuration in **install_list_capability.json**
#### Configuration in install_list_capability.json
```
{
...
...
@@ -79,7 +81,7 @@ Configure the required privileges in [configuration files](https://gitee.com/ope
"keepAlive": true, // The application is running in the background.
"runningResourcesApply": true, // The application can apply for running resources such as the CPU, event notifications, and Bluetooth.
"associatedWakeUp": true, // The application in the FA model can be woken up by an associated application.
"app_signature": ["8E93863FC32EE238060BF69A9B37E2608FFFB21F93C862DD511CBAC"], // The settings take effect only when the configured certificate fingerprint is the same as the HAP certificate fingerprint.
"app_signature": ["8E93863FC32EE238060BF69A9B37E2608FFFB21F93C862DD511CBAC"], // The setting takes effect only when the configured certificate fingerprint is the same as the HAP certificate fingerprint.
@@ -87,66 +89,62 @@ Configure the required privileges in [configuration files](https://gitee.com/ope
**Obtaining the Certificate Fingerprint**
1. Create the **profile.cer** file, and copy the certificate content under the **distribution-certificate** field of the HarmonyAppProvision file to the **profile.cer** file.
1. Create the **profile.cer** file, and copy the certificate content under the **distribution-certificate** field of the **HarmonyAppProvision** file to the **profile.cer** file.
SHA256 fingerprint: 8E:93:86:3F:C3:2E:E2:38:06:0B:F6:9A:9B:37:E2:60:8F:FF:B2:1F:93:C8:62:DD:51:1C:BA:C9:F3:00:24:B5 // After the colons are removed, the fingerprint is 8E93863FC32EE238060BF69A9B37E2608FFFB21F93C862DD511CBAC9F30024B5.
...
```
#### Configuration in **install_list.json**
```
keytool -printcert -file profile.cer
result:
Issued To: CN=OpenHarmony Application Release, OU=OpenHarmony Team, O=OpenHarmony, C=CN
Issued By: CN=OpenHarmony Application CA, OU=OpenHarmony Team, O=OpenHarmony, C=CN
SN: 68e0bfcc
Valid From: Tue Feb 02 20:19:31 CST 2021, **Valid To**: Fri Dec 31 20:19:31 CST 2049
SHA256 fingerprint: 8E:93:86:3F:C3:2E:E2:38:06:0B:F6:9A:9B:37:E2:60:8F:FF:B2:1F:93:C8:62:DD:51:1C:BA:C9:F3:00:24:B5 // After the colons are removed, the fingerprint is 8E93863FC32EE238060BF69A9B37E2608FFFB21F93C862DD511CBAC9F30024B5.
