Skip to content

D
Docs

OpenHarmony / Docs
大约 1 年 前同步成功

通知 159
Star 292
Fork 28
D
Docs
提交 69add8e2 编写于 作者: A Annie_wang
浏览文件
操作

update docs 

Signed-off-by: NAnnie_wang <annie.wangli@huawei.com>
上级 9e325ef8
隐藏空白更改
内联 并排
Showing with 18 addition and 16 deletion
en/application-dev/security/permission-verify-guidelines.md
浏览文件 @ 69add8e2
......@@ -2,15 +2,18 @@
## When to Use
To protect sensitive data and eliminate security threads on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
To protect sensitive data and eliminate security threats on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission.
## Available APIs
The table below lists only the API used in this guide. For more information, see [Application Access Control](../reference/apis/js-apis-abilityAccessCtrl.md).
The following table lists only the API used in this guide. For more information, see [Application Access Control](../reference/apis/js-apis-abilityAccessCtrl.md).
| API | Description |
| ------------------------------------------------------------ | --------------------------------------------------- |
| verifyAccessToken(tokenID: number, permissionName: string): Promise&lt;GrantStatus&gt; | Checks whether an application process has the specified permission.|
checkAccessToken(tokenID: number, permissionName: Permissions): Promise&lt;GrantStatus&gt;
| Name | Type | Mandatory| Description |
| -------- | ------------------- | ---- | ------------------------------------------ |
| tokenID | number | Yes | Token ID of the application. You can obtain the value from the [ApplicationInfo](../reference/apis/js-apis-bundleManager-applicationInfo.md) of the application. |
| permissionName | Permissions | Yes | Name of the permission to verify. Valid permission names are defined in the [Application Permission List](permission-list.md).|
## Example
......@@ -18,14 +21,10 @@ The table below lists only the API used in this guide. For more information, see
The procedure is as follows:
1. Obtain the caller's identity (**tokenId**).
> **NOTE**<br>
> Use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md#getcallingtokenid8).
> You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md).
2. Determine the permission to verify, which is **ohos.permission.PERMISSION** in this example.
3. Call **verifyAccessToken()** to perform a permission verification of the caller.
3. Call **checkAccessToken()** to perform a permission verification of the caller.
4. Proceed based on the permission verification result.
```js
......@@ -37,11 +36,14 @@ The procedure is as follows:
let callerTokenId = rpc.IPCSkeleton.getCallingTokenId();
console.log("RpcServer: getCallingTokenId result: " + callerTokenId);
var atManager = abilityAccessCtrl.createAtManager();
var result = await atManager.verifyAccessToken(tokenID, "ohos.permission.PERMISSION");
if (result == abilityAccessCtrl.GrantStatus.PERMISSION_GRANTED) {
// Allow the caller to invoke the API provided by the app.
} else {
// Deny the caller's access to the API.
try {
atManager.checkAccessToken(callerTokenId, "ohos.permission.ACCELEROMETER").then((data) => {
console.log(`checkAccessToken success, data->${JSON.stringify(data)}`);
}).catch((err) => {
console.log(`checkAccessToken fail, err->${JSON.stringify(err)}`);
});
} catch(err) {
console.log(`catch err->${JSON.stringify(err)}`);
}
return true;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册