diff --git a/en/application-dev/security/permission-verify-guidelines.md b/en/application-dev/security/permission-verify-guidelines.md index 641d36fe5da48130f6d93fc7b93a5321f9f7ba08..ede163fb3a5d843aa95ea98f284d4a188d35b0fd 100644 --- a/en/application-dev/security/permission-verify-guidelines.md +++ b/en/application-dev/security/permission-verify-guidelines.md @@ -2,15 +2,18 @@ ## When to Use -To protect sensitive data and eliminate security threads on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission. +To protect sensitive data and eliminate security threats on core abilities, you can use the permissions in the [Application Permission List](permission-list.md) to protect the related API from unauthorized calling. Each time before the API is called, a permission verification is performed to check whether the caller has the required permission. ## Available APIs -The table below lists only the API used in this guide. For more information, see [Application Access Control](../reference/apis/js-apis-abilityAccessCtrl.md). +The following table lists only the API used in this guide. For more information, see [Application Access Control](../reference/apis/js-apis-abilityAccessCtrl.md). -| API | Description | -| ------------------------------------------------------------ | --------------------------------------------------- | -| verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus> | Checks whether an application process has the specified permission.| +checkAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus> + +| Name | Type | Mandatory| Description | +| -------- | ------------------- | ---- | ------------------------------------------ | +| tokenID | number | Yes | Token ID of the application. You can obtain the value from the [ApplicationInfo](../reference/apis/js-apis-bundleManager-applicationInfo.md) of the application. | +| permissionName | Permissions | Yes | Name of the permission to verify. Valid permission names are defined in the [Application Permission List](permission-list.md).| ## Example @@ -18,14 +21,10 @@ The table below lists only the API used in this guide. For more information, see The procedure is as follows: 1. Obtain the caller's identity (**tokenId**). - > **NOTE**
- > Use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md#getcallingtokenid8). - + > You can use **getCallingTokenId** to obtain the caller's **tokenId**. For details, see [RPC](../reference/apis/js-apis-rpc.md). 2. Determine the permission to verify, which is **ohos.permission.PERMISSION** in this example. - -3. Call **verifyAccessToken()** to perform a permission verification of the caller. - +3. Call **checkAccessToken()** to perform a permission verification of the caller. 4. Proceed based on the permission verification result. ```js @@ -37,11 +36,14 @@ The procedure is as follows: let callerTokenId = rpc.IPCSkeleton.getCallingTokenId(); console.log("RpcServer: getCallingTokenId result: " + callerTokenId); var atManager = abilityAccessCtrl.createAtManager(); - var result = await atManager.verifyAccessToken(tokenID, "ohos.permission.PERMISSION"); - if (result == abilityAccessCtrl.GrantStatus.PERMISSION_GRANTED) { - // Allow the caller to invoke the API provided by the app. - } else { - // Deny the caller's access to the API. + try { + atManager.checkAccessToken(callerTokenId, "ohos.permission.ACCELEROMETER").then((data) => { + console.log(`checkAccessToken success, data->${JSON.stringify(data)}`); + }).catch((err) => { + console.log(`checkAccessToken fail, err->${JSON.stringify(err)}`); + }); + } catch(err) { + console.log(`catch err->${JSON.stringify(err)}`); } return true; }