update docs

Signed-off-by: NAnnie_wang <annie.wangli@huawei.com>

en/application-dev/security/Readme-EN.md

@@ -3,6 +3,7 @@
 - Access Control  
   - [Access Control Overview](accesstoken-overview.md)
   - [Access Control Development](accesstoken-guidelines.md)
+  - [Permission List](permission-list.md)
 - User Authentication
   - [User Authentication Overview](userauth-overview.md)
   - [User Authentication Development](userauth-guidelines.md)
@@ -10,5 +11,5 @@
   - [HUKS Overview](huks-overview.md)
   - [HUKS Development](huks-guidelines.md)
 - hapsigner  
+  - [hapsigner Overview](hapsigntool-overview.md)
   - [hapsigner Guide](hapsigntool-guidelines.md)
-

en/application-dev/security/accesstoken-guidelines.md

 # Access Control Development
 
-## Scenario
+## When to Use
 
 In this example, the app requires the **ohos.permission.PERMISSION1** and **ohos.permission.PERMISSION2** permissions to implement core functions.
 
-- The ability privilege level (APL) of the app is normal.
-- The level of **ohos.permission.PERMISSION1** is normal, and the authorization mode is system_grant.
-- The level of **ohos.permission.PERMISSION2** is system_basic, and the authorization mode is user_grant.
+- The ability privilege level (APL) of the app is **normal**.
+- The level of **ohos.permission.PERMISSION1** is **normal**, and the authorization mode is **system_grant**.
+- The level of **ohos.permission.PERMISSION2** is **system_basic**, and the authorization mode is **user_grant**.
 
-> **Precautions**
+> **NOTICE**
 >
-> In this scenario, the required permissions include a user_grant permission. You can check whether the caller has the required permission through permission verification.
+> In this scenario, the required permissions include a **user_grant** permission. You can check whether the caller has the required permission through permission verification.
 >
 > If the permission verification result indicates that the app has not obtained that permission, dynamic user authorization is required.
 >
@@ -26,7 +26,7 @@ The table below lists only the API used in this guide. For more information, see
 
 ### config.json
 
-Declare the permissions required by the app one by one in the **config.json** file. The app cannot obtain a permission if it is not declared in the **config.json** file.
+Declare the permissions required by the app one by one in the **config.json** file. The app can obtain permissions that have been declared in the **config.json** file.
 
 **Description of config.json**
 
@@ -35,7 +35,7 @@ Declare the permissions required by the app one by one in the **config.json** fi
 | name      | Name of the permission.                                                  |
 | reason    | Reason for requesting the permission. This field is mandatory for a user_grant permission.|
 | usedScene | Scenario of the permission. This field is mandatory for a user_grant permission.|
-| abilities | Abilities that use the permission. The value is an array.              |
+| abilities | Abilities that use the permission. The value is an array.|
 | when      | Time when the permission is used. The value can be **inuse** (the permission can be used only in the foreground) or **always** (the permission can be used in foreground and background).|
 
 **Example**
@@ -43,7 +43,7 @@ Declare the permissions required by the app one by one in the **config.json** fi
 ```json
 {
     "module" : {
-        "requesetPermissions":[
+        "requestPermissions":[
            {
                 "name" : "ohos.permission.PERMISSION1",
                 "reason": "$string:reason",
@@ -70,7 +70,7 @@ Declare the permissions required by the app one by one in the **config.json** fi
 ```
 ## Declaring the ACL
 
-The permission level of **ohos.permission.PERMISSION2** is system_basic, which is higher than the app's APL. In this case, use the ACL.
+The permission level of **ohos.permission.PERMISSION2** is **system_basic**, which is higher than the app's APL. In this case, use the ACL.
 
 In addition to declaring all the permissions in the **config.json** file, you must declare the permissions whose levels are higher than the app's APL in the app's profile. In this example, declare the permission under the **acls** field:
 ```json
@@ -107,7 +107,7 @@ In addition to declaring all the permissions in the **config.json** file, you mu
 
 After the permissions are declared, the system grants the system_grant permission during the installation of the app. The user_grant permission must be authorized by the user.
 
-Therefore, before invoking the API protected by the **ohos.permission.PERMISSION2 permission**, the app needs to verify whether it has the permission.
+Therefore, before allowing the app to call the API protected by the **ohos.permission.PERMISSION2** permission, the system needs to verify whether the app has the permission to do so.
 
 If the verification result indicates that the app has the permission, the app can access the target API. Otherwise, the app needs to request user authorization and then proceeds based on the authorization result. For details, see [Access Control Overview](accesstoken-overview.md).
 
@@ -119,34 +119,26 @@ If the verification result indicates that the app has the permission, the app ca
 
 The procedure is as follows:
 
-1. Obtain the caller's identity tokenId.
-2. Determine the permission to be verified. In this example, the permission is **permissionNameUser**.
-3. Call **verifyAccessToken** to verify the permissions of the caller.
-4. Proceed based on the permission verification result.
+1. Obtain the ability context.
+2. Call **requestPermissionsFromUser** to verify whether the app has required permissions.
+3. Proceed based on the permission verification result.
 
 ```js
-  import {describe, beforeEach, afterEach, it, expect} from 'deccjsunit/index'
-  import abilityAccessCtrl from '@ohos.abilityAccessCtrl'
-  import bundle from '@ohos.bundle'
-
-  async requestPermission() {
-    var permissionNameUser = "ohos.permission.PERMISSION2";
-    var bundleFlag = 0;
-    var tokenID = undefined;
-    var userID = 100;
-    var appInfo = await bundle.getApplicationInfo('ohos.acts.security.access_token.normal', bundleFlag, userID);
-    tokenID = appInfo.accessTokenId;
-    console.log("AccessTokenTest accessTokenId:" + appInfo.accessTokenId + ", name:" + appInfo.name
-        + ", bundleName:" + appInfo.bundleName)
-    var atManager = abilityAccessCtrl.createAtManager();
-    var result = await atManager.verifyAccessToken(tokenID, permissionNameUser);
-    if (result == abilityAccessCtrl.GrantStatus.PERMISSION_GRANTED) {
-        // Execute the operation.
-    } else {
-        // Apply for dynamic user authorization using requestPermissionsFromUser.
-    }
+  // OnWindowStageCreate lifecycle of the ability
+  onWindowStageCreate() {
+    var context = this.context
+    let array:Array<string> = ["ohos.permission.PERMISSION2"];
+    // requestPermissionsFromUser determines whether to invoke a pop-up window based on the permission authorization status.
+    context.requestPermissionsFromUser(array).then(function(data) {
+        console.log("data type:" + typeof(data));
+        console.log("data:" + data);
+        console.log("data permissions:" + data.permissions);
+        console.log("data result:" + data.authResults);
+    }, (err) => {
+        console.error('Failed to start ability', err.code);
+    });
   }
 
 ```
-> ![icon-note.gif](../public_sys-resources/icon-note.gif)**NOTE**<br/>
+> **NOTE**<br>
 > For details about how to use **requestPermissionsFromUser**, see [API Reference](../reference/apis/js-apis-ability-context.md).

en/application-dev/security/hapsigntool-overview.md

+# hapsigner Overview
+
+## Introduction
+
+To ensure the integrity and secure source of OpenHarmony applications, the applications must be signed during the build process. Only signed applications can be installed, run, and debugged on real devices. [developtools_hapsigner](https://gitee.com/openharmony/developtools_hapsigner) provides the source code of the OpenHarmony Ability Package (HAP) signing tool - hapsigner. This tool can be used to generate key pairs, certificate signing requests (CSRs), certificates, profile signatures, and HAP signatures.
+
+## Basic Concepts
+
+The hapsigner tool is implemented based on the Public Key Infrastructure (PKI). Before using this tool, you should understand the following concepts:
+
+ - Asymmetric key pair
+
+   The asymmetric key algorithm is the basis of data signature and signature verification. The hapsigner tool can generate standard asymmetric key pairs, including ECC P384/256 and RSA 2048/3072/4096.
+
+ - CSR
+
+   The CSR contains the public key, subject, and private key signature of a certificate. Before applying for a certificate, you must generate a CSR based on the key pair and submit the CSR to the Certificate Authority (CA).
+
+ - Certificate
+
+   OpenHarmony uses the RFC5280 standard to build the X.509 certificate trust system. The OpenHarmony certificates used for application signatures are classified into the root CA certificate, intermediate CA certificate, and end-entity certificate (application or profile signing certificate). The application signing certificate indicates the identity of the application developer, which ensures the traceability of the source of the applications. The profile signing certificate is used to verify the signature of the profile, which ensures the integrity of the profile.
+
+ - HAP
+
+   HAP is a package used to deploy an ability, which is the basic unit for OpenHarmony application development. An OpenHarmony application consists of one or more abilities.
+
+ - Profile
+
+   HarmonyAppProvision configuration file in a HAP contains information such as the authorized application permissions and device ID.
+
+## Constraints
+
+ - hapsigner is developed in Java and must run in JRE 8.0 or later.
+
+ - The scripts, such as the one-click signature script, are developed in Python, and must run on Python 3.5 or later.