!13882 [翻译完成】#I66MCD

Merge pull request !13882 from Annie_wang/PR12631

en/device-dev/subsystems/subsys-app-privilege-config-guide.md

@@ -2,9 +2,9 @@
 
 Application privileges are high-level capabilities of an application, for example, restricting an application from being uninstalled or restricting application data from being deleted.
 
-OpenHarmony provides both general and device-specific application privileges. The latter can be configured by device vendors for applications on different devices.
+OpenHarmony provides both general and device-specific application privileges. The latter can be configured by device vendors for applications on different devices. The privileges configured in the **install_list_capability.json** file take precedence over the privileges configured in the signature certificate.
 
-Note: To avoid user dissatisfaction or even infringement, do not abuse application privileges.
+> **NOTE**<br>To avoid user dissatisfaction or even infringement, do not abuse application privileges.
 
 ## General Application Privileges
 
@@ -15,24 +15,21 @@ General application privileges are privileges available to applications on all t
 | Privilege| Description                                                      |
 | ---------------- | ------------------------------------------------------------ |
 | AllowAppDataNotCleared | Allows application data not to be deleted.|
-| AllowAppMultiProcess | Allows the application to run on multiple processes.|
 | AllowAppDesktopIconHide | Allows the application icon to be hidden from the home screen.|
-| AllowAbilityPriorityQueried | Allows an ability to configure and query the priority.    |
+| AllowAbilityPriorityQueried | Allows an ability to configure and query the priority.   |
 | AllowAbilityExcludeFromMissions | Allows an ability to be hidden in the mission stack.|
-| AllowAppUsePrivilegeExtension | Allows the application to use Service Extension and Data Extension abilities.|
-| AllowFormVisibleNotify | Allows a widget to be visible on the home screen.|
 
-### Configuration
+### How to Configure
 
-1. In the [HarmonyAppProvision file](../../application-dev/security/app-provision-structure.md), configure the general privileges in the **app-privilege-capabilities** field.
-2. Use the signing tool hapsigner to sign the HarmonyAppProvision file and generate a **.p7b** file.
-3. Use the **.p7b** file to sign the HAP.
+1. Add the **app-privilege-capabilities** field to the [**HarmonyAppProvision** file](../../application-dev/security/app-provision-structure.md) to configure general privilege capabilities as required.
+2. Use the hapsigner tool to sign the [**HarmonyAppProvision** file](../../application-dev/security/app-provision-structure.md) to generate a .p7b file.
+3. Use the .p7b file to sign the HAP.
 
 Reference: [hapsigner](https://gitee.com/openharmony/developtools_hapsigner#README.md)
 
 ### Example
 
-```
+```json
 {
     "version-name": "1.0.0",
     ...
@@ -41,12 +38,10 @@ Reference: [hapsigner](https://gitee.com/openharmony/developtools_hapsigner#READ
         ...
     },
     "issuer": "pki_internal",
-    "app-privilege-capabilities": ["AllowAppDataNotCleared", "AllowAppDesktopIconHide"] // The application data cannot be deleted, and icons can be hidden on the home screen.
+    "app-privilege-capabilities": ["AllowAppDataNotCleared", "AllowAppDesktopIconHide"] // The application data cannot be deleted, and the application icon can be hidden on the home screen.
 }
 ```
 
-
-
 ## Device-specific Application Privileges
 
 ### Introduction
@@ -55,43 +50,55 @@ In addition to general application privileges, device vendors can define device-
 
 | Privilege                 | Type    | Default Value| Description                                             |
 | --------------------- | -------- | ------ | ------------------------------------------------- |
-| removable             | bool     | true   | Allows the application to be uninstalled. This privilege takes effect only for preset applications.               |
-| keepAlive             | bool     | false  | Allows the application to keep running in the background.                                 |
-| singleton             | bool     | false  | Allows the application to be installed for a single user (U0).                   |
-| allowCommonEvent      | string[] | -      | Allows the application to be started by a static broadcast.                             |
-| associatedWakeUp      | bool     | false  | Allows the application in the FA model to be woken up by an associated application.                     |
-| runningResourcesApply | bool     | false  | Allows the application to request running resources, such as the CPU, event notifications, and Bluetooth.|
-
-### Configuration
-
-Configure the required privileges in [configuration files](https://gitee.com/openharmony/vendor_hihope/tree/master/rk3568/preinstall-config).
+| removable             | bool     | true   | Allows an application to be uninstalled. This privilege takes effect only for preset applications.              |
+| keepAlive             | bool     | false  | Allows an application to keep running in the background.                                |
+| singleton             | bool     | false  | Allows an application to be installed for a single user (User 0).                  |
+| allowCommonEvent      | string[] | -      | Allows an application to be started by a static broadcast.                            |
+| associatedWakeUp      | bool     | false  | Allows an application in the FA model to be woken up by an associated application.                    |
+| runningResourcesApply | bool     | false  | Allows an application to request running resources, such as the CPU, event notifications, and Bluetooth.|
+| allowAppDataNotCleared | bool | false|Allows application data not to be deleted.|
+| allowAppMultiProcess | bool | false| Allows an application to run on multiple processes.|
+| allowAppDesktopIconHide | bool | false| Allows the application icon to be hidden from the home screen.|
+| allowAbilityPriorityQueried | bool | false| Allows an ability to configure and query the priority.   |
+| allowAbilityExcludeFromMissions | bool | false| Allows an ability to be hidden in the mission stack.|
+| allowAppUsePrivilegeExtension | bool | false|Allows an application to use ServiceExtension and DataExtension abilities.|
+| allowFormVisibleNotify | bool | false| Allows a widget to be visible on the home screen.|
+
+### How to Configure
+
+Configure the required privileges in the [configuration file](https://gitee.com/openharmony/vendor_hihope/tree/master/rk3568/preinstall-config).
 
 ### Example
 
-#### Configuration in **install_list_capability.json**
+#### Configuration in install_list_capability.json
 
-```
+```json
 {
     "install_list": [
         {
             "bundleName": "com.example.kikakeyboard",
             "singleton": true, // The application is installed for a single user.
-            "keepAlive": true, // The application is running in the background.
+            "keepAlive": true, // The application can be running in the background.
             "runningResourcesApply": true, // The application can apply for running resources such as the CPU, event notifications, and Bluetooth.
             "associatedWakeUp": true, // The application in the FA model can be woken up by an associated application.
-            "app_signature": ["8E93863FC32EE238060BF69A9B37E2608FFFB21F93C862DD511CBAC"], // The settings take effect only when the configured certificate fingerprint is the same as the HAP certificate fingerprint.
+            "app_signature": ["****"], // The setting takes effect only when the configured certificate fingerprint is the same as the HAP certificate fingerprint.
             "allowCommonEvent": ["usual.event.SCREEN_ON", "usual.event.THERMAL_LEVEL_CHANGED"]
+            "allowAppDataNotCleared": true, // The application data cannot be deleted.
+            "allowAppMultiProcess": true, // Allow the application to run on multiple processes.
+            "allowAppDesktopIconHide": true, // Allow the application icon to be hidden from the home screen.
+            "allowAbilityPriorityQueried": true, // Allow the ability to configure the query priority.
+            "allowAbilityExcludeFromMissions": true, // Allow the ability to be hidden in the mission stack.
+            "allowAppUsePrivilegeExtension": true, // Allow the application to use ServiceExtension and DataExtension abilities.
+            "allowFormVisibleNotify": true // Allow a widget to be visible on the home screen.
         },
 }
 ```
 
 **Obtaining the Certificate Fingerprint**
 
-1. Create the **profile.cer** file, and copy the certificate content under the **distribution-certificate** field of the HarmonyAppProvision file to the **profile.cer** file.
-
-   Example:
+1. Create the **profile.cer** file, and copy the certificate content under the **distribution-certificate** field of the [**HarmonyAppProvision** file](../../application-dev/security/app-provision-structure.md) to the **profile.cer** file.
 
-   ```
+   ```json
    {
        ...
        "bundle-info": {
@@ -102,12 +109,7 @@ Configure the required privileges in [configuration files](https://gitee.com/ope
    }
    ```
 
-   
-
 2. Apply line breaks in the **profile.cer** content and remove the newline characters.
-
-   Example:
-
    ```
    -----BEGIN CERTIFICATE-----
    MIICMzCCAbegAwIBAgIEaOC/zDAMBggqhkjOPQQDAwUAMGMxCzAJBgNVBAYTAkNO
@@ -125,30 +127,28 @@ Configure the required privileges in [configuration files](https://gitee.com/ope
    -----END CERTIFICATE-----
    ```
 
-   
+3. Use keytool to run the following command to obtain the certificate fingerprint.
 
-3. Use keytool to print the certificate fingerprint.
+   > **NOTE**<br>You can obtain keytool from the **\tools\openjdk\bin** directory after DevEco Studio is installed.
 
-   Example:
-
-   ```
+   ```shell
    keytool -printcert -file profile.cer
-   result:
-   Issued To: CN=OpenHarmony Application Release, OU=OpenHarmony Team, O=OpenHarmony, C=CN
-   Issued By: CN=OpenHarmony Application CA, OU=OpenHarmony Team, O=OpenHarmony, C=CN
-   SN: 68e0bfcc
-   Valid From: Tue Feb 02 20:19:31 CST 2021, Valid To: Fri Dec 31 20:19:31 CST 2049
-   Fingerprints:
-            SHA1 fingerprint: E3:E8:7C:65:B8:1D:02:52:24:6A:06:A4:3C:4A:02:39:19:92:D1:F5
-            SHA256 fingerprint: 8E:93:86:3F:C3:2E:E2:38:06:0B:F6:9A:9B:37:E2:60:8F:FF:B2:1F:93:C8:62:DD:51:1C:BA:C9:F3:00:24:B5 // After the colons are removed, the fingerprint is 8E93863FC32EE238060BF69A9B37E2608FFFB21F93C862DD511CBAC9F30024B5.
-   ...
-   ```
-
    
+   # Example
+   # result:
+   # Issued To: CN=OpenHarmony Application Release, OU=OpenHarmony Team, O=OpenHarmony, C=CN
+   # Issued By: CN=OpenHarmony Application CA, OU=OpenHarmony Team, O=OpenHarmony, C=CN
+   # SN: 68e0bfcc
+   # Valid From: Tue Feb 02 20:19:31 CST 2021, Valid To: Fri Dec 31 20:19:31 CST 2049
+   # Fingerprints:
+   #          SHA1 fingerprint: E3:E8:7C:65:B8:1D:02:52:24:6A:06:A4:3C:4A:02:39:19:92:D1:F5
+   #          SHA256 fingerprint: 8E:93:86:3F:C3:2E:E2:38:06:0B:F6:9A:9B:37:E2:60:8F:FF:B2:1F:93:C8:62:DD:51:1C:BA:C9:F3:00:24:B5 // After the colons are removed, the fingerprint is 8E93863FC32EE238060BF69A9B37E2608FFFB21F93C862DD511CBAC9F30024B5.
+   # ...
+   ```
 
-#### Configuration in **install_list.json**
+#### Configuration in install_list.json
 
-```
+```json
 {
      "install_list" : [
         {