# security_permission **Repository Path**: XTStarry/security_permission ## Basic Information - **Project Name**: security_permission - **Description**: Application permission management and IPC authentication | 提供应用权限管理及IPC通信鉴权能力 - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 132 - **Created**: 2021-04-15 - **Last Updated**: 2021-04-15 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # permission\_lite - [Application Permission Management](#section20822104317111) - [IPC Authentication](#section156859591110) ## Application Permission Management Application permissions are used to control access to system resources and features related to personal privacy, for example, accessing hardware features of personal devices such as cameras and microphones, and reading and writing media files. The OS protects such data and features through application permission management. The following table describes fields in a permission.

Field	Value	Description
name	String	Permission name
reason	Multi-language string ID	Purpose of requesting the permission
used-scene{ ability, when }	ability: string of the component class name when:inuse, always	Scene where the APIs controlled by this permission are called. This field declares what components can call the APIs controlled by this permission in the specified scene (foreground/background).

Field

Value

Description

name

String

Permission name

reason

Multi-language string ID

Purpose of requesting the permission

used-scene{

ability,

when

}

ability: string of the component class name

when:inuse, always

Scene where the APIs controlled by this permission are called.

This field declares what components can call the APIs controlled by this permission in the specified scene (foreground/background).

## IPC Authentication - If system services registered with Samgr provide APIs for other processes to access the services through IPC, access control policies must be configured; otherwise, access to the system services will be denied. - You can configure access control policies in **base/security/permission/services/permission\_lite/ipc\_auth/include/policy\_preset.h**. 1. Define the policies for each feature. 2. Add the feature policies to the global policy. Eg. For example, to configure an access policy for the BMS service, whose service registered with Samgr is **bundlems** and whose registered feature is **BmsFeature**, perform the following operations: 1. Define feature policies. You can configure multiple features and configure multiple access policies for each feature. **Figure 1** Example feature policy ![](figures/bms策略举例.png) There are three types of access policies: **Figure 2** Access policy structure ![](figures/策略类型2.png) 1. **RANGE**: Processes with UIDs in a specified range can access the BMS service. **uidMin** and **uidMax** must be specified. 2. **FIXED**: Processes with specified UIDs can access the BMS service. **fixedUid** must be specified, and a maximum of eight UIDs are allowed. 3. **BUNDLENAME**: A specified application can access the BMS service. **bundleName** must be specified. 2. Add the defined feature policies to the global policy. You need to configure the number of features. **Figure 3** Registering a feature policy ![](figures/全局策略2.png) UID allocation rules: 1. Init process: 0 2. appspawn process: 1 3. Shell process: 2 4. Other built-in system services: less than or equal to 99 5. System applications \(such as settings, home screen, and camera\): 100–999 6. Preset applications: 1000–9999 7. Common third-party applications: 10000 to **INT\_MAX**