From 4fa0a9236f0b2867e922a5ecf3aa51e3adb9b2c5 Mon Sep 17 00:00:00 2001
From: lixinsheng2 <lixinsheng2@huawei.com>
Date: Sat, 25 Nov 2023 16:42:05 +0800
Subject: [PATCH] =?UTF-8?q?usb=20ddk/hid=20ddk/js=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: lixinsheng2 <lixinsheng2@huawei.com>
---
 frameworks/ddk/BUILD.gn                       |   2 +-
 frameworks/ddk/hid/BUILD.gn                   |  10 +-
 frameworks/ddk/hid/input_emit_event.cpp       |  14 ++
 frameworks/ddk/usb/BUILD.gn                   |   8 +-
 frameworks/ddk/usb/usb_ddk_api.cpp            |  58 +++++
 frameworks/js/napi/device_manager/BUILD.gn    |  10 +-
 .../device_manager/device_manager_middle.cpp  |  14 ++
 interfaces/ddk/hid/BUILD.gn                   |   6 +-
 .../ext_permission_manager.h                  |  79 ++++---
 .../src/driver_permission/BUILD.gn            |  45 ++++
 .../ext_permission_manager.cpp                | 135 ++++++++++++
 test/unittest/BUILD.gn                        |  33 +++
 .../ddk_permission_test.cpp                   | 208 ++++++++++++++++++
 .../device_manager_js_test/config.json        |  12 +
 14 files changed, 584 insertions(+), 50 deletions(-)
 rename frameworks/ddk/usb/input_emit_event.cpp => services/native/driver_extension_manager/include/driver_permission/ext_permission_manager.h (33%)
 create mode 100644 services/native/driver_extension_manager/src/driver_permission/BUILD.gn
 create mode 100644 services/native/driver_extension_manager/src/driver_permission/ext_permission_manager.cpp
 create mode 100644 test/unittest/ddk_permission_test/ddk_permission_test.cpp

diff --git a/frameworks/ddk/BUILD.gn b/frameworks/ddk/BUILD.gn
index 01c2575..babe71f 100644
--- a/frameworks/ddk/BUILD.gn
+++ b/frameworks/ddk/BUILD.gn
@@ -13,7 +13,7 @@
 
 group("ddk") {
   deps = [
-    "hid:hid_ndk",
+    "hid:hid",
     "usb:usb_ndk",
   ]
 }
diff --git a/frameworks/ddk/hid/BUILD.gn b/frameworks/ddk/hid/BUILD.gn
index e877b20..761e5e2 100644
--- a/frameworks/ddk/hid/BUILD.gn
+++ b/frameworks/ddk/hid/BUILD.gn
@@ -13,7 +13,7 @@
 
 import("../../../extdevmgr.gni")
 
-ohos_shared_library("hid_ndk") {
+ohos_shared_library("hid") {
   include_dirs = [
     "${ext_mgr_path}/interfaces/ddk/hid/",
     "${utils_path}/include/",
@@ -24,12 +24,18 @@ ohos_shared_library("hid_ndk") {
 
   sources = [ "input_emit_event.cpp" ]
 
-  deps = [ "${ext_mgr_path}/interfaces/innerkits:driver_ext_mgr_client" ]
+  deps = [
+    "${ext_mgr_path}/interfaces/innerkits:driver_ext_mgr_client",
+    "${ext_mgr_path}/services/native/driver_extension_manager/src/driver_permission:driver_permission_manager",
+  ]
 
   external_deps = [
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
     "c_utils:utils",
     "drivers_interface_usb:libusb_ddk_proxy_1.0",
     "hilog:libhilog",
+    "ipc:ipc_core",
   ]
   install_enable = true
   subsystem_name = "hdf"
diff --git a/frameworks/ddk/hid/input_emit_event.cpp b/frameworks/ddk/hid/input_emit_event.cpp
index 35a1da7..c3d3ba0 100644
--- a/frameworks/ddk/hid/input_emit_event.cpp
+++ b/frameworks/ddk/hid/input_emit_event.cpp
@@ -15,6 +15,7 @@
 #include "driver_ext_mgr_client.h"
 #include "hilog_wrapper.h"
 #include "hid_ddk_api.h"
+#include "ext_permission_manager.h"
 
 using namespace OHOS::ExternalDeviceManager;
 namespace {
@@ -23,8 +24,13 @@ static DriverExtMgrClient &g_edmClient = DriverExtMgrClient::GetInstance();
 #ifdef __cplusplus
 extern "C" {
 #endif /* __cplusplus */
+static const std::string PERMISSION_NAME = "ohos.permission.ACCESS_DDK_HID";
 int32_t OH_Hid_CreateDevice(Hid_Device *hidDevice, Hid_EventProperties *hidEventProperties)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return HID_DDK_FAILURE;
+    }
     if (hidDevice == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "hidDevice is null");
         return HID_DDK_INVALID_PARAMETER;
@@ -44,6 +50,10 @@ int32_t OH_Hid_CreateDevice(Hid_Device *hidDevice, Hid_EventProperties *hidEvent
 
 int32_t OH_Hid_EmitEvent(int32_t deviceId, const Hid_EmitItem items[], uint16_t length)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return HID_DDK_FAILURE;
+    }
     if (length > MAX_EMIT_ITEM_NUM) {
         EDM_LOGE(MODULE_HID_DDK, "length out of range");
         return HID_DDK_INVALID_PARAMETER;
@@ -64,6 +74,10 @@ int32_t OH_Hid_EmitEvent(int32_t deviceId, const Hid_EmitItem items[], uint16_t
 
 int32_t OH_Hid_DestroyDevice(int32_t deviceId)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return HID_DDK_FAILURE;
+    }
     if (auto ret = g_edmClient.DestroyDevice(deviceId); ret != HID_DDK_SUCCESS) {
         EDM_LOGE(MODULE_USB_DDK, "destroy device failed:%{public}d", ret);
         return ret;
diff --git a/frameworks/ddk/usb/BUILD.gn b/frameworks/ddk/usb/BUILD.gn
index 4d19f54..cd79fbe 100644
--- a/frameworks/ddk/usb/BUILD.gn
+++ b/frameworks/ddk/usb/BUILD.gn
@@ -27,12 +27,18 @@ ohos_shared_library("usb_ndk") {
     "usb_ddk_api.cpp",
   ]
 
-  deps = [ "${ext_mgr_path}/interfaces/innerkits:driver_ext_mgr_client" ]
+  deps = [
+    "${ext_mgr_path}/interfaces/innerkits:driver_ext_mgr_client",
+    "${ext_mgr_path}/services/native/driver_extension_manager/src/driver_permission:driver_permission_manager",
+  ]
 
   external_deps = [
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
     "c_utils:utils",
     "drivers_interface_usb:libusb_ddk_proxy_1.0",
     "hilog:libhilog",
+    "ipc:ipc_core",
   ]
   install_enable = true
   subsystem_name = "hdf"
diff --git a/frameworks/ddk/usb/usb_ddk_api.cpp b/frameworks/ddk/usb/usb_ddk_api.cpp
index 5bfdeb5..5223ad9 100644
--- a/frameworks/ddk/usb/usb_ddk_api.cpp
+++ b/frameworks/ddk/usb/usb_ddk_api.cpp
@@ -26,12 +26,18 @@
 #include "usb_config_desc_parser.h"
 #include "usb_ddk_types.h"
 #include "v1_0/usb_ddk_service.h"
+#include "ext_permission_manager.h"
 using namespace OHOS::ExternalDeviceManager;
 namespace {
 OHOS::sptr<OHOS::HDI::Usb::Ddk::V1_0::IUsbDdk> g_ddk = nullptr;
 } // namespace
+static const std::string PERMISSION_NAME = "ohos.permission.ACCESS_DDK_USB";
 int32_t OH_Usb_Init()
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     g_ddk = OHOS::HDI::Usb::Ddk::V1_0::IUsbDdk::Get();
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "get ddk failed");
@@ -43,6 +49,10 @@ int32_t OH_Usb_Init()
 
 void OH_Usb_Release()
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "ddk is null");
         return;
@@ -53,6 +63,10 @@ void OH_Usb_Release()
 
 int32_t OH_Usb_GetDeviceDescriptor(uint64_t deviceId, UsbDeviceDescriptor *desc)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -74,6 +88,10 @@ int32_t OH_Usb_GetDeviceDescriptor(uint64_t deviceId, UsbDeviceDescriptor *desc)
 int32_t OH_Usb_GetConfigDescriptor(
     uint64_t deviceId, uint8_t configIndex, struct UsbDdkConfigDescriptor ** const config)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -94,11 +112,19 @@ int32_t OH_Usb_GetConfigDescriptor(
 
 void OH_Usb_FreeConfigDescriptor(UsbDdkConfigDescriptor * const config)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return;
+    }
     return FreeUsbConfigDescriptor(config);
 }
 
 int32_t OH_Usb_ClaimInterface(uint64_t deviceId, uint8_t interfaceIndex, uint64_t *interfaceHandle)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -113,6 +139,10 @@ int32_t OH_Usb_ClaimInterface(uint64_t deviceId, uint8_t interfaceIndex, uint64_
 
 int32_t OH_Usb_ReleaseInterface(uint64_t interfaceHandle)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -123,6 +153,10 @@ int32_t OH_Usb_ReleaseInterface(uint64_t interfaceHandle)
 
 int32_t OH_Usb_SelectInterfaceSetting(uint64_t interfaceHandle, uint8_t settingIndex)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -133,6 +167,10 @@ int32_t OH_Usb_SelectInterfaceSetting(uint64_t interfaceHandle, uint8_t settingI
 
 int32_t OH_Usb_GetCurrentInterfaceSetting(uint64_t interfaceHandle, uint8_t *settingIndex)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -149,6 +187,10 @@ int32_t OH_Usb_GetCurrentInterfaceSetting(uint64_t interfaceHandle, uint8_t *set
 int32_t OH_Usb_SendControlReadRequest(
     uint64_t interfaceHandle, const UsbControlRequestSetup *setup, uint32_t timeout, uint8_t *data, uint32_t *dataLen)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -183,6 +225,10 @@ int32_t OH_Usb_SendControlReadRequest(
 int32_t OH_Usb_SendControlWriteRequest(uint64_t interfaceHandle, const UsbControlRequestSetup *setup, uint32_t timeout,
     const uint8_t *data, uint32_t dataLen)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -200,6 +246,10 @@ int32_t OH_Usb_SendControlWriteRequest(uint64_t interfaceHandle, const UsbContro
 
 int32_t OH_Usb_SendPipeRequest(const UsbRequestPipe *pipe, UsbDeviceMemMap *devMmap)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (g_ddk == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid obj");
         return USB_DDK_INVALID_OPERATION;
@@ -217,6 +267,10 @@ int32_t OH_Usb_SendPipeRequest(const UsbRequestPipe *pipe, UsbDeviceMemMap *devM
 
 int32_t OH_Usb_CreateDeviceMemMap(uint64_t deviceId, size_t size, UsbDeviceMemMap **devMmap)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return USB_DDK_FAILED;
+    }
     if (devMmap == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "invalid param");
         return USB_DDK_INVALID_PARAMETER;
@@ -248,6 +302,10 @@ int32_t OH_Usb_CreateDeviceMemMap(uint64_t deviceId, size_t size, UsbDeviceMemMa
 
 void OH_Usb_DestroyDeviceMemMap(UsbDeviceMemMap *devMmap)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        EDM_LOGE(MODULE_USB_DDK, "no permission");
+        return;
+    }
     if (devMmap == nullptr) {
         EDM_LOGE(MODULE_USB_DDK, "devMmap is nullptr");
         return;
diff --git a/frameworks/js/napi/device_manager/BUILD.gn b/frameworks/js/napi/device_manager/BUILD.gn
index 6fa37b8..913568e 100644
--- a/frameworks/js/napi/device_manager/BUILD.gn
+++ b/frameworks/js/napi/device_manager/BUILD.gn
@@ -18,16 +18,22 @@ ohos_shared_library("devicemanager_napi") {
 
   include_dirs = [
     "${utils_path}/include/",
-    "${ext_mgr_path}/interfaces/ddk/hid/",
     "${ext_mgr_path}/interfaces/innerkits/",
     "${ext_mgr_path}/services/zidl/include/",
+    "${ext_mgr_path}/interfaces/ddk/hid/",
   ]
 
-  deps = [ "${ext_mgr_path}/interfaces/innerkits:driver_ext_mgr_client" ]
+  deps = [
+    "${ext_mgr_path}/interfaces/innerkits:driver_ext_mgr_client",
+    "${ext_mgr_path}/services/native/driver_extension_manager/src/driver_permission:driver_permission_manager",
+  ]
 
   external_deps = [
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
     "c_utils:utils",
     "hilog:libhilog",
+    "ipc:ipc_core",
     "ipc:ipc_napi_common",
     "ipc:ipc_single",
     "napi:ace_napi",
diff --git a/frameworks/js/napi/device_manager/device_manager_middle.cpp b/frameworks/js/napi/device_manager/device_manager_middle.cpp
index b083aee..df51720 100644
--- a/frameworks/js/napi/device_manager/device_manager_middle.cpp
+++ b/frameworks/js/napi/device_manager/device_manager_middle.cpp
@@ -24,6 +24,7 @@
 #include <uv.h>
 
 #include "napi_remote_object.h"
+#include "ext_permission_manager.h"
 #include "device_manager_middle.h"
 
 namespace OHOS {
@@ -43,6 +44,7 @@ static std::mutex mapMutex;
 static std::map<uint64_t, sptr<AsyncData>> g_callbackMap = {};
 static DriverExtMgrClient &g_edmClient = DriverExtMgrClient::GetInstance();
 static sptr<DeviceManagerCallback> g_edmCallback = new (std::nothrow) DeviceManagerCallback {};
+static const std::string PERMISSION_NAME = "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER";
 
 static napi_value ConvertToBusinessError(const napi_env &env, const ErrMsg &errMsg);
 static napi_value ConvertToJsDeviceId(const napi_env &env, uint64_t deviceId);
@@ -339,6 +341,10 @@ static napi_value ConvertDeviceToJsDevice(napi_env& env, std::shared_ptr<DeviceD
 
 static napi_value QueryDevices(napi_env env, napi_callback_info info)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        ThrowErr(env, PERMISSION_DENIED, "queryDevices: no permission");
+        return nullptr;
+    }
     EDM_LOGI(MODULE_DEV_MGR, "queryDevices start");
     size_t argc = PARAM_COUNT_1;
     napi_value argv[PARAM_COUNT_1] = {nullptr};
@@ -386,6 +392,10 @@ static bool ParseDeviceId(const napi_env& env, const napi_value& value, uint64_t
 
 static napi_value BindDevice(napi_env env, napi_callback_info info)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        ThrowErr(env, PERMISSION_DENIED, "bindDevice: no permission");
+        return nullptr;
+    }
     size_t argc = PARAM_COUNT_3;
     napi_value argv[PARAM_COUNT_3] = {nullptr};
     NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr));
@@ -433,6 +443,10 @@ static napi_value BindDevice(napi_env env, napi_callback_info info)
 
 static napi_value UnbindDevice(napi_env env, napi_callback_info info)
 {
+    if (!ExtPermissionManager::GetInstance().HasPermission(PERMISSION_NAME)) {
+        ThrowErr(env, PERMISSION_DENIED, "unbindDevice: no permission");
+        return nullptr;
+    }
     size_t argc = PARAM_COUNT_2;
     napi_value argv[PARAM_COUNT_2] = {nullptr};
     NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr));
diff --git a/interfaces/ddk/hid/BUILD.gn b/interfaces/ddk/hid/BUILD.gn
index 4bb08a5..c289255 100644
--- a/interfaces/ddk/hid/BUILD.gn
+++ b/interfaces/ddk/hid/BUILD.gn
@@ -21,10 +21,10 @@ ohos_ndk_headers("hid_header") {
   ]
 }
 
-ohos_ndk_library("libhid_ndk") {
+ohos_ndk_library("libhid") {
   ndk_description_file = "./libhid.ndk.json"
-  min_compact_version = "9"
-  output_name = "hid_ndk"
+  min_compact_version = "11"
+  output_name = "hid"
   system_capability = "SystemCapability.Driver.HID.Extension"
   system_capability_headers = [
     "hid/hid_ddk_api.h",
diff --git a/frameworks/ddk/usb/input_emit_event.cpp b/services/native/driver_extension_manager/include/driver_permission/ext_permission_manager.h
similarity index 33%
rename from frameworks/ddk/usb/input_emit_event.cpp
rename to services/native/driver_extension_manager/include/driver_permission/ext_permission_manager.h
index 283b98f..3f38d24 100644
--- a/frameworks/ddk/usb/input_emit_event.cpp
+++ b/services/native/driver_extension_manager/include/driver_permission/ext_permission_manager.h
@@ -12,49 +12,46 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-#include "driver_ext_mgr_client.h"
-#include "hilog_wrapper.h"
-#include "usb_ddk_api.h"
 
+#ifndef DRIVER_PKG_MANAGER_H
+#define DRIVER_PKG_MANAGER_H
+
+#include <iostream>
+#include <stdint.h>
+
+#include "bundle_info.h"
+#include "bundle_mgr_proxy.h"
+#include "single_instance.h"
+
+namespace OHOS {
+namespace ExternalDeviceManager {
+using namespace std;
+using namespace OHOS;
+using namespace OHOS::AAFwk;
+using namespace OHOS::AppExecFwk;
 using namespace OHOS::ExternalDeviceManager;
-namespace {
-static DriverExtMgrClient &g_edmClient = DriverExtMgrClient::GetInstance();
-}
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-int32_t OH_Usb_CreateDevice(uint32_t maxX, uint32_t maxY, uint32_t maxPressure)
-{
-    if (auto ret = g_edmClient.CreateDevice(maxX, maxY, maxPressure); ret != UsbErrCode::EDM_OK) {
-        EDM_LOGE(MODULE_USB_DDK, "create device failed:%{public}d", ret);
-        return ret;
-    }
-    return EDM_OK;
-}
 
-int32_t OH_Usb_EmitEvent(int32_t deviceId, const Hid_EmitItem items[], uint32_t length)
-{
-    if (length > MAX_EMIT_ITEM_NUM) {
-        EDM_LOGE(MODULE_DEV_MGR, "length out of range");
-        return EDM_ERR_INVALID_PARAM;
-    }
+enum DDK_PERMISSION {
+    ERROR,
+    CHECK,
+    NOT_CHECK
+};
 
-    std::vector<Hid_EmitItem> itemsTmp(items, items + length);
-    if (auto ret = g_edmClient.EmitEvent(deviceId, itemsTmp); ret != UsbErrCode::EDM_OK) {
-        EDM_LOGE(MODULE_USB_DDK, "emit event failed:%{public}d", ret);
-        return ret;
-    }
-    return EDM_OK;
-}
+class ExtPermissionManager {
+    DECLARE_SINGLE_INSTANCE_BASE(ExtPermissionManager);
 
-int32_t OH_Usb_DestroyDevice(int32_t deviceId)
-{
-    if (auto ret = g_edmClient.DestroyDevice(); ret != UsbErrCode::EDM_OK) {
-        EDM_LOGE(MODULE_USB_DDK, "destroy device failed:%{public}d", ret);
-        return ret;
-    }
-    return EDM_OK;
-}
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
+public:
+    bool HasPermission(std::string permissionName);
+    
+    ~ExtPermissionManager();
+private:
+    sptr<IBundleMgr> bundleMgr_ = nullptr;
+    std::mutex bundleMgrMutex_;
+    DDK_PERMISSION NeedCheckPermission();
+    sptr<OHOS::AppExecFwk::IBundleMgr> GetBundleMgrProxy();
+    int32_t GetCurrentActiveUserId();
+    ExtPermissionManager();
+};
+} // namespace ExternalDeviceManager
+} // namespace OHOS
+#endif // DRIVER_PKG_MANAGER_H
\ No newline at end of file
diff --git a/services/native/driver_extension_manager/src/driver_permission/BUILD.gn b/services/native/driver_extension_manager/src/driver_permission/BUILD.gn
new file mode 100644
index 0000000..34914c5
--- /dev/null
+++ b/services/native/driver_extension_manager/src/driver_permission/BUILD.gn
@@ -0,0 +1,45 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+import("//drivers/external_device_manager/extdevmgr.gni")
+
+config("driver_permission_public_config") {
+  include_dirs = [ "../../include/driver_permission" ]
+}
+
+ohos_shared_library("driver_permission_manager") {
+  sources = [ "ext_permission_manager.cpp" ]
+  include_dirs = [ "${utils_path}/include/" ]
+  configs = [
+    ":driver_permission_public_config",
+    "${utils_path}:coverage_flags",
+    "${utils_path}:utils_config",
+  ]
+  public_configs = [ ":driver_permission_public_config" ]
+  external_deps = [
+    "ability_base:want",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libprivacy_sdk",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utilsbase",
+    "hilog:libhilog",
+    "ipc:ipc_core",
+    "os_account:os_account_innerkits",
+    "samgr:samgr_proxy",
+  ]
+  install_enable = true
+  subsystem_name = "hdf"
+  part_name = "external_device_manager"
+}
diff --git a/services/native/driver_extension_manager/src/driver_permission/ext_permission_manager.cpp b/services/native/driver_extension_manager/src/driver_permission/ext_permission_manager.cpp
new file mode 100644
index 0000000..539e48a
--- /dev/null
+++ b/services/native/driver_extension_manager/src/driver_permission/ext_permission_manager.cpp
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "ext_permission_manager.h"
+
+#include "os_account_manager.h"
+#include "hilog_wrapper.h"
+#include "ipc_skeleton.h"
+#include "iservice_registry.h"
+#include "accesstoken_kit.h"
+#include "privacy_kit.h"
+#include "system_ability_definition.h"
+
+namespace OHOS {
+namespace ExternalDeviceManager {
+using namespace std;
+using namespace OHOS;
+using namespace OHOS::AAFwk;
+using namespace OHOS::AppExecFwk;
+using namespace OHOS::ExternalDeviceManager;
+using namespace OHOS::Security::AccessToken;
+
+const uint32_t MIN_TARGET_VERSION = 10;
+
+IMPLEMENT_SINGLE_INSTANCE(ExtPermissionManager);
+
+ExtPermissionManager::ExtPermissionManager()
+{
+};
+
+ExtPermissionManager::~ExtPermissionManager()
+{
+};
+
+DDK_PERMISSION ExtPermissionManager::NeedCheckPermission()
+{
+    auto iBundleMgr = GetBundleMgrProxy();
+    if (iBundleMgr == nullptr) {
+        EDM_LOGE(MODULE_DEV_MGR, "Can not get iBundleMgr");
+        return DDK_PERMISSION::ERROR;
+    }
+    int uid = IPCSkeleton::GetCallingUid();
+    std::string bundleName;
+    if (!iBundleMgr->GetBundleNameForUid(uid, bundleName)) {
+        EDM_LOGE(MODULE_DEV_MGR, "GetBundleNameForUid err");
+        return DDK_PERMISSION::ERROR;
+    }
+    EDM_LOGD(MODULE_DEV_MGR, "GetBundleNameForUid bundleName:%{public}s", bundleName.c_str());
+    int32_t userId = GetCurrentActiveUserId();
+    BundleInfo bundleInfo;
+    if (!iBundleMgr->GetBundleInfo(bundleName, BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo, userId)) {
+        EDM_LOGE(MODULE_DEV_MGR, "GetBundleNameForUid err");
+        return DDK_PERMISSION::ERROR;
+    }
+    EDM_LOGD(MODULE_DEV_MGR, "GetBundleInfo bundleInfo targetVersion:%{public}d", bundleInfo.targetVersion);
+    if (bundleInfo.targetVersion > MIN_TARGET_VERSION) {
+        return DDK_PERMISSION::CHECK;
+    }
+    return DDK_PERMISSION::NOT_CHECK;
+}
+
+bool ExtPermissionManager::HasPermission(std::string permissionName)
+{
+    DDK_PERMISSION needCheck = NeedCheckPermission();
+    if (needCheck != DDK_PERMISSION::CHECK) {
+        return needCheck == DDK_PERMISSION::ERROR ? false : true;
+    }
+    
+    AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
+    int result = AccessTokenKit::VerifyAccessToken(callerToken, permissionName);
+    if (PrivacyKit::AddPermissionUsedRecord(callerToken, permissionName, static_cast<int32_t>(1 + result),
+        static_cast<int32_t>(-result)) != 0) {
+        EDM_LOGE(MODULE_DEV_MGR, "AddPermissionUsedRecord failed.");
+    }
+    if (result != PERMISSION_GRANTED) {
+        EDM_LOGE(MODULE_DEV_MGR, "usb_ddk_api:  No permission.");
+        return false;
+    }
+    EDM_LOGI(MODULE_DEV_MGR, "usb_ddk_api: Check permission succeeded.");
+    return true;
+}
+
+sptr<OHOS::AppExecFwk::IBundleMgr> ExtPermissionManager::GetBundleMgrProxy()
+{
+    if (bundleMgr_ != nullptr) {
+        return bundleMgr_;
+    }
+    std::lock_guard<std::mutex> lock(bundleMgrMutex_);
+    if (bundleMgr_ == nullptr) {
+        auto systemAbilityManager = OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
+        if (systemAbilityManager == nullptr) {
+            EDM_LOGE(MODULE_PKG_MGR, "GetBundleMgr GetSystemAbilityManager is null");
+            return nullptr;
+        }
+        auto bundleMgrSa = systemAbilityManager->GetSystemAbility(OHOS::BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
+        if (bundleMgrSa == nullptr) {
+            EDM_LOGE(MODULE_PKG_MGR, "GetBundleMgr GetSystemAbility is null");
+            return nullptr;
+        }
+        auto bundleMgr = OHOS::iface_cast<IBundleMgr>(bundleMgrSa);
+        if (bundleMgr == nullptr) {
+            EDM_LOGE(MODULE_PKG_MGR, "GetBundleMgr iface_cast get null");
+        }
+        bundleMgr_ = bundleMgr;
+    }
+    return bundleMgr_;
+}
+
+int32_t ExtPermissionManager::GetCurrentActiveUserId()
+{
+    std::vector<int32_t> activeIds;
+    int ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(activeIds);
+    if (ret != 0) {
+        EDM_LOGE(MODULE_PKG_MGR, "QueryActiveOsAccountIds failed ret:%{public}d", ret);
+        return Constants::INVALID_USERID;
+    }
+    if (activeIds.empty()) {
+        EDM_LOGE(MODULE_PKG_MGR, "QueryActiveOsAccountIds activeIds empty");
+        return Constants::ALL_USERID;
+    }
+    return activeIds[0];
+}
+} // namespace ExternalDeviceManager
+} // namespace OHOS
\ No newline at end of file
diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn
index dfe1256..db4937e 100644
--- a/test/unittest/BUILD.gn
+++ b/test/unittest/BUILD.gn
@@ -121,10 +121,43 @@ ohos_unittest("driver_extension_manager_client_test") {
   ]
 }
 
+ohos_unittest("ddk_permission_test") {
+  module_out_path = "${module_output_path}"
+
+  sources = [
+    "${ext_mgr_path}/frameworks/ddk/usb/usb_config_desc_parser.cpp",
+    "${ext_mgr_path}/frameworks/ddk/usb/usb_ddk_api.cpp",
+    "ddk_permission_test/ddk_permission_test.cpp",
+  ]
+
+  include_dirs = [
+    "${ext_mgr_path}/frameworks/ddk/usb",
+    "${ext_mgr_path}/interfaces/ddk/usb",
+    "${ext_mgr_path}/interfaces/innerkits/",
+    "${ext_mgr_path}/services/zidl/include/",
+    "${utils_path}/include/",
+  ]
+
+  deps = [
+    "${ext_mgr_path}/services/native/driver_extension_manager/src/driver_permission:driver_permission_manager",
+    "//third_party/googletest:gtest_main",
+  ]
+
+  external_deps = [
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "drivers_interface_usb:libusb_ddk_proxy_1.0",
+    "hilog:libhilog",
+    "ipc:ipc_core",
+  ]
+}
+
 group("external_device_manager_ut") {
   testonly = true
   deps = [
     ":bus_extension_usb_test",
+    ":ddk_permission_test",
     ":driver_extension_controller_test",
     ":driver_extension_manager_client_test",
     ":drivers_pkg_manager_test",
diff --git a/test/unittest/ddk_permission_test/ddk_permission_test.cpp b/test/unittest/ddk_permission_test/ddk_permission_test.cpp
new file mode 100644
index 0000000..cd38e66
--- /dev/null
+++ b/test/unittest/ddk_permission_test/ddk_permission_test.cpp
@@ -0,0 +1,208 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <gtest/gtest.h>
+#include "usb_config_desc_parser.h"
+#include "usb_ddk_api.h"
+#include "usb_ddk_types.h"
+
+using namespace testing::ext;
+
+namespace {
+bool g_state = false;
+void GrantPermission(void)
+{
+    g_state = true;
+}
+void RevokePermission(void)
+{
+    g_state = false;
+}
+
+class DdkPermissionTest : public testing::Test {
+public:
+    void SetUp() override;
+    void TearDown() override;
+};
+} // namespace
+
+namespace OHOS {
+namespace ExternalDeviceManager {
+class ExtPermissionManager {
+    static ExtPermissionManager& GetInstance();
+    bool HasPermission(std::string permissionName);
+};
+ExtPermissionManager& ExtPermissionManager::GetInstance()
+{
+    static auto instance = new ExtPermissionManager();
+    return *instance;
+}
+// required permissions are not yet implemented, mock this method so that the tests may pass.
+bool ExtPermissionManager::HasPermission(std::string permissionName)
+{
+    return g_state;
+}
+} // namespace Security
+} // namespace OHOS
+
+void DdkPermissionTest::SetUp()
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_Init();
+    EXPECT_NE(ret, 0);
+    GrantPermission();
+    ret = OH_Usb_Init();
+    EXPECT_EQ(ret, 0);
+}
+
+void DdkPermissionTest::TearDown()
+{
+    RevokePermission();
+    OH_Usb_Release();
+    GrantPermission();
+    int32_t ret = OH_Usb_GetDeviceDescriptor(0, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+    OH_Usb_Release();
+    ret = OH_Usb_GetDeviceDescriptor(0, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_OPERATION);
+}
+
+namespace {
+HWTEST_F(DdkPermissionTest, OH_Usb_GetDeviceDescriptor_001, TestSize.Level1)
+{
+    int32_t ret = OH_Usb_GetDeviceDescriptor(0, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_GetDeviceDescriptor_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_GetDeviceDescriptor(0, nullptr);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_GetConfigDescriptor_001, TestSize.Level1)
+{
+    int32_t ret = OH_Usb_GetConfigDescriptor(0, 1, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_GetConfigDescriptor_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_GetConfigDescriptor(0, 1, nullptr);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_ClaimInterface_001, TestSize.Level1)
+{
+    int32_t ret = OH_Usb_ClaimInterface(0, 0, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_ClaimInterface_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_ClaimInterface(0, 0, nullptr);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_ReleaseInterface_001, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_ReleaseInterface(1);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_SelectInterfaceSetting_001, TestSize.Level1)
+{
+    OH_Usb_Release();
+    int32_t ret = OH_Usb_SelectInterfaceSetting(0, 0);
+    EXPECT_EQ(ret, USB_DDK_INVALID_OPERATION);
+    OH_Usb_Init();
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_SelectInterfaceSetting_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_SelectInterfaceSetting(0, 0);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_GetCurrentInterfaceSetting_001, TestSize.Level1)
+{
+    int32_t ret = OH_Usb_GetCurrentInterfaceSetting(0, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_GetCurrentInterfaceSetting_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_GetCurrentInterfaceSetting(0, nullptr);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_SendControlReadRequest_001, TestSize.Level1)
+{
+    int32_t ret = OH_Usb_SendControlReadRequest(0, nullptr, 0, nullptr, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_SendControlReadRequest_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_SendControlReadRequest(0, nullptr, 0, nullptr, nullptr);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_SendControlWriteRequest_001, TestSize.Level1)
+{
+    int32_t ret = OH_Usb_SendControlWriteRequest(0, nullptr, 0, nullptr, 0);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_SendControlWriteRequest_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_SendControlWriteRequest(0, nullptr, 0, nullptr, 0);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_SendPipeRequest_001, TestSize.Level1)
+{
+    int32_t ret = OH_Usb_SendPipeRequest(nullptr, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_SendPipeRequest_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_SendPipeRequest(nullptr, nullptr);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_CreateDeviceMemMap_001, TestSize.Level1)
+{
+    int32_t ret = OH_Usb_CreateDeviceMemMap(0, 100, nullptr);
+    EXPECT_EQ(ret, USB_DDK_INVALID_PARAMETER);
+}
+
+HWTEST_F(DdkPermissionTest, OH_Usb_CreateDeviceMemMap_002, TestSize.Level1)
+{
+    RevokePermission();
+    int32_t ret = OH_Usb_CreateDeviceMemMap(0, 100, nullptr);
+    EXPECT_EQ(ret, USB_DDK_FAILED);
+}
+} // namespace
\ No newline at end of file
diff --git a/test/unittest/device_manager_js_test/config.json b/test/unittest/device_manager_js_test/config.json
index 0232e01..c3299a7 100644
--- a/test/unittest/device_manager_js_test/config.json
+++ b/test/unittest/device_manager_js_test/config.json
@@ -13,6 +13,18 @@
     },
     "deviceConfig": {},
     "module": {
+      "reqPermissions": [
+        {
+          "name": "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER",
+          "reason": "$string:app_name",
+          "usedScene": {
+            "ability": [
+              ".MainAbility"
+            ],
+            "when": "inuse"
+          }
+        }
+      ],
       "package": "com.example.myapplication",
       "name": ".MyApplication",
       "deviceType": [
-- 
Gitee