harmony 鸿蒙Restricted Permissions
Restricted Permissions
How to Request
Restricted permissions are permissions available to normal applications but must be requested via access control list (ACL).
To change the APL of a normal application to system_basic or system_core, modify the HarmonyAppProvision file (Toolchains / _{Version} _/ lib / UnsgnedReleasedProfileTemplate.json file in the SDK directory) of the application when developing the application installation package, and sign the application again.
Modification mode:
Modify the “bundle-info” > “apl” field in the file.
"bundle-info" : {
// ...
"apl": "system_basic",
// ...
},
NOTE Modifying the HarmonyAppProvision configuration file applies to the applications in the debug phase, but not to the applications released to the app market. For a commercial application, apply for a release certificate and profile in the app market.
Restricted Permissions
ohos.permission.SYSTEM_FLOAT_WINDOW
Allows an application to be displayed in a floating window on top of other applications.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 7
ohos.permission.READ_CONTACTS
Allows an application to read Contacts.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 8
ohos.permission.WRITE_CONTACTS
Allows an application to add, remove, and modify Contacts.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 8
ohos.permission.READ_AUDIO
Allows an application to access the audio files in a user directory.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 9
ohos.permission.WRITE_AUDIO
Allows an application to modify the audio files in a user directory.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 9
ohos.permission.READ_IMAGEVIDEO
Allows an application to access the images/videos in a user directory.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 9
ohos.permission.WRITE_IMAGEVIDEO
Allows an application to modify the images/videos in a user directory.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 9
ohos.permission.WRITE_DOCUMENT
Allows an application to modify the documents in a user directory.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 9
Deprecated from: 12
Alternative solution:
See the alternative solution of the Files permission group.
ohos.permission.READ_DOCUMENT
Allows an application to access the documents in a user directory.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 9
Deprecated from: 12
Alternative solution:
See the alternative solution of the Files permission group.
ohos.permission.READ_WRITE_DESKTOP_DIRECTORY
Allows an application to access the Desktop directory and its subdirectories in the user directory.
Currently, this permission is available only to 2-in-1 device applications.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 11
ohos.permission.ACCESS_DDK_USB
Allows extended peripheral drivers to access the USB DDK interfaces to implement development of USB extended peripheral drivers.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 11
ohos.permission.ACCESS_DDK_HID
Allows extended peripheral drivers to access the HID DDK interfaces to implement development of HID extended peripheral drivers.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 11
ohos.permission.READ_PASTEBOARD
Allows an application to read Pasteboard data.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 11
ohos.permission.FILE_ACCESS_PERSIST
Allows an application to support persistent access to file URIs.
Permission level: normal
Authorization mode: system_grant
Valid since: 11
Changelog: The permission level is system_basic in API version 11, and is changed to normal since API version 12.
ohos.permission.INTERCEPT_INPUT_EVENT
Allows an application to intercept input events.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 11
Changelog: The permission level is system_core in API version 11, and is changed to system_basic since API version 12.
ohos.permission.INPUT_MONITORING
Allows an application to listen for input events.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 7
Changelog: The permission level is system_core in API versions 7 to 11, and is changed to system_basic since API version 12.
ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO
Allows an application to save images and videos to the user’s directory within
up to 30 minutes after obtaining the permission. If it exceeds 30 minutes, a dialog box will be displayed again to request user authorization.
Permission level: system_basic
Authorization mode: user_grant
Valid since: 12
ohos.permission.READ_WRITE_USER_FILE
Allows an application to access and modify files in user directories.
Currently, this permission is available only to 2-in-1 device applications.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 13
ohos.permission.READ_WRITE_USB_DEV
Allows an application to connect to a device and read and write the device data via USB for debugging purposes.
Currently, this permission is available only to 2-in-1 device applications.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 13
ohos.permission.GET_WIFI_PEERS_MAC
Allows an application to obtain the MAC address of the peer Wi-Fi device.
This permission is required if you want to obtain the MAC address of the peer device when obtaining the Wi-Fi scanning result.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 8
Changelog: The permission level is system_core in API versions 8 to 13, and is changed to system_basic since API version 14.
ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION
Allows an application to disable its runtime code integrity protection.
For the application developed using the cross-platform framework, this permission allows the application to disable its runtime code integrity protection. Currently, this permission is available only to applications running on tablets and 2-in-1 devices.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 14
ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY
Allows an application to apply for writable and executable anonymous memory.
For the application developed using the cross-platform framework, this permission allows the application to apply for writable and executable anonymous memory. Currently, this permission is available only to applications running on tablets and 2-in-1 devices.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 14
ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY
Allows an application to have its system JS engine to apply for anonymous executable memory with the MAP_FORT identifier.
After the application has this permission, the system JS engine can request anonymous executable memory with MAP_FORT for just-in-time (JIT) compilation, which increase the runtime execution efficiency.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 14
ohos.permission.MANAGE_PASTEBOARD_APP_SHARE_OPTION
Allows an application to set or remove the pasteable range of pasteboard data.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 14
ohos.permission.MANAGE_UDMF_APP_SHARE_OPTION
Allows an application to set or remove the sharing range of the data supported by the UDMF.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 14
ohos.permission.ACCESS_DISK_PHY_INFO
Allows an application to obtain the disk hardware information.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 15
ohos.permission.PRELOAD_FILE
Allows an application to preload files to improve the file opening speed.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 15
ohos.permission.SET_PAC_URL
Allows an application to set the URL of the proxy auto config (PAC) script.
After the script address is configured, other applications can read and parse this script and determine whether to use a proxy based on the parsing result.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 15
ohos.permission.PERSONAL_MANAGE_RESTRICTIONS
Allows a device administrator application to manage personal device restrictions.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 15
ohos.permission.START_PROVISIONING_MESSAGE
Allows an application to start the device management service deployment process, which activates the application as a personal device administrator application.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 15
ohos.permission.USE_FRAUD_CALL_LOG_PICKER
Allows an application to use the fraud call log Picker to obtain call logs.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 15
ohos.permission.USE_FRAUD_MESSAGES_PICKER
Allows an application to use the fraud message Picker to obtain SMS messages.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 15
ohos.permission.PERSISTENT_BLUETOOTH_PEERS_MAC
Allows an application to persist the virtual random address corresponding to the MAC address of the peer Bluetooth device.
With this permission, the application can persist the virtual random address of the peer Bluetooth device obtained via BLE scanning, BR scanning, or listening for connections. The persistent virtual random address can still be used even if Bluetooth is enabled or disabled, or the Bluetooth device is restarted.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 16
ohos.permission.ACCESS_VIRTUAL_SCREEN
Allows an application to manage virtual screens.
With this permission, the application can call APIs to perform virtual screen management, including creating, using, and destroying a virtual screen.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 16
ohos.permission.MANAGE_APN_SETTING
Allows an application to read or set APN information.
This permission is required for the applications that need to use private network APN information.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 16
ohos.permission.kernel.ALLOW_USE_JITFORT_INTERFACE
Allows an application to call the JITFort API to update the content in MAP_FORT.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 16
ohos.permission.kernel.DISABLE_GOTPLT_RO_PROTECTION
Allows an application to disable the read-only protection on .got.plt.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 17
ohos.permission.USE_FRAUD_APP_PICKER
Allows an application to use the fraud app Picker to obtain application information.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 18
ohos.permission.kernel.SUPPORT_PLUGIN
Allows an application to install plugins.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 19
ohos.permission.CUSTOM_SANDBOX
Allows an application to set the sandbox type to dynamic sandbox.
Permission level: system_basic
Authorization mode: system_grant
Valid since: 18
ohos.permission.MANAGE_SCREEN_TIME_GUARD
Allows an application to call the screen time guard APIs to restrict screen usage, apply application access control, and control the screen usage time.
Permission level: system_basic
Authorization mode: system_grant
Enable via ACL: true
Valid since: 20
ohos.permission.CUSTOMIZE_SAVE_BUTTON
Allows an application to customize the icon and text of SaveButton.
Permission level: system_basic
Authorization mode: system_grant
Supported devices: Phone|PC/2in1|Tablet
Valid since: 20
ohos.permission.GET_ABILITY_INFO
Allows an application to obtain ability information based on a URI.
Permission level: system_basic
Authorization mode: system_grant
Supported devices: PC/2in1
Valid since: 20
ohos.permission.ACCESS_FIDO2_ONLINEAUTH
Allows an application to use the Native Development Kit (NDK) of the passkey service.
Permission level: system_basic
Authorization mode: system_grant
Supported devices: Phone|PC/2in1|Tablet
Valid since: 20
你可能感兴趣的鸿蒙文章
harmony 鸿蒙Application Access Control
harmony 鸿蒙Access Control Overview
harmony 鸿蒙Application Permission Groups
harmony 鸿蒙Application Permission Management Overview
harmony 鸿蒙Application Permissions
harmony 鸿蒙Requesting Restricted Permissions
harmony 鸿蒙Declaring Permissions
harmony 鸿蒙Workflow for Requesting Permissions
- 所属分类: 后端技术
- 本文标签:
热门推荐
-
2、 - 优质文章
-
3、 gate.io
-
8、 golang
-
9、 openharmony
-
10、 Vue中input框自动聚焦