@ohos.abilityAccessCtrl (Application Access Control)
This module provides permission verification and management capabilities for applications.
NOTE The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version.
Modules to Import
import { abilityAccessCtrl } from '@kit.AbilityKit';
abilityAccessCtrl.createAtManager
createAtManager(): AtManager
Access control: Creates an object for application access control.
Atomic service API: This API can be used in atomic services since API version 11.
System capability: SystemCapability.Security.AccessToken
Return value
| Type | Description |
|---|---|
| AtManager | AtManager instance obtained. |
Example
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
AtManager
Provides APIs for application access control.
checkAccessToken9+
checkAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus>
Checks whether the user has granted the permission. This API uses a promise to return the result.
Atomic service API: This API can be used in atomic services since API version 11.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the target application to be verified, which can be obtained from the accessTokenId field in ApplicationInfo of BundleInfo. The token ID of the current application can be obtained through bundleManager.getBundleInfoForSelfSync. |
| permissionName | Permissions | Yes | Permission to verify. For details about the permission, see Application Permissions. |
Return value
| Type | Description |
|---|---|
| Promise<GrantStatus> | Promise used to return the result. Returns the authorization status result. |
Error codes
For details about the error codes, see Universal Error Codes and Access Control Error Codes.
| ID | Error Message |
|---|---|
| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. |
| 12100001 | Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. |
Example
import { abilityAccessCtrl, Permissions, bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
let bundleInfo = bundleManager.getBundleInfoForSelfSync(bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_APPLICATION);
let tokenID: number = bundleInfo.appInfo.accessTokenId;
let permissionName: Permissions = 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS';
atManager.checkAccessToken(tokenID, permissionName).then((data: abilityAccessCtrl.GrantStatus) => {
console.info(`checkAccessToken success, result: ${data}`);
}).catch((err: BusinessError): void => {
console.error(`checkAccessToken fail, code: ${err.code}, message: ${err.message}`);
});
checkAccessTokenSync10+
checkAccessTokenSync(tokenID: number, permissionName: Permissions): GrantStatus
Verifies whether a permission is granted to an application. This API returns the result synchronously.
Atomic service API: This API can be used in atomic services since API version 11.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the target application to be verified, which can be obtained from the accessTokenId field in ApplicationInfo of BundleInfo. The token ID of the current application can be obtained through bundleManager.getBundleInfoForSelfSync. |
| permissionName | Permissions | Yes | Permission to verify. For details about the permission, see Application Permissions. |
Return value
| Type | Description |
|---|---|
| GrantStatus | Permission grant state. |
Error codes
For details about the error codes, see Universal Error Codes and Access Control Error Codes.
| ID | Error Message |
|---|---|
| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. |
| 12100001 | Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. |
Example
import { abilityAccessCtrl, Permissions, bundleManager } from '@kit.AbilityKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
let bundleInfo = bundleManager.getBundleInfoForSelfSync(bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_APPLICATION);
let tokenID: number = bundleInfo.appInfo.accessTokenId;
let permissionName: Permissions = 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS';
let data: abilityAccessCtrl.GrantStatus = atManager.checkAccessTokenSync(tokenID, permissionName);
console.info(`Result: ${data}`);
on18+
on(type: 'selfPermissionStateChange', permissionList: Array<Permissions>, callback: Callback<PermissionStateChangeInfo>): void
Subscribes to the permission state change events of the specified permission list of the current application. Such event triggers a corresponding callback. This API uses an asynchronous callback to return the result.
-
When this subscription API is called for multiple times, if the subscribed permission lists are the same but the callbacks are different, the subscription is successful.
-
When this subscription API is called for multiple times, if the subscribed permission lists contain the same subset and the callbacks are the same, the subscription fails.
Atomic service API: This API can be used in atomic services since API version 18.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | string | Yes | Event type. The value is 'selfPermissionStateChange', which indicates the changes in the permission states specific to this application alone. |
| permissionList | Array<Permissions> | Yes | List of target permissions. If this parameter is not specified, this API will subscribe to state changes of all permissions. For details about the permissions, see Application Permissions. |
| callback | Callback<PermissionStateChangeInfo> | Yes | Callback used to return the result. Callback for subscribing to status change events of the specified permission name. |
Error codes
For details about the error codes, see Universal Error Codes and Access Control Error Codes.
| ID | Error Message |
|---|---|
| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. |
| 12100001 | Invalid parameter. Possible causes: 1. The permissionList exceeds the size limit; 2. The permissionNames in the list are all invalid. |
| 12100004 | The API is used repeatedly with the same input. |
| 12100005 | The registration time has exceeded the limit. |
| 12100007 | The service is abnormal. |
Example
import { abilityAccessCtrl, Permissions } from '@kit.AbilityKit';
try {
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
let permissionList: Array<Permissions> = ['ohos.permission.APPROXIMATELY_LOCATION'];
atManager.on('selfPermissionStateChange', permissionList, (data: abilityAccessCtrl.PermissionStateChangeInfo) => {
console.info('receive permission state change');
console.info(`data change: ${data.change}, tokenID: ${data.tokenID}, permission name: ${data.permissionName}`);
});
} catch(err) {
console.error(`Code: ${err.code}, message: ${err.message}`);
}
off18+
off(type: 'selfPermissionStateChange', permissionList: Array<Permissions>, callback?: Callback<PermissionStateChangeInfo>): void
Unsubscribes from changes in the state of the specified permissions for this application. This API uses an asynchronous callback to return the result.
If callback is not specified, this API will unregister all callbacks for permissionList.
Atomic service API: This API can be used in atomic services since API version 18.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | string | Yes | Event type. The value is 'selfPermissionStateChange', which indicates the changes in the permission states specific to this application alone. |
| permissionList | Array<Permissions> | Yes | List of target permissions. The value must be the same as that in on. If this parameter is not specified, this API will unsubscribe from state changes for all permissions. For details about the permissions, see Application Permissions. |
| callback | Callback<PermissionStateChangeInfo> | No | Callback used to return the result. Unsubscribes the callback for status change events of the specified tokenID and permission name. |
Error codes
For details about the error codes, see Universal Error Codes and Access Control Error Codes.
| ID | Error Message |
|---|---|
| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. |
| 12100004 | The API is not used in pair with "on". |
| 12100007 | The service is abnormal. |
Example
import { abilityAccessCtrl, Permissions } from '@kit.AbilityKit';
try {
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
let permissionList: Array<Permissions> = ['ohos.permission.APPROXIMATELY_LOCATION'];
atManager.off('selfPermissionStateChange', permissionList);
} catch(err) {
console.error(`Code: ${err.code}, message: ${err.message}`);
}
requestPermissionsFromUser9+
requestPermissionsFromUser(context: Context, permissionList: Array<Permissions>, requestCallback: AsyncCallback<PermissionRequestResult>): void
Starts a dialog box for Requesting User Authorization for UIAbility. This API uses an asynchronous callback to return the result.
If the user rejects to grant permissions, the dialog box cannot be displayed again. If permission granting is required, the user can manually grant permissions on the Settings page or call requestPermissionOnSetting to display the permission settings dialog box for the user to grant permissions.
Atomic service API: This API can be used in atomic services since API version 12.
Model restriction: This API can be used only in the stage model.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| context | Context | Yes | Context of the UIAbility that requests the permission. |
| permissionList | Array<Permissions> | Yes | Permissions to request. For details about the permissions, see Application Permissions. |
| requestCallback | AsyncCallback<PermissionRequestResult> | Yes | Callback used to return the result. If the dialog box for requesting permissions is displayed successfully, err is undefined, and data is the obtained PermissionRequestResult. Otherwise, err is an error object. |
Error codes
For details about the error codes, see Universal Error Codes and Access Control Error Codes.
| ID | Error Message |
|---|---|
| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. |
| 12100001 | (Deprecated in 12) Invalid parameter. The context is invalid when it does not belong to the application itself. |
| 12100009 | Common inner error. An error occurs when creating the pop-up window or obtaining user operation results. |
Example
For details about how to obtain the context in the example, see Obtaining the Context of UIAbility.
For details about the process and example of applying for user authorization, see Requesting User Authorization.
import { abilityAccessCtrl, Context, PermissionRequestResult, common } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
// Obtain the context within the component.
let context: Context = this.getUIContext().getHostContext() as common.UIAbilityContext;
atManager.requestPermissionsFromUser(context, ['ohos.permission.CAMERA'], (err: BusinessError, data: PermissionRequestResult) => {
if (err) {
console.error(`requestPermissionsFromUser fail, code: ${err.code}, message: ${err.message}`);
} else {
console.info(`requestPermissionsFromUser success, result: ${data}`);
console.info('requestPermissionsFromUser data permissions:' + data.permissions);
console.info('requestPermissionsFromUser data authResults:' + data.authResults);
console.info('requestPermissionsFromUser data dialogShownResults:' + data.dialogShownResults);
console.info('requestPermissionsFromUser data errorReasons:' + data.errorReasons);
}
});
requestPermissionsFromUser9+
requestPermissionsFromUser(context: Context, permissionList: Array<Permissions>): Promise<PermissionRequestResult>
Starts a dialog box for Requesting User Authorization for UIAbility. This API uses a promise to return the result.
If the user rejects to grant permissions, the dialog box cannot be displayed again. If permission granting is required, the user can manually grant permissions on the Settings page or call requestPermissionOnSetting to display the permission settings dialog box for the user to grant permissions.
Atomic service API: This API can be used in atomic services since API version 11.
Model restriction: This API can be used only in the stage model.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| context | Context | Yes | Context of the UIAbility that requests the permission. |
| permissionList | Array<Permissions> | Yes | Permissions to request. For details about the permissions, see Application Permissions. |
Return value
| Type | Description |
|---|---|
| Promise<PermissionRequestResult> | Promise used to return the result. Returns the API result. |
Error codes
For details about the error codes, see Universal Error Codes and Access Control Error Codes.
| ID | Error Message |
|---|---|
| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. |
| 12100001 | (Deprecated in 12) Invalid parameter. The context is invalid when it does not belong to the application itself. |
| 12100009 | Common inner error. An error occurs when creating the pop-up window or obtaining user operation results. |
Example
For details about how to obtain the context in the example, see Obtaining the Context of UIAbility.
For details about the process and example of applying for user authorization, see Requesting User Authorization.
import { abilityAccessCtrl, Context, PermissionRequestResult, common } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
// Obtain the context within the component.
let context: Context = this.getUIContext().getHostContext() as common.UIAbilityContext;
atManager.requestPermissionsFromUser(context, ['ohos.permission.CAMERA']).then((data: PermissionRequestResult) => {
console.info(`requestPermissionsFromUser success, result: ${data}`);
console.info('requestPermissionsFromUser data permissions:' + data.permissions);
console.info('requestPermissionsFromUser data authResults:' + data.authResults);
console.info('requestPermissionsFromUser data dialogShownResults:' + data.dialogShownResults);
console.info('requestPermissionsFromUser data errorReasons:' + data.errorReasons);
}).catch((err: BusinessError): void => {
console.error(`requestPermissionsFromUser fail, code: ${err.code}, message: ${err.message}`);
});
requestPermissionOnSetting12+
requestPermissionOnSetting(context: Context, permissionList: Array<Permissions>): Promise<Array<GrantStatus>>
Starts a permission setting dialog box again for UIAbility or UIExtensionAbility. This API uses a promise to return the result.
Before calling this API, the application must have called requestPermissionsFromUser. If the user grants the permissions required when the authorization dialog box is displayed the first time, calling this API will not display the permission settings dialog box.
Atomic service API: This API can be used in atomic services since API version 12.
Model restriction: This API can be used only in the stage model.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| context | Context | Yes | Context of the UIAbility/UIExtensionAbility that requests the permissions. |
| permissionList | Array<Permissions> | Yes | Permissions to request. For details about the permissions, see Application Permission Groups. |
Return value
| Type | Description |
|---|---|
| Promise<Array<GrantStatus>> | Promise used to return the result. Returns the authorization status result. |
Error codes
For details about the error codes, see Access Control Error Codes.
| ID | Error Message |
|---|---|
| 12100001 | Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 2. The permission list contains the permission that is not declared in the module.json file; 3. The permission list is invalid because the permissions in it do not belong to the same permission group; 4. The permission list contains one or more system_grant permissions. |
| 12100009 | Common inner error. An error occurs when creating the pop-up window or obtaining user operation result. |
| 12100011 | All permissions in the permission list have been granted. |
| 12100012 | The permission list contains the permission that has not been revoked by the user. |
| 12100014 | Unexpected permission. You cannot request this type of permission from users via a pop-up window. |
Example For details about how to obtain the context in the example, see Obtaining the Context of UIAbility.
import { abilityAccessCtrl, Context, common } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
// Obtain the context within the component.
let context: Context = this.getUIContext().getHostContext() as common.UIAbilityContext;
atManager.requestPermissionOnSetting(context, ['ohos.permission.CAMERA']).then((data: Array<abilityAccessCtrl.GrantStatus>) => {
console.info(`requestPermissionOnSetting success, result: ${data}`);
}).catch((err: BusinessError): void => {
console.error(`requestPermissionOnSetting fail, code: ${err.code}, message: ${err.message}`);
});
requestGlobalSwitch12+
requestGlobalSwitch(context: Context, type: SwitchType): Promise<boolean>
Displays a dialog box for setting a global switch for UIAbility or UIExtensionAbility. This API uses a promise to return the result.
When the features such as recording and photographing are disabled, the application can display the dialog box, asking the user to enable the related features. If the global switch is turned on, no dialog box will be displayed.
Atomic service API: This API can be used in atomic services since API version 12.
Model restriction: This API can be used only in the stage model.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| context | Context | Yes | Context of the UIAbility/UIExtensionAbility that requests the permissions. |
| type | SwitchType | Yes | Type of the global switch. |
Return value
| Type | Description |
|---|---|
| Promise<boolean> | Promise used to return the result. Returns true if the global switch is enabled. Returns false if the global switch is disabled. |
Error codes
For details about the error codes, see Universal Error Codes and Access Control Error Codes.
| ID | Error Message |
|---|---|
| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types. |
| 12100001 | Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 2. The type of global switch is not support. |
| 12100009 | Common inner error. An error occurs when creating the pop-up window or obtaining user operation result. |
| 12100013 | The specific global switch is already open. |
Example For details about how to obtain the context in the example, see Obtaining the Context of UIAbility.
import { abilityAccessCtrl, Context, common } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
// Obtain the context within the component.
let context: Context = this.getUIContext().getHostContext() as common.UIAbilityContext;
atManager.requestGlobalSwitch(context, abilityAccessCtrl.SwitchType.CAMERA).then((data: Boolean) => {
console.info(`requestGlobalSwitch success, result: ${data}`);
}).catch((err: BusinessError): void => {
console.error(`requestGlobalSwitch fail, code: ${err.code}, message: ${err.message}`);
});
getSelfPermissionStatus20+
getSelfPermissionStatus(permissionName: Permissions): PermissionStatus
Queries the permission status of an application. This API returns the result synchronously.
Atomic service API: This API can be used in atomic services since API version 20.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| permissionName | Permissions | Yes | Permission to verify. For details about the permission, see Application Permissions. |
Return value
| Type | Description |
|---|---|
| PermissionStatus | Permission status. |
Error codes
For details about the error codes, see Access Control Error Codes.
| ID | Error Message |
|---|---|
| 12100001 | Invalid parameter. The permissionName is empty or exceeds 256 characters. |
| 12100007 | The service is abnormal. |
Example
import { abilityAccessCtrl } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
try {
let data: abilityAccessCtrl.PermissionStatus = atManager.getSelfPermissionStatus('ohos.permission.CAMERA');
console.info(`getSelfPermissionStatus success, result: ${data}`);
} catch(err) {
console.error(`getSelfPermissionStatus fail, code: ${err.code}, message: ${err.message}`);
}
openPermissionOnSetting22+
openPermissionOnSetting(context: Context, permission: Permissions): Promise<SelectedResult>
Starts the dialog box for redirection to the settings page for UIAbility or UIExtensionAbility. This API uses a promise to return the result.
Model restriction: This API can be used only in the stage model.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| context | Context | Yes | Context of the UIAbility/UIExtensionAbility that requests the permissions. |
| permission | Permissions | Yes | Permission name. Only permissions whose authorization mode is manual_settings are supported. |
Return value
| Type | Description |
|---|---|
| Promise<SelectedResult> | Promise used to return the result. Returns the pop-up window result of the redirection settings page. |
Error codes
For details about the error codes, see Access Control Error Codes.
| ID | Error Message |
|---|---|
| 12100001 | Invalid parameter. Possible causes: 1. The context is invalid because it does not belong to the application itself; 2. The permission is invalid or not declared in the module.json file. |
| 12100009 | Common inner error. An error occurs when creating the pop-up window or obtaining user operation result. |
| 12100014 | Unexpected permission. The permission is not a manual_settings permission. |
Example
For details about how to obtain the context in the example, see Obtaining the Context of UIAbility.
import { abilityAccessCtrl, Context, common } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
// Obtain the context within the component.
let context: Context = this.getUIContext().getHostContext() as common.UIAbilityContext;
atManager.openPermissionOnSetting(context, 'ohos.permission.HOOK_KEY_EVENT').then((data: abilityAccessCtrl.SelectedResult) => {
console.info(`openPermissionOnSetting success, result: ${data}`);
}).catch((err: BusinessError): void => {
console.error(`openPermissionOnSetting fail, code: ${err.code}, message: ${err.message}`);
});
verifyAccessTokenSync9+
verifyAccessTokenSync(tokenID: number, permissionName: Permissions): GrantStatus
Verifies whether a permission is granted to an application. This API returns the result synchronously.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the target application to be verified, which can be obtained from the accessTokenId field in ApplicationInfo of BundleInfo. The token ID of the current application can be obtained through bundleManager.getBundleInfoForSelfSync. |
| permissionName | Permissions | Yes | Permission to verify. For details about the permission, see Application Permissions. |
Return value
| Type | Description |
|---|---|
| GrantStatus | Permission grant state. |
Error codes
For details about the error codes, see Universal Error Codes and Access Control Error Codes.
| ID | Error Message |
|---|---|
| 401 | Parameter error. Possible causes: 1.Mandatory parameters are left unspecified; 2.Incorrect parameter types. |
| 12100001 | Invalid parameter. The tokenID is 0, or the permissionName exceeds 256 characters. |
Example
import { abilityAccessCtrl, Permissions, bundleManager } from '@kit.AbilityKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
let bundleInfo = bundleManager.getBundleInfoForSelfSync(bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_APPLICATION);
let tokenID: number = bundleInfo.appInfo.accessTokenId;
try {
let permissionName: Permissions = 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS';
let data: abilityAccessCtrl.GrantStatus = atManager.verifyAccessTokenSync(tokenID, permissionName);
console.info(`verifyAccessTokenSync success, result: ${data}`);
} catch(err) {
console.error(`verifyAccessTokenSync fail, code: ${err.code}, message: ${err.message}`);
}
verifyAccessToken9+
verifyAccessToken(tokenID: number, permissionName: Permissions): Promise<GrantStatus>
Checks whether the user has granted the permission. This API uses a promise to return the result.
NOTE
You are advised to use checkAccessToken.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the target application to be verified, which can be obtained from the accessTokenId field in ApplicationInfo of BundleInfo. The token ID of the current application can be obtained through bundleManager.getBundleInfoForSelfSync. |
| permissionName | Permissions | Yes | Permission to verify. For details about the permission, see Application Permissions. |
Return value
| Type | Description |
|---|---|
| Promise<GrantStatus> | Promise used to return the result. Returns the authorization status result. |
Example
import { abilityAccessCtrl, Permissions, bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
let bundleInfo = bundleManager.getBundleInfoForSelfSync(bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_APPLICATION);
let tokenID: number = bundleInfo.appInfo.accessTokenId;
let permissionName: Permissions = 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS';
atManager.verifyAccessToken(tokenID, permissionName).then((data: abilityAccessCtrl.GrantStatus) => {
console.info(`verifyAccessToken success, result: ${data}`);
}).catch((err: BusinessError): void => {
console.error(`verifyAccessToken fail, code: ${err.code}, message: ${err.message}`);
});
verifyAccessToken(deprecated)
verifyAccessToken(tokenID: number, permissionName: string): Promise<GrantStatus>
Checks whether the user has granted the permission. This API uses a promise to return the result.
NOTE
This API is supported since API version 8 and deprecated since API version 9. Use checkAccessToken instead.
System capability: SystemCapability.Security.AccessToken
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| tokenID | number | Yes | ID of the target application to be verified, which can be obtained from the accessTokenId field in ApplicationInfo of BundleInfo. The token ID of the current application can be obtained through bundleManager.getBundleInfoForSelfSync. |
| permissionName | string | Yes | Permission to verify. For details about the permission, see Application Permissions. |
Return value
| Type | Description |
|---|---|
| Promise<GrantStatus> | Promise used to return the result. Returns the authorization status result. |
Example
import { abilityAccessCtrl, Permissions, bundleManager } from '@kit.AbilityKit';
import { BusinessError } from '@kit.BasicServicesKit';
let atManager: abilityAccessCtrl.AtManager = abilityAccessCtrl.createAtManager();
let bundleInfo = bundleManager.getBundleInfoForSelfSync(bundleManager.BundleFlag.GET_BUNDLE_INFO_WITH_APPLICATION);
let tokenID: number = bundleInfo.appInfo.accessTokenId;
let permissionName: Permissions = 'ohos.permission.GRANT_SENSITIVE_PERMISSIONS';
atManager.verifyAccessToken(tokenID, permissionName).then((data: abilityAccessCtrl.GrantStatus) => {
console.info(`verifyAccessToken success, result: ${data}`);
}).catch((err: BusinessError): void => {
console.error(`verifyAccessToken fail, code: ${err.code}, message: ${err.message}`);
});
GrantStatus
Enumerates the permission grant states.
Atomic service API: This API can be used in atomic services since API version 11.
System capability: SystemCapability.Security.AccessToken
| Name | Value | Description |
|---|---|---|
| PERMISSION_DENIED | -1 | The permission is not granted. |
| PERMISSION_GRANTED | 0 | The permission is granted. |
SwitchType12+
Enumerates the global switch types.
Atomic service API: This API can be used in atomic services since API version 12.
System capability: SystemCapability.Security.AccessToken
| Name | Value | Description |
|---|---|---|
| CAMERA | 0 | Global switch of the camera. |
| MICROPHONE | 1 | Global switch of the microphone. |
| LOCATION | 2 | Global switch of the location service. |
PermissionStateChangeType18+
Enumerates the operations that trigger permission state changes.
Atomic service API: This API can be used in atomic services since API version 18.
System capability: SystemCapability.Security.AccessToken
| Name | Value | Description |
|---|---|---|
| PERMISSION_REVOKED_OPER | 0 | Operation to revoke a permission. |
| PERMISSION_GRANTED_OPER | 1 | Operation to grant a permission. |
PermissionStateChangeInfo18+
Represents the permission state change details.
Atomic service API: This API can be used in atomic services since API version 18.
System capability: SystemCapability.Security.AccessToken
| Name | Type | Read Only | Optional | Description |
|---|---|---|---|---|
| change | PermissionStateChangeType | No | No | Operation that triggers the permission state change. |
| tokenID | number | No | No | ID of the subscribed application, which can be obtained from the accessTokenId field of ApplicationInfo in BundleInfo of the application. The token ID of the current application can be obtained through bundleManager.getBundleInfoForSelfSync. |
| permissionName | Permissions | No | No | Permissions whose authorization state changes. For details about the permissions, see Application Permissions. |
PermissionRequestResult10+
type PermissionRequestResult = _PermissionRequestResult
Represents the permission request result.
Atomic service API: This API can be used in atomic services since API version 11.
Model restriction: This API can be used only in the stage model.
System capability: SystemCapability.Security.AccessToken
| Type | Description |
|---|---|
| _PermissionRequestResult | Permission request result object. |
Context10+
type Context = _Context
Represents the context for the ability or application. It allows access to application-specific resources.
Atomic service API: This API can be used in atomic services since API version 11.
Model restriction: This API can be used only in the stage model.
System capability: SystemCapability.Security.AccessToken
| Type | Description |
|---|---|
| _Context | Context for an ability or application to access to application-specific resources. |
PermissionStatus20+
Enumerates the permission states.
Atomic service API: This API can be used in atomic services since API version 20.
System capability: SystemCapability.Security.AccessToken
| Name | Value | Description |
|---|---|---|
| DENIED | -1 | The permission is not granted. |
| GRANTED | 0 | The permission is granted. |
| NOT_DETERMINED | 1 | The permission state is not determined. This value is returned when the application declares user_grant permissions and does not call requestPermissionsFromUser to request user authorization, or when the user changes the permission state to Ask each time in Settings. |
| INVALID | 2 | The permission is invalid. The application does not declare permissions or cannot process the request. For example, if the status of the approximate location permission is NOT_DETERMINED, this value will be returned when the status of the precise location permission is queried. |
| RESTRICTED | 3 | The permission is restricted. The application is not allowed to call requestPermissionsFromUser to request user authorization. |
SelectedResult22+
Enumerates the results of the dialog box for redirection to the settings page.
System capability: SystemCapability.Security.AccessToken
| Name | Value | Description |
|---|---|---|
| REJECTED | -1 | The user chooses not to go to the settings. |
| OPENED | 0 | The user chooses to go to the settings. |
| GRANTED | 1 | The permission has been granted and no dialog box is displayed. |