0
代码
代码
Issues
Pull Requests
讨论
Wiki
分析
0
Cchennianatm命令资料bugfix
f2e5a482创建于 9 天前历史提交

Access Token Manager

Access Token Manager (atm) is a tool used to query and set the information such as permission and usage type of an application process. It provides the capability of access control based on the token ID, bundle name, and process name.

Environment Setup

Before using this tool, you must obtain hdc and run the hdc shell command.

Commands

Command Description
help Displays the commands supported by the atm tool.
perm Grants or revokes a permission for an application process.
toggle Sets or obtains the toggle status of the permission dialog box or permission usage records. This command is available only for the root version.
dump Obtains access control data.

help

# Display the help information.
atm help

perm

atm perm [-h] [-g -i <token-id> -p <permission-name>] [-c -i <token-id> -p <permission-name>]

Parameters

Parameter Description
-h Displays help information. Commands supported by the atm perm command.
-g -i <token-id> -p <permission-name> Grants a specified permission to an application based on the token ID of the application process. The -g, -i, and -p parameters are mandatory. The return value indicates whether the operation is successful.
-c -i <token-id> -p <permission-name> Revokes a specified permission from an application based on the token ID of the application process. The -c, -i, and -p parameters are mandatory. The return value indicates whether the operation is successful.

Example:

# Display the help information about the atm perm command.
atm perm -h

# Grant the camera permission to an application process.
atm perm -g -i ********* -p ohos.permission.CAMERA

# Revoke the camera permission for an application process.
atm perm -c -i ********* -p ohos.permission.CAMERA

toggle

atm toggle [-h] [-r -s -i <user-id> -p <permission-name> -k <status>] [-r -o -i <user-id> -p <permission-name>]

Parameters

Parameter Description
-h Displays help information.
-r -s -i <user-id> -p <permission-name> -k <status> Sets the toggle status (specified by status) of a specified permission of a specified user. The -r, -s, -i, -p and -k parameters are mandatory. The return value indicates whether the operation is successful.
-r -o -i <user-id> -p <permission-name> Obtains the toggle status of a specified permission for a specified user. The -r, -o, -i, and -p parameters are mandatory.

Example:

# Display the help information about the atm toggle command.
atm toggle -h

# Enable the camera permission for user 0.
atm toggle -r -s -i 0 -p ohos.permission.CAMERA -k 1

# Obtain the toggle state of the camera permission for user 0.
atm toggle -r -o -i 0 -p ohos.permission.CAMERA

toggle

atm toggle [-h] [-u -s -i <user-id> -k <status>] [-u -o -i <user-id>]

Parameters

Parameter Description
-h Displays help information.
-u -s -i <user-id> -k <status> Sets the toggle status (specified by status) of the permission usage records. The -u, -s, -i and -k parameters are mandatory. The return value indicates whether the operation is successful.
-u -o -i <user-id>  Obtains the toggle status of the permission usage records for a specified user. The -u, -o, and -i parameters are mandatory.

Example:

# Display the help information about the atm toggle command.
atm toggle -h

# Enable the toggle status of the permission usage records for user 0.
atm toggle -u -s -i 0 -k 1

# Obtain the toggle status of the permission usage records of user 0.
atm toggle -u -o -i 0

dump

atm dump [-h] [-d [-p <permission-name>]] [-t [-i <token-id>] [-b <bundle-name>] [-n <process-name>] [-p <permission-name>]] [-r [-i <token-id>] [-p <permission-name>]] [-v [-i <token-id>] [-p <permission-name>]]

In the following table, -d, -t, -r, or -v is mandatory, and -i, -b, -n, and -p are optional. For the atm dump -r and atm dump -v commands, the -i and -p parameters can be used together. For the atm dump -t command, the -i, -b, -n, and -p parameters can be used only separately.

Parameter Description
-d Queries all permission definitions in the system. This parameter is mandatory.
-d -p <permission-name> Queries the permission definition based on the permission name. This parameter is optional.
-h Displays help information.
-t Queries token IDs of all processes in the system. This parameter is mandatory.
-t -i <token-id> Queries basic process information and the corresponding GrantStatus based on the token ID of a process. This parameter is optional.
-t -b <bundle-name> Queries the basic information about an application and the corresponding GrantStatus based on the bundle name of the application process. This parameter is optional.
-t -n <process-name> Queries basic process information and the corresponding GrantStatus based on the process name. This parameter is optional.
-t -p <permission-name> Queries the token ID of the application process that applies for a specified permission. This parameter is optional.
Note: This parameter is supported since version 26.0.0.
-r Queries all PermissionUsedResponse in the system. This parameter is mandatory.
-r -i <token-id> Queries the PermissionUsedResponse of an application based on the token ID of the application process. This parameter is optional.
-r -p <permission-name> Queries the PermissionUsedResponse based on the permission name. This parameter is optional.
-v Queries the permission usage types of all application processes in the system. This parameter is mandatory.
-v -i <token-id> Queries the permission usage type of an application based on the token ID of the application process. This parameter is optional.
-v -p <permission-name> Queries the usage types of a permission based on the specified permission name. This parameter is optional.

Example:

#Query all permission definitions in the system.
atm dump -d

#Query the permission definition by permission name.
atm dump -d -p *********
# Command output:
# {
#     "permissionName": "ohos.permission.KERNEL_ATM_SELF_USE",
#     "grantMode": "SYSTEM_GRANT",
#     "availableLevel": "SYSTEM_CORE",
#     "availableType": "SYSTEM",
#     "distributedSceneEnable": true,
#     "isKernelEffect": true,
#     "hasValue": true,
# }

#Display the help information about the atm dump command.
atm dump -h

#Query the token IDs of all processes in the system.
atm dump -t

#Query the permission information based on the token ID.
atm dump -t -i *********
# Command output:
# {
#   "tokenId": 672078897,
#   "processName": "samgr",
#   "apl": 2,
#   "permStateList": [
#     {
#       "permissionName": "ohos.permission.DISTRIBUTED_DATASYNC",
#       "grantStatus": 0,
#       "grantFlag": 4,
#     }
#   ]
# }

#Query the permission information based on the bundle name.
atm dump -t -b ohos.telephony.resources
# Command output:
# {
#   "tokenId": 537280686,
#   "tokenAttr": 1,
#   "ver": 1,
#   "userId": 100,
#   "bundleName": "ohos.telephony.resources",
#   "instIndex": 0,
#   "dlpType": 0,
#   "isRemote": false,
#   "isPermDialogForbidden": false,
#   "permStateList": [
#     {
#       "permissionName": "ohos.permission.DISTRIBUTED_DATASYNC",
#       "grantStatus": 0,
#       "grantFlag": 4,
#     }
#   ]
# }

#Query the token IDs and bundle names of all application processes that apply for a specified permission.
atm dump -t -p ohos.permission.CAMERA
# Command output:
# Permission: ohos.permission.CAMERA
# Total Tokens: 1

# 537538306: com.ohos.camera


#Query the permission information based on the process name.
atm dump -t -n *********

#Query the permission types of all applications.
atm dump -v
#Command output:
# {
#   "tokenId": 537088946,
#   "permissionName": "ohos.permission.GET_INSTALLED_BUNDLE_LIST",
#   "usedType": 0,
# }

#Query the permission usage types based on the token ID.
atm dump -v -i *********

#Query the permission usage types based on the permission name.
atm dump -v -p ohos.permission.CAMERA

#Query the permission usage types based on the token ID and permission name.
atm dump -v -i ********* -p ohos.permission.CAMERA

#Query all permission usage records in the system.
atm dump -r
# Command output:
# {
#   "beginTime": 1501837281916,
#   "endTime": 1501837281916,
#   "bundleRecords": [
#     {
#       "tokenId": 537088946,
#       "isRemote": false,
#       "bundleName": "com.ohos.permissionmanager",
#       "permissionRecords": [
#         {
#           "permissionName": "ohos.permission.GET_INSTALLED_BUNDLE_LIST",
#           "accessCount": 1,
#           "secAccessCount": 0,
#           "rejectCount": 0,
#           "lastAccessTime": 1501837281916,
#           "lastRejectTime": 0,
#           "lastAccessDuration": 0,
#           "accessRecords": [
#             {
#               "status": 1,
#               "lockScreenStatus": 1,
#               "timestamp": 1501837281916,
#               "duration": 0,
#               "count": 1,
#               "usedType": 0
#             },
#           ]
#           "rejectRecords": [
#           ]
#         },
#       ]
#     }
#   ]
# }

#Query the permission usage records based on the token ID.
atm dump -r -i *********

#Query the permission usage records based on the permission name.
atm dump -r -p ohos.permission.CAMERA

#Query the permission usage records based on the token ID and permission name.
atm dump -r -i ********* -p ohos.permission.CAMERA