Access token manager

Add links
From Wikipedia, the free encyclopedia

In computer security, OpenHarmony Access token manager (ATM) is a component that facilitates unified application permission management based on access tokens within the OpenHarmony ecosystem that is used in OpenHarmony-based operating systems, Oniro OS distros and HarmonyOS with HarmonyOS NEXT iteration.[1]

It is built upon access tokens and serves as a centralized mechanism for managing app system permissions. Access tokens encapsulate essential information about an app

  • App ID: Identifies the app.
  • User ID: Associated with the user.
  • App APL (Ability Privilege Level): Determines the app’s privilege level.
  • App permissions: Specify what resources and functions the app can access.

Each app’s access token is uniquely identified by a 32-bit device-specific token ID.[2]

Implementation[edit]

Developers utilize the ATM to handle permissions effectively. In certain scenarios, an app may require access to additional data or system functions beyond the default permissions. The ATM enables fine-grained control over permissions, allowing apps to access extended features when needed. ATMs manage access tokens, which act as capabilities, granting specific rights to the bearer. The token itself serves as the authority, reducing the need for additional access control mechanisms.

HarmonyOS NEXT base system of HarmonyOS 5.0 API 12 and OpenHarmony 4.1 and 5.0 API 11-12, the Core File Kit and Location Kit APIs[3] can be used without user authorization through security controls. If you want a 'tree', give it to only one tree, users can save pictures in the application by clicking Save. The photos can be saved to the system album without granting any permission to the application. The application cannot access any public files by passing the user. Position control with scenarios such as sending location and adding location. Paste control system such as pasting, MeeTime, SMSs, and Links. Three types of components are expected to be reduced by 70% Permission authorization pop-up window with secure access such as pictures, video, audio, files, contacts. Camera, phone, avatar, scanning code and map selection.

On the Input SMS verification code, ID card, and delivery address also the contextual menu button for paste and locate where it restrict 3rd party app permission. System provide related capabilities rather than authorized applications alongside the Account Kit API with native HMS (HMS Core) that contains Huawei ID accounts, supports children protection mode on HarmonyOS NEXT side in system user accounts. Globally, apps take effect automatically with the first scenario, parental devices for temporary use by minors where parents set minors in parent control system. Also, the second scenario, the device is dedicated to minors logging in to a minor account on the device. Alongside, open related apps and enter teen mode by default.[4]

The Media Library Kit intelligently recommends photos to select such as selecting an ID from the Gallery.[5] Also, selecting a driver's license specific photo from Gallery system application with privacy functions. The Core File Kit API with a more granular permission system approach using native Harmony Distributed File System (HMDFS)[6] that takes advantage of the native ATM permission levels and a combination of capability-based like kernel features at custom level with application files, user files and system files compared to classic Unix-like AOSP base on HarmonyOS 2.0 up to 4.x with Linux kernel and enhanced on OpenHarmony system compared to previous versions.[7][8][9]

Permission Levels[edit]

The ATM manages permission levels, granting apps access to sensitive APIs across processes. These levels include:

  • App APL: Determines the app’s overall privilege level.
  • ACL (Access Control List): Defines specific permissions for resources.
  • Authorization Processes: Govern how permissions are granted.[10]

See also[edit]

References[edit]

  1. ^ "Access Control Overview". GitHub. OpenAtom OpenHarmony. Retrieved 13 March 2024.
  2. ^ "ATM". Gitee. OpenAtom OpenHarmony. Retrieved 13 March 2024.
  3. ^ "zh-cn/application-dev/reference/apis-location-kit/Readme-CN.md · OpenHarmony/docs". Gitee (in Chinese (China)). Retrieved 2024-05-22.
  4. ^ "Account Kit | 华为开发者联盟". huawei (in Chinese). Retrieved 2024-05-22.
  5. ^ "zh-cn/application-dev/reference/apis-media-library-kit/Readme-CN.md · OpenHarmony/docs". Gitee (in Chinese (China)). Retrieved 2024-05-22.
  6. ^ "HarmonyOS Distributed File System Development Guide". Substack. LivingInHarmony Blog. Retrieved 13 March 2024.
  7. ^ "Yes, HarmonyOS NEXT is a distributed and capability-based persistent AI operating system for IoT". Substack. LivingInHarmony Blog. Retrieved 13 March 2024.
  8. ^ "OpenAtom OpenHarmony". docs.openharmony.cn. Retrieved 2024-04-14.
  9. ^ "zh-cn/application-dev/reference/apis-core-file-kit/Readme-CN.md · OpenHarmony/docs". Gitee (in Chinese (China)). Retrieved 2024-05-22.
  10. ^ "security_permission". GitHub. OpenAtom OpenHarmony. Retrieved 13 March 2024.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Access_token_manager&oldid=1225178330"