Image description

HarmonyOS Development: Authority Statement for Authority Management

Avatar photoByAdil

Foreword

this paper is based on api13.

Why have permission management? The biggest reason is to improve users’ control over privacy and data security and prevent malicious software from abusing their rights. Just Imagine, if there is no rights management, some malicious software will definitely use these default authorization rights to obtain users’ sensitive information and pose a threat to users’ privacy. This is one of them, and the other is the user experience, because users cannot authorize rights according to their own needs, which may lead to unnecessary rights being granted, in public and private, in emotion and reason, authority management must and firmly be implemented.

In Hongmeng ecology, it can be said that authority management has been consistently implemented from beginning to end. After all, ensuring user privacy, system security and functional integrity is Hongmeng’s core mechanism. User privacy protection, such as user authorization when accessing sensitive data such as cameras, microphones and locations, is required to prevent malicious applications from stealing privacy. System resource security mainly restricts the disorderly access of applications to the underlying resources of the system, such as network and storage, avoid resource abuse or conflict; However, functional integrity, such as some functions, such as network requests, device sensor calls, etc., depend on Permission authorization. Failure to apply for permission will lead to functional failure. These permission requests are usually transparent, and the system will pop up an authorization prompt. Users can make choices according to their own needs and privacy considerations.

Basic principles

permission management is important, but in actual development, it should still be used reasonably and correctly to avoid unnecessary applications. Official website has the following principles for permission management:

  1. The developed application, of course, contains the three-party library referenced by the application. The required permissions must be declared one by one in the application’s configuration file in strict accordance with the permissions development guidance. This principle is very important, otherwise you cannot apply for permissions.

  2. The applied permissions shall meet the principle of minimization as far as possible, and it is strictly prohibited to apply for some unnecessary and abandoned permissions; In actual development, if an application applies for a lot of permissions, this situation will make users worry about application security and the use experience will deteriorate, which will also affect the installation rate and retention rate of the application.

  3. If the application must use sensitive permissions, the permission use reason field must be filled in. Sensitive permissions usually refer to permissions closely related to user privacy, including geographic location, camera, microphone, calendar, fitness, body sensor, music, files, pictures and videos. Sensitive permissions for applications must be dynamically applied before the corresponding business functions are executed to meet the requirements of privacy minimization.

  4. When the user refuses to grant a certain permission, other business functions unrelated to this permission should be allowed to be used normally, and do not exit directly or make other errors.

Claim Permissions

in actual development, all application permissions must be in in the configuration file of the project, it is very important to declare one by one. If there is no declaration, the function cannot be used. The declaration location is mainly to declare the permission in the requestPermissions tag of the module.json5 configuration file.

Image description 

{
"module": {
"requestPermissions": [
{
"name": "ohos.permission.INTERNET",
Reason ":" Used to load network images "
},
{
"name": "ohos.permission.CAMERA",
Reason ":" Required for the photo taking function "
}
]
}
}

Please define the reason field in the string.json file.

requestPermissions property overview:

property meaning data Type value range
name the name of the permission to use. String Required the name of the permission is defined by the system.
reason the reason for the permission request. String optional Fill , this field is used for application shelf verification. It is required when the requested permission is user_grant permission, and multilingual adaptation is required.
usedScene the scenario in which the permission is used. This field is used for application shelf verification. Includes two children, abilities and when.-Capabilities: The name of the UIAbility or ExtensionAbility component that uses the permissions.-when: call timing. Object usedScene required .-abilities: optional Fill which can be configured as a string array of multiple UIAbility or ExtensionAbility names.-when: optional Fill , However, if you configure this field, you can only fill in the fixed values inuse (when used), always (always), and cannot be empty.It is recommended to fill in when the permission to apply is user_grant permission.

reason field

according to the official interpretation, the reason field should be a straightforward, specific and easy-to-understand complete short sentence, which is mainly used to explain to users the reason why the application uses sensitive permissions. The sentence requires avoiding the passive voice and ending with a full stop. 

Suggested sentence structure: Used for doing something.
Example: Taking the reason string for applying for camera permissions as an example.
Example: Used for video calls.
Counterexample: Using a camera.

Related Summary

if in a certain permissions have been applied for in the submodule, so there is no need to add them repeatedly in the main project, because the permissions will take effect in the entire application.

This article mainly briefly outlines why there should be permission management and the Declaration principles of permission management. These are the basic concepts. Everyone can understand them. The important thing is how to declare permissions and where to declare permissions. This needs to be mastered.

Similar Posts

Leveraging Runner H in job search: Jobhound.ai

Leveraging Runner H in job search: Jobhound.ai

ByAdil

This is a submission for the Runner H “AI Agent Prompting” Challenge What I Built I built Jobhound.ai, an intelligent end-to-end AI job assistant that automates the job search process. Jobhound.ai helps users find at least 10 relevant job opportunities by searching popular job platforms, extracting and analyzing job descriptions, and sending templates for each…

Production Deployment Strategies Docker Cloud High Web

Production Deployment Strategies Docker Cloud High Web

ByAdil

Cross-Platform Deployment and Cloud-Native Architecture: A Comprehensive Guide to Modern Application Deployment As a third-year computer science student who has deployed applications across various platforms and cloud environments, I’ve learned that deployment is not merely the final step in development but a critical aspect that determines application reliability, scalability, and maintainability. The difference between a…

Event Driven Architecture Pattern Application Practice in Web Frameworks

Event Driven Architecture Pattern Application Practice in Web Frameworks

ByAdil

As a junior computer science student, I have experienced a complete transformation in my understanding of architecture development. This journey has taught me valuable lessons about modern web framework design and implementation. Project Information 🚀 Hyperlane Framework: GitHub Repository 📧 Author Contact: root@ltpp.vip 📖 Documentation: Official Docs Technical Deep Dive Technical Foundation and Architecture During…