!1055 The adaptation package management interface goes offline

Merge pull request !1055 from 阿勒泰/master

frameworks/kits/ability/ability_runtime/test/mock/AMS/mock_serviceability_manager_service.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -158,12 +158,6 @@ bool MockServiceAbilityManagerService::IsFirstInMission(const sptr<IRemoteObject
     return true;
 }
 
-int MockServiceAbilityManagerService::CompelVerifyPermission(
-    const std::string &permission, int pid, int uid, std::string &message)
-{
-    return 0;
-}
-
 int MockServiceAbilityManagerService::PowerOff()
 {
     return 0;

frameworks/kits/ability/ability_runtime/test/mock/AMS/mock_serviceability_manager_service.h

@@ -146,7 +146,6 @@ public:
 
     int MoveMissionToEnd(const sptr<IRemoteObject> &token, const bool nonFirst) override;
     bool IsFirstInMission(const sptr<IRemoteObject> &token) override;
-    int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override;
 
     int RemoveMission(int id) override;
 

frameworks/kits/ability/native/BUILD.gn

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Copyright (c) 2021-2022 Huawei Device Co., Ltd.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -264,6 +264,7 @@ ohos_shared_library("abilitykit_native") {
     "native_appdatamgr:native_appdatafwk",
     "native_appdatamgr:native_dataability",
     "native_appdatamgr:native_rdb",
+    "os_account_standard:os_account_innerkits",
     "permission_standard:libpermissionsdk_standard",
     "resmgr_standard:global_resmgr",
     "samgr_standard:samgr_proxy",

frameworks/kits/ability/native/include/ability_context.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -398,53 +398,6 @@ public:
      */
     std::shared_ptr<Global::Resource::ResourceManager> GetResourceManager() const override;
 
-    /**
-     * @brief Checks whether the current process has the given permission.
-     * You need to call requestPermissionsFromUser(java.lang.std::string[],int) to request a permission only
-     * if the current process does not have the specific permission.
-     *
-     * @param permission Indicates the permission to check. This parameter cannot be null.
-     *
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the current process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    virtual int VerifySelfPermission(const std::string &permission) override;
-
-    /**
-     * @brief Checks whether the calling process for inter-process communication has the given permission.
-     * The calling process is not the current process.
-     *
-     * @param permission Indicates the permission to check. This parameter cannot be null.
-     *
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the calling process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    virtual int VerifyCallingPermission(const std::string &permission) override;
-
-    /**
-     * @brief Confirms with the permission management module to check whether a request prompt is required for granting
-     * a certain permission. You need to call the current method to check whether a prompt is required before calling
-     * requestPermissionsFromUser(java.lang.String[],int) to request a permission. If a prompt is not required,
-     * permission request will not be initiated.
-     *
-     * @param requestCode Indicates the permission to be queried. This parameter cannot be null.
-     *
-     * @return Returns true if the current application does not have the permission and the user does not turn off
-     * further requests; returns false if the current application already has the permission, the permission is rejected
-     * by the system, or the permission is denied by the user and the user has turned off further requests.
-     */
-    virtual bool CanRequestPermission(const std::string &permission) override;
-
-    /**
-     * @brief When there is a remote call to check whether the remote has permission, otherwise check whether it has
-     * permission
-     *
-     * @param permissions Indicates the list of permissions to be requested. This parameter cannot be null.
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the current process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    virtual int VerifyCallingOrSelfPermission(const std::string &permission) override;
-
     /**
      * @brief Query whether the application of the specified PID and UID has been granted a certain permission
      *

frameworks/kits/ability/native/src/ability_context.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -16,9 +16,11 @@
 #include "ability_context.h"
 
 #include "ability_manager_client.h"
+#include "accesstoken_kit.h"
 #include "bundle_constants.h"
 #include "hilog_wrapper.h"
 #include "iservice_registry.h"
+#include "os_account_manager.h"
 #include "resource_manager.h"
 #include "sys_mgr_client.h"
 #include "system_ability_definition.h"
@@ -349,92 +351,6 @@ std::shared_ptr<Global::Resource::ResourceManager> AbilityContext::GetResourceMa
     return resourceManager;
 }
 
-int AbilityContext::VerifySelfPermission(const std::string &permission)
-{
-    HILOG_INFO("%{public}s begin. permission=%{public}s", __func__, permission.c_str());
-    if (permission.empty()) {
-        HILOG_ERROR("VerifySelfPermission permission invalid");
-        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
-    }
-
-    std::string bundle_name = GetBundleName();
-    if (bundle_name.empty()) {
-        HILOG_ERROR("VerifySelfPermission failed to get bundle name error");
-        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
-    }
-
-    sptr<IBundleMgr> ptr = GetBundleManager();
-    if (ptr == nullptr) {
-        HILOG_ERROR("VerifySelfPermission failed to get bundle manager service");
-        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
-    }
-
-    HILOG_INFO("%{public}s start bms->CheckPermission. bundle_name=%{public}s", __func__, bundle_name.c_str());
-    int ret = ptr->CheckPermission(bundle_name, permission);
-    HILOG_INFO("%{public}s end bms->CheckPermission, ret=%{public}d", __func__, ret);
-    HILOG_INFO("%{public}s end.", __func__);
-    return ret;
-}
-
-int AbilityContext::VerifyCallingPermission(const std::string &permission)
-{
-    HILOG_INFO("%{public}s begin. permission=%{public}s", __func__, permission.c_str());
-    if (permission.empty()) {
-        HILOG_ERROR("VerifyCallingPermission permission invalid");
-        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
-    }
-
-    std::string bundle_name = GetCallingBundle();
-    if (bundle_name.empty()) {
-        HILOG_ERROR("VerifyCallingPermission failed to get bundle name by uid");
-        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
-    }
-
-    sptr<IBundleMgr> ptr = GetBundleManager();
-    if (ptr == nullptr) {
-        HILOG_ERROR("VerifyCallingPermission failed to get bundle manager service");
-        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
-    }
-
-    HILOG_INFO("%{public}s start bms->CheckPermission. bundle_name=%{public}s", __func__, bundle_name.c_str());
-    int ret = ptr->CheckPermission(bundle_name, permission);
-    HILOG_INFO("%{public}s end bms->CheckPermission, ret=%{public}d", __func__, ret);
-    HILOG_INFO("%{public}s end.", __func__);
-    return ret;
-}
-
-bool AbilityContext::CanRequestPermission(const std::string &permission)
-{
-    HILOG_INFO("%{public}s begin. permission=%{public}s", __func__, permission.c_str());
-    if (permission.empty()) {
-        HILOG_ERROR("CanRequestPermission permission invalid");
-        return true;
-    }
-
-    std::string bundle_name = GetBundleName();
-    if (bundle_name.empty()) {
-        HILOG_ERROR("CanRequestPermission failed to get bundle name error");
-        return true;
-    }
-
-    sptr<IBundleMgr> ptr = GetBundleManager();
-    if (ptr == nullptr) {
-        HILOG_ERROR("CanRequestPermission failed to get bundle manager service");
-        return true;
-    }
-
-    HILOG_INFO("%{public}s start bms->CanRequestPermission. bundle_name=%{public}s", __func__, bundle_name.c_str());
-    bool ret = ptr->CanRequestPermission(bundle_name, permission, 0);
-    HILOG_INFO("%{public}s end bms->CanRequestPermission, ret=%{public}s", __func__, ret ? "true" : "false");
-    HILOG_INFO("%{public}s end.", __func__);
-    return ret;
-}
-
-int AbilityContext::VerifyCallingOrSelfPermission(const std::string &permission)
-{
-    return VerifySelfPermission(permission);
-}
-
 int AbilityContext::VerifyPermission(const std::string &permission, int pid, int uid)
 {
     HILOG_INFO("%{public}s begin. permission=%{public}s, pid=%{public}d, uid=%{public}d",
@@ -459,27 +375,36 @@ int AbilityContext::VerifyPermission(const std::string &permission, int pid, int
         return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
     }
 
-    HILOG_INFO("%{public}s start bms->CheckPermission. bundle_name=%{public}s", __func__, bundle_name.c_str());
-    int ret = ptr->CheckPermission(bundle_name, permission);
-    HILOG_INFO("%{public}s end bms->CheckPermission, ret=%{public}d", __func__, ret);
-    HILOG_INFO("%{public}s end.", __func__);
-    return ret;
+    int account = -1;
+    if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, account) != 0) {
+        HILOG_ERROR("VerifyPermission failed to get account by uid");
+        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
+    }
+
+    AppExecFwk::ApplicationInfo appInfo;
+    if (!ptr->GetApplicationInfo(bundle_name, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, account, appInfo)) {
+        HILOG_ERROR("VerifyPermission failed to get application info");
+        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
+    }
+
+    int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(appInfo.accessTokenId, permission);
+    if (ret == Security::AccessToken::PermissionState::PERMISSION_DENIED) {
+        HILOG_ERROR("VerifyPermission %{public}d: PERMISSION_DENIED", appInfo.accessTokenId);
+        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
+    }
+
+    return 0;
 }
 
 void AbilityContext::GetPermissionDes(const std::string &permissionName, std::string &des)
 {
-    sptr<IBundleMgr> ptr = GetBundleManager();
-    if (ptr == nullptr) {
-        HILOG_ERROR("GetPermissionDes failed to get bundle manager service");
-        return;
-    }
-
-    PermissionDef permissionDef;
-    HILOG_INFO("%{public}s start bms->GetPermissionDef. permissionName=%{public}s", __func__, permissionName.c_str());
-    if (ptr->GetPermissionDef(permissionName, permissionDef)) {
+    Security::AccessToken::PermissionDef permissionDef;
+    int32_t ret = Security::AccessToken::AccessTokenKit::GetDefPermission(permissionName, permissionDef);
+    if (ret == Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) {
+        HILOG_DEBUG("GetPermissionDes %{public}s: RET_SUCCESS", permissionName.c_str());
         des = permissionDef.description;
     }
-    HILOG_INFO("%{public}s end bms->GetPermissionDef.", __func__);
+    HILOG_DEBUG("%{public}s end GetPermissionDef.", __func__);
 }
 
 void AbilityContext::RequestPermissionsFromUser(std::vector<std::string> &permissions, int requestCode)

frameworks/kits/ability/native/test/mock/include/mock_ability_manager_service.cpp

@@ -186,12 +186,6 @@ bool MockAbilityManagerService::IsFirstInMission(const sptr<IRemoteObject> &toke
     return true;
 }
 
-int MockAbilityManagerService::CompelVerifyPermission(
-    const std::string &permission, int pid, int uid, std::string &message)
-{
-    return 0;
-}
-
 int MockAbilityManagerService::PowerOff()
 {
     return 0;

frameworks/kits/ability/native/test/mock/include/mock_ability_manager_service.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -210,8 +210,6 @@ public:
 
     virtual bool IsFirstInMission(const sptr<IRemoteObject> &token);
 
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message);
-
     virtual int SetShowOnLockScreen(bool isAllow) override
     {
         return 0;

frameworks/kits/ability/native/test/mock/include/mock_bundle_manager_form.h

@@ -241,10 +241,6 @@ public:
     MOCK_METHOD2(GetBundlesForUid, bool(const int uid, std::vector<std::string> &));
     MOCK_METHOD1(IsAbilityEnabled, bool(const AbilityInfo &));
     MOCK_METHOD2(GetAbilityIcon, std::string(const std::string &bundleName, const std::string &className));
-    MOCK_METHOD1(RegisterAllPermissionsChanged, bool(const sptr<OnPermissionChangedCallback> &callback));
-    MOCK_METHOD2(RegisterPermissionsChanged,
-        bool(const std::vector<int> &uids, const sptr<OnPermissionChangedCallback> &callback));
-    MOCK_METHOD1(UnregisterPermissionsChanged, bool(const sptr<OnPermissionChangedCallback> &callback));
     bool QueryAbilityInfo(const AAFwk::Want &want, AbilityInfo &abilityInfo) override;
     bool QueryAbilityInfoByUri(const std::string &uri, AbilityInfo &abilityInfo) override;
 

frameworks/kits/ability/native/test/unittest/ability_permission_test.cpp

@@ -95,32 +95,6 @@ HWTEST_F(AbilityPermissionTest, AaFwk_AbilityPermissionTest_VerifySelfPermission
     context_->VerifySelfPermission(permission_name);
 }
 
-/**
- * @tc.number: AaFwk_AbilityPermissionTest_VerifyCallingOrSelfPermission_0100
- * @tc.name: VerifyCallingOrSelfPermission
- * @tc.desc: Verify that the VerifyCallingOrSelfPermission return value is correct.
- */
-HWTEST_F(AbilityPermissionTest, AaFwk_AbilityPermissionTest_VerifyCallingOrSelfPermission_0100,
-    Function | MediumTest | Level1)
-{
-    if (context_ == nullptr) {
-        EXPECT_EQ(true, context_ != nullptr);
-        return;
-    }
-
-    std::string permission_name("permission_VerifyCallingOrSelfPermission");
-    std::shared_ptr<ApplicationInfo> appInfo = std::make_shared<ApplicationInfo>();
-    std::string name = "hello";
-    appInfo->bundleName = name;
-
-    std::shared_ptr<ContextDeal> deal = std::make_shared<ContextDeal>();
-    deal->SetApplicationInfo(appInfo);
-
-    context_->AttachBaseContext(deal);
-
-    context_->VerifyCallingOrSelfPermission(permission_name);
-}
-
 /**
  * @tc.number: AaFwk_AbilityPermissionTest_VerifyPermission_0100
  * @tc.name: VerifyPermission
@@ -146,30 +120,6 @@ HWTEST_F(AbilityPermissionTest, AaFwk_AbilityPermissionTest_VerifyPermission_010
     context_->VerifyPermission(permission_name, 0, 10);
 }
 
-/**
- * @tc.number: AaFwk_AbilityPermissionTest_CanRequestPermission_0100
- * @tc.name: CanRequestPermission
- * @tc.desc: Verify that the CanRequestPermission return value is correct.
- */
-HWTEST_F(AbilityPermissionTest, AaFwk_AbilityPermissionTest_CanRequestPermission_0100, Function | MediumTest | Level1)
-{
-    if (context_ == nullptr) {
-        EXPECT_EQ(true, context_ != nullptr);
-        return;
-    }
-
-    std::string permission_name("permission_CanRequestPermission");
-    std::shared_ptr<ApplicationInfo> appInfo = std::make_shared<ApplicationInfo>();
-    std::string name = "hello";
-    appInfo->bundleName = name;
-
-    std::shared_ptr<ContextDeal> deal = std::make_shared<ContextDeal>();
-    deal->SetApplicationInfo(appInfo);
-
-    context_->AttachBaseContext(deal);
-    context_->CanRequestPermission(permission_name);
-}
-
 /**
  * @tc.number: AaFwk_AbilityPermissionTest_RequestPermissionsFromUser_0100
  * @tc.name: RequestPermissionsFromUser

frameworks/kits/appkit/native/app/include/context.h

@@ -266,17 +266,6 @@ public:
      */
     virtual std::string GetNoBackupFilesDir() = 0;
 
-    /**
-     * @brief Checks whether the calling process for inter-process communication has the given permission.
-     * The calling process is not the current process.
-     *
-     * @param permission Indicates the permission to check. This parameter cannot be null.
-     *
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the calling process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    virtual int VerifyCallingPermission(const std::string &permission) = 0;
-
     /**
      * @brief Checks whether the current process has the given permission.
      * You need to call requestPermissionsFromUser(java.lang.std::string[],int) to request a permission only
@@ -366,30 +355,6 @@ public:
      */
     virtual ErrCode TerminateAbility() = 0;
 
-    /**
-     * @brief Confirms with the permission management module to check whether a request prompt is required for granting
-     * a certain permission. You need to call the current method to check whether a prompt is required before calling
-     * requestPermissionsFromUser(java.lang.String[],int) to request a permission. If a prompt is not required,
-     * permission request will not be initiated.
-     *
-     * @param requestCode Indicates the permission to be queried. This parameter cannot be null.
-     *
-     * @return Returns true if the current application does not have the permission and the user does not turn off
-     * further requests; returns false if the current application already has the permission, the permission is rejected
-     * by the system, or the permission is denied by the user and the user has turned off further requests.
-     */
-    virtual bool CanRequestPermission(const std::string &permission) = 0;
-
-    /**
-     * @brief When there is a remote call to check whether the remote has permission, otherwise check whether it has
-     * permission
-     *
-     * @param permissions Indicates the list of permissions to be requested. This parameter cannot be null.
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the current process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    virtual int VerifyCallingOrSelfPermission(const std::string &permission) = 0;
-
     /**
      * @brief Query whether the application of the specified PID and UID has been granted a certain permission
      *

frameworks/kits/appkit/native/app/include/context_container.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -199,17 +199,6 @@ public:
      */
     std::string GetNoBackupFilesDir() override;
 
-    /**
-     * @brief Checks whether the calling process for inter-process communication has the given permission.
-     * The calling process is not the current process.
-     *
-     * @param permission Indicates the permission to check. This parameter cannot be null.
-     *
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the calling process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    int VerifyCallingPermission(const std::string &permission) override;
-
     /**
      * @brief Checks whether the current process has the given permission.
      * You need to call requestPermissionsFromUser(java.lang.std::string[],int) to request a permission only
@@ -264,30 +253,6 @@ public:
      */
     std::string GetAppType() override;
 
-    /**
-     * @brief Confirms with the permission management module to check whether a request prompt is required for granting
-     * a certain permission. You need to call the current method to check whether a prompt is required before calling
-     * requestPermissionsFromUser(java.lang.String[],int) to request a permission. If a prompt is not required,
-     * permission request will not be initiated.
-     *
-     * @param requestCode Indicates the permission to be queried. This parameter cannot be null.
-     *
-     * @return Returns true if the current application does not have the permission and the user does not turn off
-     * further requests; returns false if the current application already has the permission, the permission is rejected
-     * by the system, or the permission is denied by the user and the user has turned off further requests.
-     */
-    bool CanRequestPermission(const std::string &permission) override;
-
-    /**
-     * @brief When there is a remote call to check whether the remote has permission, otherwise check whether it has
-     * permission
-     *
-     * @param permissions Indicates the list of permissions to be requested. This parameter cannot be null.
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the current process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    int VerifyCallingOrSelfPermission(const std::string &permission) override;
-
     /**
      * @brief Query whether the application of the specified PID and UID has been granted a certain permission
      *

frameworks/kits/appkit/native/app/include/context_deal.h

@@ -261,17 +261,6 @@ public:
      */
     std::string GetNoBackupFilesDir() override;
 
-    /**
-     * @brief Checks whether the calling process for inter-process communication has the given permission.
-     * The calling process is not the current process.
-     *
-     * @param permission Indicates the permission to check. This parameter cannot be null.
-     *
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the calling process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    int VerifyCallingPermission(const std::string &permission) override;
-
     /**
      * @brief Checks whether the current process has the given permission.
      * You need to call requestPermissionsFromUser(java.lang.std::string[],int) to request a permission only
@@ -354,30 +343,6 @@ public:
      */
     ErrCode TerminateAbility(int requestCode) override;
 
-    /**
-     * @brief Confirms with the permission management module to check whether a request prompt is required for granting
-     * a certain permission. You need to call the current method to check whether a prompt is required before calling
-     * requestPermissionsFromUser(java.lang.String[],int) to request a permission. If a prompt is not required,
-     * permission request will not be initiated.
-     *
-     * @param requestCode Indicates the permission to be queried. This parameter cannot be null.
-     *
-     * @return Returns true if the current application does not have the permission and the user does not turn off
-     * further requests; returns false if the current application already has the permission, the permission is rejected
-     * by the system, or the permission is denied by the user and the user has turned off further requests.
-     */
-    bool CanRequestPermission(const std::string &permission) override;
-
-    /**
-     * @brief When there is a remote call to check whether the remote has permission, otherwise check whether it has
-     * permission
-     *
-     * @param permissions Indicates the list of permissions to be requested. This parameter cannot be null.
-     * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the current process has the permission;
-     * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
-     */
-    virtual int VerifyCallingOrSelfPermission(const std::string &permission) override;
-
     /**
      * @brief Query whether the application of the specified PID and UID has been granted a certain permission
      *

frameworks/kits/appkit/native/app/src/context_container.cpp

@@ -335,25 +335,6 @@ std::string ContextContainer::GetNoBackupFilesDir()
     }
 }
 
-/**
- * @brief Checks whether the calling process for inter-process communication has the given permission.
- * The calling process is not the current process.
- *
- * @param permission Indicates the permission to check. This parameter cannot be null.
- *
- * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the calling process has the permission;
- * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
- */
-int ContextContainer::VerifyCallingPermission(const std::string &permission)
-{
-    if (baseContext_ != nullptr) {
-        return baseContext_->VerifyCallingPermission(permission);
-    } else {
-        HILOG_ERROR("ContextContainer::VerifyCallingPermission baseContext_ is nullptr");
-        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
-    }
-}
-
 /**
  * @brief Checks whether the current process has the given permission.
  * You need to call requestPermissionsFromUser(java.lang.std::string[],int) to request a permission only
@@ -455,46 +436,6 @@ std::string ContextContainer::GetAppType()
     }
 }
 
-/**
- * @brief Confirms with the permission management module to check whether a request prompt is required for granting a
- * certain permission. You need to call the current method to check whether a prompt is required before calling
- * requestPermissionsFromUser(java.lang.String[],int) to request a permission. If a prompt is not required, permission
- * request will not be initiated.
- *
- * @param requestCode Indicates the permission to be queried. This parameter cannot be null.
- *
- * @return Returns true if the current application does not have the permission and the user does not turn off further
- * requests; returns false if the current application already has the permission, the permission is rejected by the
- * system, or the permission is denied by the user and the user has turned off further requests.
- */
-bool ContextContainer::CanRequestPermission(const std::string &permission)
-{
-    if (baseContext_ != nullptr) {
-        return baseContext_->CanRequestPermission(permission);
-    } else {
-        HILOG_ERROR("ContextContainer::CanRequestPermission baseContext_ is nullptr");
-        return true;
-    }
-}
-
-/**
- * @brief When there is a remote call to check whether the remote has permission, otherwise check whether it has
- * permission
- *
- * @param permissions Indicates the list of permissions to be requested. This parameter cannot be null.
- * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the current process has the permission;
- * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
- */
-int ContextContainer::VerifyCallingOrSelfPermission(const std::string &permission)
-{
-    if (baseContext_ != nullptr) {
-        return baseContext_->VerifyCallingOrSelfPermission(permission);
-    } else {
-        HILOG_ERROR("ContextContainer::VerifyCallingOrSelfPermission baseContext_ is nullptr");
-        return AppExecFwk::Constants::PERMISSION_NOT_GRANTED;
-    }
-}
-
 /**
  * @brief Query whether the application of the specified PID and UID has been granted a certain permission
  *

frameworks/kits/appkit/native/app/src/context_deal.cpp

@@ -448,20 +448,6 @@ std::string ContextDeal::GetNoBackupFilesDir()
     return dir;
 }
 
-/**
- * @brief Checks whether the calling process for inter-process communication has the given permission.
- * The calling process is not the current process.
- *
- * @param permission Indicates the permission to check. This parameter cannot be null.
- *
- * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the calling process has the permission;
- * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
- */
-int ContextDeal::VerifyCallingPermission(const std::string &permission)
-{
-    return 0;
-}
-
 /**
  * @brief Checks whether the current process has the given permission.
  * You need to call requestPermissionsFromUser(java.lang.std::string[],int) to request a permission only
@@ -595,36 +581,6 @@ ErrCode ContextDeal::TerminateAbility(int requestCode)
     return ERR_INVALID_VALUE;
 }
 
-/**
- * @brief Confirms with the permission management module to check whether a request prompt is required for granting a
- * certain permission. You need to call the current method to check whether a prompt is required before calling
- * requestPermissionsFromUser(java.lang.String[],int) to request a permission. If a prompt is not required, permission
- * request will not be initiated.
- *
- * @param requestCode Indicates the permission to be queried. This parameter cannot be null.
- *
- * @return Returns true if the current application does not have the permission and the user does not turn off further
- * requests; returns false if the current application already has the permission, the permission is rejected by the
- * system, or the permission is denied by the user and the user has turned off further requests.
- */
-bool ContextDeal::CanRequestPermission(const std::string &permission)
-{
-    return false;
-}
-
-/**
- * @brief When there is a remote call to check whether the remote has permission, otherwise check whether it has
- * permission
- *
- * @param permissions Indicates the list of permissions to be requested. This parameter cannot be null.
- * @return Returns 0 (IBundleManager.PERMISSION_GRANTED) if the current process has the permission;
- * returns -1 (IBundleManager.PERMISSION_DENIED) otherwise.
- */
-int ContextDeal::VerifyCallingOrSelfPermission(const std::string &permission)
-{
-    return 0;
-}
-
 /**
  * @brief Query whether the application of the specified PID and UID has been granted a certain permission
  *

frameworks/kits/appkit/native/test/mock/include/mock_ability_manager_client_interface1.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -239,19 +239,6 @@ public:
     {
         return true;
     };
-    virtual bool RegisterAllPermissionsChanged(const sptr<OnPermissionChangedCallback> &callback)
-    {
-        return true;
-    };
-    virtual bool RegisterPermissionsChanged(
-        const std::vector<int> &uids, const sptr<OnPermissionChangedCallback> &callback)
-    {
-        return true;
-    };
-    virtual bool UnregisterPermissionsChanged(const sptr<OnPermissionChangedCallback> &callback)
-    {
-        return true;
-    };
     virtual bool GetAllFormsInfo(std::vector<FormInfo> &formInfos)
     {
         return true;

frameworks/kits/appkit/test/Mock/include/mock_bundle_mgr_service.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -114,10 +114,6 @@ public:
     MOCK_METHOD2(GetBundlesForUid, bool(const int uid, std::vector<std::string> &));
     MOCK_METHOD1(IsAbilityEnabled, bool(const AbilityInfo &));
     MOCK_METHOD2(GetAbilityIcon, std::string(const std::string &bundleName, const std::string &className));
-    MOCK_METHOD1(RegisterAllPermissionsChanged, bool(const sptr<OnPermissionChangedCallback> &callback));
-    MOCK_METHOD2(RegisterPermissionsChanged,
-        bool(const std::vector<int> &uids, const sptr<OnPermissionChangedCallback> &callback));
-    MOCK_METHOD1(UnregisterPermissionsChanged, bool(const sptr<OnPermissionChangedCallback> &callback));
     void Wait()
     {
         sem_.Wait();

frameworks/kits/test/mock/AMS/mock_ability_manager_service.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -224,12 +224,6 @@ bool MockAbilityManagerService::IsFirstInMission(const sptr<IRemoteObject> &toke
     return true;
 }
 
-int MockAbilityManagerService::CompelVerifyPermission(
-    const std::string &permission, int pid, int uid, std::string &message)
-{
-    return 0;
-}
-
 int MockAbilityManagerService::PowerOff()
 {
     return 0;

frameworks/kits/test/mock/AMS/mock_ability_manager_service.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -146,7 +146,6 @@ public:
     
     int MoveMissionToEnd(const sptr<IRemoteObject> &token, const bool nonFirst) override;
     bool IsFirstInMission(const sptr<IRemoteObject> &token) override;
-    int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override;
 
     int GetRecentMissions(
         const int32_t numMax, const int32_t flags, std::vector<AbilityMissionInfo> &recentList) override;

frameworks/kits/test/mock/AMS/mock_serviceability_manager_service.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -196,12 +196,6 @@ bool MockServiceAbilityManagerService::IsFirstInMission(const sptr<IRemoteObject
     return true;
 }
 
-int MockServiceAbilityManagerService::CompelVerifyPermission(const std::string &permission,
-    int pid, int uid, std::string &message)
-{
-    return 0;
-}
-
 int MockServiceAbilityManagerService::PowerOff()
 {
     return 0;

frameworks/kits/test/mock/AMS/mock_serviceability_manager_service.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -145,7 +145,6 @@ public:
 
     int MoveMissionToEnd(const sptr<IRemoteObject> &token, const bool nonFirst) override;
     bool IsFirstInMission(const sptr<IRemoteObject> &token) override;
-    int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override;
 
     int RemoveMission(int id) override;
 

interfaces/innerkits/ability_manager/include/ability_manager_client.h

@@ -359,8 +359,6 @@ public:
      */
     ErrCode IsFirstInMission(const sptr<IRemoteObject> &token);
 
-    ErrCode CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message);
-
     /**
      * Save the top ability States and move them to the background
      * @return Returns ERR_OK on success, others on failure.

interfaces/innerkits/ability_manager/include/ability_manager_interface.h

@@ -465,18 +465,6 @@ public:
      */
     virtual bool IsFirstInMission(const sptr<IRemoteObject> &token) = 0;
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) = 0;
-
     /**
      * Save the top ability States and move them to the background
      * @return Returns ERR_OK on success, others on failure.

interfaces/innerkits/app_manager/include/appmgr/ams_mgr_interface.h

@@ -143,18 +143,6 @@ public:
 
     virtual void PrepareTerminate(const sptr<IRemoteObject> &token) = 0;
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) = 0;
-
     virtual void GetRunningProcessInfoByToken(
         const sptr<IRemoteObject> &token, OHOS::AppExecFwk::RunningProcessInfo &info) = 0;
 
@@ -184,7 +172,6 @@ public:
         KILL_PROCESS_WITH_ACCOUNT,
         KILL_APPLICATION,
         ABILITY_ATTACH_TIMEOUT,
-        COMPEL_VERIFY_PERMISSION,
         PREPARE_TERMINATE_ABILITY,
         KILL_APPLICATION_BYUID,
         GET_RUNNING_PROCESS_INFO_BY_TOKEN,

interfaces/innerkits/app_manager/include/appmgr/ams_mgr_proxy.h

@@ -137,18 +137,6 @@ public:
 
     virtual void PrepareTerminate(const sptr<IRemoteObject> &token) override;
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override;
-
     void GetRunningProcessInfoByToken(const sptr<IRemoteObject> &token, AppExecFwk::RunningProcessInfo &info) override;
 
     virtual void StartSpecifiedAbility(

interfaces/innerkits/app_manager/include/appmgr/ams_mgr_stub.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -54,7 +54,6 @@ private:
     int32_t HandleKillProcessWithAccount(MessageParcel &data, MessageParcel &reply);
     int32_t HandleKillApplication(MessageParcel &data, MessageParcel &reply);
     int32_t HandleAbilityAttachTimeOut(MessageParcel &data, MessageParcel &reply);
-    int32_t HandleCompelVerifyPermission(MessageParcel &data, MessageParcel &reply);
     int32_t HandlePrepareTerminate(MessageParcel &data, MessageParcel &reply);
     int32_t HandleKillApplicationByUid(MessageParcel &data, MessageParcel &reply);
     int32_t HandleGetRunningProcessInfoByToken(MessageParcel &data, MessageParcel &reply);

interfaces/innerkits/app_manager/include/appmgr/app_mgr_client.h

@@ -173,18 +173,6 @@ public:
 
     virtual void PrepareTerminate(const sptr<IRemoteObject> &token);
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message);
-
     /**
      * Get system memory information.
      * @param SystemMemoryAttr, memory information.

interfaces/innerkits/app_manager/src/appmgr/ams_mgr_proxy.cpp

@@ -391,34 +391,6 @@ void AmsMgrProxy::PrepareTerminate(const sptr<IRemoteObject> &token)
     HILOG_DEBUG("end");
 }
 
-int AmsMgrProxy::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    HILOG_DEBUG("start");
-    MessageParcel data;
-    MessageParcel reply;
-    MessageOption option(MessageOption::TF_SYNC);
-    if (!WriteInterfaceToken(data)) {
-        return ERR_INVALID_DATA;
-    }
-    if (!data.WriteString16(Str8ToStr16(permission)) || !data.WriteInt32(pid) || !data.WriteInt32(uid)) {
-        HILOG_ERROR("%{public}s, write failed", __func__);
-        return ERR_INVALID_DATA;
-    }
-    sptr<IRemoteObject> remote = Remote();
-    if (remote == nullptr) {
-        HILOG_ERROR("Remote() is NULL");
-        return ERR_NULL_OBJECT;
-    }
-    auto ret =
-        remote->SendRequest(static_cast<uint32_t>(IAmsMgr::Message::COMPEL_VERIFY_PERMISSION), data, reply, option);
-    if (ret != NO_ERROR) {
-        HILOG_WARN("SendRequest is failed, error code: %{public}d", ret);
-        return ERR_INVALID_DATA;
-    }
-    message = Str16ToStr8(reply.ReadString16());
-    return reply.ReadInt32();
-}
-
 void AmsMgrProxy::GetRunningProcessInfoByToken(
     const sptr<IRemoteObject> &token, AppExecFwk::RunningProcessInfo &info)
 {

interfaces/innerkits/app_manager/src/appmgr/ams_mgr_stub.cpp

@@ -51,8 +51,6 @@ AmsMgrStub::AmsMgrStub()
     memberFuncMap_[static_cast<uint32_t>(IAmsMgr::Message::KILL_APPLICATION)] = &AmsMgrStub::HandleKillApplication;
     memberFuncMap_[static_cast<uint32_t>(IAmsMgr::Message::ABILITY_ATTACH_TIMEOUT)] =
         &AmsMgrStub::HandleAbilityAttachTimeOut;
-    memberFuncMap_[static_cast<uint32_t>(IAmsMgr::Message::COMPEL_VERIFY_PERMISSION)] =
-        &AmsMgrStub::HandleCompelVerifyPermission;
     memberFuncMap_[static_cast<uint32_t>(IAmsMgr::Message::PREPARE_TERMINATE_ABILITY)] =
         &AmsMgrStub::HandlePrepareTerminate;
     memberFuncMap_[static_cast<uint32_t>(IAmsMgr::Message::KILL_APPLICATION_BYUID)] =
@@ -232,19 +230,6 @@ int32_t AmsMgrStub::HandleAbilityAttachTimeOut(MessageParcel &data, MessageParce
     return NO_ERROR;
 }
 
-int32_t AmsMgrStub::HandleCompelVerifyPermission(MessageParcel &data, MessageParcel &reply)
-{
-    BYTRACE(BYTRACE_TAG_APP);
-    auto permission = Str16ToStr8(data.ReadString16());
-    auto pid = data.ReadInt32();
-    auto uid = data.ReadInt32();
-    std::string message;
-    auto result = CompelVerifyPermission(permission, pid, uid, message);
-    reply.WriteString16(Str8ToStr16(message));
-    reply.WriteInt32(result);
-    return NO_ERROR;
-}
-
 int32_t AmsMgrStub::HandlePrepareTerminate(MessageParcel &data, MessageParcel &reply)
 {
     sptr<IRemoteObject> token = data.ReadParcelable<IRemoteObject>();

interfaces/innerkits/app_manager/src/appmgr/app_mgr_client.cpp

@@ -277,23 +277,6 @@ void AppMgrClient::PrepareTerminate(const sptr<IRemoteObject> &token)
     amsService->PrepareTerminate(token);
 }
 
-int AppMgrClient::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    sptr<IAppMgr> service = iface_cast<IAppMgr>(remote_);
-    if (service == nullptr) {
-        return AppMgrResultCode::ERROR_SERVICE_NOT_CONNECTED;
-    }
-    sptr<IAmsMgr> amsService = service->GetAmsMgr();
-    if (amsService == nullptr) {
-        return AppMgrResultCode::ERROR_SERVICE_NOT_CONNECTED;
-    }
-    auto result = amsService->CompelVerifyPermission(permission, pid, uid, message);
-    if (result != ERR_OK) {
-        return AppMgrResultCode::ERROR_SERVICE_NOT_READY;
-    }
-    return AppMgrResultCode::RESULT_OK;
-}
-
 /**
  * Get system memory information.
  * @param SystemMemoryAttr, memory information.

interfaces/kits/napi/aafwk/featureAbility/napi_context.cpp

@@ -609,80 +609,6 @@ napi_value NAPI_GetCtxAbilityInfo(napi_env env, napi_callback_info info)
     return NAPI_GetAbilityInfoCommon(env, info, AbilityType::PAGE);
 }
 
-void CanRequestPermissionExecuteCallback(napi_env env, void *data)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-
-    AsyncJSCallbackInfo *asyncCallbackInfo = (AsyncJSCallbackInfo *)data;
-    if (asyncCallbackInfo == nullptr) {
-        HILOG_INFO("%{public}s called. asyncCallbackInfo is null", __func__);
-        return;
-    }
-
-    asyncCallbackInfo->error_code = NAPI_ERR_NO_ERROR;
-    asyncCallbackInfo->native_data.data_type = NVT_NONE;
-
-    if (asyncCallbackInfo->ability == nullptr) {
-        asyncCallbackInfo->error_code = NAPI_ERR_ACE_ABILITY;
-        return;
-    }
-
-    std::string permission(asyncCallbackInfo->param.paramArgs.GetStringValue("permission"));
-    asyncCallbackInfo->native_data.data_type = NVT_BOOL;
-    asyncCallbackInfo->native_data.bool_value = asyncCallbackInfo->ability->CanRequestPermission(permission);
-}
-
-napi_value NAPI_CanRequestPermissionWrap(napi_env env, napi_callback_info info, AsyncJSCallbackInfo *asyncCallbackInfo)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-    size_t argc = ARGS_MAX_COUNT;
-    napi_value args[ARGS_MAX_COUNT] = {nullptr};
-    napi_value jsthis = 0;
-    void *data = nullptr;
-
-    NAPI_CALL(env, napi_get_cb_info(env, info, &argc, args, &jsthis, &data));
-
-    if (!UnwrapParamVerifySelfPermission(env, argc, args, asyncCallbackInfo)) {
-        HILOG_INFO("%{public}s called. Invoke UnwrapParamVerifySelfPermission fail", __func__);
-        return nullptr;
-    }
-
-    AsyncParamEx asyncParamEx;
-    if (asyncCallbackInfo->cbInfo.callback != nullptr) {
-        HILOG_INFO("%{public}s called. asyncCallback.", __func__);
-        asyncParamEx.resource = "NAPI_CanRequestPermissionCallback";
-        asyncParamEx.execute = CanRequestPermissionExecuteCallback;
-        asyncParamEx.complete = CompleteAsyncCallbackWork;
-
-        return ExecuteAsyncCallbackWork(env, asyncCallbackInfo, &asyncParamEx);
-    } else {
-        HILOG_INFO("%{public}s called. promise.", __func__);
-        asyncParamEx.resource = "NAPI_CanRequestPermissionPromise";
-        asyncParamEx.execute = CanRequestPermissionExecuteCallback;
-        asyncParamEx.complete = CompletePromiseCallbackWork;
-
-        return ExecutePromiseCallbackWork(env, asyncCallbackInfo, &asyncParamEx);
-    }
-}
-
-napi_value NAPI_CanRequestPermission(napi_env env, napi_callback_info info)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-
-    AsyncJSCallbackInfo *asyncCallbackInfo = CreateAsyncJSCallbackInfo(env);
-    if (asyncCallbackInfo == nullptr) {
-        HILOG_INFO("%{public}s called. Invoke CreateAsyncJSCallbackInfo failed.", __func__);
-        return WrapVoidToJS(env);
-    }
-
-    napi_value rev = NAPI_CanRequestPermissionWrap(env, info, asyncCallbackInfo);
-    if (rev == nullptr) {
-        FreeAsyncJSCallbackInfo(&asyncCallbackInfo);
-        rev = WrapVoidToJS(env);
-    }
-    return rev;
-}
-
 bool UnwrapVerifyPermissionOptions(napi_env env, napi_value argv, AsyncJSCallbackInfo *asyncCallbackInfo)
 {
     HILOG_INFO("%{public}s called", __func__);
@@ -833,156 +759,6 @@ napi_value NAPI_VerifyPermission(napi_env env, napi_callback_info info)
     return rev;
 }
 
-void VerifyCallingPermissionExecuteCallback(napi_env env, void *data)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-
-    AsyncJSCallbackInfo *asyncCallbackInfo = (AsyncJSCallbackInfo *)data;
-    if (asyncCallbackInfo == nullptr) {
-        HILOG_INFO("%{public}s called. asyncCallbackInfo is null", __func__);
-        return;
-    }
-
-    asyncCallbackInfo->error_code = NAPI_ERR_NO_ERROR;
-    asyncCallbackInfo->native_data.data_type = NVT_NONE;
-
-    if (asyncCallbackInfo->ability == nullptr) {
-        asyncCallbackInfo->error_code = NAPI_ERR_ACE_ABILITY;
-        return;
-    }
-
-    asyncCallbackInfo->native_data.data_type = NVT_INT32;
-    std::string permission(asyncCallbackInfo->param.paramArgs.GetStringValue("permission").c_str());
-    asyncCallbackInfo->native_data.int32_value = asyncCallbackInfo->ability->VerifyCallingPermission(permission);
-}
-
-napi_value NAPI_VerifyCallingPermissionWrap(
-    napi_env env, napi_callback_info info, AsyncJSCallbackInfo *asyncCallbackInfo)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-    size_t argc = ARGS_MAX_COUNT;
-    napi_value args[ARGS_MAX_COUNT] = {nullptr};
-    napi_value jsthis = 0;
-    void *data = nullptr;
-
-    NAPI_CALL(env, napi_get_cb_info(env, info, &argc, args, &jsthis, &data));
-
-    if (!UnwrapParamVerifySelfPermission(env, argc, args, asyncCallbackInfo)) {
-        HILOG_INFO("%{public}s called. Invoke UnwrapParamVerifySelfPermission fail", __func__);
-        return nullptr;
-    }
-
-    AsyncParamEx asyncParamEx;
-    if (asyncCallbackInfo->cbInfo.callback != nullptr) {
-        HILOG_INFO("%{public}s called. asyncCallback.", __func__);
-        asyncParamEx.resource = "NAPI_VerifyCallingPermissionCallback";
-        asyncParamEx.execute = VerifyCallingPermissionExecuteCallback;
-        asyncParamEx.complete = CompleteAsyncCallbackWork;
-
-        return ExecuteAsyncCallbackWork(env, asyncCallbackInfo, &asyncParamEx);
-    } else {
-        HILOG_INFO("%{public}s called. promise.", __func__);
-        asyncParamEx.resource = "NAPI_VerifyCallingPermissionPromise";
-        asyncParamEx.execute = VerifyCallingPermissionExecuteCallback;
-        asyncParamEx.complete = CompletePromiseCallbackWork;
-
-        return ExecutePromiseCallbackWork(env, asyncCallbackInfo, &asyncParamEx);
-    }
-}
-
-napi_value NAPI_VerifyCallingPermission(napi_env env, napi_callback_info info)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-
-    AsyncJSCallbackInfo *asyncCallbackInfo = CreateAsyncJSCallbackInfo(env);
-    if (asyncCallbackInfo == nullptr) {
-        HILOG_INFO("%{public}s called. Invoke CreateAsyncJSCallbackInfo failed.", __func__);
-        return WrapVoidToJS(env);
-    }
-
-    napi_value rev = NAPI_VerifyCallingPermissionWrap(env, info, asyncCallbackInfo);
-    if (rev == nullptr) {
-        FreeAsyncJSCallbackInfo(&asyncCallbackInfo);
-        rev = WrapVoidToJS(env);
-    }
-    return rev;
-}
-
-void VerifyCallingOrSelfPermissionExecuteCallback(napi_env env, void *data)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-
-    AsyncJSCallbackInfo *asyncCallbackInfo = static_cast<AsyncJSCallbackInfo *>(data);
-    if (asyncCallbackInfo == nullptr) {
-        HILOG_INFO("%{public}s called. asyncCallbackInfo is null", __func__);
-        return;
-    }
-
-    asyncCallbackInfo->error_code = NAPI_ERR_NO_ERROR;
-    asyncCallbackInfo->native_data.data_type = NVT_NONE;
-
-    if (asyncCallbackInfo->ability == nullptr) {
-        asyncCallbackInfo->error_code = NAPI_ERR_ACE_ABILITY;
-        return;
-    }
-
-    asyncCallbackInfo->native_data.data_type = NVT_INT32;
-    std::string permission(asyncCallbackInfo->param.paramArgs.GetStringValue("permission").c_str());
-    asyncCallbackInfo->native_data.int32_value = asyncCallbackInfo->ability->VerifyCallingOrSelfPermission(permission);
-}
-
-napi_value NAPI_VerifyCallingOrSelfPermissionWrap(
-    napi_env env, napi_callback_info info, AsyncJSCallbackInfo *asyncCallbackInfo)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-    size_t argc = ARGS_MAX_COUNT;
-    napi_value args[ARGS_MAX_COUNT] = {nullptr};
-    napi_value jsthis = 0;
-    void *data = nullptr;
-
-    NAPI_CALL(env, napi_get_cb_info(env, info, &argc, args, &jsthis, &data));
-
-    if (!UnwrapParamVerifySelfPermission(env, argc, args, asyncCallbackInfo)) {
-        HILOG_INFO("%{public}s called. Invoke UnwrapParamVerifySelfPermission fail", __func__);
-        return nullptr;
-    }
-
-    AsyncParamEx asyncParamEx;
-    if (asyncCallbackInfo->cbInfo.callback != nullptr) {
-        HILOG_INFO("%{public}s called. asyncCallback.", __func__);
-        asyncParamEx.resource = "NAPI_VerifyCallingOrSelfPermissionCallback";
-        asyncParamEx.execute = VerifyCallingOrSelfPermissionExecuteCallback;
-        asyncParamEx.complete = CompleteAsyncCallbackWork;
-
-        return ExecuteAsyncCallbackWork(env, asyncCallbackInfo, &asyncParamEx);
-    } else {
-        HILOG_INFO("%{public}s called. promise.", __func__);
-        asyncParamEx.resource = "NAPI_VerifyCallingOrSelfPermissionPromise";
-        asyncParamEx.execute = VerifyCallingOrSelfPermissionExecuteCallback;
-        asyncParamEx.complete = CompletePromiseCallbackWork;
-
-        return ExecutePromiseCallbackWork(env, asyncCallbackInfo, &asyncParamEx);
-    }
-}
-
-napi_value NAPI_VerifyCallingOrSelfPermission(napi_env env, napi_callback_info info)
-{
-    HILOG_INFO("%{public}s called.", __func__);
-
-    AsyncJSCallbackInfo *asyncCallbackInfo = CreateAsyncJSCallbackInfo(env);
-    if (asyncCallbackInfo == nullptr) {
-        HILOG_INFO("%{public}s called. Invoke CreateAsyncJSCallbackInfo failed.", __func__);
-        return WrapVoidToJS(env);
-    }
-
-    napi_value rev = NAPI_VerifyCallingOrSelfPermissionWrap(env, info, asyncCallbackInfo);
-    if (rev == nullptr) {
-        FreeAsyncJSCallbackInfo(&asyncCallbackInfo);
-        rev = WrapVoidToJS(env);
-    }
-    return rev;
-}
-
 /**
  * @brief GetApplicationInfo asynchronous processing function.
  *
@@ -3069,10 +2845,7 @@ napi_value ContextPermissionInit(napi_env env, napi_value exports)
         DECLARE_NAPI_FUNCTION("verifySelfPermission", NAPI_VerifySelfPermission),
         DECLARE_NAPI_FUNCTION("requestPermissionsFromUser", NAPI_RequestPermissionsFromUser),
         DECLARE_NAPI_FUNCTION("getBundleName", NAPI_GetBundleName),
-        DECLARE_NAPI_FUNCTION("canRequestPermission", NAPI_CanRequestPermission),
         DECLARE_NAPI_FUNCTION("verifyPermission", NAPI_VerifyPermission),
-        DECLARE_NAPI_FUNCTION("verifyCallingPermission", NAPI_VerifyCallingPermission),
-        DECLARE_NAPI_FUNCTION("verifyCallingOrSelfPermission", NAPI_VerifyCallingOrSelfPermission),
         DECLARE_NAPI_FUNCTION("getApplicationInfo", NAPI_GetApplicationInfo),
         DECLARE_NAPI_FUNCTION("getProcessInfo", NAPI_GetProcessInfo),
         DECLARE_NAPI_FUNCTION("getElementName", NAPI_GetElementName),

services/abilitymgr/include/ability_manager_proxy.h

@@ -429,18 +429,6 @@ public:
      */
     virtual bool IsFirstInMission(const sptr<IRemoteObject> &token) override;
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override;
-
     /**
      * Save the top ability States and move them to the background
      * @return Returns ERR_OK on success, others on failure.

services/abilitymgr/include/ability_manager_service.h

@@ -547,18 +547,6 @@ public:
      */
     virtual bool IsFirstInMission(const sptr<IRemoteObject> &token) override;
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override;
-
     /**
      * Save the top ability States and move them to the background
      * @return Returns ERR_OK on success, others on failure.

services/abilitymgr/include/ability_manager_stub.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -96,7 +96,6 @@ private:
     int CloseMultiWindowInner(MessageParcel &data, MessageParcel &reply);
     int SetMissionStackSettingInner(MessageParcel &data, MessageParcel &reply);
     int IsFirstInMissionInner(MessageParcel &data, MessageParcel &reply);
-    int CompelVerifyPermissionInner(MessageParcel &data, MessageParcel &reply);
     int PowerOffInner(MessageParcel &data, MessageParcel &reply);
     int PowerOnInner(MessageParcel &data, MessageParcel &reply);
     int LockMissionInner(MessageParcel &data, MessageParcel &reply);

services/abilitymgr/include/app_scheduler.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -230,18 +230,6 @@ public:
 
     void PrepareTerminate(const sptr<IRemoteObject> &token);
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message);
-
     /**
      * Get system memory information.
      * @param SystemMemoryAttr, memory information.

services/abilitymgr/src/ability_manager_client.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -389,17 +389,7 @@ ErrCode AbilityManagerClient::IsFirstInMission(const sptr<IRemoteObject> &token)
     }
     return ERR_OK;
 }
-#endif
 
-ErrCode AbilityManagerClient::CompelVerifyPermission(
-    const std::string &permission, int pid, int uid, std::string &message)
-{
-    CHECK_REMOTE_OBJECT_AND_RETURN(remoteObject_, ABILITY_SERVICE_NOT_CONNECTED);
-    sptr<IAbilityManager> abms = iface_cast<IAbilityManager>(remoteObject_);
-    return abms->CompelVerifyPermission(permission, pid, uid, message);
-}
-
-#ifdef SUPPORT_GRAPHICS
 ErrCode AbilityManagerClient::MoveMissionToFloatingStack(const MissionOption &missionOption)
 {
     CHECK_REMOTE_OBJECT_AND_RETURN(remoteObject_, ABILITY_SERVICE_NOT_CONNECTED);

services/abilitymgr/src/ability_manager_proxy.cpp

@@ -1146,27 +1146,6 @@ bool AbilityManagerProxy::IsFirstInMission(const sptr<IRemoteObject> &token)
     return reply.ReadBool();
 }
 
-int AbilityManagerProxy::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    MessageParcel data;
-    MessageParcel reply;
-    MessageOption option;
-    if (!WriteInterfaceToken(data)) {
-        return INNER_ERR;
-    }
-    if (!data.WriteString16(Str8ToStr16(permission)) || !data.WriteInt32(pid) || !data.WriteInt32(uid)) {
-        HILOG_ERROR("data write failed.");
-        return INNER_ERR;
-    }
-    auto error = Remote()->SendRequest(IAbilityManager::COMPEL_VERIFY_PERMISSION, data, reply, option);
-    if (error != NO_ERROR) {
-        HILOG_ERROR("Send request error: %{public}d", error);
-        return error;
-    }
-    message = Str16ToStr8(reply.ReadString16());
-    return reply.ReadInt32();
-}
-
 int AbilityManagerProxy::PowerOff()
 {
     MessageParcel data;

services/abilitymgr/src/ability_manager_service.cpp

@@ -84,7 +84,6 @@ const std::string APP_MEMORY_MAX_SIZE_PARAMETER = "const.product.dalvikheaplimit
 const std::string RAM_CONSTRAINED_DEVICE_SIGN = "const.product.islowram";
 const std::string PKG_NAME = "ohos.distributedhardware.devicemanager";
 const std::string ACTION_CHOOSE = "ohos.want.action.select";
-const std::string PERMISSION_SET_ABILITY_CONTROLLER = "ohos.permission.SET_ABILITY_CONTROLLER";
 const std::map<std::string, AbilityManagerService::DumpKey> AbilityManagerService::dumpMap = {
     std::map<std::string, AbilityManagerService::DumpKey>::value_type("--all", KEY_DUMP_ALL),
     std::map<std::string, AbilityManagerService::DumpKey>::value_type("-a", KEY_DUMP_ALL),
@@ -3210,15 +3209,7 @@ bool AbilityManagerService::IsFirstInMission(const sptr<IRemoteObject> &token)
     }
     return stackManager->IsFirstInMission(token);
 }
-#endif
 
-int AbilityManagerService::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    HILOG_INFO("Compel verify permission.");
-    return DelayedSingleton<AppScheduler>::GetInstance()->CompelVerifyPermission(permission, pid, uid, message);
-}
-
-#ifdef SUPPORT_GRAPHICS
 int AbilityManagerService::PowerOff()
 {
     HILOG_INFO("Power off.");
@@ -4082,16 +4073,12 @@ int AbilityManagerService::SetAbilityController(const sptr<IAbilityController> &
     bool imAStabilityTest)
 {
     HILOG_DEBUG("%{public}s, imAStabilityTest: %{public}d", __func__, imAStabilityTest);
-    auto bms = GetBundleManager();
-    CHECK_POINTER_AND_RETURN(bms, ERR_INVALID_VALUE);
-    std::string bundleName;
-    int uid = IPCSkeleton::GetCallingUid();
-    IN_PROCESS_CALL_WITHOUT_RET(bms->GetBundleNameForUid(uid, bundleName));
-    HILOG_INFO("%{public}s, bundleName: %{public}s, uid = %{public}d", __func__, bundleName.c_str(), uid);
-    if (IN_PROCESS_CALL(bms->CheckPermission(bundleName, PERMISSION_SET_ABILITY_CONTROLLER)) == 0) {
-        HILOG_ERROR("PERMISSION_SET_ABILITY_CONTROLLER check failed");
+    auto isPerm = AAFwk::PermissionVerification::GetInstance()->VerifyControllerPerm();
+    if (!isPerm) {
+        HILOG_ERROR("%{public}s: Permission verification failed", __func__);
         return CHECK_PERMISSION_FAILED;
     }
+
     std::lock_guard<std::recursive_mutex> guard(globalLock_);
     abilityController_ = abilityController;
     controllerIsAStabilityTest_ = imAStabilityTest;

services/abilitymgr/src/ability_manager_stub.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -94,7 +94,6 @@ void AbilityManagerStub::SecondStepInit()
     requestFuncMap_[CLOSE_MULTI_WINDOW] = &AbilityManagerStub::CloseMultiWindowInner;
     requestFuncMap_[SET_STACK_SETTING] = &AbilityManagerStub::SetMissionStackSettingInner;
     requestFuncMap_[IS_FIRST_IN_MISSION] = &AbilityManagerStub::IsFirstInMissionInner;
-    requestFuncMap_[COMPEL_VERIFY_PERMISSION] = &AbilityManagerStub::CompelVerifyPermissionInner;
     requestFuncMap_[POWER_OFF] = &AbilityManagerStub::PowerOffInner;
     requestFuncMap_[POWER_ON] = &AbilityManagerStub::PowerOnInner;
     requestFuncMap_[LUCK_MISSION] = &AbilityManagerStub::LockMissionInner;
@@ -693,18 +692,6 @@ int AbilityManagerStub::IsFirstInMissionInner(MessageParcel &data, MessageParcel
     return NO_ERROR;
 }
 
-int AbilityManagerStub::CompelVerifyPermissionInner(MessageParcel &data, MessageParcel &reply)
-{
-    auto permission = Str16ToStr8(data.ReadString16());
-    auto pid = data.ReadInt32();
-    auto uid = data.ReadInt32();
-    std::string message;
-    auto result = CompelVerifyPermission(permission, pid, uid, message);
-    reply.WriteString16(Str8ToStr16(message));
-    reply.WriteInt32(result);
-    return NO_ERROR;
-}
-
 int AbilityManagerStub::PowerOffInner(MessageParcel &data, MessageParcel &reply)
 {
     auto result = PowerOff();

services/abilitymgr/src/app_scheduler.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -234,18 +234,6 @@ void AppScheduler::PrepareTerminate(const sptr<IRemoteObject> &token)
     appMgrClient_->PrepareTerminate(token);
 }
 
-int AppScheduler::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    CHECK_POINTER_AND_RETURN(appMgrClient_, INNER_ERR);
-    auto ret = static_cast<int>(appMgrClient_->CompelVerifyPermission(permission, pid, uid, message));
-    if (ret != ERR_OK) {
-        HILOG_ERROR("Compel verify permission failed.");
-        return INNER_ERR;
-    }
-
-    return ERR_OK;
-}
-
 void AppScheduler::OnAppStateChanged(const AppExecFwk::AppProcessData &appData)
 {
     BYTRACE_NAME(BYTRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);

services/abilitymgr/test/mock/include/mock_app_manager_client.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -41,7 +41,6 @@ public:
             const int32_t visibility, const int32_t perceptibility, const int32_t connectionState));
     MOCK_METHOD1(KillProcessByAbilityToken, AppMgrResultCode(const sptr<IRemoteObject> &token));
     MOCK_METHOD1(KillProcessesByUserId, AppMgrResultCode(int32_t userId));
-    MOCK_METHOD4(CompelVerifyPermission, int(const std::string &permission, int pid, int uid, std::string &message));
 };
 }  // namespace AppExecFwk
 }  // namespace OHOS

services/abilitymgr/test/mock/libs/appexecfwk_core/include/appmgr/app_mgr_client.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -164,18 +164,6 @@ public:
 
     virtual void PrepareTerminate(const sptr<IRemoteObject> &token);
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message);
-
 private:
     void SetServiceManager(std::unique_ptr<AppServiceManager> serviceMgr);
 

services/abilitymgr/test/mock/libs/appexecfwk_core/src/appmgr/app_mgr_client.cpp

@@ -101,11 +101,6 @@ void AppMgrClient::AbilityAttachTimeOut(const sptr<IRemoteObject> &token)
 void AppMgrClient::PrepareTerminate(const sptr<IRemoteObject> &token)
 {}
 
-int AppMgrClient::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    return AppMgrResultCode::RESULT_OK;
-}
-
 void AppMgrClient::GetSystemMemoryAttr(SystemMemoryAttr &memoryInfo, std::string &strConfig)
 {}
 

services/abilitymgr/test/mock/libs/appexecfwk_core/src/appmgr/mock_app_scheduler.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -126,12 +126,6 @@ void AppScheduler::PrepareTerminate(const sptr<IRemoteObject> &token)
     HILOG_INFO("Test AppScheduler::PrepareTerminate()");
 }
 
-int AppScheduler::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    HILOG_INFO("Test AppScheduler::CompelVerifyPermission()");
-    return ERR_OK;
-}
-
 void AppScheduler::OnAppStateChanged(const AppExecFwk::AppProcessData &appData)
 {
     HILOG_INFO("Test AppScheduler::OnAppStateChanged()");

services/abilitymgr/test/unittest/phone/ability_manager_client_test/ability_manager_stub_mock_test.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -232,11 +232,6 @@ public:
         return true;
     }
 
-    int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override
-    {
-        return 0;
-    }
-
     int MoveMissionToEnd(const sptr<IRemoteObject> &token, const bool nonFirst) override
     {
         return 0;

services/abilitymgr/test/unittest/phone/ability_manager_proxy_test/ability_manager_stub_mock.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -232,11 +232,6 @@ public:
         return true;
     }
 
-    int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override
-    {
-        return 0;
-    }
-
     int MoveMissionToEnd(const sptr<IRemoteObject> &token, const bool nonFirst) override
     {
         return 0;

services/abilitymgr/test/unittest/phone/ability_manager_service_test/ability_manager_service_test.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -2797,24 +2797,6 @@ HWTEST_F(AbilityManagerServiceTest, movemissiontoend_012, TestSize.Level1)
     EXPECT_EQ(resultFunction, MOVE_MISSION_FAILED);
 }
 
-/*
- * Feature: AbilityManagerService
- * Function: CompelVerifyPermission
- * SubFunction: NA
- * FunctionPoints: AbilityManagerService CompelVerifyPermission
- * EnvConditions: NA
- * CaseDescription: Verify function CompelVerifyPermission
- */
-HWTEST_F(AbilityManagerServiceTest, compelverifypermission_001, TestSize.Level1)
-{
-    const std::string permission = "permission";
-    int pid = 100;
-    int uid = 1000;
-    std::string message;
-    auto resultFunction = abilityMs_->CompelVerifyPermission(permission, pid, uid, message);
-    EXPECT_EQ(resultFunction, ERR_OK);
-}
-
 /*
  * Feature: AbilityManagerService
  * Function: AmsConfigurationParameter

services/abilitymgr/test/unittest/phone/ability_manager_stub_test/ability_manager_stub_impl_mock.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -240,11 +240,6 @@ public:
         return true;
     }
 
-    int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override
-    {
-        return 0;
-    }
-
     int MoveMissionToEnd(const sptr<IRemoteObject> &token, const bool nonFirst) override
     {
         return 0;

services/abilitymgr/test/unittest/phone/ability_manager_test/ability_manager_stub_mock.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -71,7 +71,6 @@ public:
     MOCK_METHOD3(StartAbility, int(const Want &want, const sptr<IRemoteObject> &callerToken, int requestCode));
     MOCK_METHOD2(MoveMissionToEnd, int(const sptr<IRemoteObject> &token, const bool nonFirst));
     MOCK_METHOD1(IsFirstInMission, bool(const sptr<IRemoteObject> &token));
-    MOCK_METHOD4(CompelVerifyPermission, int(const std::string &permission, int pid, int uid, std::string &message));
     MOCK_METHOD0(PowerOff, int());
     MOCK_METHOD0(PowerOn, int());
     MOCK_METHOD1(LockMission, int(int));

services/appmgr/include/ams_mgr_scheduler.h

@@ -150,18 +150,6 @@ public:
 
     virtual void PrepareTerminate(const sptr<IRemoteObject> &token) override;
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override;
-
     virtual void GetRunningProcessInfoByToken(
         const sptr<IRemoteObject> &token, AppExecFwk::RunningProcessInfo &info) override;
 

services/appmgr/include/app_mgr_service_inner.h

@@ -412,18 +412,6 @@ public:
 
     void PrepareTerminate(const sptr<IRemoteObject> &token);
 
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message);
-
     /**
      * OnAppStateChanged, Application state changed.
      *

services/appmgr/src/ams_mgr_scheduler.cpp

@@ -223,14 +223,6 @@ bool AmsMgrScheduler::IsReady() const
     return true;
 }
 
-int AmsMgrScheduler::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    if (!IsReady()) {
-        return ERR_INVALID_OPERATION;
-    }
-    return amsMgrServiceInner_->CompelVerifyPermission(permission, pid, uid, message);
-}
-
 void AmsMgrScheduler::GetRunningProcessInfoByToken(
     const sptr<IRemoteObject> &token, AppExecFwk::RunningProcessInfo &info)
 {

services/appmgr/src/app_mgr_service_inner.cpp

@@ -66,8 +66,6 @@ const std::string FUNC_NAME = "main";
 const std::string SO_PATH = "system/lib64/libmapleappkit.z.so";
 const std::string RENDER_PARAM = "invalidparam";
 const int32_t SIGNAL_KILL = 9;
-const std::string REQ_PERMISSION = "ohos.permission.LOCATION_IN_BACKGROUND";
-constexpr int32_t SYSTEM_UID = 1000;
 constexpr int32_t USER_SCALE = 200000;
 #define ENUM_TO_STRING(s) #s
 
@@ -1520,57 +1518,6 @@ void AppMgrServiceInner::HandleAddAbilityStageTimeOut(const int64_t eventId)
     KillApplicationByRecord(appRecord);
 }
 
-int AppMgrServiceInner::CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-{
-    HILOG_INFO("compel verify permission");
-    message = ENUM_TO_STRING(PERMISSION_NOT_GRANTED);
-    if (!remoteClientManager_) {
-        HILOG_ERROR("remoteClientManager_ is nullptr");
-        return ERR_NO_INIT;
-    }
-    if (permission.empty()) {
-        HILOG_INFO("permission is empty, PERMISSION_GRANTED");
-        message = ENUM_TO_STRING(PERMISSION_GRANTED);
-        return ERR_OK;
-    }
-    if (pid == getpid()) {
-        HILOG_INFO("pid is my pid, PERMISSION_GRANTED");
-        message = ENUM_TO_STRING(PERMISSION_GRANTED);
-        return ERR_OK;
-    }
-    int userId = Constants::DEFAULT_USERID;
-    auto appRecord = GetAppRunningRecordByPid(pid);
-    if (!appRecord) {
-        HILOG_ERROR("app record is nullptr");
-        return PERMISSION_NOT_GRANTED;
-    }
-    auto bundleName = appRecord->GetBundleName();
-    if (appRecord->GetCloneInfo()) {
-        userId = Constants::C_UESRID;
-    }
-    auto bundleMgr = remoteClientManager_->GetBundleManager();
-    if (bundleMgr == nullptr) {
-        HILOG_ERROR("GetBundleManager fail");
-        return ERR_NO_INIT;
-    }
-    auto bmsUid = IN_PROCESS_CALL(bundleMgr->GetUidByBundleName(bundleName, userId));
-    if (bmsUid == ROOT_UID || bmsUid == SYSTEM_UID) {
-        HILOG_INFO("uid is root or system, PERMISSION_GRANTED");
-        message = ENUM_TO_STRING(PERMISSION_GRANTED);
-        return ERR_OK;
-    }
-    if (bmsUid != uid) {
-        HILOG_INFO("check uid != bms uid, PERMISSION_NOT_GRANTED");
-        return PERMISSION_NOT_GRANTED;
-    }
-    auto result = IN_PROCESS_CALL(bundleMgr->CheckPermissionByUid(bundleName, permission, userId));
-    if (result != PERMISSION_GRANTED) {
-        return PERMISSION_NOT_GRANTED;
-    }
-    message = ENUM_TO_STRING(PERMISSION_GRANTED);
-    return ERR_OK;
-}
-
 void AppMgrServiceInner::GetRunningProcessInfoByToken(
     const sptr<IRemoteObject> &token, AppExecFwk::RunningProcessInfo &info)
 {

services/appmgr/test/mock/include/mock_ams_mgr_scheduler.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -41,7 +41,6 @@ public:
     MOCK_METHOD0(IsReady, bool());
     MOCK_METHOD1(AbilityAttachTimeOut, void(const sptr<IRemoteObject> &token));
     MOCK_METHOD1(PrepareTerminate, void(const sptr<IRemoteObject> &token));
-    MOCK_METHOD4(CompelVerifyPermission, int(const std::string &permission, int pid, int uid, std::string &message));
     MOCK_METHOD2(GetRunningProcessInfoByToken,
         void(const sptr<IRemoteObject> &token, OHOS::AppExecFwk::RunningProcessInfo &info));
     MOCK_METHOD2(StartSpecifiedAbility, void(const AAFwk::Want &want, const AppExecFwk::AbilityInfo &abilityInfo));

services/common/include/permission_constants.h

@@ -19,13 +19,14 @@
 namespace OHOS {
 namespace AAFwk {
 namespace PermissionConstants {
-const std::string PERMISSION_CLEAN_BACKGROUND_PROCESSES = "ohos.permission.CLEAN_BACKGROUND_PROCESSES";
-const std::string PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS = "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS";
-const std::string PERMISSION_GET_RUNNING_INFO = "ohos.permission.GET_RUNNING_INFO";
-const std::string PERMISSION_UPDATE_CONFIGURATION = "ohos.permission.UPDATE_CONFIGURATION";
 const std::string PERMISSION_CLEAN_APPLICATION_DATA = "ohos.permission.CLEAN_APPLICATION_DATA";
-const std::string PERMISSION_RUNNING_STATE_OBSERVER = "ohos.permission.RUNNING_STATE_OBSERVER";
+const std::string PERMISSION_CLEAN_BACKGROUND_PROCESSES = "ohos.permission.CLEAN_BACKGROUND_PROCESSES";
+const std::string PERMISSION_GET_RUNNING_INFO = "ohos.permission.GET_RUNNING_INFO";
+const std::string PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS = "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS";
 const std::string PERMISSION_MANAGE_MISSION = "ohos.permission.MANAGE_MISSIONS";
+const std::string PERMISSION_RUNNING_STATE_OBSERVER = "ohos.permission.RUNNING_STATE_OBSERVER";
+const std::string PERMISSION_SET_ABILITY_CONTROLLER = "ohos.permission.SET_ABILITY_CONTROLLER";
+const std::string PERMISSION_UPDATE_CONFIGURATION = "ohos.permission.UPDATE_CONFIGURATION";
 } // namespace PermissionConstants
 } // namespace AAFwk
 } // namespace OHOS

services/common/include/permission_verification.h

@@ -33,6 +33,8 @@ public:
 
     bool VerifyRunningInfoPerm();
 
+    bool VerifyControllerPerm();
+
 private:
     DISALLOW_COPY_AND_MOVE(PermissionVerification);
     unsigned int GetCallingTokenID();

services/common/src/permission_verification.cpp

@@ -62,6 +62,20 @@ bool PermissionVerification::VerifyRunningInfoPerm()
     return false;
 }
 
+bool PermissionVerification::VerifyControllerPerm()
+{
+    if (IsSACall()) {
+        HILOG_DEBUG("%{public}s: the interface called by SA.", __func__);
+        return true;
+    }
+    if (VerifyCallingPermission(PermissionConstants::PERMISSION_SET_ABILITY_CONTROLLER)) {
+        HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
+        return true;
+    }
+    HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
+    return false;
+}
+
 unsigned int PermissionVerification::GetCallingTokenID()
 {
     auto callerToken = IPCSkeleton::GetCallingTokenID();

services/formmgr/test/mock/include/mock_ability_manager.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -251,20 +251,6 @@ public:
     {
         return 0;
     }
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-    {
-        return 0;
-    }
 
     virtual int SetShowOnLockScreen(bool isAllow) override
     {
@@ -694,20 +680,6 @@ public:
     {
         return 0;
     }
-    /**
-     * Checks whether a specified permission has been granted to the process identified by pid and uid
-     *
-     * @param permission Indicates the permission to check.
-     * @param pid Indicates the ID of the process to check.
-     * @param uid Indicates the UID of the process to check.
-     * @param message Describe success or failure
-     *
-     * @return Returns ERR_OK on success, others on failure.
-     */
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message)
-    {
-        return 0;
-    }
 
     virtual void GetSystemMemoryAttr(AppExecFwk::SystemMemoryAttr &memoryInfo)
     {}

services/test/mock/include/appmgr/mock_ability_mgr_host.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -169,11 +169,6 @@ public:
         return true;
     }
 
-    virtual int CompelVerifyPermission(const std::string &permission, int pid, int uid, std::string &message) override
-    {
-        return 0;
-    }
-
     virtual int PowerOff() override
     {
         return 0;

services/test/mock/include/mock_ability_manager_proxy.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -63,7 +63,6 @@ public:
     MOCK_METHOD3(StartAbility, int(const Want &want, const sptr<IRemoteObject> &callerToken, int requestCode));
     MOCK_METHOD2(MoveMissionToEnd, int(const sptr<IRemoteObject> &token, const bool nonFirst));
     MOCK_METHOD1(IsFirstInMission, bool(const sptr<IRemoteObject> &token));
-    MOCK_METHOD4(CompelVerifyPermission, int(const std::string &permission, int pid, int uid, std::string &message));
     MOCK_METHOD0(PowerOff, int());
     MOCK_METHOD0(PowerOn, int());
     MOCK_METHOD1(LockMission, int(int));
@@ -85,7 +84,6 @@ public:
 
     MOCK_METHOD2(MoveMissionToEnd, int(const sptr<IRemoteObject> &token, const bool nonFirst));
     MOCK_METHOD1(IsFirstInMission, bool(const sptr<IRemoteObject> &token));
-    MOCK_METHOD4(CompelVerifyPermission, int(const std::string &permission, int pid, int uid, std::string &message));
     MOCK_METHOD0(PowerOff, int());
     MOCK_METHOD0(PowerOn, int());
     MOCK_METHOD1(GetPendingWantUserId, int(const sptr<IWantSender> &target));

services/test/mock/include/mock_ability_mgr_service.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -69,7 +69,6 @@ public:
     MOCK_METHOD4(OnRemoteRequest, int(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option));
     MOCK_METHOD2(MoveMissionToEnd, int(const sptr<IRemoteObject> &token, const bool nonFirst));
     MOCK_METHOD1(IsFirstInMission, bool(const sptr<IRemoteObject> &token));
-    MOCK_METHOD4(CompelVerifyPermission, int(const std::string &permission, int pid, int uid, std::string &message));
     MOCK_METHOD0(PowerOff, int());
     MOCK_METHOD0(PowerOn, int());
     MOCK_METHOD1(LockMission, int(int));

services/test/mock/include/mock_app_mgr_client.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -32,7 +32,6 @@ public:
     MOCK_METHOD1(KillApplication, AppMgrResultCode(const std::string &));
     MOCK_METHOD1(KillProcessByAbilityToken, AppMgrResultCode(const sptr<IRemoteObject> &token));
     MOCK_METHOD1(KillProcessesByUserId, AppMgrResultCode(int32_t userId));
-    MOCK_METHOD4(CompelVerifyPermission, int(const std::string &permission, int pid, int uid, std::string &message));
     MOCK_METHOD1(AbilityAttachTimeOut, void(const sptr<IRemoteObject> &token));
     MOCK_METHOD2(GetRunningProcessInfoByToken, void((const sptr<IRemoteObject> &token,
         AppExecFwk::RunningProcessInfo &info)));

services/test/moduletest/ability_mgr_service_test/ability_mgr_module_test.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -1140,27 +1140,6 @@ HWTEST_F(AbilityMgrModuleTest, ability_mgr_service_test_018, TestSize.Level1)
     testing::Mock::AllowLeak(callback);
 }
 
-/*
- * Feature: AbilityManagerService
- * Function: CompelVerifyPermission
- * SubFunction: NA
- * FunctionPoints: AbilityManagerService CompelVerifyPermission
- * EnvConditions: NA
- * CaseDescription: Verify function CompelVerifyPermission
- */
-HWTEST_F(AbilityMgrModuleTest, ability_mgr_service_test_025, TestSize.Level1)
-{
-    EXPECT_TRUE(abilityMgrServ_);
-    EXPECT_TRUE(mockAppMgrClient_);
-    const std::string permission = "permission";
-    int pid = 100;
-    int uid = 1000;
-    std::string message;
-    int runTimes = 1;
-    EXPECT_CALL(*mockAppMgrClient_, CompelVerifyPermission(_, _, _, _)).Times(runTimes);
-    auto resultFunction = abilityMgrServ_->CompelVerifyPermission(permission, pid, uid, message);
-    EXPECT_EQ(resultFunction, 0);
-}
 /*
  * Feature: AbilityManagerService
  * Function: AmsConfigurationParameter

tools/test/mock/mock_ability_manager_stub.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -89,7 +89,6 @@ public:
 
     MOCK_METHOD2(MoveMissionToEnd, int(const sptr<IRemoteObject> &token, const bool nonFirst));
     MOCK_METHOD1(IsFirstInMission, bool(const sptr<IRemoteObject> &token));
-    MOCK_METHOD4(CompelVerifyPermission, int(const std::string &permission, int pid, int uid, std::string &message));
     MOCK_METHOD2(
         GetWantSender, sptr<IWantSender>(const WantSenderInfo &wantSenderInfo, const sptr<IRemoteObject> &callerToken));
     MOCK_METHOD2(SendWantSender, int(const sptr<IWantSender> &target, const SenderInfo &senderInfo));