From 17a92849606f03e56f0fa01b3dc6b3b8efdce94d Mon Sep 17 00:00:00 2001
From: mamingshuai <mamingshuai1@huawei.com>
Date: Wed, 2 Jun 2021 00:43:21 +0800
Subject: [PATCH] update OpenHarmony 2.0 Canary

---
 .gitattributes                                |  15 +
 BUILD.gn                                      |  34 ++
 LICENSE                                       |   0
 OAT.xml                                       |  64 +++
 README.md                                     | 407 ++++++++++++---
 README_zh.md                                  | 407 ++++++++++++---
 figures/bms策略举例.png                   | Bin 12558 -> 0 bytes
 figures/en-us_image_0000001113598272.png      | Bin 0 -> 25160 bytes
 figures/zh-cn_image_0000001113598272.png      | Bin 0 -> 23284 bytes
 figures/全局策略2.png                     | Bin 9833 -> 0 bytes
 figures/策略类型2.png                     | Bin 7247 -> 0 bytes
 .../permissioncommunicationadapter/BUILD.gn   |  43 ++
 .../main/cpp/include/i_permission_manager.h   |  85 +++
 .../main/cpp/include/permission_def_parcel.h  |  40 ++
 .../main/cpp/src/permission_def_parcel.cpp    |  62 +++
 .../permissioninfrastructure/BUILD.gn         |  38 ++
 .../main/cpp/include/data_validator.h         |  37 ++
 .../main/cpp/include/permission_log.h         |  63 +++
 .../main/cpp/include/test_const.h             |  39 ++
 .../main/cpp/src/data_validator.cpp           |  37 ++
 .../permission_lite/pms_interface_inner.h     |   0
 .../permissionsdk/BUILD.gn                    |  58 +++
 .../main/cpp/include/permission/permission.h  |  46 ++
 .../cpp/include/permission/permission_def.h   |  38 ++
 .../cpp/include/permission/permission_kit.h   |  57 +++
 .../cpp/src/permission/permission_kit.cpp     | 142 ++++++
 .../permission/permission_manager_client.cpp  | 227 +++++++++
 .../permission/permission_manager_client.h    |  72 +++
 .../permission/permission_manager_proxy.cpp   | 482 ++++++++++++++++++
 .../src/permission/permission_manager_proxy.h |  67 +++
 .../permissionsdk/test/BUILD.gn               |  40 ++
 .../unittest/cpp/src/permission_kit_test.cpp  | 357 +++++++++++++
 .../unittest/cpp/src/permission_kit_test.h    |  37 ++
 interfaces/kits/permission_lite/BUILD.gn      |   0
 .../kits/permission_lite/pms_interface.h      |   0
 interfaces/kits/permission_standard/BUILD.gn  |  14 +
 ohos.build                                    |  30 ++
 services/permission_lite/BUILD.gn             |   0
 .../ipc_auth/include/policy_preset.h          |   0
 .../ipc_auth/src/ipc_auth_impl.c              |   0
 services/permission_lite/js_api/BUILD.gn      |   0
 .../js_api/include/perm_module.h              |   0
 .../js_api/src/perm_module.cpp                |   0
 services/permission_lite/pms/BUILD.gn         |   0
 .../pms/include/hals/hal_pms.h                |   0
 .../permission_lite/pms/include/perm_define.h |   0
 .../pms/include/perm_operate.h                |   0
 services/permission_lite/pms/include/pms.h    |   0
 .../permission_lite/pms/include/pms_inner.h   |   0
 .../permission_lite/pms/src/perm_operate.c    |   0
 services/permission_lite/pms/src/pms_impl.c   |   0
 services/permission_lite/pms/src/pms_inner.c  |   0
 services/permission_lite/pms/src/pms_server.c |   0
 .../pms/src/pms_server_internal.c             |   0
 services/permission_lite/pms_base/BUILD.gn    |   0
 .../pms_base/include/pms_common.h             |   0
 services/permission_lite/pms_client/BUILD.gn  |   0
 .../permission_lite/pms_client/perm_client.c  |   0
 .../permissionmanagerservice/BUILD.gn         |  58 +++
 .../main/cpp/src/data_storage.cpp             |  29 ++
 .../main/cpp/src/data_storage.h               |  49 ++
 .../main/cpp/src/data_translator.cpp          |  82 +++
 .../main/cpp/src/data_translator.h            |  39 ++
 .../main/cpp/src/field_const.h                |  38 ++
 .../main/cpp/src/generic_values.cpp           |  73 +++
 .../main/cpp/src/generic_values.h             |  53 ++
 .../cpp/src/permission_definition_cache.cpp   | 133 +++++
 .../cpp/src/permission_definition_cache.h     |  71 +++
 .../cpp/src/permission_definition_manager.cpp | 152 ++++++
 .../cpp/src/permission_definition_manager.h   |  67 +++
 .../cpp/src/permission_manager_service.cpp    | 189 +++++++
 .../main/cpp/src/permission_manager_service.h |  76 +++
 .../main/cpp/src/permission_manager_stub.cpp  | 266 ++++++++++
 .../main/cpp/src/permission_manager_stub.h    |  56 ++
 .../main/cpp/src/permission_req.h             |  33 ++
 .../main/cpp/src/permission_state_cache.cpp   | 378 ++++++++++++++
 .../main/cpp/src/permission_state_cache.h     | 121 +++++
 .../main/cpp/src/permission_state_manager.cpp | 265 ++++++++++
 .../main/cpp/src/permission_state_manager.h   |  80 +++
 .../main/cpp/src/sqlite_helper.cpp            | 188 +++++++
 .../main/cpp/src/sqlite_helper.h              |  62 +++
 .../main/cpp/src/sqlite_storage.cpp           | 337 ++++++++++++
 .../main/cpp/src/sqlite_storage.h             |  86 ++++
 .../main/cpp/src/statement.cpp                | 125 +++++
 .../main/cpp/src/statement.h                  |  57 +++
 .../main/cpp/src/variant_value.cpp            |  61 +++
 .../main/cpp/src/variant_value.h              |  52 ++
 .../main/sa_profile/3501.xml                  |  24 +
 .../main/sa_profile/BUILD.gn                  |  20 +
 .../permissionmanagerservice/test/BUILD.gn    |  48 ++
 .../permission_definition_manager_test.cpp    |  88 ++++
 .../src/permission_definition_manager_test.h  |  37 ++
 .../cpp/src/permission_state_manager_test.cpp |  44 ++
 .../cpp/src/permission_state_manager_test.h   |  37 ++
 94 files changed, 6470 insertions(+), 142 deletions(-)
 create mode 100644 .gitattributes
 create mode 100755 BUILD.gn
 mode change 100644 => 100755 LICENSE
 create mode 100755 OAT.xml
 delete mode 100755 figures/bms策略举例.png
 create mode 100644 figures/en-us_image_0000001113598272.png
 create mode 100644 figures/zh-cn_image_0000001113598272.png
 delete mode 100755 figures/全局策略2.png
 delete mode 100755 figures/策略类型2.png
 create mode 100644 frameworks/permission_standard/permissioncommunicationadapter/BUILD.gn
 create mode 100644 frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/i_permission_manager.h
 create mode 100755 frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/permission_def_parcel.h
 create mode 100755 frameworks/permission_standard/permissioncommunicationadapter/main/cpp/src/permission_def_parcel.cpp
 create mode 100644 frameworks/permission_standard/permissioninfrastructure/BUILD.gn
 create mode 100755 frameworks/permission_standard/permissioninfrastructure/main/cpp/include/data_validator.h
 create mode 100644 frameworks/permission_standard/permissioninfrastructure/main/cpp/include/permission_log.h
 create mode 100644 frameworks/permission_standard/permissioninfrastructure/main/cpp/include/test_const.h
 create mode 100644 frameworks/permission_standard/permissioninfrastructure/main/cpp/src/data_validator.cpp
 mode change 100644 => 100755 interfaces/innerkits/permission_lite/pms_interface_inner.h
 create mode 100755 interfaces/innerkits/permission_standard/permissionsdk/BUILD.gn
 create mode 100755 interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission.h
 create mode 100755 interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission_def.h
 create mode 100755 interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission_kit.h
 create mode 100755 interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_kit.cpp
 create mode 100644 interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_client.cpp
 create mode 100755 interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_client.h
 create mode 100644 interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_proxy.cpp
 create mode 100644 interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_proxy.h
 create mode 100755 interfaces/innerkits/permission_standard/permissionsdk/test/BUILD.gn
 create mode 100755 interfaces/innerkits/permission_standard/permissionsdk/test/unittest/cpp/src/permission_kit_test.cpp
 create mode 100644 interfaces/innerkits/permission_standard/permissionsdk/test/unittest/cpp/src/permission_kit_test.h
 mode change 100644 => 100755 interfaces/kits/permission_lite/BUILD.gn
 mode change 100644 => 100755 interfaces/kits/permission_lite/pms_interface.h
 create mode 100644 interfaces/kits/permission_standard/BUILD.gn
 create mode 100755 ohos.build
 mode change 100644 => 100755 services/permission_lite/BUILD.gn
 mode change 100644 => 100755 services/permission_lite/ipc_auth/include/policy_preset.h
 mode change 100644 => 100755 services/permission_lite/ipc_auth/src/ipc_auth_impl.c
 mode change 100644 => 100755 services/permission_lite/js_api/BUILD.gn
 mode change 100644 => 100755 services/permission_lite/js_api/include/perm_module.h
 mode change 100644 => 100755 services/permission_lite/js_api/src/perm_module.cpp
 mode change 100644 => 100755 services/permission_lite/pms/BUILD.gn
 mode change 100644 => 100755 services/permission_lite/pms/include/hals/hal_pms.h
 mode change 100644 => 100755 services/permission_lite/pms/include/perm_define.h
 mode change 100644 => 100755 services/permission_lite/pms/include/perm_operate.h
 mode change 100644 => 100755 services/permission_lite/pms/include/pms.h
 mode change 100644 => 100755 services/permission_lite/pms/include/pms_inner.h
 mode change 100644 => 100755 services/permission_lite/pms/src/perm_operate.c
 mode change 100644 => 100755 services/permission_lite/pms/src/pms_impl.c
 mode change 100644 => 100755 services/permission_lite/pms/src/pms_inner.c
 mode change 100644 => 100755 services/permission_lite/pms/src/pms_server.c
 mode change 100644 => 100755 services/permission_lite/pms/src/pms_server_internal.c
 mode change 100644 => 100755 services/permission_lite/pms_base/BUILD.gn
 mode change 100644 => 100755 services/permission_lite/pms_base/include/pms_common.h
 mode change 100644 => 100755 services/permission_lite/pms_client/BUILD.gn
 mode change 100644 => 100755 services/permission_lite/pms_client/perm_client.c
 create mode 100755 services/permission_standard/permissionmanagerservice/BUILD.gn
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/data_storage.cpp
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/data_storage.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/data_translator.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/data_translator.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/field_const.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/generic_values.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/generic_values.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_cache.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_cache.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_manager.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_manager.h
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_service.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_service.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_stub.cpp
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_stub.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_req.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_cache.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_cache.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_manager.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_manager.h
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_helper.cpp
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_helper.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_storage.cpp
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_storage.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/statement.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/statement.h
 create mode 100644 services/permission_standard/permissionmanagerservice/main/cpp/src/variant_value.cpp
 create mode 100755 services/permission_standard/permissionmanagerservice/main/cpp/src/variant_value.h
 create mode 100755 services/permission_standard/permissionmanagerservice/main/sa_profile/3501.xml
 create mode 100644 services/permission_standard/permissionmanagerservice/main/sa_profile/BUILD.gn
 create mode 100644 services/permission_standard/permissionmanagerservice/test/BUILD.gn
 create mode 100755 services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_definition_manager_test.cpp
 create mode 100644 services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_definition_manager_test.h
 create mode 100644 services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_state_manager_test.cpp
 create mode 100644 services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_state_manager_test.h

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..51c63e2
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,15 @@
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.trp filter=lfs diff=lfs merge=lfs -text
+*.apk filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.mp4 filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.asm filter=lfs diff=lfs merge=lfs -text
+*.8svn filter=lfs diff=lfs merge=lfs -text
+*.9svn filter=lfs diff=lfs merge=lfs -text
+*.dylib filter=lfs diff=lfs merge=lfs -text
+*.exe filter=lfs diff=lfs merge=lfs -text
+*.a filter=lfs diff=lfs merge=lfs -text
+*.so filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.dll filter=lfs diff=lfs merge=lfs -text
diff --git a/BUILD.gn b/BUILD.gn
new file mode 100755
index 0000000..b664388
--- /dev/null
+++ b/BUILD.gn
@@ -0,0 +1,34 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+group("permission_build_module_standard") {
+  if (is_standard_system) {
+    deps = [
+      "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk:libpermissionsdk_standard",
+      "//base/security/permission/services/permission_standard/permissionmanagerservice:permission_manager_service_standard",
+      "//base/security/permission/services/permission_standard/permissionmanagerservice/main/sa_profile:permission_sa_profile_standard",
+    ]
+  }
+}
+
+group("permission_build_module_standard_test") {
+  testonly = true
+  deps = []
+  if (is_standard_system) {
+    deps += [
+      "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/test:unittest",
+      "//base/security/permission/services/permission_standard/permissionmanagerservice/test:unittest",
+    ]
+  }
+}
diff --git a/LICENSE b/LICENSE
old mode 100644
new mode 100755
diff --git a/OAT.xml b/OAT.xml
new file mode 100755
index 0000000..881c860
--- /dev/null
+++ b/OAT.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (c) 2021 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+
+    Notes:
+    This is project config file for OpenHarmony OSS Audit Tool, if you have any questions or concerns, please email chenyaxun.
+-->
+<!-- OAT(OSS Audit Tool) configuration guide:
+basedir: Root dir, the basedir + project path is the real source file location.
+licensefile:
+1.If the project don't have "LICENSE" in root dir, please define all the license files in this project in , OAT will check license files according to this rule.
+
+tasklist(only for batch mode):
+1. task: Define oat check thread, each task will start a new thread.
+2. task name: Only an name, no practical effect.
+3. task policy: Default policy for projects under this task, this field is required and the specified policy must defined in policylist.
+4. task filter: Default filefilter for projects under this task, this field is required and the specified filefilter must defined in filefilterlist.
+5. task project: Projects to be checked, the path field define the source root dir of the project.
+
+
+policyList:
+1. policy: All policyitems will be merged to default OAT.xml rules, the name of policy doesn't affect OAT check process.
+2. policyitem: The fields type, name, path, desc is required, and the fields rule, group, filefilter is optional,the default value is:
+<policyitem type="" name="" path="" desc="" rule="may" group="defaultGroup" filefilter="defaultPolicyFilter"/>
+3. policyitem type:
+    "compatibility" is used to check license compatibility in the specified path;
+    "license" is used to check source license header in the specified path;
+    "copyright" is used to check source copyright header in the specified path;
+    "import" is used to check source dependency in the specified path, such as import ... ,include ...
+    "filetype" is used to check file type in the specified path, supported file types: archive, binary
+    "filename" is used to check whether the specified file exists in the specified path(support projectroot in default OAT.xml), supported file names: LICENSE, README, README.OpenSource
+
+4. policyitem name: This field is used for define the license, copyright, "*" means match all, the "!" prefix means could not match this value. For example, "!GPL" means can not use GPL license.
+5. policyitem path: This field is used for define the source file scope to apply this policyitem, the "!" prefix means exclude the files. For example, "!.*/lib/.*" means files in lib dir will be exclude while process this policyitem.
+6. policyitem rule and group: These two fields are used together to merge policy results. "may" policyitems in the same group means any one in this group passed, the result will be passed.
+7. policyitem filefilter: Used to bind filefilter which define filter rules.
+8. filefilter: Filter rules, the type filename is used to filter file name, the type filepath is used to filter file path.
+
+Note:If the text contains special characters, please escape them according to the following rules:
+" == &gt;
+& == &gt;
+' == &gt;
+< == &gt;
+> == &gt;
+-->
+<configuration>
+    <oatconfig>
+        <filefilterlist>
+            <filefilter name="licenseFileNamePolicyFilter" desc="Filters for LICENSE file policies" >
+            </filefilter>
+        </filefilterlist>
+    </oatconfig>
+</configuration>
diff --git a/README.md b/README.md
index f1e1947..93b8688 100755
--- a/README.md
+++ b/README.md
@@ -1,104 +1,369 @@
-# permission\_lite<a name="EN-US_TOPIC_0000001123217533"></a>
+# security\_permission<a name="EN-US_TOPIC_0000001101239136"></a>
 
--   [Application Permission Management](#section20822104317111)
--   [IPC Authentication](#section156859591110)
+-   [Introduction](#section11660541593)
+-   [Directory Structure](#section161941989596)
+-   [Constraints](#section119744591305)
+-   [Usage](#section137768191623)
+    -   [Available APIs](#section1551164914237)
+    -   [Usage Guidelines](#section129654513264)
 
-## Application Permission Management<a name="section20822104317111"></a>
+-   [Repositories Involved](#section1371113476307)
 
-Application permissions are used to control access to system resources and features related to personal privacy, for example, accessing hardware features of personal devices such as cameras and microphones, and reading and writing media files. The OS protects such data and features through application permission management.
+## Introduction<a name="section11660541593"></a>
 
-The following table describes fields in a permission.
+In OpenHarmony, apps and system services run in independent sandboxes. Both processes and data are isolated from each other to protect the security of app data. However, services or apps running in the sandboxes provide some APIs to implement specific functionalities. To access these APIs across processes, apps in other sandboxes need the required permissions, which are granted and managed based on a permission management mechanism.
 
-<a name="table1073153511418"></a>
-<table><thead align="left"><tr id="row11107193541417"><th class="cellrowborder" valign="top" width="22.220000000000002%" id="mcps1.1.4.1.1"><p id="p6107535141420"><a name="p6107535141420"></a><a name="p6107535141420"></a>Field</p>
+-   App permission management provides a mechanism for defining permissions, allowing system services and apps to define new permissions for their sensitive APIs. To access these APIs, other apps need the required permissions.
+
+-   App permission management also allows apps to request permissions that are defined by the system or other apps. Upon obtaining the permissions, apps can access the sensitive APIs provided by the system or other apps.
+-   In addition, app permission management allows users to view and manage the permission granting status.
+
+**Figure  1**  App permission management architecture<a name="fig4460722185514"></a>
+
+
+![](figures/en-us_image_0000001113598272.png)
+
+App permission management provides permission management for the application framework subsystem and provides APIs for apps to request permissions and query the permission granting status. Currently, app permission management is available for large and standard systems.
+
+-   Mini system: refers to the system running on the devices whose memory is greater than or equal to 128 KB and that are equipped with MCU processors such as ARM Cortex-M and 32-bit RISC-V. This system provides multiple lightweight network protocols and graphics frameworks, and a wide range of read/write components for the IoT bus. Typical products include connection modules, sensors, and wearables for smart home.
+-   Small system: refers to the system running on the devices whose memory is greater than or equal to 1 MB and that are equipped with app processors such as ARM Cortex-A. This system provides higher security capabilities, standard graphics frameworks, and video encoding and decoding capabilities. Typical products include smart home IP cameras, electronic cat eyes, and routers, and event data recorders \(EDRs\) for smart travel.
+-   Standard system: refers to the system running on the devices whose memory is greater than or equal to 128 MB and that are equipped with app processors such as ARM Cortex-A. This system provides a complete application framework supporting the enhanced interaction, 3D GPU, hardware composer, diverse components, and rich animations. This system applies to high-end refrigerator displays.
+
+## Directory Structure<a name="section161941989596"></a>
+
+```
+/base/security/permission
+├── frameworks                         # Frameworks
+│   └── permission_standard            # Permission management framework for the standard system
+├── interfaces                         # APIs
+│   ├── innerkits                      # Internal APIs
+│   │   ├── permission_lite            # Internal permission management APIs for the mini and small systems
+│   │   └── permission_standard        # Internal permission management APIs for the standard system
+│   └── kits                           # External APIs
+│       ├── permission_lite            # External permission management APIs for the mini and small systems
+│       └── permission_standard        # External permission management APIs for the standard system
+└── services                           # Services
+    ├── permission_lite                # Permission management services for the mini and small systems
+    └── permission_standard            # Permission management services for the standard system
+```
+
+## Constraints<a name="section119744591305"></a>
+
+-   Currently, C++ APIs are available only for local permission management in the standard system. Distributed permission management APIs are not provided yet.
+
+## Usage<a name="section137768191623"></a>
+
+### Available APIs<a name="section1551164914237"></a>
+
+**App permission management for a standard system**: provides basic permission management and verification capabilities for the application framework subsystem of a standard system and is unavailable for third-party apps. The following table describes the available APIs.
+
+<a name="table17351104911243"></a>
+<table><thead align="left"><tr id="row43512497244"><th class="cellrowborder" valign="top" width="73.41%" id="mcps1.1.3.1.1"><p id="p8351104918247"><a name="p8351104918247"></a><a name="p8351104918247"></a>API</p>
 </th>
-<th class="cellrowborder" valign="top" width="35.099999999999994%" id="mcps1.1.4.1.2"><p id="p111080352143"><a name="p111080352143"></a><a name="p111080352143"></a>Value</p>
-</th>
-<th class="cellrowborder" valign="top" width="42.68%" id="mcps1.1.4.1.3"><p id="p161080358141"><a name="p161080358141"></a><a name="p161080358141"></a>Description</p>
+<th class="cellrowborder" valign="top" width="26.590000000000003%" id="mcps1.1.3.1.2"><p id="p7351174913247"><a name="p7351174913247"></a><a name="p7351174913247"></a>Description</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="row151081735111418"><td class="cellrowborder" valign="top" width="22.220000000000002%" headers="mcps1.1.4.1.1 "><p id="p1108193521417"><a name="p1108193521417"></a><a name="p1108193521417"></a>name</p>
+<tbody><tr id="row143511494244"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p2504174918322"><a name="p2504174918322"></a><a name="p2504174918322"></a>int VerifyPermission(const string&amp; bundleName, const string&amp; permissionName, int userId)</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.099999999999994%" headers="mcps1.1.4.1.2 "><p id="p131081435151413"><a name="p131081435151413"></a><a name="p131081435151413"></a>String</p>
-</td>
-<td class="cellrowborder" valign="top" width="42.68%" headers="mcps1.1.4.1.3 "><p id="p0108235141411"><a name="p0108235141411"></a><a name="p0108235141411"></a>Permission name</p>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p14504549163217"><a name="p14504549163217"></a><a name="p14504549163217"></a>Checks whether a specified app has been granted the given permission.</p>
 </td>
 </tr>
-<tr id="row19108143516148"><td class="cellrowborder" valign="top" width="22.220000000000002%" headers="mcps1.1.4.1.1 "><p id="p51081355145"><a name="p51081355145"></a><a name="p51081355145"></a>reason</p>
+<tr id="row217303717326"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p8504849123210"><a name="p8504849123210"></a><a name="p8504849123210"></a>bool CanRequestPermission(const string&amp; bundleName, const string&amp; permissionName, int userId)</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.099999999999994%" headers="mcps1.1.4.1.2 "><p id="p01082358147"><a name="p01082358147"></a><a name="p01082358147"></a>Multi-language string ID</p>
-</td>
-<td class="cellrowborder" valign="top" width="42.68%" headers="mcps1.1.4.1.3 "><p id="p191081235171414"><a name="p191081235171414"></a><a name="p191081235171414"></a>Purpose of requesting the permission</p>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p850417499329"><a name="p850417499329"></a><a name="p850417499329"></a>Checks whether a specified app can request the given permission through a pop-up window.</p>
 </td>
 </tr>
-<tr id="row13108123516145"><td class="cellrowborder" valign="top" width="22.220000000000002%" headers="mcps1.1.4.1.1 "><p id="p18109835101415"><a name="p18109835101415"></a><a name="p18109835101415"></a>used-scene{</p>
-<p id="p910913358146"><a name="p910913358146"></a><a name="p910913358146"></a>ability,</p>
-<p id="p11109235181420"><a name="p11109235181420"></a><a name="p11109235181420"></a>when</p>
-<p id="p16109193531417"><a name="p16109193531417"></a><a name="p16109193531417"></a>}</p>
+<tr id="row677573713220"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p16504124933210"><a name="p16504124933210"></a><a name="p16504124933210"></a>int GrantUserGrantedPermission(const string&amp; bundleName, const string&amp; permissionName, int userId)</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.099999999999994%" headers="mcps1.1.4.1.2 "><p id="p4109123511420"><a name="p4109123511420"></a><a name="p4109123511420"></a><strong id="b2227185715217"><a name="b2227185715217"></a><a name="b2227185715217"></a>ability</strong>: string of the component class name</p>
-<p id="p19109133531410"><a name="p19109133531410"></a><a name="p19109133531410"></a>when:inuse, always</p>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p115042494327"><a name="p115042494327"></a><a name="p115042494327"></a>Grants a specified user_grant permission to the given app.</p>
 </td>
-<td class="cellrowborder" valign="top" width="42.68%" headers="mcps1.1.4.1.3 "><p id="p31091835151413"><a name="p31091835151413"></a><a name="p31091835151413"></a>Scene where the APIs controlled by this permission are called.</p>
-<p id="p93361156407"><a name="p93361156407"></a><a name="p93361156407"></a>This field declares what components can call the APIs controlled by this permission in the specified scene (foreground/background).</p>
+</tr>
+<tr id="row722533813329"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p9504114963210"><a name="p9504114963210"></a><a name="p9504114963210"></a>int GrantSystemGrantedPermission(const string&amp; bundleName, const string&amp; permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p850412493329"><a name="p850412493329"></a><a name="p850412493329"></a>Grants a specified system_grant permission to the given app.</p>
+</td>
+</tr>
+<tr id="row1354353873216"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p450414919328"><a name="p450414919328"></a><a name="p450414919328"></a>int RevokeUserGrantedPermission(const string&amp; bundleName, const string&amp; permissionName, int userId)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p1050411498327"><a name="p1050411498327"></a><a name="p1050411498327"></a>Revokes a specified user_grant permission from the given app.</p>
+</td>
+</tr>
+<tr id="row1073519380323"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p1850484933212"><a name="p1850484933212"></a><a name="p1850484933212"></a>int RevokeSystemGrantedPermission(const string&amp; bundleName, const string&amp; permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p35048492326"><a name="p35048492326"></a><a name="p35048492326"></a>Revokes a specified system_grant permission from the given app.</p>
+</td>
+</tr>
+<tr id="row1692163820325"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p9504134953215"><a name="p9504134953215"></a><a name="p9504134953215"></a>int AddUserGrantedReqPermissions(const string&amp; bundleName, const std::vector&lt;string&gt;&amp; permList, int userId)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p250424993212"><a name="p250424993212"></a><a name="p250424993212"></a>Adds user_grant permissions requested by a specified app.</p>
+</td>
+</tr>
+<tr id="row1890399325"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p1950413498329"><a name="p1950413498329"></a><a name="p1950413498329"></a>int AddSystemGrantedReqPermissions(const string&amp; bundleName, const std::vector&lt;string&gt;&amp; permList)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p1150444943210"><a name="p1150444943210"></a><a name="p1150444943210"></a>Adds system_grant permissions requested by a specified app.</p>
+</td>
+</tr>
+<tr id="row13257153973215"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p2505184917329"><a name="p2505184917329"></a><a name="p2505184917329"></a>int RemoveUserGrantedReqPermissions(const string&amp; bundleName, int userId)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p950514973212"><a name="p950514973212"></a><a name="p950514973212"></a>Removes all the user_grant permissions requested by a specified app.</p>
+</td>
+</tr>
+<tr id="row144437398322"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p205051049103214"><a name="p205051049103214"></a><a name="p205051049103214"></a>int RemoveSystemGrantedReqPermissions(const string&amp; bundleName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p125051349123213"><a name="p125051349123213"></a><a name="p125051349123213"></a>Removes all the system_grant permissions requested by a specified app.</p>
+</td>
+</tr>
+<tr id="row13617183915329"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p16505049173217"><a name="p16505049173217"></a><a name="p16505049173217"></a>int AddDefPermissions(const std::vector&lt;PermissionDef&gt;&amp; permList)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p13505849103215"><a name="p13505849103215"></a><a name="p13505849103215"></a>Adds the permissions defined by the app.</p>
+</td>
+</tr>
+<tr id="row117857394324"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p105059492325"><a name="p105059492325"></a><a name="p105059492325"></a>int GetDefPermission(const string&amp; permissionName, PermissionDef&amp; permissionDefResult)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p11505349103220"><a name="p11505349103220"></a><a name="p11505349103220"></a>Obtains the definition of the permission with a specified name.</p>
 </td>
 </tr>
 </tbody>
 </table>
 
-## IPC Authentication<a name="section156859591110"></a>
+**App permission management for a mini or small system**: The following table lists the available APIs, which can be called only by system apps and services.
 
--   If system services registered with Samgr provide APIs for other processes to access the services through IPC, access control policies must be configured; otherwise, access to the system services will be denied.
--   You can configure access control policies in  **base/security/permission/services/permission\_lite/ipc\_auth/include/policy\_preset.h**.
+<a name="table9789027162518"></a>
+<table><thead align="left"><tr id="row9789427112518"><th class="cellrowborder" valign="top" width="55.66%" id="mcps1.1.3.1.1"><p id="p9790102717251"><a name="p9790102717251"></a><a name="p9790102717251"></a>API</p>
+</th>
+<th class="cellrowborder" valign="top" width="44.34%" id="mcps1.1.3.1.2"><p id="p779032715251"><a name="p779032715251"></a><a name="p779032715251"></a>Description</p>
+</th>
+</tr>
+</thead>
+<tbody><tr id="row187901627112516"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p138014275353"><a name="p138014275353"></a><a name="p138014275353"></a>int CheckPermission(int uid, const char *permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p57901727202510"><a name="p57901727202510"></a><a name="p57901727202510"></a>Checks whether the app with a specified UID has the permission to access system service APIs.</p>
+</td>
+</tr>
+<tr id="row19341734164410"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p123453412448"><a name="p123453412448"></a><a name="p123453412448"></a>int CheckSelfPermission(const char *permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p937645212447"><a name="p937645212447"></a><a name="p937645212447"></a>Checks whether the caller has the permission to access system service APIs.</p>
+</td>
+</tr>
+<tr id="row879032715258"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p13071135133514"><a name="p13071135133514"></a><a name="p13071135133514"></a>int QueryPermission(const char *identifier, PermissionSaved **permissions, int *permNum)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p1379072718259"><a name="p1379072718259"></a><a name="p1379072718259"></a>Queries all permissions requested by the app and checks whether the requested permissions have been granted.</p>
+</td>
+</tr>
+<tr id="row877239193516"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p878133903516"><a name="p878133903516"></a><a name="p878133903516"></a>int GrantPermission(const char *identifier, const char *permName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p678143943515"><a name="p678143943515"></a><a name="p678143943515"></a>Grants a specified permission to the app.</p>
+</td>
+</tr>
+<tr id="row3616164223510"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p1617142163517"><a name="p1617142163517"></a><a name="p1617142163517"></a>int RevokePermission(const char *identifier, const char *permName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p06171242143517"><a name="p06171242143517"></a><a name="p06171242143517"></a>Revokes a specified permission from the app.</p>
+</td>
+</tr>
+<tr id="row13790122742516"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p23273123365"><a name="p23273123365"></a><a name="p23273123365"></a>int GrantRuntimePermission(int uid, const char *permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p177908273259"><a name="p177908273259"></a><a name="p177908273259"></a>Grants a specified runtime permission to the app.</p>
+</td>
+</tr>
+<tr id="row18566191217452"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p169891916194512"><a name="p169891916194512"></a><a name="p169891916194512"></a>int RevokeRuntimePermission(int uid, const char *permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p937132011440"><a name="p937132011440"></a><a name="p937132011440"></a>Revokes a specified runtime permission from the app.</p>
+</td>
+</tr>
+</tbody>
+</table>
 
-    1. Define the policies for each feature.
+**IPC authentication for a mini or small system**
 
-    2. Add the feature policies to the global policy.
+<a name="table10494122145517"></a>
+<table><thead align="left"><tr id="row1494152195511"><th class="cellrowborder" valign="top" width="50%" id="mcps1.1.3.1.1"><p id="p14941221135515"><a name="p14941221135515"></a><a name="p14941221135515"></a>API</p>
+</th>
+<th class="cellrowborder" valign="top" width="50%" id="mcps1.1.3.1.2"><p id="p8494172116555"><a name="p8494172116555"></a><a name="p8494172116555"></a>Description</p>
+</th>
+</tr>
+</thead>
+<tbody><tr id="row1849482118555"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.1.3.1.1 "><p id="p1414381815720"><a name="p1414381815720"></a><a name="p1414381815720"></a>int GetCommunicationStrategy(RegParams params, PolicyTrans **policies, unsigned int *policyNum)</p>
+</td>
+<td class="cellrowborder" valign="top" width="50%" headers="mcps1.1.3.1.2 "><p id="p749582195510"><a name="p749582195510"></a><a name="p749582195510"></a>Obtains the access policies of a service API.</p>
+</td>
+</tr>
+<tr id="row8495521115517"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.1.3.1.1 "><p id="p966319247576"><a name="p966319247576"></a><a name="p966319247576"></a>int IsCommunicationAllowed(AuthParams params)</p>
+</td>
+<td class="cellrowborder" valign="top" width="50%" headers="mcps1.1.3.1.2 "><p id="p134951921115511"><a name="p134951921115511"></a><a name="p134951921115511"></a>Checks whether a process has the permission to access an API of another process.</p>
+</td>
+</tr>
+</tbody>
+</table>
+
+### Usage Guidelines<a name="section129654513264"></a>
+
+**App permission management for a standard system**
+
+The APIs provided are for internal use and unavailable to developers. During the authentication, you only need to call  **VerifyPermission**.
+
+1.  Determine the app UID and the name of the permission to verify.
+2.  Obtain the app bundle name based on the app UID.
+3.  Obtain the user ID of the app based on the UID.
+4.  Pass the permission name, bundle name, and user ID to  **VerifyPermission\(string permissionName, string bundleName, int userId\)**.
+5.  Obtain the verification result.
+
+**App permission management for a mini or small system**
+
+This section uses the bundle manager as an example to describe the app permission development. Before starting development, you need to declare the required sensitive permissions in the  **config.json**  file. During app installation, the BMS calls APIs of the app permission management component to check whether the required permissions have been granted. If yes, the installation proceeds; if not, the installation fails.
+
+1.  Declare the required permission \(**ohos.permission.INSTALL\_BUNDLE**\) in the  **config.json**  file.
+
+    ```
+    {
+      ...
+      "module": {
+          "package": "ohos.demo.kitframework",
+          "deviceType": [
+              "phone", "tv","tablet", "pc","car","smartWatch","sportsWatch","smartCamera", "smartVision"
+          ],
+          "reqPermissions": [{
+            // Declare the ohos.permission.INSTALL_BUNDLE permission required for installing the app.
+            "name": "ohos.permission.INSTALL_BUNDLE",
+            "reason": "install bundle",
+            "usedScene": {
+              "ability": [
+                "KitFramework"
+                ],
+              "when": "always"
+            }
+          },
+          {
+            "name": "ohos.permission.LISTEN_BUNDLE_CHANGE",
+            "reason": "install bundle",
+            "usedScene": {
+              "ability": [
+                "KitFramework"
+                ],
+              "when": "always"
+            }
+          },
+          {
+            "name": "ohos.permission.GET_BUNDLE_INFO",
+            "reason": "install bundle",
+            "usedScene": {
+              "ability": [
+                "KitFramework"
+                ],
+              "when": "always"
+            }
+          }
+          ],
+        ...
+    }
+    ```
+
+2.  The BMS calls the corresponding API of the app permission management component \(for example, the  **CheckPermission**  function with  **ohos.permission.INSTALL\_BUNDLE**  as an input parameter\) to check whether the BMS has the permission to install the app. If yes, the installation proceeds; if not, the installation fails.
+
+    ```
+    constexpr static char PERMISSION_INSTALL_BUNDLE[] = "ohos.permission.INSTALL_BUNDLE";
+
+    bool Install(const char *hapPath, const InstallParam *installParam, InstallerCallback installerCallback)
+    {
+        if ((hapPath == nullptr) || (installerCallback == nullptr) || (installParam == nullptr)) {
+            HILOG_ERROR(HILOG_MODULE_APP, "BundleManager install failed due to nullptr parameters");
+            return false;
+        }
+        // Check whether the ohos.permission.INSTALL_BUNDLE permission has been granted.
+        if (CheckPermission(0, static_cast<const char *>(PERMISSION_INSTALL_BUNDLE)) != GRANTED) {
+            HILOG_ERROR(HILOG_MODULE_APP, "BundleManager install failed due to permission denied");
+            return false;  // App installation fails.
+        }
+        // App installation process
+        ...
+    }
+    ```
 
 
-Eg.  For example, to configure an access policy for the BMS service, whose service registered with Samgr is  **bundlems**  and whose registered feature is  **BmsFeature**, perform the following operations:
+**IPC authentication for a mini or small system**
 
-1. Define feature policies. You can configure multiple features and configure multiple access policies for each feature.
+This section uses the bundle manager as an example to describe how to configure access policies for APIs provided by the IPC authentication component. In this example, the service registered by BMS with Samgr is  **bundlems**, and the feature registered for open APIs is  **BmsFeature**.
 
-**Figure  1**  Example feature policy<a name="fig715515221920"></a>  
+1.  <a name="li15901515152517"></a>Configure access policies in the  **base/security/permission/services/permission\_lite/ipc\_auth/include/policy\_preset.h**  file. Access policies are classified into the following three types:
+
+    1.  **RANGE**: Processes with a specified range of UIDs can access BMS APIs.  **uidMin**  and  **uidMax**  must be specified.
+
+    2.  **FIXED**: Processes with specified UIDs can access BMS APIs.  **fixedUid**  must be specified, and a maximum of eight UIDs are allowed.
+
+    3.  **BUNDLENAME**: An app with a specified  **bundleName**  can access BMS APIs.
+
+    ```
+    FeaturePolicy bmsFeature[] = {
+        {
+            "BmsFeature",
+            {
+                {
+                    .type=FIXED,    // Processes with specified UIDs can access BMS APIs.
+                    .fixedUid={2, 3, 8}
+                },
+                {
+                    .type=RANGE,    // Processes with a specified range of UIDs can access BMS APIs.
+                    .uidMin=100,
+                    .uidMax=__INT_MAX__,
+                },
+            }
+        },
+        {
+            "BmsInnerFeature",
+            {
+                {
+                    .type=FIXED,     // Processes with specified UIDs can access BMS APIs.
+                    .fixedUid={2, 3, 8}
+                },
+                {
+                    .type=RANGE,
+                    .uidMin=100,
+                    .uidMax=999,
+                },
+            }
+        },
+    };
+    ```
+
+2.  Add the policies configured for the features in  [Step 1](#li15901515152517)  to the global policy settings. You need to set the number of features.
+
+    ```
+    static PolicySetting g_presetPolicies[] = {
+        {"permissionms", pmsFeature, 1},
+        {"abilityms", amsFeature, 2},
+        {"bundlems", bmsFeature, 2},  // Add the policies configured for the two features in [Step 1](#li15901515152517) to the global policy settings.
+        {"dtbschedsrv", dmsFeature, 1},
+        {"samgr", samgrFeature, 1},
+        {"appspawn", appspawnFeature, 1},
+        {"WMS", wmsFeature, 1},
+        {"bundle_daemon", bdsFeature, 1},
+    };
+    ```
+
+3.  Register the  **BmsFeature**  defined in  [Step 1](#li15901515152517)  with Samgr.
+
+    ```
+    const char BMS_SERVICE[] = "bundlems";
+    const char BMS_FEATURE[] = "BmsFeature";
+    static void Init()
+    {
+        SamgrLite *sm = SAMGR_GetInstance();
+        if (sm == nullptr) {
+            return;
+        }
+        // Register the BmsFeature with Samgr.
+        sm->RegisterFeature(BMS_SERVICE, reinterpret_cast<Feature *>(BundleMsFeature::GetInstance()));
+        sm->RegisterFeatureApi(BMS_SERVICE, BMS_FEATURE,
+            GetBmsFeatureApi(reinterpret_cast<Feature *>(BundleMsFeature::GetInstance())));
+        HILOG_DEBUG(HILOG_MODULE_APP, "BundleMS feature start success");
+    }
+    APP_FEATURE_INIT(Init);
+    ```
 
 
-![](figures/bms策略举例.png)
+When you register a service with Samgr, Samgr calls the  **GetCommunicationStrategy**  function of the IPC authentication component to obtain access policies of the service. When other services or apps access this service through IPC, Samgr calls the  **IsCommunicationAllowed**  function of the IPC authentication component to check whether the services or apps have the access permission.
 
-There are three types of access policies:
-
-**Figure  2**  Access policy structure<a name="fig1848524515915"></a>  
-
-
-![](figures/策略类型2.png)
-
-1.    **RANGE**: Processes with UIDs in a specified range can access the BMS service.  **uidMin**  and  **uidMax**  must be specified.
-
-2.    **FIXED**: Processes with specified UIDs can access the BMS service.  **fixedUid**  must be specified, and a maximum of eight UIDs are allowed.
-
-3.    **BUNDLENAME**: A specified application can access the BMS service.  **bundleName**  must be specified.
-
-2. Add the defined feature policies to the global policy. You need to configure the number of features.
-
-**Figure  3**  Registering a feature policy<a name="fig1181753551014"></a>  
-
-
-![](figures/全局策略2.png)
-
-UID allocation rules:
-
-1. Init process: 0
-
-2. appspawn process: 1
-
-3. Shell process: 2
-
-4. Other built-in system services: less than or equal to 99
-
-5. System applications \(such as settings, home screen, and camera\): 100–999
-
-6. Preset applications: 1000–9999
-
-7. Common third-party applications: 10000 to  **INT\_MAX**
+## Repositories Involved<a name="section1371113476307"></a>
+security
+security\_permission
 
diff --git a/README_zh.md b/README_zh.md
index c169db0..a3eccd3 100755
--- a/README_zh.md
+++ b/README_zh.md
@@ -1,104 +1,369 @@
-# 项目介绍<a name="ZH-CN_TOPIC_0000001123217533"></a>
+# 应用权限管理<a name="ZH-CN_TOPIC_0000001101239136"></a>
 
--   [应用权限管理](#section20822104317111)
--   [IPC通信鉴权](#section156859591110)
+-   [简介](#section11660541593)
+-   [目录](#section161941989596)
+-   [约束](#section119744591305)
+-   [使用](#section137768191623)
+    -   [接口说明](#section1551164914237)
+    -   [使用说明](#section129654513264)
 
-## 应用权限管理<a name="section20822104317111"></a>
+-   [相关仓](#section1371113476307)
 
-应用权限是软件用来访问系统资源和使用系统能力的一种通行方式，存在涉及个人隐私相关功能和数据的场景，例如：访问个人设备的硬件特性，如摄像头、麦克风，以及读写媒体文件等。操作系统通过应用权限管理来保护这些数据以及能力。
+## 简介<a name="section11660541593"></a>
 
-权限定义字段说明：
+OpenHarmony中应用和系统服务均运行在独立的沙箱中，进程空间和程序数据都是相互隔离的，以保护应用数据的安全性；但是运行在独立沙箱中的服务或应用同时需要对外提供一些API以实现所需功能，其他独立沙箱中的应用在跨进程访问这些API时，需要系统提供一种权限管理机制对这些API的访问者进行授权。
 
-<a name="table1073153511418"></a>
-<table><thead align="left"><tr id="row11107193541417"><th class="cellrowborder" valign="top" width="22.220000000000002%" id="mcps1.1.4.1.1"><p id="p6107535141420"><a name="p6107535141420"></a><a name="p6107535141420"></a>字段</p>
+-   应用权限管理提供了权限定义机制，允许系统服务和应用为自己的敏感API定义新的权限，其他应用必须申请此权限才能访问此敏感API；
+
+-   应用权限管理提供了权限申请机制，允许应用申请权限，这些权限由系统或者其他应用定义，权限申请通过后就能访问这个权限相关的系统或其他应用提供的敏感API；
+-   应用权限管理也为用户提供了一些必须的功能，方便用户查看和管理权限授予情况。
+
+**图 1**  应用权限管理架构<a name="fig4460722185514"></a>
+
+
+![](figures/zh-cn_image_0000001113598272.png)
+
+应用权限管理为用户程序框架子系统提供权限管理功能，并且为上层应用提供权限申请和授权状态查询接口。本次开源的应用权限管理功能适用于大型系统和标准系统。
+
+-   轻量系统（mini system）面向MCU类处理器例如Arm Cortex-M、RISC-V 32位的设备，硬件资源极其有限，参考内存≥128KB，可以提供多种轻量级网络协议，轻量级的图形框架，以及丰富的IOT总线读写部件等。可支撑的产品如智能家居领域的连接类模组、传感器设备、穿戴类设备等。
+-   小型系统（small system）面向应用处理器例如Arm Cortex-A的设备，参考内存≥1MB，可以提供更高的安全能力、标准的图形框架、视频编解码的多媒体能力。可支撑的产品如智能家居领域的IP Camera、电子猫眼、路由器以及智慧出行域的行车记录仪等。
+-   标准系统（standard system）面向应用处理器例如Arm Cortex-A的设备，参考内存≥128MB，可以提供增强的交互能力、3D GPU以及硬件合成能力、更多控件以及动效更丰富的图形能力、完整的应用框架。可支撑的产品如高端的冰箱显示屏。
+
+## 目录<a name="section161941989596"></a>
+
+```
+/base/security/permission
+├── frameworks                         # 基础设施层
+│   └── permission_standard            # 标准系统权限管理基础设施层
+├── interfaces                         # 接口层
+│   ├── innerkits                      # 内部接口层
+│   │   ├── permission_lite            # 轻量系统、小型系统权限管理内部接口层
+│   │   └── permission_standard        # 标准系统权限管理内部接口层
+│   └── kits                           # 外部接口层
+│       ├── permission_lite            # 轻量系统、小型系统权限管理外部接口层
+│       └── permission_standard        # 标准系统权限管理外部接口层
+└── services                           # 服务层
+    ├── permission_lite                # 轻量系统、小型系统权限管理服务层
+    └── permission_standard            # 标准系统权限管理服务层
+```
+
+## 约束<a name="section119744591305"></a>
+
+-   标准系统应用权限管理本期仅提供本地权限管理的C++接口，不涉及分布式权限管理。
+
+## 使用<a name="section137768191623"></a>
+
+### 接口说明<a name="section1551164914237"></a>
+
+**标准系统应用权限管理**：此模块主要为标准系统用户程序框架子系统提供权限管理基础校验能力，不对三方app开放，并提供如下API：
+
+<a name="table17351104911243"></a>
+<table><thead align="left"><tr id="row43512497244"><th class="cellrowborder" valign="top" width="73.41%" id="mcps1.1.3.1.1"><p id="p8351104918247"><a name="p8351104918247"></a><a name="p8351104918247"></a>接口名</p>
 </th>
-<th class="cellrowborder" valign="top" width="35.099999999999994%" id="mcps1.1.4.1.2"><p id="p111080352143"><a name="p111080352143"></a><a name="p111080352143"></a>取值</p>
-</th>
-<th class="cellrowborder" valign="top" width="42.68%" id="mcps1.1.4.1.3"><p id="p161080358141"><a name="p161080358141"></a><a name="p161080358141"></a>意义</p>
+<th class="cellrowborder" valign="top" width="26.590000000000003%" id="mcps1.1.3.1.2"><p id="p7351174913247"><a name="p7351174913247"></a><a name="p7351174913247"></a>说明</p>
 </th>
 </tr>
 </thead>
-<tbody><tr id="row151081735111418"><td class="cellrowborder" valign="top" width="22.220000000000002%" headers="mcps1.1.4.1.1 "><p id="p1108193521417"><a name="p1108193521417"></a><a name="p1108193521417"></a>name</p>
+<tbody><tr id="row143511494244"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p2504174918322"><a name="p2504174918322"></a><a name="p2504174918322"></a>int VerifyPermission(const string&amp; bundleName, const string&amp; permissionName, int userId)</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.099999999999994%" headers="mcps1.1.4.1.2 "><p id="p131081435151413"><a name="p131081435151413"></a><a name="p131081435151413"></a>字符串</p>
-</td>
-<td class="cellrowborder" valign="top" width="42.68%" headers="mcps1.1.4.1.3 "><p id="p0108235141411"><a name="p0108235141411"></a><a name="p0108235141411"></a>权限名。</p>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p14504549163217"><a name="p14504549163217"></a><a name="p14504549163217"></a>校验应用是否已授予对应的权限</p>
 </td>
 </tr>
-<tr id="row19108143516148"><td class="cellrowborder" valign="top" width="22.220000000000002%" headers="mcps1.1.4.1.1 "><p id="p51081355145"><a name="p51081355145"></a><a name="p51081355145"></a>reason</p>
+<tr id="row217303717326"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p8504849123210"><a name="p8504849123210"></a><a name="p8504849123210"></a>bool CanRequestPermission(const string&amp; bundleName, const string&amp; permissionName, int userId)</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.099999999999994%" headers="mcps1.1.4.1.2 "><p id="p01082358147"><a name="p01082358147"></a><a name="p01082358147"></a>多语言字符串id</p>
-</td>
-<td class="cellrowborder" valign="top" width="42.68%" headers="mcps1.1.4.1.3 "><p id="p191081235171414"><a name="p191081235171414"></a><a name="p191081235171414"></a>应用申请此权限的目的。</p>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p850417499329"><a name="p850417499329"></a><a name="p850417499329"></a>判断应用是否需要弹框申请权限</p>
 </td>
 </tr>
-<tr id="row13108123516145"><td class="cellrowborder" valign="top" width="22.220000000000002%" headers="mcps1.1.4.1.1 "><p id="p18109835101415"><a name="p18109835101415"></a><a name="p18109835101415"></a>used-scene{</p>
-<p id="p910913358146"><a name="p910913358146"></a><a name="p910913358146"></a>ability，</p>
-<p id="p11109235181420"><a name="p11109235181420"></a><a name="p11109235181420"></a>when</p>
-<p id="p16109193531417"><a name="p16109193531417"></a><a name="p16109193531417"></a>}</p>
+<tr id="row677573713220"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p16504124933210"><a name="p16504124933210"></a><a name="p16504124933210"></a>int GrantUserGrantedPermission(const string&amp; bundleName, const string&amp; permissionName, int userId)</p>
 </td>
-<td class="cellrowborder" valign="top" width="35.099999999999994%" headers="mcps1.1.4.1.2 "><p id="p4109123511420"><a name="p4109123511420"></a><a name="p4109123511420"></a>ability:组件类名字符串</p>
-<p id="p19109133531410"><a name="p19109133531410"></a><a name="p19109133531410"></a>when:inuse, always</p>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p115042494327"><a name="p115042494327"></a><a name="p115042494327"></a>授予应用对应的user_grant权限</p>
 </td>
-<td class="cellrowborder" valign="top" width="42.68%" headers="mcps1.1.4.1.3 "><p id="p31091835151413"><a name="p31091835151413"></a><a name="p31091835151413"></a>调用受此权限管控的接口的场景。</p>
-<p id="p93361156407"><a name="p93361156407"></a><a name="p93361156407"></a>声明在哪些组件和场景（前台/后台）下调用受管控的接口。</p>
+</tr>
+<tr id="row722533813329"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p9504114963210"><a name="p9504114963210"></a><a name="p9504114963210"></a>int GrantSystemGrantedPermission(const string&amp; bundleName, const string&amp; permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p850412493329"><a name="p850412493329"></a><a name="p850412493329"></a>授予应用对应的system_grant权限</p>
+</td>
+</tr>
+<tr id="row1354353873216"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p450414919328"><a name="p450414919328"></a><a name="p450414919328"></a>int RevokeUserGrantedPermission(const string&amp; bundleName, const string&amp; permissionName, int userId)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p1050411498327"><a name="p1050411498327"></a><a name="p1050411498327"></a>撤销应用对应的user_grant权限</p>
+</td>
+</tr>
+<tr id="row1073519380323"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p1850484933212"><a name="p1850484933212"></a><a name="p1850484933212"></a>int RevokeSystemGrantedPermission(const string&amp; bundleName, const string&amp; permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p35048492326"><a name="p35048492326"></a><a name="p35048492326"></a>撤销应用对应的system_grant权限</p>
+</td>
+</tr>
+<tr id="row1692163820325"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p9504134953215"><a name="p9504134953215"></a><a name="p9504134953215"></a>int AddUserGrantedReqPermissions(const string&amp; bundleName, const std::vector&lt;string&gt;&amp; permList, int userId)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p250424993212"><a name="p250424993212"></a><a name="p250424993212"></a>添加应用申请的user_grant权限</p>
+</td>
+</tr>
+<tr id="row1890399325"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p1950413498329"><a name="p1950413498329"></a><a name="p1950413498329"></a>int AddSystemGrantedReqPermissions(const string&amp; bundleName, const std::vector&lt;string&gt;&amp; permList)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p1150444943210"><a name="p1150444943210"></a><a name="p1150444943210"></a>添加应用申请的system_grant权限</p>
+</td>
+</tr>
+<tr id="row13257153973215"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p2505184917329"><a name="p2505184917329"></a><a name="p2505184917329"></a>int RemoveUserGrantedReqPermissions(const string&amp; bundleName, int userId)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p950514973212"><a name="p950514973212"></a><a name="p950514973212"></a>移除应用申请的所有user_grant权限</p>
+</td>
+</tr>
+<tr id="row144437398322"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p205051049103214"><a name="p205051049103214"></a><a name="p205051049103214"></a>int RemoveSystemGrantedReqPermissions(const string&amp; bundleName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p125051349123213"><a name="p125051349123213"></a><a name="p125051349123213"></a>移除应用申请的所有system_grant权限</p>
+</td>
+</tr>
+<tr id="row13617183915329"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p16505049173217"><a name="p16505049173217"></a><a name="p16505049173217"></a>int AddDefPermissions(const std::vector&lt;PermissionDef&gt;&amp; permList)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p13505849103215"><a name="p13505849103215"></a><a name="p13505849103215"></a>添加应用定义的权限</p>
+</td>
+</tr>
+<tr id="row117857394324"><td class="cellrowborder" valign="top" width="73.41%" headers="mcps1.1.3.1.1 "><p id="p105059492325"><a name="p105059492325"></a><a name="p105059492325"></a>int GetDefPermission(const string&amp; permissionName, PermissionDef&amp; permissionDefResult)</p>
+</td>
+<td class="cellrowborder" valign="top" width="26.590000000000003%" headers="mcps1.1.3.1.2 "><p id="p11505349103220"><a name="p11505349103220"></a><a name="p11505349103220"></a>获取指定权限名的权限定义信息</p>
 </td>
 </tr>
 </tbody>
 </table>
 
-## IPC通信鉴权<a name="section156859591110"></a>
+**轻量系统、小型系统应用权限管理**：当前仅供系统应用和系统服务调用，具体API接口如下：
 
--   在Samgr中注册的系统服务如果通过进程间通信的方式暴露接口给其他进程访问，需要配置相应的访问控制策略。若不进行相关配置，访问会被拒绝。
--   配置方式：在头文件base/security/permission/services/permission\_lite/ipc\_auth/include/policy\_preset.h中配置访问策略。
+<a name="table9789027162518"></a>
+<table><thead align="left"><tr id="row9789427112518"><th class="cellrowborder" valign="top" width="55.66%" id="mcps1.1.3.1.1"><p id="p9790102717251"><a name="p9790102717251"></a><a name="p9790102717251"></a>接口名</p>
+</th>
+<th class="cellrowborder" valign="top" width="44.34%" id="mcps1.1.3.1.2"><p id="p779032715251"><a name="p779032715251"></a><a name="p779032715251"></a>描述</p>
+</th>
+</tr>
+</thead>
+<tbody><tr id="row187901627112516"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p138014275353"><a name="p138014275353"></a><a name="p138014275353"></a>int CheckPermission(int uid, const char *permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p57901727202510"><a name="p57901727202510"></a><a name="p57901727202510"></a>检查指定UID的应用进程是否具有访问系统服务API的权限</p>
+</td>
+</tr>
+<tr id="row19341734164410"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p123453412448"><a name="p123453412448"></a><a name="p123453412448"></a>int CheckSelfPermission(const char *permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p937645212447"><a name="p937645212447"></a><a name="p937645212447"></a>检查调用者是否具有访问系统服务API的权限</p>
+</td>
+</tr>
+<tr id="row879032715258"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p13071135133514"><a name="p13071135133514"></a><a name="p13071135133514"></a>int QueryPermission(const char *identifier, PermissionSaved **permissions, int *permNum)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p1379072718259"><a name="p1379072718259"></a><a name="p1379072718259"></a>查询应用申请的所有权限，并检查权限是否被授予</p>
+</td>
+</tr>
+<tr id="row877239193516"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p878133903516"><a name="p878133903516"></a><a name="p878133903516"></a>int GrantPermission(const char *identifier, const char *permName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p678143943515"><a name="p678143943515"></a><a name="p678143943515"></a>将指定权限授予应用程序</p>
+</td>
+</tr>
+<tr id="row3616164223510"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p1617142163517"><a name="p1617142163517"></a><a name="p1617142163517"></a>int RevokePermission(const char *identifier, const char *permName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p06171242143517"><a name="p06171242143517"></a><a name="p06171242143517"></a>收回应用程序的指定权限</p>
+</td>
+</tr>
+<tr id="row13790122742516"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p23273123365"><a name="p23273123365"></a><a name="p23273123365"></a>int GrantRuntimePermission(int uid, const char *permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p177908273259"><a name="p177908273259"></a><a name="p177908273259"></a>应用运行时动态授予指定权限</p>
+</td>
+</tr>
+<tr id="row18566191217452"><td class="cellrowborder" valign="top" width="55.66%" headers="mcps1.1.3.1.1 "><p id="p169891916194512"><a name="p169891916194512"></a><a name="p169891916194512"></a>int RevokeRuntimePermission(int uid, const char *permissionName)</p>
+</td>
+<td class="cellrowborder" valign="top" width="44.34%" headers="mcps1.1.3.1.2 "><p id="p937132011440"><a name="p937132011440"></a><a name="p937132011440"></a>应用运行时动态撤销指定权限</p>
+</td>
+</tr>
+</tbody>
+</table>
 
-    1. 定义各个Feature的策略
+**轻量系统、小型系统IPC通信鉴权**：
 
-    2. 将Feature的策略加到全局策略中
+<a name="table10494122145517"></a>
+<table><thead align="left"><tr id="row1494152195511"><th class="cellrowborder" valign="top" width="50%" id="mcps1.1.3.1.1"><p id="p14941221135515"><a name="p14941221135515"></a><a name="p14941221135515"></a>接口名</p>
+</th>
+<th class="cellrowborder" valign="top" width="50%" id="mcps1.1.3.1.2"><p id="p8494172116555"><a name="p8494172116555"></a><a name="p8494172116555"></a>描述</p>
+</th>
+</tr>
+</thead>
+<tbody><tr id="row1849482118555"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.1.3.1.1 "><p id="p1414381815720"><a name="p1414381815720"></a><a name="p1414381815720"></a>int GetCommunicationStrategy(RegParams params, PolicyTrans **policies, unsigned int *policyNum)</p>
+</td>
+<td class="cellrowborder" valign="top" width="50%" headers="mcps1.1.3.1.2 "><p id="p749582195510"><a name="p749582195510"></a><a name="p749582195510"></a>服务注册过程中查询调用接口对应的访问策略，仅供Samgr调用</p>
+</td>
+</tr>
+<tr id="row8495521115517"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.1.3.1.1 "><p id="p966319247576"><a name="p966319247576"></a><a name="p966319247576"></a>int IsCommunicationAllowed(AuthParams params)</p>
+</td>
+<td class="cellrowborder" valign="top" width="50%" headers="mcps1.1.3.1.2 "><p id="p134951921115511"><a name="p134951921115511"></a><a name="p134951921115511"></a>检查访问主体进程是否有权限调用受访客体进程的接口，仅供Samgr调用</p>
+</td>
+</tr>
+</tbody>
+</table>
+
+### 使用说明<a name="section129654513264"></a>
+
+**标准系统应用权限管理**：
+
+使用说明：所有接口均为内部接口，仅提供底层能力，不对开发者开放。鉴权过程中直接调用VerifyPermission接口即可。
+
+1.  明确要校验应用的UID及需要校验的权限名称permissionName
+2.  根据UID获取应用的包名 bundleName
+3.  根据UID获取应用的用户ID userId
+4.  将需要校验的权限名permissionName, 包名bundleName和userId传入接口VerifyPermission\(string permissionName, string bundleName, int userId\)
+5.  得到校验结果
+
+**轻量系统、小型系统应用权限管理**：
+
+使用说明：以包管理器的应用权限开发为例进行讲解。开发过程中，首先需要明确涉及的敏感权限，并在config.json中声明该权限，在安装应用程序时，包管理器会调用应用权限管理组件的接口检查该权限是否被授予，若授予，安装流程正常进行，否则安装失败。
+
+1.  在开发过程中，包管理器明确需要安装应用的权限（ohos.permission.INSTALL\_BUNDLE），并在config.json中声明该权限；
+
+    ```
+    {
+      ...
+      "module": {
+          "package": "ohos.demo.kitframework",
+          "deviceType": [
+              "phone", "tv","tablet", "pc","car","smartWatch","sportsWatch","smartCamera", "smartVision"
+          ],
+          "reqPermissions": [{
+            // 声明需要的权限：安装应用程序的权限名
+            "name": "ohos.permission.INSTALL_BUNDLE",
+            "reason": "install bundle",
+            "usedScene": {
+              "ability": [
+                "KitFramework"
+                ],
+              "when": "always"
+            }
+          },
+          {
+            "name": "ohos.permission.LISTEN_BUNDLE_CHANGE",
+            "reason": "install bundle",
+            "usedScene": {
+              "ability": [
+                "KitFramework"
+                ],
+              "when": "always"
+            }
+          },
+          {
+            "name": "ohos.permission.GET_BUNDLE_INFO",
+            "reason": "install bundle",
+            "usedScene": {
+              "ability": [
+                "KitFramework"
+                ],
+              "when": "always"
+            }
+          }
+          ],
+        ...
+    }
+    ```
+
+2.  当包管理器开发应用安装功能接口时，会调用权限管理相关接口检查自身是否具有安装应用程序的权限，例如：以安装应用的权限名"ohos.permission.INSTALL\_BUNDLE"作为入参，调用CheckPermission接口检查包管理器是否具有安装应用的权限，如果有权限，安装流程继续执行，否则返回安装失败；
+
+    ```
+    constexpr static char PERMISSION_INSTALL_BUNDLE[] = "ohos.permission.INSTALL_BUNDLE";
+
+    bool Install(const char *hapPath, const InstallParam *installParam, InstallerCallback installerCallback)
+    {
+        if ((hapPath == nullptr) || (installerCallback == nullptr) || (installParam == nullptr)) {
+            HILOG_ERROR(HILOG_MODULE_APP, "BundleManager install failed due to nullptr parameters");
+            return false;
+        }
+        // 检查ohos.permission.INSTALL_BUNDLE权限是否被授予
+        if (CheckPermission(0, static_cast<const char *>(PERMISSION_INSTALL_BUNDLE)) != GRANTED) {
+            HILOG_ERROR(HILOG_MODULE_APP, "BundleManager install failed due to permission denied");
+            return false;  // 返回安装失败
+        }
+        // 安装流程
+        ...
+    }
+    ```
 
 
-Eg.  比如当前需要为BMS服务配置访问策略，BMS在Samgr中注册的service为bundlems，注册的Feature为BmsFeature。
+**轻量系统、小型系统IPC通信鉴权**：
 
-一、首先定义Feature的策略，可配置多个Feature，每个Feature可以配置多个访问策略，策略的声明方式参考图1
+使用说明：以BMS服务通过IPC通信方式对外开放接口为例，讲解如何通过IPC通信鉴权组件配置对应接口的访问策略。这里BMS在Samgr中注册的service为bundlems，为开放的接口注册的Feature为BmsFeature。
 
-**图 1**  Feature策略示例<a name="fig715515221920"></a>  
+1.  在源码路径下的头文件base/security/permission/services/permission\_lite/ipc\_auth/include/policy\_preset.h中配置相应的访问策略，访问策略主要有三种类型：
+
+    （1）type为RANGE类型：允许某个特定范围UID的进程访问，需要指定uidMin和uidMax；
+
+    （2）type为FIXED类型：允许指定的几个UID的进程访问，需要指定fixedUid，最多配置8个；
+
+    （3）type为BUNDLENAME类型：只允许特定的应用访问，需要指定bundleName（包名）；
+
+    ```
+    FeaturePolicy bmsFeature[] = {
+        {
+            "BmsFeature",
+            {
+                {
+                    .type=FIXED,    // 允许指定UID的进程访问的方式
+                    .fixedUid={2, 3, 8}
+                },
+                {
+                    .type=RANGE,    // 允许特定范围内的UID的进程访问的方式
+                    .uidMin=100,
+                    .uidMax=__INT_MAX__,
+                },
+            }
+        },
+        {
+            "BmsInnerFeature",
+            {
+                {
+                    .type=FIXED,     // 允许指定UID的进程访问的方式
+                    .fixedUid={2, 3, 8}
+                },
+                {
+                    .type=RANGE,
+                    .uidMin=100,
+                    .uidMax=999,
+                },
+            }
+        },
+    };
+    ```
+
+2.  将步骤1中定义的Feature的策略加配到全局策略中，需要配置feature数量；
+
+    ```
+    static PolicySetting g_presetPolicies[] = {
+        {"permissionms", pmsFeature, 1},
+        {"abilityms", amsFeature, 2},
+        {"bundlems", bmsFeature, 2},  // 步骤1定义的BMS的feature，数量为2
+        {"dtbschedsrv", dmsFeature, 1},
+        {"samgr", samgrFeature, 1},
+        {"appspawn", appspawnFeature, 1},
+        {"WMS", wmsFeature, 1},
+        {"bundle_daemon", bdsFeature, 1},
+    };
+    ```
+
+3.  将步骤1中定义的BmsFeature注册到Samgr；
+
+    ```
+    const char BMS_SERVICE[] = "bundlems";
+    const char BMS_FEATURE[] = "BmsFeature";
+    static void Init()
+    {
+        SamgrLite *sm = SAMGR_GetInstance();
+        if (sm == nullptr) {
+            return;
+        }
+        // 注册服务到Samgr
+        sm->RegisterFeature(BMS_SERVICE, reinterpret_cast<Feature *>(BundleMsFeature::GetInstance()));
+        sm->RegisterFeatureApi(BMS_SERVICE, BMS_FEATURE,
+            GetBmsFeatureApi(reinterpret_cast<Feature *>(BundleMsFeature::GetInstance())));
+        HILOG_DEBUG(HILOG_MODULE_APP, "BundleMS feature start success");
+    }
+    APP_FEATURE_INIT(Init);
+    ```
 
 
-![](figures/bms策略举例.png)
+完成以上开发步骤后，开发者在Samgr注册服务时，Samgr会调用IPC通信鉴权组件的GetCommunicationStrategy接口获取服务的访问策略；当其他服务或应用通过IPC方式访问这些服务时，Samgr会调用IPC通信鉴权组件的IsCommunicationAllowed接口检查调用者服务的权限，如果满足访问策略，则可以访问开发者接口，否则拒绝访问。
 
-访问策略有三种类型：
-
-**图 2**  访问策略结构体<a name="fig1848524515915"></a>  
-
-
-![](figures/策略类型2.png)
-
-1.   type为RANGE类型：允许某个特定范围UID的进程访问，需要指定uidMin和uidMax
-
-2.   type为FIXED类型：允许指定的几个UID的进程访问，需要指定fixedUid，最多配置8个
-
-3.   type为BUNDLENAME类型：只允许特定的应用访问，需要指定bundleName（包名）
-
-二、将定义的Feature的策略加配到全局策略中，需要配置feature数量，注册参考图3
-
-**图 3**  feature策略注册<a name="fig1181753551014"></a>  
-
-
-![](figures/全局策略2.png)
-
-UID分配规则
-
-1. Init进程：0
-
-2. appspawn进程：1
-
-3. Shell进程：2
-
-4. 其他内置系统服务UID <= 99
-
-5. 系统应用（如设置、桌面、相机）：100 \~ 999
-
-6. 预置厂商应用：1000 \~ 9999
-
-7. 普通三方应用：10000 \~ INT\_MAX
+## 相关仓<a name="section1371113476307"></a>
+安全子系统
+security\_permission
 
diff --git a/figures/bms策略举例.png b/figures/bms策略举例.png
deleted file mode 100755
index fb9c3d8c66673f5c5b69718f59bb09dab16e48a9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12558
zcmb_@c{r49`~Qu~Qc@%&rn1#k3fW`IRwRao?37T1?6QrgEZHl`l4z2Qp^y;Svy^R8
z23afF#=eYU#?1V#(ev~^J@5DZzQ^}Cet&crch}t4b=~)Qo}cBsL?I2%aC7b9f*^=n
z_pFvN1hL>Ch*gVY3%GLTkX<VH!Qy3nMgw};v3C;uvdQW6`O^?ol(2RE(q`~G=Z&-G
zUJ$hX9rGVcvpe<*1Rc-P)jEyxx0x9<j1fN*GQTjMwEV%V$a`_0edT5I*WDZocbeZO
zvo}Pqa6A&~&655!{WA4t#Z9}-ti@-&c8p-m=W1h5vyugm>KxH2e0S=Yf6%p{;~_gk
zHXEu7F=WLKh`o9hvX=8ywkDEiwxul^Cz`tMcE#ijJs~kMkqZhn-U)|Jb#m}SPp*b>
zLC6yto1ueyFs#t7I3x=ct%HRiZ7~!S`gA9*JZL_K7<rL_q8*!=!yybrycQJ+nR&Dt
zsy6A&2b!0^1#P{C{<ebJlN<bA^@X&J&BdOc?xkWo#^gwz?{I4jv8%r<c7<lGrha~!
zJ-$aAL&=I{*crZm0aIU(`BB7+UQhTOuNWJ5XAZ`Y^cdK#V%E<|u%)*$^62y$4Fto1
zV#X;?cdAh~oPCtcSvPvqIdgn{aUbRr=H%IZf2^GsfPc^pdZHOY#520p=rKgY5UD#R
z?%3^@=*V^<UX3K*mGsnI-7XkpcyXeEH+^O9R%%R)rt|aX@&(yVv`C_%`qgHxr`=lh
zfwZeDywwq~2TCY;ntH$ece23VsVf@%Cl#06lSL5=)%W{7uVX{jo>JP{1L!l_q?~}^
zn?B@WVsOoxVKL1%LqSd)ZMvLOvo_~gx@)dq=)P@VQHk5}cSZfQ1s4S(`D#W#_l<d*
zt|{E`QbE=5+nX<+hLF47Y{#%}clZODntE0^XZ4u{VkJ|!@ze)Aw#)3TMz+D?Y|2E*
zg>Tn19xAO-o15n@Ahr+3l-lbgQOo4+=^+eh@pWFj49A<qu$Kl+40Bp`$aRB{V_|NF
z-9wz#u08i|NV!!Fs+Hv_qA2Ay`rfZAi-<G?IU~=uEDC!MhCYQ|A65-GM(kBEpw~ow
zF~o+xOP!I!jcqD0=*l(MSGcbFolkH#9HBrDA$je1YFDX*8Y{Z#w%1l{O<fxkZL7)~
zm&zdPPG)@U-<QJoI%EIM)5HikqdZal+tfa#8JAp-`otP?K)XT$S#+S(1G7k`7QDz1
zZtQ8VO>>nCC$4Dwj8=zzi>c1<bpIO27T>il2dCAnyt{L4Xo09DJew(tDnHwcPrube
zvh8oEAMUAUUm8#nPYl;XNUc|C(5Ldq%H9gu-i8x1x;IZ@2NtBYZabaKy(8p`ZJUau
zN^LV)wh>mS{x;S9kb`j6S<)vs*u;9kV2-`pE)_`%$~%uxRO+0)V`vwIeO0_$7`IIC
ziiMZFkmNM^PL7txUtm<1qp8o@V)Y`g+F?(ss1I=lU&MM+ANc2ga6(mKq8(8pZP-vv
z^RIGnuX@ACCiR}Jsa)qzW<@7l3zz9^UMr9n=lwzp#^{|?BrD%Lh*}xONX<(-BG#?Z
zA1l7|RRl~s%2Olt=7a^|a(pq4UZNtnF`t2H__nj_0Y@3+!e&AOdw5Hg>6qV%mUJWK
zAf0e|%YCS5<w<ICXCD+s4OyKRplsTk5!8M?`(`!6f}Y(NK%Ey#`u4s1>i3T@xI~cK
zftT&-%~i=0WRIt4O}-h^bsOL2BaP`FY3HmKvdgNG<<RSh4*w&JSC`g<XlXOmnG8w!
z&mJtr>u*-=d-~b&*w<GFELH<|z`r6TIr+DX-H~<F0bAaWYKHse?vy*EiVARuu2Sz|
zjc3QGD70sH1S1~RD@mftkEs@R!;Zs#)fQK8Y{>j=n0Of*bbRx#s~Z)kGy|DiW7}!V
zQ=Q*oOl5)2T$8}4<VjDREjlO#<>OT}vM)Yyl-vxtX#FZpFT_yn796{v<257OlisSr
z^K{s1on^9^H4Oi2&_<c--U+XgZ8Y)mP%YtsZnT;5;`X@ESZd)fq(F%?Il!!QB0ktV
z;!r;9pC#~e!Nr6QM6ONnausEK&cv2ROeB)aY!l+^LMqYCibF3#Y#Hl>z}yk&IwyvA
ziibc;AO@34yA5&Fx}`IPQVVwLOMZDg#?5*Y3sONfx50X>!<;wqi}6YE9c4VjX=aN(
z3^~~{uwU5>yN*7?|02^gVdzc*OQC$2v*hFBRpdn9?yL~{gteU51*sA8^tMAO{Hb5G
zJ)2(3iTjq0XY_MkIpJH3=o`9vd!cS7Gh$@(TsHT4)vVadSs~<xH_%;8tmFMOBl+Yl
zGao9{FnN5zO1C-U6J|I}R{JDHzd7hK$|VizBuX<DBE$4(ZnLCY<fjRw@6Q+_i#6=f
zL9htPQ=({{AMG#u_W5Y?cNCtagu&v58#Lqi9<NvRxRl=PBioh5aVOOb2fC65j#tlY
z%OBhV?bnb`w39UYEamT~0owsb`##<FctKq3`6}j<T<Q(R158W!8O9^6g1jAYD42tw
z{~ft`|DIj&gg8SljbR~No4SN(UUxM+Bju(Be+L$_Qv~-@LQyu&fn<qbCJU}>R53H;
zC0WJSmw$_RfSTcaVDCsDKGoN%<#Rz2RfPSM;)lwYFKum5Ik_~*G!oga6{(lmAad-8
zs^%!`$2}?|GWD$y3rn}jrZov?+5_jC3R&cS20Te|H+zI0XOjsfB;mnl;&%zM2wQ0w
z^4mnZnv>3E@S5uvZuogf8rMDti~p|}%J&f+ilbMLubF!ypi}Y4xNHVT(r6H5CmrVe
z>~r(Qwr7x?PMEVeNQb2ZC@~NpDFT>1y21Cp6Bn*|!XUeo8WPW(jC*<rqc;N(klh|I
z))56AKc*qin`y*STM4QfK=3hbtPTid=H-VLskbb%*lMqH5H^`j@jzpmf6Ipb2RNbD
zeJBm^m4~OXVSoS}xsBumvzl$e@WRDVIfTY@O9cOJ;Z236VS3mw<fMtrs=YmQ_zX5o
zkAwek8Cx%_h6G4LJE1VWJ4lvVS&pQS-!vVn&(?`Vu;hzicvXJ5Jkq{VfQ#v$q(Oy}
zVR{pH3tW$9u@-WJkMo%Ca&V~s)W6NVAJh=8S@<@)QH~@eC+6}C1Y`+DwSWbJq~rx#
zE8M0b;f?K)ybF~^{95s!*MDEn4ou4-@1g;}YOEV=MVn+lTzm{C9KfIw+MPP9`(9Az
zrpBvRkZK{uRbz2}BlNPF(ym^&;m1;)E526HyB+ZT8c7#CvGu*)sdhe^mo-=BGj8TL
zQ%Wn=;s=KnOSdPL;dSE7Sl;af0|^eZi3A7J_TwyDFMi}G%ay=%;ps}3=KGSAUI#x+
z*u#&r;LB-{p@zZBxKHh7?n8M^D9Ps0{HV4Mv2?H+`?6B_6p?nmm*_g4Od4q=wuu(7
zbvGR1uNJk}G?7b&lCGu)YZA2Z{ag0MfL-I#gRlk$9k^B{{h@s9+xIWgm6Y<hhtD;}
z>T|Nj+e`N<X2fe!mG6y7kIGXtN1G<54dZ6i8G0QVvnKAmaJ%Eocjrmb7#&X25)l|O
zK#0IqO{KNy+g=zB=jU_^z>D!=2cz|edjY0(awLH#Imu%px7GMt)Pc{cS)Z72SAALz
zeiPg0zV^jVepoPnMhN#+_%`Hw0Hx8tJt?ZQ#7_t>5b|)B9KH(Ybit$TJ95$^E#*s3
zTm0L1SY+-wpCMnh?igabsxLzw^C_WfT!pgqW@ino@G>)=Mm0yJzm%JwUk_&&dDbxf
z{<?c+PgVZ7O__Xq@}c$CfTMiR8@Ayb9ko{$A9G(^4We2o=)V|{Kv3NkmW?F~_lN0S
z?Z@oN35+U0Qx#&<WmpgEfKW@iOFwc*jj!Jso0ckmkM%xtV||HahsXheqorzDte{B#
zBNP5ZT(O2aFvEjTu-3ots8x9VOzTT_CC(-G*VL+}kA(f=_J?O$_T0YMrF6MHxN$X+
zEmjNM*d!qXK{R>DlT^kPSd6G~eTkeLR+V45ZJ6h7qgE_x!efv{6C0rQ#kmC0_XVf7
zMH0q`dWS11uPgeMb@uo?(PrL*hoNr7F2+efzDjftjNwDSRryjTwOUpa^g#KW;n(F6
z;^dY6L3si5)`IFHjRlD1cp21_vg5ZKf;L`aYscP!SnU`mtFa%jllYehhqly-jx<eJ
z880>~Mntr<FMb*+ZT4#xl@`Ihe<l-^d(c4M*YAjkxkk9q#(oJwk~=3eo^|OWe6D?L
zsNFjp7b98|btlSH)t9pH5vi<V_83WuQyZw$%$Al3A$yQ~oijtr^RGIgDZx3%j`G4|
zH#T7tqBHtK!=za8Y~{ozO|_hH)8)slaeNUtzw6ZWfP6EhmAh|JTd(DsN2QB=4v9Z8
z<Af?1TPn$Tv)kj4U~?=p{ws|zxKuv$uIvGkpsgGPX~*ZOj9?Kp&D0xBpB<i(mRrks
zsVf4Nw!-<-y~N={I@!^2Gbc0X7j?p0biN%Ceb@2&RoT<II9>RWN%B6<Bu<xIA1zh`
zXdYXov)T`ml|Ky`Cm;05uc*;n9NyK-hT-k=#kT1xDxSL=*^)V$(sKtP(2_C#w4mWF
zzST;w9$&UNCv($yP-X>Lj>kr5=~2@5FZnF4E@obxZg4U#7s5~!9VEkLn6JTDs!UDO
z;TR)qKv2^7w75!g%)nIXI^UBJYxlP*EM-!|tL60ReASn`Bir5P;??wJQ7d6{>YC0C
z#TgwnjXS=LU(j2WgLn3pe4VRtPHlY{#$~?~j&Y6T;{AZ+c0gnaD`vH%cunuY)SEGL
z>5^@L>BG0)sf3P|=R6<M?N!I*$An?bs>;E?(i3rMtK2s7my3+?q*}LMrF;kGXNcco
z`Ohe!auqubySm+cViy$8toK*3=^dAIp+a?l7k7}8q=f*}UF@O!{{}KiJK?+6Hx-6}
zVX??VZkP*>rciejk`r9_nM^3avY9DrNT3X`vT}#WWu`&FBDMF#P#TSq(dTYKrnkU2
z7(8%91z=zNUI0}GP~}O7x_qUnEN0;SdVfU9yU-R0-p~{Ps_lE=Q16a^!qi`T14#Qf
z1Z?3*vJC!SQ4tW7*2@DmCxCf&-~cYK8yyQJfcYiD^p4(Z(C4b{W7hlMzPcR-chlst
z69x#l-_~-t`nD>SwU+}d=6#PsiV;ii7VvQuxgf+J>iX{wV+WIxE*1Y!hs?HuZEIiw
zRM+m_0msOKNtm1X6PiVcC7j}+FZTZj$o^HRJX@@ekeg`kc`(LG__!{~B4|L>7FE_&
z?PQBmT%YmFm>3_ZV1yK(Pax0R1h##sBA!PFxevSWRLwj@><$HQ1ytW%dvQvlMt8ep
z%4Uc2+|;Q6^9<fvN8*NjTUFHs@mr+t7}C-e=Tb5WE;}UwnE?qY?Uk7?UF;meY4+xp
z&YSZ`IkQ7nnmKRxyllYC6a}I7!f8qz1gg&yn~66mcHx~y%|rRON4}3F0Jw@15ku7~
zZA|>b2^HX4pDaMg?f0cVtypw}a><I9^2#3Db|)OmlMAfeZpN2`T3xJ1rXJkv(OG;T
zQ2Ap-Zd6KOetZ%BTC-g8x>c<)2mkTyKOq+RI6d7Y*(0UW+{o{qHN&6eC4BUJcw4yP
z8T=zxW#5w`4>Rz0>hI>R`X@8eZsgXc&Xgl3za$06b(Q+VLI-~W-_|6w3$Krrzbefe
zJ8f3JV@>Y0Xvm#qd}?dR?5f@FANWFICSk=2Ydiu(M-%e}!E+F(_9JJ*rK0ucfMA5D
z8LdUMVQ&c~3J8#0Yf=Pq6s{A?4RMd!{i9m%gmI<p+Ndu2u`jDy{j2ATpQYTKHBoyM
zZNEEGFX3}TTeYL_K*%NRQ*)CY2hKIO+R$TG^2Ub(#^Q2TdM>#*ncPB7;zxb}=ycq8
zhW`mVC8)CDmmN*u`zG(E^iIrpydT)s20JEmcu8~A{bEId6Qg~LP0J?0a5-I7Q6t{R
z7D(>H5gu|ncJ0jP!22mvBHQV*CAW!OqPX!XUgiT1T&$kHOMTi{>V$$knS=hs#ow~y
zcWU`7PJavxb362~d9M>XBRy?zkGss)Ix{gwLW(Pi`)<vZ`{i|)U+?;yj!~h#37`<o
zN$ou_U$WZjYl_ayXC_#_qq(Ek-uE-E`2cPDWP=-So!87pSL0r$L61$6i5|nzM7~d$
zwb>D3T~8EpGPJ}))@bqaGqG;<>bxdwb3p$L`^OD3wQH_)udihw<51afzQH}qkEP}Y
z?-w*l>rX5Euf0Pds!#IR;@b*iyENW7KSH;42tCfyxH9rgj4vGbcIF*%DPU}Qjg7Qq
zNw__iVPaSlls5<q=RSpC)*WNta5y^s`Q;z@yWfStJ2kE|`a?PJW&F8>#DMbxr^>7m
zL*%6b3q?IiElIr@d!HzLgRXXK!u_a}zF~FtQ?QMDG=;U~i;A{+Rw5@0v8^FQIjo9t
zGKKeR24)da_9@e${2<PwFV$3R=c{VuWUvB~vY4sf5su?dQB_EBV0jN1Sr{DnN}HQ=
zGjliyH_DMEa@dtOzB+_0E$HoXa67?`S;n|c{L&k|oLf7viwm;*Wf76ZIjf%gLP0qP
zTuSzjiIDyE>GRe~-g}A7?=&1(KQ}Z4w+G!rawl^oQJn+iG^49WovJqr1|L37@6L>V
zMG2;nIZlDf83yOarKx`FOLW`8jkbLUdzbm8Yp0P+5k?Q+wvNnp(w<cw(ID7VZ(Xh9
zqQ~Q?e#VlfzUalg$rYNEqem?e?M!U@T)Y5Omp3y+!gJr8d#1&8mU-|0NxuAwvA>Ix
zU%@FcPIo(KL&3hYoH|wxtCjpK=&Y%DTOHj3?t^9p?$;D&*D;h~Gy{gghgc6Hspw@q
zW#O$K9e$GTG)}^!O{x~mmru4L)ThAzR|$(yDfq4>MtQ)XYR7eI0+EVvF3Zjc^z^g|
zMo+k~@iAY4GfN0|86WwUpSH_8)auDzejJ{TteSFl*W?!w*z72!=qqO`vWKK3c&0HY
zBtQOq^%xANNN+pYeL5zAWj7P8P4xUsmT$<Iqrdew+$t?`RNmjrLx{KR^xOU1^{Hb|
z=h87T+yc?ww}UA8fQL|!r%2>@Bh>y3Lorudaay@a8ku994bP2B2&4&1o6(nC&ZmnP
z@aThl--&x*jcI}9O#1uFiL1pdY7)?g1B%<#dvx-+@7=sUbgt4}C>T?LkuLe7bY2+e
zrIr!>bqa9-&!d^GaYcGGwKcYG6wzqIx;LnNX9^3mG8`I&xOq&z4;kBFm-WxJ-|ccT
zQFYUv^S0?9>Kmz#BkXmlC$u%}MQ>5~V+c8kObONJ$2sm5sS8lZZeG^p*EzgaQPMST
zQM*CW_00F7>O6=}?t9h5w%YU6l$O8tPr;W^G#x@riywZ_<ZpY}w{J_qi-|86miJJ6
z+GFATGIpHITA1A?jGI*&@|rGVrH%X9^vC->zYIp}r5NQlk9j>+l-y=Q_Oup03aYYM
z;F@6-Ebs$<OP<%Y9cIwalDsdvg1<_=TJ^1S=17g=Qsu1wQlAK1I60t64vk$mH*IA&
zW`@)Zxe$XFs4!iIBAJffa&`j(K+L1pUc?(5&(pO^do*jhJfmxvm+9AevN?VVEluG3
z64b_tNG~}dwSExQo-82AVM5jBM8D<knrU!QZ>)-^*Lb{d+vf7=T<BK1U+uz%tl~d@
zuR+3cA5+TkACGvH#CK?#`I(^Ok3REY5y6<Nkt!3OxmYuPmns`pH0)4M>pd5$%ow)~
zWVBZ#i~X?y?i*75uWa}){BB@TBR6S3Waj{=&1ub1?5LBZjS@ek2Xs<2N0QCE+2dvT
zP-r$Yg?_8~EgUBPkG4W)Vt~=;V0V>q$;%yvrho_nEURL<`C=DKzA)f!QmE8al=oqB
zM+l_E3+Uh~(nEJgtsWphi<&;hkC`^h*Hw`I2Q-o_Q#D-2U%^6?0E1%ZHYx6g*`8--
za>$7%0Cl*3(V}1diho%$diu1YqqaNQL(6yKik62@6zT7T+QN}>&%3+qH+w-TTQPfp
z^;nzEL14B(#<Z}KPfQQh03JBN4hcpg&ua}E-+nv8TKfYG7~2vaq%8uCoyO{n00Se1
z@1Ngoy6nIOrSM~TU3w@Zd6UrJT+bP-=4QwY0iM*~IxN1+7}=P*?u<+cG8+`%ujhz5
zvTZBmQj&HKos&?o`pyzEV?NuT-*A=3s3_Ou|8%p0q0p?74CEoW=@H(oP~I!tIW%)=
z-A;U&M&&gn->0Ua8$qQD4qVclthJqeI@o1v|5RWU$yn%OJr7?<nXy`73mx%U#yEFx
zth7)suY8#uGL!l>-9K7Dz$Nu1MNLh$5|5O?pc@Z>eOgSsk05RiHL*B@UFOwgT3B%a
z?tiwDUi*Ya_kRRdtcV|WdPen4@i8c006eo(ovX3Gb(&m7FrN-zurd)SyFi7Y=Ias|
zTv0a+%KsDqR$?Z>Tuz@+Wb|3qTFQot`)h_18WJl3q>1%JBH_$%9-3}LA{40ShM=jW
z3BmkE_A<0Z6@>r{SQ4I$z%kxt)>sDb5Mi?u4b#g<peR>N-Ca@>t&}2Sm9OcH2zY*<
zrVnMJY^##hO*P`scNnKnffmSql-O&j^T44E%QtjXxjfl?;iDA3-XO&*^2+Q&@eoya
z$^8XmP>Sx(xi10P{)|s@PAdn!;nGqGhIwb^sw`>Ma))J$UpqS9=P*`5!P7`7?yGpR
zlb3TKZIzpvmRm%ix@6=vMX%(J(8kZ4p5@jZ?k%}d+B?fr7MRv!T60m!X5PlPa?UX#
zeSrPz-3^b_#~_XL0oh)=?4ct5Ey{PCvj(^ddp^fGh?d!xhnD-NHn(3#X1=fDs}3o!
znMnKC>)N?cH5b^^OQIK4jz15nSzl$-C>aSZV^n=d%R!M^SjVS^L6nB8Yf@G|pI#^Q
zCtg!T4RVA7f5<kXtC>6fCf5EPpZAFj^>0)>57{roeXjSheY3ZI<z2!$dCwkR+yK=S
z&u!bxaPPX#c4G%{iz#6<?O5+410QaHUQATi<M|6xOUfGA!+tx`CP;qiwYQbTS4i<9
zw2r1QOiPu!NW-d+OBmNdR!mxy`k_D!m%+2!8ly#0pOj3!!r=mYT(4j$O{Ub_ML8Kp
zqeFh*eV_-oft8!-JtCB(YBVbhuX0aCPLdx6!%B8y`s96A-Nzg+UOM%urkIy5JUK#a
z26wYLyb9Y*RSkUUCg){sosmOkySpDH*C}P~vxfcl_=aCZOS(60oGOL(<K2Ej>f1ex
zu{Uyk;qzRT^3Z2tc((iW1n<DbvI}w|0>@huVi3MnYW~Mmhy0udEav9!U7m~bC9R&Q
zf`xKmSf6_W?Q&UXvwl31CF`-Nz_Idac2IGCZ>avOK>aHl(n2j&#wq`@h?CpPnQagV
z%G!y$X8^O6Nn{Nb0v|yNw8bFfn0BWP@PSF%Ty9ekv;?YPfMlcd7wEVuaD|!m30TNc
zpb4@u3MA6soaJ*b^cNPNs+^x;gJN~ClC>7-zt^fbKnip>yx{+lOd*9ZDxkxgR?t*D
zv@f&-fD@3%1<`ddVKy`6pDMOogsEcxfeSz>FKKhl9^Ym+vmuuIkK79U*@X+02aAsk
za=rbhN{-~=2d*|#I{)tJ0#6teiyId&{pCc11`gAS1~3EJ(SB(VjAoU>ADck)1dxE=
z01rHbzlnYh69Y`lX!Vk|&s5nl9E_R~Y&7_hI$YqU9<xGl8${b8$R&})g+!vfd!;bB
z#<eWF$(K5NGODy}gjJB~KI78wYw|ZeZ{3t9%q#pVlH6vm)?G$u_nW3y7x`c-gB6?`
zxCH;JJ}wUG!XgQ2N)qv3q)_Fq(5nsM2|B;aePPFr;VzWTFuS9Jknx;*y{WruO+L)l
z)M>?Eq)^fzcb+6Dj7uxugw-0E7RE^i3@Je7Kc%#$kEf@pb<?FqN9{pvU)l%(@A~=#
zzpQ||h?;xp=$i%ay?ywo6MlyZI$>}{9VfK&b@JLp&lT^2fJ7t<Xix$B`?CO?(JfAV
zGw(~8M1Cpq+`s5_HJIY47FUf-4VKh0x<YAk)Y%N;2ar<(G&arrE|=l1)FGjy?ItI(
z7P-@mK4=m`S^=e6YqE32BR3BVZYt#a?_yU(CtS}Ow^TY+WP@@aDx#7(lR~D|dO9<k
z<5p>*{2Q7A2KW2W(eC{H*vW}~5{_pa1F4m>4r=6z7uTxwzu9)Xq#l=WL;~9JDtYeu
zoBHwoo>!NgN2S-kpo=ldvVSlML;rSy(%`uuT7TK4AF(^lWSF5Aw(O)knc8crNoW&~
z+I5#{+Y&M=kE#BszFIT`LUZpw<MA&d^^dsvvz>wqX&>Hl?HhcTo2{=}t!@h9$>5xP
z#LMmbg)FaK>=vwi+O*SU_Ha|?UORE-jRTg~jS5}`VJl5~AJNuay~6bvL%Bt;AdBE7
zVk!w6aAVI5?AvUQo7Kn?`{c+K^?Y@56Mc-3Lm2Fk`GjRVx^a(Ha+HdoE;i!+<Dh=a
z^woaChibLD8ro=98z-7I2X@g=YU?+qRIQ(%JQza5_{CyatHOoEL3aqeL>u3+uZ~A7
zPL9Y*F}~jP)m~8GSP@jz8NYuYQ7v-<<@PXHv`np9b>+q+Qd=@kS6|x$SM=6?@;xuS
zEtHuKFURDf&XUEm4Jf(iZcA<%TXnNqUOlg+|GKZ}b3$Z9OJ^N14Cg-mZM!JkCu-qs
zLLR{UO>GX^s?^VOs=?RpAuk<aZekJmn^FR}w5rqJwWS1!%4)!=wQ@^8j;gZnAMdhn
ztS^deXty#r*RJ<tI%UP{*)>EKPCm1M)KGHgT%FQS8zhd)q&<B#>)`0@SKxK}%E+~^
z&rMATwS>uKNb|kOv8_((EvxxT>$7ucHf2PRY82%TpJf)TBt<w%fy-$@(D!*#6@Re1
zzVRj98g^Z*zFAgicYV)Pg5?b%SDkYFy_JU*TDkTFn#g^|^IB0*&q_5N3@XaaZ=FQZ
zk2F{6td}EK!UTdPhJtOz>UV@xC!rHQBogC`B3puW<i(9Y^=wNmNNi4KXxU4tC$_Y6
z5NZy|9g1Z(<C0X$XN2H^Yf?X&j^E=t&{=Nv!=`LB6CzCo^b<JWsI4{ONls3K9wkcG
zeFOcbFWtwyk_sXV8H;6*yy-_HI1rh}_cM*6nqF>3GfY~oO2tuvz~=z2&fT*S&IhSN
zgKvaPn$qoiIQW~G%9M-xsrc1Ec5A+GsbcWivAz8=1v0~{Kl^)yH457-Q!c&1S5puL
zn|%LWa&P<3C;=pc1LKs}dyO3E#`I4G;l2CZ=1>wyK5c*(2|dM6m7shewSET~U<((0
zl?o++$sEG;JhncTEoLn=*szOpH%M-61rP<E8cC_Te-hmdCs-Y2#k;AHsUy~rUxa&r
z8F%9cXd>>!w7k&AlzM&P*-#d@BXH(Z2?fvD02620#VoZE{{~b4qh$pUW`M}oLm-TN
zZUA}(NDt5zeXL&nJt2T4UlgdB{V3-saYtjQn_2IFHd6oG7jS<)gabC(o!i&?C@UfZ
zUj%A(fXvaXF0G5@s#O3V-$h0PpuP?o4gYu;p!J$`h^Y@)YAwJxUX4Zo)ukZYfM3p(
z6Mq5Z1hU}#K9=j;|GdFJ0Wj&p*yVD?S+pf>wd~kQLtM}Ik)gGx71=9lfV6ybuUXPU
zjCa$>k6Z&PBguXC2B2X`840A?1Wve?trtPd8`U@GE3$Fn&aG$h<vt7>pQSHM%<G#`
zL6J%=hZgGm6>gjkB92$yY+lc|i8;>V$pj>yRO%I<R1-P<+Is#I^{&pk2T8>U1HnpP
ziS4clqgkLo*nAp0RKP~kXl~qeI5u8o#ZhFh01SN+z}2)M=1*r;3X%26g|E62YcN>a
zFF;80V>??_!)aMHv;Hb1$o%n_5ue&LrEK6JN3>`ix)YPZ|E2X01^x341NJ_#!3L@s
z<v+$*A8KGjJ$^!LB=N_O{EFCjKiZ=!Vx}q0d71rJufeZK2dM-MU2iQKnJiom(%BWE
z-`M<iy(jG4=8o(5a6SCXX_sfEjZ|nueVZ8AV%IGbu_N{UlR26W%`M^YGclxj&1dKi
zs}-+i_Tqi$2opwr>9|JHo&=%4tZ5p?+3_^|q|ucCCzJ}RGqy$XiVlBUO68k3?$pLg
zrIJe*@WIA|*PG5+>4>9hpZ%;Zm%V4Ko0h^eB^ukj3W#4&dyAD&0qK&CEAqu7D_b@B
z+i|ycn5)>VEZV-dRU>!Hxt}bl*>0(t2XX=}D#f6M%Kxv>dGt&2p<Qx$#w@y#4GlW(
z37TV$c69$J^Hdld{q|F^8fdQ0gXSurdVg=OK9XT|VG@A<-_6wxpYE;blaYdW^#{~F
zCvCmhO*f7xC>vp~hptN`wsG&y%1#;EMwo0Se7=asxmVK*-_F(L5EPv=SD0Wqi>9`o
z8KN8Jy&Y1AHn^chC=5<pGVvj7n#iv}B~VRKnRmCh`@t^qRD=4$o*$PObzeYCq-bTq
zT3$!3yWb5FYO~=Z`In6r_V-Z@%V~~2(F3<i+dVbnVYqPta7se>Ib~t==4yargu}Dl
z^(Ou6z<`_B%YQ&vN+k6lYS0yCn%N_lgNI==hjF4o<op22sO1d(;B^S7S%5aL4x`pa
zPVkGNBX;4j#4iuH;<?(sc==cbq<6VgKov8Th3ZT+p~46_vPRCZymLX425^gz2l@?N
z^c7`@vVmB#k|;;gyxqf*aJ@)v>y-<crwR8ex{@LCwj@S*68%W4wo%;Yj@Nsl?vldw
z=8FILl+0N6kVd)I4iwcL+4}Q5!lA8Ua3urUNo{OIYdG%l>5}FWIh+EL?gctnKhHwQ
zx??Lw#4|2f`sySlBy-+dQ%+ZFOlD(Q-r!P6oLc0qJIBK2>M<iogy?QKUy7vUtjkzT
znDZMHcHrXYM?%KSM-fX$YbPxKSSX{T9uVfHYR*7=nDr_bNf_Yl$?(2?b(Ok@E=X^C
z9)Bk~irXZ>aV!$9cGwdyB!F94w65hbo%cfx)+EXny`m=Co-dn2$i%Rff_e+EEhQrk
zAqRi55hD7H)(0evPi@?L<G{%8BI181ZE$6>pXS1+Ga^G4=nphV;SXjx2SGR8ho;Nw
z1-PE73kW_itFUZZxp=cs%lI;<M3v5ye*9qYA63k^Q33&TVO(=CdMKaN({QL-)7^Qe
z#W9_QkstM?KbgJW<jZJLY00T$dmov7EbTrb^<x#&=W&?QQUCgU*R)Ci-9by<Cb+G`
z-1=xqUwL#~xli-Uet)fd7rZAbilw1z8xc9pWkOdv-~8^;{z>x(FdW^o^O5UHxq^l3
zoi_U=oA1G(S@l#1`Sz#}pBCDZICLS`^=FGlZ*t33e=INg;i5*ilZA7{Gxa<$cR<ck
z-%7WrfLs2U8Q)7s$+0(Qo02I5<0c9=AI=329f4POIjI*MK-D5QCO@(R_f?5htQenh
zFT5zqw%^KPfZ=si07iDW^OiKS;+dIxx}0WMvtAf79r@mh?nOnQpNM)*@(4yVN#cW>
zngo&Nz<8SJ6UKUnOaDR#Du3X*Zof>H9<uo9yl1BSnLAyvM<{JuPXSy7eRutTw_)Ec
zqh0WA8LxK691~M<QxLSezv;<FE&$e7vu>K{ecL>)rr=w`H~e*JawUHi_v642T4l_b
zvac0__3>R2=dr=?;rYDHWtcgggKw^<JihjY+$#ry39Rt{7)*80&(k2kE6bk>Km>5+
zo0zVa9Z;d{hF9s?C41^fIornZrk$8iQ}1Tbtz3{2I3D#oPJ{L@|IipK)O}|I=o<%x
zqf_}qeE?kpl*pPga+nBp1CgG@hilV^S0n{GA)vjW|BVX5z7glJlK{MD4Wp9Vks$|I
z(E9(41u;*1|HGV+cuwzqSa64}c7TImMsZIwd(HukX<&6OxDbnODQ~!`O#N*T=FB`m
z?sWjghs=9m3l4hE0(U_ZEBVwtw{Fmv#m*B9@Vc#0{d7CDv=5a9TH;V!6f*Aj@7fp1
zZid>Tkx?Z-JNYR*zYb&ic7c!oJe;XYL8dm^x#02l!FkbUR|z@z?ugByB^K@3HO&6~
zx1&%#NccZbw3nuVp0KTH50KTLyVRlDP76cqF8;&2qkxNPPRK?umo`-lJd=T8iv^Mo
zq@>=zD!Vy(6U*1Du3{*PbY&YB`YQNBoO$Y?jd|*zc0q;m*O>#eY=RYq4a(<ZP6rOT
zLQI4BubIInA?-)vsDQ_6)d#jiDRs}};3UQKM=orFQa-&-rgx<U<lBMkA3ZUzre<VD
zSfT0LOv^~Y73&=<omUK23vGJNopjmBAjotxlv2N(Oka&wf$TJ5&^nF!TcN^)Q4JrU
z_;KK<!EVToXKO^ukZUq{#CAN15%4lu?cxUBd*H6u?jz;*e}5$k*<Jo@1D0!d8Q9+c
h@#O!l$0!Eu=$bDV!7J|?_!|aDSKC1ArH0+D{|A>SNk0Gp

diff --git a/figures/en-us_image_0000001113598272.png b/figures/en-us_image_0000001113598272.png
new file mode 100644
index 0000000000000000000000000000000000000000..b9cd9677c107f631ad1e6dab6cb68198012cf6d1
GIT binary patch
literal 25160
zcmeFZdt6i3wm(YU?P<I1?!#J9i&7u>MA%3XBarN>6ag!O0wRIz8YLAB6w-hJlGul}
zih%NH1VYk+s1QgBF@X?BY^yv&RuMuZA;bz~NkWLQNJ0{l+=bfiv-dgYp5Oi5^E<!K
z@810fEJBjG<{Wd(F~;{h##k2*9}4-?A6Ng;#l_`Mp$GOyxwyRO;o`Ey>y>|j|MQJ|
zQwn@}fe;n4*M%*0n}lDyi2LB94_sUt3zsf@{1W{7)lUz^5nNne|9SD}h0e5FCtX}V
zR)y~W;ON;z{YWEwhw5ARIopbFBqOgcETO#6n;P)zx+|Xky9wHJF5USPcMumn26i^R
z(tYNGrRzdYzW7VgReHe27s6ke{AoVMd9P(m8kbX<CPzl6=+##!dvc=t%KcJ?6n;th
z2D-st{Px~g)_wKn;;)wXmU}$=3x1g%x+UzlH{N_ybhzZ{M;3qG_4t0v^KZPl_nYv&
zk-rb{Che=L-v?OdbrB!=$l$b#-+<TngcbPqh2V=+r@<Knzr6ECWC?t6@%nzt3-ATK
zH*yJlY5A(^MfmdRtHH0rmxs$PErTz2JeI@abU7EkB@Di}&<_7U{v!H#$-F*|Y7?p#
zH2z{6gmOX?lp)6>Z^t7V$ySWA6i+xXV};K7Lh2-ew>VqTPp5(}ZreW?{$$u&uKwWC
zvgiZH^iIF1l3Su!n}y++0vr-EJmdMDw0At}-i)LksdCiQ7}4)OJZ`ZcU7X<45wiPh
zT^S4c7p>k+tjs&a#dVzHd=?tHp6U_k^uB0)_iYyS(iQ5B!`>evHYM4X`#a_$oO7=2
z_%&)J`?}NW>wO~9-cV4cPx{!yxv|Q5q|_=XB$}?$#G(exO|ufLNn^?@E%_=zScgJM
zLl{mag8gJgUji+?hS?QFxdF&_<0=#}WRopY6ZkF88qZ@nY(_U;CD><Y%}h9(qcWV#
zRaxDZYN^s}&QU3ihT%3>AKT*6E{9)QW{eudoSWUb3-idD7nyk2W)d}se=yQ`XVmR?
zf~g-*dAAQEF<(LVuK|dNG#X7zX=uk!dXt7@>OR8v@=P-v{zUNm%y1?X0kZ7S{9IXM
zi7a={c6;?eh<DTJ*ro<`p)9MWu$D3n?jTCqM(5<50J~8~;)~ss91bSDuXkj$Gl3b4
zo$QRUo!Nf6!cs<v$4==pa>b$%U9=F%C`vb{z#6o>H^Mt?{H09Mi&A{MK6jNTX=`uz
z=yXlp_$kBVd)w@NwEiMjZtfu}!pu%cbR-Ec6B*m>QqnbhQlfRnFNBp+D6_O)_G9{X
zSnkJba+3mC5cRXsB3%Vk;yOiAGbRZXR2VstOhc9nciMXWfSl-^v{hM}41Og!DG{XK
z6w4Oo(!u#*FQ@__<O(y%$}>x0RsNcpSaQw#cBJ<)=)8|Nh2{FoRBzts^gWItzWuKu
ziEqZ@HNDvO!G^?CkT)@r##iPO8Jjh|kCGFU16jywQ>n^L(kM-t)a0&J-LyPvYs#5X
z^+ElDWQ-haLUKBq0)R-WFeh4LoYG`Sv5G$A07f078JT8d8Dd3)H9nt^l?Lmh^vOWp
zGL~yQTYN>9cNibvel7{qen1AcJ)9u;V;nKFMS^5s%wL%8U#oi6sr68x59YO4s0dpv
zuK%{}(+>IoVu;RdzKCFkm`{s#b0oUFJ*mc`1bhw?QnVszMv~vRBnHkJUV+f;<ZNbU
z%?2G{3T^7<($xg_Ec=M9@_t%E8d;j&*m^_NzPMpON9+ib(1vRh>#X6}_E(~9**;o*
z&(wA%^o3lXXcFFz%g2lAWh-O7n+K*R()@>1yTQC)``ZRhY(sB)KjstgSgiLgAJFkh
zAjDu#CFbf{kR7-9?SM5<*`Uc->k0(|b6M}BpzQmZ{EGXjSxy^23OhAcuRE5YK8laA
zH?U7Xm&}p8WkMS3n)hFfIC5h9Cw+WUBwNqbPkYq&hU40=^^u_o!>}t)Me-dYv3)Ns
zyNXT1Ty3lY5JQ)J&R<9sopjH?slgMSt*YFibn<Am;s!v^k)G;!z!AI4jZmNxqrvgF
z%VPDt#&Ho_(-faCI7zYcqrgdsThUp|&XQrI>Ou_u4^Q=YN7!I*pSI@Dn!LosH^ZsF
zCcN`z#?%OdR#%w#$^dw#!nNH}bxf&QN?0TB6y#Wx?Y|_wCZyeOTbY!o5zG?0iE=<D
zYTjWK6jJ?$=*@+ju~UTGt0M*x1=FN%QU*D)vk&1V<D28~*+NIcV=S}tULe4=%hHAT
z8cYP=j5iWc5z}!7&f*+*cE;7IMod%YouC0bLf#DT9IQ!~mH{hX)}G(yebAV36eV98
zohUhBDt7JM6G8Ry1lkTyOt2i1l~v;FL~a6gX1kCkMh=O{<|WrsfZf)%>mOM!%koaE
zF<6}~3tQP)ig0Jm?9azCQp)A7#F4gwC_Ik2D&7R|A`u-|36?p+I@Zd(l-a^)B}od)
ze|Qu)(rLC6gIJE3;EP438aBrO%WnQM)9UX*8SL+!E}_j@s+{$0pJh)z;${XfIu#1D
z>Mka#<e?`(!NIE#1q5FdU*Ga$VI6gokFz$|F?n}k^PBMJ7S=s`gX80L{)y$pEjs9w
zX0NBd#}NL%(oOx%zokz4i!FVIMQ`w#!0;N?grk~z5sMD%guoqMX!fOLcP?lr?0|Ct
zpxHz{S=+(}iH;d}=S&9tcAIbTs}B#qvthZ1DCV7wi%w_0V7bS`3KnfP8)49%Z#PZc
z3$o@BF1?fBz5cp7IkwZ7dHQWGN4uG7$`spSPsvFjGi*@v>-RSWUx2+M%F>P{6ck=s
z2GL~^CK-tMx=3`Ss|=j(lsIx`aDJMp?ZisiCNQt{1_=W;y8KX_+o~}8o=mvn7KHkP
zAvki0sIjf(#w(Fg-*oXkU$pjSDC+qWEsm%WrEKp_aS1SX{|4XqQY3l$rO(gk&KJ4K
zf!L_)T_E}h;`qa(R6AX8<4k<tzR6A*)1J*0r?F;?x-CSsyE-tdo7liNI<m%Ie2CNv
zf|!#>GWG$hhKH2o>jg}~)}jqK$Hg*^=qI<I7hY>~4SsdLW40-~WSslvWAEF%D{(u*
z>Jt9=YTRAPJy{@F$D#X@;X7QrC9+j%Z*damw#41lvxCN%ogc|=V8-a2)dTb|Ydc0d
z+utQ<yvTANqvh5|gZ%AIma9vr7LkC!BIO%Mr!}o*OPM~<p;-GVjC2?Z(L1;JQ(|WS
znlZPq;JcB@HoX8wm7GiS3>8hSSb5qPld<8YFS~v^WsYKQ#Mol<Dj(nhpMKX9tR;Wx
z@ORxwb|dG|2yXAZqdD;@<<PGWKlyRD>xET>v?Ce%vH=o$I3X4v-?!Ptd<FcBD$U|?
z7?x6;hU+|NUjW8?INxn~L7i9iVlE-HHG%qh;yWH1pSZR`fHYI-{R{L!n<l?8xY8Q_
z886SXBk6_jD2$iB@_b_D&q|hT9;>kW5GYy@IUO~o?W9rqxGjg}e^zEqQrE`r6hp1n
zbeE9`#(=PD-$YS%2Vf^21kM`;rp@jpBJq^;Ds~ouV1xB+@IHMzlgp7nwADD&4Q91j
zXl=Vsz+3B5=<+g=7N{O;+Hs$fsGAaN_;b4O3Izkt6T82xE~|R+Nlp=cd-@Pq))pS|
zLqbGTsDiNW2y+0Vs9#3N-=HkM3!b>nH=jRbr>BRkcnNxdmXA<2jy(oF5ov7wE#UT~
zKH1Bbn<TNc`4(;$`V8`Afq(e)4bmabY$`)<BurG4`DQ1Ey*`OgqR`3v@j89jngCng
zWk2k885?Q#k%6OW`HfVDAVu@IFvHZwSZM3HNET&wmLkDO`ygLI!xImp*w*@80+HJh
z?FerN*_`v*(}};lEpGFVN$alMEgLVtyZSUu&$^qCw4Tx3CLs(uL@gH;L(Ou4eDz4?
z*ey{?j^3a|72W$#{jEszC<&}aTq7Wx&7?9gT>V_i)I&gS3}DS=2yPTi3O=PI;^QY+
z<Gp1$VQVn9Fq9Xm7Nn1VpX=p5(Mg&fHfRGAn9SM&UCO!g3lgY5ou#`qrXfli8`wl5
z1K~9<g>AvRtQQf*xkV|<PObQ(@Aq<k?xBjJ>%u+kjorZckQJ|Z*m3bI_O)}up70vx
z#$xjFNR<ejde<pBVS$HdRAZ=VOg)#JPxgA<2Hvj4+UDy%N{hvZA!(O$5@Yc?!fSWh
z=fKZq6YX?#QCl3M8f9bQfj>b6evNpi?LY--q=Zr=FN(;KhOX@an|cVm1_hCTze0%x
zC!55QHWh~`H)vaA#G|Ows2V^vG6YKE27UaP<acvpFD-l0ck1*0zPlsEpYn~SxKFMp
z*wNhr%BY9s_$w#lG0RIX*KXDc&eme@$4Vo|u7#pBGl<UA&yQ$Yde}~ieqajgC9#qU
z*d$(8nR4f5s5MFLG7?TbWOh5Q%pScp@(a^Wa4yjCG7J(xhOH@v+$YH%R3p7Oumq@)
z`g6W-?l#6yjU<zB4-nQdWSj0Ba*$M~h$GrP+6Sw1)VmrqnMAbFF3J5l3qF6Jet}!D
z&E*GQOw@KxiGuMcr_8&ZD8c0|14MJQQMtAScWD{dC8|^IBg2pxc1PEI7*9`#VfuR8
z+m4{7%XG)!kXK8<8<ab5i2fwn9{lRLh@KN$^R~LoM?xNc-uGCpW8B5iZt{!)8#eQv
zGUnbFxI~Q(ZO`R#3PRUb+S$?pBUFR8ZX-GryKKAnq!Oi80pEzI&2;ZOMP}>C%Bhz{
zu+KP$sr6pD!xQ$S(O$K9=v1a?ZpeoTha;keKYhOSr7s_2(d{iLoBwM`Oe4sC?}t4R
zG`kPS!-i{oSUpxpHcgCdJ$Sc`jcBex0=8qFCc#&RgNy!BR2%))ud3@;e%RjTB9DT>
z(Ydr_BW6b3w@|VEPWw}@m&S5jyeD)`d|0~me-`BZ&3nQQ`@axYwq12T6x%m{dQoP6
z>)|^MjPxhI^`gQjYqo^ldAIf}6V;A#ZeBRLBI-`S)o{TV=$@<_TV6=JyZ6%eV+UR^
z?Dv}ZW5(7+qtN!&(yi>ju6wENZ9&QQu9{qU*PndodA;R}^UI$c8joVXN1LtO3J=+M
z<<TGiPaf<l2YtZaCpP+1%@r`*&T>9+xBoohP&@k5sKeqYTeeb*m3cWXI48x<cGG~<
zBzAIo#~v9RIBFJY1ScZ~DzkVMa&k>MP1SDmT)OpPWp1>Wo#U*4Lm=*1+PjqZ{n?8B
z6H}v^9wagjK1ma+V{JEDN0V*+<qvTdZJXC~Nm}a8AHC$lJ2&hxuAtoJc<*i661U_1
zCeDg90_J2OYsm-hx)F06aSgECBY8?FXt|#%MfL9e<Jrxa((vuxHE(`e;$-yYhX~jv
za><3A-&T`LkHp%j4endRjtYg#H&zX~0QG;M{7F!<sO6(wu{*9?_trYl@4S{g!;N>D
z5WharQhh$QmMlCUgV+{UqDZs>i3fw?OCHO!H~Sedk)DlLmW+1Cj^7_|==qb;Epej7
zy)Pdkm?JSB=P$@a<2Egh=al!f#MoMUcp<uTta0SpJ{`y7_vKaXr>;`(xRGp|KA+{4
ziahSQ#u$y<7FKTs_^Cw4p0u=qrSI}MOy99Bc11zQ=&8ikxdAhf3AO4dC8T`vRHPE{
zy0)mL<J&V%GXOhixhyqBr*8B0k5Q`fYzu`iY$u-Sc)wxx3_xn^`PtW11`0UM!0rq@
z0!UqZV~-c8wcqtc%ns+qCo5A&QTx0m0*;iN^PhcZX|3m(rri&Alxt4ZR^(MDxJTLw
zmN}9e2W2J&^Q91^J8vu0MxYbP2;2%U0=>QODuP3f*K7qJ>tp1J*jsqACrcNuL}-Af
z=Q47Pj86RUn|x{t8g{YB-6&avlfG~}`AE`qnY=u`hCCq|rN}e~48k-WRHU0yYIYNL
zco6u)h;A8Kg1ZuKS#*8*x%c+g70r9@sxSJCSEdgu%2sFHKGyT-W1e^B((^_4_L^$&
znD<LP|B}H_t-sY#dH$dsZNH(P@&&bd{L0ZZxvg&{NXl?{ezOzT{!uNSP>^v(ZHikw
zvxorNCU0X~44|=iN+D9IGe*#e<jfw(=uE~m_pYhoo5`}w(y?M!9hmU?6oTbMQ{ni5
zKz`q}lkoB2*=(^;SC3z1<68JrY=}D^wP=*jZoqk8FFK1WlAfsBJbBz@kYBpdexOJ_
ziI3gMuB<-4cg5zbFOB-<eMic-TYHm#wOmHHml-^ZG^C~=dE6L-K-Uv~G^cc)y}PK|
zIPkuVyBnBcV5m=zks<452X7DGZQ|$gs|Ot2rZR48f=HLm1j=<^#Ffl%2|-q*RrBqS
zSEANGS35+`I%EHmTJKHU8i8Q>A*-F|-4T}?D17f$CV7OIyJGdKefjokN8LvSwJ5Mk
zACfo^R(UODSP@V;BnggUqdKQnpn3SwV)s>JT+i$0vNDpq`k?HasA_mdG0N&kKZa-@
zXtBJsFyy82T1J4cgECUGi+He>i7V)Ji10TRA8Jl$M7WG`u4PxUl8ep#_PNa+pQ_p)
zF*|^k96e#kJGTMV`lP(+z}ch^uAKjH#bH8D$6+~FIP^G=(>7v0-&5H3BvvT1SdaO3
z2oCg^=t65;Uof6&9uMi5e`<8-W#PKvw(J60SqN-#Vw8omLs$3kt;h5gnFva$Ypi^=
zpd&XiVIMwclh~l)^UaOO;tkBc=9#IL)USS<k>va!+LL^n+WglzOIh&6%LGPB!N*=D
zRo=(707WYJuD2zVu;O$qIHlyycbilvwqW}n)fP6gb`c6P<(5@Xb;_4E1o0XDEOLzj
zfGoo!^O0)zGQ`vYUWMhP<`Jw%q_djurgWWyEeruWncG9=HKeI|IxKaU`dbx|^1F24
zxp-a7DlHjE@>)``@c5^c@}=KzIIVQu9rt3X=+*;Xctxv-B9-k<s;JK7;rWyLrUTn}
z;${{?(&(q5plg{a@yHOKUVipp7Hu-UG`x6UK}G^YW<PHq9yx|bL4gs|uypS465JYu
z5h5BmL)*pO5~<l8gYRJ{0Ar^Il&6%D1-bCFM&y+I-;X1`{Yv@8vprvY=V(ibteU&`
zA&O0r?%f*Y`3<ro`p0$hB7IrjXp;XZh2b{fny@NsI%E)$je-@zks}=4l$?XPQ~Bdl
z)t<PYJxVEYEq1R{6>2(?0|*ZaA6qo5{5q1|c{@lq#ovK@szA|HFIa@=GUYO$A66SA
zImCk*Ng1kVMy!qrNNfea?Opx(<;>#qeaY&=uJx1EFD0))v&acM*vRAWIafb((3~ty
zp7ZHfh1;*uKX`8aPOKxo5q)L%*o1Sc>Z|k1?{tpe&)K~lR~c7w>qKar-sbt-VSICb
zkUUs5!99Nw=Nbxlw$w3Yn0-NCJ`D%%=bYX3GG)BJ>h3C%{hR-P#T3_<tww)rB)@nz
zn1yp&c#UP)ko)p~Q6AubRfq@&od0i978hO3vCe++3oefP+hV_sj)&=*7}9LmrDfi1
z(NSlo(;nb5Zz@=EeAdIo4eViU32WP(=jn3xaEZ$~?4@ON>H4KEYhjk>;kBw4Z*seq
zoO>D0p6tG{<;O|SCYOgFz!7-C*04|a{5O52-ta5a0a0h3<ysa53TNelt8)V7IOQej
zgd9?;)l4blI49H#$_WSaSCm!nZa=|$Lt3@vNA-L>)kXtV$?B|PL5tPm3`=GwkH*+2
zUsEk8hYr(mIHgiX+5P3yWm*N=n!2K3k9?Vf)3hxN-T0){I<X6S!UdhOtzl0RwuFuB
z3rf+JL0rPoxQPzy0vGc>hoYGfh!vfq@2E=;MSj8jAo7cWxRdt4(B(Bn_PV}UI84jE
zmzTsQiWYEJ3DJ??v4`{Yg-1%}_gN}iGY;*B8N?v8#b1#be36sw7=(zjEPTb-e3^Cx
zmD4c$dh+OU4+^HQvy||YWx2=h%HScO_<Ts>lNh|Hr*6wkY14OYb@M+Qft=AxdtsC?
zb7A_=o9PjekJc7#*8xoXPA+`=8exz!EJ&XGx^`{7i5m;SAG5I;Z%c1J-A)Q)<NU_U
zObdp(++*!@%Y4pDmzGfvL_P}I8iwY8UE@VeOU{ig-*1^&<(GD8nb@F3{F?hzLv-MQ
z$oIS_c`k85-{tJ=KH;f(^e{xhzO+nuKGvF#kj}}Bb^<0eW2C+7)C+?REB5i)JA6Cm
z`+qv^r-`!d%xVWNHxIV=m;`BS)ykx+mZ@XD{{4n%W2s}kUFx_Wq2{+bMya7xVvr?u
zeDo$jQ8(cWQp&+;Fd?5ehv?%=e$)!@7v_sl^2Q2oQMzfS!FsGxJU5n9p=xL8ByRgP
zEort-3J`@=ca2uUI&nB8h_@2f1ND!^g&t%WZrcWxCh%Y=h8$0p`hM5D@<ai_K`|p|
zC1ta(b@_Vhu?(&x<uSlTd_A05t`G01^f5N#+61wx)Kr{u4^GdN?=oQLc6lfV(yV!N
z0X9}jnb{9JWpxxG>R{e!E&&A~2a+hL8whimvT1cn_gM&mtt0eV=unik-BVCN$%n3y
zqzUfO!qu@DyvFSmHNRT(o?Z(o)P@h@5;lNGN*;c;A`TT2bO&<TLFzJnb;SBJ4|R-7
z=IP7$p({g|pW0Mfly1y~c?CHDeU6dKI1O_f?>EaEdF`02j-j_BSFG@TLCzNhf!a=k
zTRu->iv;8Hc>tiDr=<1t&(w4bDktXAN2L9oMR+J%OAv>YK@{&8!f0n;r@tXysw%|9
z<qOrqxeDOwnDv@(2-i**?ujK&V_CXxzXp+cm?2oWRoG<px~U4xWDxx2!!a59RpH{B
zxod(i>iP^hPSw;beT&_^MHwsR)SzOU+SB5LHauk??z2&U(2iKpD6`KLg{D))$eR_S
z032Qi)-h9*BZ>CDvDku+<4O>H662%`^kC0?j*{Y@BW8_3Q&VH*`np0@n{g~7pG?t0
z(+`jZbnYC#hHun$(T!uVnPXCb$DtNn_Gac#Cgs9%p@i%nFTHA+)Z0vZ_(*r-TRi6{
zQ;1BW)L}m$q~v?xp>~70g!BE=gCQEtJx2>XY~zc_#wUz79PX!u*@ri;8i$hUzyY-%
z<4mu`#xL5>NH4Vp7AJNajXrX)>~^nLT!bujEwd4sqk_-~%BCMB2Ktw(8KIz#8Ef8T
zpTiD#VdMHf9&Z!4o)(sOQq&n}_ufNBKTxQXKWNZgw|1}0RwDda1}x1^KBQ?Q4~E2%
zY2o+^!tTy%0*2bA8kyEygy7SeViY!KubtCF<{Akuf^xxXfDuWCJ&>x_64D@v?}<}J
zAsWO4Z3a!%1Sw@8Q~D7jh(&rlD=7zVt&YGmf%a0%$o4X&jKH14v&OOr(fXZ3h=@tt
zsQh;Cu^96vE#2<8sZU-@U|TIA8kVBZGOby8A~AM)rVdZR?PMf#%YkcT+FZZV%@`Ro
z*1Z5A=vWCj?1ilmzab<&LO(MUy1tjs41P&Kb`>AgUK6z&dcU;5hGMP5cX+Bp5H-f;
zCq%q9$x7QEI*#ac1CQFWi`W3`<Pjw@?9wS%E{z{**gEX|<Ku9$4K#EbI*^7Clo#|Z
ziiJld$wT}>ib*zc{Jy&Xr&`v`TAsQuQaS*BMl@JOl8?j~Zi2+8kCbzx@Nzq#rw_3C
zAYCYsl59kpDli=xd@-egalsfcM5UfE(y!TOZ2~Jf-(o8TW73W=q06BaD(F`4gPWsC
z<}($_LdGAU;i~`?S282P0k<n4)v*omc^AYG;_CpU_*8-MlPUZBFxycNkfxIg>c}WC
z`86L9$<(3S6KeI7LZ)GZj9)(+GMw)Xc7tdznbG78b~QrC&V|I%)gfulNcS2O&<G&%
zNm7b4Td0}|F<*tYEV|lyPV5_9*`H3&y^LSh;oChPqR^~k0;e`Lss11e&p0+IpNU)+
zx}MpMt0M>X%fRTSTD%`XupPxG3023!@tDbH65QE&7-bgSoKxCZgd2ql1~UasJ|pxg
z(KefcAaWS0rqI4&l8`l(n#)2oV6#BB-rlMspwbLCB~Xk_F{BJshG0rGwzguQX-&4-
z_QM`m%)ZD+dq`!0_mu`lI~ha46;Li{pzkOVpg;@dcFY0WCvi2+EK!)6uSm2vC`v6;
zU0|Sk1EDQjnsvH4+l$?C1*Zr@$&*vVjR=rX@ato@nnIR2milypx@$<jHIU<<oTFzl
zW7RhmYu)<@G{YH5W4-2<1ko4RAgv@@5+w*dVI?mJ8)~!q+L(H5LD1M}_ez-Yq@Nls
zz6EhQ?g*YaP<hYK*<P=m*i?2K<5BFnbM~)}t9;8yr_bBNkwy6ml)DK+PgHL#B8;!L
zwzMkbZxhIjiw%Q(T+uJv;`ANmdcqlqLH?|P9AAdLC5n;1Zxqyx`FfW*Js(=l>#*^v
z0fgByQdo!%S4a>G2Y8&Z^<%?*{mF;GHlmDAjR>=TLrJhJASk(@z}oe|mOjZU%<<4?
zQ$5TXYsJr{X@Ol5kfL0u47JG&%3Qvi{q??uNT#i^25AQ8`k`CnS-D8sBKyn{kcnp`
zxDX_0S<51!Lxl*3>X<K%4D;T{`|!0$+rqbquX7pl+xNxq+OKI@(o(%$$X&fpA^<>2
zd!&-Zy!>mmU^*keAI$a_A#MuzG7@OsSZ9DusZJ|TL>V-XZxvbt3wzriD`TwfQ%W%C
zq82KnSlohNJ%qbz<Ym6m*X0OoD?XTPJ0lDa1a2qnIGkzMFQXJq9Q=&+RbzNAlpRin
zVQt5N?H0iL>X?!dx|em*Sp8~R!LQs`34WUc5Lqb9G`#n=Za4Py>5fX^bbujk5_?dH
zC<M9?z6^N&49JM+Ga55J)VxAbGn8|L8D5z(T@gdB?_gxgaQucTjWvXlHoyAPGI_0f
zrdoYZp=Jg^r28@xOo*37#fZ5?G@Ou0q6%@bu(OFJ%lR_svqS?Mh#JH2Dhb89N`P_N
z>{)@;Ds2lTGD0fReu}t|{F;%(kM9<MmYv=#U02riw7g_x=T$z-#)M2T*=-K%U=Uz%
zs)<rsTL^k`n-7RRZa*}EoDv-ws4HBJ)tuzVlbON<p~_xIXwY0FJPn-dIni%OEbmPx
z-Is!*hWfR$sQa0v2V=UoDy=_@3%b*xkJX*O6n2{^qNcF%Rq^7lWhbt~*{0l~XL@)_
zWStN1ka5;Q1D!tvI6{^s@hX(sHpse|%unyrdvwmtG_ZG=>(v(yxC_z{6ry*l0M%K;
z905nY@L}$Rgm}D8-m*v3fieX1%H*ZcQ7U<Dk1u%~wqA-s(=e`bv%I}Rm%t=AEPG&)
zKCmD9%%bWsgdhQRS>PKsLpXfKO@Xnqg7JA#0}=q^tU9GOP)4mK!`o;*3;Gb^Ya5MV
zLR^B9PAkH7=e~Xl9Ri_a#=KcRrRaU`v1G<G1qB!2<F6|p<6uDo*GliCDfkKoS%@$w
zW909`QA~IN(_F=(XwGU0?!8)tZ$S~>l28tZ2#TRjA21NSCWpNilbmBR0xV=kZdz;%
zd1yX|xysxo7Qm%NN0}@_y4N#RCC0q^*BVp_?1dg=Z;=B&?p>(+yFyQFs)o&4>E(c=
zswrDt;aq$8${OpGGU+E4aQa;qiKP#U3x*k)R~w3=*;xf*LtZjmDBv?y;Oze@PH7cr
z+GrBv2+ijt<EERuFX!->+Su5dMovw_G`4cMA4%UOvSsw7Q4OzNvsJA>My7?CIHsV1
zkhB3a^?fz$iqeIK`>Bk@DAjLP_}SbV0NMzs9rRl$A?Xa|LXr|D*RYdHEkUX@;{GxT
zd`@DoPV4BmZD~)?ya%)m^HDiiemD1e;mwn;gIrvg(2}dluayXnRi^kg*I4P0@ZF!a
z6abghjRp{1D`Pt6>^_~*_p_#>oA=ycr^#c-8Tab+ZD!)Zj*4An%;XBP4+lXQG1{*-
z_T@w}Cb9fUn`R|Q1k1q(gg31GjJY)vfzSMUV)o8By@7Il$CC>Sjz4b=Yb#Lo_Vo0J
zZ~W9V_*F3qF1&-WW9wpy9O2n?EVAV68aP2g7*r=-qkj3h;iIQWNd>2p7u+aWzrAf-
z{v<B)Y1C`3+VTSC=89-zz>yf|t`*BY5--46=gI|2kS(ACe)E417X2Rr$=dLjTmtJe
zPQ~$FI%oK#bTjAre?vv$e>D^F=$;*}Z2b2bgvIL2dFP7lFE8C;iGu&$EiH|O_cwh-
z++r;!TqOcmY<@F#_~}0W^FRNT#(%da;C3`Qv?!~;%co_&k1ki;O+MrD#Fu;u4y0Rs
z^Oim5zb2)}&s9d39Ls;ph4L@K7s)WaQv%lta}L4u7EFGbzTc951ZD}__Q2d1%#1y_
zP<8hsIF<ZFyGV?E5P8D=(lY;=Eic?*9f4W1m;X7yf1wQSn&-Toom6{oJJV4O=Xsm#
z(T+)!(^Y(#<v_zl({*C;OtZt3;r^t2xySrADu}Y@h(~Ob;(2f94E*7p(&ucTdnxfJ
z75nY^YgKoV%RN%-L`QL71wTj`-m$B0OS+~?!;LE0O^7^dS2fK4WK90RkTcV|I3SB=
zAO9ubofco|YGtysu*WY(%(CZVjO~Z(Tm7Hy^iguH^p(6H<W1Yd2CI74e`UD!N4U0}
z6CU}+B6nEQ!{piP*SoZRp|W1hiF~F!LBcNU7SEp&dn2Q2U45NxpBp}me8hv9#b}uQ
z8}IjZlGcq>R^3f`u4})4yl{m_ay+k4u$u*!2RV8pYxQ>LtC2RYw+-_5J;7*pS2uI4
zS~%#+OTt%xTj4A$G^m`LIr)8SiZBYhwanQ?K6?WgPD%_HH$&xc(RQI#$zzEKLGFu1
z+YXf-2n^BS>ImjcD5q>@4H?h~PMGesFHXz~)ujPkK1!|Ol93TmTP+G&sB@%XcntuY
zjI_H40a;^HosyX;X>_*NWM_$GssZ4B#J)*!+|rk%%g$<uo4utz5@eVfQ=pkDb0k&Z
z2uG%KnCb+j%+3-VbibO?9oQKtlGxDTl#Q9-FCmm#Dj)rJ{ERhwHY^G(wb7?}^Ht;Z
z;;%~2e^3jf-Vw(B0m`P%jlamQW#mR&Dm`dB3o}}y$!b)rxE)ZSia%L~?}*B%w2#=c
zHP<vV+fT~@W^m->nDpALVDOri<V%CH2QcF4Ik`dUYcG{8j33uL+N6X?M2yW37td6V
z;->exXLSsN>9SP64mvIo%bV1n-EnDIZfPJ#1Cdh!-%m7O%b=Tcxae*Izd3?ggEGWm
z%aybADPVLDwS$HuxTo>@TAIY}Or-5tSiS(RgB37DL1gLJP5R9_2n?(#%#q=kokfBv
zh=JHn7}d<ksEU%2USz?}LcKf+tWeroVzKBoN-$FjxWSWwxw>2_d6=gg3ssI5*q-Z^
zjHbQ(!z(#Egx8~#*?TK4Zm;_&;<_wJmRkB+_=+XIWwA{Ag74(!i-w|)*(oNa%z-q~
zt2e8<c0&j}XkjAKYEyLfQq_{j!$@!?0gbs+QmFCDl(&^L6>z0InWK;*ArilLVepvE
zq!{9W!-k1uQSSl+Ccc_y_AH(kQlb&OFL{Y1GJ!|SfEhP`Woe*11`ywGZeV}}dI&IG
z1R4V|C#URgEFA7A%s6G6nCT|`5jF<}^rkwHt>0ejO!6cYF!UTvRbhG-zO0urEs02r
zO=8NDq$I1dFG9?S7E02l^~t%c%yzuG!@ebK3T7T|Xv2vg9{Z~O+l{5CH<c-N6(6mA
zQC@tKR}sqD_`wj9Z1egRpnx->S86t^9?N<02M0ySA=UaS$%|qkBl=NdZAwL6UR0-)
zB;`#>{rbjYu(f(&aA%1<1oGwJM#b060c2^;?EsO&lnwwsh0L)$nV()UyZYI>585q$
zgy3;YIXL5Wp(L9k6A9WG;X%04;j}V9Mo*F9x(OunNc=>RwJqE9tz|)#07zcmE)bF6
zo`Df#nLfclkj70-<Cp`F%}GQ~k2YHaUW0Z6k@qoT|5F7y{+JpjmB@+J_e91|?|bHT
zqA_*8KdqnQ1r{GInk%@Dx3`7e4ZY&KF6sL}yDpK17_#7``CC4mb>zE&S$G|`fti)p
zL`S_!@nbZ_zju(xkO{O81iRx@)g-*CKRr@uBQYiopHMW$L4YM%4_(V?X>|%MFqDG|
zbG^a&^`JqSi6{MOQTJ6)UHBnoHzA9*FO1Pi$O)p&F60HiY=d(Bq<i@MV8)OA=2FU(
z!~+3(0ezr(I(uhq2qb6~75Vg8!kKVgqj<KTUOI9UiD@rnt1GO5ooJ2GE#EuijJ-|h
zgc2o&Sft^)n#2(*MmdwWc9_54()dR3#fmy_*{YA<G971pv<=wANcJyIDtmQj9iTwE
zE+M?d4M2_+lBUbP$=O?}=Wgi+z3eAHZh99;{rt~*xQhRQ;7XZ!3lj&EBh@*|LMmTe
z&XQg0ZDS+{8198h8y8nQX&(Y{A{rsrhtoLqe0zmpG;QS5!5dQ<2WoL>eT7mdc%RAY
zM%XRw@8V|h5*)4|?=rqLTuVUV{F!Q@uKR3(CYea~z?MTaWD1om^_w6_kOQd&9_Fo`
zH=U$WQd*L;v6W#Bgzw8!s+^?Ujv&LY^b1?{F=MrQ@<<3?055hi6#31+%$|uNnSvXv
z<)K{3i>rvEzb#k<S1e<1DCC^)k>*B?8|!+)#TIwrvn6Y|1(i$7NQIeWbVBB5Y4G;y
zz0Jw|UO%(0R+OS_;|#D9Ds%i%c7|S)uHY>a*($-a{lzg-LI71NZC_8W>BAtJ72=Fr
zDnOFu6FMTv^p4=`IYH}<YH+*`kJsVDGJ5)R*=)|qg9Jws<9I$4qB*1KybZsB*FgfI
zW=;+yjOA<sC4>@m?}Dh$AWvO;Q`TNUT9_Ug$@_bcj0pQnf}-!M7^bc2JB8$WT+$bp
zJ>S#p{p+SVQf@x3Kv2*vV5tIQJ?uz_>=<Db$++y3SG2S9ZD7-+YW?+sN<yHaKRNxX
z&$p`d1e9ag(bLZ-1+nmc7<-_Rz>8NoRSR=DaL+-8zZ&5TQ7%H!MP*J76Eb|msBCzL
zL)Vrob*pv}hP0NT&Nu*)9V>dbjx4?bHyAZ!geoL6^$ea+7s{9f85s=9^F1cCLxkFy
zJ|svFo<355Q8lA6%)HBKaEU7cXKU-QjsU*4?PW|j*OE*x%M&#W=8m`eemjh*)e|nW
z@c)hwjuc`1i{tSXq1^gqCqs+qOF!Re$xU3t#9~W-u{lWjJiOl!Y+CS{axQ$7S?A+x
zu^_R2IubK-62mq>Zn>qm!#yglalZs75a25Ai8BG59pJIW<x8MIsJ&hkW7o4A&3>I7
zPyKr)z$(rDTC-{y*$JDkGAB%e_dy&~eC*gkW@Gk;CVT1IO@=Kr$(VKbiL9Wq>S_x*
z0n>d=L%a?k9g>j10Gx-p*6eS<>jPT-Bk@gm>BO0M4Nt~bA(E)8%u^ebLP}qVxs?yt
zez8?x$Nt{2KeWZ|=z91^xbq-Ef9aJc(Z2`XcQ}nU@0d?tf}0N5v(27X^`UbxhJI=X
zvNNw5BaeOcV@?nC*El>&ytTjiXZVZfSkYH04*ib{M=n?*-g~%x>oe!TNH|GezT)F2
zqNuMPFZdmu-XFQ7<x81U{Jm4W^&#$gp!Lju{^8*^INE>m-Lu=kHKh;Xq_4}JFQ4gY
zSmcs(u{U8D|Hh?dw!<YYTVYU;SP8?0z~^oV1_ft{{~X}&WROj(+F$8@PFK(9Lxop5
zFP}A5?H9Ydps~hWM_KY~m{l;3G+lXVnNzE_zkY7%$hw#5Zy64k98<ZwPzqSk$B6Bl
zr}x4%(IV=K%j$Xox7f?cOeZ2eaT9mpbo{4_&<v@29r5roT)FVjmo2?8QBQAK3e$b?
zR^7p=76*j)B)3Cm`GH>gcGhBM58kNx`hf9szHoo&IiO{a`?uVTM_!A$fyKdz7u-Jm
z5T;U|tcnGH&WJfQavo-}V1W0KJALI3(pMJmH>S-!ChfT>Tm-d?gAc9AxU&lGIlY5J
zSH963he&sYmj#2!b3p69*LTBY2weUAzhg0n9mCFrG%9KBLZ`D^9Y5{-BV2WCbrsXO
zFopt&Po*8Qv;hZAloHmtE<x*_uWNVDGcpJ8YC>LOQD4|`H!&oU5*wrE%tknbFetkQ
zms~gsX*O!U^9g66-#f;}hD$?mPX{!T(GxvUHpa#6;3MJ0PuYo;cDln$Dh(mNp-ntG
zjn-c<Jo*prBUbL6D%B@aoC=In*?jz$>o7tK&)(s}f_u+cFc?|2r~&)Q?y-WVK@sjz
zk6=Dk@WXVdAf?ePg>SGm>?~v8)DC0irRe8d7pxkHX0#Pm-OXdc!9%*y`(al6H|<T;
zG_@k}-bFzr2d;qlx3dnI_$d&z;F{gSG0fXY&vngh;%Sjg3(hsp{hmyGPJMcvNn4Oe
zVZHaO_-w+y$S;7F#l40rY5+|yymWXFhBw8;U3#_v=5-gf<sYRg9@sl2vwsq~-dVpP
z=>*H<;oVXr?Z=$Oxf9VHZ^>?$<H1^eDcl~rIt%UynY6`%moD?*9H~OpCPgxa9U+NY
z-GcqWWwDxuq@9v}Fl8;zt|-#m*Y@F0$=%I_MLixgr<QIH*XL|v)AI~POQE(N?p9!8
zm_2C9_5xR}hT?MPUZYz+o{+ntm=jQ3g-(kFpe72N0t%X_nkq|R!bCM9gb*ksl%jhj
z31u`ko7KFPM<z03@Hb&7PM0Uxz?Cs(ETeg95#7begTNbbp3n(MC#D^;8O!v3c1>DE
zXJ;D#t({v$mR8d>b#2yX&!sxpj-Kd-O?6v~HLCKhSmzQ7?fip)15uTssl0Zi`TDTy
z+Tj>miW0qi?t1xM<lEUrxQKBCh1VeUDL#uz)9aWlCnbnSCFZ(^hyG-cm(A37993rI
z2MA0^QPGT1Fo{jfKP8J*7}HNmphOUAW1dEJcG;iW1*1LwZ<;#(Q()Tch=f~>x>?1i
zS*9wLR^J~`UuFW*$&f-0zzdRJ$+VN=P&a`yd1nmz0o)|%L}`wOA6RJfZL><}HFO%~
zBbM7080cj}kxGqeZnzNBO$w7Tq5U0|h90*8w+KyB8p~3LXOVQ~b$A;H!#pa>((Okp
z)MOO+$Ybird|Z4P<l9-9ZX(D*899!(-7=yyWg4cRADCM?tv$uDQ83TCh>O{dmlnL1
zHfH@0{#B^S(iZlxW*IiZgh=Jbdps$k<ox8tRc|y?a><Ob0<=636KgjUPF`l6tW4Js
zI(z}Agw)$6+G?*?NFeF?!-I|FUw5J+1P-gOJZq3)duq9~0WCeHHKw4qW2N`9y3ez4
zz0;ORW$y?BcPQh>e%~jL<JO=ua;YX`Ch2pQNDFykN@apfpkFqxdq7!`AdVOXt$aAe
ziO@olIFGR@c{DTDF6S4{?q#QGepD@xKihH2uVW9~r<XYaE03TR$<b_v%Zm}<$EGqL
z07*#8go*(Kg<qj&&iR8xz7B8WXJ!4SJV6Qnp7JcKOj@Seu|H{9LniCqUy8;KmWN)6
zo4bcTT3<vUCmQ3dM17ILP1p8q>L#=7Y!x4{=wkA|-wHSH4qmghKj7&I*Jjw7Z5jE3
z&E(XxJD%B`H~waGUKf07KGO|-hE%2~x6w{w7^gyjI{<PYII~K3#-C{urflPp6XmIN
zuDYo=1TOo~!}>|~0A}c8)oy>bDJq40a>=_HWC*=#fG$p83Od+k1n8M*_Eic;Dyl7(
ztAcucS?BE>je~}mR^|3Vz>Hq8hDXNz$5!pwH|=?z<<=7?YZPvw_eXXtEBXqzOzola
z{BRc0&D(5tdly=*S#sSyUURH)MLglHM!0p?1c!1vmfxthMPch3O_?EeDmQ1C;%?jK
zwt_|HSS7l^LdPYmebXn<xfjs8ncRWg4~O`H;u{JYZnWR`&$bvqJ%4p9)>{l0><Wft
z+(tg2Q{?*s3dSFjkUfnFrqc1N*90tSoDz~ax4aC)?pPy<$V^sxMRaJbVIA*--VhVs
z-HA`6>&;u4Aet!f4}qJPdn+aJQXvcl(U7ea2$;+&@Xl}`aYDXf>OVXOufyly>iG!F
z<@%$KoVPw2UX(yihG*y%_Z?B0-DIy3jevlj3m$UQp}RhV*Z*!rtv-Z6{OpXIinf{{
zE-18a6Iu+}6?;PLfrh1=Ul${aTZV^l>7>GZ5RGtEuX7zDKL|3!0E5;MCgv(G@#(e)
z?ki;A;3L2*6JR~$+-$EQ6Da{IuR^78@tW!bUYEze>*DU&$=`!ZbN16^ze^y5z<UOW
zd;K&7c5QQ9KGh#5h_KKdHWJw0eGOdrR)uCOGEX<dVwktsdq_DIr3g`%#YWdFMBL}W
zMAh`<wur>g$Vc}U1K1X;>yrS_yQ9I&2(TC=!9Pn=uU^?WQj87#V&RjkP2tn3<X`*y
z&P&~N{Z-dBH=Bdt3LxhvNET<cAsK^c^@bjh)&#icr;Jux1yh>h=N7=${JRAZf<IN`
zlGIFGSS`Q;Ww~)ZzMmTD_24mmK=v+s*9;)KwWczQ$iDos=Ax`Ecg_v)5xQMVIlyG4
z)B&(*%-yAAYuK>zr^U!)ciuoyWjH(l!d-I&8JH@~V9p8@l9X;g9Fo9^fr@8NQ3@29
zklWRiNho3Gv;^)BfuW-pf{LPKO=o5PM>arY+dEYmSb-i$-DC>;I_THw6|V}%%TJbX
zbR%5dS)9XTV%Y#9i)R?yCd0Wqlj{*_?hzdiis#)TVwI?JK+<`JHnZlLPFz0a=S~(8
z){rISwO~-s$}k1AdNBt4#yZ`QajKRK+$|-{Obh-D^vXoH>~>N#6XeT$>rqszDez_t
zFggu84lo(+u}emi;T~sRttdwrrOZ(l`A7(TIDDDq6H_Uo4i#$~z;%2Jk`?A%zAq2*
zks&qwK0=9N7o@rUOh;JA6x%eRW4Db?SRsgj;94B3j&L>8?lv4_MQe_0{D#hEFh;nP
zf+Cp1D3$H@btT8!M>ql4GW)~=8Ah4^vH!?5!|t|rJVq@H`<i7x!qX=;sh%2-^#^zA
zUu~8IcW)Ei1a4uQIM)r=<Sp;&0@;#Xa9=&1nuPQ<t45l&H#-73M43Ff|7v=O*dYtj
z>SOKc5zmaKA?CM0?JS7ChWj}LXjNeJb!0M|sk8Voxlo*f`T67q25E)8e5^R@1QIt8
zVN^BKqHUKyPE=~+ggqg$8#?eKbpmP^R6#0~rL!!z^iXyf+^gD``kZAU8I)Q#Uc(?@
z5s}|t1fyxah!a_9J3DRx!gO#CT+WYWfL-a(=#&Tp*#bC-u?l;Grhd+$c`(}l92G>G
zGoI#XXC5tbiD>)MdFfK0b3)<2j_CG!E$kzzW4wh&5?AY9O6EB?FoV{fh%I^O_gm0!
zwEsgebNrhZ(BPsa*?s(zpbBpeeW~Ed8!|Fn(^)#GK6q9W&>NKS9593kW?}H@Jv|&e
z6avSo-<@B1hxk<2s?QH`Ewep>D@&b+RsO-RPTvyIAm*MyzIAOMb@h+B-{6Zj;2%PR
z+i(7%MY;$~(r^Egy$h3waLxGDz0L;5=?OKjytViY0?x#5=G375dpq*W-q#-PS=__B
z{d;x8xugkn*LfFt>;HF=(tif~zR7|S;inBU$bzf$$$gqegddOK@@b`vYr)k*%(pm+
za0>7_j8q915uXVD_0J^XKV|SgkSu=mz4T9acrgITtnGMG`kbOTOT_KCGYXg8a~vvz
zOH0?9(To3zb7*VjuK4RyV&h-^-vB>K3i`v}l=2^mkI~vKjoE*8d1CxOj>-7X&gcIe
zE%T7z_*py~B0i@7((v%PE&K;g=f~Ju1AwvVsJ1uw4GUbSMeRrwP8$|L=lmNA=a)_`
z##5R2YeDcu=RC@i<1W<=XD}VzR5OQWBVm4v*U8PXzqj7t?!x53iW4q!!QVTVHjdR%
ze`y&ZKJh!;_unVpO39g2h8t(NOW!6<GL#(8utB%MYe_Tf2-bIA`eKBJaF#Ix-nl%F
zc+Pm`SyMT)<E3zo6dF!TfAf^IdAOE6?;V9U{DTJ)X>HKK$g29psVqDv3R~;br;lCX
z!R|tB{b~#H&EMw?{==MOz3;|QE1Qmff#!*OhF=vrSo@5za<Kw%dOQ6lQq>o^Tf^%0
zE1no0J&m1nZvP%P$^=*1t&YI>k}kq$X3Ohvm&tOEYroH1`VaHwB!1K2(El}YFDFd8
zJ@f(2{!Yhok2<x?VW?Y?LioPS@N@DD)<f)L%SXGXIq&0MaI&F{r&LGK@!!$B7TuLd
zrfMK6uR*eYzkOjiu)=Myk9TJ}u>F@SZKxW~?MhHNA+op=HPrFPh#IRNKafPkdz}9w
zA+fx3Vl|f7&|ZjO6j|aMmi8vshY*lTv2FFEHNSiMgn#h#iS2JHJ>1`!GfW0}yJhBy
z4OP=Q3C?77z|#;yJNkRPm`?OMnO5o=0}}*oE2)`ld@wDsfYzEj_r*xFo<Wqc`DT;g
z>)|YG*UH%?qsmisRwe+)vN=Pz_E(~8kbuH~bA)|D;%IV03*0AB0hdr>3z$$>`|nc=
z`gf-Gjz`g%>?M!vvLNQt%Z3xpTNb=x@`el#pY7D&BK*ajicUO+@AcgX{KCDoY#^B&
z#f<fCGoA=s>LSD?B;LTie#^viol^DY7DOB>)3Jux&6Qvxo&&H_f|^=g-4jCG&C_%i
z#ka6Mp$zJ>|2{3%znxaR2Q%u`ANc0$OuSEVc+rtH#n&;^AyF=ays`U~n@{n$*T-gT
z2KzxJYp&6R4O^C6U-XGPa0aEEmZY$ez7eMh@84u0HOG8kmSwGYub)FUz0EBg7Io0l
z@3n<^$lvmlj&`0w^&zIQ-l#ncge&o&_$HT3Gm)iM2V!WBMw&8v?_@aI4ff7dw#GP@
z6P<zY@BFjjqj7W@aJ!Hsz2AwspOpY-35QMFo<_8NlfMJPSa7dNYx8BsTY{#ODi$2f
z86lGSaSdbZFop>dID^nx%{`SbUdA6E5dv3nCm5Bd{Rus1vIa9#F>8dyx+!b>0l4p|
zo4W^`e+)m!YBdgt3Md=_ev3%eKmG%ADO=iDmYb<8ZnLic>n77i_Riv1g=v2&p+s~o
z&I1%Qz%2*lK%$hMRl1*rXK%LIW+u6XHG|hua@60>lpt<I?_^};b{w%TS+6Y6+(w#b
zXvy+Urcdb}93NcZ0;Jqfcl$iWVD&p0kEHDhfwRV{HR7nTZa3PTywkA(t~a18Xeraz
z6PSfXBrQZEoH~er%SP4=i2WA}r1OQ>0g6htiK%O$9PB`JG6^QUP%k75@%Lc(GWZ!G
z&2R(PLiE#^wj79Nd-4orEg4>H>G>&{`6dO2QtX<D8=#u0N2y;QY*$+YnWt+QEZ@xr
z29d@00ED^HnE=wLrp3|*aGOxhOgw06)kF*7hd9ikuVli4MC=sF&I%QB&@oIJr~GbS
zUT6QkS%l3?-}sTHS00DnKmspyp+6mOk?r*e&E0fg5o6`UiM5NC>W!AjN77?9MDk_U
z{^NCcX5nQV!&wb|OV9CoF|1N-nt=N0Yzc((itUt}C?5^)Qr;*W-36A(e`xh)K_x0T
zWVNQY5E`BtKW-%#YB{DgDq$49XM`~Znvg@Xb|&_C-^VAVvm}|?Hwksh-yyI+rb9Lw
zA9A>>E->{^kEP{rH2O1hHv3wDf*%El6B5ZEGEjCwTQ+47jAq1DQqA@71OAZSI>=XE
zGG=|yt6e2d31|ja347j%#Ikmgm0Ce%x&&tl?9@JBn`FD;j_?0OL>`udLBFo?xUOKF
zEXicK=2r*bK|iQp;pXeJxr}Y~6tGo4ee5@69eFz?7CS}mo7vwX1JimQXc|vR2m0wB
z>Y4Z9hZqtQSON}TXzRCi`AKw=vrs}ATn6vH-A)N{2f1U2R+KPjPanaoXOY-^yU-U5
z!uF7S3#JU3`9eje;KGr#BXBhh+$Ap(6GRZnXm8N7EY{(FUxjc;C`K7mz<2>THc=bR
zWM$SUj9}VukUvXxCO*lQAS%lk$&F#p{xU7tW9#BBe1c4I=JGXk(k_|=tB!#i&$Ms}
z^{DATlT1)Cx>%Cg^yYz#;~u@qM{F8X7@Dx|>UHJY4-ZP<XGq|EINuw#+aDl?3YU@d
z8#fQj&h{iX`mFKLAR<Bt<&>D6Y;-KM_gEj9N7hiLME<MNRv<#4Mjf_p*LE@;DA=sm
zkheb-3{BF1^>!uPW0FlZLdhS*!cS}D<tGnx_BSYuc$PjytwyLVFte*1GRe%dxTmfr
z8TmU=*|NvADOSzQem(a#elyS(ZBu*;-s{l{(9Ccud)%#^6DZX9W+1<;Rx~hfvT%uu
z4Fn`PC!KagL&$AzsJC|UDGfxlW`n#E?l2)UI#1@nl}eVld`@%U4BY*;9ksJ?r1$^M
zUPaHAC96a5VT!&NW0Q(5hoOTm(xR*4Jv2o#oq<^ec^k)N$8^v^b|iKxG}E7<`l+h7
zkwqpjG705~astiL)e=Kk#S&nQ0__I)bd}8{F$y(Uc?fOSq_^e)a}7Xere;OlO!fu0
zC|OPcxhHq%+AP7{+;7H8arsy|f7}Y%F_l=ke1!7;g+(3m^X8EYbbowi%)x(S%t<V~
zdo7r`MsCEZ5B*=8=Q#2Cvzm2Jc8XmspS$__yBEnPCCYNk&p)wTXDM%)XQ%zV*ruw!
zvaRll`<deJuUF6itmC(T;`7RrpDk`b`(gC{?wj?0Uf2}L!&_ABm@TTZlgqu8ybj&+
zyaYTuQ|0Elw^Mhd8O6@cpFTtR_?dl5$=>r<Z@jh<SPG@xzFSe&-K&=yc5=_Q={5Jx
zW^Oxg_Y4v~_1{40s5r*``TEame!VENEw0Xe{kW#g=BLf`%~!Tw-&g6syz<?O$L05d
zCwS?b_Eq}qlV4rA^5=`U{kP=ap1<=wclXYDxzFd6?d1PiV{(6M?bp3Ou;ns_`*)$S
zT{uO1{UVKzkHC}bz*!qm^JniF-%Rs(mshNs`i1WL3ah6t03JWJZ(r_LrP<=k=Bz$v
zc>K=!*tfq=r~W$gBRtu6w&gsj$2Em>9(VS~2`&CL`*?cv$!&`**S@V?V_ELGf9JBR
zr|)OId;NLOwNQD}dAH2g8$W(~fAX2DS+`g9>s`Onzt-^DHoI@~lKy?~b2qO&Q*9MG
zyYAhIozG&fKd<{Y>Gi6*u<vG%Unbv-ef(;7Nbc&p7x!x4yte)P>+=!6w%yrpH|^@)
zQ*+j=0}fg5+;s>vN)q^aCsKn|;KA<Q(9w>*qNl*s1#x#acdzMx^eX<qYVoAq;&Z3&
zDJl8O`s@X3%GadeF#Thz#aHfO0Un5TeujSCU)B9zvTdYZ+vI(H1Uw`2q>Qcc{Ng{Q
zKDn=58y6R*&0BPA%I}$lYo8hQJ+u3@?cVWs)ssJ-tDg8RaQ^d%@@E@M`z*i7%lf~I
zzw+;{?c7yo=WL(xIsDm9<=^GcXJ3yEdwXinJS(%`M(nlmx4zqX{ePFP_t|!C?&sL|
z&$d3fQ)>fU%vJsh+FU_N;SKO%K=heN-6Jp30w2wNy7c#AC5D=%IHtzmtNou^`!#;*
z{fn>ivksgu!#+>`VCvQH<^OmaLA7alKr3)9hQud-rf2rs8=&>t{pIk=|A|vWHqHUC
z8{b3kKYYjcf8W2=OE?7YKb^m#pdOrW|Hi>v)A%Q?8P<X4K!@O5{v+VxBnII2Uc@2^
z#A<@Ly}&gnSXVz>or`UOLwGrK4MX*E;PQs+k+!qzr&;|6FIQM?4P9Qb7kC6|1Na<L
z*zz2p{iDm?hhG=~4~$`GSUpEDT@*Ml=LK1Qvj%*+`o~v=Zs0T5E1uJPug2(}q0#+P
z^xrG?bt!O@4{(BN%`K(_<y*kZDu74sP=3hcBhVHi-~|KgKl<c!3n6YX0A)5fZwK%M
mW%!*2RJatO<Nn`w|5?AEzN5A*^Y1H=KRjLiT-G@yGywpWO<F(z

literal 0
HcmV?d00001

diff --git a/figures/zh-cn_image_0000001113598272.png b/figures/zh-cn_image_0000001113598272.png
new file mode 100644
index 0000000000000000000000000000000000000000..eb6ac17f79180218f7456aac86e8c2c9598b31c4
GIT binary patch
literal 23284
zcmeIad03Ozx;~6{t1Z@AcR^*YS`-;XM8L?9?Leth83YjsL=6xni3lk}2q7x9T7*PY
zW=K>NnUWOKgfT&FNtojRi6M|!14IcBAtV7p!uLXTw_m%@xz4%1>vw+L-*x`bmzR+D
zUF(_F{XEaT*7ts2`>ZlFH8e0VSasm5{Q(9Bf3q<#Si1Sc<-l*UA2c$7%Mx^e&t3y+
zxA`03=5O#lNA?&P)DTzBom>Xoe{}Av5VV28CqFIxTf&Vkk2Ej{{r<rIJ%Py)V<Oi0
z&hWf-!y0@09r+*aTJp8QgwsbWF6><DVX}3}lD}IOo-h8}N1Lj%_kFSA^YkBF)|gz#
z+L^m~%NLKnYJCQqC!H#A5j9p;DX0xq4cgFW_Zk~x1k~_e9gUH~;%SSZ-+sFH!wrl7
zZTn=E;jcddw-8HHqxT<tTj#OU=AVBThdJ%{?i=5J`fBpYt$#k?=b?!o_Ds0V4@>?A
zOlo=q78acT3Op~H{}{M^YqV-XKriD>jeyI;p`Cz;49<6)@dGXfdCzYxT(;fcvjn(6
zzD{2XT<VIKF9_!x=r8g`R#f^c+Ptb+UnOMI2UGEH9Ci2Ju*q)}I##o$BQ{N01l7L*
z>+V0-HLJp!6RsuzlX&PXez0d^@mngNl(cG|I!TqT51H3X=Cxoa-&nuV68dntD)G!0
zk@IydGqY7#4v*>Mk`S$ZHkyx8?DPZ#u<JR+%qR?8S370({LJRNCQoDoeGy&XQkHuU
zPBW~=RO!uPBKjEpmgy(b`ctm>@GzIJIMR_~6X!<eb(KoTU^8@Kf(6<8)Zx-Mf(PMR
zbtqzgHA*77wI2U-lC)o1j446!cG_^TPm2sef?d8$%7FW#(8q@z%#09SmkJm)2ocu#
zw&{nZ=C!?$<A}|X$h0{DQOB4$6l>UH4nEb?%~;;DcJWKyQ)^dc)D%3yzZEcNYsfVW
zhe`JQ6EOnmF*qkBPGxq4&NBPNf~SHa(6i55)uGB{YU>1jc?)thx5mUtbPP=!vl1*A
zfDiWS@|J07Q`!r`YF(>bxO#f7&Juqs7DaYh8WYy0Me=4-Hr*kXSU?fgV+j`0LKtPM
zA9~cuGK{l)KP48`yl6l0MqK(GQ-hf$14T=K|K?+jFuKE=PNB5bkNnVrlm}qx<i51I
zU%bM6$j(y4K<};N&IrTIBZLBm6GQD!iS0l-ELh>q+B1HG3G>+=Y##BosVFMUN>Hmn
z`9(qs4PAU)Hdj7+!X3t`1=`nWwLmxB3C+5CJWOM^D&x9N*M~TQ&<gmAQ^FK2_tuYr
z?`X9lM^Bn-stfJ7KCyn^uxhqbYck~>#QDrIKzIlIxLHST#(0fBCCWL=e}4TmZNU!u
z06Un;F1G5xgo9ryW5t5is<}Gf^b=z%5@J99=FF#^1e2nVRQtf_PE(`a$Z}OrN@HAi
zOjAz{g9VN44p#Q+%auJ^t85U{^i!hx1Hd|;o*lUL8Z4IM(q70CVvkRamFl4<zrmUs
zVZymo7n?hU%Mn`ca_{aUjFKHoi@V43AAw+_=8%N6vEGj{ckyeH9iCZ2c5qM97Me1a
zrS}J=%@r#>&ACz9QHaXIvKDxWhn%@8W41<IJH!=Em(tRHpy`q$w2yME!ic6uIBjV9
zowQpmNcMWO)h<-Rn5-ScAO5~UEM)t0C@wZJ4$>LKJl`}KiS*0Vq?UPArMlI6)y_7J
zU|qCn-0GR_ra*|B^QzWS_H%|68_``0^BPSM0fzHI?2$Bc&soQH(OSZ3zn;|(L*e=o
zi$+(tSfEZR83Xb9RzIH2-Ys%#uhZ|VP5X+|N9=2LGBu(JwYriDMemEdt?(V)1vR|l
z`)n|lSfPl*LE|B~%a$erGAc~c=w6Nmi;`{%Wz!CmAGdpw#y&7OALeQ^OT07t=xyd~
zT*;~AvCID$F428RvpOeLcOG4p5em%&*G+nf5J*X`G#Unj9MXMiPOMOkx#+(#_f)2%
z6Pu@FXEm>Swa3V4TpDlAqFQHA4dN&Q2OD>V$@mgK9Nr4Y-3TMGR)ga^t41ul)E3r)
z9}|7?%<3qfEa_&kd{n#A;Gwo5Dt%*%wrW|b?s)OoRWab{b6wpfsF|8$%hY|uhu0@e
z@~q+zt1^6AW=A1BqiK`82|BJ=e#Ppxszjbu-82qUr*R74W9~%^zK71eZ~n`TuoS6-
zmZKQ%bBQg%9~mBz&6_;nKx9aXKVkZ;`E61*SZfm30=m#L-LGFWqwSJRSb}Fi<~hd~
zBdTvRNhjNK!0!0B%90Z9q-UxtR8vUl)DJUbif36)q7{;txvLD5;W^vwDtfh^oTc`&
zdbpVpwwslkdSe&2hQT&}US#Zl00Z%*oP=P9U!yhqOX{_3FIk;q478_@v+?Ay&oj|o
zrbfh!tUd|1mt~^B^K<2pMp;y1H?o5rDjh}h)C{x+#+lKw$QHrc*%~^cLqCBY<9^B4
zyq>)v?Uf+)6clFjRI}jeDCh<X0j_Rf#7Uh`MXQ^}<%G_oyheY{a6gvcrma*=jbeAV
zC!L%lC8)yN<n6UH1XZd_M^~vZ>FnG%zd`O%O7Q?sdd_1eF{3(2a@O)?=GB%b!VbU`
z#2>$?==5(x5_czhl<|r**v~?(+etrgXAWkKwbjkvqM!<39`nh~d`{-FH=}jMG-8o;
z&P1K*XHsUw{!DbQN>x9rjyMfJB4nzBf;e5V6n+hzrMb<|(L%^LN{xbsqB}7tG}<^E
zmj(oX6pk(2Eq5QNT_SsfCzsBeS@t@^nKY6$c2pNeQ>tV`xeaBZc+W6Rx$Jb0bL^Pc
zIYO#q3N^nC-jHKg>ecLnPS7c-il=qW>`kC~v5UtI!7Kx%!x5rqc8au2GHR|^oqASL
zO~R8*WY2D$Pak?zyyBYz&vK2&LwYkOaOvo!ph%JP_n6$y2PlMt&RlgO?e3P5PVnaO
zCJ9=ntJ|$fUd=(Y$6>&miD})8`pNpK`uM|4l~cA8C^jNE&MEB^(AlQ(S@T*dPHmDE
zbGVsPOyh?NYIFX9aKH`FU3{8XC$JK9bf>692L_Y9Y8O=R#cdW9FyNtWY9ad6k4X?u
zI$XPhI}Q21voX;@m1#m&I2XWN=jqYBW}gQf3goTx7z^sthLg;m4NNl?1d_*gZ4)W=
zPn)tQa?Iq7UgI?7uu?diIWoO_zMNc@DcGJe-1uX{IN2I8ra7HD|NW#1Zq_B@Ncz%G
zj;)rZBnMp_S^cBw(YA!cC$cAk&iB?ig(!}EoiJB@tD`vNkeaA{fJ;0aiAxyIlz+sa
zxoCGV)!v-w&N^0+g<xo!%A{H3p@hM(Sto13Zjo4%)8H6%tJAA!H&h^SI@;2K><%Eq
z2j(Yml!{ohEbe|W&r6Z!E1)JNhSRknT-hAX{Ty|+u|%iKP1!bz`_gj<c5RZdS)Ex4
z;^;!chKhtKT-c;}p{L-Ke2$mzId9pvTfkR2d(M7ceA}y*fgWaevfYE+d$mr)A<2Z&
zDhfYDZcxYJDR#0@EriaA(0l{htc(OyG0}j4P~eFJ(%FL?>X^2G!;4IvcOE1SrFE)H
zZnNQZocTULDmPa|T0$_pG%LQbesplJ%7CX0Iq6KWx)IvOr0h2@087=Cms2SxnY3XF
z8m<fbKIL$oQ&@0wt}srQ-{-dZ4Mo{&D&S-uxG&BNg+>rHXVk(eZIJp4MMK%yre+LO
z#KC?l?JI?%arZ|GM|8QFVU6NW&j<lB9KroS)+Pzl>1aA#uOvE?S5&G(Qwlu6FjuC!
zi$qh|o73v~ei$_&nl}*|>j{;ch@-H$@91!>g>$zAtP#dB9A|ZM*oa;xVY95vX1u64
z4jq?3(u4TSwAJyeJOwRvxh@Id5p&SlIWO;FE8-YOnK#?n(9kW^IML9aI`medYnX`V
zN|k0Lpm2HJ+qL32`&EX!{49^pBpr@{U3|0p?ZGRaTZi_DK7)9EtSN^vGiZ#<7>YH`
zF1wr4n-Vh)In>PFrsZExs8ABnYH5roYu6i*T-P`AfWpsr(&ay+fhSWE!-Wx=d*jMF
zDzXDJ%Y04NMHEz#oo6+h1?tn?nQsu4yzR=K{0Vbsgup%Qr)lAS3n<z79D5GMm&isH
zZrTSdq6xQ`Y31VOTnes|7yOue=u5_MO738t7c>~AWlmtMLSVyhKo!H)vXCB}trYF4
zaAtSAyKh$VJqzCOru&X5dzqb1Vp<wx;JLn-rejdNi24vg9Ii`Rua)f*@p+&y_^?^6
zcb7jpx4&vaSrQJlkkn>r`C=b292)`8(pm23Uvt7i216g9AezIJ#$j<NI?JNj4k4wp
zGUZ{~ulaqjVtO}}!?RatJxwLV9r&&wG8|>52v-Xrbm<5?0f*CtmP&{X)QQ<0(f!A`
z-{4T@zJM8CUlHnAJsHcQu6UhqGn<Y|eKLge{ZjSAD0)A$>+d}_(j7i5g%W&lvo*RW
z9W1N<+Zs^XVM7;Lb$Ncp;88)ol#7nUvm8OO5--bOK=Qk^hwqR}$7hZk0Wb@PpbB^I
zaMg0gh@FHg6kW-i!ukmW&0wJb%w>DRlqq8=&YC)Qf9Y;&kE|bv$n6rij-qLn%wkEp
zBLaGqI?2;(OEhn$urW6520D`q7fsJOz`m}AcWuHA6yOsrq;<QQ<NLw|)1#xBtqSKd
zJ{T(=P7zQYqcxF%^066D8C4}vG8I<6swp0r%LCSYmm~|fh<#Q^V@jk<At;)BXmC1h
z{!}6qhSEv<6IS64=hf)YB?SY`O{9|MOnK`Bwg*5QcoTt$mn{I5dC@|XdUR&Zz6qql
zO|#}s?y^2lGeHR+L5&l8CCcksS>uXLh}Yyjgg5A(;%q^}VN?|$#b%<lC|U&iZuzp}
z&sW!{{DWtC3L~+4iTQ#5L0symG}Kk3*=Oir?hr)xLcd+H`b{4+dbPY&OZs>R6$%pz
zR9VXcphvTa=8_u+nz#5XGi6;&FFaF)Y0r<GOmW3aa$&RDG+K-f_RNf{mRF+*0&$i+
zBUF@3XwXljAg}{B$`jOzLt>3K1U5T6(x1@Zr;1)BO~@jjL>1w@9%3ew>dL_Dd{i1S
z*;<vv3MR+y#BNjJLPVpO>@hlQqq0}IRXS21$Qx|P9W|rj)T!+g(z?tyyzVrTP%C7{
z5&WBZI(<^YkpxGMCIPQy`e#*O*J8k7VSK0to(PGYPaaEfz=iRh&jOPbG`J=<i36ls
zbst|56~2!}to9VOC*#7Y33F%n6DpKhTp4cQC;#!IUBQSdRdjd)6d~EA;U~qYOU$_f
zow;m`gRx{OIEaz>!{OM-@B}iGa8;PVqn6T8i4?kWD&ZSx3Mh9`-qiBT1N?mtA|Ze8
z8$DT<yK^L;O^GBibOrc+l4=UwNubD01SGU-MFJU*7#rww@hPEED+bLOWuqPWnI+aY
zkY+ayh&3}Ydap7C4I{5>qAH1kbvn~Kd{=R^zgi<b<qFJhAenY*%$azwRa#g|#*U@H
z1ul(by29(NvQwW%&Tf`ZgcPEr=vtC7E-VknE0+c9!$rYLz6#|T`yiH=FgP98Kiy=;
zb9PrGvpchuDyPy;rwBQ}i4GqhO;aJv$#3Z9+Y2p%IoQv_<dyx;YgKVIiL@AsPU#3L
zqtZE92%SHj7u7LcufZ`mtuFi*4b3|JO$Js1md8PdEx>sb?Cx=RNtIlgsqF549)%x%
zEwGTP2#7HEZJZjqOJ1mG)ZK}?VMi>pS9=}vpe)Xv`{dU7&juecROc<N$_7S%iCF#2
zbEF?LAZrC_>)5nT!|wvxPBLSeY&JgeNYmNe!-{S465|^WdD+d6Y}>7da)rbTwl6fM
zM4E^5St63`X%*icdT6LtSeLSyuch?gz&)*1DQ}vC2_5-fie!=y!&OER7`soD;g9M1
z<Z03Kb<~2)wrSH~O*Q+oYz>j`>b@-+QLZ>Fan)LOj*F0x3hWN;wjK~%+t5H@VZK3i
zS2yC>_xSnB9(jLh9At31K@lb&K@+qa5hgt6##*5SEGw*~()dqkNyW0KT9*R1*%^c<
zgCJzYS_CVAyo!$9<-ScB9maC3?_OVv{uo%A_E>gHKiI8MUbDkVHqlqSaX%0rcBpl(
zF6q#<8A}iCzzRaI^2zas#7p`J(6A7mI>cZ*DCFEHBu0;UPOLK<{F$;r_Ns{nqT^E2
zx~VYNZ7>d|RxDt8@reEM2Ju8)!-|<C-;!%+LFkB22>2`nAtBXZJORaEKMRSq5Y(!$
ztYfmlVuYrG@CJOVakL7C7^QPmH><12ZUTq~*~D~F6-1#h5?-*TR^6-J?Mf3+-8tF<
zMi#ka+QM8R8{NI&Gm;(MWNFNiFimVfl-r}7*d5K$ekS!Kb{3&j?7?Cz?S>2}LxEfJ
zKb(#`kXcWr-^IYULQ>W&DW+wNpB)SFSUVeTJOw^wKZrO23WgqH_7XEppX0CG^f<)9
z(XFiMR=x?q)l%q6a^%YD*be`kD4#_bwGsp%#=*BX$_fXn`ovrTj-uV!80%67-KW;X
zxs>74oWw=>1M<u_8d##js(_*k0ZJL30|DeC&FVDI0y`R9bHCe->dw{3tpq^|#C$T@
znQ8?k2V0O;ndCzpjp77Hosfm@k-d<a$Vy7?1L2*WnUx|@9I?{8t`mZkUdkzyNif+b
z9Kj+^kbJt`yPd^b2n)5gx7M6HO=kEXMsr}Z#8L;<PbZn*3DtAut?D_Od|mmK*$pmK
zPuU0<GFvlKJ515hfz?6B^@}`APMW*0Q~T&93P<wP?3U6wR9bBhqjR_e2#XV!gTTJ1
zD(rwt8zCDNooaIPN4yqs<PtRaOU8G>X*PUwx^{PEja22$%o1@GQEH9iA8ibx=KeSU
zFVRylxaP<1;92+$7+000Y3dd#;Dm~q5&GDBA0`8O)SR00U=pf$*0c4>2BuFlwSk{T
zjFw!YXg#Re($hdyG4*@fcCM9kSY<xmTldfu51DeJTiH8lv;9U^bRnVhzw9UiE3~VB
zOmfklOn^&?Kf(D>a#CATj4Ra)U+!fmD{syVRU*Y~S`R~Q#l1HS(SD+~8j_laDcN+0
zlEj-jIP=L_my^jQK$+=bUMsOsxVj=X@W>4zJ8AM0@JK_yMr_|sWcf~;r!gnI*o{f2
z8v>7>@paC!S`ht1L50<R#Vo9JUhp@%E-5Dg-#0&r&*|^*Jri*Emw1^X-epT_67Mfp
z5q*1G-#Guq>algS#OHj{PAumUZ@bp(u^SLISLY0>@jA);M`^a+#%~V{22elGo9x<Y
z^K#$T%DRhp45z<{-x_@F&`h+c(c9ZbL6ANE%ToVdf77n@UaIpd!)d<^Tk5UyrC#4d
z+KmST*agd%rP_EK2m1vsA@AQdWEj6yayWgd*UdW_b~csgeK+RCFRQ;9TefG3)j|Ij
zW22ylTe1(;Uxc)~JqJc|ul$u^hV9E6t@j{%wha}X@q2hVATVy(|LCwrI`51)>W7-A
z-_?f4!PAWkwP8`SO0F*$mBXC5NXSg^yl8%M3x}vD&MWa`%V2#UeqK<<W!Va9lEyR5
zXxfAIjtKHV)xrcpc6s{M^HT7PDx@jbjMSAycd`aG5=$zY*wKkVHOLgM{jy%1i3|K}
z&K@pHcqg8b>N}ODOSeYzucMi<WAbGOjBV(5O4awSnQ3xDdDS6L1iQzvK~$J;`bGq_
zab0j|ql^{+2z{^`QrHxD<N{@`*3IqgP{Szp=H(cNFzxlDa4o*ac~wSc<015&yUSl3
zT`~9J@7}fU$V?L7<Esrn9{ad=J|>WhGCrA&LwE-xU2Har=<}~1$Hb=Jfyzq;+2p6Y
z{1;x72?@p6)o<Ya5<<Ybx)BtOK4@>34bfU#37jO<TLsAr$K=-$wIk=NdSrD8Q2fnz
zT245YerJ9=)UNsgZj7rq{@TN~m^qx`vnoS4$DkCIfMsK_lpCA0vmk`UQyK~}7Cw+i
z9e$(b#z_-o$}1D5+P*_fs{xPqW8lg3DXCuy)FEdxoZO;E`-syM`1Sd1HH@;S_B?fQ
za5N^l(;EXGmrD^A38(}TL%Y2_E`jRhE4;BuGc0OlGPHWb_kzg0Q<+h0Ys5D!uQ@lu
z*?R^>xQ+{J!yns~ASCI6QhT%%Cnr)81Wu)Ohj@3^b$dm3Btx~#2HymN*V)9ekbO)Q
zqmxSG5D;lO3$6nne5UV@=s3w6=1kx;r>U(qCeEVZnJvmGO%6F4cB<1;%HTJ|q{c^E
zfz9amcmuU6ZGb>nn<cMCeBS^^kdF?Hu!lFj_cgdt(1F)5>B-z5oTJUx<-F9gDUT}*
zzZbF}9NW3y_!9<=qh4xTxxPYKZM;7u$=C%`f<cV#0+7_YbBNidaB?kw7wLXCw8ejb
z?zQ;=s>vq-DN!%FJ)!$vPF_kx2OX2TR-nY>&PUffDd3p9@mwUdHrIWlNXyPF8Jcdt
ziecq`fbAZkDHX`>V)@fPSmz~c`5PrQ9M0_R1LS$Uu{*f!U1;!G7nJiY_uKGGLB21x
zE`NY3Gdv&g5&npk`%!r)J!og(?SRS`qNAT?30}~^(cZ5urMhx$__F88q`nA2K>|@z
z$0W8$h}5{N3!?OqJrmOFNK(&cuOc%z>>xSm2;arsl{tBGC_7;0K9dNl3hPJ;C!=XK
z+t!;I5#tBNsbLSsgf3ni-^DYF@IX)7+?12qUx3%1K*WfxblH$gt>RaoOJ^I<sm2zJ
z@2YiAQ%#O?2PHM<vBTW?<1d3IZU_>fau3*}Kmn9nZ44E<rfud`$2l&<BtqvsRa3-s
z@>4*&nFBFjcwAoy4wCXo{|b*@G@R0G<yPqg+B})k8OLY_GQ*mC<1P7G^<XP&h8Zam
zyNp}E9~e;2{|LWxt?PkF*5@xKk!xHlFP`*`^YivGJ}Om*?xVuTLJv9qJaReBF_bhj
zL5`y<RSdo<_hJQ8Q18qejfm7v7kJP)ti^D%BX3yffhBPBeSlbFqP2-dwbc~Bn6W?R
zO5vEeM9MvCjhIK>AW{!%7}%mQ90j{5Dm8V&<XyDx$@cC&zRR<(`B+ouT<3Cc3fe<Z
z_g&3tTh{ruW?eBXE?6Gg2*1Y}D#l@r_cCyl?UjsU8+rvVqB@g_e5%rTA&8q798xxQ
zIj1lkXZ0ywimoi;a9U*N$*>(~JGa2LMRZ*7TulU(t5vWER8K*U6TLqVh12%cvDK^@
zSKt{zzZ*;FUd8oWh|c4mA~DPl&9c0o=9-GGme^jovu-^?8grORBcqvwxK4f@(u_M5
z7qs0Qz-aZC6OjCV;?<^ZW(sr%6DnP^C>-0oW1k4y6I9jXV6g^J8*T^_Q4a_w5N5Z|
zTTDch%Yi~le$AdW(%pc2q98n}OBt~W6$XlrWoOMov@VwKSEk(!<)$|#%QMpFu!7~@
zQ;$on@&rLUb7IVIvN<8j+thnZ0qZr4&lmBIa;KJ7^TWwLZJ=2X(B>U@D*^W=Qqj`?
zen`U@t&QWcwAMN}8pa`jMol~=quDOescp=5cO5q++~-X_4M57}SU;e2lx!6(w@^k9
zDvCqu&-xPji()q^o8l#c_c6l9IH;*Cqgcp>2R@oAKTdgtVA2lVR+S&uulaRt6}Uh6
z=!Y#n<6X6gt{eXhEg6;Auh6fqeEIO{DnoDMhp_lJp5{4p0@Ckp+~4Uq+Vy_|08RGN
z;oi+H;)`c|Cvq^+^A#hD)5t!gI2rp%>R|cumNgjM)xXe+{(l%~95{RKl2Eher9~Gh
z?yYktoA`Fszh9U9ztzyU8szEI!AlMFRUy<&;c<iMFX<i_>s1-6uRFfL&p9>&C|P9N
zFnGw|MR!i{(_7P@8*Vc=4uJcIuB!~czV~wJ`AY!yMn1pwGVuTM2khQo`~NM?Ge5my
z7f675nFgQ<z&)^HyGUFJT$7~NE9U1px=YP-?#-sPT=EP>!qz1`{wjT`{w{uwr++Ds
z%^)R(nY=hU4jW`yIM#S$kmCgHj)yXNldqe#rC@!6q|RdeaQelgTkGoRJO7sQOoDI?
z&bxRkBZCFL1GH%kf0$@;HgUH*anLwz<~CRaUW=hS5eHM`(;>=}JMF&Ingew-(IH$S
zR^ixxVfiveOzhVqeACWw(nJ9^cO5?xIYc!FyKBn%4{}$Q#=k{Er&4b!c^ssPf_rRy
z8*7^lETYo`p>c%C3*p*d2s>?d<y^e#e&`k1*bgD9`uvSZJ@>g)m*Mxt^mQ9eoVCz>
z%%0E@96wCfuFAahwc{iyNbo>5ZTq>vu)H8m$1}Ppb$MKJ+V3ruAOEaR9b(zV6r!;m
zeIPqcU>b%QQi9RWK47+670_hN-P{-JUzEydLcM>Mq^N@<#}8X-5Z}5#UDW-!{r7V~
zxDY?K_V%B@Exvl`I+_O5oF1^flEi`pU=e=###<Z_a+HE*;sZ7CF%O}exN*WVE51|w
zYSsAu^ovQ1+#CD_L5H3Ve=eg!cC;7IXoSnX33ALAG&uwqLA4do?AI|kzyP|N6G;$>
zy<>Mg7IPE-3-!Gm0?5XP5TYA{H%7HgTZ6P8_xN)*mKxHL9dphw|LYoD7=b3wH+BMX
z#gFe9{wTx<rj*1TKEv(#5yuG{XQ2ECrt%8n=-Q8x?(TWiSXumIl6JZ}Ld1+hjSqg?
z9-dP)vLZEtms!6JsKZxRb-NH~=)j1SFO)qPY?|m94_qm4FPt^q;iVnHai+BH;%4(^
zH~ddI?}k@p)y5k^oA=&oHD{e$zw&CUp7H9=x-$$1u3*~8L0SXi9{-V2fslkDqsDhf
zM<=e{h%o2!O#z;PW}<$)laUC0`Snhl<X|G{jWf)7BkxU|D7P5hnVy5TbL@<V4!&T_
zxpr8G1ZOFfJ|!?;60Kek-(Nl~evm7PCLf^0CDORq6-oE@JgP8)^b134eq`c~^#nea
z9IgAgde769g?)K=@)^HQezC^ICqiak%DQxrLy(6&zgiZtlW(f-uWFzrbT|0G*7R|0
z8|nalin!N)3kpRZy36Qqh;~>#j3MIyV#Hf+|1})~bka4Jyom-^4^rEMupEBhAxWMl
z1TJB27F?fT=o@^bb>%f!{t6(dEX0m+B;|OhDB_Zj<QSMhc3Nuz3T6&TT4$=x_Z2p0
z&}u#(fz5(;#IlIRrNgcIw0?SgD!H)=QU0oei86-bSg<v<-cMUf&H$!tyJc*^tD{ut
ziai@^BI{=EhL7=@+qSAw%HsD837W=dfNr0{&h5*gTXWjOUZKxrmc1^SBF@}^3RGp8
z9BDWIxc9w1JtkZ0kVU$e)So4_K^LCaq7K}Cx-#7y3g#djg8mVS%(}`@MYB7BDx<Iv
z|1;7P8;PQ03sn3*4g;<o&3~;q(Zn=YZbE!Z_696G2aX}t)5qwtv!v%zbgIK;3NSo*
zIU`VCGL$V$sj7ccn?QE~S4{@E>{nMZy2hiZ4u~R(rwGp7-@HN!{KBLk2)FkG&c(rV
z-jaJ|UtRQF^Q6|Z)bL8R^{l$)^?L58f6FtZ#CZodbj?oXD9d8yeFjcvX`X<3OJDHv
z>o+)X<tBjX<BYjmW%YKZcK$7O3?Q2jBXPkyZAh%zgw^OSgf>Rpu)+soHfL{YRDAGJ
zONn&|FXJ9#zn6ATF^cwuZnvu}vyb%n6hySEERs<36^29FxJ{~Fn~OkG2Lur(jy+-|
z`eGlsXgywbFW9Rp)3TNqAJj?GV4Al`ItTj`NTd}cz?nzwEL|*Z9mmf21+t5>!W(Ix
ziYR;pkJF2*s25B+_GiDFEMi$_=tjk*J#8;ui_(7H<!ihJB+2#S+9;z)nH|k^Cu|fU
zWX+FJ_FvLT4YUFTuW$#Oing!g@HQ!+tgm<700QmlRCQub6=zI`f$rc|w@p+R)8h|O
z#{AjELsQ$(xjwMkzzCo`=pc2{v7<d%UdNx)(4Cj1vTO}@_*=Wve&=kLtxIAAo$E5J
zT95zK$MC%E%?PKpD_Of{)+D4tm3^x5Y#2Gjx7&)feoW&cZ<TktudQYb$3Zz7Ueuh&
zq?fE(bI#4wsHv0!M+_ClY4d&L&1+x7(gM2+T!s>cCaqAZQ&L11Mps&Yck-DS5+>u-
zYh9+ap|CsZJaacuo<@f@0TY{uDXWw2{OZEJ#~!(Co(#C;!va5eX?pb%<BlRb6lT0z
zT8NJn+Y;2~!J5cp)0u+x40fTr2A7EBWReBR^Kj))3n8DtBvB9`YbkGbPceFP(qKaD
z_Drc|TMEZK0HJ@1K|97n2;?zE3^M$XfL7C!f;d8l3F6On_kxMSxpV7&HH~nJanRGN
zH@8XA5Ed_=0V3s~)fYF)4rEV!Wo#RCb4ulHcnzr#F*EK2T=D~IqZMe?#k0lt6?Q=%
zcJq~|DN<Zv*XpF(K(NJ3?epZl46!_%R$Y7yJv#H0?b96sx;-o|CD59lq0bKL^0i7Y
zSS?@7TZ0|B*q((G<@09Q0hmN!9*pks=ew4V@BMXUE;R}T$a>i90Pp=3k2j&s3tpm0
z`D56-8HFMK0WF<%o|XB+qlcH!0Ms(@1sFM0wm{A~5qwmdGv|6kS?xlp?IBJv=EyFD
zRT(=XK09Z*2z4$ZP%bv-$%oRHjw7n}ESd9Il)y5Bl>p`LMcJZ841RcW%iuifFZIFX
zvJVW_(jg}F8iTi4(U{4D|BmcWuT}uunHjunE*xsl&sugqc4x<p;Aa3Dow@iCK$v|s
z?-1&mv27**V8#B1Q-KdoeY8lZJ>|X_&<_D0AK#n4K&pKKFl_<&`gh>x++X>#%zcZ-
z1CVU5STAyIuZ%reT$%p&F&q9@HvetA@iB(r)mC$B3?Rc-cHP<I6lP{HcNh-z;_vSU
z=*U*{9gYTXpIZcFTJ+w^r>rqZTfQm-u(!GernPvXongPz29WxzVIciXP6AvOh%A83
zW)uN5?Uw^UhWBu9`hr!T1&G?`lNMSOEB`_dm>$Z*Ykcr?a>?W7X*c|?fqCaB3;b|x
z8n!`UHBSfEb?yEIK(Z&Y=Oz}iGGC4EF#Z?E`EDBCxs4`ex7Q~f-;%oV*9q0LmI+Gz
zu1$1vmU~BlCmZonjlNl0^{M>X;nw^(tedMTlf&zNs^iU%;7iW(iiw0(M^=l0)`fja
z`Y9g0+3jaI$Ohd~$2!EW0^KQm;|zj!s=Wy%V>G#GEpeykKhj_MpZ4pAuuu4WdoeS~
zRqJTO(S#cxRC#%yaIue}&K02;xSie5OAB~(qHdJf2VVPaIA5TF<8UmgKF;CoSzsnk
z9lknTp2rOx0zj67(`=TR^1x8}?#){5^eC-<$5{uTFV!lYbT>yQtWBi6J@QVw>a`H!
z-aQ=mA{QIZovMx(HB0=w0~~L0URB6tRTsC(%XLAghdhJ=Sp^E0>PE%c_i=PMhqr_U
z*~zeYaqQ4-QsYLN9p2g}5Pe(5cxq3c(j*{<goVyAVOEkXgq6T)oX1WZdrSGl8xNkm
z(R{%_<6h0%t%$B~O^aStrH#_MpeaW`M|W~Yoz^D79@W9m0uUdNq{N=5)q6O$?GXx!
zmWFetAlVbW2CdBuNAN7SzR`<YS`)@8F4Evcq<R;dKgjb~OZa>?Y2$rE2G#H`+d&$z
ze`q@5LqbcC8;Lgj8m3-fw1$o<Xk3SSFUptAx^*AvFl0EEsfxp4@#-xrtf4&~44i`%
zC*OAmQ}&1zJrm#WN`>`<hj&jOGc^+3-V=wOxoEM*aECY~qj1h)zcCo$9j+#N2cpcb
zmewSX?9fziz4n;Oe-KsmA+YF+PWwH?BW~sOkpxm_FBtdBy+bulNl{3qrY5R$i#1on
zs17M|v!wjXHw5YP?!*`d9=&6D3#srP=$nVSN{@cgJE6kQw=$cc0CRn?m}pqdaH69F
z_qd4!UHqkrz3EGH`~7Bale9t-Wan^ZrW`!JNr8q8HMFk;xhe$JE;hD#)DSc0ju4^x
zw1rc|meft}tUvV;;lpJn3fq>$#-2f$_s(_5jeJ?>JL*QOG}f1nX31&tX<Kz=+!|eK
zxN)9TJ^nO*R0H)}FtF*w9C}JxtG20I=_S&>aN5#4J$Q8@VYplXW3N{pc*CV(c5c>|
ziZuzHYB-da@JADAtlWsQZ#adtA5>LOAMg+K4lrb7cE}?<x(x3l%~m!VVL|$A%0?vR
zggsIHQzMYZiLA+ATppV7>R7F-C)YR;4zMf7Sl?&Q#9(;{UEM^n@YqaD2ht)ckvje~
z?T?!CH>^C4@Y|n3Hu9TsTPCgp$KWG^{qqE@<bx-Va|M9Ple-zOCQVqMmSBFg5(9Kz
zi9P0S+H2a-H4mlIf{L%25C^e4<n2dc>33vxt#TkUj>1u`deN^tOLhO8+~hL%jYg48
zr8S?Lt*pNO3W2~6S8S}vXl}B+dOx#+eH^j3r(WIqf&r>r;xABN*+@(Rpq<+xuZp>w
zviZ=oHnf*SO3}eKokIHc)Qw(c^grc}W-B{~Un>=DL<D9H`}^fBiNA{{%-&nCz4?9k
zgePXJas9_3y$j@e%Bu$*`Ha2Q>*92CIDlLKasaT%Qx2C03z~D*-H|nxV}M{crE@Mo
zctn@E?d9Nbp7hi_9YU}aXuvLp{cX@6HZ25>Foa*=$(uTt=wlz>`>+V5XgR7s;uPHS
zA~gL3rOrI+u;YsuadMzhjNjWci&1Jr?|zyrjWadpfBk;+%qC^8x~aRa{d>er42t@+
zdQZ0I9?@dRe1Q%AhZmWd8Es9TOgjb%x-BR&5xUx4k3mj-_wX2flQ+yl*;@T@bi@OD
zCiE>8c+FEYBTSh<i8If05{k_}ZaYA43I@fQTM5;#^F4v6JY3MftK+vI_)aBs@vZWW
zr(LN%)3)t=QzMpNaY2dvsgpHqM<R1I8_>7C?d8DqTW-(cDVFU{^yr^L33fs<DCNdU
zVCbXGw+tdm_taRJ8oA{;zF2en^ABFy{<|%k|36sy|J|lAe$><m1U3*9coyMvi|4N-
zYnFS@dl=MlMrY=nqgE{fw%NPOTbk!qHyfP0;68YM)2q)+jp)1;=gHEM)b&0?KQk86
z1i;jqMm_<(yaFVEFO7p`Kkc&JLS3lUJOl27l3JJed<%d&THS6djz1{QVIdt^xNq3^
z$*zqH5U-_oW;+4!Lm(5bSh(-Ch<~`|_MRmV?Wo<C;{v~i09oeO_kjDV@oOItJ_Jx=
zL|lSbW@-GZ(1qH>!hOPJ^K<)w%KY1mD&<M@oX-Rc*)V_<-&QV+8d!qP2SZ9$OUsMv
z)-EKd3-<#XR+z6@82YRKV^ewQK9|!xi*25(2hY1d$Nh(cNt+oW&xyc#RqQWTdL_7c
ze7->6L)MQ$^?dMb`WtpAyl@p=7X}FK`GRO_g1#B+$_o~+tiR?@(t)o#M@%&0wHka^
z6deaX8h=KAmJaY127h+1zQK!sCn)4ld(~;b)N2cXvTl~>@6WMY#FWogvW-Aez0sE@
z&Sw?TtFnP@ea1&YiLTL10&AyZa?8T|vYRgf{gF}8XTQF3@-Vv*0e;pvyJx=IDNhB|
zy+H^<Xl!1+tuL)$=m%llgB(Y?qhPzJR+h5UlP!9u-E75-y>G;U^jGPFD--uablh?q
zsWE;2;;B^0z3JC25g7$B$9o_%NpgIBXb~9AD_q?>+A6ob7Eg%lKRj&jvcmk$f{nFG
zxc0$cs>i;!Q(S^fvzTe;V&8yA?P{kmwM<?-d}?7^qMlv#-Too^1a9c*Zh^gGC{?%n
zPJ9Ff2Z5=hsH8A>jHfCM!mY#0LuWpDXRh9C<!`;8HE}Ad(mR>KfsdZ9%(q3()?Kf`
zL1X=<_Es2HnF>_OpbO5G0IDmG$nTwRcwU>8vLOc)6HX+g!xxQeMwCC)-pclj8)98s
z*&NK<2d+%(R18Fb%4FR@LtjdqK3m+#IYy|Q!FpBIL?QjAQrGETAZZ{3z%ZT|s8h#T
zNc9ln@|L8=cP=woLLO?fI|JwsfJ9fS=GPlX&0U%O1$^*AHjaKO)}FNS(vhqqCj&0=
z`sVJf`^x{4Z#Ps_nLi@43woiNu$GN`2Z%LG?X>|tz1a6Uz5km|-(poBJy~5B9deGU
z&(ey6>g{Rp7)ieJROb;-?r;->*3Bs6O`IOx<l@_tLMjMLf7KZN&YNaPyvaeJ#_#nN
zkVE|3i_Zj#M*c0qjwH^!cUdg&1)E~{lR4ORS@bekrtE5{kG@N5t}TC3ajK$l6;PQg
z&GbG|optG*+_3*IxeeX+5Mafx!P5v)zT3f}Tkx!UdxQx(Sj>w*!qfnXK@nyoKNQ_e
zxGsM^Ljj8QDR;YB3>2VPupD=@b_V&MsrK#<ZIZo#+0J%>F{3ZODM!uJu1giV5*!M!
z_N4f^>MI@UP)Ru_@M++szFlXDA-}A^_AkVX8TUU7u{~VnLF<2_JQ%?v%`jN8qP_^U
z269Yvup}vWHJmG$<)Zm7;<}t%Z4P!ZxJa>=4{I?kX>hUmooCGb$uoTJwSMIUIG*j!
z$|r4Vq#Q<XHl#i{wmv#cOalt%9*o?O8b&Y$*hv*;H}W!MA;|96tE208Jc#v$U>pY@
zD}aK#ORF+`tP9W&>9ffc^`;ccni?i6{uD0?6gy1Vy=^|aGr2p{LN<o^QTAZBpfF^c
z8G5p_FF#aU&WSA;2xD{q6W8^*_m9erTQB)A?*VYr=u1|4)#EC0Uc`QtAR*QG7|UQp
zR#mh0N@clRc{5IgJdEPaVIxPAJv`*UI`PlHcj8HVUqYooC-h?TlIl5$IqA_NG_V&b
zJ`5NsTh=~WB|yOBxJW!FYFytSdpgJ>X#s{m`x((nlj8%6!Lt<d{4r?b<y7Lk=)X}i
z6GCdbzPx2c+q%&!zs5Ua<=##6WlvsfIeWjL!M(!`O92Ya2Eo<xOcP=kGm|$L^kh(i
zta4(VH(N;-7M9ZB9ijd!c#Eslq?=1ePBsqvsvWywT^fx9n*@^22_1j+WIL2s>2Xtf
z0~^m45~oP$5eSgys)9c0)b>TdI8qLpU*{REDdjnd))Cc8+`9$sYN`yrSdFy$0>HAb
zM!;Wsn}9cZ`#PouoX&&=AbVHqLmnBkHaxkSgRB~3)%(dh;!Mc6Y@Eqa8iHW^dUm%q
zwUkYAU>*N9_*c8s0>#1Kg&d2V%eMEUu;MM3zi_J_A~1^mxI_`RzW_sbP*#_0k|Nld
zW*R}Cv#%KL>FFy_r?KkG3TxH8;n_7V08z@LkEf~s&ti{o^?cmnyPx*;Nz9hAu5~cQ
zHmyKH5OQ)Y>vcxW!*;#xM#1oF8RqWzlBQSxO5wUu@Xtzi{QjZr*(8UgOi<NS6JOO|
zAV@$CLlJ&Grj}z?=!lXkrl9Vb%to5;6Ro*7T&^*3wsgB8o%Q&go+tjKXS<Yam+?c7
zf|mKjntub^cZ-wN5>Wz2k$}kSWa+#%rnDM<ERqm#`i$SXZx_J9Mtm?(Ar{tdp*F3H
z|0T&3zuzamEq}#zA7(t)ety4&+gWHwNf<ykbfoJN9PSMl46z`RKFpor&_?k#CBQ0d
zPo@B@DCut@vHQ;<vF2E0R9GZFt3dY_iuf=x48?2SnpT-#V0@wG*yo9+EBm{CU1+<0
z7nI#q5V|!6=8zOfDAMJF@9gnM_slp)CnASh<1BDE)oziqB=p896t$pcPqwxI2D95D
z07Yx3zy8nSUSQ49O9954>3g?{W?%HV+I@mRPAvrp-tJ{?Hj@nm$@MrFnVs4wZaaDb
zQ4K0i<l1f0s(;SW?A<o!<%#bl>ft>^?O<t0_f=rWedq@#fK;%aV>QcAdnKZ}`@9Im
zc3~KI6v%>{d18ssJeB=VmsI=<Rb9w?Eb~9<FRjW4lDSAK<sv+hiWJR45ibb~SntZ5
zXLo#5q=ZyA8PR%4vZWrLiznqMG}9k60}DNC8@=pH7n{mGZ%^Y?KY`IS7n@nr=omb&
z9)a%iXczn-cptx-tN!@z<>yKklz*z~bzhMq4bc3Chm3!7wD~^@oXHDVKa?(0@@~2m
zn*f-4<OYDHA#gQP9}=(M^lHG&$l%;N=&srdKy-HAzk6Z#-z~lSOIFAKOG31dKWjjB
z!FtUf4*99zeO8#{V+;eVZaQ!Nmvsi);x9|~|33e0EX{CQObmbbd-AhetussNx<`d`
z^uf75C851rTx_COe`L^|^p{K?|3}>!*b-4J(TSSp7g%Gu8+a|ZSzn_239rA5KZOOh
z#Y)s)@u%+Vr();7N73uy`gW*}1=aVH=S$vrB@ez!pkK8A%96vbr1~soP#?eCy#P#q
zKK7L128{qv>E2hdx>E48N?VBMqDp-L46q6BvAD(WGCr-JD1}EK$?9}*HQtzY70K(D
zvIDxZ=8811^i%vFjz2du0-c3u50|X_Pe9aMDkg1eX`R_sZ!ggwQswfpJ$Nr3)0^on
zS*!Xf6=~Q*XT?_4;6#ThCn;O6kM(}l3N**xY#%NbUn`$q3hPSFV(nQ|fIxL690B%_
z-T&u0_9tkmt`9hIcUS(HHl*^cP)Yty{Wykl3$(Y}d2J!Ki)y`0m`vtgq?uiP&>7rv
zqLa|2%kOH@HZD{@CQC|wgKgiZcxiy@<64!J1)djh&YGYDy8IQ&Ii8kbzP-bQx1Ok2
zl~IgE?nRoI8P(^KBn@enSKf~bkN9KyI*PWQ2>vB-S$A%P&0t*|-jHZp%%9rpQ2DmP
zN)^VX83(&?ol|PuiV$NE;^2##J^tP?U^q%HZ9o1t$^iqFa$WdvCsH2o+#(Wi-~Af`
z{(Da8tTL5JiNxYbL<N37N#(f$T<EC99=$~nJyYuJWj*@2B3zD0TNl73#*gkw(jb-T
zyrg%vh(X24+%2@bdnWcQR6nVDSl~?@)o2Cl<h4_`niZU-_t)8E3$}LOiB&`^gX5mz
zA#jLsiiw05CWT*mxhW)=5Z=fs=R9(rot;dxxAYO_sWj5|>T6Z1VdpCmPgDXaB=x&R
zWG8w48=Sh<N_UqCNI+_FkSQRJnrceB23a!|^W`*irw%u47G^VO>&%aV><$(10FUem
zY3Po$MBfLjNvogVqX>oWk7=3~5_G&rJG-Qxd(+4W2Q{|AgnJ*2xNlQ2R@&(gG_l}4
z8kHcZDUv|hYlo<Y9Wp+QkdMqJ=&rE&<umcnSzT2^Vm%+JkVcP?dZrnBue}$x`|pH}
z5f5wo$c=OqeN5G_fbply{Xw^7ea~dXOv;4H3&xxrrrWMif#e<`Fp9HuHjcpxq>eHk
z?Mf_8S0uidITrj+)_}#D;CUz8b}wK!rAF(7wQ8vcEM-j(zE$?Zb{l`#5w<4a($~he
z_jm<@ttXiL;2pjMGoE{Qb6K~Gs5Z(2&M!n2&^S}|+Jv6jk%%5OmB)%!xJ*VYBDPc?
z_&<}-y?5dvyvuY{82FW3X9+5s{E9RI^iASY<NcxBU1`w{0=~->!a@@?P8#Dig&Z2{
ztad_YVQM*Q)VcTLR-F2it(4i4Qa1Rv90ra+l1ch<rIpF8>{%!%;B>XIF+jUP!O}Ov
zCew&syu-$aW|Elr%`$xSoQ<r5(c@WE@z`D}pH;>hpTQx=0Q%I$A0qMdsnh0*2{gO(
zw@hF|w(RY+2NhL1Q4kKQh{b-v4g9*Y>6wNodn3Jph(D~iFf-s)_TQ|(AyuZ7Nv=9=
z8LBgfBHCUwjbnb`@F6P8_jSeAB>bPJFq;jD!A20hy*Y#<m-}4TdTq6dK=}p6G0N7R
zF$ojAt&Vf32}<tDTo%a8(!}0WMnkA9=%JbHQz#w=<NF_smV_#L!_y1(1%p6agP!U{
zswFzYNNHbEFu9JfT)`niRm$hEjR33e9<8w(M7Z!ict~`AgvaWFfSpsz_Zfe%^;6EN
zP15LPzQ&dyrr}-N9)2cTK%A)FpadGikkXKB*P{rNS^)^E+d~F%F8;_XlDBE8<4IH}
zY5d&rYTyhdON=U|?*6a-`1E)FSl;xEtfQlxa~e4wb=LKF;!j!3x7tHB!1*q8X@ip^
zrLE3Wa08@_<+~O&PKw3YwxovlDXH#H<uLLV@2@kyjq!^N6U!1ZF2;EDyhzQ{5{Ft}
zm<pg8sWR4aNA#t`oJc*Z<%x6U6O&qvN?*>{?8EdfDTT&11K~<F#3r^30_Q<VI-VjO
z-bau>j+jeFAtsx6FP!dE-+=B+#!0}Wq}-#|V^atvL$9`RiJ<y;mGg*sND_<G6+Yrc
z9lQKq$oLQb6rq)0%-lb*9{-O#B<<oB7`$aKp~`9o*e5}#8Us?@BGgvDk^CkaObZE9
zuXPL>%@hf!S`%HNl1(j*?ZCu@RVbqmkMHC3Oou8)^XJ0IZHLtYkJQ|MA#2$;cuO7=
zRnfnFflyX!?YlohW&$3!k{w8^p0Ebpm31|V+b@99a^YxwyCSOCj>c6cA<&wBFzJK#
z_wld!!k^3}B;Z6~+_jA-j@_L)Wj9}TZasIfE@FQqWVqXj!7?Q52F{v-SODk9F!NDW
zH8B5L;J^rxU??rJKVs_-5137siX+V42Cmk9ZM+MV<tW8nZIU#Mr$u;mET+SX*S}SX
zz6y+Z!;=b`KDL*?@w~4F9xv87VaQDZ=%4dfK4^AZ#)0e%MQq&9q;&;pPIg`$K#qsv
zU0f#>rI_Dk#M(dUfPVMW@>fxFO9p~2{J;c@s!ms0^%S@*JLveJ^6iz7N6(34BJG^D
zqUyY`G~*s{)>xNe%WJ_7u_U6kOPtrRg|(|g>%+me!s`~-bBo`t=Q9Pi+%JgM!GkJf
zzh#@V=R7|(EGBj6sg=v{1kmn-tb^$*<qG+C?+rwv{gZfs%=*c_bzdM>T`&iPSO@Ip
z3Cp^~Snhpydqq8y{~(%~TUy;UK(p4$^*0+NtnG5H1_wkx*{HN(lsvFcEcufdTX{EA
z1>_k_N%IZX>}qXD`l(#)p>EtU*sWozTo~#TnaXL4{cXk5{&~flS>m~N#a8pl0m@?=
zSTy)&bUzXc7%Z^zeLY<4vYu&b<S#F<(6%1GX|Yw=&F`T_H8q3E!~%JzQ#XL&gn4lo
zD7meZ?>Wf&wOUU2U5alYc<<xP_@N-6tlTQTDED7%7HA>572oJ+CQg8pw7M{v6qju=
zq>0N(93r<<kGN3I*{`QK(Ls%A<2$;w)xu(@Ms+J2*o+C;7omZrC^v8gn33tY!@(M#
z^jFUR%{Qw)*bUCt%suRy21o$rZrW@w{j{YD-J1%Wy=Tqj2XMK3y#HJJP+CtzOxS=V
zExh-`5$>_{+hTZUa;*G?SJ`kT1>24N74v!i&PJ9{6aJ$H&AST4|E=ED|7iO0r)t7)
z9Xf>=V3q#MR^Rx)>=`z?ziU1Moy%pv^)?sE6$2LU8iTln$18x2;$Mn5_Fqbk|JvNQ
zzuFXlU4I4-g9ukjf!fr$d(I0iSAcW4aAK_36F8J{;T&1A`66T48sNU#-`)fKVlVRY
zBJ+NMTYKo&zX3>A3)@D3ul@Y@#dB$Y23RftDLxN)Qq8x^FD+aE@&&M6;C~;p;eTcG
z*Rh-SbsrlX?~IS?<Sc#YR=C(g22OJQ|9;+aQu5*v$uE6Ivo8Pc)aEPneTxM1Uyo$Y
xyS(Tb3oiBHhHa~V_jmu*)16-dT-x~+{jb|ri@!hExG?eq-e2#h?mcnw{{fB#o45b~

literal 0
HcmV?d00001

diff --git a/figures/全局策略2.png b/figures/全局策略2.png
deleted file mode 100755
index c40fd5e3f15cbd316c43dce31020740396c57d3f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9833
zcmb7qdpMK-ANMNCs2n4a$!V0smk!R9(Bu^L4LL05#E6_3s;!6|GUmJz3L#?5VQR=>
zL=G*6nJl3($IUFB_5D82b^WgE_dL(_JpXLFcYk)@pM9?T^?APz@1$!sSB~(X;0FKz
zM=T(w_5i@XSnlU8zJuIXhrca4xNrOJ+g~vORDYIU;2!Y!Ub4Of0Mw=laNK#h$H03K
zr~3fFQSQK_9s9b2-gp53in|u3mu^J5(F?7KiVh9kE8yOrdKoE*#N$G%-a|rx(z+IR
zoW-QH`V~A-=Xw<$BtY&7-4do>I-_v!6`!OIU#O5=j@@_JNkJ<3U0_uM<?F4T(&@o+
zy-g5jMz<k?-nL{gxK6Iz(rws^H(c*OdlCRhARi(e0wiPts0RQaED{*|05b{~SpdL2
z5n1m4(E$n>0RRO&d>{b8hOmm*YoJ6##I4sX?-<8ay2KrE+l^w<2X`BHKtIq^Xv?so
z?O<lu={@pb%bt2R2z8Gh&kn{(|3Y+6E$uNe%i8_zEjz}i$D+z&R=<ZwWrE-nZI<+S
zPLqpKe#_L#?rwbydvtwX`|s^3N?dl|?rzI+wQ|d0zgW!gt-zPD#sRV%Q0QRWPR+6u
z<xJL*^<RU#V^iC`f=|8s#R(3C@Yo#^MTG?WNO!r#!n=MX#oJXlywv?s1m)Bj`tZfO
zI_5z`HN^W0QWR;?FbJnxZ1+k~Rv%9gJoFfK9dSP^$w#kSbXWXc{q7K)M!VN<5n8wL
zWDciCS-`I~=4M{MUC#K}d>9Dr*{Dq0HN4D*QCBkI0(%3-E5>z#{X%$AHdCd~XLs0e
zi3s_+5NQJB#KhZqyL+&PZFgU$UNKeBAZyt2Z`PjgMeJEIDeb$DL{7HLJS{%6c4Pjg
z95rMoaP|v4$rBko|5HEVobFu2!J`zJM%UA}Bqq(c^!s?pWl^*Es<q~TlTmS1Hb=lM
zLJQI6X4yeu%smT2rlquf-i=+%@@AvADU4@(OJX<jWj_YfSC#JFzPB(97u&^euA1JZ
z@EaFg_Ef{J4%)WVd}^+<xx_l9=X*Lcu{lsT9L_wIc4%XTh&A3Qy2SF=bYiLg_z`mT
z3?aU9=dl5rR#R%AM9?6u)?wa{o>ho_juz8xS5L&saR7}@LikLNZG-G$gDcOv%vfEu
zi6LjA&ObPu5@m(3^;G4@D9C(rixnIQyP?!^I6G6=-7Zk^q03!4>owr4J*_MV{82$!
z+&OGE80Opyc4t~8GB&rdu=tbXj;9HNqwM*mfP(p#nmz=LwkxyDvA97#zIe4Cz;;Pp
zTc_a#Z~}$%DrVV#;adPzLMiQwBX#HJ*QDCk0DIJ=DivKE`M~e}XwdnmW%r-GeXq%#
zQwC!!DztFH5GyK~=KlhdaP0B1t5RSSMJGLDtb<Ug@@ss<P-u(+cES--=Ht=lrG1IT
z(W`fe7JLdD5XKi;Eus*%-J?6OPeZYTInNOBD-lz^)DE|#?Q2Z~J+*X%lRt}InuTT1
zaH(O4LD4TQ?JIbN)MuXrj3Aki{o#a06E|yCtc{up*lSN=;Bi4m7{bT|1si|Bm{K^#
zR<o`6+cD7M_)P@tG$D<kf)Z$|Y1&9n-}FAIXuNy{(`_Y;HyE^u_R(^(Wv$s1A9+@L
z?o>ta+33S#%#?9ogl)#}k=K~8_7(?qioAeveJS5mU!yvQvwWMz7oWlCR!<&H-Ru{}
z3%e&p%2=G!hrW`d3D@DX88{aklgr;x?@%QMx4yhAmE$NA-Kl9wp(kxnwQ&}G*{7%^
zr3>f%&Znv+GSGbS{kWs+MVg5WlE+I%;bc{;?o*AorDWxTB}wj&Mv0jweru8z*I5@%
z(A}MmDd<|V;-X%u7=VdEdsT*-h$Q9BOY=v}K3ChsSd>q#gi?tu*$Y;g)m{8O{5}`2
zseXC<*RkrV(QpeNafjEV@z+^dOFcWq(btj2KI2_>?5Pw(lHCcWkv!+aks9ibpgHZi
z)#_z?Fy$K9;+xDKT%76)@7&tN?Nf_%_T6m^RkdNCk{b&PbCOM@SbocvT7AD^7Uc(2
z$rlSiS$T;*6>WZ-nRK%uvt5wQCWO)GB6b{W>P|?^?l)!QWJZ#oNyhwL++jY<?FHfm
z6G{{r_o6VzyYQ{XSlsjb&MbtV^Vfk-RwdX%6bu(<3oG2f(?}&m0eZgv>A$mG<q_@T
z0`jr<RG!*xxT~14vb^i|mnw%iK7Jr<a!CIG0V=?^$9M0X3-q*}4ANTxPdxFy|2v`z
z8H7H2>msY$lR}sW!@yNLP(i-<!A|eAt&ovZDyj>IiPP5|hk<qT5DH51PSSpYv5XC?
zLGbSkOJ9Tk+`1L0@$2~%RhdHoz`OYW-q|&gwv<L%jXQj_O)|}xY#6)rdTPGLh_c6t
zWqz!Qn=r&N1N7z>n>69OUkjIM9@`?=fEe|dJ$S<T;H1vzqigVu_aPUl?c?y#J$IU*
z`$d+}t{w_cY@cRsrE#P`2(~bd_B@#+Tel^=vnpsiL9FRSx2TbCQ)UKy_L;+@8wCMI
zk*8`7sCV1NgGxt_ECpYq8b`j~S(;x76`YR$CWMdSTU7Qt__@a#*xp5Cy18$sBaB|(
zX}TiNbEO2|Z&rr?h0~wPgtm>g3CsD(nU942DqVJ`7@dp{S&5>2J~P!ZKe;^`Q9G4*
z2mMz@vtIj^)R=cLnHW8Xu_&ryoEjNo$6|yXc^0FuoJEkBN?uDM=cEv`rkK6W)9{TP
z-paEsdJAQIZeXC4Sezm*x1(Nd_!OyVe=6Lr<uqK&HTjM)inw%h`;ispRfxc|mubJ+
z=Gq0QpuFoqDDatAw@3udK-g4LZ@atMF7HyfO{h()TXd*;<3j4|pI;kn8OQnU)yJN7
z_Lf~!Qf^f1&UIU2UUX@UwtZYvsk>|q9G48sz6!R1n%Av+l-;>?wcxDw1+Q;nM#QfW
zN2}vd_^9m#ACE6EoM#tbd<ugWmS4+2h}2Y$GDBoJp7#x?gI4J%feeHaZ(zyQ=K{i&
z68Mz2nZHc+XA8;+HRjz&yd`SlhbPuG%5}~66CO-ox|<qvJ%umkd8b*f&>f{%(J{+4
zh{2}We5!b)tr1T37``=dTzu?23DwY8aEb~&^FZ==cQ67J{yKMCEuoIl2BFtok?naa
z>8&AwceUx8v!PFDN>&gWe^)7UJ_ZMwo3T_I-KnDXix>E@VX)ky!_sy$$j-n@{&ppX
zeS2pq(v}tU<<u|*l*q8SbD5}=F97{Z=nJWMv4Uak8WvE?;63o&4gHjH#hi7b0%Lnn
zjY{gf3agT#Y9pcT{!Yo7mU^taKjL&rC-6eW;;++g_-o-y7`V1(9ZQk4ZWuWiVNLeu
zkH0<XZE|b8T<VgPF#G2PH5hkW6=gV5@8|o}S?ExGzu-mi{uCL{Cb}$4TYb#IlJzpK
z-1QO*&zY>T`3&vA?6e&84`~*JEm_L{aMm-l3rI#_8i}U5`gVO<Dx(3Dccm}Gn2`%l
zv=o=j2tjEvs?x$X;_0H5F3k|(^>oG~2rus`2c+%09B(O=x*v&d((^$A-XdSWH)dMv
z?6S$Tx8Ag>#LBf}f9d(CHO5xPFnU2P?ZXiaMc&m$qxwSTpW9FHfqwCb4-xo4Dc$kn
z*sM@z0_L9+2GsRT?8x37Sxy_ZD5nSv;EUJub10+B{hG+cTE>xXTOU>C$izEW++V1F
zzz72J#Rqk|=&`Q;sMamx@<4#q!T&2W>=uh#_0QEZd>F$Y%E`nmPrj@NP|Hbgi=y)y
zHcbPeMTXQE>+DwF8Arql;kyOt?EQ<>pxQ2~3H8vy>wk?RjH~xHbt@QQclUSaC3Uzw
zedzJ<z2SXk!*VSI&X|5=QkZL7@rXPVNeJS6oZy`Q&fEO_UOpixSdFR?HCWyIRnYCE
z9SgPc!<{)(9Y5eK@{}YTeL~!}wJ0lJWLM~vNd!W{-88*0jUcHK80Avr`-Ts?>0h*^
zNd2VsAoJalgQcVNs}i4@X=?3ylN-a*(#ho9mn}s!%Idjh;Y>j91w;p-(V{<eBWOY#
z*z2{XWnpEKt@zi7CoqZRwHG}*6agMkfF<9PN}abeLd5%gmgl&A0wvP;v+toWqIi^U
z^0%Jx-uumr1CzdAmF&{0-v_79T?TR9>knE>hq|O`nlW}c$zPJKeUiMk53NQo*x@i@
zkf&Of-bGj3v}9w)&_R}vXd;a7JA&F>y@Q40nC|)dKt9l%v@L7n0sX|b9;!fqkmd2r
z#f^ovR%G0r@HiXns#Q@V*QFdMzJCCLG5fI(+$W@X)`T!>Bl9;2oERJ8q#Wy{uC4SE
zGlnb0lc>8-Xd7KTw6>3dH|FPb2uwfM`IR!!;z*0jEVC%+C00cWTY{b@gl}680g;7X
zP4z@l$?IV}(;`hy)k%qLcTbVtrv#Gcu^}9m@^*#BP*TLSk4$NxcwOqwnzDVrpA(J~
zUr0@2yzgP1AV|!A$@#VR`2~a508fM%rwx@J?*<xQ+VmcO$5<jNV5>IeIb{rMMEeDs
ztx`e%0}W!IW)2tl9Kj$#-jc=Bd5o#0SbEGEDtXn(rQLQ~3vPSN2yJ}~FWNbJCtdOM
z+>hc-93f)A445<QB_B*k(}G4x5y}_>nbt`-vd~dt(VZ&l;EwB~@AoPMVYHj^ph==U
z=bE|lc&4LSuDnH-Sy2{=?4yO#mwXbUKkgNw-1&kLmR}m){qEBR#EKF71|%B7x>T}X
zk%DCa!SG;wPHgCSGg%0WwEY?GDpi&m|L)#|UdvAUP1q%f*Aj~^2&+9ph258-f(jHi
zLbl7^B?xW09^Q)@yD$tB0JSfXe?$^6xGw5Ts(uRF{!936|7M~{_KgcE?<)6+#*uty
z5(q1+jjh+QItB{CD&?!VeSlXGTqq-}e?7#CtJeTIhY^AR0C?a30jH@doLQ3AZ_z3a
zPh||@hS8hRtN!owW`T~;RYjd`qsI-ZgP13GXGfafOU6wcbIE3)ew`lo`e@Cq<b&i{
zMjk=XCG>F7D}H0kXG3REk9_z$RD`zp=yw%|m10>PCMQdb4~C_JIp%kfsJIWkP$i&#
zC4=VpmA<#1prNSYoFvbWdH%{UZqIqQfmoR7Ch+rUWcZ2Td&Ef;!<lD17`23U2ng?A
z<heBbEB=S)u1h}2JX<pp0kteJ?}jeQu(6oQm}#&_rtS2^Tmbs&#~I`vwnq&lin3dK
zkN+j?o&76~IeQe??N$7jRF|)}HFZhB>*jPb{hVgjvUJWj2cwMg-cx~h<k%8P<8_@u
zQZ~0*do5J@o-i&U?*pNIC<PgsjtNWQ`sS^~hK=ZYhAZXPn!9S8+>861<3F3MN^W9I
zu}XZluld70HiqSe*&7|9E*1t)uVZuX2tc>YYNi~$`o5F8cs{^XR2t<tnuOO&N5euX
z2DM$m<lt%ngkV{S0d)klo+4NpqItD8RR}MlQz%vZi!*6KcwIkG7FYph3&VT}?T$Az
zdb@Hu7friG#5@L(HLs$9B=1_Kk|8kcnDQr~RJCJx>4?*>?+++o$I8Hh(+d^272ktq
zGh4c;jO{em!ml1hbd}iVF{Evn%G1UaF{4xH^0`$Q_nLDTOt>{mh%NSjxUQg7_m$?)
zPk|WDfDcRs4Nef+cWyCR>%#|W50QHsGZ%ED5K#1%84~(t={Pvnb<cjd#+0Qxl|hh5
zzfpSp5R#Jq23D!CKu17ToCP#?W}h@X$la6Y&SL5bb}>w>Dl=S6vG=_B_-@$WEF;3v
zu#V5SJdqUC#tmxz((&F_wavH37s4DDbJSzirOw1s9Gt$nu~sLA=>EdwU6D1tSi^CL
z>x=lB#U?|AIo&VJ<Kv>w&U0{N@I&%UC}_g`Z8}Xn5k4+u|M>txa5x;+KHB#3E3FXm
zHw7WmZa|?fAAgL1-qFv$W<JAvj^0AHNeNkygM_4T%d9BxDebQDpO_u7ZcvuONu~X1
zzbw@yH@mM~VWs#rf-yO<f$StZop^{PrQJd7>#Ed0CA5*?hY&o$+H^C8qX{bk4P)$R
zOBTx&llL8nc_kmvfjuhm&0bL1gZ-$=i*h|~SiIf;9)!wdk%#jsvqA~L&R(89i5CP-
zBp0N&wf=*S@Bc5@>Xb2(p~MZ_!nMq@<=!!$rw@KDj32zdX!FUap(Q1H0=XG%tI=Xr
zSm5UIp7|zg=b+2}08FHm^flHxR;OPX(t6sGuf4|(iFqC77@?)RHa9n{ePdXid3&ex
z5C7A)Kcg_NyIpxWTbwUmcNVS!e(an!hBQXa1nlb;!;`gE+n6esoLyN1^+#?qx%hnY
zM)4Xk_0Yo)t>1KB=4rgQZ-9Aa9%(q$H?r-<()c+C3kmrGBM;cD@!X9LSPled6S2DP
z(hcCn&X5Qz=#_<UH%BwmGu~0)8|Ah|TV_lTNVt+h;42pD8!XxbYc;I|Y9Dx;E4))2
z-d*A*{yRUVs5$MXNTc86-jHR{*$@*}V_y_vkZ`O{)s#NKhw(bD1Q0Jx?0cp2+g|_!
zO`d%e(6Mb^;WMckuNmleRXC%e?XgcM=q%!K?E)S~eni5_DVV5utC)igMPC0?R+DKL
z&52lsYre&r4c?FN6H2`AwA)-0jW9N6DXd-V-hi=Zmz2vQ-2jOAkv|pokoNYYR|Jv4
z8`R3?>NZDG@_Xs+yk<!SCqv1e;Gw~0SG#uE+c8H}VfPC&2u)+#W$?U!MN+LCue&e7
zcR^40z0g_e(i^wpS6)}%TFz$|FD~+E$_97oP>I3B5VjNa`t-ENV?_JRQ7IS9cRtGN
zutEvfw`v>{*VImxTiA!^g=5SuS=%AcJX;wssk_q1_48}+SC~y5ZO?KB5cf;VY{mzt
zB)2%?7`mNDAdw1t&`nq28a@zKXYrodJ!>Iqa`bm3^p5RCdI_7}?1_LHMxYqH7m7h*
zc&JIS_sI(X>6!t@%dGw4_367W7*a%q*y=@JI$yh5>`7|ShaAO|vFF#{{VBhSZ@<oz
zqE3dx4Lp#8Ut(QR*pqRtRTQ^jNh59G<QR;PG7U=+iW4$~-*&~+FZNT6G<ydu!to5;
zF4u;^6A7Qmv%Q^=$*&gmHI-_dYwd2I5kF(9QRuhS>ymPNuJ?-sVQs%Ahs`x`9-WJF
zi|;tXU_P9S=x2#}-Y;MKEW@6o$OMhTd|RX4NMpB(O0xL;=9}KzDU6uNI%&I_MD&Nb
zl|W)?mfL5AmRf?Kob?@xvh@+oXQJ-|<juY|_rslg)GKpn660uG^{Oylz6BfL0hB7V
z+5v4Z?+6ZjO*)IUEx?7zH%Ws<jGFk3W;@j_(T`Rtu+Iapv!sHi_{6yg@=We{l%Te$
zZsTY_{uiOz&@U#bO6p?>mq8aXo;-tq5|R_>qCt;5`MFN%2e1E9*#C+6dsbA5_Ur}B
zbJ}aqDbcb`u>(5<LyM&%FWT!{@4*TCeggeO8PfbYz59^u!{Sf$XHkUtbNl7YE^1nT
z*njZ(3wmz)kD0bZw2-5b>3Bf@ABJ3V6QX<PvDS^{!x;t7XrK_*q?Y{JC)L?>!ro2h
zOr~*o8YO-JrtK(dbjUCgz;88QhA>80o0NfhGIi9<$3r<;%Tz;5$y;=-rBd0TV7CJG
zsJxYF-5$}}TuC@5>xI>iu~(T0_?Q2whrfY&M3V?t?V{5o#hQOYw+xjz=KHlixi~0m
zq$csfX?~Bxv>I+KYq^Uk>E=Zb2F%uPU-Mc~SYe`(jE{W<S6ByfPeGTFMOruYwuvpg
zMS!Lwr&ffLDnonm_{8DwUNdQ{IEh=>@_8R{w4YC|^rPc#*UBda)FDF+^PR`ZKlDm_
zWu@=a&AuGv!+85EsMdV%N~7V*U=KfCPhoTeG1b}|uRjsKi<8Qy-!~*MK3?Dg`aVgc
z?QOUDSBsxEGqFWE=Smn(KTQ}nf4Zpi8f&Soo_P1xTmzP_Q~Kifph=M(>t?LkOaI!k
zUb(E-5GP0$SxcmffAZyoQZ~Oaepwi1=Q?KlvW<2aNKq`iY_IoM)^|SR*vsw~7mRZC
zr_H~`nIzIWA=LFjC4wMP*VJ)13GRv#s};FvWpE0zka`R+5sLziWjvQjoXMw^_9mq7
zpWpq1;~Jnre7iLIn31N&ilL77d=le`-s0!>v9pSV!3z-0%-%4h#$R^Y$u<@akhp8C
zXt~~!Mn~4=`NiF@sSN-9gY0p{Kgw4r=X1GHeb!HJ2{5N=QndKD9YKPIhY>@lPwoUR
z7~_)rvKUA)*9|>;*55Cqv-ymzltP@$2=kAFw}u?qOZIZuFu7{FBMGB_lU4mk@-|5o
zp3G5o?0`;cH+kF0$2R_wE57&saW#?4)3Omp7YJZeRJ%C>w3abAE_KtKs;4(bi*CU$
z2pb8T;UFy2X}okxeu2U7Z_5&LK@o>U7nAT!E1}EDqH?iHRwAX?++3oX;IyXmVZD$)
z%C^g1@Xh@RzIel{!gzh`qSjGk*Vb3$NKN1yPwOPi6YEAvX;$`UEc}r?7n&=9zlT*1
z3CCHyY3M&I)9m*2+g5{*Kl%}0YBOEo-UXA1G&Q92j`WfU{Ly8u24y0Qf3=yik&1<3
zUhTg8mU_PE-(L}%+cL3=qW#nyE|&)UCHYU_@t>gm&wNDsI;*S3yZK4s<Va2T#Ohtk
zNzu;bh1-S3d<mAqMT#Fu7BvI=kSn{9fquyyY7ZDBC0mEu#gVQ@D&X+`DN=Jc>ga3-
zD4Q6;L~*utiWpMy=Tv;HRi-{#ynI4vo%?$i^p|Lc=Nm_S`Xhb}llptEVfo{eBh>pv
zAg}FKC2d8{snCb@4*f?RHYTPdn?f>No|TLz+ZP3`$b^zZ>Ll;vXLuWGsW_jKvz?V0
z*~-qj<KWX+(yI5{Klg)`lJ=|b8@H4$jR1+iGF$B*jt1>bC|t_4-CpeUvlvp@cCM%t
zEj!X+s1SR0S@pXw-SBL;e7Oc*X}l;`n$Xbe@32ySm5rS(G0SK}bKrdOBrci<rxuKa
zp8NQj=dx+Cnn1?d6R{dG&G|lI(Z@Z-y*0-Uz}Eevsx!51k7tE9Fucjjo2A)xdE~<f
zaXgo53sPFyYs%2fNVUv-xgO2Yi098>oA5UElFzUxKQy_4fQIES&62{L)_BCp+TUl_
zKE;?HPqM75l|X1v?ng~+{idA$auU%V#8o1<X5W-6=jz#2D9TE@`etCu2VrB`=?5p&
z)3eJUyKyPA1z(5%&O1C@Yx%O+SLEr_l+qiPvtx3!wTkqRg>19s43CoF?P$N&y0%tW
zn5)~civ4mD$->*Ge|+b~7Z{Ukd;PLRjo>Ok>pPCgTr#0FI2aex=y(u2uR{<_dgT)o
z{B!O&+B#<+Rl@5G**@bOiAl#QJ#lm}U0!ps6=_bMUQnMo5D&gch@jJ8&>Jji#k<=_
zfW{~^vWB;F|9kqUW?pLdt_w88C3sC17}AD+W;79=-(+bw51S{DXu{%e>5W(Lf>lga
ztR|GjhF|Sr+K2d2MGNqf`r)p~5mQ!cikw-i4<cv?ex%;DNgpB{n;rvNxc+;$RnQHR
z`QdNm3eAW2B=WlO?l(T@WpCI*-<D%wU67)=UgI7P1ZwEERJ|dyG!L^CjdS{1-nv@U
zrANDv&EI|#tJLw2r*>X<;DnK-&eNf!IvHw9*v9dXQq=c1yb*yjYg})RtQxx-1=v*V
zb7C<$^MW_fa=$;Bp1;CUpUq>X_0$Q^u4nk8o(dZgulDrzoyn{>p`7#@J}*bZdXP^|
z2*UNLl=#sRjP3Uq5aThZEN2Lfs`L73==tV%$lSn6ZeGq@*bzwKPQ^2Qp>Sdz2tMf6
zAsE5vp|z{LW)EdE%Qw?aVF*xP$vsI8Dk8frA8?m;0LEl^iS_Ly&Av=zxRUjXgQg7o
zh2tXAVT%)|le0=kMv@`0vp>DFhwLiz0j9X;aCZxHi*r5dFL}7BlH(S{oPehfVQR=C
z>`1EU_P0_*{)*GZwum~7@$h&KEXwr&0emnH+}T=nZc3(gd@CiF<qVp5-0L%~&G?|h
zb%m60I>(d<m`@kUF(0ltR8HT`bU}5Vzrg(_J@jKh<QnBJyiGASU?396eS)pITECKU
z`9{OX=F^DyztrDl`KUPxl-tYh4CuaK#1KF|cQbZ-<vD5zj7ti%;g1elHN^jSeGv+c
z54FwB+u+TYXP=q-w6Bo|yL6zNmO#MNcDd7IHbM&)V=Rb3La9DPMWk*6Skd;1AA=uM
z2Q_FI2O3M+IKT6VLGzF|A4tvpvE^Q6loZwvbl50_XYMJ<fVmMW<0@0($BPACo0<;Y
zhIRQm<LB*=$5{UhaS01A2;JfEnVUEjssr_nzC^gyxlgn0BbNHWqU$0t!An;85+!T(
zcVn++^%?Juf=Bs#>)DtwU8SdkeG>$d#pk!J*5uXR@!`S)8SK8I`tzBWAv{VuBuRxZ
z&_Id%^$*-@Ki0)?SB|o0MVQy$AD`lO9kq;=7R%7P!g5HDQ#83rV9JF$9WSrWj?{lN
zo4~;R9yMm3QA(+Vk>=l<mo1&%XxlGj)O0=-9LxR?9`amKv?^x%5VaeEQ93y7^t3Y&
z?ent%+8(67@)nrXZ+Xph$8NUNlb32~F;9=FJ%}2zv<rhjgm^N#v-zQ^&e<b_Kl19f
zZr;AbR0<#+O8pd!804mMxz5rDqy8i;n>I}Il)0(q7%}{<<ky%|hG^ihGP+8@tj^}0
znDvPHNrhJBSz$us_IS5|!Qj%e(B}5hi|87a*s<)AA&vW7^ZZ-2pmb8EDa&nIqo?py
zkplru8M2s96pTBjKB0lGO3sYY@DYj8XeLo?GC$~01sp5v*&T!$^-M3=F@?6$KTaF(
zKbTh15ubPLV6MdtTT(3Y5Z0F3XOV;cY*Bg6y(e11bskh>cKvHK$Rb1Tx9q2K!hBsV
zfoWgOM+V+1Sb7zx=0}D;B&QCCZ+bzwc^P{%L~f3a`3IYr?UsYL{cRLuaa-zW@1OI{
zj1Js$U83%#izA<wOQbp%(M}JQ4<SLOc|AxM2_q_70+!g5$3}H)G`m8n6Tdni(%FEa
z0#nuwz`4owc${2J<>qEKW3}br4)+11cqMl{1D4CmCI~#>j#Cc)Q`_TDPij3%ene+~
z2>$<Yv3HZc<t*468|I6YAlXtT<r1B#j*}6QS0lb_qA(|><!2-6*VNseii-9<#w_v@
zKVZ{isQ;p7@H`UK)OlQ%Q^nQZp>KXj<z1GiPA-4Mrnk)h!N?bdaioDx`C$S@YAwQa
z4XQD<u|)`)2i@wtgiM2-O8dwSw9L}gfSRf`B|!Jv4`m-Pjn_5ftFtOpJ(YkIvz7)d
znWdk<xZO;D8~>Rj*;g96(28z;vfEt5HOH9pi>#j3Z(E7XfHMyn-XYqBj%tIOHOQdi
z$c(=N9a&}cfLTpg_u9X(QL4Lo)vtPf(1GM??bRq0AP{x@vtq2uNpaVnB3%=f{hh_h
zzNIgO2sl_$?-H@Leg<e&@5kkOuAXm#CVbol9#k$dM0p$NHJHzqbaHSriTxYa>MJFJ
zkWl<wJmP_xtrw2dpA8a#Hqz&6$k|_7GFzXA$P+;FvDvtqj?E6QuCT7AftWgRp<TRg
z5o6&1Su&|SWc;f8vwxj2(_BnGDMAcsJA6KjD0+FHI5zv|(DPK)*Kwh)QEIa%x;7E(
zQ7Ky|Xkprv_pshh<*r*ocP&_Y6=*TJRY!DRim4gD|5U1cz6%$DTZ(-PE`~|C-kvg)
zTi=kn`#15mX6Y*|>2c#iT$j5=v3;O}n9*1%<Xc@fLxBDyq{5$=_=TY1N>oQ`{ISi#
zoy;w3g{k++3$2N$ceic^zg3Bap9B^iw)!WZy6xPv6uidQu1-(pZ@(5Hc9}3AVtB!+
z$olA0VS@Jeo894xv8NWeygM=pta%jJuDW!iS}}if>JC@GSCX3K{#P~q*E@Tj8IA(=
zJ}sWIBSeU#gtd899Zo7{;Ht7Coty4I8p6TH#na3nU!iFH=R5?NFbEbk%znuX5TjNH
z&hi9x_0){jSw2@sZ`Lenjc(=>1S1aKtrLFtg09z0CvTyZUAuq6PT^`Mnhx0XaMvOH
zk7Fl%W={4lbn7u{{Y7iRFBdYr(;C*r4%D)Pi(cid#Xf2FyhBx#nJ8I8WgfCMf7uEe
zxhyqCT+hANEn8iy5L+Qnd0+H)>PO6l$FeW{+E-*(6J0N(iKp8N%Hu@5h5Y0sLM#iS
zb$g0z?NhyfH>o$Pd0`7s6btUUk$;>c9O~wA=5;$B_Z0p=A&uwZw%!Og>hO#J7ta2H
zH0;#ihkZzj=<dZpgJB1vrX;)L7GO&Ni<}hb7UOm$CG`H=r=$e@Be{bg{8#HzCK6QC
z*%9HxZE14sPi18M5CZ^GyEuv`qgj4F6&~CkEVQo_b*Dd~iEE`N{Qj5W=V-)wRq+54
zE_3-6B5kfVo9o@}_>Mn6iq8WA08iXU&c~YWazk_wRyeLd{@M9B0N|T|6p*rFoAgIB
zgm(l`Nk#R~$|YoDxMz-W=YUM5o#1v-iLIkUxwn+&|KCdsmB_N4_~(RM0ygA3Ke*!n
N7G^f4)h4$e{tw*UteOA-

diff --git a/figures/策略类型2.png b/figures/策略类型2.png
deleted file mode 100755
index 1ad38251b4d9abba2076bfc2df91fa14c81ac07d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7247
zcmbVxcT^PLvThTE85ktP3^@uYp$Q^EG7KO|f(R0%$^J+pl9bHM2r`0z5=22nMU*I#
zVSquh2nv#soFqpP2D#(8@4WNQz2~fV*Zrec_paV+b#+zkTHp6o{AE*p20AV}000;a
z4RkF4fC53js9-c?OVg+dntY=Ou+Y~Aia+x#lNZz;S|(ZmP?khbf=-dw@S6s<0RV8i
z<<CXY?)SzO0J!H2b+xQQ9M_&1CGhB1wr_}ix%A!OTIVnl!XTIb+H4#2Mo_&df-t+x
z(s{IUMGt7HuMJ<zDDxCSiAW)Qvua>@tqw3P?$s-^*i1&*9H*Iu_^a7*O39&TS28nC
zS{dKU@u9vsEM66RFZbg2%Ex$CvbPGFNB}s`L<49tU?_mgR1g3R{HF=sR**iKm6XK8
z$?w3j@-%FBAT6iPF3luMEnsthn1`P~E3f^owsM9_Dk~bcke0u&dZosfQzX%ZE{~^b
zagR5^;!PvNJ|BPPY!$7$nK;#s(-Y#9R?ts~H6+0(&j`6PU#mP6=ge82e$4;S_R}*_
z%vNUTMzh~Szu(2G_44;e3#1DgPvrS8%JO5kY0W;V=90RSmILfgJa)d*5>^LUCxZi4
z?{5efT+e4}i#J+WT~Rpr^&#&Jt1VJGqi*z7AQ#c5u$u3QWqt8&V>a}p?41V+d=b7i
zlVGu+90qK1f}Ym2icZgMeR<GJ3Sa?Fg$Xn4lSu571T!R|Snb|g?BjMtxo~1f_k@)I
zV=(~{8)L?TqrX(c%Xsr1`%w2vVWNGK_>VL1{Y#RKB#Uy4EY<b-nP`yW2)Zc&Dl?&I
zxh9E&yvv7}>F!a*7Hl$|79AU>u|<^hS-gd{b|}KRCh0HmdV`C!T-mExR!1thC>}fN
zK6|PCMYF@^#d?{?(KVnkGVE>h2s@-eF+?n<l`yy}h8LpmnAS3*kQyw438TcmO_#hA
zLPQkL`OTQq#mXhj&I$+IG?Av=f#8rU3QbJInjb$(k1;>p*Nj4YFjYpI94{{39>6po
z%DDEYLYwWeS~v<CGegp;-Z^bCeL=kV)0<njS&5srz`2rd{6dIytpVMsvgV@?8A2Zh
zu*{$DesP?dYY%{`)kn7$d+$YiA)Pk$dS~oXaN-zs=wLB-;@7#XE|ABX%LGu~mY|mj
z_^8Qhc_bOqpx_)Tn?{%loIk%jM+{JcHvJzTr<W92dQ&pd*k~i2kZjf3K`(SahhZc-
zxuQS-QwDkCp4SiCILY&5GoMlvM%>L`WIS?4WzaIU;o|zAXD_E1Jf-_4m)ZlP@-hVe
zZ}}ov+OYJTA7_E68~;x^|GmQHwINbZ*g>P;ryOMZ#&OM?;KSr|N1HSnzdd%==~aFg
zDf1?oM`~mSp9~Mu`|uX7^Eb++&-&+vQH_(<vA-5ePQaXv&Uv6PHJL8<R5jy_6~ZbX
zKF2-zL__V6TXh}d|EtxkP<^A9e!lgpx2TUL-(l(EXraKh-_8Wm9`@Jv%86{RAfi;X
zO$Kpvk(DN%NYlWn@4bTAoNhR?na5@mIZ$i_vtw)P*{B!U7eJJ%kvDSB*$enyntm<e
z$Yg$IZKpp;JF8MdmEBM-1z+Tj<bzRpC&TSqI;fP`yHtNhII}oW#`izI4;IFelv5-O
zl}f}i3AfAqPA5&M;4yktYxlq=4pb;^dQQ+xpR^-#ZVE-K_Ij2b3SpTRXaVFsb}d=B
z`;3{EFYrheiCk;GJl6e_aQ}FOASYO8itGTJ4l;-JdaYp5iUA$nS(P$eH(XKly>jTs
zki9CXuOmVol>&#wy3tfbB~C^>()LHeH+sJr%01FW+K%9;w<oWkw2*eL*3!nNCJ3)y
z_4nMjwF9hMVOWaVQVn<%f~pV>b2&S%!4qUc9d(La3BX?h2q20JMg=^lAp*dg=>Kj)
zy#imJa^DK_BS@;v_)YFt1?Afv*6ay~o#5-$uIHzu`7Bi4Z0G;9c+&1mf3hy4%?k{6
zdtwFGW;2<Fk__6%DumaF3U?ff&)@KOBh{PQXW1ETlU6hi7Jcgo`^rET6hZWiOA-Ge
zc?R)o*u6B1Lbw~?c26Tty)zZ1Si&ZIh-Xm|fiWkcA@J+`dYUw(P_4dwOYBsQpDnU8
z0`;uWlZtm{r;*-hjKW4^=M(6i$*Ik<D%=6C(x}LMO3$Hp0}3-ybg|**W?H|{Ih#Y9
zel{Tv@$9ZhM~>=YcxCG<CV6A*hCHTPY)OcCvv;o!Clin67=FQ6n7Is(HM=0>$fSqX
z+6=$gK%G*VOSoLwTo88@|B=W03$0?eIF{mvQ-XS_sQ|tpO6stQ=6@K~91wH;a_>;^
z%c=)EF4OzIgtnK*=R>MKi>#?OJQ%M?A9|u-Q1$9w#TjUv6m;utPKh2o9QMvLwRXg3
zJ;=mZDL?<t5$RHA<>`;_j|}B4pweTRltmTDK4OcN{?Hi7t5v{)_K|(Uzc|lnY^@zm
zM`HBr%eYjqRhiHKWycDc#jML1RFc@3m1TiKs?BnuSw5;jVId{U!Zd%~1G&Dsbkoh+
z?fCXz=ecg)$eX}QtFb;>>(aAxhH5%x7zGVqsbFfe$~3?+tA{=&dd4KG=Q{9D5O3O|
zM^EI4N+yf+f!l|xHM~Yo)0Cj6uho}qEPESp6Rb2o*7zc-{BDtA=mSL|Cyv3C`=J_<
z2{Ryp_x6@uvel5i+kr`@R@3kcGhXy_-FmZjk6u_KIPfXzZc@@$lkki8e$F3?`f>)?
zw`8cZW~5wh%GbUOZ=uaO{y6E0o8~_<&MlfuY^i`2oqa+Vw32GTuR{$|PcN2YrxY@y
zz^?*lsl?KCxi_V!2tU|x$8(A8)*^^8vw+Wc3kmF&nWDo(dOp~Qy6aWh^YVDM(N)?p
zm}zRKE7G3QurJ6RW-@l>rcPw2-BJC1!N!Wn8|;_9fmeQB+TnbpWN`mHz00fNgzSto
z<Hv@7T1Kn;sj_<2DF=r$h(W(Qjp#A;qL#zd_ZX(78nAxJKGa0l5y$AtJWuTCZ9qkD
zu5ec4WCPp85J1!5zbGP<2>Hdue?Fk@rQpmV6-j{~D2J92u@R)7OIz7CG(ZMNx0&IR
zepKXedN%;1IyVrjgPand+@P0Z0$x-6Y3JqjU?JP-9)cBlGg~)(>}Do)u^RyTSj&qx
zUwsFBig{q)qPalPq+nA5nyzN)u+S9y10Z}*5>Lh`94H#V61o8mtncEh5_LELV_Y-Q
zGqRhqp8;4PZd<YdP2T_F5B}Nrf7fsR*SpC1RhQpTJLq}ZDD*hcfAZ<c!iAlJ#XRmD
zcwked@~@?WUk6Kf+q+ku1%958>Q<yUwqLT3;J7V8Mk^Kc(Tc`Mg?%%>3C`}cnXaUT
z{y(_LV&n;mbW(j(%FxxJ6L9Hmoq%DJUG|gmtMj!E!x2H|$X%B?`NNvNOga}&>laRV
zBFx6W5Y0xx{i$RlBXv4Mt$pU}5=)z6S)=U5JboU25qz*OiO2F6^+~)>clmR}MDxq%
z14A{IxhGED{_ba_@=PFQD*w03Nbf=eqYcVS!vJYG={^1jr<Ki0kr5lg2j=;^c1*S}
z<7-(OWrt(c$=&^9je$5~wd-fXYoO8hbE{<Tqf6O_7_%d7WM$(<Ppf{q^O&W~SkU>*
z4&s!{Tf?}a8!(q-#}xq5M$%tC)-7*tnIxG4WxlZ5P2A@nmW^v!YF>7sd{i<TRch&s
z*Yqw2ThatlJS$0o$cJNbr$ma~D+hck`LVGo|L~;Gf*sBEP_fB&Q^mF;dQc2sUq6^G
zi3bd|Sa7MQ(k&g^@@0Rmd<7s$%^_|DiSp>KnD?-=e7kH&TVUt#nU4e0YnLvJvww3s
zUw<F}hX&%5Tj%5}J7j^q>!1XF?hyEvpyf!zmv0BNu$vBJ(7`0<sEVywuIDk<PKEA<
zm`P>{t<>R~Df3}7m-@z3DkKF4Hkfe?mvWE)!hCs%H|sFIgE41Z@+JHJO}=$${d%(y
z5w=(SU6xaovIkByqm`_W{2TWBj&Dw!NV@0PPdS3^kxWeLnGUZBdt12m!UG1-ElEDu
zpgX+C-DwWX)9_4VqG@qZUFyKe-Ht5TN0#{YRu~Zt<nVlumBxI5k2LM_FbLhQ5*!^u
z-|Flwpg^@z?!M|QuJ4rIzHo=b>c*5Zg;i_|-75x3x)hPv=Y;a6bG8q_@ftbEb#``_
zK94u`D68~Py?mJ~VDco7^D$_z$;l~o&SHrJJyK~M83)?ad=aKR*O<TH+>WekI*-S0
zHc!+iONBlh`aY-FXHzGX*Kz1G70nSN!IQ6P{Q1k+i6+E$+~qtqJG;2v1B9IPOum1!
zagtqTDtIsZM4#c@eb5a??N7#ya?3(57{aW@sBh$eaUY~OtwVi{nC>a98}m4FmDMAS
zB%1W1K<oJM*u~~i&FHdEVuHg0#7C|cR_|FwncBK;<^;`%oyEusy_P~`O-SA>E00>=
z4ZG{K|METjJq=X)p*oF42Py3Qgh<Ai(L>ToHb#^HKnAIRW{&`5Uwu>S;%Oj5@xM|g
zRqDpsvY^G>ck(2(Fpx$;v=LmE`m9Tk)}h@iSB9*78-0;?>UQ7$n)?>{Db}NFY`pne
zG-w^i;2t#e+(BPflgoi<b8cp)e2ofPJuS?Rv%AQ_VJljd)9>)I>c`m0$Smo!RpobV
zmwN5i$Db2C^a;(65~^=O7_7;fL&|z6iLGSZO`J~HR`&}0hqtWtlFl{Yj5Hl9Hn|Z;
zLaO<WZf?aN<NTM)^M2+WkA>}&oII+(^Zn7}g$t3LdMSK)`@0z!*3s|3V{%%)nH|l~
zGYp;n^ku6)tu$Cx8=CX7djB{-^x@dz8fCRQRL%b8_kK`qctd5B>2o`z^q!yIR6Zq9
z1@{>d>vu>j)3Sx5$8hQME?ZV|_?bY_y%_42ox%;$_~U@v=G|c7<%m$1?~Lug58Eyt
z3^n%jG``<PQ<trAHeTqBypVHnXf0ySk`l!wfX8gXV=0yF?xh$!x5?MmzLB2$lddIA
z8M1*(36jxs*yyEb3;6F=tT{6vyj*UnLfk5hP*G<=pFK+mKBZ>bKHpZ`G5YB6(OgZ<
zGx``e_^+K0>T168kYMgjis+avxUegea-9%9<Bq&76B|DCEkO?2G=5E~8j1Q?m?(l5
z={RN+NxOoX?!7`Xx%iHmMkWuD`<PaczQxSQTaox$m;#oU>Q9&F^=jp`8xn2-T2tQk
zhdk9Qbet?F6q<yuK&6GzKSWB(R9lw9q%PHBn9C_yG&xqEp>XWzG$_gu9m3G!P|oyo
zL_mQUH(y+G^MOkdnR{t+U);O#afZ05bq&5Bbu{PqK0)s#hre^RO~)Bl94~)r`dYb=
zxTxahyByN*QJqwWmz)Yl(6ARr8GmH6JoEjiMx1QE$*o#sE*QtOB-N?cdm5rfRR{HK
zo#XBTB~7_x&&#M6*k+2wwZH{s%wknbEDgjM7oM6z2Se#*?=b$H$72zp&wR@s-;T_J
zS_NF`*Ok1k8i=h_<$iMA?-7K%pf&Cdw;Et6Xv{lJKXhc8r9s}&w|;yH50l;h)NJR9
zq=3074&-Z|eLK>ghD{EC++}NxoUYOrNZ^3EY%7@$7icctF3^5zI`Fbo6e{&o-uB{*
z{^p8|`WJ-lAEsG$Tm#ik)oq84wk5(&-}e~%nhQ>D2wPhe;r{B;Tk~rkS{iWAjS!K<
zPtE786)k7Nxjq_4Nc(3Km+YDbV~-;mg>5cK<Gpk4*<|zEStGSCzw`>gxa?N#S8Y^b
z?AE&NNSw!w!vR-DIo;|n)<@o&If|DN^o%!RQj$Lm{}yU$n8t=){LyJ5tBbs5ErE|>
z*C(85hvzY9^S>NDc`)n|uar$0+LJ6E#{<jD@}ZyoR5W<d`u55l*7G?mq<+!Cg7CNE
zoaxG>9|nfVY1VO}$l9GCY1Zkz@dyU!ZE8-7yJBG&GgKYWd0e??J88#^UdzCT^NY(F
zKLFpD9y(sbf+S)EeBzq=4@B&D@C9f<IsHJS!F)Mm-%>J#CLjUad#IiZ=YB+pV4kaq
z8+Ml|lX_>?OY4es4svbpc5EM%Ll95>6?jBx`n$2X?;OHkPYxp}YXXV*C0_jY=!c}X
zK92bfJg>RPFT~}@U{LdN)@rRm9S8B5d_ki&#MWMU7T<MJaepQ6oaHJ9+61v4l7(d%
zITF9j-nJVBa=0r)nEh6)KKE4UKFg0DLnOT`5*2h`h&nJIe7k|Y;)?92BHCokW2R$v
zLPuyhHMNq!mpfMu?JB^RjjtH`!k#>5$2ER_NjE@gsOdmt`p(S^({auwmil##a=%Iv
z#WZW|`S3;@laI`sJtHmNa+a~mP(JKKhm9p<o(O)|YvyJVS^_`gCqY|eid?T*(0(1K
zrvEFl2p*d_B%gT&)^fci<DoHH9C7lxEAAxZ0m!wQC0?1nNRZoek|eZFMSHj<yTh$1
zV-!M;D%EAY4n=NkB7_V?9vX*sMa1u)uO6C9><@WEus~uMtfnIcA1M<j>qyrJsg&|h
zxO5IR_Ax)v8yDOyPS~TZP81`mis2JWia!uk-Vaf)Cg}UOszy#IP&61>eF416*GXKW
z$!3~AjA{u+;WVOqU&>5PSf?bQkf~7AoDu>+vwuT+pKQ?yj~7%?T`!q`6nwMGpz6lY
z+%@i~K+p_gt4b<K(;|xd^8T#y@}Tb^s|O|v%A&UA;D?(~pUNZJMg{8V;R>PKh4%h*
zO_j)3;5dQyw1354sezkV{W8;ym^{AwqO%_i62eEt=$qcR+Hnv%x|3nEBisRFKTm#_
zPxkc4ywR96^Ozivc_3`}JZ<2{AIwfhB41`3c9noj=x2~sdQ~bl(W+Iw7XvD^EU}`S
zXo69tK`PDG$s8#3&Oz$cf$PFiS9?NVMtmg1#u07CcQT5o$*zj@lU2IyeIJ;PQX7_;
z|H5L(=8xcjEIt`=1mX5~>5AUqJxV7-0leNY224?3mc>v6(ZXDq2PF}Fo2PRl|A-)=
zba}(prf|40jaS4(lpxLdQ<2;QiqEqaxyglvlYQm0(d>@O1?R$9UMMLLJ(0C~{HKBr
zaI^cIH#BMCFH5H?iCgViPOlG5k#0?@qrdBp2HlYnNu9Gg<vBdGn(c4o5vAf0NrtXS
zCjq85<G4B<Ee<F6ze&_T1PfFN=uZ9=Fy@*~MAjY{cM3oUV{Kz&b;s8pyOwbSV{X}&
zDd*{R=s9r?S7XThJW>7<)OYrq^B3DFSFly;Fzi{SPpG4MgTJk*BF$>`sWjIC6gn_e
z)zIlLyWR6iYtr_FqQ|uS3D3SBlnuAXl>Vz|E{(sC5qM-9uka!{y^E^!B2$}?w>Hu+
zXIJTiM83Qm$MlL*zEtTMa(r#d!CJ+>-0ivXZ@;tcZeSuPY(#h1+F(^n<;1v59i<DZ
zwES6Wji5AHTS#-o5CtgaCU1fMo|rFSrPSe5>d^>44Ht{;<L!Olr!@+tdi*wt<{n5V
z^FL3gVJ>I>C=qo3-=Jk?gScW=ThX74SkbwPI_05QyQ^P|#ioPbI6s3U=`dxNxXg#S
z^NM*hbXd?KzTH*l@PyewOyIc+y<n$pP2@YA2sGrSP_G8wE%P2HK3}68E7L&+xP2fR
za3&qQf4;uu=7{uoDRua<G7K8^SZJUvmbnJEOFK73H1KUXO?>V|-ygef=EFA*<#O@T
zTP9ek3$l9J8X&_Ud%4pZzSmYc(uWpZ=1U3$ZLf?C++8^GO}w|YQ<k5we=sRB#o04m
zxnD%iV|7$XAt(x6em+#WbTk#O+)M3zbRR_)-_!Bz_kuibwLZeo<}qX=?T?Aiqb_Ba
zAIp9v{BUMUTI`<2x{=tXe2+9$(h~PluhtyIFp<1o`yYO*yzQ&H4-U@R&#&ClMAi{u
z*y*&YcDzu2MoLHbm~fCEUVu#oAsr`Z`4r9eHX+-vR2<WcdAM5B%zu}InP%@9->i#U
z(vA8c#Jr92nzD_ZBKr5WH@@2!mY2D`)3@Mxemhx?&<9&xqqF$8_%v-MG|SQ$D-Ew#
zKD87UTy;?~Qyg?vneBtOJYMu^HHmLB1-~L(s=-yZ*mQbSTN_3z+PXoy)D|)b<Xx_I
zP~3ja`%W$Ruy*wKZKA>NGfw%a`SW<8C1oz?qlA8kVx=JBXFY=z3z{oqO)M}8yfb=B
zS9utbyI+u<RHw{&++-ny7##HAR)H{Ouiu~B8Uj=No;4|w+gIGa9YP<mO^}H15x1%1
z&gub2Kh$wl6YAmOeB%>D@iB|z%1E(CHtU9;d&lgwCu_i`x9=xZ<vOIwPFQ&$iyKnW
zqxyHg^lz{Qg}I(C-kNpl$6F(v99K`G5H6fiV3RNFx>vMh5amB>k2G+q|JI*TlK6xE
zyR1hMq`AEOh1t9fUYU~MLFM2oNh+r<$!Aa>Z^*pGI^VjwcdXoY-_w*I(grM>f1jFE
z^24a2F!T8$oo8g}om<Pe%&EP>MuLke&SjtHZ_^Us(_>z?Hqn6n^QR611Ek&IudKF>
zg~CQTiKWNke$wi-Y-8DXMk?QR>T=NVTbgLso9ZAFcCWp1A;Wlc`EPbgUQ|w0t8c)s
zQ6DHi#|(A8cw`{C!i08oTruK6N4*q)w{*sIOUTUjXOIGI$?c;>k}OZtXeb<6*z)rd
z4T>2rHz4QSru=KM0u}6^hd^EAubP0b>htQruv;1@&9nwP=Vt{DX7rojy~LVfW=~V5
z2o<O4V<W9v6(|lx)&4i$YI)TG2zvO<*bo;{p`z5X#Ejmv%pP61^)Qiv6&=j|BHTwL
zo%9q~RZ+dmkjHR_v#(XJ`#xJO*1WRlKW7oUaZOzt1vNI@vwhwSQ4FQLkc~M;LPvm%
zV`I||IhlQ?%2fmnjxbs;eQHX(0_<XxKKgsiY<`WKZ?(BZ@%rHS+&xE5N~Z_j7h0H@
zUyG!^NO`79`u&(JX`g=o0i>B&9_jpmh03$Kti-<iGTKJ*x{<Z3th@6CI|^9ld@Z$p
zQ6MOjoF*V@1o+3K?C+z6e<0QWN)G?eh^-U8b8`0%ZWV#-zD^zj0)~2~y2aW~G5-NW
C-3@R6

diff --git a/frameworks/permission_standard/permissioncommunicationadapter/BUILD.gn b/frameworks/permission_standard/permissioncommunicationadapter/BUILD.gn
new file mode 100644
index 0000000..1c18bf6
--- /dev/null
+++ b/frameworks/permission_standard/permissioncommunicationadapter/BUILD.gn
@@ -0,0 +1,43 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+################################################################
+# C++, Main source file here.
+################################################################
+config("permission_standard_communication_adapter_cxx_public_config") {
+  visibility = [ ":*" ]
+  include_dirs = [ "main/cpp/include" ]
+}
+
+ohos_shared_library("permission_standard_communication_adapter_cxx") {
+  subsystem_name = "security"
+  part_name = "permission_standard"
+
+  public_configs =
+      [ ":permission_standard_communication_adapter_cxx_public_config" ]
+
+  include_dirs = [
+    "main/cpp/include",
+    "main/cpp/src",
+    "//utils/native/base/include",
+    "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission",
+  ]
+
+  sources = [ "main/cpp/src/permission_def_parcel.cpp" ]
+
+  deps = [ "//utils/native/base:utils" ]
+
+  external_deps = [ "ipc:ipc_core" ]
+}
diff --git a/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/i_permission_manager.h b/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/i_permission_manager.h
new file mode 100644
index 0000000..26fe5bf
--- /dev/null
+++ b/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/i_permission_manager.h
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef I_PERMISSION_MANAGER_H
+#define I_PERMISSION_MANAGER_H
+
+#include <string>
+
+#include "permission_def_parcel.h"
+
+#include "iremote_broker.h"
+#include "errors.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class IPermissionManager : public IRemoteBroker {
+public:
+    static const int SA_ID_PERMISSION_MANAGER_SERVICE = 3501;
+
+    DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.permission.IPermissionManager");
+
+    virtual int VerifyPermission(const std::string& bundleName, const std::string& permissionName, int userId) = 0;
+
+    virtual bool CanRequestPermission(const std::string& bundleName, const std::string& permissionName, int userId) = 0;
+
+    virtual int GrantUserGrantedPermission(
+        const std::string& bundleName, const std::string& permissionName, int userId) = 0;
+
+    virtual int GrantSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName) = 0;
+
+    virtual int RevokeUserGrantedPermission(
+        const std::string& bundleName, const std::string& permissionName, int userId) = 0;
+
+    virtual int RevokeSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName) = 0;
+
+    virtual int AddUserGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList, int userId) = 0;
+
+    virtual int AddSystemGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList) = 0;
+
+    virtual int RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId) = 0;
+
+    virtual int RemoveSystemGrantedReqPermissions(const std::string& bundleName) = 0;
+
+    virtual int AddDefPermissions(const std::vector<PermissionDefParcel>& permDefList) = 0;
+
+    virtual int RemoveDefPermissions(const std::string& bundleName) = 0;
+
+    virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0;
+
+    enum class InterfaceCode {
+        VERIFY_PERMISSION = 0xff01,
+        CAN_REQUEST_PERMISSION = 0xff02,
+        GRANT_USER_GRANTED_PERMISSION = 0xff03,
+        GRANT_SYSTEM_GRANTED_PERMISSION = 0xff04,
+        REVOKE_USER_GRANTED_PERMISSION = 0xff05,
+        REVOKE_SYSTEM_GRANTED_PERMISSION = 0xff06,
+        ADD_USER_GRANTED_REQ_PERMISSIONS = 0xff07,
+        ADD_SYSTEM_GRANTED_REQ_PERMISSIONS = 0xff08,
+        REMOVE_USER_GRANTED_REQ_PERMISSIONS = 0xff09,
+        REMOVE_SYSTEM_GRANTED_REQ_PERMISSIONS = 0xff10,
+        ADD_DEF_PERMISSIONS = 0xff11,
+        REMOVE_DEF_PERMISSIONS = 0xff12,
+        GET_DEF_PERMISSION = 0xff13,
+    };
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif // I_PERMISSION_MANAGER_H
diff --git a/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/permission_def_parcel.h b/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/permission_def_parcel.h
new file mode 100755
index 0000000..e1e8504
--- /dev/null
+++ b/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/permission_def_parcel.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_DEF_PARCEL_H
+#define PERMISSION_DEF_PARCEL_H
+
+#include "permission_def.h"
+
+#include "parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+struct PermissionDefParcel final : public Parcelable {
+    PermissionDefParcel() = default;
+
+    ~PermissionDefParcel() override = default;
+
+    bool Marshalling(Parcel& out) const override;
+
+    static PermissionDefParcel* Unmarshalling(Parcel& in);
+
+    PermissionDef permissionDef;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_DEF_PARCEL_H
diff --git a/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/src/permission_def_parcel.cpp b/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/src/permission_def_parcel.cpp
new file mode 100755
index 0000000..e9cc927
--- /dev/null
+++ b/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/src/permission_def_parcel.cpp
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_def_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+#define RETURN_IF_FALSE(expr) \
+    if (!(expr)) { \
+        return false; \
+    }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+    if (!(expr)) { \
+        delete (obj); \
+        (obj) = nullptr; \
+        return (obj); \
+    }
+
+bool PermissionDefParcel::Marshalling(Parcel& out) const
+{
+    RETURN_IF_FALSE(out.WriteString(this->permissionDef.permissionName));
+    RETURN_IF_FALSE(out.WriteString(this->permissionDef.bundleName));
+    RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.grantMode));
+    RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.availableScope));
+    RETURN_IF_FALSE(out.WriteString(this->permissionDef.label));
+    RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.labelId));
+    RETURN_IF_FALSE(out.WriteString(this->permissionDef.description));
+    RETURN_IF_FALSE(out.WriteInt32(this->permissionDef.descriptionId));
+    return true;
+}
+
+PermissionDefParcel* PermissionDefParcel::Unmarshalling(Parcel& in)
+{
+    auto* permissionDefParcel = new (std::nothrow) PermissionDefParcel();
+    RELEASE_IF_FALSE(permissionDefParcel != nullptr, permissionDefParcel);
+    permissionDefParcel->permissionDef.permissionName = in.ReadString();
+    permissionDefParcel->permissionDef.bundleName = in.ReadString();
+    RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.grantMode), permissionDefParcel);
+    RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.availableScope), permissionDefParcel);
+    permissionDefParcel->permissionDef.label = in.ReadString();
+    RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.labelId), permissionDefParcel);
+    permissionDefParcel->permissionDef.description = in.ReadString();
+    RELEASE_IF_FALSE(in.ReadInt32(permissionDefParcel->permissionDef.descriptionId), permissionDefParcel);
+    return permissionDefParcel;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/frameworks/permission_standard/permissioninfrastructure/BUILD.gn b/frameworks/permission_standard/permissioninfrastructure/BUILD.gn
new file mode 100644
index 0000000..1903866
--- /dev/null
+++ b/frameworks/permission_standard/permissioninfrastructure/BUILD.gn
@@ -0,0 +1,38 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+################################################################
+# C++, Main source file here.
+################################################################
+config("permission_standard_infrastructure_cxx_public_config") {
+  visibility = [ ":*" ]
+  include_dirs = [ "main/cpp/include" ]
+}
+
+ohos_shared_library("permission_standard_infrastructure_cxx") {
+  subsystem_name = "security"
+  part_name = "permission_standard"
+
+  public_configs = [ ":permission_standard_infrastructure_cxx_public_config" ]
+
+  include_dirs = []
+
+  sources = [ "main/cpp/src/data_validator.cpp" ]
+
+  deps = [ "//utils/native/base:utils" ]
+  external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
+
+  cflags_cc = [ "-DHILOG_ENABLE" ]
+}
diff --git a/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/data_validator.h b/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/data_validator.h
new file mode 100755
index 0000000..1976865
--- /dev/null
+++ b/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/data_validator.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string>
+
+#ifndef DATA_VALIDATOR_H
+#define DATA_VALIDATOR_H
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class DataValidator final {
+public:
+    static bool IsBundleNameValid(const std::string& bundleName);
+
+    static bool IsPermissionNameValid(const std::string& permissionName);
+
+    static bool IsUserIdValid(const int userId);
+
+private:
+    const static int MAX_LENGTH = 256;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // DATA_VALIDATOR_H
diff --git a/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/permission_log.h b/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/permission_log.h
new file mode 100644
index 0000000..30cbae7
--- /dev/null
+++ b/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/permission_log.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_LOG_H
+#define PERMISSION_LOG_H
+
+#ifdef HILOG_ENABLE
+
+#include "hilog/log.h"
+
+#ifndef __cplusplus
+
+#define PERMISSION_LOG_DEBUG(fmt, ...) HILOG_DEBUG(LOG_CORE, fmt, ##__VA_ARGS__)
+#define PERMISSION_LOG_INFO(fmt, ...) HILOG_INFO(LOG_CORE, fmt, ##__VA_ARGS__)
+#define PERMISSION_LOG_WARN(fmt, ...) HILOG_WARN(LOG_CORE, fmt, ##__VA_ARGS__)
+#define PERMISSION_LOG_ERROR(fmt, ...) HILOG_ERROR(LOG_CORE, fmt, ##__VA_ARGS__)
+#define PERMISSION_LOG_FATAL(fmt, ...) HILOG_FATAL(LOG_CORE, fmt, ##__VA_ARGS__)
+
+#else
+
+#define PERMISSION_LOG_DEBUG(label, fmt, ...) OHOS::HiviewDFX::HiLog::Debug(label, fmt, ##__VA_ARGS__)
+#define PERMISSION_LOG_INFO(label, fmt, ...) OHOS::HiviewDFX::HiLog::Info(label, fmt, ##__VA_ARGS__)
+#define PERMISSION_LOG_WARN(label, fmt, ...) OHOS::HiviewDFX::HiLog::Warn(label, fmt, ##__VA_ARGS__)
+#define PERMISSION_LOG_ERROR(label, fmt, ...) OHOS::HiviewDFX::HiLog::Error(label, fmt, ##__VA_ARGS__)
+#define PERMISSION_LOG_FATAL(label, fmt, ...) OHOS::HiviewDFX::HiLog::Fatal(label, fmt, ##__VA_ARGS__)
+
+#endif // __cplusplus
+
+/* define LOG_TAG as "security_*" at your submodule, * means your submodule name such as "security_dac" */
+#undef LOG_TAG
+#undef LOG_DOMAIN
+
+static constexpr unsigned int SECURITY_DOMAIN_PERMISSION = 0xD002F01;
+
+#else
+
+#include <stdarg.h>
+#include <stdio.h>
+
+/* define LOG_TAG as "security_*" at your submodule, * means your submodule name such as "security_dac" */
+#undef LOG_TAG
+
+#define PERMISSION_LOG_DEBUG(fmt, ...) printf("[%s] debug: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__)
+#define PERMISSION_LOG_INFO(fmt, ...) printf("[%s] info: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__)
+#define PERMISSION_LOG_WARN(fmt, ...) printf("[%s] warn: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__)
+#define PERMISSION_LOG_ERROR(fmt, ...) printf("[%s] error: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__)
+#define PERMISSION_LOG_FATAL(fmt, ...) printf("[%s] fatal: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__)
+
+#endif // HILOG_ENABLE
+
+#endif // PERMISSION_LOG_H
diff --git a/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/test_const.h b/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/test_const.h
new file mode 100644
index 0000000..d34f157
--- /dev/null
+++ b/frameworks/permission_standard/permissioninfrastructure/main/cpp/include/test_const.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_CONST_H
+#define TEST_CONST_H
+
+#include <string>
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+static const std::string TEST_BUNDLE_NAME = "ohos";
+static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA";
+static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA";
+static const std::string TEST_PERMISSION_NAME_GAMMA = "ohos.permission.GAMMA";
+static const std::string TEST_LABEL = "test label";
+static const std::string TEST_DESCRIPTION = "test description";
+
+static const int TEST_LABEL_ID = 9527;
+static const int TEST_DESCRIPTION_ID = 9528;
+static const int TEST_INVALID_USER_ID = -1;
+static const int TEST_USER_ID = 0;
+static const int TEST_SUB_USER_ID = 10;
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // TEST_CONST_H
diff --git a/frameworks/permission_standard/permissioninfrastructure/main/cpp/src/data_validator.cpp b/frameworks/permission_standard/permissioninfrastructure/main/cpp/src/data_validator.cpp
new file mode 100644
index 0000000..445be70
--- /dev/null
+++ b/frameworks/permission_standard/permissioninfrastructure/main/cpp/src/data_validator.cpp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "data_validator.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+bool DataValidator::IsBundleNameValid(const std::string& bundleName)
+{
+    return !bundleName.empty() && (bundleName.length() <= MAX_LENGTH);
+}
+
+bool DataValidator::IsPermissionNameValid(const std::string& permissionName)
+{
+    return !permissionName.empty() && (permissionName.length() <= MAX_LENGTH);
+}
+
+bool DataValidator::IsUserIdValid(const int userId)
+{
+    return userId >= 0;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/interfaces/innerkits/permission_lite/pms_interface_inner.h b/interfaces/innerkits/permission_lite/pms_interface_inner.h
old mode 100644
new mode 100755
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/BUILD.gn b/interfaces/innerkits/permission_standard/permissionsdk/BUILD.gn
new file mode 100755
index 0000000..38fb93b
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/BUILD.gn
@@ -0,0 +1,58 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+################################################################
+# C++, Main, source file here.
+################################################################
+config("permission_sdk_cxx_public_config_standard") {
+  visibility = [ ":*" ]
+  include_dirs = [ "main/cpp/include" ]
+}
+
+ohos_shared_library("libpermissionsdk_standard") {
+  subsystem_name = "security"
+  part_name = "permission_standard"
+
+  output_name = "libpermissionsdk_standard"
+
+  public_configs = [ ":permission_sdk_cxx_public_config_standard" ]
+
+  include_dirs = [
+    "//utils/native/base/include",
+    "main/cpp/include",
+    "main/cpp/src",
+    "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission",
+  ]
+
+  sources = [
+    "main/cpp/src/permission/permission_kit.cpp",
+    "main/cpp/src/permission/permission_manager_client.cpp",
+    "main/cpp/src/permission/permission_manager_proxy.cpp",
+  ]
+
+  deps = [
+    "//base/security/permission/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
+    "//base/security/permission/frameworks/permission_standard/permissioninfrastructure:permission_standard_infrastructure_cxx",
+    "//utils/native/base:utils",
+  ]
+
+  external_deps = [
+    "hiviewdfx_hilog_native:libhilog",
+    "ipc:ipc_core",
+    "samgr_L2:samgr_proxy",
+  ]
+
+  cflags_cc = [ "-DHILOG_ENABLE" ]
+}
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission.h b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission.h
new file mode 100755
index 0000000..fc9bb16
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_PERMISSION_PERMISSION_H
+#define INTERFACES_INNER_KITS_PERMISSION_PERMISSION_H
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+enum PermissionKitRet {
+    RET_FAILED = -1,
+    RET_SUCCESS = 0,
+};
+
+typedef enum TypePermissionState {
+    PERMISSION_NOT_GRANTED = -1,
+    PERMISSION_GRANTED = 0,
+} PermissionState;
+
+typedef enum TypeGrantMode {
+    USER_GRANT = 0,
+    SYSTEM_GRANT = 1,
+} GrantMode;
+
+typedef enum TypeAvailableScope {
+    AVAILABLE_SCOPE_ALL = 1 << 0,
+    AVAILABLE_SCOPE_SIGNATURE = 1 << 1,
+    AVAILABLE_SCOPE_RESTRICTED = 1 << 2
+} AvailableScope;
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif // INTERFACES_INNER_KITS_PERMISSION_PERMISSION_H
\ No newline at end of file
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission_def.h b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission_def.h
new file mode 100755
index 0000000..39aefdf
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission_def.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_PERMISSION_PERMISSION_DEF_H
+#define INTERFACES_INNER_KITS_PERMISSION_PERMISSION_DEF_H
+
+#include <string>
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+struct PermissionDef {
+    std::string permissionName;
+    std::string bundleName;
+    int grantMode;
+    int availableScope;
+    std::string label;
+    int labelId;
+    std::string description;
+    int descriptionId;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif // INTERFACES_INNER_KITS_PERMISSION_PERMISSION_DEF_H
\ No newline at end of file
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission_kit.h b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission_kit.h
new file mode 100755
index 0000000..33bf3fc
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/permission_kit.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef INTERFACES_INNER_KITS_PERMISSION_PERMISSION_KIT_H
+#define INTERFACES_INNER_KITS_PERMISSION_PERMISSION_KIT_H
+
+#include <string>
+#include <vector>
+
+#include "permission/permission.h"
+#include "permission/permission_def.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionKit {
+public:
+    static int VerifyPermission(const std::string& bundleName, const std::string& permissionName, int userId);
+    static bool CanRequestPermission(const std::string& bundleName, const std::string& permissionName, int userId);
+
+    static int GrantUserGrantedPermission(
+        const std::string& bundleName, const std::string& permissionName, int userId);
+    static int GrantSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName);
+
+    static int RevokeUserGrantedPermission(
+        const std::string& bundleName, const std::string& permissionName, int userId);
+    static int RevokeSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName);
+
+    static int AddUserGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList, int userId);
+    static int AddSystemGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList);
+
+    static int RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId);
+    static int RemoveSystemGrantedReqPermissions(const std::string& bundleName);
+
+    static int AddDefPermissions(const std::vector<PermissionDef>& permList);
+    static int RemoveDefPermissions(const std::string& bundleName);
+    static int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult);
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_kit.cpp b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_kit.cpp
new file mode 100755
index 0000000..a5df2a5
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_kit.cpp
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission/permission_kit.h"
+
+#include <string>
+#include <vector>
+
+#include "permission_log.h"
+#include "permission_manager_client.h"
+#include "data_validator.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+using namespace std;
+
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionKit"};
+} // namespace
+
+int PermissionKit::VerifyPermission(const string& bundleName, const string& permissionName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s, permissionName=%{public}s, userId=%{public}d",
+        bundleName.c_str(), permissionName.c_str(), userId);
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsPermissionNameValid(permissionName) ||
+        !DataValidator::IsUserIdValid(userId)) {
+        return PERMISSION_NOT_GRANTED;
+    }
+    return PermissionManagerClient::GetInstance().VerifyPermission(bundleName, permissionName, userId);
+}
+
+bool PermissionKit::CanRequestPermission(const string& bundleName, const string& permissionName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s, permissionName=%{public}s, userId=%{public}d",
+        bundleName.c_str(), permissionName.c_str(), userId);
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsPermissionNameValid(permissionName) ||
+        !DataValidator::IsUserIdValid(userId)) {
+        return false;
+    }
+    return PermissionManagerClient::GetInstance().CanRequestPermission(bundleName, permissionName, userId);
+}
+
+int PermissionKit::GrantUserGrantedPermission(const string& bundleName, const string& permissionName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s, permissionName=%{public}s, userId=%{public}d",
+        bundleName.c_str(), permissionName.c_str(), userId);
+    return PermissionManagerClient::GetInstance().GrantUserGrantedPermission(bundleName, permissionName, userId);
+}
+
+int PermissionKit::GrantSystemGrantedPermission(const string& bundleName, const string& permissionName)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(
+        LABEL, "bundleName=%{public}s, permissionName=%{public}s", bundleName.c_str(), permissionName.c_str());
+    return PermissionManagerClient::GetInstance().GrantSystemGrantedPermission(bundleName, permissionName);
+}
+
+int PermissionKit::RevokeUserGrantedPermission(const string& bundleName, const string& permissionName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s, permissionName=%{public}s, userId=%{public}d",
+        bundleName.c_str(), permissionName.c_str(), userId);
+    return PermissionManagerClient::GetInstance().RevokeUserGrantedPermission(bundleName, permissionName, userId);
+}
+
+int PermissionKit::RevokeSystemGrantedPermission(const string& bundleName, const string& permissionName)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(
+        LABEL, "bundleName=%{public}s, permissionName=%{public}s", bundleName.c_str(), permissionName.c_str());
+    return PermissionManagerClient::GetInstance().RevokeSystemGrantedPermission(bundleName, permissionName);
+}
+
+int PermissionKit::AddUserGrantedReqPermissions(
+    const string& bundleName, const std::vector<string>& permList, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s, userId=%{public}d", bundleName.c_str(), userId);
+    return PermissionManagerClient::GetInstance().AddUserGrantedReqPermissions(bundleName, permList, userId);
+}
+
+int PermissionKit::AddSystemGrantedReqPermissions(const string& bundleName, const std::vector<string>& permList)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s", bundleName.c_str());
+    return PermissionManagerClient::GetInstance().AddSystemGrantedReqPermissions(bundleName, permList);
+}
+
+int PermissionKit::RemoveUserGrantedReqPermissions(const string& bundleName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s, userId=%{public}d", bundleName.c_str(), userId);
+    return PermissionManagerClient::GetInstance().RemoveUserGrantedReqPermissions(bundleName, userId);
+}
+
+int PermissionKit::RemoveSystemGrantedReqPermissions(const string& bundleName)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s", bundleName.c_str());
+    return PermissionManagerClient::GetInstance().RemoveSystemGrantedReqPermissions(bundleName);
+}
+
+int PermissionKit::AddDefPermissions(const std::vector<PermissionDef>& permList)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    return PermissionManagerClient::GetInstance().AddDefPermissions(permList);
+}
+
+int PermissionKit::RemoveDefPermissions(const string& bundleName)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "bundleName=%{public}s", bundleName.c_str());
+    return PermissionManagerClient::GetInstance().RemoveDefPermissions(bundleName);
+}
+
+int PermissionKit::GetDefPermission(const string& permissionName, PermissionDef& permissionDefResult)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
+    PERMISSION_LOG_INFO(LABEL, "permissionName=%{public}s", permissionName.c_str());
+    int ret = PermissionManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult);
+    PERMISSION_LOG_INFO(LABEL, "GetDefPermission bundleName = %{public}s", permissionDefResult.bundleName.c_str());
+    return ret;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_client.cpp b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_client.cpp
new file mode 100644
index 0000000..1d0779d
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_client.cpp
@@ -0,0 +1,227 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_manager_client.h"
+
+#include "permission.h"
+#include "permission_log.h"
+
+#include "iservice_registry.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionManagerClient"};
+} // namespace
+
+PermissionManagerClient& PermissionManagerClient::GetInstance()
+{
+    static PermissionManagerClient instance;
+    return instance;
+}
+
+PermissionManagerClient::PermissionManagerClient()
+{}
+
+PermissionManagerClient::~PermissionManagerClient()
+{}
+
+int PermissionManagerClient::VerifyPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return PERMISSION_NOT_GRANTED;
+    }
+    return proxy->VerifyPermission(bundleName, permissionName, userId);
+}
+
+bool PermissionManagerClient::CanRequestPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return false;
+    }
+    return proxy->CanRequestPermission(bundleName, permissionName, userId);
+}
+
+int PermissionManagerClient::GrantUserGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->GrantUserGrantedPermission(bundleName, permissionName, userId);
+}
+
+int PermissionManagerClient::GrantSystemGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->GrantSystemGrantedPermission(bundleName, permissionName);
+}
+
+int PermissionManagerClient::RevokeUserGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->RevokeUserGrantedPermission(bundleName, permissionName, userId);
+}
+
+int PermissionManagerClient::RevokeSystemGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->RevokeSystemGrantedPermission(bundleName, permissionName);
+}
+
+int PermissionManagerClient::AddUserGrantedReqPermissions(
+    const std::string& bundleName, const std::vector<std::string>& permList, int userId) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->AddUserGrantedReqPermissions(bundleName, permList, userId);
+}
+
+int PermissionManagerClient::AddSystemGrantedReqPermissions(
+    const std::string& bundleName, const std::vector<std::string>& permList) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->AddSystemGrantedReqPermissions(bundleName, permList);
+}
+
+int PermissionManagerClient::RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->RemoveUserGrantedReqPermissions(bundleName, userId);
+}
+
+int PermissionManagerClient::RemoveSystemGrantedReqPermissions(const std::string& bundleName) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->RemoveSystemGrantedReqPermissions(bundleName);
+}
+
+int PermissionManagerClient::AddDefPermissions(const std::vector<PermissionDef>& permDefList) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    std::vector<PermissionDefParcel> parcelList;
+    for (auto permDef : permDefList) {
+        PermissionDefParcel parcel;
+        parcel.permissionDef = permDef;
+        parcelList.emplace_back(parcel);
+    }
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, permList size: %{public}d", __func__, (int) parcelList.size());
+    return proxy->AddDefPermissions(parcelList);
+}
+
+int PermissionManagerClient::RemoveDefPermissions(const std::string& bundleName) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    return proxy->RemoveDefPermissions(bundleName);
+}
+
+int PermissionManagerClient::GetDefPermission(
+    const std::string& permissionName, PermissionDef& permissionDefResult) const
+{
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: proxy is null", __func__);
+        return RET_FAILED;
+    }
+    PermissionDefParcel permissionDefParcel;
+    int result = proxy->GetDefPermission(permissionName, permissionDefParcel);
+    permissionDefResult = permissionDefParcel.permissionDef;
+    return result;
+}
+
+sptr<IPermissionManager> PermissionManagerClient::GetProxy() const
+{
+    auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
+    if (sam == nullptr) {
+        PERMISSION_LOG_DEBUG(LABEL, "%{public}s: GetSystemAbilityManager is null", __func__);
+        return nullptr;
+    }
+    auto permissionSa = sam->GetSystemAbility(IPermissionManager::SA_ID_PERMISSION_MANAGER_SERVICE);
+    if (permissionSa == nullptr) {
+        PERMISSION_LOG_DEBUG(LABEL, "%{public}s: GetSystemAbility %{public}d is null", __func__,
+            IPermissionManager::SA_ID_PERMISSION_MANAGER_SERVICE);
+        return nullptr;
+    }
+
+    auto proxy = iface_cast<IPermissionManager>(permissionSa);
+    if (proxy == nullptr) {
+        PERMISSION_LOG_DEBUG(LABEL, "%{public}s: iface_cast get null", __func__);
+        return nullptr;
+    }
+    return proxy;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_client.h b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_client.h
new file mode 100755
index 0000000..a320048
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_client.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_MANAGER_CLIENT_H
+#define PERMISSION_MANAGER_CLIENT_H
+
+#include <string>
+
+#include "i_permission_manager.h"
+#include "permission/permission_def.h"
+
+#include "nocopyable.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionManagerClient final {
+public:
+    static PermissionManagerClient& GetInstance();
+
+    virtual ~PermissionManagerClient();
+
+    int VerifyPermission(const std::string& bundleName, const std::string& permissionName, int userId) const;
+
+    bool CanRequestPermission(const std::string& bundleName, const std::string& permissionName, int userId) const;
+
+    int GrantUserGrantedPermission(const std::string& bundleName, const std::string& permissionName, int userId) const;
+
+    int GrantSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName) const;
+
+    int RevokeUserGrantedPermission(const std::string& bundleName, const std::string& permissionName, int userId) const;
+
+    int RevokeSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName) const;
+
+    int AddUserGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList, int userId) const;
+
+    int AddSystemGrantedReqPermissions(const std::string& bundleName, const std::vector<std::string>& permList) const;
+
+    int RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId) const;
+
+    int RemoveSystemGrantedReqPermissions(const std::string& bundleName) const;
+
+    int AddDefPermissions(const std::vector<PermissionDef>& permDefList) const;
+
+    int RemoveDefPermissions(const std::string& bundleName) const;
+
+    int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) const;
+
+private:
+    PermissionManagerClient();
+
+    DISALLOW_COPY_AND_MOVE(PermissionManagerClient);
+
+    sptr<IPermissionManager> GetProxy() const;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_MANAGER_CLIENT_H
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_proxy.cpp b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_proxy.cpp
new file mode 100644
index 0000000..3a57008
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_proxy.cpp
@@ -0,0 +1,482 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_manager_proxy.h"
+
+#include "permission/permission.h"
+#include "permission_log.h"
+
+#include "parcel.h"
+#include "string_ex.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionManagerProxy"};
+}
+
+PermissionManagerProxy::PermissionManagerProxy(const sptr<IRemoteObject>& impl) : IRemoteProxy<IPermissionManager>(impl)
+{}
+
+PermissionManagerProxy::~PermissionManagerProxy()
+{}
+
+int PermissionManagerProxy::VerifyPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return PERMISSION_NOT_GRANTED;
+    }
+    if (!data.WriteString(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__);
+        return PERMISSION_NOT_GRANTED;
+    }
+    if (!data.WriteInt32(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write userId", __func__);
+        return PERMISSION_NOT_GRANTED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return PERMISSION_NOT_GRANTED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::VERIFY_PERMISSION), data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return PERMISSION_NOT_GRANTED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+bool PermissionManagerProxy::CanRequestPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return false;
+    }
+    if (!data.WriteString(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__);
+        return false;
+    }
+    if (!data.WriteInt32(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write userId", __func__);
+        return false;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return false;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::CAN_REQUEST_PERMISSION), data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return false;
+    }
+
+    bool result = reply.ReadBool();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::GrantUserGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteString(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteInt32(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write userId", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::GRANT_USER_GRANTED_PERMISSION), data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::GrantSystemGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteString(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::GRANT_SYSTEM_GRANTED_PERMISSION), data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::RevokeUserGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteString(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteInt32(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write userId", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::REVOKE_USER_GRANTED_PERMISSION), data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::RevokeSystemGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteString(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult =
+        remote->SendRequest(static_cast<uint32_t>(IPermissionManager::InterfaceCode::REVOKE_SYSTEM_GRANTED_PERMISSION),
+            data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::AddUserGrantedReqPermissions(
+    const std::string& bundleName, const std::vector<std::string>& permList, int userId)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteStringVector(permList)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permList", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteInt32(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write userId", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult =
+        remote->SendRequest(static_cast<uint32_t>(IPermissionManager::InterfaceCode::ADD_USER_GRANTED_REQ_PERMISSIONS),
+            data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::AddSystemGrantedReqPermissions(
+    const std::string& bundleName, const std::vector<std::string>& permList)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteStringVector(permList)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permList", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::ADD_SYSTEM_GRANTED_REQ_PERMISSIONS), data, reply,
+        option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+    if (!data.WriteInt32(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write userId", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::REMOVE_USER_GRANTED_REQ_PERMISSIONS), data, reply,
+        option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::RemoveSystemGrantedReqPermissions(const std::string& bundleName)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::REMOVE_SYSTEM_GRANTED_REQ_PERMISSIONS), data, reply,
+        option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::AddDefPermissions(const std::vector<PermissionDefParcel>& permDefList)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteInt32(permDefList.size())) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permDefList's size", __func__);
+        return RET_FAILED;
+    }
+    for (auto permissionDef : permDefList) {
+        if (!data.WriteParcelable(&permissionDef)) {
+            return RET_FAILED;
+        }
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::ADD_DEF_PERMISSIONS), data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::RemoveDefPermissions(const std::string& bundleName)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write bundleName", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::REMOVE_DEF_PERMISSIONS), data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+
+int PermissionManagerProxy::GetDefPermission(
+    const std::string& permissionName, PermissionDefParcel& permissionDefResult)
+{
+    MessageParcel data;
+    data.WriteInterfaceToken(IPermissionManager::GetDescriptor());
+    if (!data.WriteString(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: Failed to write permissionName", __func__);
+        return RET_FAILED;
+    }
+
+    MessageParcel reply;
+    MessageOption option;
+    sptr<IRemoteObject> remote = Remote();
+    if (remote == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: remote service null.", __func__);
+        return RET_FAILED;
+    }
+    int32_t requestResult = remote->SendRequest(
+        static_cast<uint32_t>(IPermissionManager::InterfaceCode::GET_DEF_PERMISSION), data, reply, option);
+    if (requestResult != NO_ERROR) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s send request fail, result: %{public}d", __func__, requestResult);
+        return RET_FAILED;
+    }
+    sptr<PermissionDefParcel> resultSptr = reply.ReadParcelable<PermissionDefParcel>();
+    if (resultSptr == nullptr) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s ReadParcelable fail", __func__);
+        return RET_FAILED;
+    }
+    permissionDefResult = *resultSptr;
+    int32_t result = reply.ReadInt32();
+    PERMISSION_LOG_DEBUG(LABEL, "%{public}s get result from server data = %{public}d", __func__, result);
+    return result;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_proxy.h b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_proxy.h
new file mode 100644
index 0000000..c12e7b8
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/src/permission/permission_manager_proxy.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_MANAGER_PROXY_H
+#define PERMISSION_MANAGER_PROXY_H
+
+#include "i_permission_manager.h"
+
+#include "iremote_proxy.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionManagerProxy : public IRemoteProxy<IPermissionManager> {
+public:
+    explicit PermissionManagerProxy(const sptr<IRemoteObject>& impl);
+    virtual ~PermissionManagerProxy() override;
+
+    int VerifyPermission(const std::string& packageName, const std::string& permissionName, int userId) override;
+
+    bool CanRequestPermission(const std::string& bundleName, const std::string& permissionName, int userId) override;
+
+    int GrantUserGrantedPermission(
+        const std::string& bundleName, const std::string& permissionName, int userId) override;
+
+    int GrantSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName) override;
+
+    int RevokeUserGrantedPermission(
+        const std::string& bundleName, const std::string& permissionName, int userId) override;
+
+    int RevokeSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName) override;
+
+    int AddUserGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList, int userId) override;
+
+    int AddSystemGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList) override;
+
+    int RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId) override;
+
+    int RemoveSystemGrantedReqPermissions(const std::string& bundleName) override;
+
+    int AddDefPermissions(const std::vector<PermissionDefParcel>& permDefList) override;
+
+    int RemoveDefPermissions(const std::string& bundleName) override;
+
+    int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override;
+
+private:
+    static inline BrokerDelegator<PermissionManagerProxy> delegator_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_MANAGER_PROXY_H
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/test/BUILD.gn b/interfaces/innerkits/permission_standard/permissionsdk/test/BUILD.gn
new file mode 100755
index 0000000..f62c840
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/test/BUILD.gn
@@ -0,0 +1,40 @@
+# Copyright (C) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/test.gni")
+
+ohos_unittest("libpermissionsdk_standard_test") {
+  subsystem_name = "security"
+  part_name = "permission_standard"
+  module_out_path = part_name + "/" + part_name
+
+  include_dirs = [
+    "//utils/native/base/include",
+    "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission/",
+  ]
+
+  sources = [ "unittest/cpp/src/permission_kit_test.cpp" ]
+
+  cflags_cc = [ "-DHILOG_ENABLE" ]
+
+  deps = [
+    "//base/security/permission/frameworks/permission_standard/permissioninfrastructure:permission_standard_infrastructure_cxx",
+    "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk:libpermissionsdk_standard",
+    "//utils/native/base:utils",
+  ]
+}
+
+group("unittest") {
+  testonly = true
+  deps = [ ":libpermissionsdk_standard_test" ]
+}
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/test/unittest/cpp/src/permission_kit_test.cpp b/interfaces/innerkits/permission_standard/permissionsdk/test/unittest/cpp/src/permission_kit_test.cpp
new file mode 100755
index 0000000..a4ec9f4
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/test/unittest/cpp/src/permission_kit_test.cpp
@@ -0,0 +1,357 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_kit_test.h"
+
+#include "test_const.h"
+#include "permission_kit.h"
+
+using namespace testing::ext;
+using namespace OHOS::Security::Permission;
+
+void PermissionKitTest::SetUpTestCase()
+{}
+
+void PermissionKitTest::TearDownTestCase()
+{
+    PermissionKit::RemoveDefPermissions(TEST_BUNDLE_NAME);
+    PermissionKit::RemoveUserGrantedReqPermissions(TEST_BUNDLE_NAME, TEST_USER_ID);
+    PermissionKit::RemoveSystemGrantedReqPermissions(TEST_BUNDLE_NAME);
+}
+
+void PermissionKitTest::SetUp()
+{
+    vector<PermissionDef> permDefList;
+    PermissionDef permissionDefAlpha = {
+        .permissionName = TEST_PERMISSION_NAME_ALPHA,
+        .bundleName = TEST_BUNDLE_NAME,
+        .grantMode = GrantMode::USER_GRANT,
+        .availableScope = AVAILABLE_SCOPE_ALL,
+        .label = TEST_LABEL,
+        .labelId = TEST_LABEL_ID,
+        .description = TEST_DESCRIPTION,
+        .descriptionId = TEST_DESCRIPTION_ID
+    };
+
+    PermissionDef permissionDefBeta = {
+        .permissionName = TEST_PERMISSION_NAME_BETA,
+        .bundleName = TEST_BUNDLE_NAME,
+        .grantMode = GrantMode::SYSTEM_GRANT,
+        .availableScope = AVAILABLE_SCOPE_ALL,
+        .label = TEST_LABEL,
+        .labelId = TEST_LABEL_ID,
+        .description = TEST_DESCRIPTION,
+        .descriptionId = TEST_DESCRIPTION_ID
+    };
+
+    permDefList.emplace_back(permissionDefAlpha);
+    permDefList.emplace_back(permissionDefBeta);
+    PermissionKit::AddDefPermissions(permDefList);
+}
+
+void PermissionKitTest::TearDown()
+{}
+
+/**
+ * @tc.name: AddDefPermissions001
+ * @tc.desc: Get permission definition info successfully after AddDefPermissions function has been invoked
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, AddDefPermissions001, TestSize.Level1)
+{
+    PermissionDef permissionDefResultAlpha;
+    int ret = PermissionKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permissionDefResultAlpha);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    PermissionDef permissionDefResultBeta;
+    ret = PermissionKit::GetDefPermission(TEST_PERMISSION_NAME_BETA, permissionDefResultBeta);
+    ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: RemoveDefPermissions001
+ * @tc.desc: Cannot get permission definition info after RemoveDefPermissions has been invoked
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, RemoveDefPermissions001, TestSize.Level1)
+{
+    PermissionDef permissionDefResultAlpha;
+    int ret = PermissionKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, permissionDefResultAlpha);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::RemoveDefPermissions(TEST_BUNDLE_NAME);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    PermissionDef result;
+    ret = PermissionKit::GetDefPermission(TEST_PERMISSION_NAME_ALPHA, result);
+    ASSERT_EQ(RET_FAILED, ret);
+}
+
+/**
+ * @tc.name: VerifyPermission001
+ * @tc.desc: Verify user granted permission
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, VerifyPermission001, TestSize.Level1)
+{
+    vector<string> permList;
+    permList.push_back(TEST_PERMISSION_NAME_ALPHA);
+
+    int ret = PermissionKit::AddUserGrantedReqPermissions(TEST_BUNDLE_NAME, permList, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::GrantUserGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_GRANTED, ret);
+
+    ret = PermissionKit::RevokeUserGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RemoveUserGrantedReqPermissions(TEST_BUNDLE_NAME, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: VerifyPermission002
+ * @tc.desc: Verify system granted permission
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, VerifyPermission002, TestSize.Level1)
+{
+    vector<string> permList;
+    permList.push_back(TEST_PERMISSION_NAME_BETA);
+
+    int ret = PermissionKit::AddSystemGrantedReqPermissions(TEST_BUNDLE_NAME, permList);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::GrantSystemGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_GRANTED, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_SUB_USER_ID);
+    ASSERT_EQ(PERMISSION_GRANTED, ret);
+
+    ret = PermissionKit::RevokeSystemGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_SUB_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RemoveSystemGrantedReqPermissions(TEST_BUNDLE_NAME);
+    ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: VerifyPermission003
+ * @tc.desc: Verify permission that has not been defined.
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, VerifyPermission003, TestSize.Level1)
+{
+    int ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_GAMMA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+}
+
+/**
+ * @tc.name: VerifyPermissionErrorUserGrant001
+ * @tc.desc: Verify permission error that user granted but request system granted.
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, VerifyPermissionErrorUserGrant001, TestSize.Level1)
+{
+    vector<string> permList;
+    permList.push_back(TEST_PERMISSION_NAME_ALPHA);
+
+    int ret = PermissionKit::AddSystemGrantedReqPermissions(TEST_BUNDLE_NAME, permList);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::GrantUserGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RevokeUserGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RemoveUserGrantedReqPermissions(TEST_BUNDLE_NAME, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: VerifyPermissionErrorUserGrant002
+ * @tc.desc: Verify permission error that user granted but grant system granted.
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, VerifyPermissionErrorUserGrant002, TestSize.Level1)
+{
+    vector<string> permList;
+    permList.push_back(TEST_PERMISSION_NAME_ALPHA);
+
+    int ret = PermissionKit::AddUserGrantedReqPermissions(TEST_BUNDLE_NAME, permList, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::GrantSystemGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RevokeUserGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RemoveUserGrantedReqPermissions(TEST_BUNDLE_NAME, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: VerifyPermissionErrorSystemGrant001
+ * @tc.desc: Verify permission error that system granted but request user granted.
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, VerifyPermissionErrorSystemGrant001, TestSize.Level1)
+{
+    vector<string> permList;
+    permList.push_back(TEST_PERMISSION_NAME_BETA);
+
+    int ret = PermissionKit::AddUserGrantedReqPermissions(TEST_BUNDLE_NAME, permList, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::GrantSystemGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RevokeSystemGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RemoveUserGrantedReqPermissions(TEST_BUNDLE_NAME, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: VerifyPermissionErrorSystemGrant002
+ * @tc.desc: Verify permission error that system granted but grant user granted.
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, VerifyPermissionErrorSystemGrant002, TestSize.Level1)
+{
+    vector<string> permList;
+    permList.push_back(TEST_PERMISSION_NAME_BETA);
+
+    int ret = PermissionKit::AddSystemGrantedReqPermissions(TEST_BUNDLE_NAME, permList);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::GrantUserGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_SUB_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RevokeSystemGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::VerifyPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_SUB_USER_ID);
+    ASSERT_EQ(PERMISSION_NOT_GRANTED, ret);
+
+    ret = PermissionKit::RemoveUserGrantedReqPermissions(TEST_BUNDLE_NAME, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+}
+
+/**
+ * @tc.name: CanRequestPermission001
+ * @tc.desc: For user granted permission and permission is granted, can request permission
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, CanRequestPermission001, TestSize.Level1)
+{
+    vector<string> permList;
+    permList.push_back(TEST_PERMISSION_NAME_ALPHA);
+
+    int ret = PermissionKit::AddUserGrantedReqPermissions(TEST_BUNDLE_NAME, permList, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    bool isCanRequest = PermissionKit::CanRequestPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_TRUE(isCanRequest);
+
+    ret = PermissionKit::GrantUserGrantedPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    isCanRequest = PermissionKit::CanRequestPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_FALSE(isCanRequest);
+
+    ret = PermissionKit::RemoveDefPermissions(TEST_BUNDLE_NAME);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    isCanRequest = PermissionKit::CanRequestPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_ALPHA, TEST_USER_ID);
+    ASSERT_FALSE(isCanRequest);
+}
+
+/**
+ * @tc.name: CanRequestPermission001
+ * @tc.desc: For non user granted permission, can not request permission
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PermissionKitTest, CanRequestPermission002, TestSize.Level1)
+{
+    vector<string> permList;
+    permList.push_back(TEST_PERMISSION_NAME_BETA);
+
+    int ret = PermissionKit::AddSystemGrantedReqPermissions(TEST_BUNDLE_NAME, permList);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    bool isCanRequest = PermissionKit::CanRequestPermission(TEST_BUNDLE_NAME, TEST_PERMISSION_NAME_BETA, TEST_USER_ID);
+    ASSERT_FALSE(isCanRequest);
+
+    isCanRequest = PermissionKit::CanRequestPermission("", "", TEST_INVALID_USER_ID);
+    ASSERT_FALSE(isCanRequest);
+}
\ No newline at end of file
diff --git a/interfaces/innerkits/permission_standard/permissionsdk/test/unittest/cpp/src/permission_kit_test.h b/interfaces/innerkits/permission_standard/permissionsdk/test/unittest/cpp/src/permission_kit_test.h
new file mode 100644
index 0000000..daba1bd
--- /dev/null
+++ b/interfaces/innerkits/permission_standard/permissionsdk/test/unittest/cpp/src/permission_kit_test.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_KIT_TEST_H
+#define PERMISSION_KIT_TEST_H
+
+#include <gtest/gtest.h>
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionKitTest : public testing::Test {
+public:
+    static void SetUpTestCase();
+
+    static void TearDownTestCase();
+
+    void SetUp();
+
+    void TearDown();
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_KIT_TEST_H
diff --git a/interfaces/kits/permission_lite/BUILD.gn b/interfaces/kits/permission_lite/BUILD.gn
old mode 100644
new mode 100755
diff --git a/interfaces/kits/permission_lite/pms_interface.h b/interfaces/kits/permission_lite/pms_interface.h
old mode 100644
new mode 100755
diff --git a/interfaces/kits/permission_standard/BUILD.gn b/interfaces/kits/permission_standard/BUILD.gn
new file mode 100644
index 0000000..11f42d3
--- /dev/null
+++ b/interfaces/kits/permission_standard/BUILD.gn
@@ -0,0 +1,14 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
diff --git a/ohos.build b/ohos.build
new file mode 100755
index 0000000..3be6fe1
--- /dev/null
+++ b/ohos.build
@@ -0,0 +1,30 @@
+{
+  "subsystem": "security",
+  "parts": {
+    "permission_standard": {
+      "variants": [
+        "phone",
+        "wearable"
+      ],
+      "inner_kits": [
+        {
+          "name": "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk:libpermissionsdk_standard",
+          "header": {
+            "header_files": [
+              "permission/permission.h",
+              "permission/permission_def.h",
+              "permission/permission_kit.h"
+            ],
+            "header_base": "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include"
+          }
+        }
+      ],
+      "module_list": [
+        "//base/security/permission:permission_build_module_standard"
+      ],
+      "test_list": [
+        "//base/security/permission:permission_build_module_standard_test"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/services/permission_lite/BUILD.gn b/services/permission_lite/BUILD.gn
old mode 100644
new mode 100755
diff --git a/services/permission_lite/ipc_auth/include/policy_preset.h b/services/permission_lite/ipc_auth/include/policy_preset.h
old mode 100644
new mode 100755
diff --git a/services/permission_lite/ipc_auth/src/ipc_auth_impl.c b/services/permission_lite/ipc_auth/src/ipc_auth_impl.c
old mode 100644
new mode 100755
diff --git a/services/permission_lite/js_api/BUILD.gn b/services/permission_lite/js_api/BUILD.gn
old mode 100644
new mode 100755
diff --git a/services/permission_lite/js_api/include/perm_module.h b/services/permission_lite/js_api/include/perm_module.h
old mode 100644
new mode 100755
diff --git a/services/permission_lite/js_api/src/perm_module.cpp b/services/permission_lite/js_api/src/perm_module.cpp
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/BUILD.gn b/services/permission_lite/pms/BUILD.gn
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/include/hals/hal_pms.h b/services/permission_lite/pms/include/hals/hal_pms.h
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/include/perm_define.h b/services/permission_lite/pms/include/perm_define.h
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/include/perm_operate.h b/services/permission_lite/pms/include/perm_operate.h
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/include/pms.h b/services/permission_lite/pms/include/pms.h
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/include/pms_inner.h b/services/permission_lite/pms/include/pms_inner.h
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/src/perm_operate.c b/services/permission_lite/pms/src/perm_operate.c
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/src/pms_impl.c b/services/permission_lite/pms/src/pms_impl.c
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/src/pms_inner.c b/services/permission_lite/pms/src/pms_inner.c
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/src/pms_server.c b/services/permission_lite/pms/src/pms_server.c
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms/src/pms_server_internal.c b/services/permission_lite/pms/src/pms_server_internal.c
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms_base/BUILD.gn b/services/permission_lite/pms_base/BUILD.gn
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms_base/include/pms_common.h b/services/permission_lite/pms_base/include/pms_common.h
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms_client/BUILD.gn b/services/permission_lite/pms_client/BUILD.gn
old mode 100644
new mode 100755
diff --git a/services/permission_lite/pms_client/perm_client.c b/services/permission_lite/pms_client/perm_client.c
old mode 100644
new mode 100755
diff --git a/services/permission_standard/permissionmanagerservice/BUILD.gn b/services/permission_standard/permissionmanagerservice/BUILD.gn
new file mode 100755
index 0000000..8d9b43f
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/BUILD.gn
@@ -0,0 +1,58 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos.gni")
+
+ohos_shared_library("permission_manager_service_standard") {
+  subsystem_name = "security"
+  part_name = "permission_standard"
+
+  include_dirs = [
+    "include",
+    "//utils/system/safwk/native/include",
+    "//base/security/permission/frameworks/permission_standard/permissioninfrastructure",
+    "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission",
+  ]
+
+  sources = [
+    "main/cpp/src/data_storage.cpp",
+    "main/cpp/src/data_translator.cpp",
+    "main/cpp/src/generic_values.cpp",
+    "main/cpp/src/permission_definition_cache.cpp",
+    "main/cpp/src/permission_definition_manager.cpp",
+    "main/cpp/src/permission_manager_service.cpp",
+    "main/cpp/src/permission_manager_stub.cpp",
+    "main/cpp/src/permission_state_cache.cpp",
+    "main/cpp/src/permission_state_manager.cpp",
+    "main/cpp/src/sqlite_helper.cpp",
+    "main/cpp/src/sqlite_storage.cpp",
+    "main/cpp/src/statement.cpp",
+    "main/cpp/src/variant_value.cpp",
+  ]
+
+  cflags_cc = [ "-DHILOG_ENABLE" ]
+
+  deps = [
+    "//base/security/permission/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
+    "//base/security/permission/frameworks/permission_standard/permissioninfrastructure:permission_standard_infrastructure_cxx",
+    "//third_party/sqlite:sqlite",
+    "//utils/native/base:utils",
+  ]
+
+  external_deps = [
+    "hiviewdfx_hilog_native:libhilog",
+    "ipc:ipc_core",
+    "safwk:system_ability_fwk",
+    "samgr_L2:samgr_proxy",
+  ]
+}
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/data_storage.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/data_storage.cpp
new file mode 100644
index 0000000..f28cec1
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/data_storage.cpp
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "data_storage.h"
+
+#include "sqlite_storage.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+DataStorage& DataStorage::GetRealDataStorage()
+{
+    return SqliteStorage::GetInstance();
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/data_storage.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/data_storage.h
new file mode 100644
index 0000000..c7295e3
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/data_storage.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef DATA_STORAGE_H
+#define DATA_STORAGE_H
+
+#include <vector>
+#include <map>
+
+#include "generic_values.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class DataStorage {
+public:
+    enum DataType { PERMISSION_DEF, PERMISSIONS_STAT_USER_GRANTED, PERMISSIONS_STAT_SYSTEM_GRANTED };
+
+    static DataStorage& GetRealDataStorage();
+
+    virtual ~DataStorage() = default;
+
+    virtual int Add(const DataType type, const std::vector<GenericValues>& values) = 0;
+
+    virtual int Remove(const DataType type, const GenericValues& conditions) = 0;
+
+    virtual int Modify(const DataType type, const GenericValues& modifyValues, const GenericValues& conditions) = 0;
+
+    virtual int Find(const DataType type, std::vector<GenericValues>& results) = 0;
+
+    virtual int RefreshAll(const DataType type, const std::vector<GenericValues>& values) = 0;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif // DATA_STORAGE_H
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/data_translator.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/data_translator.cpp
new file mode 100644
index 0000000..38b578d
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/data_translator.cpp
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "data_translator.h"
+
+#include "permission.h"
+#include "field_const.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericValues, PermissionDef& outPermissionDef)
+{
+    outPermissionDef.permissionName = inGenericValues.GetString(FIELD_PERMISSION_NAME);
+    outPermissionDef.bundleName = inGenericValues.GetString(FIELD_BUNDLE_NAME);
+    outPermissionDef.grantMode = inGenericValues.GetInt(FIELD_GRANT_MODE);
+    outPermissionDef.availableScope = inGenericValues.GetInt(FIELD_AVAILABLE_SCOPE);
+    outPermissionDef.label = inGenericValues.GetString(FIELD_LABEL);
+    outPermissionDef.labelId = inGenericValues.GetInt(FIELD_LABEL_ID);
+    outPermissionDef.description = inGenericValues.GetString(FIELD_DESCRIPTION);
+    outPermissionDef.descriptionId = inGenericValues.GetInt(FIELD_DESCRIPTION_ID);
+    return RET_SUCCESS;
+}
+
+int DataTranslator::TranslationIntoGenericValues(const PermissionDef& inPermissionDef, GenericValues& outGenericValues)
+{
+    outGenericValues.Put(FIELD_PERMISSION_NAME, inPermissionDef.permissionName);
+    outGenericValues.Put(FIELD_BUNDLE_NAME, inPermissionDef.bundleName);
+    outGenericValues.Put(FIELD_GRANT_MODE, inPermissionDef.grantMode);
+    outGenericValues.Put(FIELD_AVAILABLE_SCOPE, inPermissionDef.availableScope);
+    outGenericValues.Put(FIELD_LABEL, inPermissionDef.label);
+    outGenericValues.Put(FIELD_LABEL_ID, inPermissionDef.labelId);
+    outGenericValues.Put(FIELD_DESCRIPTION, inPermissionDef.description);
+    outGenericValues.Put(FIELD_DESCRIPTION_ID, inPermissionDef.descriptionId);
+    return RET_SUCCESS;
+}
+
+int DataTranslator::TranslationIntoPermissionReq(const GenericValues& inGenericValues, PermissionReq& outPermissionReq)
+{
+    outPermissionReq.reqPermissionName = inGenericValues.GetString(FIELD_PERMISSION_NAME);
+    outPermissionReq.isGranted = inGenericValues.GetInt(FIELD_GRANTED) != 0;
+    outPermissionReq.flags = inGenericValues.GetInt(FIELD_FLAGS);
+    return RET_SUCCESS;
+}
+
+int DataTranslator::TranslationIntoGenericValues(const PermissionReq& inPermissionReq, GenericValues& outGenericValues)
+{
+    outGenericValues.Put(FIELD_PERMISSION_NAME, inPermissionReq.reqPermissionName);
+    outGenericValues.Put(FIELD_GRANTED, inPermissionReq.isGranted ? 1 : 0);
+    outGenericValues.Put(FIELD_FLAGS, inPermissionReq.flags);
+    return RET_SUCCESS;
+}
+
+std::string DataTranslator::ToString(const PermissionDef& inPermissionDef)
+{
+    std::string infos;
+    infos.append(R"({"permissionName": ")" + inPermissionDef.permissionName + R"(")");
+    infos.append(R"(, "bundleName": ")" + inPermissionDef.bundleName + R"(")");
+    infos.append(R"(, "grantMode": )" + std::to_string(inPermissionDef.grantMode));
+    infos.append(R"(, "availableScope": )" + std::to_string(inPermissionDef.availableScope));
+    infos.append(R"(, "label": ")" + inPermissionDef.label + R"(")");
+    infos.append(R"(, "labelId": )" + std::to_string(inPermissionDef.labelId));
+    infos.append(R"(, "description": ")" + inPermissionDef.description + R"(")");
+    infos.append(R"(, "descriptionId": )" + std::to_string(inPermissionDef.descriptionId));
+    infos.append("}");
+    return infos;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/data_translator.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/data_translator.h
new file mode 100755
index 0000000..8412be1
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/data_translator.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef DATA_TRANSLATOR_H
+#define DATA_TRANSLATOR_H
+
+#include <string>
+
+#include "permission_def.h"
+#include "permission_req.h"
+#include "generic_values.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class DataTranslator final {
+public:
+    static int TranslationIntoPermissionDef(const GenericValues& inGenericValues, PermissionDef& outPermissionDef);
+    static int TranslationIntoPermissionReq(const GenericValues& inGenericValues, PermissionReq& outPermissionReq);
+    static int TranslationIntoGenericValues(const PermissionDef& inPermissionDef, GenericValues& outGenericValues);
+    static int TranslationIntoGenericValues(const PermissionReq& inPermissionReq, GenericValues& outGenericValues);
+    static std::string ToString(const PermissionDef& inPermissionDef);
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // DATA_TRANSLATOR_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/field_const.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/field_const.h
new file mode 100644
index 0000000..fc98bbe
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/field_const.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FIELD_CONST_H
+#define FIELD_CONST_H
+
+#include <string>
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+const std::string FIELD_PERMISSION_NAME = "permission_name";
+const std::string FIELD_BUNDLE_NAME = "bundle_name";
+const std::string FIELD_GRANT_MODE = "grant_mode";
+const std::string FIELD_AVAILABLE_SCOPE = "available_scope";
+const std::string FIELD_LABEL = "label";
+const std::string FIELD_LABEL_ID = "label_id";
+const std::string FIELD_DESCRIPTION = "description";
+const std::string FIELD_DESCRIPTION_ID = "description_id";
+const std::string FIELD_USER_ID = "user_id";
+const std::string FIELD_GRANTED = "granted";
+const std::string FIELD_FLAGS = "flags";
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // FIELD_CONST_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/generic_values.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/generic_values.cpp
new file mode 100644
index 0000000..d8d0691
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/generic_values.cpp
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "generic_values.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+void GenericValues::Put(const std::string& key, int value)
+{
+    map_.insert(std::make_pair(key, VariantValue(value)));
+}
+
+void GenericValues::Put(const std::string& key, const std::string& value)
+{
+    map_.insert(std::make_pair(key, VariantValue(value)));
+}
+
+void GenericValues::Put(const std::string& key, const VariantValue& value)
+{
+    map_.insert(std::make_pair(key, value));
+}
+
+VariantValue GenericValues::Get(const std::string& key) const
+{
+    auto iter = map_.find(key);
+    if (iter == map_.end()) {
+        return VariantValue();
+    }
+    return iter->second;
+}
+
+int GenericValues::GetInt(const std::string& key) const
+{
+    auto it = map_.find(key);
+    if (it == map_.end()) {
+        return VariantValue::DEFAULT_VALUE;
+    }
+    return it->second.GetInt();
+}
+
+std::string GenericValues::GetString(const std::string& key) const
+{
+    auto it = map_.find(key);
+    if (it == map_.end()) {
+        return std::string();
+    }
+    return it->second.GetString();
+}
+
+std::vector<std::string> GenericValues::GetAllKeys() const
+{
+    std::vector<std::string> keys;
+    for (auto it = map_.begin(); it != map_.end(); ++it) {
+        keys.emplace_back(it->first);
+    }
+    return keys;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/generic_values.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/generic_values.h
new file mode 100755
index 0000000..04c99dc
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/generic_values.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef GENERIC_VALUES_H
+#define GENERIC_VALUES_H
+
+#include <map>
+#include <vector>
+#include <string>
+
+#include "variant_value.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class GenericValues final {
+public:
+    GenericValues() = default;
+    virtual ~GenericValues() = default;
+
+    void Put(const std::string& key, int value);
+
+    void Put(const std::string& key, const std::string& value);
+
+    void Put(const std::string& key, const VariantValue& value);
+
+    std::vector<std::string> GetAllKeys() const;
+
+    VariantValue Get(const std::string& key) const;
+
+    int GetInt(const std::string& key) const;
+
+    std::string GetString(const std::string& key) const;
+
+private:
+    std::map<std::string, VariantValue> map_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // GENERIC_VALUES_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_cache.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_cache.cpp
new file mode 100644
index 0000000..951ceff
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_cache.cpp
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_definition_cache.h"
+
+#include "permission.h"
+#include "data_translator.h"
+#include "permission_log.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
+    LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionDefinitionCache"
+};
+}
+
+PermissionDefinitionCache& PermissionDefinitionCache::GetInstance()
+{
+    static PermissionDefinitionCache instance;
+    return instance;
+}
+
+PermissionDefinitionCache::PermissionDefinitionCache()
+{}
+
+PermissionDefinitionCache::~PermissionDefinitionCache()
+{}
+
+bool PermissionDefinitionCache::Insert(const PermissionDef& info)
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    auto it = permissionDefinitionMap_.find(info.permissionName);
+    if (it != permissionDefinitionMap_.end()) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: info for permission: %{public}s has been insert, please check!",
+            __func__, info.permissionName.c_str());
+        return false;
+    }
+    permissionDefinitionMap_[info.permissionName] = info;
+    return true;
+}
+
+void PermissionDefinitionCache::DeleteByBundleName(const std::string& bundleName)
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    auto it = permissionDefinitionMap_.begin();
+    while (it != permissionDefinitionMap_.end()) {
+        if (bundleName == it->second.bundleName) {
+            permissionDefinitionMap_.erase(it++);
+        } else {
+            ++it;
+        }
+    }
+}
+
+int PermissionDefinitionCache::FindByPermissionName(const std::string& permissionName, PermissionDef& info)
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    auto it = permissionDefinitionMap_.find(permissionName);
+    if (it == permissionDefinitionMap_.end()) {
+        PERMISSION_LOG_DEBUG(LABEL, "%{public}s: can not find definition info for permission: %{public}s", __func__,
+            permissionName.c_str());
+        return RET_FAILED;
+    }
+    info = it->second;
+    return RET_SUCCESS;
+}
+
+bool PermissionDefinitionCache::IsSystemGrantedPermission(const std::string& permissionName)
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    return IsGrantedModeEqualInner(permissionName, SYSTEM_GRANT);
+}
+
+bool PermissionDefinitionCache::IsUserGrantedPermission(const std::string& permissionName)
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    return IsGrantedModeEqualInner(permissionName, USER_GRANT);
+}
+
+std::string PermissionDefinitionCache::ToString()
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    std::string infos = R"({"Cache": "Default", "DefPermissions": [)";
+    for (const auto& request : permissionDefinitionMap_) {
+        PermissionDef permissionDef = request.second;
+        infos.append(DataTranslator::ToString(request.second));
+        infos.append(", ");
+    }
+    infos = infos + "]}";
+    return infos;
+}
+
+bool PermissionDefinitionCache::IsGrantedModeEqualInner(const std::string& permissionName, int grantMode) const
+{
+    auto it = permissionDefinitionMap_.find(permissionName);
+    if (it == permissionDefinitionMap_.end()) {
+        return false;
+    }
+    return it->second.grantMode == grantMode;
+}
+
+bool PermissionDefinitionCache::HasDefinition(const std::string& permissionName)
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    return permissionDefinitionMap_.count(permissionName) == 1;
+}
+
+void PermissionDefinitionCache::QueryCurrentCache(std::vector<GenericValues>& valueList)
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    for (auto it = permissionDefinitionMap_.begin(); it != permissionDefinitionMap_.end(); ++it) {
+        GenericValues genericValues;
+        DataTranslator::TranslationIntoGenericValues(it->second, genericValues);
+        valueList.emplace_back(genericValues);
+    }
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_cache.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_cache.h
new file mode 100755
index 0000000..483fc65
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_cache.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_DEFINITION_CACHE_H
+#define PERMISSION_DEFINITION_CACHE_H
+
+#include <map>
+#include <vector>
+
+#include "permission_def.h"
+#include "generic_values.h"
+
+#include "rwlock.h"
+#include "nocopyable.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionDefinitionCache final {
+public:
+    static PermissionDefinitionCache& GetInstance();
+
+    virtual ~PermissionDefinitionCache();
+
+    bool Insert(const PermissionDef& info);
+
+    void DeleteByBundleName(const std::string& bundleName);
+
+    int FindByPermissionName(const std::string& permissionName, PermissionDef& info);
+
+    bool IsSystemGrantedPermission(const std::string& permissionName);
+
+    bool IsUserGrantedPermission(const std::string& permissionName);
+
+    bool HasDefinition(const std::string& permissionName);
+
+    void QueryCurrentCache(std::vector<GenericValues>& valueList);
+
+    std::string ToString();
+
+private:
+    PermissionDefinitionCache();
+
+    bool IsGrantedModeEqualInner(const std::string& permissionName, int grantMode) const;
+
+    DISALLOW_COPY_AND_MOVE(PermissionDefinitionCache);
+
+    /**
+     * key: permission name.
+     * value: PermissionDef.
+     */
+    std::map<std::string, PermissionDef> permissionDefinitionMap_;
+
+    OHOS::Utils::RWLock cacheLock_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_DEFINITION_CACHE_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_manager.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_manager.cpp
new file mode 100644
index 0000000..25dc450
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_manager.cpp
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_definition_manager.h"
+
+#include "permission_definition_cache.h"
+#include "data_storage.h"
+#include "data_translator.h"
+#include "permission_log.h"
+#include "permission.h"
+#include "data_validator.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
+    LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionDefinitionManager"
+};
+}
+
+PermissionDefinitionManager& PermissionDefinitionManager::GetInstance()
+{
+    static PermissionDefinitionManager instance;
+    return instance;
+}
+
+PermissionDefinitionManager::PermissionDefinitionManager() : hasInited_(false)
+{}
+
+PermissionDefinitionManager::~PermissionDefinitionManager()
+{
+    if (!hasInited_) {
+        return;
+    }
+    this->permissionDefDataAccessWorker_.Stop();
+    this->hasInited_ = false;
+}
+
+void PermissionDefinitionManager::Init()
+{
+    OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lk(this->rwLock_);
+    if (hasInited_) {
+        return;
+    }
+    PERMISSION_LOG_INFO(LABEL, "init begin!");
+    std::vector<GenericValues> results;
+    DataStorage::GetRealDataStorage().Find(DataStorage::PERMISSION_DEF, results);
+    for (auto value : results) {
+        PermissionDef permissionDef;
+        DataTranslator::TranslationIntoPermissionDef(value, permissionDef);
+        PermissionDefinitionCache::GetInstance().Insert(permissionDef);
+    }
+    this->permissionDefDataAccessWorker_.Start(1);
+    hasInited_ = true;
+    PERMISSION_LOG_INFO(LABEL, "Init success");
+}
+
+void PermissionDefinitionManager::AddDefPermissions(const std::vector<PermissionDefParcel>& permList)
+{
+    if (permList.empty()) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+    for (const auto& permissionDefParcel : permList) {
+        if (!IsPermissionDefValid(permissionDefParcel.permissionDef)) {
+            PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid permission definition info: %{public}s", __func__,
+                DataTranslator::ToString(permissionDefParcel.permissionDef).c_str());
+            continue;
+        }
+        PermissionDefinitionCache::GetInstance().Insert(permissionDefParcel.permissionDef);
+    }
+    RefreshPersistentDataIfNeeded();
+}
+
+void PermissionDefinitionManager::RemoveDefPermissions(const std::string& bundleName)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+    PermissionDefinitionCache::GetInstance().DeleteByBundleName(bundleName);
+    RefreshPersistentDataIfNeeded();
+}
+
+int PermissionDefinitionManager::GetDefPermission(
+    const std::string& permissionName, PermissionDefParcel& permissionDefParcel) const
+{
+    if (!DataValidator::IsPermissionNameValid(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return RET_FAILED;
+    }
+    return PermissionDefinitionCache::GetInstance().FindByPermissionName(
+        permissionName, permissionDefParcel.permissionDef);
+}
+
+bool PermissionDefinitionManager::IsGrantModeValid(const int grantMode) const
+{
+    return grantMode == GrantMode::SYSTEM_GRANT || grantMode == GrantMode::USER_GRANT;
+}
+
+bool PermissionDefinitionManager::IsAvailableScopeValid(const int availableScope) const
+{
+    return availableScope == AvailableScope::AVAILABLE_SCOPE_ALL ||
+        availableScope == AvailableScope::AVAILABLE_SCOPE_RESTRICTED ||
+        availableScope == AvailableScope::AVAILABLE_SCOPE_SIGNATURE;
+}
+
+bool PermissionDefinitionManager::IsPermissionDefValid(const PermissionDef& permissionDef) const
+{
+    if (!DataValidator::IsPermissionNameValid(permissionDef.permissionName)) {
+        return false;
+    }
+    if (!DataValidator::IsBundleNameValid(permissionDef.bundleName)) {
+        return false;
+    }
+    if (!IsGrantModeValid(permissionDef.grantMode)) {
+        return false;
+    }
+    return IsAvailableScopeValid(permissionDef.availableScope);
+}
+
+void PermissionDefinitionManager::RefreshPersistentDataIfNeeded()
+{
+    if (permissionDefDataAccessWorker_.GetCurTaskNum() > 1) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: has refresh task!", __func__);
+        return;
+    }
+    permissionDefDataAccessWorker_.AddTask([]() {
+        std::vector<GenericValues> valueList;
+        PermissionDefinitionCache::GetInstance().QueryCurrentCache(valueList);
+        DataStorage::GetRealDataStorage().RefreshAll(DataStorage::PERMISSION_DEF, valueList);
+
+        // Sleep for one second to avoid frequent refresh of the database.
+        std::this_thread::sleep_for(std::chrono::seconds(1));
+    });
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_manager.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_manager.h
new file mode 100755
index 0000000..abe4519
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_definition_manager.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_DEFINITION_MANAGER_H
+#define PERMISSION_DEFINITION_MANAGER_H
+
+#include <vector>
+
+#include "permission_def_parcel.h"
+#include "field_const.h"
+#include "nocopyable.h"
+#include "thread_pool.h"
+#include "rwlock.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionDefinitionManager final {
+public:
+    static PermissionDefinitionManager& GetInstance();
+
+    void Init();
+
+    virtual ~PermissionDefinitionManager();
+
+    void AddDefPermissions(const std::vector<PermissionDefParcel>& permList);
+
+    void RemoveDefPermissions(const std::string& bundleName);
+
+    int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefParcel) const;
+
+private:
+    PermissionDefinitionManager();
+
+    DISALLOW_COPY_AND_MOVE(PermissionDefinitionManager);
+
+    bool IsGrantModeValid(const int grantMode) const;
+
+    bool IsAvailableScopeValid(const int availableScope) const;
+
+    bool IsPermissionDefValid(const PermissionDef& permissionDef) const;
+
+    void RefreshPersistentDataIfNeeded();
+
+    OHOS::ThreadPool permissionDefDataAccessWorker_;
+
+    bool hasInited_;
+
+    OHOS::Utils::RWLock rwLock_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif // PERMISSION_DEFINITION_MANAGER_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_service.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_service.cpp
new file mode 100755
index 0000000..110906d
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_service.cpp
@@ -0,0 +1,189 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_manager_service.h"
+
+#include "permission.h"
+#include "permission_definition_manager.h"
+#include "permission_state_manager.h"
+#include "permission_log.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionManagerService"};
+}
+
+const bool REGISTER_RESULT =
+    SystemAbility::MakeAndRegisterAbility(DelayedSingleton<PermissionManagerService>::GetInstance().get());
+
+PermissionManagerService::PermissionManagerService()
+    : SystemAbility(SA_ID_PERMISSION_MANAGER_SERVICE, true), state_(ServiceRunningState::STATE_NOT_START)
+{
+    PERMISSION_LOG_INFO(LABEL, "PermissionManagerService()");
+}
+
+PermissionManagerService::~PermissionManagerService()
+{
+    PERMISSION_LOG_INFO(LABEL, "~PermissionManagerService()");
+}
+
+void PermissionManagerService::OnStart()
+{
+    if (state_ == ServiceRunningState::STATE_RUNNING) {
+        PERMISSION_LOG_INFO(LABEL, "PermissionManagerService has already started!");
+        return;
+    }
+    PERMISSION_LOG_INFO(LABEL, "PermissionManagerService is starting");
+    if (!Initialize()) {
+        PERMISSION_LOG_ERROR(LABEL, "Failed to initialize");
+        return;
+    }
+    state_ = ServiceRunningState::STATE_RUNNING;
+    bool ret = Publish(DelayedSingleton<PermissionManagerService>::GetInstance().get());
+    if (!ret) {
+        PERMISSION_LOG_ERROR(LABEL, "Failed to publish service!");
+        return;
+    }
+    PERMISSION_LOG_INFO(LABEL, "Congratulations, PermissionManagerService start successfully!");
+}
+
+void PermissionManagerService::OnStop()
+{
+    PERMISSION_LOG_INFO(LABEL, "stop service");
+    state_ = ServiceRunningState::STATE_NOT_START;
+}
+
+int PermissionManagerService::VerifyPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL,
+        "%{public}s called, packageName: %{public}s, permissionName: %{public}s, userId: %{public}d", __func__,
+        bundleName.c_str(), permissionName.c_str(), userId);
+    return PermissionStateManager::GetInstance().VerifyPermission(bundleName, permissionName, userId);
+}
+
+bool PermissionManagerService::CanRequestPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL,
+        "%{public}s called, bundleName: %{public}s, permissionName: %{public}s, userId: %{public}d", __func__,
+        bundleName.c_str(), permissionName.c_str(), userId);
+    return PermissionStateManager::GetInstance().CanRequestPermission(bundleName, permissionName, userId);
+}
+
+int PermissionManagerService::GrantUserGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL,
+        "%{public}s called, bundleName: %{public}s, permissionName: %{public}s, userId: %{public}d", __func__,
+        bundleName.c_str(), permissionName.c_str(), userId);
+    PermissionStateManager::GetInstance().GrantUserGrantedPermission(bundleName, permissionName, userId);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::GrantSystemGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, bundleName: %{public}s, permissionName: %{public}s", __func__,
+        bundleName.c_str(), permissionName.c_str());
+    PermissionStateManager::GetInstance().GrantSystemGrantedPermission(bundleName, permissionName);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::RevokeUserGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL,
+        "%{public}s called, bundleName: %{public}s, permissionName: %{public}s, userId: %{public}d", __func__,
+        bundleName.c_str(), permissionName.c_str(), userId);
+    PermissionStateManager::GetInstance().RevokeUserGrantedPermission(bundleName, permissionName, userId);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::RevokeSystemGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, bundleName: %{public}s, permissionName: %{public}s", __func__,
+        bundleName.c_str(), permissionName.c_str());
+    PermissionStateManager::GetInstance().RevokeSystemGrantedPermission(bundleName, permissionName);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::AddUserGrantedReqPermissions(
+    const std::string& bundleName, const std::vector<std::string>& permList, int userId)
+{
+    PERMISSION_LOG_INFO(LABEL,
+        "%{public}s called, bundleName: %{public}s, permList size: %{public}d, userId: %{public}d", __func__,
+        bundleName.c_str(), (int) permList.size(), userId);
+    PermissionStateManager::GetInstance().AddUserGrantedReqPermissions(bundleName, permList, userId);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::AddSystemGrantedReqPermissions(
+    const std::string& bundleName, const std::vector<std::string>& permList)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, bundleName: %{public}s, permList size: %{public}d", __func__,
+        bundleName.c_str(), (int) permList.size());
+    PermissionStateManager::GetInstance().AddSystemGrantedReqPermissions(bundleName, permList);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId)
+{
+    PERMISSION_LOG_INFO(
+        LABEL, "%{public}s called, bundleName: %{public}s, userId: %{public}d", __func__, bundleName.c_str(), userId);
+    PermissionStateManager::GetInstance().RemoveUserGrantedReqPermissions(bundleName, userId);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::RemoveSystemGrantedReqPermissions(const std::string& bundleName)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, bundleName: %{public}s", __func__, bundleName.c_str());
+    PermissionStateManager::GetInstance().RemoveSystemGrantedReqPermissions(bundleName);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::AddDefPermissions(const std::vector<PermissionDefParcel>& permDefList)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, permList size: %{public}d", __func__, (int) permDefList.size());
+    PermissionDefinitionManager::GetInstance().AddDefPermissions(permDefList);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::RemoveDefPermissions(const std::string& bundleName)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, bundleName: %{public}s", __func__, bundleName.c_str());
+    PermissionDefinitionManager::GetInstance().RemoveDefPermissions(bundleName);
+    return RET_SUCCESS;
+}
+
+int PermissionManagerService::GetDefPermission(
+    const std::string& permissionName, PermissionDefParcel& permissionDefResult)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, bundleName: %{public}s", __func__, permissionName.c_str());
+    return PermissionDefinitionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult);
+}
+
+bool PermissionManagerService::Initialize() const
+{
+    PermissionDefinitionManager::GetInstance().Init();
+    PermissionStateManager::GetInstance().Init();
+    return true;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_service.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_service.h
new file mode 100755
index 0000000..d049ea5
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_service.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_MANAGER_SERVICE_H
+#define PERMISSION_MANAGER_SERVICE_H
+
+#include "permission_manager_stub.h"
+
+#include "singleton.h"
+#include "iremote_object.h"
+#include "system_ability.h"
+#include "nocopyable.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+enum class ServiceRunningState { STATE_NOT_START, STATE_RUNNING };
+class PermissionManagerService final : public SystemAbility, public PermissionManagerStub {
+    DECLARE_DELAYED_SINGLETON(PermissionManagerService);
+    DECLEAR_SYSTEM_ABILITY(PermissionManagerService);
+
+public:
+    void OnStart() override;
+    void OnStop() override;
+
+    int VerifyPermission(const std::string& bundleName, const std::string& permissionName, int userId) override;
+
+    bool CanRequestPermission(const std::string& bundleName, const std::string& permissionName, int userId) override;
+
+    int GrantUserGrantedPermission(
+        const std::string& bundleName, const std::string& permissionName, int userId) override;
+
+    int GrantSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName) override;
+
+    int RevokeUserGrantedPermission(
+        const std::string& bundleName, const std::string& permissionName, int userId) override;
+
+    int RevokeSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName) override;
+
+    int AddUserGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList, int userId) override;
+
+    int AddSystemGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList) override;
+
+    int RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId) override;
+
+    int RemoveSystemGrantedReqPermissions(const std::string& bundleName) override;
+
+    int AddDefPermissions(const std::vector<PermissionDefParcel>& permDefList) override;
+
+    int RemoveDefPermissions(const std::string& bundleName) override;
+
+    int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override;
+
+private:
+    bool Initialize() const;
+
+    ServiceRunningState state_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_MANAGER_SERVICE_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_stub.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_stub.cpp
new file mode 100644
index 0000000..ba76cb8
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_stub.cpp
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_manager_stub.h"
+
+#include "permission.h"
+#include "permission_log.h"
+
+#include "ipc_skeleton.h"
+#include "string_ex.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionManagerStub"};
+}
+
+int32_t PermissionManagerStub::OnRemoteRequest(
+    uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, code: %{public}d", __func__, code);
+    std::u16string descriptor = data.ReadInterfaceToken();
+    if (descriptor != IPermissionManager::GetDescriptor()) {
+        PERMISSION_LOG_ERROR(LABEL, "get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str());
+        return RET_FAILED;
+    }
+    switch (code) {
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::VERIFY_PERMISSION):
+            VerifyPermissionInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::CAN_REQUEST_PERMISSION):
+            CanRequestPermissionInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::GRANT_USER_GRANTED_PERMISSION):
+            GrantUserGrantedPermissionInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::GRANT_SYSTEM_GRANTED_PERMISSION):
+            GrantSystemGrantedPermissionInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::REVOKE_USER_GRANTED_PERMISSION):
+            RevokeUserGrantedPermissionInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::REVOKE_SYSTEM_GRANTED_PERMISSION):
+            RevokeSystemGrantedPermissionInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::ADD_USER_GRANTED_REQ_PERMISSIONS):
+            AddUserGrantedReqPermissionsInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::ADD_SYSTEM_GRANTED_REQ_PERMISSIONS):
+            AddSystemGrantedReqPermissionsInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::REMOVE_USER_GRANTED_REQ_PERMISSIONS):
+            RemoveUserGrantedReqPermissionsInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::REMOVE_SYSTEM_GRANTED_REQ_PERMISSIONS):
+            RemoveSystemGrantedReqPermissionsInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::ADD_DEF_PERMISSIONS):
+            AddDefPermissionsInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::REMOVE_DEF_PERMISSIONS):
+            RemoveDefPermissionsInner(data, reply);
+            break;
+        case static_cast<uint32_t>(IPermissionManager::InterfaceCode::GET_DEF_PERMISSION):
+            GetDefPermissionInner(data, reply);
+            break;
+        default:
+            return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
+    }
+    return NO_ERROR;
+}
+
+void PermissionManagerStub::VerifyPermissionInner(MessageParcel& data, MessageParcel& reply)
+{
+    std::string bundleName = data.ReadString();
+    std::string permissionName = data.ReadString();
+    int userId = data.ReadInt32();
+    int result = this->VerifyPermission(bundleName, permissionName, userId);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::CanRequestPermissionInner(MessageParcel& data, MessageParcel& reply)
+{
+    std::string bundleName = data.ReadString();
+    std::string permissionName = data.ReadString();
+    int userId = data.ReadInt32();
+    int result = this->CanRequestPermission(bundleName, permissionName, userId);
+    reply.WriteBool(result);
+}
+
+void PermissionManagerStub::GrantUserGrantedPermissionInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    std::string permissionName = data.ReadString();
+    int userId = data.ReadInt32();
+    int result = this->GrantUserGrantedPermission(bundleName, permissionName, userId);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::GrantSystemGrantedPermissionInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    std::string permissionName = data.ReadString();
+    int result = this->GrantSystemGrantedPermission(bundleName, permissionName);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::RevokeUserGrantedPermissionInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    std::string permissionName = data.ReadString();
+    int userId = data.ReadInt32();
+    int result = this->RevokeUserGrantedPermission(bundleName, permissionName, userId);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::RevokeSystemGrantedPermissionInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    std::string permissionName = data.ReadString();
+    int result = this->RevokeSystemGrantedPermission(bundleName, permissionName);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::AddUserGrantedReqPermissionsInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    std::vector<std::string> permList;
+    data.ReadStringVector(&permList);
+    int userId = data.ReadInt32();
+    int result = this->AddUserGrantedReqPermissions(bundleName, permList, userId);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::AddSystemGrantedReqPermissionsInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    std::vector<std::string> permList;
+    data.ReadStringVector(&permList);
+    int result = this->AddSystemGrantedReqPermissions(bundleName, permList);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::RemoveUserGrantedReqPermissionsInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    int userId = data.ReadInt32();
+    int result = this->RemoveUserGrantedReqPermissions(bundleName, userId);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::RemoveSystemGrantedReqPermissionsInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    int result = this->RemoveSystemGrantedReqPermissions(bundleName);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::AddDefPermissionsInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    int size = 0;
+    data.ReadInt32(size);
+    std::vector<PermissionDefParcel> permList;
+    for (int i = 0; i < size; i++) {
+        sptr<PermissionDefParcel> permissionDef = data.ReadParcelable<PermissionDefParcel>();
+        if (permissionDef != nullptr) {
+            permList.emplace_back(*permissionDef);
+        }
+    }
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called, permList size: %{public}d", __func__, (int) permList.size());
+    int result = this->AddDefPermissions(permList);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::RemoveDefPermissionsInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
+    std::string bundleName = data.ReadString();
+    int result = this->RemoveDefPermissions(bundleName);
+    reply.WriteInt32(result);
+}
+
+void PermissionManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply)
+{
+    if (!IsAuthorizedCalling()) {
+        PERMISSION_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
+        return;
+    }
+    std::string permissionName = data.ReadString();
+    PermissionDefParcel permissionDefParcel;
+    int result = this->GetDefPermission(permissionName, permissionDefParcel);
+    reply.WriteParcelable(&permissionDefParcel);
+    reply.WriteInt32(result);
+}
+
+bool PermissionManagerStub::IsAuthorizedCalling() const
+{
+    int callingUid = IPCSkeleton::GetCallingUid();
+    PERMISSION_LOG_INFO(LABEL, "Calling uid: %{public}d", callingUid);
+    return callingUid == SYSTEM_UID || callingUid == ROOT_UID;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_stub.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_stub.h
new file mode 100644
index 0000000..212460b
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_manager_stub.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_MANAGER_STUB_H
+#define PERMISSION_MANAGER_STUB_H
+
+#include "i_permission_manager.h"
+
+#include "iremote_stub.h"
+#include "nocopyable.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionManagerStub : public IRemoteStub<IPermissionManager> {
+public:
+    PermissionManagerStub() = default;
+    virtual ~PermissionManagerStub() = default;
+
+    int OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& options) override;
+
+private:
+    void VerifyPermissionInner(MessageParcel& data, MessageParcel& reply);
+    void CanRequestPermissionInner(MessageParcel& data, MessageParcel& reply);
+    void GrantUserGrantedPermissionInner(MessageParcel& data, MessageParcel& reply);
+    void GrantSystemGrantedPermissionInner(MessageParcel& data, MessageParcel& reply);
+    void RevokeUserGrantedPermissionInner(MessageParcel& data, MessageParcel& reply);
+    void RevokeSystemGrantedPermissionInner(MessageParcel& data, MessageParcel& reply);
+    void AddUserGrantedReqPermissionsInner(MessageParcel& data, MessageParcel& reply);
+    void AddSystemGrantedReqPermissionsInner(MessageParcel& data, MessageParcel& reply);
+    void RemoveUserGrantedReqPermissionsInner(MessageParcel& data, MessageParcel& reply);
+    void RemoveSystemGrantedReqPermissionsInner(MessageParcel& data, MessageParcel& reply);
+    void AddDefPermissionsInner(MessageParcel& data, MessageParcel& reply);
+    void RemoveDefPermissionsInner(MessageParcel& data, MessageParcel& reply);
+    void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply);
+    bool IsAuthorizedCalling() const;
+
+    static const int SYSTEM_UID = 1000;
+    static const int ROOT_UID = 0;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_MANAGER_STUB_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_req.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_req.h
new file mode 100644
index 0000000..f350417
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_req.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_STANDARD__PERMISSION_REQ_H
+#define PERMISSION_STANDARD__PERMISSION_REQ_H
+
+#include <string>
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+struct PermissionReq {
+    std::string reqPermissionName;
+    bool isGranted;
+    int flags;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif // PERMISSION_STANDARD__PERMISSION_REQ_H
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_cache.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_cache.cpp
new file mode 100644
index 0000000..09ec25a
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_cache.cpp
@@ -0,0 +1,378 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_state_cache.h"
+
+#include <iostream>
+
+#include "permission.h"
+#include "permission_log.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionStateCache"};
+}
+int PermissionStateCache::AddReqPermission(
+    const int userId, const std::string& bundleName, const std::string& permissionName)
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    BundleInfo& bundleInfo = Root::GetRoot().GetOrCreateUserInfo(userId).GetOrCreateBundleInfo(bundleName);
+    return bundleInfo.AddReqPermission(permissionName);
+}
+
+int PermissionStateCache::AddReqPermission(
+    const int userId, const std::string& bundleName, const std::vector<std::string>& permList)
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    BundleInfo& bundleInfo = Root::GetRoot().GetOrCreateUserInfo(userId).GetOrCreateBundleInfo(bundleName);
+    for (const auto& permissionName : permList) {
+        bundleInfo.AddReqPermission(permissionName);
+    }
+    return RET_SUCCESS;
+}
+
+int PermissionStateCache::ReplaceReqPermission(
+    int userId, const std::string& bundleName, const PermissionReq& permissionReq)
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    return Root::GetRoot().GetOrCreateUserInfo(userId).ReplaceReqPermission(bundleName, permissionReq);
+}
+
+int PermissionStateCache::RemoveReqPermission(const int userId, const std::string& bundleName)
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    if (!Root::GetRoot().HasUserInfo(userId)) {
+        return RET_FAILED;
+    }
+    return Root::GetRoot().GetOrCreateUserInfo(userId).RemoveReqPermission(bundleName);
+}
+
+int PermissionStateCache::UpdatePermissionState(
+    int userId, const std::string& bundleName, const std::string& permissionName, bool isGranted)
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    if (!Root::GetRoot().HasUserInfo(userId)) {
+        return RET_FAILED;
+    }
+    return Root::GetRoot().GetOrCreateUserInfo(userId).UpdatePermissionState(bundleName, permissionName, isGranted);
+}
+
+int PermissionStateCache::UpdatePermissionFlags(
+    int userId, const std::string& bundleName, const std::string& permissionName, int flags)
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    if (!Root::GetRoot().HasUserInfo(userId)) {
+        return RET_FAILED;
+    }
+    return Root::GetRoot().GetOrCreateUserInfo(userId).UpdatePermissionFlags(bundleName, permissionName, flags);
+}
+
+bool PermissionStateCache::IsGranted(const int userId, const std::string& bundleName, const std::string& permissionName)
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    if (!Root::GetRoot().HasUserInfo(userId)) {
+        return false;
+    }
+    return Root::GetRoot().GetOrCreateUserInfo(userId).IsGranted(bundleName, permissionName);
+}
+
+int PermissionStateCache::GetPermissionFlags(
+    const int userId, const std::string& bundleName, const std::string& permissionName)
+{
+    if (!Root::GetRoot().HasUserInfo(userId)) {
+        return DEFAULT_PERMISSION_FLAGS;
+    }
+    return Root::GetRoot().GetOrCreateUserInfo(userId).GetPermissionFlags(bundleName, permissionName);
+}
+
+std::string PermissionStateCache::ToString()
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    return Root::GetRoot().ToString();
+}
+
+void PermissionStateCache::QueryCurrentCache(bool isSystemGranted, std::vector<GenericValues>& valueList)
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+
+    if (isSystemGranted) {
+        if (!Root::GetRoot().HasUserInfo(SYSTEM_GRANTED_USER_ID)) {
+            return;
+        }
+        UserInfo userInfo = Root::GetRoot().GetOrCreateUserInfo(SYSTEM_GRANTED_USER_ID);
+        QueryForUser(userInfo, valueList);
+        return;
+    }
+
+    std::vector<UserInfo> userInfoList;
+    Root::GetRoot().GetUserGrantedUserInfo(userInfoList);
+    for (auto userInfo : userInfoList) {
+        QueryForUser(userInfo, valueList);
+    }
+}
+
+void PermissionStateCache::QueryForUser(const UserInfo& userInfo, std::vector<GenericValues>& valueList) const
+{
+    std::vector<BundleInfo> bundleInfoList;
+    userInfo.GetAllBundleInfo(bundleInfoList);
+    for (auto bundleInfo : bundleInfoList) {
+        QueryForBundle(userInfo.userId_, bundleInfo, valueList);
+    }
+}
+
+void PermissionStateCache::QueryForBundle(
+    const int userId, const BundleInfo& bundleInfo, std::vector<GenericValues>& valueList) const
+{
+    std::vector<PermissionReq> permissionReqList;
+    bundleInfo.GetAllPermissionReq(permissionReqList);
+    for (auto permissionReq : permissionReqList) {
+        GenericValues genericValues;
+        genericValues.Put(FIELD_BUNDLE_NAME, bundleInfo.bundleName_);
+        DataTranslator::TranslationIntoGenericValues(permissionReq, genericValues);
+        if (userId == SYSTEM_GRANTED_USER_ID) {
+            valueList.emplace_back(genericValues);
+        } else {
+            genericValues.Put(FIELD_USER_ID, userId);
+            valueList.emplace_back(genericValues);
+        }
+    }
+}
+
+PermissionStateCache& PermissionStateCache::GetInstance()
+{
+    static PermissionStateCache instance;
+    return instance;
+}
+
+Root& Root::GetRoot()
+{
+    static Root root;
+    return root;
+}
+
+bool Root::HasUserInfo(int userId) const
+{
+    return userInfos_.count(userId) == 1;
+}
+
+UserInfo& Root::GetOrCreateUserInfo(const int userId)
+{
+    if (!HasUserInfo(userId)) {
+        UserInfo userInfo(userId);
+        userInfos_[userId] = userInfo;
+        PERMISSION_LOG_DEBUG(
+            LABEL, "%{public}s: userInfos_[userId]: %{public}s", __func__, userInfos_[userId].ToString().c_str());
+    }
+    return userInfos_[userId];
+}
+
+void Root::GetUserGrantedUserInfo(std::vector<UserInfo>& bundleInfoList) const
+{
+    for (auto it = userInfos_.begin(); it != userInfos_.end(); ++it) {
+        if (it->first != PermissionStateCache::SYSTEM_GRANTED_USER_ID) {
+            bundleInfoList.emplace_back(it->second);
+        }
+    }
+}
+
+std::string Root::ToString() const
+{
+    std::string infos = R"({"Root": "Default", "UserInfos": [)";
+    for (auto userInfo : userInfos_) {
+        infos.append(userInfo.second.ToString() + ", ");
+    }
+    infos = infos + "]}";
+    return infos;
+}
+
+UserInfo::UserInfo(int userId)
+{
+    userId_ = userId;
+}
+
+bool UserInfo::HasBundleInfo(const std::string& bundleName) const
+{
+    return bundleInfos_.count(bundleName) == 1;
+}
+
+BundleInfo& UserInfo::GetOrCreateBundleInfo(const std::string& bundleName)
+{
+    if (!HasBundleInfo(bundleName)) {
+        BundleInfo bundleInfo(bundleName);
+        bundleInfos_[bundleName] = bundleInfo;
+    }
+    return bundleInfos_[bundleName];
+}
+
+void UserInfo::GetAllBundleInfo(std::vector<BundleInfo>& bundleInfoList) const
+{
+    for (auto it = bundleInfos_.begin(); it != bundleInfos_.end(); ++it) {
+        bundleInfoList.emplace_back(it->second);
+    }
+}
+
+std::string UserInfo::ToString() const
+{
+    std::string infos = R"({"userId": )" + std::to_string(userId_) + R"(, "BundleInfos": [)";
+    for (auto bundleInfo : bundleInfos_) {
+        infos.append(bundleInfo.second.ToString() + ", ");
+    }
+    infos.append("]}");
+    return infos;
+}
+
+int UserInfo::ReplaceReqPermission(const std::string& bundleName, const PermissionReq& permissionReq)
+{
+    return GetOrCreateBundleInfo(bundleName).ReplaceReqPermission(permissionReq);
+}
+
+int UserInfo::RemoveReqPermission(const std::string& bundleName)
+{
+    if (!HasBundleInfo(bundleName)) {
+        return RET_SUCCESS;
+    }
+    bundleInfos_[bundleName].RemoveReqPermissions();
+    return RET_SUCCESS;
+}
+
+int UserInfo::UpdatePermissionState(const std::string& bundleName, const std::string& permissionName, bool isGranted)
+{
+    if (!HasBundleInfo(bundleName)) {
+        return RET_FAILED;
+    }
+    return bundleInfos_[bundleName].UpdateGrantedState(permissionName, isGranted);
+}
+
+int UserInfo::UpdatePermissionFlags(const std::string& bundleName, const std::string& permissionName, int flags)
+{
+    if (!HasBundleInfo(bundleName)) {
+        return RET_FAILED;
+    }
+    return bundleInfos_[bundleName].UpdatePermissionFlags(permissionName, flags);
+}
+
+bool UserInfo::IsGranted(const std::string& bundleName, const std::string& permissionName)
+{
+    if (!HasBundleInfo(bundleName)) {
+        return false;
+    }
+    return bundleInfos_[bundleName].IsGranted(permissionName);
+}
+
+int UserInfo::GetPermissionFlags(const std::string& bundleName, const std::string& permissionName)
+{
+    if (!HasBundleInfo(bundleName)) {
+        return DEFAULT_PERMISSION_FLAGS;
+    }
+    return bundleInfos_[bundleName].GetPermissionFlags(permissionName);
+}
+
+BundleInfo::BundleInfo(std::string bundleName)
+{
+    bundleName_ = std::move(bundleName);
+}
+
+int BundleInfo::AddReqPermission(const std::string& permissionName)
+{
+    if (HasReqPermission(permissionName)) {
+        PERMISSION_LOG_DEBUG(
+            LABEL, "%{public}s failed, reqPermission is exist, name: %{public}s", __func__, permissionName.c_str());
+        return RET_FAILED;
+    }
+    PermissionReq permissionReq = {permissionName, false, DEFAULT_PERMISSION_FLAGS};
+    permissionRequests_[permissionName] = permissionReq;
+    return RET_SUCCESS;
+}
+
+int BundleInfo::ReplaceReqPermission(const PermissionReq& permissionReq)
+{
+    permissionRequests_[permissionReq.reqPermissionName] = permissionReq;
+    return RET_SUCCESS;
+}
+
+PermissionReq& BundleInfo::GetReqPermission(const std::string& permissionName)
+{
+    return permissionRequests_[permissionName];
+}
+
+bool BundleInfo::HasReqPermission(const std::string& permissionName) const
+{
+    return permissionRequests_.count(permissionName) == 1;
+}
+
+void BundleInfo::RemoveReqPermissions()
+{
+    permissionRequests_.clear();
+}
+
+int BundleInfo::UpdateGrantedState(const std::string& permissionName, bool isGranted)
+{
+    if (!HasReqPermission(permissionName)) {
+        return RET_FAILED;
+    }
+    GetReqPermission(permissionName).isGranted = isGranted;
+    return RET_SUCCESS;
+}
+
+int BundleInfo::UpdatePermissionFlags(const std::string& permissionName, int flags)
+{
+    if (!HasReqPermission(permissionName)) {
+        return RET_FAILED;
+    }
+    GetReqPermission(permissionName).flags = flags;
+    return RET_SUCCESS;
+}
+
+bool BundleInfo::IsGranted(const std::string& permissionName)
+{
+    if (!HasReqPermission(permissionName)) {
+        return false;
+    }
+    return GetReqPermission(permissionName).isGranted;
+}
+
+int BundleInfo::GetPermissionFlags(const std::string& permissionName)
+{
+    if (!HasReqPermission(permissionName)) {
+        return DEFAULT_PERMISSION_FLAGS;
+    }
+    return GetReqPermission(permissionName).flags;
+}
+
+void BundleInfo::GetAllPermissionReq(std::vector<PermissionReq>& permissionReqList) const
+{
+    for (auto it = permissionRequests_.begin(); it != permissionRequests_.end(); ++it) {
+        permissionReqList.emplace_back(it->second);
+    }
+}
+
+std::string BundleInfo::ToString() const
+{
+    std::string infos = R"({"bundleName": ")" + bundleName_ + R"(", "ReqPermissions": [)";
+    for (const auto& request : permissionRequests_) {
+        PermissionReq permissionReq = request.second;
+        infos.append(R"({"permissionName": ")" + permissionReq.reqPermissionName + R"(")");
+        infos.append(R"(, "isGranted": )" + std::to_string(permissionReq.isGranted));
+        infos.append(R"(, "flags": )" + std::to_string(permissionReq.flags));
+        infos.append("}, ");
+    }
+    infos = infos + "]}";
+    return infos;
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_cache.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_cache.h
new file mode 100755
index 0000000..ed0e2d8
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_cache.h
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_STANDARD_PERMISSION_STATE_CACHE_H
+#define PERMISSION_STANDARD_PERMISSION_STATE_CACHE_H
+
+#include <string>
+#include <map>
+#include <vector>
+
+#include "permission_req.h"
+#include "generic_values.h"
+#include "data_translator.h"
+#include "field_const.h"
+
+#include "rwlock.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+static const int DEFAULT_PERMISSION_FLAGS = 0;
+class BundleInfo final {
+public:
+    std::string bundleName_;
+    BundleInfo() = default;
+    virtual ~BundleInfo() = default;
+    explicit BundleInfo(std::string bundleName);
+    int AddReqPermission(const std::string& permissionName);
+    int ReplaceReqPermission(const PermissionReq& permissionReq);
+    PermissionReq& GetReqPermission(const std::string& permissionName);
+    void RemoveReqPermissions();
+    bool HasReqPermission(const std::string& permissionName) const;
+    int UpdateGrantedState(const std::string& permissionName, bool isGranted);
+    int UpdatePermissionFlags(const std::string& permissionName, int flags);
+    bool IsGranted(const std::string& permissionName);
+    int GetPermissionFlags(const std::string& permissionName);
+    void GetAllPermissionReq(std::vector<PermissionReq>& permissionReqList) const;
+    std::string ToString() const;
+
+private:
+    std::map<std::string, PermissionReq> permissionRequests_;
+};
+
+class UserInfo final {
+public:
+    int userId_;
+    UserInfo() : userId_(0)
+    {}
+    virtual ~UserInfo() = default;
+    explicit UserInfo(int userId);
+    bool HasBundleInfo(const std::string& bundleName) const;
+    BundleInfo& GetOrCreateBundleInfo(const std::string& bundleName);
+    int ReplaceReqPermission(const std::string& bundleName, const PermissionReq& permissionReq);
+    int RemoveReqPermission(const std::string& bundleName);
+    int UpdatePermissionState(const std::string& bundleName, const std::string& permissionName, bool isGranted);
+    int UpdatePermissionFlags(const std::string& bundleName, const std::string& permissionName, int flags);
+    bool IsGranted(const std::string& bundleName, const std::string& permissionName);
+    int GetPermissionFlags(const std::string& bundleName, const std::string& permissionName);
+    void GetAllBundleInfo(std::vector<BundleInfo>& bundleInfoList) const;
+    std::string ToString() const;
+
+private:
+    std::map<std::string, BundleInfo> bundleInfos_;
+};
+
+class Root final {
+public:
+    static Root& GetRoot();
+    bool HasUserInfo(int userId) const;
+    UserInfo& GetOrCreateUserInfo(int userId);
+    void GetUserGrantedUserInfo(std::vector<UserInfo>& userInfoList) const;
+    std::string ToString() const;
+
+private:
+    std::map<int, UserInfo> userInfos_;
+};
+
+class PermissionStateCache final {
+public:
+    static const int SYSTEM_GRANTED_USER_ID = -1;
+    static PermissionStateCache& GetInstance();
+    virtual ~PermissionStateCache() = default;
+    std::string ToString();
+    int AddReqPermission(int userId, const std::string& bundleName, const std::string& permissionName);
+    int AddReqPermission(int userId, const std::string& bundleName, const std::vector<std::string>& permList);
+    int ReplaceReqPermission(int userId, const std::string& bundleName, const PermissionReq& permissionReq);
+    int RemoveReqPermission(int userId, const std::string& bundleName);
+    int UpdatePermissionState(
+        int userId, const std::string& bundleName, const std::string& permissionName, bool isGranted);
+    int UpdatePermissionFlags(int userId, const std::string& bundleName, const std::string& permissionName, int flags);
+    bool IsGranted(int userId, const std::string& bundleName, const std::string& permissionName);
+    int GetPermissionFlags(int userId, const std::string& bundleName, const std::string& permissionName);
+    void QueryCurrentCache(bool isSystemGranted, std::vector<GenericValues>& valueList);
+
+private:
+    PermissionStateCache() = default;
+
+    DISALLOW_COPY_AND_MOVE(PermissionStateCache);
+
+    void QueryForUser(const UserInfo& userInfo, std::vector<GenericValues>& valueList) const;
+
+    void QueryForBundle(const int userId, const BundleInfo& bundleInfo, std::vector<GenericValues>& valueList) const;
+
+    OHOS::Utils::RWLock cacheLock_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_STANDARD_PERMISSION_STATE_CACHE_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_manager.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_manager.cpp
new file mode 100644
index 0000000..e7aa235
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_manager.cpp
@@ -0,0 +1,265 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_state_manager.h"
+
+#include "permission.h"
+#include "data_storage.h"
+#include "permission_log.h"
+#include "permission_definition_cache.h"
+#include "permission_state_cache.h"
+#include "data_translator.h"
+#include "data_validator.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionStateManager"};
+}
+PermissionStateManager& PermissionStateManager::GetInstance()
+{
+    static PermissionStateManager instance;
+    return instance;
+}
+
+PermissionStateManager::PermissionStateManager() : hasInited_(false)
+{}
+
+PermissionStateManager::~PermissionStateManager()
+{
+    if (!hasInited_) {
+        return;
+    }
+    this->systemGrantedDataAccessWorker_.Stop();
+    this->userGrantedDataAccessWorker_.Stop();
+    this->hasInited_ = false;
+}
+
+void PermissionStateManager::Init()
+{
+    OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lk(this->rwLock_);
+    if (hasInited_) {
+        return;
+    }
+    PERMISSION_LOG_INFO(LABEL, "init begin!");
+    std::vector<GenericValues> results;
+    DataStorage::GetRealDataStorage().Find(DataStorage::PERMISSIONS_STAT_SYSTEM_GRANTED, results);
+    for (auto value : results) {
+        std::string bundleName = value.GetString(FIELD_BUNDLE_NAME);
+        PERMISSION_LOG_INFO(LABEL, "Cache recover system grant %{public}s", bundleName.c_str());
+        PermissionReq permissionReq;
+        DataTranslator::TranslationIntoPermissionReq(value, permissionReq);
+        PermissionStateCache::GetInstance().ReplaceReqPermission(
+            PermissionStateCache::SYSTEM_GRANTED_USER_ID, bundleName, permissionReq);
+    }
+
+    DataStorage::GetRealDataStorage().Find(DataStorage::PERMISSIONS_STAT_USER_GRANTED, results);
+    for (auto value : results) {
+        std::string bundleName = value.GetString(FIELD_BUNDLE_NAME);
+        int userId = value.GetInt(FIELD_USER_ID);
+        PERMISSION_LOG_INFO(LABEL, "Cache recover user grant %{public}d, %{public}s", userId, bundleName.c_str());
+        PermissionReq permissionReq;
+        DataTranslator::TranslationIntoPermissionReq(value, permissionReq);
+        PermissionStateCache::GetInstance().ReplaceReqPermission(userId, bundleName, permissionReq);
+    }
+    this->systemGrantedDataAccessWorker_.Start(1);
+    this->userGrantedDataAccessWorker_.Start(1);
+    hasInited_ = true;
+    PERMISSION_LOG_INFO(LABEL, "Init success");
+}
+
+void PermissionStateManager::AddUserGrantedReqPermissions(
+    const std::string& bundleName, const std::vector<std::string>& permList, int userId)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || permList.empty() || !DataValidator::IsUserIdValid(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+
+    std::vector<GenericValues> values;
+    for (const auto& permission : permList) {
+        if (!PermissionDefinitionCache::GetInstance().IsUserGrantedPermission(permission)) {
+            PERMISSION_LOG_ERROR(LABEL,
+                "%{public}s: permission: %{public}s is not user-granted permission, check please!", __func__,
+                permission.c_str());
+            continue;
+        }
+        PermissionStateCache::GetInstance().AddReqPermission(userId, bundleName, permission);
+    }
+    RefreshUserGrantedPersistentDataIfNeeded();
+}
+
+void PermissionStateManager::RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsUserIdValid(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+    PermissionStateCache::GetInstance().RemoveReqPermission(userId, bundleName);
+    RefreshUserGrantedPersistentDataIfNeeded();
+}
+
+void PermissionStateManager::GrantUserGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsPermissionNameValid(permissionName) ||
+        !DataValidator::IsUserIdValid(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+    PermissionStateCache::GetInstance().UpdatePermissionState(userId, bundleName, permissionName, true);
+    RefreshUserGrantedPersistentDataIfNeeded();
+}
+
+void PermissionStateManager::RevokeUserGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsPermissionNameValid(permissionName) ||
+        !DataValidator::IsUserIdValid(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+    PermissionStateCache::GetInstance().UpdatePermissionState(userId, bundleName, permissionName, false);
+    RefreshUserGrantedPersistentDataIfNeeded();
+}
+
+void PermissionStateManager::AddSystemGrantedReqPermissions(
+    const std::string& bundleName, const std::vector<std::string>& permList)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || permList.empty()) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+
+    std::vector<GenericValues> values;
+    for (const auto& permission : permList) {
+        if (!PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permission)) {
+            PERMISSION_LOG_ERROR(LABEL,
+                "%{public}s: permission: %{public}s is not system-granted permission, check please!", __func__,
+                permission.c_str());
+            continue;
+        }
+        PermissionStateCache::GetInstance().AddReqPermission(
+            PermissionStateCache::SYSTEM_GRANTED_USER_ID, bundleName, permission);
+    }
+    RefreshSystemGrantedPersistentDataIfNeeded();
+}
+
+void PermissionStateManager::RemoveSystemGrantedReqPermissions(const std::string& bundleName)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+    PermissionStateCache::GetInstance().RemoveReqPermission(PermissionStateCache::SYSTEM_GRANTED_USER_ID, bundleName);
+    RefreshSystemGrantedPersistentDataIfNeeded();
+}
+
+void PermissionStateManager::GrantSystemGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsPermissionNameValid(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+    PermissionStateCache::GetInstance().UpdatePermissionState(
+        PermissionStateCache::SYSTEM_GRANTED_USER_ID, bundleName, permissionName, true);
+    RefreshSystemGrantedPersistentDataIfNeeded();
+}
+
+void PermissionStateManager::RevokeSystemGrantedPermission(
+    const std::string& bundleName, const std::string& permissionName)
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsPermissionNameValid(permissionName)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return;
+    }
+    PermissionStateCache::GetInstance().UpdatePermissionState(
+        PermissionStateCache::SYSTEM_GRANTED_USER_ID, bundleName, permissionName, false);
+    RefreshSystemGrantedPersistentDataIfNeeded();
+}
+
+int PermissionStateManager::VerifyPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId) const
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsPermissionNameValid(permissionName) ||
+        !DataValidator::IsUserIdValid(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return PERMISSION_NOT_GRANTED;
+    }
+    if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) {
+        PERMISSION_LOG_ERROR(
+            LABEL, "%{public}s: no definition for permission: %{public}s!", __func__, permissionName.c_str());
+        return PERMISSION_NOT_GRANTED;
+    }
+    bool isGranted = false;
+    if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) {
+        isGranted = PermissionStateCache::GetInstance().IsGranted(
+            PermissionStateCache::SYSTEM_GRANTED_USER_ID, bundleName, permissionName);
+    } else {
+        isGranted = PermissionStateCache::GetInstance().IsGranted(userId, bundleName, permissionName);
+    }
+    PERMISSION_LOG_INFO(LABEL, "VerifyPermission %{public}s, %{public}s, %{public}d isGranted: %{public}d",
+        bundleName.c_str(), permissionName.c_str(), userId, isGranted);
+    return isGranted ? PERMISSION_GRANTED : PERMISSION_NOT_GRANTED;
+}
+
+bool PermissionStateManager::CanRequestPermission(
+    const std::string& bundleName, const std::string& permissionName, int userId) const
+{
+    if (!DataValidator::IsBundleNameValid(bundleName) || !DataValidator::IsPermissionNameValid(permissionName) ||
+        !DataValidator::IsUserIdValid(userId)) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: invalid params!", __func__);
+        return false;
+    }
+    return PermissionDefinitionCache::GetInstance().IsUserGrantedPermission(permissionName) &&
+        !PermissionStateCache::GetInstance().IsGranted(userId, bundleName, permissionName);
+}
+
+void PermissionStateManager::RefreshSystemGrantedPersistentDataIfNeeded()
+{
+    if (systemGrantedDataAccessWorker_.GetCurTaskNum() > 1) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: has refresh task!", __func__);
+        return;
+    }
+    systemGrantedDataAccessWorker_.AddTask([]() {
+        std::vector<GenericValues> valueList;
+        PermissionStateCache::GetInstance().QueryCurrentCache(true, valueList);
+        DataStorage::GetRealDataStorage().RefreshAll(DataStorage::PERMISSIONS_STAT_SYSTEM_GRANTED, valueList);
+
+        // Sleep for one second to avoid frequent refresh of the database.
+        std::this_thread::sleep_for(std::chrono::seconds(1));
+    });
+}
+
+void PermissionStateManager::RefreshUserGrantedPersistentDataIfNeeded()
+{
+    if (userGrantedDataAccessWorker_.GetCurTaskNum() > 1) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: has refresh task!", __func__);
+        return;
+    }
+    userGrantedDataAccessWorker_.AddTask([]() {
+        std::vector<GenericValues> valueList;
+        PermissionStateCache::GetInstance().QueryCurrentCache(false, valueList);
+        DataStorage::GetRealDataStorage().RefreshAll(DataStorage::PERMISSIONS_STAT_USER_GRANTED, valueList);
+
+        // Sleep for one second to avoid frequent refresh of the database.
+        std::this_thread::sleep_for(std::chrono::seconds(1));
+    });
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_manager.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_manager.h
new file mode 100755
index 0000000..8af5be3
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/permission_state_manager.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_STATE_MANAGER_H
+#define PERMISSION_STATE_MANAGER_H
+
+#include <vector>
+
+#include "field_const.h"
+
+#include "nocopyable.h"
+#include "thread_pool.h"
+#include "rwlock.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionStateManager final {
+public:
+    static PermissionStateManager& GetInstance();
+
+    virtual ~PermissionStateManager();
+
+    void Init();
+
+    void AddUserGrantedReqPermissions(
+        const std::string& bundleName, const std::vector<std::string>& permList, int userId);
+
+    void RemoveUserGrantedReqPermissions(const std::string& bundleName, int userId);
+
+    void GrantUserGrantedPermission(const std::string& bundleName, const std::string& permissionName, int userId);
+
+    void RevokeUserGrantedPermission(const std::string& bundleName, const std::string& permissionName, int userId);
+
+    void AddSystemGrantedReqPermissions(const std::string& bundleName, const std::vector<std::string>& permList);
+
+    void RemoveSystemGrantedReqPermissions(const std::string& bundleName);
+
+    void GrantSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName);
+
+    void RevokeSystemGrantedPermission(const std::string& bundleName, const std::string& permissionName);
+
+    int VerifyPermission(const std::string& bundleName, const std::string& permissionName, int userId) const;
+
+    bool CanRequestPermission(const std::string& bundleName, const std::string& permissionName, int userId) const;
+
+private:
+    PermissionStateManager();
+
+    DISALLOW_COPY_AND_MOVE(PermissionStateManager);
+
+    void RefreshSystemGrantedPersistentDataIfNeeded();
+
+    void RefreshUserGrantedPersistentDataIfNeeded();
+
+    OHOS::ThreadPool systemGrantedDataAccessWorker_;
+
+    OHOS::ThreadPool userGrantedDataAccessWorker_;
+
+    bool hasInited_;
+
+    OHOS::Utils::RWLock rwLock_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif // PERMISSION_STATE_MANAGER_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_helper.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_helper.cpp
new file mode 100755
index 0000000..4c3b3cc
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_helper.cpp
@@ -0,0 +1,188 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "sqlite_helper.h"
+
+#include "permission_log.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "SqliteHelper"};
+}
+
+SqliteHelper::SqliteHelper(const std::string& dbName, const std::string& dbPath, int version)
+    : dbName_(dbName), dbPath_(dbPath), currentVersion_(version), db_(nullptr)
+{}
+
+SqliteHelper::~SqliteHelper()
+{}
+
+void SqliteHelper::Open()
+{
+    if (db_ != nullptr) {
+        return;
+    }
+    if (dbName_.empty() || dbPath_.empty() || currentVersion_ < 0) {
+        return;
+    }
+    std::string fileName = dbPath_ + dbName_;
+    int res = sqlite3_open(fileName.c_str(), &db_);
+    if (res != SQLITE_OK) {
+        PERMISSION_LOG_ERROR(LABEL, "Failed to open db: %{public}s", sqlite3_errmsg(db_));
+        return;
+    }
+
+    int version = GetVersion();
+    if (version == currentVersion_) {
+        return;
+    }
+
+    BeginTransaction();
+    if (version == 0) {
+        OnCreate();
+    } else {
+        if (version < currentVersion_) {
+            OnUpdate();
+        }
+    }
+    SetVersion();
+    CommitTransaction();
+}
+
+void SqliteHelper::Close()
+{
+    if (db_ == nullptr) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: do open data base first!", __func__);
+        return;
+    }
+    int ret = sqlite3_close(db_);
+    if (ret != SQLITE_OK) {
+        PERMISSION_LOG_WARN(LABEL, "sqlite3_close error, ret=%{public}d", ret);
+        return;
+    }
+    db_ = nullptr;
+}
+
+int SqliteHelper::BeginTransaction() const
+{
+    if (db_ == nullptr) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: do open data base first!", __func__);
+        return GENERAL_ERROR;
+    }
+    char* errorMessage = nullptr;
+    int result = 0;
+    int ret = sqlite3_exec(db_, "BEGIN;", nullptr, nullptr, &errorMessage);
+    if (ret != SQLITE_OK) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed, errorMsg: %{public}s", __func__, errorMessage);
+        result = GENERAL_ERROR;
+    }
+    sqlite3_free(errorMessage);
+    return result;
+}
+
+int SqliteHelper::CommitTransaction() const
+{
+    if (db_ == nullptr) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: do open data base first!", __func__);
+        return GENERAL_ERROR;
+    }
+    char* errorMessage = nullptr;
+    int result = 0;
+    int ret = sqlite3_exec(db_, "COMMIT;", nullptr, nullptr, &errorMessage);
+    if (ret != SQLITE_OK) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed, errorMsg: %{public}s", __func__, errorMessage);
+        result = GENERAL_ERROR;
+    }
+    sqlite3_free(errorMessage);
+    return result;
+}
+
+int SqliteHelper::RollbackTransaction() const
+{
+    if (db_ == nullptr) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: do open data base first!", __func__);
+        return GENERAL_ERROR;
+    }
+    int result = 0;
+    char* errorMessage = nullptr;
+    int ret = sqlite3_exec(db_, "ROLLBACK;", nullptr, nullptr, &errorMessage);
+    if (ret != SQLITE_OK) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed, errorMsg: %{public}s", __func__, errorMessage);
+        result = GENERAL_ERROR;
+    }
+    sqlite3_free(errorMessage);
+    return result;
+}
+
+Statement SqliteHelper::Prepare(const std::string& sql) const
+{
+    return Statement(db_, sql);
+}
+
+int SqliteHelper::ExecuteSql(const std::string& sql) const
+{
+    if (db_ == nullptr) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: do open data base first!", __func__);
+        return GENERAL_ERROR;
+    }
+    char* errorMessage = nullptr;
+    int result = 0;
+    int res = sqlite3_exec(db_, sql.c_str(), nullptr, nullptr, &errorMessage);
+    if (res != SQLITE_OK) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed, errorMsg: %{public}s", __func__, errorMessage);
+        result = GENERAL_ERROR;
+    }
+    sqlite3_free(errorMessage);
+    return result;
+}
+
+int SqliteHelper::GetVersion() const
+{
+    if (db_ == nullptr) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: do open data base first!", __func__);
+        return GENERAL_ERROR;
+    }
+    auto statement = Prepare(PRAGMA_VERSION_COMMAND);
+    int version = 0;
+    while (statement.Step() == Statement::State::ROW) {
+        version = statement.GetColumnInt(0);
+    }
+    PERMISSION_LOG_INFO(LABEL, "%{public}s: version: %{public}d", __func__, version);
+    return version;
+}
+
+void SqliteHelper::SetVersion() const
+{
+    if (db_ == nullptr) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: do open data base first!", __func__);
+        return;
+    }
+    auto statement = Prepare(PRAGMA_VERSION_COMMAND + " = " + std::to_string(currentVersion_));
+    statement.Step();
+}
+
+std::string SqliteHelper::SpitError() const
+{
+    if (db_ == nullptr) {
+        PERMISSION_LOG_WARN(LABEL, "%{public}s: do open data base first!", __func__);
+        return "";
+    }
+    return sqlite3_errmsg(db_);
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_helper.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_helper.h
new file mode 100644
index 0000000..2f81fdd
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_helper.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SQLITE_HELPER_H
+#define SQLITE_HELPER_H
+
+#include <string>
+
+#include "statement.h"
+
+#include "sqlite3sym.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class SqliteHelper {
+public:
+    explicit SqliteHelper(const std::string& dbName, const std::string& dbPath, int version);
+    virtual ~SqliteHelper();
+
+    void Open();
+    void Close();
+
+    int BeginTransaction() const;
+    int CommitTransaction() const;
+    int RollbackTransaction() const;
+
+    Statement Prepare(const std::string& sql) const;
+    int ExecuteSql(const std::string& sql) const;
+    std::string SpitError() const;
+
+    virtual void OnCreate() = 0;
+    virtual void OnUpdate() = 0;
+
+private:
+    inline static const std::string PRAGMA_VERSION_COMMAND = "PRAGMA user_version";
+    static const int GENERAL_ERROR = -1;
+
+    const std::string dbName_;
+    const std::string dbPath_;
+    int currentVersion_;
+    sqlite3* db_;
+
+    int GetVersion() const;
+    void SetVersion() const;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // SQLITE_HELPER_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_storage.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_storage.cpp
new file mode 100644
index 0000000..008c158
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_storage.cpp
@@ -0,0 +1,337 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "sqlite_storage.h"
+
+#include "permission_log.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "SqliteStorage"};
+}
+
+SqliteStorage& SqliteStorage::GetInstance()
+{
+    static SqliteStorage instance;
+    return instance;
+}
+
+SqliteStorage::~SqliteStorage()
+{
+    Close();
+}
+
+void SqliteStorage::OnCreate()
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called.", __func__);
+    CreatePermissionDefinitionTable();
+    CreateSystemGrantedPermissionStateTable();
+    CreateUserGrantedPermissionStateTable();
+}
+
+void SqliteStorage::OnUpdate()
+{
+    PERMISSION_LOG_INFO(LABEL, "%{public}s called.", __func__);
+}
+
+SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATABASE_VERSION)
+{
+    SqliteTable permissionDefTable;
+    permissionDefTable.tableName_ = PERMISSION_DEF_TABLE;
+    permissionDefTable.tableColumnNames_ = {
+        FIELD_PERMISSION_NAME,
+        FIELD_BUNDLE_NAME,
+        FIELD_GRANT_MODE,
+        FIELD_AVAILABLE_SCOPE,
+        FIELD_LABEL,
+        FIELD_LABEL_ID,
+        FIELD_DESCRIPTION,
+        FIELD_DESCRIPTION_ID
+    };
+
+    SqliteTable sysGrantPermStatTable;
+    sysGrantPermStatTable.tableName_ = SYS_GRANTED_PERMISSION_STATE_TABLE;
+    sysGrantPermStatTable.tableColumnNames_ = {
+        FIELD_BUNDLE_NAME,
+        FIELD_PERMISSION_NAME,
+        FIELD_GRANTED,
+        FIELD_FLAGS
+    };
+
+    SqliteTable userGrantPermStatTable;
+    userGrantPermStatTable.tableName_ = USER_GRANTED_PERMISSION_STATE_TABLE;
+    userGrantPermStatTable.tableColumnNames_ = {
+        FIELD_BUNDLE_NAME,
+        FIELD_PERMISSION_NAME,
+        FIELD_USER_ID,
+        FIELD_GRANTED,
+        FIELD_FLAGS
+    };
+
+    dataTypeToSqlTable_ = {
+        {PERMISSION_DEF, permissionDefTable},
+        {PERMISSIONS_STAT_SYSTEM_GRANTED, sysGrantPermStatTable},
+        {PERMISSIONS_STAT_USER_GRANTED, userGrantPermStatTable}
+    };
+
+    Open();
+}
+
+int SqliteStorage::Add(const DataType type, const std::vector<GenericValues>& values)
+{
+    OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lock(this->rwLock_);
+    std::string prepareSql = CreateInsertPrepareSqlCmd(type);
+    auto statement = Prepare(prepareSql);
+    BeginTransaction();
+    bool isExecuteSuccessfully = true;
+    for (auto value : values) {
+        std::vector<std::string> columnNames = value.GetAllKeys();
+        for (auto columnName : columnNames) {
+            statement.Bind(columnName, value.Get(columnName));
+        }
+        int ret = statement.Step();
+        if (ret != Statement::State::DONE) {
+            PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed, errorMsg: %{public}s", __func__, SpitError().c_str());
+            isExecuteSuccessfully = false;
+        }
+        statement.Reset();
+    }
+    if (!isExecuteSuccessfully) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: rollback transaction.", __func__);
+        RollbackTransaction();
+        return FAILURE;
+    }
+    PERMISSION_LOG_INFO(LABEL, "%{public}s: commit transaction.", __func__);
+    CommitTransaction();
+    return SUCCESS;
+}
+
+int SqliteStorage::Remove(const DataType type, const GenericValues& conditions)
+{
+    OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lock(this->rwLock_);
+    std::vector<std::string> columnNames = conditions.GetAllKeys();
+    std::string prepareSql = CreateDeletePrepareSqlCmd(type, columnNames);
+    auto statement = Prepare(prepareSql);
+    for (auto columnName : columnNames) {
+        statement.Bind(columnName, conditions.Get(columnName));
+    }
+    int ret = statement.Step();
+    return (ret == Statement::State::DONE) ? SUCCESS : FAILURE;
+}
+
+int SqliteStorage::Modify(const DataType type, const GenericValues& modifyValues, const GenericValues& conditions)
+{
+    OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lock(this->rwLock_);
+    std::vector<std::string> modifyColumns = modifyValues.GetAllKeys();
+    std::vector<std::string> conditionColumns = conditions.GetAllKeys();
+    std::string prepareSql = CreateUpdatePrepareSqlCmd(type, modifyColumns, conditionColumns);
+    auto statement = Prepare(prepareSql);
+    for (auto columnName : modifyColumns) {
+        statement.Bind(columnName, modifyValues.Get(columnName));
+    }
+    for (auto columnName : conditionColumns) {
+        statement.Bind(columnName, conditions.Get(columnName));
+    }
+    int ret = statement.Step();
+    return (ret == Statement::State::DONE) ? SUCCESS : FAILURE;
+}
+
+int SqliteStorage::Find(const DataType type, std::vector<GenericValues>& results)
+{
+    OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lock(this->rwLock_);
+    std::string prepareSql = CreateSelectPrepareSqlCmd(type);
+    auto statement = Prepare(prepareSql);
+    while (statement.Step() == Statement::State::ROW) {
+        int columnCount = statement.GetColumnCount();
+        GenericValues value;
+        for (int i = 0; i < columnCount; i++) {
+            value.Put(statement.GetColumnName(i), statement.GetValue(i));
+        }
+        results.emplace_back(value);
+    }
+    return SUCCESS;
+}
+
+int SqliteStorage::RefreshAll(const DataType type, const std::vector<GenericValues>& values)
+{
+    OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lock(this->rwLock_);
+    std::string deleteSql = CreateDeletePrepareSqlCmd(type);
+    std::string insertSql = CreateInsertPrepareSqlCmd(type);
+    auto deleteStatement = Prepare(deleteSql);
+    auto insertStatement = Prepare(insertSql);
+    BeginTransaction();
+    bool canCommit = deleteStatement.Step() == Statement::State::DONE;
+    for (auto value : values) {
+        std::vector<std::string> columnNames = value.GetAllKeys();
+        for (auto columnName : columnNames) {
+            insertStatement.Bind(columnName, value.Get(columnName));
+        }
+        int ret = insertStatement.Step();
+        if (ret != Statement::State::DONE) {
+            PERMISSION_LOG_ERROR(
+                LABEL, "%{public}s: insert failed, errorMsg: %{public}s", __func__, SpitError().c_str());
+            canCommit = false;
+        }
+        insertStatement.Reset();
+    }
+    if (!canCommit) {
+        PERMISSION_LOG_ERROR(LABEL, "%{public}s: rollback transaction.", __func__);
+        RollbackTransaction();
+        return FAILURE;
+    }
+    PERMISSION_LOG_INFO(LABEL, "%{public}s: commit transaction.", __func__);
+    CommitTransaction();
+    return SUCCESS;
+}
+
+std::string SqliteStorage::CreateInsertPrepareSqlCmd(const DataType type) const
+{
+    auto it = dataTypeToSqlTable_.find(type);
+    if (it == dataTypeToSqlTable_.end()) {
+        return std::string();
+    }
+    std::string sql = "insert into " + it->second.tableName_ + " values(";
+    int i = 1;
+    for (const auto& columnName : it->second.tableColumnNames_) {
+        sql.append(":" + columnName);
+        if (i < (int) it->second.tableColumnNames_.size()) {
+            sql.append(",");
+        }
+        i += 1;
+    }
+    sql.append(")");
+    return sql;
+}
+
+std::string SqliteStorage::CreateDeletePrepareSqlCmd(
+    const DataType type, const std::vector<std::string>& columnNames) const
+{
+    auto it = dataTypeToSqlTable_.find(type);
+    if (it == dataTypeToSqlTable_.end()) {
+        return std::string();
+    }
+    std::string sql = "delete from " + it->second.tableName_ + " where 1 = 1";
+    for (auto columnName : columnNames) {
+        sql.append(" and ");
+        sql.append(columnName + "=:" + columnName);
+    }
+    return sql;
+}
+
+std::string SqliteStorage::CreateUpdatePrepareSqlCmd(const DataType type, const std::vector<std::string>& modifyColumns,
+    const std::vector<std::string>& conditionColumns) const
+{
+    if (modifyColumns.empty()) {
+        return std::string();
+    }
+
+    auto it = dataTypeToSqlTable_.find(type);
+    if (it == dataTypeToSqlTable_.end()) {
+        return std::string();
+    }
+
+    std::string sql = "update " + it->second.tableName_ + " set ";
+    int i = 1;
+    for (const auto& columnName : modifyColumns) {
+        sql.append(columnName + "=:" + columnName);
+        if (i < (int) modifyColumns.size()) {
+            sql.append(",");
+        }
+        i += 1;
+    }
+
+    if (!conditionColumns.empty()) {
+        sql.append(" where 1 = 1");
+        for (const auto& columnName : conditionColumns) {
+            sql.append(" and ");
+            sql.append(columnName + "=:" + columnName);
+        }
+    }
+    return sql;
+}
+
+std::string SqliteStorage::CreateSelectPrepareSqlCmd(const DataType type) const
+{
+    auto it = dataTypeToSqlTable_.find(type);
+    if (it == dataTypeToSqlTable_.end()) {
+        return std::string();
+    }
+    std::string sql = "select * from " + it->second.tableName_;
+    return sql;
+}
+
+int SqliteStorage::CreatePermissionDefinitionTable() const
+{
+    auto it = dataTypeToSqlTable_.find(DataType::PERMISSION_DEF);
+    if (it == dataTypeToSqlTable_.end()) {
+        return FAILURE;
+    }
+    std::string sql = "create table if not exists ";
+    sql.append(it->second.tableName_ + " (")
+        .append(FIELD_PERMISSION_NAME + " text not null,")
+        .append(FIELD_BUNDLE_NAME + " text not null,")
+        .append(FIELD_GRANT_MODE + " integer not null,")
+        .append(FIELD_AVAILABLE_SCOPE + " integer not null,")
+        .append(FIELD_LABEL + " text not null,")
+        .append(FIELD_LABEL_ID + " integer not null,")
+        .append(FIELD_DESCRIPTION + " text not null,")
+        .append(FIELD_DESCRIPTION_ID + " integer not null,")
+        .append("primary key(" + FIELD_PERMISSION_NAME)
+        .append("))");
+    return ExecuteSql(sql);
+}
+
+int SqliteStorage::CreateSystemGrantedPermissionStateTable() const
+{
+    auto it = dataTypeToSqlTable_.find(DataType::PERMISSIONS_STAT_SYSTEM_GRANTED);
+    if (it == dataTypeToSqlTable_.end()) {
+        return FAILURE;
+    }
+    std::string sql = "create table if not exists ";
+    sql.append(it->second.tableName_ + " (")
+        .append(FIELD_BUNDLE_NAME + " text not null,")
+        .append(FIELD_PERMISSION_NAME + " text not null,")
+        .append(FIELD_GRANTED + " integer not null,")
+        .append(FIELD_FLAGS + " integer not null,")
+        .append("primary key(" + FIELD_BUNDLE_NAME)
+        .append("," + FIELD_PERMISSION_NAME)
+        .append("))");
+    return ExecuteSql(sql);
+}
+
+int SqliteStorage::CreateUserGrantedPermissionStateTable() const
+{
+    auto it = dataTypeToSqlTable_.find(DataType::PERMISSIONS_STAT_USER_GRANTED);
+    if (it == dataTypeToSqlTable_.end()) {
+        return FAILURE;
+    }
+    std::string sql = "create table if not exists ";
+    sql.append(it->second.tableName_ + " (")
+        .append(FIELD_BUNDLE_NAME + " text not null,")
+        .append(FIELD_PERMISSION_NAME + " text not null,")
+        .append(FIELD_USER_ID + " integer not null,")
+        .append(FIELD_GRANTED + " integer not null,")
+        .append(FIELD_FLAGS + " integer not null,")
+        .append("primary key(" + FIELD_BUNDLE_NAME)
+        .append("," + FIELD_PERMISSION_NAME)
+        .append("," + FIELD_USER_ID)
+        .append("))");
+    return ExecuteSql(sql);
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_storage.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_storage.h
new file mode 100644
index 0000000..cb3ea23
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/sqlite_storage.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SQLITE_STORAGE_H
+#define SQLITE_STORAGE_H
+
+#include "data_storage.h"
+#include "sqlite_helper.h"
+#include "field_const.h"
+
+#include "nocopyable.h"
+#include "rwlock.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class SqliteStorage : public DataStorage, public SqliteHelper {
+public:
+    enum ExecuteResult { FAILURE = -1, SUCCESS };
+
+    struct SqliteTable {
+    public:
+        std::string tableName_;
+        std::vector<std::string> tableColumnNames_;
+    };
+
+    static SqliteStorage& GetInstance();
+
+    ~SqliteStorage() override;
+
+    int Add(const DataType type, const std::vector<GenericValues>& values) override;
+
+    int Remove(const DataType type, const GenericValues& conditions) override;
+
+    int Modify(const DataType type, const GenericValues& modifyValues, const GenericValues& conditions) override;
+
+    int Find(const DataType type, std::vector<GenericValues>& results) override;
+
+    int RefreshAll(const DataType type, const std::vector<GenericValues>& values) override;
+
+    void OnCreate() override;
+    void OnUpdate() override;
+
+private:
+    SqliteStorage();
+    DISALLOW_COPY_AND_MOVE(SqliteStorage);
+
+    std::map<DataType, SqliteTable> dataTypeToSqlTable_;
+    OHOS::Utils::RWLock rwLock_;
+
+    int CreatePermissionDefinitionTable() const;
+    int CreateSystemGrantedPermissionStateTable() const;
+    int CreateUserGrantedPermissionStateTable() const;
+
+    std::string CreateInsertPrepareSqlCmd(const DataType type) const;
+    std::string CreateDeletePrepareSqlCmd(
+        const DataType type, const std::vector<std::string>& columnNames = std::vector<std::string>()) const;
+    std::string CreateUpdatePrepareSqlCmd(const DataType type, const std::vector<std::string>& modifyColumns,
+        const std::vector<std::string>& conditionColumns) const;
+    std::string CreateSelectPrepareSqlCmd(const DataType type) const;
+
+private:
+    inline static const std::string PERMISSION_DEF_TABLE = "permission_definition_table";
+    inline static const std::string SYS_GRANTED_PERMISSION_STATE_TABLE = "system_granted_permission_state_table";
+    inline static const std::string USER_GRANTED_PERMISSION_STATE_TABLE = "user_granted_permission_state_table";
+    inline static const std::string DATABASE_NAME = "permission.db";
+    inline static const std::string DATABASE_PATH = "/data/system/";
+    static const int DATABASE_VERSION = 1;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+
+#endif // SQLITE_STORAGE_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/statement.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/statement.cpp
new file mode 100644
index 0000000..4133603
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/statement.cpp
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "statement.h"
+
+#include "permission_log.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+namespace {
+static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "Statement"};
+}
+
+Statement::Statement(sqlite3* db, const std::string& sql) : db_(db), sql_(sql)
+{
+    if (sqlite3_prepare_v2(db, sql.c_str(), sql.size(), &statement_, nullptr) != SQLITE_OK) {
+        PERMISSION_LOG_ERROR(LABEL, "Cannot prepare, errorMsg: %{public}s", sqlite3_errmsg(db_));
+    }
+}
+
+Statement::~Statement()
+{
+    sqlite3_finalize(statement_);
+    statement_ = nullptr;
+}
+
+void Statement::Bind(const int index, const std::string& text)
+{
+    if (sqlite3_bind_text(statement_, index, text.c_str(), text.size(), SQLITE_TRANSIENT) != SQLITE_OK) {
+        PERMISSION_LOG_ERROR(LABEL, "Cannot bind string, errorMsg: %{public}s", sqlite3_errmsg(db_));
+    }
+}
+
+void Statement::Bind(const int index, int value)
+{
+    if (sqlite3_bind_int(statement_, index, value) != SQLITE_OK) {
+        PERMISSION_LOG_ERROR(LABEL, "Cannot bind int, errorMsg: %{public}s", sqlite3_errmsg(db_));
+    }
+}
+
+int Statement::GetColumnInt(const int column) const
+{
+    return sqlite3_column_int(statement_, column);
+}
+
+std::string Statement::GetColumnString(const int column) const
+{
+    return std::string(reinterpret_cast<const char*>(sqlite3_column_text(statement_, column)));
+}
+
+std::string Statement::GetColumnName(const int column) const
+{
+    return sqlite3_column_name(statement_, column);
+}
+
+Statement::State Statement::Step()
+{
+    int ret = sqlite3_step(statement_);
+    switch (ret) {
+        case SQLITE_ROW:
+            return Statement::State::ROW;
+        case SQLITE_DONE:
+            return Statement::State::DONE;
+        case SQLITE_BUSY:
+            return Statement::State::BUSY;
+        case SQLITE_MISUSE:
+            return Statement::State::MISUSE;
+        default:
+            return Statement::State::UNKNOWN;
+    }
+}
+
+int Statement::GetParameterIndex(const std::string& name) const
+{
+    return sqlite3_bind_parameter_index(statement_, name.c_str());
+}
+
+void Statement::Bind(const std::string& tableColumnName, const VariantValue& value)
+{
+    int index = GetParameterIndex(":" + tableColumnName);
+    if (value.GetType() == ValueType::TYPE_STRING) {
+        Bind(index, value.GetString());
+    } else if (value.GetType() == ValueType::TYPE_INT) {
+        Bind(index, value.GetInt());
+    }
+}
+
+int Statement::Reset()
+{
+    return sqlite3_reset(statement_);
+}
+
+int Statement::GetColumnCount() const
+{
+    return sqlite3_column_count(statement_);
+}
+
+VariantValue Statement::GetValue(const int column) const
+{
+    int type = sqlite3_column_type(statement_, column);
+    switch (type) {
+        case SQLITE_INTEGER:
+            return VariantValue(GetColumnInt(column));
+        case SQLITE_TEXT:
+            return VariantValue(GetColumnString(column));
+        default:
+            return VariantValue();
+    }
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/statement.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/statement.h
new file mode 100755
index 0000000..a6ec3d8
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/statement.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef STATEMENT_H
+#define STATEMENT_H
+
+#include <string>
+
+#include "variant_value.h"
+
+#include "sqlite3sym.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class Statement final {
+public:
+    enum State { BUSY, ROW, DONE, MISUSE, UNKNOWN };
+
+    Statement(sqlite3* db, const std::string& sql);
+    virtual ~Statement();
+
+    void Bind(const int index, const std::string& text);
+    void Bind(const int index, int value);
+    void Bind(const std::string& tableColumnName, const VariantValue& value);
+
+    State Step();
+    int Reset();
+
+    std::string GetColumnString(const int column) const;
+    int GetColumnInt(const int column) const;
+    std::string GetColumnName(const int column) const;
+    int GetParameterIndex(const std::string& name) const;
+    int GetColumnCount() const;
+    VariantValue GetValue(const int column) const;
+
+private:
+    sqlite3* db_;
+    sqlite3_stmt* statement_;
+    const std::string sql_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // STATEMENT_H
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/variant_value.cpp b/services/permission_standard/permissionmanagerservice/main/cpp/src/variant_value.cpp
new file mode 100644
index 0000000..70b7d58
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/variant_value.cpp
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "variant_value.h"
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+VariantValue::VariantValue() : type_(ValueType::TYPE_NULL)
+{}
+
+VariantValue::~VariantValue()
+{}
+
+VariantValue::VariantValue(int value) : type_(ValueType::TYPE_INT)
+{
+    value_ = value;
+}
+
+VariantValue::VariantValue(const std::string& value) : type_(ValueType::TYPE_STRING)
+{
+    value_ = value;
+}
+
+ValueType VariantValue::GetType() const
+{
+    return type_;
+}
+
+int VariantValue::GetInt() const
+{
+    if (type_ != ValueType::TYPE_INT) {
+        return DEFAULT_VALUE;
+    }
+
+    return std::get<int>(value_);
+}
+
+std::string VariantValue::GetString() const
+{
+    if (type_ != ValueType::TYPE_STRING) {
+        return std::string();
+    }
+
+    return std::get<std::string>(value_);
+}
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/cpp/src/variant_value.h b/services/permission_standard/permissionmanagerservice/main/cpp/src/variant_value.h
new file mode 100755
index 0000000..30e265a
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/cpp/src/variant_value.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef VARIANT_VALUE_H
+#define VARIANT_VALUE_H
+
+#include <string>
+#include <variant>
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+enum class ValueType {
+    TYPE_NULL,
+    TYPE_INT,
+    TYPE_STRING,
+};
+
+class VariantValue final {
+public:
+    VariantValue();
+    virtual ~VariantValue();
+
+    explicit VariantValue(int value);
+    explicit VariantValue(const std::string& value);
+
+    ValueType GetType() const;
+    int GetInt() const;
+    std::string GetString() const;
+
+    static const int DEFAULT_VALUE = -1;
+
+private:
+    ValueType type_;
+    std::variant<int, std::string> value_;
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // VARIANT_VALUE_H
diff --git a/services/permission_standard/permissionmanagerservice/main/sa_profile/3501.xml b/services/permission_standard/permissionmanagerservice/main/sa_profile/3501.xml
new file mode 100755
index 0000000..c3af26d
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/sa_profile/3501.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2021 Huawei Device Co., Ltd.
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+         http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<info>
+    <process>foundation</process>
+    <systemability>
+        <name>3501</name>
+        <libpath>libpermission_manager_service_standard.z.so</libpath>
+        <run-on-create>true</run-on-create>
+        <distributed>false</distributed>
+        <dump-level>1</dump-level>
+    </systemability>
+</info>
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/main/sa_profile/BUILD.gn b/services/permission_standard/permissionmanagerservice/main/sa_profile/BUILD.gn
new file mode 100644
index 0000000..6b2918c
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/main/sa_profile/BUILD.gn
@@ -0,0 +1,20 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/ohos/sa_profile/sa_profile.gni")
+
+ohos_sa_profile("permission_sa_profile_standard") {
+  part_name = "permission_standard"
+
+  sources = [ "3501.xml" ]
+}
diff --git a/services/permission_standard/permissionmanagerservice/test/BUILD.gn b/services/permission_standard/permissionmanagerservice/test/BUILD.gn
new file mode 100644
index 0000000..16ecdcd
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/test/BUILD.gn
@@ -0,0 +1,48 @@
+# Copyright (c) 2021 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/test.gni")
+
+ohos_unittest("libpermission_manager_service_standard_test") {
+  subsystem_name = "security"
+  part_name = "permission_standard"
+  module_out_path = part_name + "/" + part_name
+
+  include_dirs = [
+    "//utils/native/base/include",
+    "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission",
+    "//base/security/permission/services/permission_standard/permissionmanagerservice/main/cpp/src/",
+  ]
+
+  sources = [
+    "unittest/cpp/src/permission_definition_manager_test.cpp",
+    "unittest/cpp/src/permission_state_manager_test.cpp",
+  ]
+
+  cflags_cc = [ "-DHILOG_ENABLE" ]
+
+  deps = [
+    "//base/security/permission/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
+    "//base/security/permission/frameworks/permission_standard/permissioninfrastructure:permission_standard_infrastructure_cxx",
+    "//base/security/permission/services/permission_standard/permissionmanagerservice:permission_manager_service_standard",
+    "//third_party/googletest:gtest_main",
+    "//utils/native/base:utils",
+  ]
+
+  external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
+}
+
+group("unittest") {
+  testonly = true
+  deps = [ ":libpermission_manager_service_standard_test" ]
+}
diff --git a/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_definition_manager_test.cpp b/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_definition_manager_test.cpp
new file mode 100755
index 0000000..29d6d6d
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_definition_manager_test.cpp
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_definition_manager_test.h"
+
+#include <string>
+
+#include "permission_definition_manager.h"
+#include "permission.h"
+#include "test_const.h"
+
+using namespace testing::ext;
+using namespace OHOS::Security::Permission;
+
+void PermissionDefinitionManagerTest::SetUpTestCase()
+{}
+
+void PermissionDefinitionManagerTest::TearDownTestCase()
+{}
+
+void PermissionDefinitionManagerTest::SetUp()
+{}
+
+void PermissionDefinitionManagerTest::TearDown()
+{
+    PermissionDefinitionManager::GetInstance().RemoveDefPermissions(TEST_BUNDLE_NAME);
+}
+
+HWTEST_F(PermissionDefinitionManagerTest, AddDefPermissions001, TestSize.Level1)
+{
+    vector<PermissionDefParcel> defs;
+    PermissionDefParcel permissionDefParcel;
+    permissionDefParcel.permissionDef.permissionName = TEST_PERMISSION_NAME_ALPHA;
+    permissionDefParcel.permissionDef.bundleName = TEST_BUNDLE_NAME;
+    permissionDefParcel.permissionDef.grantMode = GrantMode::SYSTEM_GRANT;
+    permissionDefParcel.permissionDef.availableScope = AvailableScope::AVAILABLE_SCOPE_ALL;
+    permissionDefParcel.permissionDef.label = TEST_LABEL;
+    permissionDefParcel.permissionDef.labelId = TEST_LABEL_ID;
+    permissionDefParcel.permissionDef.description = TEST_DESCRIPTION;
+    permissionDefParcel.permissionDef.descriptionId = TEST_DESCRIPTION_ID;
+    defs.emplace_back(permissionDefParcel);
+    PermissionDefinitionManager::GetInstance().AddDefPermissions(defs);
+
+    PermissionDefParcel result;
+    PermissionDefinitionManager::GetInstance().GetDefPermission(TEST_PERMISSION_NAME_ALPHA, result);
+    ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, result.permissionDef.permissionName);
+    ASSERT_EQ(TEST_BUNDLE_NAME, result.permissionDef.bundleName);
+    ASSERT_EQ(GrantMode::SYSTEM_GRANT, result.permissionDef.grantMode);
+    ASSERT_EQ(AvailableScope::AVAILABLE_SCOPE_ALL, result.permissionDef.availableScope);
+    ASSERT_EQ(TEST_LABEL, result.permissionDef.label);
+    ASSERT_EQ(TEST_LABEL_ID, result.permissionDef.labelId);
+    ASSERT_EQ(TEST_DESCRIPTION, result.permissionDef.description);
+    ASSERT_EQ(TEST_DESCRIPTION_ID, result.permissionDef.descriptionId);
+}
+
+HWTEST_F(PermissionDefinitionManagerTest, RemoveDefPermissions001, TestSize.Level1)
+{
+    vector<PermissionDefParcel> defs;
+    PermissionDefParcel permissionDefParcel;
+    permissionDefParcel.permissionDef.permissionName = TEST_PERMISSION_NAME_ALPHA;
+    permissionDefParcel.permissionDef.bundleName = TEST_BUNDLE_NAME;
+    permissionDefParcel.permissionDef.grantMode = GrantMode::SYSTEM_GRANT;
+    permissionDefParcel.permissionDef.availableScope = AVAILABLE_SCOPE_SIGNATURE;
+    defs.emplace_back(permissionDefParcel);
+    PermissionDefinitionManager::GetInstance().AddDefPermissions(defs);
+
+    PermissionDefParcel result;
+    int ret = PermissionDefinitionManager::GetInstance().GetDefPermission(TEST_PERMISSION_NAME_ALPHA, result);
+    ASSERT_EQ(RET_SUCCESS, ret);
+
+    PermissionDefinitionManager::GetInstance().RemoveDefPermissions(TEST_BUNDLE_NAME);
+
+    PermissionDefParcel defParcel;
+    ret = PermissionDefinitionManager::GetInstance().GetDefPermission(TEST_PERMISSION_NAME_ALPHA, defParcel);
+    ASSERT_EQ(RET_FAILED, ret);
+}
diff --git a/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_definition_manager_test.h b/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_definition_manager_test.h
new file mode 100644
index 0000000..3eccbdc
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_definition_manager_test.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_DEFINITION_MANAGER_TEST_H
+#define PERMISSION_DEFINITION_MANAGER_TEST_H
+
+#include <gtest/gtest.h>
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionDefinitionManagerTest : public testing::Test {
+public:
+    static void SetUpTestCase();
+
+    static void TearDownTestCase();
+
+    void SetUp();
+
+    void TearDown();
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_DEFINITION_MANAGER_TEST_H
diff --git a/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_state_manager_test.cpp b/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_state_manager_test.cpp
new file mode 100644
index 0000000..f273d07
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_state_manager_test.cpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "permission_state_manager_test.h"
+
+#include <string>
+
+#include "permission_state_manager.h"
+#include "test_const.h"
+
+using namespace testing::ext;
+using namespace OHOS::Security::Permission;
+
+void PermissionStateManagerTest::SetUpTestCase()
+{}
+
+void PermissionStateManagerTest::TearDownTestCase()
+{}
+
+void PermissionStateManagerTest::SetUp()
+{}
+
+void PermissionStateManagerTest::TearDown()
+{}
+
+HWTEST_F(PermissionStateManagerTest, AddUserGrantedReqPermissions001, TestSize.Level1)
+{
+    std::vector<std::string> permList;
+    permList.emplace_back(TEST_PERMISSION_NAME_ALPHA);
+    PermissionStateManager::GetInstance().AddUserGrantedReqPermissions(TEST_BUNDLE_NAME, permList, 0);
+    PermissionStateManager::GetInstance().AddUserGrantedReqPermissions(TEST_BUNDLE_NAME, permList, TEST_SUB_USER_ID);
+}
\ No newline at end of file
diff --git a/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_state_manager_test.h b/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_state_manager_test.h
new file mode 100644
index 0000000..f522bf3
--- /dev/null
+++ b/services/permission_standard/permissionmanagerservice/test/unittest/cpp/src/permission_state_manager_test.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PERMISSION_STATE_MANAGER_TEST_H
+#define PERMISSION_STATE_MANAGER_TEST_H
+
+#include <gtest/gtest.h>
+
+namespace OHOS {
+namespace Security {
+namespace Permission {
+class PermissionStateManagerTest : public testing::Test {
+public:
+    static void SetUpTestCase();
+
+    static void TearDownTestCase();
+
+    void SetUp();
+
+    void TearDown();
+};
+} // namespace Permission
+} // namespace Security
+} // namespace OHOS
+#endif // PERMISSION_STATE_MANAGER_TEST_H