Access token manager

In computer security, OpenHarmony Access token manager (ATM) is a component that facilitates unified application permission management based on access tokens within the OpenHarmony ecosystem that is used in OpenHarmony-based operating systems, Oniro OS distros and HarmonyOS with HarmonyOS NEXT iteration.^[1]

It is built upon access tokens and serves as a centralized mechanism for managing app permissions. Access tokens encapsulate essential information about an app

App ID: Identifies the app.
User ID: Associated with the user.
App APL (Ability Privilege Level): Determines the app’s privilege level.
App permissions: Specify what resources and functions the app can access.

Each app’s access token is uniquely identified by a 32-bit device-specific token ID.^[2]

Implementation

Developers utilize the ATM to handle permissions effectively. In certain scenarios, an app may require access to additional data or system functions beyond the default permissions. The ATM enables fine-grained control over permissions, allowing apps to access extended features when needed.

AI for the Core File Kit API with a more granular permission system approach using native Harmony Distributed File System (HMDFS)^[3] that takes advantage of the native ATM permission levels and a combination of capability-based kernel features at custom level with application files, user files and system files compared to classic Unix-like AOSP base on HarmonyOS 2.0 up to 4.x with Linux kernel and enhanced on OpenHarmony system compared to previous versions.^[4]^[5]

Permission Levels

The ATM manages permission levels, granting apps access to sensitive APIs across processes. These levels include:

App APL: Determines the app’s overall privilege level.

ACL (Access Control List): Defines specific permissions for resources.

Authorization Processes: Govern how permissions are granted.[6]

References

^ "Access Control Overview". GitHub. OpenAtom OpenHarmony. Retrieved 13 March 2024.
^ "ATM". Gitee. OpenAtom OpenHarmony. Retrieved 13 March 2024.
^ "HarmonyOS Distributed File System Development Guide". Substack. LivingInHarmony Blog. Retrieved 13 March 2024.
^ "Yes, HarmonyOS NEXT is a distributed and capability-based persistent AI operating system for IoT". Substack. LivingInHarmony Blog. Retrieved 13 March 2024.
^ "OpenAtom OpenHarmony". docs.openharmony.cn. Retrieved 2024-04-14.
^ "security_permission". GitHub. OpenAtom OpenHarmony. Retrieved 13 March 2024.

[1] "Access Control Overview". GitHub. OpenAtom OpenHarmony. Retrieved 13 March 2024.

[2] "ATM". Gitee. OpenAtom OpenHarmony. Retrieved 13 March 2024.

[3] "HarmonyOS Distributed File System Development Guide". Substack. LivingInHarmony Blog. Retrieved 13 March 2024.

[4] "Yes, HarmonyOS NEXT is a distributed and capability-based persistent AI operating system for IoT". Substack. LivingInHarmony Blog. Retrieved 13 March 2024.

[5] "OpenAtom OpenHarmony". docs.openharmony.cn. Retrieved 2024-04-14.

[6] "security_permission". GitHub. OpenAtom OpenHarmony. Retrieved 13 March 2024.

[1]

[2]

[3]

[4]

[5]

Implementation

Permission Levels

See also

References