From 82b32c16779c2d1256df18bafe9030ef93d83757 Mon Sep 17 00:00:00 2001
From: zhouyan <zhouyan160@huawei.com>
Date: Mon, 19 May 2025 19:39:52 +0800
Subject: [PATCH] demo

Signed-off-by: zhouyan <zhouyan160@huawei.com>
Change-Id: Ic2af543b33524b8ad54b6a41918267dc8137ffc4
---
 .../ets/@ohos.abilityAccessCtrl.ets           | 29 +++++++++++
 .../accesstoken/src/ability_access_ctrl.cpp   | 50 +++++++++++++++++++
 2 files changed, 79 insertions(+)

diff --git a/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets b/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets
index 4b7136acc..fe6fb583d 100644
--- a/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets
+++ b/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets
@@ -149,6 +149,16 @@ export default namespace abilityAccessCtrl {
         requestPermissionOnSetting(
             context: Context,
             permissionList: Array<Permissions>): Promise<Array<GrantStatus>>;
+        
+        grantUserGrantedPermissionExecute(
+            tokenID: int,
+            permissionName: Permissions,
+            permissionFlags: int): Promise<void>;
+
+        grantUserGrantedPermission(
+            tokenID: int,
+            permissionName: Permissions,
+            permissionFlags: int): Promise<void>;
     }
 
     class AtManagerInner implements AtManager {
@@ -258,5 +268,24 @@ export default namespace abilityAccessCtrl {
             });
             return p;
         }
+
+        native grantUserGrantedPermissionExecute(
+            tokenID: int,
+            permissionName: Permissions,
+            permissionFlags: int): Promise<void>;
+        
+        grantUserGrantedPermission(tokenID: int, permissionName: Permissions, permissionFlags: int): Promise<void> {
+            return new Promise<void>(
+                (resolve: (v: undefined) => void, reject: (error: BusinessError) => void): void => {
+                let p = taskpool.execute((): void => {
+                    new AtManagerInner().grantUserGrantedPermissionExecute(tokenID, permissionName, permissionFlags);
+                });
+                p.then((e: NullishType): void => {
+                    resolve(undefined);
+                }).catch((err: BusinessError): void => {
+                    reject(err);
+                })
+            });
+        }
     }
 }
\ No newline at end of file
diff --git a/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp b/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp
index 7f9a763f5..80db5f061 100644
--- a/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp
+++ b/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp
@@ -24,6 +24,7 @@
 #include "accesstoken_log.h"
 #include "ani_base_context.h"
 #include "ani_error.h"
+#include "ani_utils.h"
 #include "hisysevent.h"
 #include "parameter.h"
 #include "permission_list_state.h"
@@ -1309,6 +1310,53 @@ static ani_ref RequestPermissionOnSettingExecute([[maybe_unused]] ani_env* env,
     return result;
 }
 
+static bool IsPermissionFlagValid(uint32_t flag)
+{
+    return (flag == PermissionFlag::PERMISSION_USER_SET) || (flag == PermissionFlag::PERMISSION_USER_FIXED) ||
+        (flag == PermissionFlag::PERMISSION_ALLOW_THIS_TIME);
+};
+
+static void GrantUserGrantedPermissionExecute([[maybe_unused]] ani_env* env,
+    [[maybe_unused]] ani_object object, ani_int tokenID, ani_string aniPermissionName, ani_int permissionFlags)
+{
+    if (env == nullptr || aniPermissionName == nullptr) {
+        ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName or env null");
+        return;
+    }
+
+    std::string permissionName;
+    if (!AniParseString(env, aniPermissionName, permissionName)) {
+        BusinessErrorAni::ThrowError(env, STS_ERROR_PARAM_ILLEGAL,
+            GetParamErrorMsg("permissionName", "string"));
+        return;
+    }
+
+    PermissionDef def;
+    int32_t res = AccessTokenKit::GetDefPermission(permissionName, def);
+    if (res != RET_SUCCESS) {
+        int32_t stsCode = BusinessErrorAni::GetStsErrorCode(res);
+        BusinessErrorAni::ThrowError(env, stsCode, GetErrorMessage(stsCode));
+        return;
+    }
+
+    if (!IsPermissionFlagValid(static_cast<uint32_t> (permissionFlags))) {
+        BusinessErrorAni::ThrowError(env, STSErrorCode::STS_ERROR_PARAM_INVALID,
+            GetErrorMessage(STSErrorCode::STS_ERROR_PARAM_INVALID));
+        return;
+    }
+
+    if (def.grantMode == USER_GRANT) {
+        res = AccessTokenKit::GrantPermission(tokenID, permissionName, permissionFlags);
+    } else {
+        res = ERR_PERMISSION_NOT_EXIST;
+    }
+
+    if (res != 0) {
+        int32_t stsCode = BusinessErrorAni::GetStsErrorCode(res);
+        BusinessErrorAni::ThrowError(env, stsCode, GetErrorMessage(stsCode));
+    }
+}
+
 extern "C" {
 ANI_EXPORT ani_status ANI_Constructor(ani_vm* vm, uint32_t* result)
 {
@@ -1353,6 +1401,8 @@ ANI_EXPORT ani_status ANI_Constructor(ani_vm* vm, uint32_t* result)
         ani_native_function { "requestPermissionOnSettingExecute",
             "Lapplication/Context/Context;Lescompat/Array;:Lescompat/Array;",
             reinterpret_cast<void*>(RequestPermissionOnSettingExecute) },
+        ani_native_function { "grantUserGrantedPermissionExecute", nullptr,
+            reinterpret_cast<void*>(GrantUserGrantedPermissionExecute) },
     };
     if (ANI_OK != env->Class_BindNativeMethods(cls, claMethods.data(), claMethods.size())) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot bind native methods to %{public}s", className);
-- 
Gitee