简析OpenHarmony用户鉴权

陈晓 · 发表于 2025-3-30 16:37:14

用户凭证管理：

pin_auth（口令认证）：模块支持用户口令的设置，删除和认证功能。与用户IAM子系统基础框架配合，也可以支持用户口令修改的功能；口令认证作为OpenHarmony最基础的用户身份认证执行器，按照协同认证定义的资源注册接口，将口令认证相关资源信息注册到协同认证框架，并根据协同认证框架的调度，完成口令的设置，删除和认证功能；

face_auth（人脸认证）：支持用户人脸的录入，删除和认证功能；人脸认证是OpenHarmony支持的一种生物认证执行器，按照协同认证定义的资源注册接口，将人脸认证相关资源信息注册到协同认证框架，并根据协同认证框架的调度，调用人脸认证HDI，完成人脸的录入，认证，删除等功能。

user_auth_framework：主要包括三个模块，用户认证、凭据管理和执行器管理：

用户认证模块

凭据管理模块

执行器管理模块

使用：

接口
1. import osAccount from '@ohos.account.osAccount'
复制代码
- 凭证管理
  1. //UserIdentityManager
  2. /**
  3. * Provides the abilities for managing user identity.
  4. * @name UserIdentityManager
  5. * @syscap SystemCapability.Account.OsAccount
  6. * @since 8
  7. */
  8. class UserIdentityManager {
  9. /**
  10. * Constructor to get the UserIdentityManager class instance.
  11. * @returns Returns the UserIdentityManager class instance.
  12. * @systemapi Hide this for inner system use.
  13. * @since 8
  14. */
  15. constructor();
  17. /**
  18. * Opens session.
  19. *
  20. * Start an IDM operation to obtain challenge value.
  21. * A challenge value of 0 indicates that opensession failed.
  22. * @permission ohos.permission.MANAGE_USER_IDM
  23. * @returns Returns a challenge value.
  24. * @throws {BusinessError} 201 - permission denied.
  25. * @throws {BusinessError} 401 - the parameter check failed.
  26. * @throws {BusinessError} 12300001 - system service exception.
  27. * @systemapi Hide this for inner system use.
  28. * @since 8
  29. */
  30. openSession(callback: AsyncCallback): void;
  31. openSession(): Promise;
  33. /**
  34. * Adds credential.
  35. *
  36. * Add user credential information, pass in credential addition method and credential information
  37. * (credential type, subclass, if adding user's non password credentials, pass in password authentication token),
  38. * and get the result / acquireinfo callback.
  39. * @permission ohos.permission.MANAGE_USER_IDM
  40. * @param credentialInfo Indicates the credential information.
  41. * @param callback Indicates the callback to get results and acquireInfo.
  42. * @throws {BusinessError} 201 - permission denied.
  43. * @throws {BusinessError} 401 - the parameter check failed.
  44. * @throws {BusinessError} 12300001 - system service exception.
  45. * @throws {BusinessError} 12300002 - invalid credentialInfo.
  46. * @systemapi Hide this for inner system use.
  47. * @since 8
  48. */
  49. addCredential(credentialInfo: CredentialInfo, callback: IIdmCallback): void;
  51. /**
  52. * Updates credential.
  53. * @permission ohos.permission.MANAGE_USER_IDM
  54. * @param credentialInfo Indicates the credential information.
  55. * @param callback Indicates the callback to get results and acquireInfo.
  56. * @throws {BusinessError} 201 - permission denied.
  57. * @throws {BusinessError} 401 - the parameter check failed.
  58. * @throws {BusinessError} 12300001 - system service exception.
  59. * @throws {BusinessError} 12300002 - invalid credentialInfo.
  60. * @systemapi Hide this for inner system use.
  61. * @since 8
  62. */
  63. updateCredential(credentialInfo: CredentialInfo, callback: IIdmCallback): void;
  65. /**
  66. * Closes session.
  67. *
  68. * End an IDM operation.
  69. * @permission ohos.permission.MANAGE_USER_IDM
  70. * @systemapi Hide this for inner system use.
  71. * @since 8
  72. */
  73. closeSession(): void;
  75. /**
  76. * Cancels entry with a challenge value.
  77. * @permission ohos.permission.MANAGE_USER_IDM
  78. * @param challenge Indicates the challenge value.
  79. * @throws {BusinessError} 201 - permission denied.
  80. * @throws {BusinessError} 401 - the parameter check failed.
  81. * @throws {BusinessError} 12300001 - system service exception.
  82. * @throws {BusinessError} 12300002 - invalid challenge.
  83. * @systemapi Hide this for inner system use.
  84. * @since 8
  85. */
  86. cancel(challenge: Uint8Array): void;
  88. /**
  89. * Deletes the user with the authentication token.
  90. * @permission ohos.permission.MANAGE_USER_IDM
  91. * @param token Indicates the authentication token.
  92. * @param callback Indicates the callback to get the deletion result.
  93. * @throws {BusinessError} 201 - permission denied.
  94. * @throws {BusinessError} 401 - the parameter check failed.
  95. * @throws {BusinessError} 12300001 - system service exception.
  96. * @throws {BusinessError} 12300002 - invalid token.
  97. * @systemapi Hide this for inner system use.
  98. * @since 8
  99. */
  100. delUser(token: Uint8Array, callback: IIdmCallback): void;
  102. /**
  103. * Deletes the user credential information.
  104. * @permission ohos.permission.MANAGE_USER_IDM
  105. * @param credentialId Indicates the credential index.
  106. * @param token Indicates the authentication token.
  107. * @param callback Indicates the callback to get the deletion result.
  108. * @throws {BusinessError} 201 - permission denied.
  109. * @throws {BusinessError} 401 - the parameter check failed.
  110. * @throws {BusinessError} 12300001 - system service exception.
  111. * @throws {BusinessError} 12300002 - invalid credentialId or token.
  112. * @systemapi Hide this for inner system use.
  113. * @since 8
  114. */
  115. delCred(credentialId: Uint8Array, token: Uint8Array, callback: IIdmCallback): void;
  117. /**
  118. * Gets authentication information.
  119. * @permission ohos.permission.USE_USER_IDM
  120. * @param authType Indicates the authentication type.
  121. * @param callback Indicates the callback to get all registered credential information of
  122. * the specified type for the current user.
  123. * @throws {BusinessError} 201 - permission denied.
  124. * @throws {BusinessError} 401 - the parameter check failed.
  125. * @throws {BusinessError} 12300001 - system service exception.
  126. * @throws {BusinessError} 12300002 - invalid authType.
  127. * @throws {BusinessError} 12300015 - the authType is not supported on current device.
  128. * @throws {BusinessError} 12300016 - authentication timeout.
  129. * @throws {BusinessError} 12300017 - authentication service is busy.
  130. * @throws {BusinessError} 12300018 - authentication service is locked.
  131. * @throws {BusinessError} 12300019 - the credential does not exist.
  132. * @systemapi Hide this for inner system use.
  133. * @since 8
  134. */
  135. getAuthInfo(callback: AsyncCallback): void;
  136. getAuthInfo(authType: AuthType, callback: AsyncCallback): void;
  137. getAuthInfo(authType?: AuthType): Promise;
  138. }
  复制代码
- 用户管理
  1. /**
  2. * Provides the abilities for user authentication.
  3. * @name UserAuth
  4. * @syscap SystemCapability.Account.OsAccount
  5. * @since 8
  6. */
  7. class UserAuth {
  8. /**
  9. * Constructor to get the UserAuth class instance.
  10. * @returns Returns the UserAuth class instance.
  11. * @systemapi Hide this for inner system use.
  12. * @since 8
  13. */
  14. constructor();
  16. /**
  17. * Gets version information.
  18. * @returns Returns the version information.
  19. * @systemapi Hide this for inner system use.
  20. * @since 8
  21. */
  22. getVersion(): number;
  24. /**
  25. * Checks whether the authentication capability is available.
  26. * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
  27. * @param authType Indicates the credential type for authentication.
  28. * @param authTrustLevel Indicates the trust level of authentication result.
  29. * @returns Returns a status result.
  30. * @throws {BusinessError} 201 - permission denied.
  31. * @throws {BusinessError} 401 - the parameter check failed.
  32. * @throws {BusinessError} 12300001 - system service exception.
  33. * @throws {BusinessError} 12300002 - invalid authType or authTrustLevel.
  34. * @throws {BusinessError} 12300014 - the authTrustLevel is not supported on current device
  35. * @throws {BusinessError} 12300015 - the authType is not supported on current device.
  36. * @systemapi Hide this for inner system use.
  37. * @since 8
  38. */
  39. getAvailableStatus(authType: AuthType, authTrustLevel: AuthTrustLevel): number;
  41. /**
  42. * Gets the property based on the specified request information.
  43. * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
  44. * @param request Indicates the request information, including authentication type, and property type list.
  45. * @returns Returns an executor property.
  46. * @throws {BusinessError} 201 - permission denied.
  47. * @throws {BusinessError} 401 - the parameter check failed.
  48. * @throws {BusinessError} 12300001 - system service exception.
  49. * @throws {BusinessError} 12300002 - invalid request.
  50. * @systemapi Hide this for inner system use.
  51. * @since 8
  52. */
  53. getProperty(request: GetPropertyRequest, callback: AsyncCallback): void;
  54. getProperty(request: GetPropertyRequest): Promise;
  56. /**
  57. * Sets property that can be used to initialize algorithms.
  58. * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
  59. * @param request Indicates the request information, including authentication type and the key-value to be set.
  60. * @returns Returns a number value indicating whether the property setting was successful.
  61. * @throws {BusinessError} 201 - permission denied.
  62. * @throws {BusinessError} 401 - the parameter check failed.
  63. * @throws {BusinessError} 12300001 - system service exception.
  64. * @throws {BusinessError} 12300002 - invalid request.
  65. * @systemapi Hide this for inner system use.
  66. * @since 8
  67. */
  68. setProperty(request: SetPropertyRequest, callback: AsyncCallback): void;
  69. setProperty(request: SetPropertyRequest): Promise;
  71. /**
  72. * Executes authentication.
  73. * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
  74. * @param challenge Indicates the challenge value.
  75. * @param authType Indicates the authentication type.
  76. * @param authTrustLevel Indicates the trust level of authentication result.
  77. * @param callback Indicates the callback to get result and acquireInfo.
  78. * @returns Returns a context ID for cancellation.
  79. * @throws {BusinessError} 201 - permission denied.
  80. * @throws {BusinessError} 401 - the parameter check failed.
  81. * @throws {BusinessError} 12300001 - system service exception.
  82. * @throws {BusinessError} 12300002 - invalid challenge, authType or authTrustLevel.
  83. * @throws {BusinessError} 12300014 - the authTrustLevel is not supported on current device
  84. * @throws {BusinessError} 12300015 - the authType is not supported on current device.
  85. * @throws {BusinessError} 12300016 - authentication timeout.
  86. * @throws {BusinessError} 12300017 - authentication service is busy.
  87. * @throws {BusinessError} 12300018 - authentication service is locked.
  88. * @throws {BusinessError} 12300019 - the credential does not exist.
  89. * @systemapi Hide this for inner system use.
  90. * @since 8
  91. */
  92. auth(challenge: Uint8Array, authType: AuthType, authTrustLevel: AuthTrustLevel, callback: IUserAuthCallback): Uint8Array;
  94. /**
  95. * Executes user authentication.
  96. * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
  97. * @param userId Indicates the user identification.
  98. * @param challenge Indicates the challenge value.
  99. * @param authType Indicates the authentication type.
  100. * @param authTrustLevel Indicates the trust level of authentication result.
  101. * @param callback Indicates the callback to get result and acquireInfo.
  102. * @returns Returns a context ID for cancellation.
  103. * @throws {BusinessError} 201 - permission denied.
  104. * @throws {BusinessError} 401 - the parameter check failed.
  105. * @throws {BusinessError} 12300001 - system service exception.
  106. * @throws {BusinessError} 12300002 - invalid userId, challenge, authType or authTrustLevel.
  107. * @throws {BusinessError} 12300003 - the account indicated by userId dose not exist.
  108. * @throws {BusinessError} 12300014 - the authTrustLevel is not supported on current device
  109. * @throws {BusinessError} 12300015 - the authType is not supported on current device.
  110. * @throws {BusinessError} 12300016 - authentication timeout.
  111. * @throws {BusinessError} 12300017 - authentication service is busy.
  112. * @throws {BusinessError} 12300018 - authentication service is locked.
  113. * @throws {BusinessError} 12300019 - the credential does not exist.
  114. * @systemapi Hide this for inner system use.
  115. * @since 8
  116. */
  117. authUser(userId: number, challenge: Uint8Array, authType: AuthType, authTrustLevel: AuthTrustLevel, callback: IUserAuthCallback): Uint8Array;
  119. /**
  120. * Cancels authentication with context ID.
  121. * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
  122. * @param contextID Indicates the authentication context ID.
  123. * @throws {BusinessError} 201 - permission denied.
  124. * @throws {BusinessError} 401 - the parameter check failed.
  125. * @throws {BusinessError} 12300001 - system service exception.
  126. * @throws {BusinessError} 12300002 - invalid contexId.
  127. * @systemapi Hide this for inner system use.
  128. * @since 8
  129. */
  130. cancelAuth(contextID: Uint8Array): void;
  131. }
  复制代码
- 口令管理
  1. /**
  2. * Provides the abilities for Pin code authentication.
  3. * @name PINAuth
  4. * @syscap SystemCapability.Account.OsAccount
  5. * @since 8
  6. */
  7. class PINAuth {
  8. /**
  9. * Constructor to get the PINAuth class instance.
  10. * @returns Returns the PINAuth class instance.
  11. * @systemapi Hide this for inner system use.
  12. * @since 8
  13. */
  14. constructor();
  16. /**
  17. * Register inputer.
  18. * @permission ohos.permission.ACCESS_PIN_AUTH
  19. * @param inputer Indicates the password input box callback
  20. * @throws {BusinessError} 201 - permission denied.
  21. * @throws {BusinessError} 401 - the parameter check failed.
  22. * @throws {BusinessError} 12300001 - system service exception.
  23. * @throws {BusinessError} 12300007 - PIN inputer has been registered.
  24. * @systemapi Hide this for inner system use.
  25. * @since 8
  26. */
  27. registerInputer(inputer: IInputer): void;
  29. /**
  30. * Unregister inputer.
  31. * @permission ohos.permission.ACCESS_PIN_AUTH
  32. * @systemapi Hide this for inner system use.
  33. * @since 8
  34. */
  35. unregisterInputer(): void;
  36. }
  复制代码
- 回调：IInputData，Inputer回调时带的参数，用来输入口令
  1. /**
  2. * Password data callback.
  3. *
  4. * @name IInputData
  5. * @syscap SystemCapability.Account.OsAccount
  6. * @systemapi Hide this for inner system use.
  7. * @since 8
  8. */
  9. interface IInputData {
  10. /**
  11. * Notifies to set data.
  12. * @param pinSubType Indicates the credential subtype for authentication.
  13. * @param data Indicates the data to set.
  14. * @throws {BusinessError} 401 - the parameter check failed.
  15. * @throws {BusinessError} 12300002 - invalid pinSubType.
  16. * @systemapi Hide this for inner system use.
  17. * @since 8
  18. */
  19. onSetData: (pinSubType: AuthSubType, data: Uint8Array) => void;
  20. }
  复制代码
- 回调：IInputer，regitsterInputer是传入的回调，在需要输密码时被调用
  1. /**
  2. * Password input box callback.
  3. * @name IInputer
  4. * @syscap SystemCapability.Account.OsAccount
  5. * @systemapi Hide this for inner system use.
  6. * @since 8
  7. */
  8. interface IInputer {
  9. /**
  10. * Notifies to get data.
  11. * @param pinSubType Indicates the credential subtype for authentication.
  12. * @param callback Indicates the password data callback.
  13. * @systemapi Hide this for inner system use.
  14. * @since 8
  15. */
  16. onGetData: (pinSubType: AuthSubType, callback: IInputData) => void;
  17. }
  复制代码
- 回调：IUserAuthCallback，auth，authUser的回调，用来接收auth的结果
  1. /**
  2. * User authentication callback.
  3. * @name IUserAuthCallback
  4. * @syscap SystemCapability.Account.OsAccount
  5. * @systemapi Hide this for inner system use.
  6. * @since 8
  7. */
  8. interface IUserAuthCallback {
  9. /**
  10. * The authentication result code is returned through the callback.
  11. * @param result Indicates the authentication result code.
  12. * @param extraInfo Indicates the specific information for different situation.
  13. * If the authentication is passed, the authentication token is returned in extrainfo,
  14. * If the authentication fails, the remaining authentication times are returned in extrainfo,
  15. * If the authentication executor is locked, the freezing time is returned in extrainfo.
  16. * @systemapi Hide this for inner system use.
  17. * @since 8
  18. */
  19. onResult: (result: number, extraInfo: AuthResult) => void;
  21. /**
  22. * During an authentication, the TipsCode is returned through the callback.
  23. * @param module Indicates the executor type for authentication.
  24. * @param acquire Indicates the tip code for different authentication executor.
  25. * @param extraInfo reserved parameter.
  26. * @systemapi Hide this for inner system use.
  27. * @since 8
  28. */
  29. onAcquireInfo?: (module: number, acquire: number, extraInfo: any) => void;
  30. }
  复制代码
- 回调：IIdmCallback，addCredential，updateCredential，delUser，delCred的回调，用来收听onResult是否成功
  1. /**
  2. * Identity manager callback.
  3. * @name IIdmCallback
  4. * @syscap SystemCapability.Account.OsAccount
  5. * @systemapi Hide this for inner system use.
  6. * @since 8
  7. */
  8. interface IIdmCallback {
  9. /**
  10. * The authentication result code is returned through the callback.
  11. * @param result Indicates the authentication result code.
  12. * @param extraInfo pass the specific information for different situation.
  13. * @systemapi Hide this for inner system use.
  14. * @since 8
  15. */
  16. onResult: (result: number, extraInfo: RequestResult) => void;
  18. /**
  19. * During an authentication, the TipsCode is returned through the callback.
  20. * @param module Indicates the executor type for authentication.
  21. * @param acquire Indicates the tip code for different authentication executor.
  22. * @param extraInfo reserved parameter.
  23. * @systemapi Hide this for inner system use.
  24. * @since 8
  25. */
  26. onAcquireInfo?: (module: number, acquire: number, extraInfo: any) => void;
  27. }
  复制代码
流程：
havePasswordnoPassworduserIdentityManager::openSessionpinAuth::registerInputeruserIdentityManager::getAuthInfouserAuth::getPropertyuserIdentityManager::addCredential
- 构建对象
  1. //三个对象
  2. this.userIdentityManager = new osAccount.UserIdentityManager();
  3. this.pinAuth = new osAccount.PINAuth();
  4. this.userAuth = new osAccount.UserAuth();
  复制代码
- opensession
  1. /**
  2. * Open Session
  3. * A challenge value of 0 indicates that opensession failed
  4. *
  5. * @returns challenge value
  6. */
  7. openSession(callback: (challenge: string) => void): void {
  8. LogUtil.debug(`${this.TAG}openSession in.`);
  9. try {
  10. this.userIdentityManager.openSession()
  11. .then((data) =>{
  12. callback(this.u8AToStr(data));
  13. LogUtil.info(`${this.TAG} openSession success`);
  14. })
  15. .catch((err) => {
  16. LogUtil.error(`${this.TAG} openSession failed` + JSON.stringify(err));
  17. })
  18. } catch {
  19. LogUtil.error(`${this.TAG}openSession failed`);
  20. callback('0');
  21. }
  22. LogUtil.debug(`${this.TAG}openSession out.`);
  23. }
  复制代码
- 注册inputer
  1. /**
  2. * Register Inputer
  3. */
  4. registerInputer(): boolean {
  5. LogUtil.debug(`${this.TAG}registerInputer in.`);
  6. let result = false;
  7. try {
  8. result = this.pinAuth.registerInputer({
  9. onGetData: (authSubType, inputData) => {
  10. let u8aPwd = this.encodeToU8A(this.password);
  11. LogUtil.info(`${this.TAG} before set data, type: ${this.pinSubType}.`);
  12. inputData.onSetData(this.pinSubType, u8aPwd);
  13. }
  14. });
  15. if(!result){
  16. this.unregisterInputer();
  17. result = this.pinAuth.registerInputer({
  18. onGetData: (authSubType, inputData) => {
  19. let u8aPwd = this.encodeToU8A(this.password);
  20. inputData.onSetData(this.pinSubType, u8aPwd);
  21. }
  22. });
  23. }
  24. } catch {
  25. LogUtil.error(`${this.TAG}registerInputer failed`);
  26. }
  27. LogUtil.info(`${this.TAG}registerInputer out.`);
  28. return result;
  29. }
  复制代码
- createPassword
  1. /**
  2. * Call api to create password
  3. */
  4. createPassword() {
  5. PasswordModel.addPinCredential(this.passwordType, this.password, (result) => {
  6. if (result === ResultCode.SUCCESS) {
  7. LogUtil.info(`${this.TAG}create password success`);
  8. this.goBackCorrect();
  9. } else {
  10. LogUtil.info(`${this.TAG}create password failed`);
  11. //TODO show api message to view
  12. this.checkMessage = 'create failed.';
  13. }
  14. });
  15. }
  复制代码
- getAuthInfo
  1. /**
  2. * Get AuthInfo
  3. *
  4. * @param authType Credential type.
  5. * @returns Returns all registered credential information of this type for the current user
  6. */
  7. getPinAuthInfo(callback: (data: Array) => void): void {
  8. LogUtil.debug(`${this.TAG}getPinAuthInfo in.`);
  9. try {
  10. this.userIdentityManager.getAuthInfo(AuthType.PIN)
  11. .then((data) => {
  12. LogUtil.info(`${this.TAG} get pin auth info data.`);
  13. let arrCredInfo = [];
  14. try {
  15. for(let i = 0; i < data.length; i++) {
  16. let credInfo = {
  17. 'authType': data[i].authType,
  18. 'authSubType': data[i].authSubType
  19. };
  21. if (credInfo.authType == AuthType.PIN) {
  22. this.pinSubType = credInfo.authSubType;
  23. }
  24. arrCredInfo.push(credInfo);
  25. }
  26. } catch(e) {
  27. LogUtil.info('faceDemo pin.getAuthInfo error = ' + e);
  28. }
  29. callback(arrCredInfo);
  30. LogUtil.info(`${this.TAG} getAuthInfo success.`);
  31. })
  32. .catch((err) => {
  33. LogUtil.error(`${this.TAG} getAuthInfo failed.` + JSON.stringify(err));
  34. })
  35. } catch (e) {
  36. LogUtil.error(`${this.TAG}getPinAuthInfo failed:` + e);
  37. }
  38. LogUtil.debug(`${this.TAG}getPinAuthInfo out.`);
  39. }
  复制代码
- autPin
  1. /**
  2. * Auth
  3. *
  4. * @param challenge pass in challenge value. challenge是从openSession的回调得到
  5. * @param password password
  6. * @param onResult Return results through callback.
  7. */
  8. authPin(challenge: string, password: string, onResult: (result: number, extraInfo: {
  9. token?: string;
  10. remainTimes?: number;
  11. freezingTime?: number;
  12. }) => void): void {
  13. LogUtil.debug(`${this.TAG}authPin in.`);
  14. this.password = password;
  15. try {
  16. LogUtil.info(`${this.TAG} before userAuth auth pin`);
  17. this.userAuth.auth(this.strToU8A(challenge), AuthType.PIN, AuthTrustLevel.ATL4, {
  18. onResult: (result, extraInfo) => {
  19. try{
  20. if (result === ResultCode.SUCCESS) {
  21. LogUtil.debug(`${this.TAG}userAuth.auth onResult: result = success`);
  22. } else {
  23. LogUtil.debug(`${this.TAG}userAuth.auth failed onResult: result = ${result}`);
  24. }
  25. let info = {
  26. 'token': this.u8AToStr(extraInfo?.token),
  27. 'remainTimes': extraInfo.remainTimes,
  28. 'freezingTime': extraInfo.freezingTime
  29. }
  30. onResult(result, info)
  31. }
  32. catch(e) {
  33. LogUtil.debug(`${this.TAG}userAuth.auth onResult error = ${JSON.stringify(e)}`);
  34. }
  35. },
  37. onAcquireInfo: (acquireModule, acquire, extraInfo) => {
  38. try{
  39. LogUtil.debug(this.TAG + 'faceDemo pin.auth onAcquireInfo acquireModule = ' + acquireModule);
  40. LogUtil.debug(this.TAG + 'faceDemo pin.auth onAcquireInfo acquire = ' + acquire);
  41. }
  42. catch(e) {
  43. LogUtil.error(this.TAG + 'faceDemo pin.auth onAcquireInfo error = ' + e);
  44. }
  45. }
  46. })
  48. } catch (e) {
  49. LogUtil.error(`${this.TAG}AuthPin failed:` + e);
  50. }
  51. LogUtil.debug(`${this.TAG}authPin out.`);
  52. }
  复制代码

概述

小结

用户鉴权（包括屏保）是以accountmgr服务为入口为应用层提供功能，以useridm为实现，完成具体的口令管理和人脸管理（人脸管理目前还有欠缺）

用户鉴权是系统级服务，要求ohos.permission.MANAGE_USER_IDM， ohos.permission.USE_USER_IDM，ohos.permission.MANAGE_LOCAL_ACCOUNTS，ohos.permission.ACCESS_USER_AUTH_INTERNAL，ohos.permission.ACCESS_PIN_AUTH权限和selinux权限（富设备支持）

小川8433651 · 发表于 2025-3-30 16:37:34

我在签名中配置了
"apl":"system_core",
"app-feature":"hos_system_app"
目前遇到了这样的问题（不是系统hap，没有selinux权限，没打包设置）
请问如何才能让应用拥有selinux权限