In computer security, OpenHarmony Access token manager (ATM) is a component that facilitates unified application permission management based on access tokens within the OpenHarmony ecosystem that is used in OpenHarmony-based operating systems, Oniro OS distros and HarmonyOS with HarmonyOS NEXT iteration.[1]
It is built upon access tokens and serves as a centralized mechanism for managing app permissions. Access tokens encapsulate essential information about an app
Each app’s access token is uniquely identified by a 32-bit device-specific token ID.[2]
Developers utilize the ATM to handle permissions effectively. In certain scenarios, an app may require access to additional data or system functions beyond the default permissions. The ATM enables fine-grained control over permissions, allowing apps to access extended features when needed. ATMs manage access tokens, which act as capabilities, granting specific rights to the bearer. The token itself serves as the authority, reducing the need for additional access control mechanisms.
HarmonyOS NEXT system of HarmonyOS 5.0 API 12 and OpenHarmony 4.1 API 11 uses AI for the Core File Kit API with a more granular permission system approach using native Harmony Distributed File System (HMDFS)[3] that takes advantage of the native ATM permission levels and a combination of capability-based like kernel features at custom level with application files, user files and system files compared to classic Unix-like AOSP base on HarmonyOS 2.0 up to 4.x with Linux kernel and enhanced on OpenHarmony system compared to previous versions.[4][5]
The ATM manages permission levels, granting apps access to sensitive APIs across processes. These levels include: