1# Permissions for All Applications 2 3Before requesting permissions for your application, read and understand the [Workflow for Using Permissions](determine-application-mode.md) and this topic to determine the permissions required. 4 5> **NOTE** 6> 7> "Enable via ACL" is not involved for permissions of the normal level. 8 9## system_grant Permissions 10 11The [system_grant permissions](app-permission-mgmt-overview.md#system_grant-system-authorization) are permissions authorized by the system. For details about how to request this type of permissions, see [Declaring Permissions](declare-permissions.md). 12 13### ohos.permission.USE_BLUETOOTH 14 15Allows an application to access Bluetooth configurations. 16 17**Permission level**: normal 18 19**Authorization mode**: system_grant 20 21**Valid since**: 8 22 23### ohos.permission.GET_BUNDLE_INFO 24 25Allows an application to obtain basic information about another application. 26 27**Permission level**: normal 28 29**Authorization mode**: system_grant 30 31**Valid since**: 7 32 33### ohos.permission.PREPARE_APP_TERMINATE 34 35Allows an application to perform customized actions before being terminated. 36 37**Permission level**: normal 38 39**Authorization mode**: system_grant 40 41**Valid since**: 10 42 43### ohos.permission.PRINT 44 45Allows an application to obtain the print framework capability. 46 47**Permission level**: normal 48 49**Authorization mode**: system_grant 50 51**Valid since**: 10 52 53### ohos.permission.DISCOVER_BLUETOOTH 54 55Allows an application to configure Bluetooth on a device, initiate or cancel a scan for Bluetooth devices, and pair with Bluetooth devices. 56 57**Permission level**: normal 58 59**Authorization mode**: system_grant 60 61**Valid since**: 8 62 63### ohos.permission.ACCELEROMETER 64 65Allows an application to read data from an acceleration sensor, uncalibrated acceleration sensor, or linear acceleration sensor. 66 67**Permission level**: normal 68 69**Authorization mode**: system_grant 70 71**Valid since**: 7 72 73### ohos.permission.ACCESS_BIOMETRIC 74 75Allows an application to use biometric recognition for identity authentication. 76 77**Permission level**: normal 78 79**Authorization mode**: system_grant 80 81**Valid since**: 6 82 83### ohos.permission.ACCESS_NOTIFICATION_POLICY 84 85Allows an application to access the notification policy on the device. 86 87This permission is required only when the ringtone needs to be changed from mute to unmute. 88 89**Permission level**: normal 90 91**Authorization mode**: system_grant 92 93**Valid since**: 7 94 95### ohos.permission.GET_NETWORK_INFO 96 97Allows an application to obtain network information. 98 99**Permission level**: normal 100 101**Authorization mode**: system_grant 102 103**Valid since**: 8 104 105### ohos.permission.GET_WIFI_INFO 106 107Allows an application to obtain Wi-Fi information. 108 109**Permission level**: normal 110 111**Authorization mode**: system_grant 112 113**Valid since**: 8 114 115### ohos.permission.GYROSCOPE 116 117Allows an application to read data from a gyroscope sensor or uncalibrated gyroscope sensor. 118 119**Permission level**: normal 120 121**Authorization mode**: system_grant 122 123**Valid since**: 7 124 125### ohos.permission.INTERNET 126 127Allows an application to access the Internet. 128 129**Permission level**: normal 130 131**Authorization mode**: system_grant 132 133**Valid since**: 9 134 135### ohos.permission.KEEP_BACKGROUND_RUNNING 136 137Allows a Service ability to keep running in the background. 138 139**Permission level**: normal 140 141**Authorization mode**: system_grant 142 143**Valid since**: 8 144 145### ohos.permission.NFC_CARD_EMULATION 146 147Allows an application to implement card emulation. 148 149**Permission level**: normal 150 151**Authorization mode**: system_grant 152 153**Valid since**: 8 154 155### ohos.permission.NFC_TAG 156 157Allows an application to read and write NFC tags. 158 159**Permission level**: normal 160 161**Authorization mode**: system_grant 162 163**Valid since**: 7 164 165### ohos.permission.PRIVACY_WINDOW 166 167Allows an application to set screens that cannot be captured or recorded. 168 169**Permission level**: system_basic for API versions 9 to 10; normal for API version 11 and later 170 171**Authorization mode**: system_grant 172 173**Valid since**: 9 174 175### ohos.permission.PUBLISH_AGENT_REMINDER 176 177Allows an application to use agent-powered reminders. 178 179**Permission level**: normal 180 181**Authorization mode**: system_grant 182 183**Valid since**: 7 184 185### ohos.permission.SET_WIFI_INFO 186 187Allows an application to set a Wi-Fi device. 188 189**Permission level**: normal 190 191**Authorization mode**: system_grant 192 193**Valid since**: 8 194 195### ohos.permission.VIBRATE 196 197Allows an application to control vibration. 198 199**Permission level**: normal 200 201**Authorization mode**: system_grant 202 203**Valid since**: 7 204 205### ohos.permission.CLEAN_BACKGROUND_PROCESSES 206 207Allows an application to clear background processes based on their bundle names. 208 209**Permission level**: normal 210 211**Authorization mode**: system_grant 212 213**Valid since**: 7 214 215### ohos.permission.COMMONEVENT_STICKY 216 217Allows an application to publish sticky common events. 218 219**Permission level**: normal 220 221**Authorization mode**: system_grant 222 223**Valid since**: 7 224 225### ohos.permission.MODIFY_AUDIO_SETTINGS 226 227Allows an application to modify audio settings. 228 229**Permission level**: normal 230 231**Authorization mode**: system_grant 232 233**Valid since**: 8 234 235### ohos.permission.RUNNING_LOCK 236 237Allows an application to obtain a running lock. 238 239**Permission level**: normal 240 241**Authorization mode**: system_grant 242 243**Valid since**: 7 244 245### ohos.permission.SET_WALLPAPER 246 247Allows an application to set wallpapers. 248 249**Permission level**: normal 250 251**Authorization mode**: system_grant 252 253**Valid since**: 7 254 255### ohos.permission.ACCESS_CERT_MANAGER 256 257Allows an application to query certificates and private credentials. 258 259**Permission level**: normal 260 261**Authorization mode**: system_grant 262 263**Valid since**: 9 264 265### ohos.permission.hsdr.HSDR_ACCESS 266 267Allows an application to access OpenHarmony Security Detection and Response Framework. 268 269**Permission level**: normal 270 271**Authorization mode**: system_grant 272 273**Valid since**: 10 274 275### ohos.permission.RUN_DYN_CODE 276 277Allows an application to run dynamically delivered ArkCompiler bytecode when the ArkCompiler runtime engine is in restricted mode. 278 279The APIs related to this permission are system APIs and are available only for specific system applications. 280 281**Permission level**: normal 282 283**Authorization mode**: system_grant 284 285**Valid since**: 11 286 287### ohos.permission.READ_CLOUD_SYNC_CONFIG 288 289Allows an application that has accessed the cloud to obtain its device-cloud synchronization configuration. 290 291**Permission level**: normal 292 293**Authorization mode**: system_grant 294 295**Valid since**: 11 296 297### ohos.permission.STORE_PERSISTENT_DATA 298 299Allows an application to store persistent data. The persistent data will be cleared only when the device's factory settings are restored or the system is reinstalled. 300 301**Permission level**: normal 302 303**Authorization mode**: system_grant 304 305**Valid since**: 11 306 307### ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER 308 309Allows an application to use enhanced functions of the devices connected to this device. 310 311**Permission level**: normal 312 313**Authorization mode**: system_grant 314 315**Valid since**: 11 316 317### ohos.permission.READ_ACCOUNT_LOGIN_STATE 318 319Allows an application to read the login status of user accounts. 320 321**Permission level**: normal 322 323**Authorization mode**: system_grant 324 325**Valid since**: 12 326 327### ohos.permission.ACCESS_SERVICE_NAVIGATION_INFO 328 329Allows an application to access the navigation service. 330 331**Permission level**: normal 332 333**Authorization mode**: system_grant 334 335**Valid since**: 12 336 337### ohos.permission.PROTECT_SCREEN_LOCK_DATA 338 339Allows an application to protect its sensitive data from being accessed after the screen is locked. 340 341After the application obtains this permission, a directory in **/el5** will be automatically created. Access to the data in this directory is denied after the screen is locked. 342 343**Permission level**: normal 344 345**Authorization mode**: system_grant 346 347**Valid since**: 12 348 349### ohos.permission.FILE_ACCESS_PERSIST 350 351Allows an application to support persistent access to file URIs. 352 353<!--RP2--><!--RP2End--> 354 355**Permission level**: system_basic for API version 11 and normal for API versions 12 and later. 356 357**Authorization mode**: system_grant 358 359**Valid since**: 11 360 361### ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE 362 363Allows an application to access the distributed travel service engine. 364 365**Permission level**: normal 366 367**Authorization mode**: system_grant 368 369**Valid since**: 12 370 371### ohos.permission.SET_TELEPHONY_ESIM_STATE_OPEN 372 373Allows a system application or carrier application to set the eSIM nickname and activate the eSIM. 374 375**Permission level**: normal 376 377**Authorization mode**: system_grant 378 379**Valid since**: 13 380 381### ohos.permission.WINDOW_TOPMOST 382 383Allows an application to set pinned windows. 384 385**Permission level**: normal 386 387**Authorization mode**: system_grant 388 389**Valid since**: 13 390 391## user_grant Permissions 392 393The [user_grant permissions](app-permission-mgmt-overview.md#user_grant-user-authorization) are permissions granted by users. For details about how to request this type of permissions, see [Requesting User Authorization](request-user-authorization.md). 394 395### ohos.permission.ACCESS_BLUETOOTH 396 397Allows an application to access Bluetooth and use Bluetooth capabilities, such as pairing and connecting to peripheral devices. 398 399**Permission level**: normal 400 401**Authorization mode**: user_grant 402 403**Valid since**: 10 404 405### ohos.permission.MEDIA_LOCATION 406 407Allows an application to access geographical locations in the user's media file. 408 409**Permission level**: normal 410 411**Authorization mode**: user_grant 412 413**Valid since**: 7 414 415### ohos.permission.APP_TRACKING_CONSENT 416 417Allows an application to read the open anonymous device identifier (OAID). 418 419**Permission level**: normal 420 421**Authorization mode**: user_grant 422 423**Valid since**: 9 424 425### ohos.permission.ACTIVITY_MOTION 426 427Allows an application to read the current workout status of the user, such as detecting whether the user is working out and recording the number of steps the user has taken. 428 429**Permission level**: normal 430 431**Authorization mode**: user_grant 432 433**Valid since**: 7 434 435### ohos.permission.CAMERA 436 437Allows an application to use the camera. 438 439**Permission level**: normal 440 441**Authorization mode**: user_grant 442 443**Valid since**: 9 444 445### ohos.permission.DISTRIBUTED_DATASYNC 446 447Allows the application data to be exchanged between devices. 448 449**Permission level**: normal 450 451**Authorization mode**: user_grant 452 453**Valid since**: 7 454 455### ohos.permission.LOCATION_IN_BACKGROUND 456 457Allows an application running in the background to obtain the device location. 458 459For security purposes, this permission cannot be granted to applications in a dialog box. If an application needs this permission, direct the user to manually grant this permission on the **Settings** screen. 460 461**Procedure**: 462 4631. Request the foreground location permissions in the dialog box. You can request either of the following permissions: 464 - Request [ohos.permission.APPROXIMATELY_LOCATION](#ohospermissionapproximately_location). 465 - Request [ohos.permission.APPROXIMATELY_LOCATION](#ohospermissionapproximately_location) and [ohos.permission.LOCATION](#ohospermissionlocation). 4662. After the user grants the foreground location permissions, display a message to direct the user to go to the **Settings** screen to grant the ohos.permission.LOCATION_IN_BACKGROUND permission. 4673. The permission is granted to the application if the user selects **Always allow** on the **Settings** screen. 468 469 Paths: 470 <!--RP1--> 471 - Path 1: **Settings** > **Privacy** > **Permission manager** > **Permissions** > **Location** > *Target application* 472 - Path 2: **Settings** > **Privacy** > **Permission manager** > **Apps** > *Target application* > Location 473 <!--RP1End--> 474 475**Permission level**: normal 476 477**Authorization mode**: user_grant 478 479**Valid since**: 7 480 481### ohos.permission.LOCATION 482 483Allows an application to obtain the device location. 484 485**Prerequisites**: This permission must be requested with [ohos.permission.APPROXIMATELY_LOCATION](#ohospermissionapproximately_location) together. 486 487**Permission level**: normal 488 489**Authorization mode**: user_grant 490 491**Valid since**: 7 492 493### ohos.permission.APPROXIMATELY_LOCATION 494 495Allows an application to obtain the approximate location information of a device. 496 497**Permission level**: normal 498 499**Authorization mode**: user_grant 500 501**Valid since**: 9 502 503### ohos.permission.MICROPHONE 504 505Allows an application to access the microphone. 506 507**Permission level**: normal 508 509**Authorization mode**: user_grant 510 511**Valid since**: 8 512 513### ohos.permission.READ_CALENDAR 514 515Allows an application to read Calendar data. 516 517**Permission level**: normal 518 519**Authorization mode**: user_grant 520 521**Valid since**: 8 522 523### ohos.permission.WRITE_CALENDAR 524 525Allows an application to add, remove, and modify Calendar events. 526 527**Permission level**: normal 528 529**Authorization mode**: user_grant 530 531**Valid since**: 8 532 533### ohos.permission.READ_HEALTH_DATA 534 535Allows an application to read the health data of the user. 536 537**Permission level**: normal 538 539**Authorization mode**: user_grant 540 541**Valid since**: 7 542 543### ohos.permission.ACCESS_NEARLINK 544 545Allows an application to use NearLink, such as device pairing and connecting to nearby devices. 546 547**Permission level**: normal 548 549**Authorization mode**: user_grant 550 551**Valid since**: 12 552 553### ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY 554 555Allows an application to access the **Download** directory and its subdirectories in the user directory. 556 557Currently, this permission is available only for 2-in-1 device applications. 558 559<!--RP2--><!--RP2End--> 560 561**Permission level**: system_basic for API version 11 and normal for API versions 12 and later. 562 563**Authorization mode**: user_grant 564 565**Valid since**: 11 566 567### ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY 568 569Allows an application to access the **Documents** directory and its subdirectories in the user directory. 570 571Currently, this permission is available only for 2-in-1 device applications. 572 573<!--RP2--><!--RP2End--> 574 575**Permission level**: system_basic for API version 11 and normal for API versions 12 and later. 576 577**Authorization mode**: user_grant 578 579**Valid since**: 11 580 581### ohos.permission.READ_MEDIA 582 583Allows an application to read media files from the user's external storage. 584 585**Permission level**: normal 586 587**Authorization mode**: user_grant 588 589**Valid since**: 7 590 591**Deprecated from**: 12 592 593**Substitute**: 594 595See the [alternative solution of the **Files** permission group](app-permission-group-list.md#filesdeprecated). 596 597### ohos.permission.WRITE_MEDIA 598 599Allows an application to read media files from and write media files into the user's external storage. 600 601**Permission level**: normal 602 603**Authorization mode**: user_grant 604 605**Valid since**: 7 606 607**Deprecated from**: 12 608 609**Substitute**: 610 611See the [alternative solution of the **Files** permission group](app-permission-group-list.md#filesdeprecated). 612