1e41f4b71Sopenharmony_ci# IPC Authentication Development<a name="EN-US_TOPIC_0000001058671861"></a>
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ci## When to Use<a name="section18502174174019"></a>
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ciSystem services registered with Samgr can be accessed by other processes through IPC APIs. When a process requests to access such an API, IPC authentication is triggered to check whether the process has the required permission. If the process does not have the required permission, the access request will be denied.
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ciWhen developing a system service, you can use the IPC authentication component to configure access policies for APIs of the service. When other services access these APIs through IPC, Samgr calls APIs of the IPC authentication component to check whether the services have the access permission.
8e41f4b71Sopenharmony_ci
9e41f4b71Sopenharmony_ci## Available APIs<a name="section1633115419401"></a>
10e41f4b71Sopenharmony_ci
11e41f4b71Sopenharmony_ciThe following table lists the APIs provided by IPC authentication \(intended for Samgr only\).
12e41f4b71Sopenharmony_ci
13e41f4b71Sopenharmony_ci**Table  1**  APIs provided by IPC authentication
14e41f4b71Sopenharmony_ci
15e41f4b71Sopenharmony_ci<a name="table10494122145517"></a>
16e41f4b71Sopenharmony_ci<table><thead align="left"><tr id="row1494152195511"><th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.1"><p id="p14941221135515"><a name="p14941221135515"></a><a name="p14941221135515"></a>Function</p>
17e41f4b71Sopenharmony_ci</th>
18e41f4b71Sopenharmony_ci<th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.2"><p id="p8494172116555"><a name="p8494172116555"></a><a name="p8494172116555"></a>Description</p>
19e41f4b71Sopenharmony_ci</th>
20e41f4b71Sopenharmony_ci</tr>
21e41f4b71Sopenharmony_ci</thead>
22e41f4b71Sopenharmony_ci<tbody><tr id="row1849482118555"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p1414381815720"><a name="p1414381815720"></a><a name="p1414381815720"></a>int GetCommunicationStrategy(RegParams params, PolicyTrans **policies, unsigned int *policyNum)</p>
23e41f4b71Sopenharmony_ci</td>
24e41f4b71Sopenharmony_ci<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p749582195510"><a name="p749582195510"></a><a name="p749582195510"></a>Obtains the access policies of a service API.</p>
25e41f4b71Sopenharmony_ci</td>
26e41f4b71Sopenharmony_ci</tr>
27e41f4b71Sopenharmony_ci<tr id="row8495521115517"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p966319247576"><a name="p966319247576"></a><a name="p966319247576"></a>int IsCommunicationAllowed(AuthParams params)</p>
28e41f4b71Sopenharmony_ci</td>
29e41f4b71Sopenharmony_ci<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p134951921115511"><a name="p134951921115511"></a><a name="p134951921115511"></a>Checks whether a process has the permission to access an API of another process.</p>
30e41f4b71Sopenharmony_ci</td>
31e41f4b71Sopenharmony_ci</tr>
32e41f4b71Sopenharmony_ci</tbody>
33e41f4b71Sopenharmony_ci</table>
34e41f4b71Sopenharmony_ci
35e41f4b71Sopenharmony_ci## How to Develop<a name="section022611498210"></a>
36e41f4b71Sopenharmony_ci
37e41f4b71Sopenharmony_ciThis section uses BMS as an example to describe how to configure access policies for APIs provided by the IPC authentication component. In this example, the service registered by BMS with Samgr is  **bundlems**, and the feature registered for open APIs is  **BmsFeature**.
38e41f4b71Sopenharmony_ci
39e41f4b71Sopenharmony_ci1.  <a name="li15901515152517"></a>On the OpenHarmony side, configure access policies in the  **base/security/permission/services/permission\_lite/ipc\_auth/include/policy\_preset.h**  file. On the device side, configure access policies in the  **vendor/hisilicon/_product name_/hals/security/permission\_lite/ipc\_auth/include/policy\_preset\_product.h**  file. After that, set  **POLICY\_PRODUCT**  in the header files to  **1**. Access policies are classified into the following three types:
40e41f4b71Sopenharmony_ci
41e41f4b71Sopenharmony_ci    1.  **RANGE**: Processes with a specified range of UIDs can access BMS APIs.  **uidMin**  and  **uidMax**  must be specified.
42e41f4b71Sopenharmony_ci
43e41f4b71Sopenharmony_ci    2.  **FIXED**: Processes with specified UIDs can access BMS APIs.  **fixedUid**  must be specified, and a maximum of eight UIDs are allowed.
44e41f4b71Sopenharmony_ci
45e41f4b71Sopenharmony_ci    3.  **BUNDLENAME**: An application with a specified  **bundleName**  can access BMS APIs.
46e41f4b71Sopenharmony_ci
47e41f4b71Sopenharmony_ci    ```
48e41f4b71Sopenharmony_ci    FeaturePolicy bmsFeature[] = {
49e41f4b71Sopenharmony_ci        {
50e41f4b71Sopenharmony_ci            "BmsFeature",
51e41f4b71Sopenharmony_ci            {
52e41f4b71Sopenharmony_ci                {
53e41f4b71Sopenharmony_ci                    .type=FIXED,    // Processes with specified UIDs can access BMS APIs.
54e41f4b71Sopenharmony_ci                    .fixedUid={2, 3, 8}
55e41f4b71Sopenharmony_ci                },
56e41f4b71Sopenharmony_ci                {
57e41f4b71Sopenharmony_ci                    .type=RANGE,    // Processes with a specified range of UIDs can access BMS APIs. 
58e41f4b71Sopenharmony_ci                    .uidMin=100,
59e41f4b71Sopenharmony_ci                    .uidMax=__INT_MAX__,
60e41f4b71Sopenharmony_ci                },
61e41f4b71Sopenharmony_ci            }
62e41f4b71Sopenharmony_ci        },
63e41f4b71Sopenharmony_ci        {
64e41f4b71Sopenharmony_ci            "BmsInnerFeature",
65e41f4b71Sopenharmony_ci            {
66e41f4b71Sopenharmony_ci                {
67e41f4b71Sopenharmony_ci                    .type=FIXED,     // Processes with specified UIDs can access BMS APIs.
68e41f4b71Sopenharmony_ci                    .fixedUid={2, 3, 8}
69e41f4b71Sopenharmony_ci                },
70e41f4b71Sopenharmony_ci                {
71e41f4b71Sopenharmony_ci                    .type=RANGE,
72e41f4b71Sopenharmony_ci                    .uidMin=100,
73e41f4b71Sopenharmony_ci                    .uidMax=999,
74e41f4b71Sopenharmony_ci                },
75e41f4b71Sopenharmony_ci            }
76e41f4b71Sopenharmony_ci        },
77e41f4b71Sopenharmony_ci    };
78e41f4b71Sopenharmony_ci    ```
79e41f4b71Sopenharmony_ci
80e41f4b71Sopenharmony_ci2.  Add the policies configured for the features in  [Step 1](#li15901515152517)  to the global policy settings. You need to set the number of features.
81e41f4b71Sopenharmony_ci
82e41f4b71Sopenharmony_ci    ```
83e41f4b71Sopenharmony_ci    static PolicySetting g_presetPolicies[] = {
84e41f4b71Sopenharmony_ci        {"permissionms", pmsFeature, 1},
85e41f4b71Sopenharmony_ci        {"abilityms", amsFeature, 2},
86e41f4b71Sopenharmony_ci        {"bundlems", bmsFeature, 2},  // Add the policies configured for the two features in [Step 1](#li15901515152517) to the global policy settings.
87e41f4b71Sopenharmony_ci        {"dtbschedsrv", dmsFeature, 1},
88e41f4b71Sopenharmony_ci        {"samgr", samgrFeature, 1},
89e41f4b71Sopenharmony_ci        {"appspawn", appspawnFeature, 1},
90e41f4b71Sopenharmony_ci        {"WMS", wmsFeature, 1},
91e41f4b71Sopenharmony_ci        {"bundle_daemon", bdsFeature, 1},
92e41f4b71Sopenharmony_ci    };
93e41f4b71Sopenharmony_ci    ```
94e41f4b71Sopenharmony_ci
95e41f4b71Sopenharmony_ci3.  Register the  **BmsFeature**  defined in  [Step 1](#li15901515152517)  with Samgr.
96e41f4b71Sopenharmony_ci
97e41f4b71Sopenharmony_ci    ```
98e41f4b71Sopenharmony_ci    const char BMS_SERVICE[] = "bundlems";
99e41f4b71Sopenharmony_ci    const char BMS_FEATURE[] = "BmsFeature";
100e41f4b71Sopenharmony_ci    static void Init()
101e41f4b71Sopenharmony_ci    {
102e41f4b71Sopenharmony_ci        SamgrLite *sm = SAMGR_GetInstance();
103e41f4b71Sopenharmony_ci        if (sm == nullptr) {
104e41f4b71Sopenharmony_ci            return;
105e41f4b71Sopenharmony_ci        }
106e41f4b71Sopenharmony_ci        // Register the BmsFeature with Samgr.
107e41f4b71Sopenharmony_ci        sm->RegisterFeature(BMS_SERVICE, reinterpret_cast<Feature *>(BundleMsFeature::GetInstance()));
108e41f4b71Sopenharmony_ci        sm->RegisterFeatureApi(BMS_SERVICE, BMS_FEATURE,
109e41f4b71Sopenharmony_ci            GetBmsFeatureApi(reinterpret_cast<Feature *>(BundleMsFeature::GetInstance())));
110e41f4b71Sopenharmony_ci        HILOG_DEBUG(HILOG_MODULE_APP, "BundleMS feature start success");
111e41f4b71Sopenharmony_ci    }
112e41f4b71Sopenharmony_ci    APP_FEATURE_INIT(Init);
113e41f4b71Sopenharmony_ci    ```
114e41f4b71Sopenharmony_ci
115e41f4b71Sopenharmony_ci
116e41f4b71Sopenharmony_ciWhen you register a service with Samgr, Samgr calls the  **GetCommunicationStrategy**  function of the IPC authentication component to obtain access policies of the service. When other services or applications access this service through IPC, Samgr calls the  **IsCommunicationAllowed**  function of the IPC authentication component to check whether the services or applications have the access permission.
117e41f4b71Sopenharmony_ci
118e41f4b71Sopenharmony_ci## FAQ<a name="section15729104510271"></a>
119e41f4b71Sopenharmony_ci
120e41f4b71Sopenharmony_ci-   Registering a service with Samgr failed
121e41f4b71Sopenharmony_ci
122e41f4b71Sopenharmony_ci    **Problem**
123e41f4b71Sopenharmony_ci
124e41f4b71Sopenharmony_ci    During the startup of a new service, a message is displayed indicating that the service fails to be registered with Samgr.
125e41f4b71Sopenharmony_ci
126e41f4b71Sopenharmony_ci    **Cause**
127e41f4b71Sopenharmony_ci
128e41f4b71Sopenharmony_ci    The service UID is not configured in the IPC authentication component.
129e41f4b71Sopenharmony_ci
130e41f4b71Sopenharmony_ci    **Solution**
131e41f4b71Sopenharmony_ci
132e41f4b71Sopenharmony_ci    Configure a valid UID for the service in the  **base/security/permission/services/permission\_lite/ipc\_auth/src/ipc\_auth\_impl.c**  file.
133e41f4b71Sopenharmony_ci
134e41f4b71Sopenharmony_ci
135