From 40b48975f08279b212995a29047ecdbdd953b5b2 Mon Sep 17 00:00:00 2001
From: linjunjie <linjunjie6@huawei.com>
Date: Fri, 1 Aug 2025 20:20:53 +0800
Subject: [PATCH] if wantAgent specifyTokenId form SA, Support SA or system app
 call

Signed-off-by: linjunjie <linjunjie6@huawei.com>
---
 services/common/src/permission_verification.cpp |  5 +++++
 .../permission_verification_test.cpp            | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/services/common/src/permission_verification.cpp b/services/common/src/permission_verification.cpp
index 03d30118d95..27a5db76c5e 100644
--- a/services/common/src/permission_verification.cpp
+++ b/services/common/src/permission_verification.cpp
@@ -428,6 +428,11 @@ int PermissionVerification::JudgeInvisibleAndBackground(const VerificationInfo &
         TAG_LOGD(AAFwkTag::DEFAULT, "Support SA call");
         return ERR_OK;
     }
+    if (specifyTokenId > 0 && SupportSystemAbilityPermission::IsSupportSaCallPermission() &&
+        IsSACallByTokenId(specifyTokenId) && JudgeCallerIsAllowedToUseSystemAPI()) {
+        TAG_LOGD(AAFwkTag::DEFAULT, "specifyTokenId form SA, Support SA or system app call");
+        return ERR_OK;
+    }
     if (!isCallByShortcut &&
         !JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible,
         specifyTokenId)) {
diff --git a/test/unittest/permission_verification_test/permission_verification_test.cpp b/test/unittest/permission_verification_test/permission_verification_test.cpp
index de8d8b6e45f..8a06079fafe 100755
--- a/test/unittest/permission_verification_test/permission_verification_test.cpp
+++ b/test/unittest/permission_verification_test/permission_verification_test.cpp
@@ -33,6 +33,7 @@ const std::string DLP_PARAMS_INDEX = "ohos.dlp.params.index";
 #endif // WITH_DLP
 const int32_t SHELL_START_EXTENSION_FLOOR = 0;
 const int32_t SHELL_START_EXTENSION_MAX = 22; // EMBEDDED_UI
+const int32_t SA_SPECIFY_TOKEN_ID = 671874584;
 }
 class PermissionVerificationTest : public testing::Test {
 public:
@@ -248,6 +249,22 @@ HWTEST_F(PermissionVerificationTest, CheckCallAbilityPermission_0300, TestSize.L
     EXPECT_EQ(result, ABILITY_VISIBLE_FALSE_DENY_REQUEST);
 }
 
+/**
+ * @tc.name: CheckCallAbilityPermission_0400
+ * @tc.desc: CheckCallAbilityPermission Test
+ * @tc.type: FUNC
+ * @tc.require: issueI5QXCQ
+ */
+HWTEST_F(PermissionVerificationTest, CheckCallAbilityPermission_0400, TestSize.Level1)
+{
+    AAFwk::PermissionVerification::VerificationInfo verificationInfo;
+    verificationInfo.specifyTokenId = SA_SPECIFY_TOKEN_ID;
+    verificationInfo.visible = true;
+    verificationInfo.isBackgroundCall = true;
+    int result = AAFwk::PermissionVerification::GetInstance()->CheckCallAbilityPermission(verificationInfo);
+    EXPECT_EQ(result, ERR_OK);
+}
+
 /**
  * @tc.name: CheckStartByCallPermission_0100
  * @tc.desc: CheckStartByCallPermission Test
-- 
Gitee