From b0882f6d98fae0526f66b8e5540c126edf35ee9e Mon Sep 17 00:00:00 2001
From: wuxiaodong <wuxiaodong21@huawei.com>
Date: Wed, 15 Nov 2023 16:44:29 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: wuxiaodong <wuxiaodong21@huawei.com>
---
 services/abilitymgr/include/dlp_utils.h       |  4 --
 .../src/ability_manager_service.cpp           | 55 +++++++++----------
 services/appmgr/src/app_mgr_service.cpp       | 24 ++++----
 services/appmgr/src/app_mgr_service_inner.cpp | 36 +++---------
 .../common/src/permission_verification.cpp    | 30 +---------
 5 files changed, 48 insertions(+), 101 deletions(-)

diff --git a/services/abilitymgr/include/dlp_utils.h b/services/abilitymgr/include/dlp_utils.h
index f9fc8bf1ef9..7478d3ce4af 100644
--- a/services/abilitymgr/include/dlp_utils.h
+++ b/services/abilitymgr/include/dlp_utils.h
@@ -34,10 +34,6 @@ using Dlp = Security::DlpPermission::DlpPermissionKit;
 [[maybe_unused]]static bool DlpAccessOtherAppsCheck(const sptr<IRemoteObject> &callerToken, const Want &want)
 {
 #ifdef WITH_DLP
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (isSaCall) {
-        return true;
-    }
     if (callerToken == nullptr) {
         return true;
     }
diff --git a/services/abilitymgr/src/ability_manager_service.cpp b/services/abilitymgr/src/ability_manager_service.cpp
index d09bc6b68db..cd98a41e6e2 100644
--- a/services/abilitymgr/src/ability_manager_service.cpp
+++ b/services/abilitymgr/src/ability_manager_service.cpp
@@ -843,8 +843,7 @@ int AbilityManagerService::StartAbilityInner(const Want &want, const sptr<IRemot
             HILOG_ERROR("Cannot start extension by start ability, use startServiceExtensionAbility.");
             return ERR_WRONG_INTERFACE_CALL;
         }
-
-        if (isSystemAppCall || isToPermissionMgr) {
+        if (!isGatewayCall) {
             result = CheckCallServicePermission(abilityRequest);
             if (result != ERR_OK) {
                 HILOG_ERROR("Check permission failed");
@@ -4805,27 +4804,28 @@ void AbilityManagerService::StartHighestPriorityAbility(int32_t userId, bool isB
     }
 
     Want abilityWant; // donot use 'want' here, because the entity of 'want' is not empty
+#ifdef SUPPORT_GRAPHICS
+    abilityWant.SetParam(NEED_STARTINGWINDOW, false);
+    // wait BOOT_ANIMATION_STARTED to start LAUNCHER
+    WaitParameter(BOOTEVENT_BOOT_ANIMATION_STARTED.c_str(), "true",
+        AmsConfigurationParameter::GetInstance().GetBootAnimationTimeoutTime());
+#endif
     if (!abilityInfo.name.empty()) {
         /* highest priority ability */
         HILOG_INFO("Start the highest priority ability. bundleName: %{public}s, ability:%{public}s",
             abilityInfo.bundleName.c_str(), abilityInfo.name.c_str());
         abilityWant.SetElementName(abilityInfo.bundleName, abilityInfo.name);
+        /* note: OOBE APP need disable itself, otherwise, it will be started when restart system everytime */
+        (void)StartAbility(abilityWant, userId, DEFAULT_INVAL_VALUE);
     } else {
         /* highest priority extension ability */
         HILOG_INFO("Start the highest priority extension ability. bundleName: %{public}s, ability:%{public}s",
             extensionAbilityInfo.bundleName.c_str(), extensionAbilityInfo.name.c_str());
         abilityWant.SetElementName(extensionAbilityInfo.bundleName, extensionAbilityInfo.name);
+        // accountMgr StartUser, it doesn't perceive abilityMgr to start LAUNCHER
+        IN_PROCESS_CALL_WITHOUT_RET(
+            (void)StartExtensionAbility(abilityWant, nullptr, userId, extensionAbilityInfo.type));
     }
-
-#ifdef SUPPORT_GRAPHICS
-    abilityWant.SetParam(NEED_STARTINGWINDOW, false);
-    // wait BOOT_ANIMATION_STARTED to start LAUNCHER
-    WaitParameter(BOOTEVENT_BOOT_ANIMATION_STARTED.c_str(), "true",
-        AmsConfigurationParameter::GetInstance().GetBootAnimationTimeoutTime());
-#endif
-
-    /* note: OOBE APP need disable itself, otherwise, it will be started when restart system everytime */
-    (void)StartAbility(abilityWant, userId, DEFAULT_INVAL_VALUE);
 }
 
 int AbilityManagerService::GenerateAbilityRequest(
@@ -5904,6 +5904,7 @@ int AbilityManagerService::JudgeAbilityVisibleControl(const AppExecFwk::AbilityI
         PermissionConstants::PERMISSION_START_INVISIBLE_ABILITY) == AppExecFwk::Constants::PERMISSION_GRANTED) {
         return ERR_OK;
     }
+    // allow gateway to start invisible ability when it has no permission
     if (AAFwk::PermissionVerification::GetInstance()->IsGatewayCall()) {
         return ERR_OK;
     }
@@ -6091,10 +6092,9 @@ void AbilityManagerService::ClearUserData(int32_t userId)
 
 int AbilityManagerService::RegisterSnapshotHandler(const sptr<ISnapshotHandler>& handler)
 {
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall) {
-        HILOG_ERROR("%{public}s: Permission verification failed", __func__);
-        return 0;
+    if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
+        return ERR_INVALID_OPERATION;
     }
 
     if (!currentMissionListManager_) {
@@ -6642,7 +6642,7 @@ int AbilityManagerService::SendANRProcessID(int pid)
     auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
     auto isShellCall = AAFwk::PermissionVerification::GetInstance()->IsShellCall();
     if (!isSaCall && !isShellCall) {
-        HILOG_ERROR("%{public}s: Permission verification failed", __func__);
+        HILOG_ERROR("Not sa or shell call");
         return CHECK_PERMISSION_FAILED;
     }
 
@@ -6804,9 +6804,8 @@ int AbilityManagerService::FinishUserTest(
 
 int AbilityManagerService::GetTopAbility(sptr<IRemoteObject> &token)
 {
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall) {
-        HILOG_ERROR("Permission verification failed");
+    if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
         return CHECK_PERMISSION_FAILED;
     }
 #ifdef SUPPORT_GRAPHICS
@@ -7551,7 +7550,7 @@ int AbilityManagerService::RegisterWindowManagerServiceHandler(const sptr<IWindo
     auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
     auto isGatewayCall = AAFwk::PermissionVerification::GetInstance()->IsGatewayCall();
     if (!isSaCall && !isGatewayCall) {
-        HILOG_ERROR("%{public}s: Permission verification failed", __func__);
+        HILOG_ERROR("Not sa or gateway call");
         return CHECK_PERMISSION_FAILED;
     }
     wmsHandler_ = handler;
@@ -7827,7 +7826,6 @@ int AbilityManagerService::CheckCallOtherExtensionPermission(const AbilityReques
         AAFwk::PermissionVerification::GetInstance()->IsGatewayCall()) {
         return ERR_OK;
     }
-
     auto extensionType = abilityRequest.abilityInfo.extensionAbilityType;
     HILOG_DEBUG("OtherExtension type: %{public}d.", static_cast<int32_t>(extensionType));
     if (extensionType == AppExecFwk::ExtensionAbilityType::WINDOW) {
@@ -8074,6 +8072,7 @@ int AbilityManagerService::AddStartControlParam(Want &want, const sptr<IRemoteOb
 {
     if (AAFwk::PermissionVerification::GetInstance()->IsSACall() ||
         AAFwk::PermissionVerification::GetInstance()->IsShellCall()) {
+        HILOG_DEBUG("sa or shell call");
         return ERR_OK;
     }
     auto abilityRecord = Token::GetAbilityRecordByToken(callerToken);
@@ -8110,8 +8109,8 @@ int AbilityManagerService::CheckDlpForExtension(
 
 bool AbilityManagerService::JudgeSelfCalled(const std::shared_ptr<AbilityRecord> &abilityRecord)
 {
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (isSaCall) {
+    if (AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_DEBUG("sa call");
         return true;
     }
 
@@ -8787,7 +8786,7 @@ int32_t AbilityManagerService::RegisterAppDebugListener(const sptr<AppExecFwk::I
 {
     HILOG_DEBUG("Called.");
     if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
-        HILOG_ERROR("Permission verification failed.");
+        HILOG_ERROR("Not sa call");
         return CHECK_PERMISSION_FAILED;
     }
     return DelayedSingleton<AppScheduler>::GetInstance()->RegisterAppDebugListener(listener);
@@ -8797,7 +8796,7 @@ int32_t AbilityManagerService::UnregisterAppDebugListener(const sptr<AppExecFwk:
 {
     HILOG_DEBUG("Called.");
     if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
-        HILOG_ERROR("Permission verification failed.");
+        HILOG_ERROR("Not sa call");
         return CHECK_PERMISSION_FAILED;
     }
     return DelayedSingleton<AppScheduler>::GetInstance()->UnregisterAppDebugListener(listener);
@@ -8808,7 +8807,7 @@ int32_t AbilityManagerService::AttachAppDebug(const std::string &bundleName)
     HILOG_DEBUG("Called.");
     if (!AAFwk::PermissionVerification::GetInstance()->IsSACall() &&
         !AAFwk::PermissionVerification::GetInstance()->IsShellCall()) {
-        HILOG_ERROR("Permission verification failed.");
+        HILOG_ERROR("Not sa or shell call");
         return CHECK_PERMISSION_FAILED;
     }
 
@@ -8827,7 +8826,7 @@ int32_t AbilityManagerService::DetachAppDebug(const std::string &bundleName)
     HILOG_DEBUG("Called.");
     if (!AAFwk::PermissionVerification::GetInstance()->IsSACall() &&
         !AAFwk::PermissionVerification::GetInstance()->IsShellCall()) {
-        HILOG_ERROR("Permission verification failed.");
+        HILOG_ERROR("Not sa or shell call");
         return CHECK_PERMISSION_FAILED;
     }
 
diff --git a/services/appmgr/src/app_mgr_service.cpp b/services/appmgr/src/app_mgr_service.cpp
index 22377df044b..e50dfadc605 100644
--- a/services/appmgr/src/app_mgr_service.cpp
+++ b/services/appmgr/src/app_mgr_service.cpp
@@ -292,8 +292,7 @@ int32_t AppMgrService::ClearUpApplicationData(const std::string &bundleName)
         HILOG_ERROR("GetBundleName failed: %{public}d", result);
         return ERR_INVALID_OPERATION;
     }
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall && bundleName != callerBundleName) {
+    if (bundleName != callerBundleName) {
         auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission(
             AAFwk::PermissionConstants::PERMISSION_CLEAN_APPLICATION_DATA);
         if (!isCallingPerm) {
@@ -562,9 +561,8 @@ int AppMgrService::GetAbilityRecordsByProcessID(const int pid, std::vector<sptr<
         HILOG_ERROR("not ready");
         return ERR_INVALID_OPERATION;
     }
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall) {
-        HILOG_ERROR("Not SA call.");
+    if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
         return ERR_INVALID_OPERATION;
     }
     return appMgrServiceInner_->GetAbilityRecordsByProcessID(pid, tokens);
@@ -688,8 +686,8 @@ int32_t AppMgrService::NotifyLoadRepairPatch(const std::string &bundleName, cons
         HILOG_ERROR("AppMgrService is not ready.");
         return ERR_INVALID_OPERATION;
     }
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall) {
+    if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
         return ERR_INVALID_OPERATION;
     }
     return appMgrServiceInner_->NotifyLoadRepairPatch(bundleName, callback);
@@ -701,8 +699,8 @@ int32_t AppMgrService::NotifyHotReloadPage(const std::string &bundleName, const
         HILOG_ERROR("AppMgrService is not ready.");
         return ERR_INVALID_OPERATION;
     }
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall) {
+    if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
         return ERR_INVALID_OPERATION;
     }
     return appMgrServiceInner_->NotifyHotReloadPage(bundleName, callback);
@@ -726,8 +724,8 @@ int32_t AppMgrService::NotifyUnLoadRepairPatch(const std::string &bundleName, co
         HILOG_ERROR("AppMgrService is not ready.");
         return ERR_INVALID_OPERATION;
     }
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall) {
+    if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
         return ERR_INVALID_OPERATION;
     }
     return appMgrServiceInner_->NotifyUnLoadRepairPatch(bundleName, callback);
@@ -735,8 +733,8 @@ int32_t AppMgrService::NotifyUnLoadRepairPatch(const std::string &bundleName, co
 
 bool AppMgrService::JudgeSelfCalledByRecordId(int32_t recordId)
 {
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (isSaCall) {
+    if (AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_DEBUG("Is sa call");
         return true;
     }
 
diff --git a/services/appmgr/src/app_mgr_service_inner.cpp b/services/appmgr/src/app_mgr_service_inner.cpp
index ba73c6e9c31..ce01d1d5047 100644
--- a/services/appmgr/src/app_mgr_service_inner.cpp
+++ b/services/appmgr/src/app_mgr_service_inner.cpp
@@ -1175,7 +1175,7 @@ int32_t AppMgrServiceInner::NotifyMemoryLevel(int32_t level)
     auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
     auto isGatewayCall = AAFwk::PermissionVerification::GetInstance()->IsGatewayCall();
     if (!isSaCall && !isGatewayCall) {
-        HILOG_ERROR("callerToken not SA %{public}s", __func__);
+        HILOG_ERROR("Not sa or gateway call");
         return ERR_INVALID_VALUE;
     }
     if (!(level == OHOS::AppExecFwk::MemoryLevel::MEMORY_LEVEL_MODERATE ||
@@ -1194,9 +1194,8 @@ int32_t AppMgrServiceInner::NotifyMemoryLevel(int32_t level)
 
 int32_t AppMgrServiceInner::DumpHeapMemory(const int32_t pid, OHOS::AppExecFwk::MallocInfo &mallocInfo)
 {
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall) {
-        HILOG_ERROR("callerToken not SA %{public}s", __func__);
+    if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
         return ERR_INVALID_VALUE;
     }
     if (pid < 0) {
@@ -2596,6 +2595,7 @@ void AppMgrServiceInner::SetAbilityForegroundingFlagToAppRecord(const pid_t pid)
 {
     HILOG_DEBUG("called");
     if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
         return;
     }
 
@@ -3474,7 +3474,7 @@ int AppMgrServiceInner::GetAbilityRecordsByProcessID(const int pid, std::vector<
     auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
     auto callingPid = IPCSkeleton::GetCallingPid();
     if (!isSaCall && callingPid != pid) {
-        HILOG_ERROR("Permission verify failed.");
+        HILOG_ERROR("Not sa call and pid isn't itself");
         return ERR_PERMISSION_DENIED;
     }
     for (auto &item : appRecord->GetAbilities()) {
@@ -3489,7 +3489,7 @@ int AppMgrServiceInner::GetApplicationInfoByProcessID(const int pid, AppExecFwk:
     auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
     auto isShellCall = AAFwk::PermissionVerification::GetInstance()->IsShellCall();
     if (!isSaCall && !isShellCall) {
-        HILOG_ERROR("no permissions.");
+        HILOG_ERROR("Not sa or shell call");
         return ERR_PERMISSION_DENIED;
     }
     auto appRecord = GetAppRunningRecordByPid(pid);
@@ -3510,11 +3510,6 @@ int AppMgrServiceInner::GetApplicationInfoByProcessID(const int pid, AppExecFwk:
 
 int AppMgrServiceInner::VerifyProcessPermission() const
 {
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (isSaCall) {
-        return ERR_OK;
-    }
-
     if (VerifyAPL()) {
         return ERR_OK;
     }
@@ -3527,11 +3522,6 @@ int AppMgrServiceInner::VerifyProcessPermission() const
 int AppMgrServiceInner::VerifyProcessPermission(const std::string &bundleName) const
 {
     CHECK_CALLER_IS_SYSTEM_APP;
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    auto isShellCall = AAFwk::PermissionVerification::GetInstance()->IsShellCall();
-    if (isSaCall || isShellCall) {
-        return ERR_OK;
-    }
 
     if (VerifyAPL()) {
         return ERR_OK;
@@ -3560,10 +3550,6 @@ int AppMgrServiceInner::VerifyProcessPermission(const std::string &bundleName) c
 int AppMgrServiceInner::VerifyProcessPermission(const sptr<IRemoteObject> &token) const
 {
     CHECK_CALLER_IS_SYSTEM_APP;
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (isSaCall) {
-        return ERR_OK;
-    }
 
     if (VerifyAPL()) {
         return ERR_OK;
@@ -3619,11 +3605,6 @@ bool AppMgrServiceInner::VerifyAPL() const
 
 int AppMgrServiceInner::VerifyAccountPermission(const std::string &permissionName, const int userId) const
 {
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (isSaCall) {
-        return ERR_OK;
-    }
-
     if (userId != currentUserId_) {
         auto isCallingPermAccount = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission(
             AAFwk::PermissionConstants::PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS);
@@ -4166,9 +4147,8 @@ int32_t AppMgrServiceInner::NotifyHotReloadPage(const std::string &bundleName, c
 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
 int32_t AppMgrServiceInner::SetContinuousTaskProcess(int32_t pid, bool isContinuousTask)
 {
-    auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall();
-    if (!isSaCall) {
-        HILOG_ERROR("callerToken not SA %{public}s", __func__);
+    if (!AAFwk::PermissionVerification::GetInstance()->IsSACall()) {
+        HILOG_ERROR("Not sa call");
         return ERR_INVALID_VALUE;
     }
 
diff --git a/services/common/src/permission_verification.cpp b/services/common/src/permission_verification.cpp
index 96c59c86e51..2975a071256 100644
--- a/services/common/src/permission_verification.cpp
+++ b/services/common/src/permission_verification.cpp
@@ -91,7 +91,7 @@ bool PermissionVerification::CheckSpecificSystemAbilityAccessPermission() const
 {
     HILOG_DEBUG("PermissionVerification::CheckSpecifidSystemAbilityAccessToken is called.");
     if (!IsSACall()) {
-        HILOG_ERROR("caller tokenType is not native, verify failed.");
+        HILOG_ERROR("Not sa call");
         return false;
     }
     auto callerToken = GetCallingTokenID();
@@ -106,10 +106,6 @@ bool PermissionVerification::CheckSpecificSystemAbilityAccessPermission() const
 
 bool PermissionVerification::VerifyRunningInfoPerm() const
 {
-    if (IsSACall()) {
-        HILOG_DEBUG("%{public}s: the interface called by SA.", __func__);
-        return true;
-    }
     if (VerifyCallingPermission(PermissionConstants::PERMISSION_GET_RUNNING_INFO)) {
         HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
         return true;
@@ -120,10 +116,6 @@ bool PermissionVerification::VerifyRunningInfoPerm() const
 
 bool PermissionVerification::VerifyControllerPerm() const
 {
-    if (IsSACall()) {
-        HILOG_DEBUG("%{public}s: the interface called by SA.", __func__);
-        return true;
-    }
     if (VerifyCallingPermission(PermissionConstants::PERMISSION_SET_ABILITY_CONTROLLER)) {
         HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
         return true;
@@ -148,9 +140,6 @@ bool PermissionVerification::VerifyDlpPermission(Want &want) const
 
 int PermissionVerification::VerifyAccountPermission() const
 {
-    if (IsSACall()) {
-        return ERR_OK;
-    }
     if (VerifyCallingPermission(PermissionConstants::PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS)) {
         return ERR_OK;
     }
@@ -160,9 +149,6 @@ int PermissionVerification::VerifyAccountPermission() const
 
 bool PermissionVerification::VerifyMissionPermission() const
 {
-    if (IsSACall()) {
-        return true;
-    }
     if (VerifyCallingPermission(PermissionConstants::PERMISSION_MANAGE_MISSION)) {
         HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
         return true;
@@ -173,9 +159,6 @@ bool PermissionVerification::VerifyMissionPermission() const
 
 int PermissionVerification::VerifyAppStateObserverPermission() const
 {
-    if (IsSACall()) {
-        return ERR_OK;
-    }
     if (VerifyCallingPermission(PermissionConstants::PERMISSION_RUNNING_STATE_OBSERVER)) {
         HILOG_DEBUG("Permission verification succeeded.");
         return ERR_OK;
@@ -237,10 +220,6 @@ int PermissionVerification::CheckCallDataAbilityPermission(const VerificationInf
 
 int PermissionVerification::CheckCallServiceAbilityPermission(const VerificationInfo &verificationInfo) const
 {
-    if (IsSACall()) {
-        return ERR_OK;
-    }
-
     if ((verificationInfo.apiTargetVersion > API8 || IsShellCall()) &&
         !JudgeStartAbilityFromBackground(verificationInfo.isBackgroundCall, verificationInfo.withContinuousTask)) {
         HILOG_ERROR("Application can not start ServiceAbility from background after API8.");
@@ -354,9 +333,6 @@ bool PermissionVerification::JudgeAssociatedWakeUp(const uint32_t accessTokenId,
 
 int PermissionVerification::JudgeInvisibleAndBackground(const VerificationInfo &verificationInfo) const
 {
-    if (IsSACall()) {
-        return ERR_OK;
-    }
     if (!JudgeStartInvisibleAbility(verificationInfo.accessTokenId, verificationInfo.visible)) {
         return ABILITY_VISIBLE_FALSE_DENY_REQUEST;
     }
@@ -370,6 +346,7 @@ int PermissionVerification::JudgeInvisibleAndBackground(const VerificationInfo &
 bool PermissionVerification::JudgeCallerIsAllowedToUseSystemAPI() const
 {
     if (IsSACall() || IsShellCall()) {
+        HILOG_DEBUG("Allow sa or shell to use system API");
         return true;
     }
     auto callerToken = IPCSkeleton::GetCallingFullTokenID();
@@ -384,9 +361,6 @@ bool PermissionVerification::IsSystemAppCall() const
 
 bool PermissionVerification::VerifyPrepareTerminatePermission() const
 {
-    if (IsSACall()) {
-        return true;
-    }
     if (VerifyCallingPermission(PermissionConstants::PERMISSION_PREPARE_TERMINATE)) {
         HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__);
         return true;
-- 
Gitee