1# HarmonyAppProvision Configuration File 2The **HarmonyAppProvision** configuration file (also called profile) is the file where you declare permission and signature information for your application. 3 4## Configuration File Internal Structure 5The **HarmonyAppProvision** file consists of several parts, which are described in the table below. 6 7| Name | Description | Data Type| Mandatory | Initial Value Allowed| 8| ----------- | ---------------------------------------------------------------------------------------- | -------- | -------- | -------- | 9| version-code | Version number of the **HarmonyAppProvision** file format. The value is a positive integer containing 32 or less digits.| Number | Yes | No | 10| version-name | Description of the version number. It is recommended that the value consist of three segments, for example, **A.B.C**. | String | Yes | No| 11| uuid | Unique ID of the **HarmonyAppProvision** file. | String | Yes | No| 12| type | Type of the **HarmonyAppProvision** file. The value can be **debug** (for application debugging) or **release** (for application release). The recommended value is **debug**.| String | Yes | No| 13| issuer | Issuer of the **HarmonyAppProvision** file. | String | Yes | No| 14| validity | Validity period of the **HarmonyAppProvision** file. For details, see [Internal Structure of the validity Object](#internal-structure-of-the-validity-object). | Object | Yes | No | 15| bundle-info | Information about the application bundle and developer. For details, see [Internal Structure of the bundle-info Object](#internal-structure-of-the-bundle-info-object). | Object | Yes | No | 16| acls | Information about the Access Control Lists (ACLs). For details, see [Internal Structure of the acls Object](#internal-structure-of-the-acls-object). | Object | No | Yes | 17| permissions | Permissions required for your application. For details, see [Internal Structure of the permissions Object](#internal-structure-of-the-permissions-object). | Object | No | Yes | 18| debug-info | Additional information for application debugging. For details, see [Internal Structure of the debug-info Object](#internal-structure-of-the-debug-info-object). | Object | No | Yes | 19| app-privilege-capabilities | Privilege information required by the application bundle. For details, see the [Application Privilege Configuration Guide](../../device-dev/subsystems/subsys-app-privilege-config-guide.md). | String array| No | Yes | 20 21An example of the **HarmonyAppProvision** file is as follows: 22```json 23{ 24 "version-code": 1, 25 "version-name": "1.0.0", 26 "uuid": "string", 27 "type": "debug", 28 "validity": { 29 "not-before": 1586422743, 30 "not-after": 1617958743 31 }, 32 "bundle-info" : { 33 "developer-id": "OpenHarmony", 34 "development-certificate": "Base64 string", 35 "distribution-certificate": "Base64 string", 36 "bundle-name": "com.OpenHarmony.app.test", 37 "apl": "normal", 38 "app-feature": "hos_normal_app" 39 }, 40 "acls": { 41 "allowed-acls": ["string"] 42 }, 43 "permissions": { 44 "restricted-permissions": ["string"] 45 }, 46 "debug-info" : { 47 "device-id-type": "udid", 48 "device-ids": ["string"] 49 }, 50 "app-privilege-capabilities":["AllowAppUsePrivilegeExtension"], 51 "issuer": "OpenHarmony" 52} 53 54``` 55 56 57### Internal Structure of the validity Object 58 59| Name | Description | Data Type| Mandatory | Initial Value Allowed| 60| ---------- | ------------------------------- | ------- | ------- | --------- | 61| not-before | Start time of the file validity period. The value is a Unix timestamp, which is a non-negative integer.| Number | Yes | No | 62| not-after | End time of the file validity period. The value is a Unix timestamp, which is a non-negative integer.| Number | Yes | No | 63 64### Internal Structure of the bundle-info Object 65 66| Name | Description | Data Type| Mandatory | Initial Value Allowed| 67| ------------------------ | ------------------------------- | ------- | -------- | --------- | 68| developer-id | Unique ID of the developer.| String | Yes | No | 69| development-certificate | Information about the [debug certificate](hapsigntool-guidelines.md).| Number | Yes if **type** is set to **debug** and no otherwise | No | 70| distribution-certificate | Information about the [release certificate](hapsigntool-guidelines.md).| Number | Yes if **type** is set to **release** and no otherwise| No | 71| bundle-name | Bundle name of the application.| String | Yes | No | 72| apl | [Ability privilege level (APL)](accesstoken-overview.md) of your application. The value can be **normal**, **system_basic**, or **system_core**.| String | Yes | No | 73| app-feature | Type of your application. The value can be **hos_system_app** (system application) or **hos_normal_app** (normal application). Only system applications are allowed to call system APIs. If a normal application calls a system API, the call cannot be successful or the application may run abnormally.| String | Yes | No | 74 75 76### Internal Structure of the acls Object 77The **acls** object contains the [ACL](accesstoken-overview.md) configured for your application. It should be noted that you still need to add the ACL information to the [**requestPermissions**](../quick-start/module-configuration-file.md#requestpermissions) attribute in the application configuration file. 78 79| Name | Description | Data Type| Mandatory | Initial Value Allowed| 80| ------------------------ | ------------------------------- | ------- | ------- | --------- | 81| allowed-acls | [ACLs](../security/accesstoken-overview.md) configured for your application.| String array | No | No | 82 83### Internal Structure of the permissions Object 84The **permissions** object contains restricted permissions required for your application. Different from the ACLs set in the **acls** object, these permissions need user authorization during the running of your application. It should be noted that you still need to add the ACL information to the [**requestPermissions**](../quick-start/module-configuration-file.md#requestpermissions) attribute in the application configuration file. 85 86| Name | Description | Data Type| Mandatory | Initial Value Allowed| 87| ------------------------ | ------------------------------- | ------- | ------- | --------- | 88| restricted-permissions | [Restricted permissions](accesstoken-overview.md) required for your application.| String array | No | No | 89 90### Internal Structure of the debug-info Object 91The **debug-info** object contains debugging information of your application, mainly device management and control information. 92 93| Name | Description | Data Type| Mandatory | Initial Value Allowed| 94| ------------------------ | ------------------------------- | ------- | ------- | --------- | 95| device-id-type | Type of the device ID. Currently, only the udid type is supported.| String | No | No | 96| device-ids | IDs of devices on which your application can be debugged.| String array | No | No | 97 98## Modifying the HarmonyAppProvision Configuration File 99 100When a development project is created, the default application type is **hos_normal_app** and the default APL level is **normal**. 101 102To enable the application to use system APIs, you need to change the **app-feature** field to **hos_system_app** (system application). To apply for high-level permissions, you need to modify fields such as **apl** and **acl**. For details, see [Access Control Overview](accesstoken-overview.md). 103 104 105To modify the HarmonyAppProvision configuration file, perform the following steps: 106 1071. Open the directory where the OpenHarmony SDK is located. (You can choose **File** > **Settings** > **OpenHarmony SDK** on the menu bar of DevEco Studio to query the directory.) 1082. In the SDK directory, go to the **Toolchains** > {Version} > **lib** directory and open the **UnsgnedReleasedProfileTemplate.json** file. 1093. Modify the related fields as required. 110 111After modifying the configuration file, [sign the application](hapsigntool-guidelines.md). 112