1# Security Component Overview 2 3<!--Kit: ArkUI--> 4<!--Subsystem: Security--> 5<!--Owner: @harylee--> 6<!--SE: @linshuqing; @hehehe-li--> 7<!--TSE: @leiyuqian--> 8 9Security components are a set of ArkUI basic components, including the **SaveButton** and **PasteButton** components. The security components can be used as special buttons that help implement authorization upon a user tap. 10 11Compared with dynamic permission requesting, security components allow scenario-based authorization and simplify development and user operations. The security components stand out with the following features: 12 131. Minimizes the authorization by allowing the user to control when to grant the permission. 14 152. Allows the authorization scenario to match the user's real intent. 16 173. Reduces pop-up windows. 18 19Security components collect only personal data necessary for implementing service functions and help develop transparent, optional, and controllable privacy compliance applications. 20 21## Security Components 22 23Currently, the following security components are available: 24 25- [PasteButton](pastebutton.md) 26 27 The **PasteButton** component comes with the pasteboard read privilege. After it is integrated into your application and is tapped, no authorization dialog box will be displayed when your application reads data from the pasteboard. The application permission is revoked 10 seconds after the application is switched to the background. 28 29 You can use this component for applications that need to read data from the pasteboard. 30 31- [SaveButton](savebutton.md) 32 33 The **SaveButton** component comes with the privilege for writing data to the media library. After it is integrated into your application and is used for the first time, a dialog box is displayed to ask for user authorization. If the user taps **Allow**, the application automatically obtains the permission to access the media library within one minute. No more dialog box is displayed for authorization. 34 35 You can use the **SaveButton** component when your application needs to save image or videos to the media library. This component allows for simpler operations than Pickers, which have to start a system application and have the user select a directory for saving the image or video. 36 37## Working Mechanism 38 39The security component solution consists of the following: 40 41- UI component: implements the style of fixed text and icons for users to identify and provides rich customization capabilities. 42 43- Component manager service: provides the component registration management capability, temporary authorization mechanism, and authorization validity period management to ensure that security components cannot be registered or used when the screen is locked or the application runs in the background. 44 45- Security hardening: provides <!--Del-->basic capabilities currently, and the system integrators need to implement <!--DelEnd-->security safeguarding capabilities, such as address randomization, challenge value check, callback UI framework component information review, caller address check, component anti-overwriting, and real click event verification, to prevent abuse of authorization mechanisms via obfuscation, hiding, tampering, and spoofing and protect user privacy. 46 47The following figure illustrates the working mechanism. 48 49 50 511. After a security component is declared in .ets files, the JS engine parses the .ets files and creates the security component in the ArkUI framework. 52 532. The security component registers with the security component manager service, which checks the validity of the component information. 54 553. When a user taps the security component, a click event is distributed to the security component. 56 574. The security component reports the click event to the security component manager service. 58 595. The security component manager service calls the permission manager service to perform temporary authorization based on the component type. 60 616. After the authorization is successful, the security component calls **OnClick()** to notify the application layer of the authorization success. 62 637. The application calls the corresponding privileged operation, for example, reading pasteboard information and creating a file in the media library. 64 The permission usage and authorization validity vary with the security component type. For details, see [Security Components](#security-components). 65 668. The corresponding service calls the permission manager service or security component manager service to obtain the authorization result and return the authentication result. 67 68## Constraints 69 70Due to the "authorization upon a user tap" feature, many restrictions are imposed on security components to prevent user privacy from being obtained by malicious applications. The security components must be clearly visible on the application UI and can be clearly identified by users to prevent authorization failures. 71 72If the authorization fails due to invalid component style, check the device logs with the keyword "SecurityComponentCheckFail". 73 74> **NOTE** 75> Logs containing the keyword can appear at any level. Avoid filtering them by level. 76 77Possible causes include but are not limited to the following: 78 79- The font or icon size is too small. 80 81- The overall size of the security component is too large. 82 83- The color transparency of the font, icon, and background buttons is too high. 84 85- The font or icon color is too close to the background button color. 86 87- The security component cannot be displayed completely in a screen or window. 88 89- The security component is blocked by another component or window. 90 91- The parent component of the security component has attributes that may cause improper display of the security component, such as deformation and blurring. 92
