CN113496039B - Authority management method and terminal - Google Patents

Authority management method and terminal Download PDF

Info

Publication number
CN113496039B
CN113496039B CN202010269503.4A CN202010269503A CN113496039B CN 113496039 B CN113496039 B CN 113496039B CN 202010269503 A CN202010269503 A CN 202010269503A CN 113496039 B CN113496039 B CN 113496039B
Authority
CN
China
Prior art keywords
party application
authority
permission
application
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010269503.4A
Other languages
Chinese (zh)
Other versions
CN113496039A (en
Inventor
王旭光
黄虎
王晓林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Mobile Communications Technology Co Ltd
Original Assignee
Hisense Mobile Communications Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Mobile Communications Technology Co Ltd filed Critical Hisense Mobile Communications Technology Co Ltd
Priority to CN202010269503.4A priority Critical patent/CN113496039B/en
Publication of CN113496039A publication Critical patent/CN113496039A/en
Application granted granted Critical
Publication of CN113496039B publication Critical patent/CN113496039B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Telephone Function (AREA)

Abstract

The invention discloses a permission management method and a terminal, wherein in a permission request page for requesting operation permission, a user can trigger an operation for refusing to grant the operation permission and continuously installing a third party application, the third party application is continuously installed in a display interface in response to the operation of the user, and the operation corresponding to the operation permission is limited to be executed by the third party application in the operation process of the third party application, so that the problem that the installation of the third party application is automatically stopped after the user does not grant the operation permission is avoided, the operation corresponding to the operation permission is limited to be executed in the operation process of the third party application, the safety of privacy data and system data of the user is protected, the safety of the terminal is improved, and the use experience of the user is improved.

Description

Authority management method and terminal
Technical Field
The present invention relates to the field of terminal technologies, and in particular, to a rights management method and a terminal.
Background
In order to protect the security of the private data of the user when the terminal is used, when the application program accesses the protected private data in the running process, the user is requested to grant the authority of accessing the private data, and the application program can access the protected private data after the user is authorized, so that the security of the data is improved.
However, when many application programs are installed, when the user requests to grant access rights, if the user is determined not to grant the access rights, the installation is automatically stopped, and the user cannot use the application programs; only after the user grants all access rights, the application program can be continuously installed, so that the risk of revealing private data of the user is increased, and the security of the terminal is lower.
Disclosure of Invention
The invention provides a method and a terminal for managing rights, which are used for solving the problem that the security of the terminal is lower due to the current rights management scheme.
According to a first aspect in an exemplary embodiment, a terminal is provided, including a display screen and a processor;
The processor is used for displaying an authority request page of the third party application requesting the operation authority in a display interface if the third party application requests to acquire the operation authority in the process of installing the third party application;
Responding to the operation triggered by the user in the permission request page, which indicates that the permission of the operation is refused to be granted and the third-party application is continuously installed, continuously installing the third-party application and limiting the third-party application to execute the operation corresponding to the permission of the operation;
the display screen is used for displaying the permission request page.
In the embodiment of the invention, in the permission request page for requesting the operation permission, the user can trigger the operation of refusing to grant the operation permission and continuously installing the third party application, respond to the operation of the user and continuously install the third party application in the display interface, and limit the third party application to execute the operation corresponding to the operation permission in the operation process of the third party application, thereby avoiding the problem that the third party application can automatically stop installation after the user does not grant the operation permission, and limit the operation corresponding to the operation permission in the operation process of the third party application, protecting the safety of privacy data and system data of the user, improving the safety of the terminal and improving the use experience of the user.
In one possible implementation, before continuing to install the third party application and restricting the third party application from performing the operation corresponding to the operation authority, the processor is further configured to:
Setting a first authority configuration parameter corresponding to the operation authority to be a parameter representing permission of installation through an installation management service; and
And setting a second authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
In the embodiment of the invention, the operation authority of the third party application is managed through the installation management service and the authority management service, so that the third party application is restricted to execute the operation corresponding to the operation authority while the third party application is continuously installed, and the use experience of a user is improved.
In one possible implementation, the processor is specifically configured to, in the continuing installation of the third party application:
If the first permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to install, continuing to install the third party application;
when the third party application is restricted to execute the operation corresponding to the operation authority, the processor is specifically configured to:
And if the second permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
In the embodiment of the invention, after responding to the operation triggered by the user and indicating that the operation permission is refused to be granted and the third-party application is continuously installed, the second permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating that the installation is allowed, so that the third-party application can be continuously installed after the installation is confirmed, and the requirement of the user is met.
If the operation corresponding to the operation authority is executed in the running process of the third party application, after the second authority configuration parameter corresponding to the operation authority is determined to be the parameter indicating refusal of authorization, the third party application is limited to execute the operation corresponding to the operation authority, so that the security of the privacy data of the user is protected.
In one possible implementation manner, when the third party application is restricted from executing the operation corresponding to the operation authority, the processor is specifically configured to:
and when the third party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or null values to the third party application through a system interface.
In the embodiment of the invention, when the second configuration parameter corresponding to the operation authority is determined to be the parameter indicating refusal of the authorization, the preset false operation data or null value is returned to the third party application through the system interface, so that the purpose of limiting the third party application to execute the operation corresponding to the operation authority is achieved.
According to a second aspect in an exemplary embodiment, there is provided a terminal for rights management, the terminal comprising:
comprises a display screen and a processor;
The processor is used for displaying an authority request page of the third party application requesting the operation authority in a display interface if the third party application requests to acquire the operation authority when the third party application starts to run;
Responding to the operation triggered by the user in the permission request page, which indicates that the permission of the operation is refused to be granted and the operation of the third party application is continued to be operated, and continuing to operate the third party application and limiting the third party application to execute the operation corresponding to the permission of the operation;
the display screen is used for displaying the permission request page.
In the embodiment of the invention, in the permission request page for requesting the operation permission, the user can trigger the operation for refusing to grant the operation permission and continuing to run the third party application, and responding to the operation of the user to continue to run the third party application in the display interface, and the operation corresponding to the operation permission is limited to be executed by the third party application in the running process of the third party application, so that the problem that the third party application can automatically stop running after the user does not grant the operation permission is avoided, and the operation corresponding to the operation permission is limited to be executed in the running process of the third party application, the safety of privacy data and system data of the user is protected, the safety of the terminal is improved, and the use experience of the user is improved.
In one possible implementation, before continuing to run the third party application and restricting the third party application from performing the operation corresponding to the operation authority, the processor is further configured to:
Setting a third authority configuration parameter corresponding to the operation authority as a parameter for representing permission of operation through operation management service; and
And setting a fourth authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
In the embodiment of the invention, the operation authority of the third party application is managed by running the management service and the authority management service, so that the third party application is restricted to execute the operation corresponding to the operation authority while the third party application continues to run, and the use experience of a user is improved.
In one possible implementation, the processor is specifically configured to, when the third party application continues to run:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third party application;
when the third party application is restricted to execute the operation corresponding to the operation authority, the processor is specifically configured to:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
In the embodiment of the invention, after responding to the operation triggered by the user and indicating that the operation permission is refused to be granted and the operation of the third-party application is continued, the third-party application can continue to operate after confirming that the operation is allowed, and the requirement of the user is met.
If the operation corresponding to the operation authority is executed in the running process of the third party application, after the fourth authority configuration parameter corresponding to the operation authority is determined to be the parameter indicating refusal of authorization, the third party application is limited to execute the operation corresponding to the operation authority, so that the security of the privacy data of the user is protected.
In one possible implementation manner, when the third party application is restricted from executing the operation corresponding to the operation authority, the processor is specifically configured to:
and when the third party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or null values to the third party application through a system interface.
In the embodiment of the invention, when the fourth configuration parameter corresponding to the operation authority is determined to be the parameter indicating refusal of the authorization, the preset false operation data or null value is returned to the third party application through the system interface, so that the purpose of limiting the third party application to execute the operation corresponding to the operation authority is achieved.
According to a third aspect in an exemplary embodiment, there is provided a method of rights management, the method comprising:
In the process of installing a third party application, if the third party application requests to acquire operation rights, the terminal displays a rights request page of the third party application requesting the operation rights in a display interface;
And the terminal responds to the operation of refusing to grant the operation authority and continuing to install the third party application, which is triggered by the user in the authority request page, and continues to install the third party application and limits the third party application to execute the operation corresponding to the operation authority.
In one possible implementation manner, before continuing to install the third party application and limiting the third party application to execute the operation corresponding to the operation authority, the method further includes:
The terminal sets a first authority configuration parameter corresponding to the operation authority to be a parameter which indicates that installation is allowed through an installation management service; and
And the terminal sets a second authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
In one possible implementation manner, when the third party application is continuously installed, the method includes:
if the terminal determines that the first permission configuration parameter corresponding to the operation permission is a parameter indicating permission to install, continuing to install the third party application;
And when the operation corresponding to the operation authority is limited to be executed by the third party application, the method comprises the following steps:
And if the terminal determines that the second permission configuration parameter corresponding to the operation permission is the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
In one possible implementation manner, when the third party application is limited to execute the operation corresponding to the operation authority, the method includes:
and when the third party application requests to execute the operation corresponding to the operation authority, the terminal returns preset false operation data or null values to the third party application through a system interface.
According to a fourth aspect in an exemplary embodiment, there is provided a method of rights management, the method comprising:
when a terminal starts running of a third party application, if the third party application requests to acquire operation rights, a rights request page of the third party application requesting the operation rights is displayed in a display interface;
The terminal responds to the operation triggered by the user in the permission request page, which indicates that the permission is refused to be granted to the operation and continues to run the third party application, continues to run the third party application and limits the third party application to execute the operation corresponding to the operation permission;
in one possible implementation manner, before continuing to run the third party application and limiting the third party application to execute the operation corresponding to the operation authority, the method further includes:
The terminal sets a third authority configuration parameter corresponding to the operation authority as a parameter for representing permission of operation through operation management service; and
And the terminal sets a fourth authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
In one possible implementation manner, when the third party application continues to run, the method includes:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third party application;
And when the operation corresponding to the operation authority is limited to be executed by the third party application, the method comprises the following steps:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
In one possible implementation manner, when the third party application is limited to execute the operation corresponding to the operation authority, the method includes:
and when the third party application requests to execute the operation corresponding to the operation authority, the terminal returns preset false operation data or null values to the third party application through a system interface.
On the basis of conforming to the common knowledge in the field, the above preferred conditions can be arbitrarily combined to obtain the preferred embodiments of the present invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it will be apparent that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
Fig. 2 is a schematic diagram schematically illustrating a software architecture of a terminal according to an embodiment of the present invention;
FIG. 3 schematically illustrates a user interface of a terminal according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a first rights management method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a first permission request page according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a second permission request page according to an embodiment of the present invention;
FIG. 7 is a schematic diagram illustrating an application set of a first user-provided unsafe application provided by an embodiment of the present invention;
FIG. 8 is a schematic diagram illustrating an application set of a second user-set unsafe application provided by an embodiment of the present invention;
FIG. 9 is a schematic diagram illustrating an application set of a third user-set unsafe application provided by an embodiment of the present invention;
FIG. 10 illustrates a schematic diagram of an embodiment of the present invention for deleting an unsafe application from a collection of applications;
FIG. 11 is a flowchart illustrating a first method for rights management according to an embodiment of the present invention;
FIG. 12 is a flowchart illustrating a second rights management method according to an embodiment of the present invention;
FIG. 13 is a schematic diagram of a third permission request page according to an embodiment of the present invention;
FIG. 14 is a schematic diagram of a fourth permission request page according to an embodiment of the present invention;
FIG. 15 is a flowchart illustrating a second method for rights management according to an embodiment of the present invention;
Fig. 16 is a block diagram schematically illustrating a first terminal according to an embodiment of the present invention;
Fig. 17 is a block diagram schematically illustrating a first rights management unit according to an embodiment of the present invention;
fig. 18 is a block diagram schematically illustrating a second terminal according to an embodiment of the present invention;
fig. 19 is a block diagram schematically illustrating a second rights management unit according to an embodiment of the present invention.
Detailed Description
The following description will be given in detail of the technical solutions in the embodiments of the present invention with reference to the accompanying drawings. Wherein, in the description of the embodiments of the present invention, unless otherwise indicated, "/" means or, for example, a/B may represent a or B; the text "and/or" is merely an association relation describing the associated object, and indicates that three relations may exist, for example, a and/or B may indicate: the three cases where a exists alone, a and B exist together, and B exists alone, and furthermore, in the description of the embodiments of the present invention, "plural" means two or more than two.
The terms "first," "second," and the like, are used below for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature, and in the description of embodiments of the invention, unless otherwise indicated, the meaning of "a plurality" is two or more.
Some terms appearing hereinafter are explained:
1. In the embodiment of the invention, the term "and/or" describes the association relation of the association objects, which means that three relations can exist, for example, a and/or B can be expressed as follows: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
2. In the embodiment of the invention, the PMS service is one of core services in the Android system, manages all the work related to the package, and commonly installs and uninstalls applications.
Fig. 1 shows a schematic structure of a terminal 100.
The embodiment will be specifically described below with reference to the terminal 100 as an example. It should be understood that the terminal 100 shown in fig. 1 is only one example, and that the terminal 100 may have more or fewer components than shown in fig. 1, may combine two or more components, or may have a different configuration of components. The various components shown in the figures may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
A hardware configuration block diagram of the terminal 100 according to an exemplary embodiment is exemplarily shown in fig. 1. As shown in fig. 1, the terminal 100 includes: radio Frequency (RF) circuitry 110, memory 120, display unit 130, camera 140, sensor 150, audio circuitry 160, wireless fidelity (WIRELESS FIDELITY, wi-Fi) module 170, processor 180, bluetooth module 181, and power supply 190.
The RF circuit 110 may be used for receiving and transmitting signals during the process of receiving and transmitting information or communication, and may receive downlink data of the base station and then transmit the downlink data to the processor 180 for processing; uplink data may be sent to the base station. Typically, RF circuitry includes, but is not limited to, antennas, at least one amplifier, transceivers, couplers, low noise amplifiers, diplexers, and the like.
Memory 120 may be used to store software programs and data. The processor 180 performs various functions of the terminal 100 and data processing by running software programs or data stored in the memory 120. Memory 120 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. The memory 120 stores an operating system that enables the terminal 100 to operate. The memory 120 of the present invention may store an operating system and various application programs, and may also store code for performing the methods of the embodiments of the present invention.
The display unit 130 may be used to receive input digital or character information, generate signal inputs related to user settings and function control of the terminal 100, and in particular, the display unit 130 may include a touch screen 131 provided at the front of the terminal 100, and may collect touch operations on or near the user, such as clicking buttons, dragging scroll boxes, and the like.
The display unit 130 may also be used to display information input by a user or information provided to the user and a graphical user interface (GRAPHICAL USER INTERFACE, GUI) of various menus of the terminal 100. In particular, the display unit 130 may include a display 132 disposed on the front of the terminal 100. The display 132 may be configured in the form of a liquid crystal display, light emitting diodes, or the like. The display unit 130 may be used to display various graphical user interfaces described in the present invention.
The touch screen 131 may cover the display screen 132, or the touch screen 131 and the display screen 132 may be integrated to implement input and output functions of the terminal 100, and after integration, the touch screen may be simply referred to as a touch display screen. The display unit 130 may display the application program and the corresponding operation steps in the present invention.
The camera 140 may be used to capture still images or video. The object generates an optical image through the lens and projects the optical image onto the photosensitive element. The photosensitive element may be a charge coupled device (charge coupled device, CCD) or a Complementary Metal Oxide Semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, which is then transferred to the processor 180 for conversion into a digital image signal.
The terminal 100 may further include at least one sensor 150, such as an acceleration sensor 151, a distance sensor 152, a fingerprint sensor 153, a temperature sensor 154. The terminal 100 may also be configured with other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, light sensors, motion sensors, and the like.
Audio circuitry 160, speaker 161, microphone 162 can provide an audio interface between the user and terminal 100. The audio circuit 160 may transmit the received electrical signal converted from audio data to the speaker 161, and the speaker 161 converts the electrical signal into a sound signal and outputs the sound signal. The terminal 100 may also be configured with a volume button for adjusting the volume of the sound signal. On the other hand, the microphone 162 converts the collected sound signal into an electrical signal, which is received by the audio circuit 160 and converted into audio data, which is output to the RF circuit 110 for transmission to, for example, another terminal, or to the memory 120 for further processing. The microphone 162 of the present invention may acquire the voice of the user.
Wi-Fi belongs to a short-range wireless transmission technology, and the terminal 100 can help a user to send and receive e-mail, browse web pages, access streaming media and the like through the Wi-Fi module 170, so that wireless broadband internet access is provided for the user.
The processor 180 is a control center of the terminal 100, connects various parts of the entire terminal using various interfaces and lines, and performs various functions of the terminal 100 and processes data by running or executing software programs stored in the memory 120 and calling data stored in the memory 120. In some embodiments, the processor 180 may include one or more processing units; the processor 180 may also integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., and a baseband processor that primarily handles wireless communications. It will be appreciated that the baseband processor described above may not be integrated into the processor 180. The processor 180 of the present invention may run an operating system, an application program, a user interface display and a touch response, and a processing method according to the embodiments of the present invention. In addition, the processor 180 is coupled with the display unit 130.
The bluetooth module 181 is configured to perform information interaction with other bluetooth devices having a bluetooth module through a bluetooth protocol. For example, the terminal 100 may establish a bluetooth connection with a wearable electronic device (e.g., a smart watch) also provided with a bluetooth module through the bluetooth module 181, thereby performing data interaction.
The terminal 100 also includes a power supply 190 (e.g., a battery) that provides power to the various components. The power supply may be logically connected to the processor 180 through a power management system, so that functions of managing charge, discharge, power consumption, etc. are implemented through the power management system. The terminal 100 may also be configured with power buttons for powering on and off the terminal, and for locking the screen, etc.
Fig. 2 is a software configuration block diagram of the terminal 100 according to the embodiment of the present invention.
The layered architecture divides the software into several layers, each with distinct roles and branches. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, from top to bottom, an application layer, an application framework layer, an Zhuoyun rows (Android runtime) and system libraries, and a kernel layer, respectively.
The application layer may include a series of application packages.
As shown in fig. 2, the application package may include applications for cameras, gallery, calendar, phone calls, maps, navigation, WLAN, bluetooth, music, video, short messages, etc.
The application framework layer provides an application programming interface (application programming interface, API) and programming framework for the application of the application layer. The application framework layer includes a number of predefined functions.
As shown in FIG. 2, the application framework layer may include a window manager, a content provider, a view system, a telephony manager, a resource manager, a notification manager, and the like.
The window manager is used for managing window programs. The window manager can acquire the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.
The content provider is used to store and retrieve data and make such data accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phonebooks, etc.
The view system includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including a text message notification icon may include a view displaying text and a view displaying a picture.
The telephony manager is used to provide the communication functions of the terminal 100. Such as the management of call status (including on, hung-up, etc.).
The resource manager provides various resources for the application program, such as localization strings, icons, pictures, layout files, video files, and the like.
The notification manager allows the application to display notification information in a status bar, can be used to communicate notification type messages, can automatically disappear after a short dwell, and does not require user interaction. Such as notification manager is used to inform that the download is complete, message alerts, etc. The notification manager may also be a notification in the form of a chart or scroll bar text that appears on the system top status bar, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, a text message is prompted in a status bar, a prompt tone is emitted, the terminal vibrates, and an indicator light blinks.
Android run time includes a core library and virtual machines. Android runtime is responsible for scheduling and management of the android system.
The core library consists of two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.
The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application program layer and the application program framework layer as binary files. The virtual machine is used for executing the functions of object life cycle management, stack management, thread management, security and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: surface manager (surface manager), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), etc.
The surface manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.
Media libraries support a variety of commonly used audio, video format playback and recording, still image files, and the like. The media library may support a variety of audio video encoding formats, such as: MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, etc.
The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.
The 2D graphics engine is a drawing engine for 2D drawing.
The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.
The workflow of the terminal 100 software and hardware is illustrated below in connection with capturing a photo scene.
When the touch screen 131 receives a touch operation, a corresponding hardware interrupt is issued to the kernel layer. The kernel layer processes the touch operation into the original input event (including information such as touch coordinates, time stamp of touch operation, etc.). The original input event is stored at the kernel layer. The application framework layer acquires an original input event from the kernel layer, and identifies a control corresponding to the input event. Taking the touch operation as a touch click operation, taking a control corresponding to the click operation as an example of a control of a camera application icon, the camera application calls an interface of an application framework layer, starts the camera application, further starts a camera driver by calling a kernel layer, and captures a still image or video through the camera 140.
The terminal 100 in the embodiment of the invention can be a mobile phone, a tablet computer, a wearable device, a notebook computer, a television and the like.
Fig. 3 is a schematic diagram for illustrating a user interface on a terminal (e.g., terminal 100 of fig. 1). In some implementations, a user may open a corresponding application by touching an application icon on the user interface, or may open a corresponding folder by touching a folder icon on the user interface.
In the terminal of the embodiment of the invention, the operation authority is granted to the user request in the process of installing the third party application or before accessing the system interface or the user data protected by the authority, and the user can continue to install or access the system interface or the user data protected by the authority in the process of operating after the active authority, so that the safety of the user data and the system is improved.
The rights management method for the third party application in the installation process or the operation process, respectively, is described below.
1. A rights management method in a third party application installation process.
When some third party applications request to grant a plurality of operation rights to a user in the installation process, if it is determined that the user does not grant all the operation rights, the installation is automatically stopped, so that the user cannot normally install and use the application program.
In view of the above problems, an embodiment of the present invention provides a method for rights management, as shown in fig. 4, which is a flowchart of a method for rights management according to an embodiment of the present invention, where the flowchart includes the following steps:
step S401, if the third party application requests to acquire the operation authority in the process of installing the third party application, displaying an authority request page of the third party application requesting the operation authority in a display interface;
And step S402, responding to the operation of refusing to grant the operation authority and continuing to install the third party application, which is triggered by the user in the authority request page, continuing to install the third party application and limiting the third party application to execute the operation corresponding to the operation authority.
In the terminal of the embodiment of the invention, in the process of installing the third party application, if the third party application requests to acquire the operation authority. Displaying an authority request page of the third party application request operation authority in a display interface;
Wherein, the operation authority includes: accessing user contact data rights, accessing short message information data rights, accessing positioning data rights, accessing camera data rights, accessing recording data rights, and the like.
The permission request page of the embodiment of the invention comprises an icon for triggering the permission of the third party application by a user, an icon for triggering the permission of the third party application by the user, and an icon for continuing to install the third party application by the user.
For example, suppose that during installation, the third party application requests access to the user contact data, a permission request page for requesting access to the user contact data is displayed in the display interface as shown in fig. 5, and an "allow" icon, a "reject" icon, and an "unauthorized and continued" icon are included in the request interface.
In an alternative implementation manner, the permission request page of the embodiment of the present invention may further include an icon for triggering the permission grant by the user and not displaying the permission request page.
For example, assuming that the third party application needs to acquire rights to access camera data during installation, a rights request page for requesting rights to access camera data is displayed in a display page as shown in fig. 6, and an "allow" icon, a "reject" icon, an "unauthorized and continued" icon, and an "reject no-more-query" icon are included in the request page.
In an optional implementation manner, the third party application of the embodiment of the present invention may be an application in a preset application set; wherein, the application set contains applications which are not confirmed to be safe.
In implementation, when the third party application requests to acquire the operation right in the installation process, the terminal determines that the package name and the signature of the third party application are included in the preset application set according to the package name (packagename) and the signature of the third party application, and then the terminal determines that the third party application is in the preset application set.
It should be noted that, the preset application set may be stored in the terminal in a form of a blacklist, where the blacklist includes applications for confirming unsafe.
In the embodiment of the invention, the preset application set can be obtained from the server by the terminal, and can be preset by the user according to the actual requirement of the user.
In practice, a user may set an application set that includes unsecure applications according to the following:
In the mode 1, the terminal responds to the operation triggered by the user and used for indicating that the third party application is an unsafe application, and the third party application selected by the user is added into the unsafe application set.
For example, as shown in fig. 7, the user may pop up an icon corresponding to the third party application in the display interface of the terminal to add the third party application to the application set for confirming unsafe by long pressing, and add the third party application selected by the user to the application set for confirming unsafe after the user clicks the add option.
And 2, the terminal responds to the operation triggered by the user in the setting page of the third-party application and used for adding the third-party application into the application set with unsafe confirmation, and adds the third-party application selected by the user into the application set with unsafe confirmation.
For example, as shown in fig. 8, an option of adding an application to the application set for confirming unsafe is set in a setting page of each third party application of the terminal, and after the user clicks the addition option, the third party application selected by the user is added to the application set for confirming unsafe.
And 3, the terminal responds to an option which is triggered by the user in the secure third-party application list and is used for adding the third-party application into the unsecure-confirmed application set, and adds the third-party application selected by the user into the unsecure-confirmed application set.
For example, as shown in fig. 9, in the secure third party application list, in response to a user-triggered instruction to add an application in the secure third party application list to the blacklist, the terminal adds the third party application selected by the user to the secure third party application set.
In addition, the user can delete the application from the third party application set which is confirmed to be unsafe in the embodiment of the invention.
In an alternative embodiment, the terminal deletes the third party application selected by the user from the application set in response to a user-triggered instruction to delete the application in the third party application set that is confirmed to be unsafe.
For example, as shown in FIG. 10, the user may select to delete an "XX poetry set" application in the application set.
After the permission request page requesting the operation permission is displayed in the display interface, the user may trigger an operation of refusing to grant the operation permission and continuing to install the third party application in the permission request page, the terminal responds to the operation of the user, the installation management service sets a first permission configuration parameter corresponding to the operation permission requested to be acquired by the third party application as a parameter indicating permission to install, and the permission management service sets a second permission configuration parameter corresponding to the operation permission requested to be acquired by the third party application as a parameter indicating refusal of authorization.
Wherein, the installation management service is PMS service, and the authority management service is mobile_safe service.
In implementation, the terminal responds to the user trigger to indicate that the operation permission is refused to be granted and the operation permission of the third party application is installed, the PMS service sets a first permission configuration parameter corresponding to the operation permission requested to be acquired by the third party application as a parameter indicating that the installation is allowed, and the mobile_safe service calls setPermission interface to set a second permission configuration parameter corresponding to the operation permission requested to be acquired by the third party application as a parameter indicating that the authorization is refused.
After responding to the operation triggered by the user in the permission request page and showing that the permission to grant the operation permission is refused and continuing to install the third-party application, the third-party application calls CHECK SELF permission interface to confirm that the first permission configuration parameter corresponding to the operation permission is the parameter showing that the installation is allowed, and then the third-party application is continuously installed in the display interface.
When the third party application needs to execute the operation corresponding to the operation authority in the operation process, determining that the second authority configuration parameter corresponding to the operation authority is the parameter indicating refusal of authorization, and limiting the third party application to execute the operation corresponding to the operation authority in the operation process of the third party application.
Specifically, when the third party application requests to execute the operation corresponding to the operation authority, preset false operation data or null values are returned to the third party application through the system interface.
In implementation, when an operation corresponding to the operation authority needs to be executed in the running process of the third party application, the mobile_safe service call CheckPermissionEX interface determines that a second authority configuration parameter corresponding to the operation authority of the third party application is a parameter indicating refusal of authorization, and then preset false operation data or null value is returned to the third party application so as to limit the third party application to execute the operation corresponding to the operation authority.
According to the method for managing the authority, after the terminal responds to the operation of refusing to grant the operation authority and continuing to install the third party application, the installation management service sets the first authority configuration parameter corresponding to the operation authority of the user-triggered operation as the parameter for allowing installation, after the third party application determines that the first authority is configured as the parameter for allowing installation, the installation can be continued, and before the third party application executes the operation corresponding to the operation authority, the second authority configuration parameter corresponding to the operation authority in the authority management service is determined as the parameter for refusing the authority, the operation corresponding to the operation authority of the third party application can be limited, so that the third party application can continue to be installed and normally run, and the security of user privacy data and system data is protected.
Fig. 11 is a complete flowchart of a rights management method in a third party application installation process according to an embodiment of the present invention, which specifically includes the following steps:
Step 1101, if the third party application requests to acquire the operation authority in the process of installing the third party application, displaying an authority request page of the third party application requesting the operation authority in a display interface;
Step 1102, responding to the operation triggered by the user in the authority request page and indicating that the operation authority is refused to be granted and continuing to install the third-party application, setting a first authority configuration parameter corresponding to the operation authority as a parameter indicating that the installation is allowed through the installation management service, and setting a second authority configuration parameter corresponding to the operation authority as a parameter indicating that the authorization is refused through the authority management service;
Step S1103, if it is determined that the first permission configuration parameter corresponding to the operation permission is a parameter indicating that installation is allowed, continuing to install the third party application;
Step S1104, if it is determined that the second permission configuration parameter corresponding to the operation permission is a parameter indicating refusal of authorization, when the operation corresponding to the operation permission is requested to be executed in the running process of the third party application, the preset false operation data or null value is returned to the third party application through the system interface.
2. A right management method in the running process of a third party application.
When some third party applications request to grant a plurality of operation rights to the user in the running process, if it is determined that the user does not grant all the operation rights, the running is automatically stopped, so that the user cannot use the application program.
In view of the above problems, an embodiment of the present invention provides a method for rights management in a third party application running process, as shown in fig. 12, which is a flowchart of a method for rights management in a third party application running process, where the flowchart includes the following steps:
Step S1201, if the third party application requests to acquire the operation authority, displaying an authority request page of the third party application requesting the operation authority in a display interface;
Step 1202, responding to the operation triggered by the user in the permission request page, which indicates that the permission is refused to be granted and the operation of the third party application is continued to be operated, and continuing to operate the third party application and limiting the third party application to execute the operation corresponding to the permission.
In the terminal of the embodiment of the invention, if the third party application requests to acquire the operation authority in the running process of the third party application. Displaying an authority request page of the third party application request operation authority in a display interface;
The permission request page of the embodiment of the invention comprises an icon for triggering the permission of the third party application by a user, an icon for triggering the permission of the third party application by the user, and an icon for continuing to run the third party application.
For example, assume that the third party application requests to acquire the right to access the sms data in the running process, and a right request page for requesting the right to access the sms data is displayed in the display interface, as shown in fig. 13, and an "allow" icon, a "reject" icon, and an "unauthorized and continued" icon are included in the request interface.
In an alternative implementation manner, the permission request page of the embodiment of the present invention may further include an icon for triggering the permission grant by the user and not displaying the permission request page.
For example, assuming that the third party application needs to acquire rights to access the positioning data during running, a rights request page for requesting rights to access the positioning data is displayed in the display page as shown in fig. 14, and an "allow" icon, a "reject" icon, an "unauthorized and continued" icon, and a "reject no-more-query" icon are included in the request page.
In an alternative embodiment, the third party application is an application in a preset application set;
wherein, the application set contains applications which are not confirmed to be safe.
In implementation, when the third party application requests to acquire the operation right in the running process, the terminal determines that the package name and the signature of the third party application are included in the preset application set according to the package name (packagename) and the signature of the third party application, and then the terminal determines that the third party application is in the preset application set.
It should be noted that, the preset application set may be stored in the terminal in a form of a blacklist, where the blacklist includes applications for confirming unsafe.
In the embodiment of the invention, the preset application set can be obtained from the server by the terminal, and can be preset by the user according to the actual requirement of the user.
In implementation, the method for setting an application set including unsafe applications by the user is the same as the method described in the authority management method of the third party application installation process, and will not be described in detail herein.
In another alternative embodiment, the third party application is an application that the user refuses to grant the operating rights and exits from operation during the last operation.
In the implementation, when the third party application requests to acquire the operation right in the running process, the application package management service (PACKAGE MANAGER SERVICE, PMS) service calls the system interface to determine that the user refuses to grant the operation right in the last running process of the third party application and exits from running.
After the permission request page requesting the operation permission is displayed in the display interface, the user may trigger an operation of refusing to grant the operation permission and continuing to run the third party application in the permission request page, the operation management service sets a third permission configuration parameter corresponding to the operation permission requested by the third party application as a parameter indicating permission to run in response to the operation of the user, and the permission management service sets a fourth permission configuration parameter corresponding to the operation permission requested by the third party application as a parameter indicating refusing to authorize.
The operation management service is PMS service, and the authority management service is mobile_safe service.
In implementation, the terminal responds to the user trigger to indicate that the operation permission is refused to be granted and the operation of the third party application is continued, the PMS service sets the third permission configuration parameter corresponding to the operation permission requested to be acquired by the third party application as a parameter indicating that the operation is allowed, and the mobile_safe service calls setPermission interface to set the fourth permission configuration parameter corresponding to the operation permission requested to be acquired by the third party application as a parameter indicating that the authorization is refused.
After responding to the operation triggered by the user in the permission request page and showing that the permission to grant the operation permission is refused and continuing to run the third-party application, the third-party application calls CHECK SELF permission interface to confirm that the third permission configuration parameter corresponding to the operation permission is the parameter showing that the operation is allowed, and then the third-party application continues to run in the display interface.
When the third party application needs to execute the operation corresponding to the operation authority in the operation process, determining that the fourth authority configuration parameter corresponding to the operation authority is the parameter indicating refusal of authorization, and limiting the third party application to execute the operation corresponding to the operation authority in the operation process of the third party application.
Specifically, when the third party application requests to execute the operation corresponding to the operation authority, preset false operation data or null values are returned to the third party application through the system interface.
In implementation, when an operation corresponding to the operation authority needs to be executed in the running process of the third party application, the mobile_safe service call CheckPermissionEX interface determines that a fourth authority configuration parameter corresponding to the operation authority of the third party application is a parameter indicating refusal of authorization, and then preset false operation data or null value is returned to the third party application so as to limit the third party application to execute the operation corresponding to the operation authority.
According to the method for managing the authority in the operation of the third party application program, after the terminal responds to the operation that the user refuses to grant the operation authority and continues to operate the third party application, the operation management service sets the third authority configuration parameter corresponding to the operation authority of the user for triggering the operation as the parameter for allowing the operation, after the third authority configuration parameter for allowing the operation is determined, the third party application can continue to operate, and before the third party application executes the operation corresponding to the operation authority, the fourth authority configuration parameter corresponding to the operation authority in the authority management service is determined to be the parameter for refusing the authorization, the operation corresponding to the operation authority of the third party application can be limited, and therefore the security of user privacy data and system data can be protected while the third party application continues to operate.
Fig. 15 is a complete flowchart of a rights management method in a third party application running process according to an embodiment of the present invention, which specifically includes the following steps:
step S1501, when a terminal starts up and runs a third party application, if the third party application requests to acquire operation rights, a rights request page of the third party application requesting the operation rights is displayed in a display interface;
step S1502, responding to the operation triggered by the user in the permission request page to indicate that the permission to the operation is refused and to continue to run the third party application, and setting the third permission configuration parameter corresponding to the operation permission to the parameter indicating that the operation is allowed by the operation management service; and
Setting a fourth authority configuration parameter corresponding to the operation authority as a parameter representing refusal of authorization through the authority management service;
step S1503, if the third authority configuration parameter corresponding to the operation authority is determined to be the parameter indicating the permission of operation, continuing to operate the third party application;
Step S1504, if it is determined that the fourth permission configuration parameter corresponding to the operation permission is a parameter indicating that authorization is refused, the preset false operation data or null value is returned to the third party application through the system interface.
As shown in fig. 16, an embodiment of the present invention provides a first terminal, including a processor 1601 and a display 1602;
the processor 1601 is configured to display, in a display interface, a permission request page of the third party application requesting the operation permission if the third party application requests to obtain the operation permission in a third party application installation process;
Responding to the operation triggered by the user in the permission request page, which indicates that the permission of the operation is refused to be granted and the third-party application is continuously installed, continuously installing the third-party application and limiting the third-party application to execute the operation corresponding to the permission of the operation;
the display 1602 is configured to display the permission request page.
In one possible implementation, before continuing to install the third party application and restricting the third party application from performing the operation corresponding to the operation authority, the processor 1601 is further configured to:
Setting a first authority configuration parameter corresponding to the operation authority to be a parameter representing permission of installation through an installation management service; and
And setting a second authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
In one possible implementation, the processor 1601 is specifically configured to, in the continuing installation of the third party application:
If the first permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to install, continuing to install the third party application;
When the third party application is restricted from executing the operation corresponding to the operation authority, the processor 1601 is specifically configured to:
And if the second permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
In one possible implementation manner, when restricting the third party application from executing the operation corresponding to the operation authority, the processor 1601 is specifically configured to:
and when the third party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or null values to the third party application through a system interface.
As shown in fig. 17, an embodiment of the present invention provides a first apparatus for rights management, including:
the first display module 1701 is configured to display, in a display interface, a permission request page of the third party application requesting the operation permission if the third party application requests to obtain the operation permission in a third party application installation process;
The first processing module 1702 is configured to respond to an operation triggered by a user in the permission request page, where the operation is indicated to refuse to grant the operation permission and the operation is continued to be installed on the third party application, and continue to install the third party application and limit the third party application to execute an operation corresponding to the operation permission.
In one possible implementation manner, before continuing to install the third party application and limiting the third party application to perform the operation corresponding to the operation authority, the first processing module 1702 is further configured to:
Setting a first authority configuration parameter corresponding to the operation authority to be a parameter representing permission of installation through an installation management service; and
And setting a second authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
In one possible implementation, the first processing module 1702 is specifically configured to, when the third party application continues to be installed:
If the first permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to install, continuing to install the third party application;
when the third party application is restricted to execute the operation corresponding to the operation authority, the first processing module 1702 is specifically configured to:
And if the second permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
In one possible implementation manner, when the third party application is restricted from executing the operation corresponding to the operation authority, the first processing module 1702 is specifically configured to:
and when the third party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or null values to the third party application through a system interface.
As shown in fig. 18, an embodiment of the present invention provides a second terminal, including a processor 1801, a display 1802;
The processor 1801 is configured to display, when a third party application starts up and runs, a permission request page of the third party application requesting the operation permission in a display interface if the third party application requests to acquire the operation permission;
Responding to the operation triggered by the user in the permission request page, which indicates that the permission of the operation is refused to be granted and the operation of the third party application is continued to be operated, and continuing to operate the third party application and limiting the third party application to execute the operation corresponding to the permission of the operation;
The display 1802 is configured to display the permission request page.
In one possible implementation, before continuing to run the third party application and restricting the third party application from performing the operation corresponding to the operation authority, the processor 1801 is further configured to:
Setting a third authority configuration parameter corresponding to the operation authority as a parameter for representing permission of operation through operation management service; and
And setting a fourth authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
In one possible implementation, the processor 1801 is specifically configured to, when the third party application continues to run:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third party application;
when the third party application is restricted to execute the operation corresponding to the operation authority, the processor 1801 is specifically configured to:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
In one possible implementation manner, when the third party application is restricted from executing the operation corresponding to the operation authority, the processor 1801 is specifically configured to:
and when the third party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or null values to the third party application through a system interface.
As shown in fig. 19, an embodiment of the present invention provides a second apparatus for rights management, including:
The second display module 1901 is configured to display, when a third party application starts up and runs, a permission request page of the third party application requesting the operation permission in a display interface if the third party application requests to acquire the operation permission;
And the second processing module 1902 is configured to respond to an operation triggered by the user in the permission request page and indicating that the permission is refused to be granted to the third party application and the operation of the third party application is continued, and continue to operate the third party application and limit the third party application to execute the operation corresponding to the permission.
In one possible implementation manner, before continuing to run the third party application and limiting the third party application to perform the operation corresponding to the operation authority, the second processing module 1902 is further configured to:
Setting a third authority configuration parameter corresponding to the operation authority as a parameter for representing permission of operation through operation management service; and
And setting a fourth authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
In one possible implementation, the second processing module 1902 is specifically configured to, when the third party application continues to run:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third party application;
when the third party application is restricted to execute the operation corresponding to the operation authority, the second processing module 1902 is specifically configured to:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
In a possible implementation manner, when the third party application is restricted from executing the operation corresponding to the operation authority, the second processing module 1902 is specifically configured to:
and when the third party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or null values to the third party application through a system interface.
Embodiments of the present application also provide a computer storage medium having stored therein computer program instructions which, when run on a computer, cause the computer to perform the rights management method as described above.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (8)

1. The terminal is characterized by comprising a display screen and a processor;
The processor is used for displaying an authority request page of the third party application requesting the operation authority in a display interface if the third party application requests to acquire the operation authority in the process of installing the third party application; the third party application is an application in a preset application set; the application set comprises applications for confirming unsafe, and the application set is obtained from a server or preset by a user;
Responding to the operation of refusing to grant the operation authority and continuing to install the third party application, which is triggered by the user in the authority request page, and if the first authority configuration parameter corresponding to the operation authority is determined to be the parameter indicating the permission to install, continuing to install the third party application; if the second permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application;
the display screen is used for displaying the permission request page.
2. The terminal of claim 1, wherein the processor is further configured to, prior to continuing to install the third party application and restricting the third party application from performing the operation corresponding to the operation right:
Setting a first authority configuration parameter corresponding to the operation authority to be a parameter representing permission of installation through an installation management service; and
And setting a second authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
3. The terminal of claim 2, wherein when restricting the third party application from performing the operation corresponding to the operation right, the processor is specifically configured to:
and when the third party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or null values to the third party application through a system interface.
4. The terminal is characterized by comprising a display screen and a processor;
The processor is used for displaying an authority request page of the third party application requesting the operation authority in a display interface if the third party application requests to acquire the operation authority when the third party application starts to run; the third party application is an application in a preset application set; the application set comprises applications for confirming unsafe, and the application set is obtained from a server or preset by a user;
Responding to the operation of refusing to grant the operation authority and continuing to run the third party application, which is triggered by the user in the authority request page, and if the third authority configuration parameter corresponding to the operation authority is determined to be the parameter indicating permission to run, continuing to run the third party application; if the fourth permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application;
the display screen is used for displaying the permission request page.
5. The terminal of claim 4, wherein the processor is further configured to, prior to continuing to run the third party application and restricting the third party application from performing the operation corresponding to the operation rights:
Setting a third authority configuration parameter corresponding to the operation authority as a parameter for representing permission of operation through operation management service; and
And setting a fourth authority configuration parameter corresponding to the operation authority as a parameter for indicating refusal of authorization through the authority management service.
6. The terminal of claim 5, wherein when restricting the third party application from performing the operation corresponding to the operation right, the processor is specifically configured to:
and when the third party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or null values to the third party application through a system interface.
7. A rights management method, the method comprising:
In the process of installing a third party application, if the third party application requests to acquire operation rights, the terminal displays a rights request page of the third party application requesting the operation rights in a display interface; the third party application is an application in a preset application set; the application set comprises applications for confirming unsafe, and the application set is obtained from a server or preset by a user;
Responding to the operation of refusing to grant the operation authority and continuing to install the third party application, which is triggered by the user in the authority request page, and if the terminal determines that the first authority configuration parameter corresponding to the operation authority is a parameter indicating that the installation is allowed, continuing to install the third party application; and if the second permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
8. A rights management method, the method comprising:
When a terminal starts running of a third party application, if the third party application requests to acquire operation rights, a rights request page of the third party application requesting the operation rights is displayed in a display interface; the third party application is an application in a preset application set; the application set comprises applications for confirming unsafe, and the application set is obtained from a server or preset by a user;
Responding to the operation of refusing to grant the operation authority and continuing to run the third party application, which is triggered by the user in the authority request page, and if the terminal determines that the third authority configuration parameter corresponding to the operation authority is a parameter indicating permission to run, continuing to run the third party application; and if the fourth permission configuration parameter corresponding to the operation permission is determined to be the parameter indicating refusal of authorization, limiting the third party application to execute the operation corresponding to the operation permission in the running process of the third party application.
CN202010269503.4A 2020-04-08 2020-04-08 Authority management method and terminal Active CN113496039B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010269503.4A CN113496039B (en) 2020-04-08 2020-04-08 Authority management method and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010269503.4A CN113496039B (en) 2020-04-08 2020-04-08 Authority management method and terminal

Publications (2)

Publication Number Publication Date
CN113496039A CN113496039A (en) 2021-10-12
CN113496039B true CN113496039B (en) 2024-06-25

Family

ID=77995732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010269503.4A Active CN113496039B (en) 2020-04-08 2020-04-08 Authority management method and terminal

Country Status (1)

Country Link
CN (1) CN113496039B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117668818A (en) * 2022-08-29 2024-03-08 华为技术有限公司 Application program installation method and device and electronic equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105354489A (en) * 2015-10-29 2016-02-24 小米科技有限责任公司 Right granting method and apparatus

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104424020A (en) * 2013-08-27 2015-03-18 宇宙互联有限公司 Application service management system and method
CN103577750B (en) * 2013-11-15 2016-08-17 北京奇虎科技有限公司 Privacy authority management method and device
CN104836715B (en) * 2014-02-08 2018-08-03 国际商业机器公司 Run on the mobile apparatus it is multiple using data sharing method and apparatus
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal
US9473505B1 (en) * 2014-11-14 2016-10-18 Trend Micro Inc. Management of third party access privileges to web services
WO2020062192A1 (en) * 2018-09-29 2020-04-02 华为技术有限公司 Operation control method and electronic device
CN110084047A (en) * 2019-03-20 2019-08-02 努比亚技术有限公司 A kind of access right control method, terminal and computer readable storage medium
CN110532764B (en) * 2019-08-19 2022-03-11 维沃移动通信有限公司 Authority processing method, mobile terminal and readable storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105354489A (en) * 2015-10-29 2016-02-24 小米科技有限责任公司 Right granting method and apparatus

Also Published As

Publication number Publication date
CN113496039A (en) 2021-10-12

Similar Documents

Publication Publication Date Title
CN113032766B (en) Application authority management method and device
CN113535207B (en) Vehicle and updating method of vehicle-mounted software thereof and mobile terminal
CN111656347B (en) Project display method and terminal
CN111523136A (en) Authority management method, device and equipment of application program and storage medium
CN113835569A (en) Terminal device, quick start method for internal function of application and storage medium
CN114721761B (en) Terminal equipment, application icon management method and storage medium
CN113496039B (en) Authority management method and terminal
CN112825072B (en) Communication terminal and data sharing method
CN113642010B (en) Method for acquiring data of extended storage device and mobile terminal
CN111600862B (en) User account management method and device
CN114035870A (en) Terminal device, application resource control method and storage medium
CN111163220B (en) Display method, communication terminal and computer storage medium
CN114595203A (en) File synchronization method based on dual systems, terminal device and storage medium
CN111159734A (en) Communication terminal and multi-application data inter-access processing method
CN114020377A (en) Terminal device, picture information protection method and storage medium
CN113938890B (en) Data sharing method and terminal equipment
CN115132305A (en) Data sharing method, data verification method and terminal equipment
CN114020379B (en) Terminal equipment, information feedback method and storage medium
CN111258699B (en) Page display method and communication terminal
CN112000411B (en) Mobile terminal and display method of recording channel occupation information thereof
CN112114885B (en) Terminal, control equipment and service processing method
CN111142648B (en) Data processing method and intelligent terminal
CN114911394B (en) Terminal equipment and one-hand operation method
CN113536387B (en) Terminal and method for detecting integrity of kernel data
CN113835889A (en) Method for acquiring input event and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Country or region after: China

Address after: 266071 Shandong city of Qingdao province Jiangxi City Road No. 11

Applicant after: Qingdao Hisense Mobile Communication Technology Co.,Ltd.

Address before: 266071 Shandong city of Qingdao province Jiangxi City Road No. 11

Applicant before: HISENSE MOBILE COMMUNICATIONS TECHNOLOGY Co.,Ltd.

Country or region before: China

GR01 Patent grant