CN115146303A

CN115146303A - Private file protection method and device, terminal equipment and readable storage medium

Info

Publication number: CN115146303A
Application number: CN202110352911.0A
Authority: CN
Inventors: 唐发明
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2021-03-30
Filing date: 2021-03-30
Publication date: 2022-10-04

Abstract

The application is applicable to the technical field of terminals, and particularly relates to a private file protection method, a private file protection device, terminal equipment and a readable storage medium. In the method, the terminal device can be provided with a first preset application which needs to perform private file protection. When the terminal device obtains a file access request of a first application in the terminal device to request for accessing a target file of a second application in the terminal device, the terminal device may determine whether the target file is a private file of the second application, and determine whether the second application is a first preset application. If the target file is a private file of the second application and the second application is the first preset application, the terminal device can reject the file access request of the first application to prevent the current file access behavior of the first application, ensure the security of the private file of the second application, reduce the risk that the private file of the second application is leaked or damaged, and improve user experience.

Description

Private file protection method and device, terminal equipment and readable storage medium

Technical Field

The application belongs to the technical field of terminals, and particularly relates to a private file protection method, a private file protection device, terminal equipment and a computer-readable storage medium.

Background

The Android storage area comprises an internal storage area and an external storage area, and the applied private file can be stored in the internal storage area and also can be stored in the external storage area. Wherein, the access to the external storage area can be regulated through the authority, that is, all applications can access the external storage area through applying for the authority. Once a certain application applies for the authority, the application can read and write all files in the external storage area (including private files stored in the external storage area by other applications) at will, so that the private files stored in the external storage area by the application are easy to leak or be damaged, the security of the private files is poor, and the user experience is influenced.

Disclosure of Invention

The embodiment of the application provides a private file protection method, a private file protection device, a terminal device and a computer readable storage medium, which can solve the problem that a private file stored in an external storage area is easy to leak and/or damage, improve the security of the application private file and improve user experience.

In a first aspect, an embodiment of the present application provides a private file protection method, which is applied to a terminal device, where the method may include:

the terminal equipment acquires a file access request of a first application in the terminal equipment, wherein the file access request is used for requesting to access a target file of a second application in the terminal equipment, and the target file is a file stored in an external storage area of the terminal equipment;

and when the target file is a private file of the second application and the second application is a first preset application, the terminal equipment rejects the file access request of the first application, and the first preset application is an application requiring private file protection.

By the private file protection method, the first preset application needing private file protection can be preset in the terminal equipment according to requirements. Therefore, when the terminal device obtains a file access request of a first application in the terminal device to request access to a target file of a second application in the terminal device, the terminal device can determine whether the target file is a private file of the second application and determine whether the second application is a first preset application. If the target file is a private file of the second application and the second application is the first preset application, the terminal device can refuse the file access request of the first application to prevent the current file access behavior of the first application, ensure the security of the private file of the second application, reduce the risk that the private file of the second application is leaked or damaged, improve user experience, and have strong usability and practicability.

In a possible implementation manner of the first aspect, the rejecting, by the terminal device, a file access request of the first application may include:

the terminal equipment determines whether the first application is a second preset application, wherein the second preset application is an application allowing access to a private file of the first preset application;

and when the first application is not the second preset application, the terminal equipment refuses the file access request of the first application.

In the private file protection method provided by the scheme, the terminal device may also be provided with a second preset application that allows access to the private file of the first preset application. Therefore, when it is determined that the target file is a private file of the second application and the second application is the first preset application, the terminal device may further determine whether the first application is the second preset application, that is, whether the first application is the second preset application that can access the private file of the first preset application. When the first application is not the second preset application, the first application is indicated to have no authority for accessing the private file of the second application, and at this time, the terminal device can reject the file access request of the first application so as to protect the security of the private file of the second application. And when the first application is the second preset application, the first application is indicated to have the authority of accessing the private file of the second application, and at this time, the terminal device can allow the first application to access the private file of the second application.

The second preset application may be set by default by the terminal device, or may be set by user definition, which is not limited in this embodiment of the present application.

Optionally, the method may further include:

the terminal equipment acquires a third application containing a protection tag, wherein the third application is an application in the terminal equipment, and the protection tag is used for identifying that the third application requires protection of a private file;

and the terminal equipment sets the third application as the first preset application, and constructs an application group corresponding to the first preset application according to the first identifier of the third application.

For example, the obtaining, by the terminal device, a third application including a protection tag may include:

the terminal equipment acquires source code files of all applications in the terminal equipment, and acquires a third application containing a protection label according to the source code files.

the terminal equipment acquires the setting operation of a user in the terminal equipment and acquires a third application containing a protection label according to the setting operation.

In the private file protection method provided by the scheme, the first preset application may be determined according to whether the application in the terminal device includes the protection tag. Specifically, the terminal device may determine an application including the protection tag in the terminal device as a third application, and may set the third application as the first preset application. Subsequently, the terminal device may construct an application group corresponding to the first preset application according to the first identifier of the third application. The protection tag is used for identifying that the third application requires protection of the private file, and the first identifier may be an uid of the application.

In one example, a first preset application that needs to perform private file protection may be set by a developer, that is, the developer may add a protection tag in a source code file of the application to indicate that the application needs to perform protection of the private file. Therefore, the terminal device can obtain the source code file of each application in the terminal device, and determine the application needing private file protection according to whether each source code file contains the protection tag.

In one example, the first preset application needing private file protection can also be set in a terminal device in a user-defined mode by a user. Therefore, the terminal device can acquire the third application including the protection tag according to the setting operation of the user in the terminal device.

Optionally, the method may further include:

the terminal equipment acquires a second identifier of the second application;

and the terminal equipment determines whether the second application is the first preset application or not according to the second identification and each first identification in the application group.

In the private file protection method provided by the scheme, the terminal device may obtain the second identifier of the second application (i.e., the uid of the second application), and may determine whether the second application is the first preset application according to the second identifier of the second application and each first identifier in the application group, that is, determine whether the second application is an application that needs private file protection.

It is understood that, after the terminal device obtains the file access request of the first application in the terminal device, the method may include:

the terminal device determines whether the first application has a right to access the external storage area;

when the first application has the authority to access the external storage area, the terminal device determines whether the target file is a private file of the second application.

In the private file protection method provided by the scheme, after the terminal device obtains a file access request of a first application in the terminal device, it may be determined whether the first application has an authority to access the external storage area, and when the first application has the authority to access the external storage area, the terminal device determines whether the target file is a private file of a second application and whether the second application is a first preset application. When the first application does not have the authority to access the external storage area, the first application is indicated to be incapable of accessing any file of the external storage area, namely, the file of the second application is not accessed, and at the moment, the terminal equipment can directly refuse the file access request of the first application.

In a second aspect, an embodiment of the present application provides a private file protection apparatus, which is applied to a terminal device, where the apparatus may include:

a request obtaining module, configured to obtain a file access request of a first application in the terminal device, where the file access request is used to request access to a target file of a second application in the terminal device, and the target file is a file stored in an external storage area of the terminal device;

and the file protection module is used for rejecting the file access request of the first application when the target file is the private file of the second application and the second application is a first preset application, wherein the first preset application is an application requiring private file protection.

In a possible implementation manner of the second aspect, the file protection module may include:

the first application determining unit is used for determining whether the first application is a second preset application, and the second preset application is an application allowing access to a private file of the first preset application;

and the request rejection unit is used for rejecting the file access request of the first application by the terminal equipment when the first application is not the second preset application.

Optionally, the apparatus may further include:

a third application obtaining module, configured to obtain a third application including a protection tag, where the third application is an application in the terminal device, and the protection tag is used to identify that the third application requires protection of a private file;

and the group setting module is used for setting the third application as the first preset application and constructing an application group corresponding to the first preset application according to the first identifier of the third application.

Illustratively, the third application obtaining module is configured to obtain a source code file of each application in the terminal device, and obtain a third application including a protection tag according to each source code file.

Illustratively, the third application obtaining module is further configured to obtain a setting operation of a user in the terminal device, and obtain a third application including a protection tag according to the setting operation.

Optionally, the apparatus may further include:

the identification acquisition module is used for acquiring a second identification of the second application;

a second application determining module, configured to determine whether the second application is the first preset application according to the second identifier and each of the first identifiers in the application group.

It is understood that the apparatus may further include:

an authority determination module for determining whether the first application has an authority to access the external storage area;

and the private file determining module is used for determining whether the target file is a private file of the second application when the first application has the authority of accessing the external storage area.

In a third aspect, an embodiment of the present application provides a terminal device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the terminal device is caused to implement the method described in any one of the first aspect.

In a fourth aspect, the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a computer, the computer program causes the computer to implement the method of any one of the above first aspects.

In a fifth aspect, the present application provides a computer program product, which when run on a terminal device, causes the terminal device to execute the method of any one of the above first aspects.

Drawings

Fig. 1 is a schematic structural diagram of a terminal device to which a private file protection method provided in an embodiment of the present application is applied;

fig. 2 is a schematic diagram of a software architecture to which a private file protection method according to an embodiment of the present application is applied;

FIG. 3 is a schematic diagram of access control for an sdcardfs file system;

FIG. 4 is a schematic view of a scenario provided by an embodiment of the present application;

FIG. 5 is an exemplary diagram of a read mount point provided by an embodiment of the present application;

FIG. 6 is an exemplary diagram of a write mount point provided by an embodiment of the present application;

fig. 7 is a flowchart illustrating a private file protection method according to an embodiment of the present application.

Detailed Description

It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It should also be understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items and includes such combinations.

As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".

Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.

Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.

In addition, "a plurality" mentioned in the embodiments of the present application should be construed as two or more.

The steps involved in the private file protection method provided in the embodiments of the present application are only examples, and not all the steps are necessarily performed steps, or the content in each information or message is not indispensable, and may be increased or decreased as necessary during the use process. The same steps or messages with the same functions in the embodiments of the present application may be referred to with each other between different embodiments.

The service scenario described in the embodiment of the present application is for more clearly illustrating the technical solution of the embodiment of the present application, and does not form a limitation on the technical solution provided in the embodiment of the present application, and it can be known by a person of ordinary skill in the art that the technical solution provided in the embodiment of the present application is also applicable to similar technical problems with the evolution of a network architecture and the occurrence of a new service scenario.

The private file protection method provided by the embodiment of the application can be applied to terminal devices based on an Android system, such as mobile phones, tablet computers, wearable devices, vehicle-mounted devices, augmented Reality (AR)/Virtual Reality (VR) devices, notebook computers, netbooks, personal Digital Assistants (PDAs), and the like.

The following first describes a terminal device according to an embodiment of the present application. Referring to fig. 1, fig. 1 shows a schematic structural diagram of a terminal device 100.

The terminal device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a Universal Serial Bus (USB) interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, a wireless communication module 160, an audio module 170, a speaker 170A, a receiver 170B, a microphone 170C, an earphone interface 170D, a sensor module 180, a button 190, a motor 191, an indicator 192, a camera 193, a display screen 194, a Subscriber Identity Module (SIM) card interface 195, and the like. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, an ambient light sensor 180L, a bone conduction sensor 180M, and the like.

It is to be understood that the illustrated structure of the embodiment of the present application does not constitute a specific limitation to the terminal device 100. In other embodiments of the present application, terminal device 100 may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

Processor 110 may include one or more processing units, such as: the processor 110 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a neural-Network Processing Unit (NPU), etc. The different processing units may be separate devices or may be integrated into one or more processors.

The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution.

A memory may also be provided in processor 110 for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 110. If the processor 110 needs to use the instruction or data again, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 110, thereby increasing the efficiency of the system.

In some embodiments, processor 110 may include one or more interfaces. The interface may include an integrated circuit (I2C) interface, an integrated circuit built-in audio (I2S) interface, a Pulse Code Modulation (PCM) interface, a universal asynchronous receiver/transmitter (UART) interface, a mobile industry processor interface (mobile industry processor interface, MIPI), a general-purpose-input/output (GPIO) interface, a Subscriber Identity Module (SIM) interface, and/or a Universal Serial Bus (USB) interface, etc.

The I2C interface is a bidirectional synchronous serial bus including a serial data line (SDA) and a Serial Clock Line (SCL). In some embodiments, processor 110 may include multiple sets of I2C buses. The processor 110 may be coupled to the touch sensor 180K, a charger, a flash, a camera 193, etc. through different I2C bus interfaces, respectively. For example: the processor 110 may be coupled to the touch sensor 180K through an I2C interface, so that the processor 110 and the touch sensor 180K communicate through an I2C bus interface to implement a touch function of the terminal device 100.

The I2S interface may be used for audio communication. In some embodiments, processor 110 may include multiple sets of I2S buses. The processor 110 may be coupled to the audio module 170 through an I2S bus to enable communication between the processor 110 and the audio module 170. In some embodiments, the audio module 170 may transmit the audio signal to the wireless communication module 160 through the I2S interface, so as to implement a function of receiving a call through a bluetooth headset.

The PCM interface may also be used for audio communication, sampling, quantizing and encoding analog signals. In some embodiments, audio module 170 and wireless communication module 160 may be coupled by a PCM bus interface. In some embodiments, the audio module 170 may also transmit audio signals to the wireless communication module 160 through the PCM interface, so as to implement a function of answering a call through a bluetooth headset. Both the I2S interface and the PCM interface may be used for audio communication.

The UART interface is a universal serial data bus used for asynchronous communications. The bus may be a bidirectional communication bus. It converts the data to be transmitted between serial communication and parallel communication. In some embodiments, a UART interface is generally used to connect the processor 110 with the wireless communication module 160. For example: the processor 110 communicates with a bluetooth module in the wireless communication module 160 through a UART interface to implement a bluetooth function. In some embodiments, the audio module 170 may transmit the audio signal to the wireless communication module 160 through a UART interface, so as to realize the function of playing music through a bluetooth headset.

The MIPI interface may be used to connect the processor 110 with peripheral devices such as the display screen 194, the camera 193, and the like. The MIPI interface includes a Camera Serial Interface (CSI), a Display Serial Interface (DSI), and the like. In some embodiments, processor 110 and camera 193 communicate through a CSI interface to implement the capture function of terminal device 100. The processor 110 and the display screen 194 communicate through the DSI interface to implement the display function of the terminal device 100.

The GPIO interface may be configured by software. The GPIO interface may be configured as a control signal and may also be configured as a data signal. In some embodiments, a GPIO interface may be used to connect the processor 110 with the camera 193, the display 194, the wireless communication module 160, the audio module 170, the sensor module 180, and the like. The GPIO interface may also be configured as an I2C interface, I2S interface, UART interface, MIPI interface, and the like.

The USB interface 130 is an interface conforming to the USB standard specification, and may be a Mini USB interface, a Micro USB interface, a USB Type C interface, or the like. The USB interface 130 may be used to connect a charger to charge the terminal device 100, and may also be used to transmit data between the terminal device 100 and a peripheral device. And the method can also be used for connecting a headset and playing audio through the headset. The interface may also be used to connect other terminal devices, such as AR devices and the like.

It should be understood that the interface connection relationship between the modules illustrated in the embodiment of the present application is only an exemplary illustration, and does not constitute a limitation on the structure of the terminal device 100. In other embodiments of the present application, the terminal device 100 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.

The charging management module 140 is configured to receive charging input from a charger. The charger may be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 140 may receive charging input from a wired charger via the USB interface 130. In some wireless charging embodiments, the charging management module 140 may receive a wireless charging input through a wireless charging coil of the terminal device 100. The charging management module 140 may also supply power to the terminal device through the power management module 141 while charging the battery 142.

The power management module 141 is used to connect the battery 142, the charging management module 140 and the processor 110. The power management module 141 receives input from the battery 142 and/or the charge management module 140, and supplies power to the processor 110, the internal memory 121, the display 194, the camera 193, the wireless communication module 160, and the like. The power management module 141 may also be used to monitor parameters such as battery capacity, battery cycle count, battery state of health (leakage, impedance), etc. In some other embodiments, the power management module 141 may also be disposed in the processor 110. In other embodiments, the power management module 141 and the charging management module 140 may also be disposed in the same device.

The wireless communication function of the terminal device 100 may be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, a modem processor, a baseband processor, and the like.

The antennas 1 and 2 are used for transmitting and receiving electromagnetic wave signals. Each antenna in terminal device 100 may be used to cover a single or multiple communication bands. Different antennas can also be multiplexed to improve the utilization of the antennas. For example: the antenna 1 may be multiplexed as a diversity antenna of a wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.

The mobile communication module 150 may provide a solution including wireless communication of 2G/3G/4G/5G, etc. applied to the terminal device 100. The mobile communication module 150 may include at least one filter, a switch, a power amplifier, a Low Noise Amplifier (LNA), and the like. The mobile communication module 150 may receive the electromagnetic wave from the antenna 1, filter, amplify, etc. the received electromagnetic wave, and transmit the electromagnetic wave to the modem processor for demodulation. The mobile communication module 150 may also amplify the signal modulated by the modem processor, and convert the signal into electromagnetic wave through the antenna 1 to radiate the electromagnetic wave. In some embodiments of the present invention, the, at least part of the functional modules of the mobile communication module 150 may be provided in the processor 110. In some embodiments, at least some of the functional modules of the mobile communication module 150 may be disposed in the same device as at least some of the modules of the processor 110.

The modem processor may include a modulator and a demodulator. The modulator is used for modulating a low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used for demodulating the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then passes the demodulated low frequency baseband signal to a baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and then passed to the application processor. The application processor outputs a sound signal through an audio device (not limited to the speaker 170A, the receiver 170B, etc.) or displays an image or video through the display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be provided in the same device as the mobile communication module 150 or other functional modules, independent of the processor 110.

The wireless communication module 160 may provide a solution for wireless communication applied to the terminal device 100, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (bluetooth, BT), global Navigation Satellite System (GNSS), frequency Modulation (FM), near Field Communication (NFC), infrared (IR), and the like. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2, performs frequency modulation and filtering on electromagnetic wave signals, and transmits the processed signals to the processor 110. The wireless communication module 160 may also receive a signal to be transmitted from the processor 110, perform frequency modulation and amplification on the signal, and convert the signal into electromagnetic waves via the antenna 2 to radiate the electromagnetic waves.

In some embodiments, the antenna 1 of the terminal device 100 is coupled to the mobile communication module 150 and the antenna 2 is coupled to the wireless communication module 160 so that the terminal device 100 can communicate with the network and other devices through wireless communication technology. The wireless communication technology may include global system for mobile communications (GSM), general Packet Radio Service (GPRS), code division multiple access (code division multiple access, CDMA), wideband Code Division Multiple Access (WCDMA), time-division code division multiple access (time-division code division multiple access, TD-SCDMA), long Term Evolution (LTE), BT, GNSS, WLAN, NFC, FM, and/or IR technologies, etc. The GNSS may include a Global Positioning System (GPS), a global navigation satellite system (GLONASS), a beidou navigation satellite system (BDS), a quasi-zenith satellite system (QZSS), and/or a Satellite Based Augmentation System (SBAS).

The terminal device 100 implements a display function by the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and an application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. The processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 194 is used to display images, video, and the like. The display screen 194 includes a display panel. The display panel may adopt a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (active-matrix organic light-emitting diode, AMOLED), a flexible light-emitting diode (FLED), a miniature, a Micro-oeld, a quantum dot light-emitting diode (QLED), and the like. In some embodiments, the terminal device 100 may include 1 or N display screens 194, N being a positive integer greater than 1.

The terminal device 100 may implement a shooting function through the ISP, the camera 193, the video codec, the GPU, the display screen 194, the application processor, and the like.

The ISP is used to process the data fed back by the camera 193. For example, when a photo is taken, the shutter is opened, light is transmitted to the camera photosensitive element through the lens, the optical signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing and converting into an image visible to naked eyes. The ISP can also carry out algorithm optimization on the noise, brightness and skin color of the image. The ISP can also optimize parameters such as exposure, color temperature and the like of a shooting scene. In some embodiments, the ISP may be provided in camera 193.

The camera 193 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, and then transmits the electrical signal to the ISP to be converted into a digital image signal. And the ISP outputs the digital image signal to the DSP for processing. The DSP converts the digital image signal into image signal in standard RGB, YUV and other formats. In some embodiments, the terminal device 100 may include 1 or N cameras 193, N being a positive integer greater than 1.

The digital signal processor is used for processing digital signals, and can process digital image signals and other digital signals. For example, when the terminal device 100 selects a frequency point, the digital signal processor is used to perform fourier transform or the like on the frequency point energy.

Video codecs are used to compress or decompress digital video. The terminal device 100 may support one or more video codecs. In this way, the terminal device 100 can play or record video in a plurality of encoding formats, such as: moving Picture Experts Group (MPEG) 1, MPEG2, MPEG3, MPEG4, and the like.

The NPU is a neural-network (NN) computing processor that processes input information quickly by using a biological neural network structure, for example, by using a transfer mode between neurons of a human brain, and can also learn by itself continuously. The NPU can implement applications such as intelligent recognition of the terminal device 100, for example: image recognition, face recognition, speech recognition, text understanding, and the like.

The external memory interface 120 may be used to connect an external memory card, such as a Micro SD card, to extend the storage capability of the terminal device 100. The external memory card communicates with the processor 110 through the external memory interface 120 to implement a data storage function. For example, files such as music, video, etc. are saved in an external memory card.

The internal memory 121 may be used to store computer-executable program code, which includes instructions. The internal memory 121 may include a program storage area and a data storage area. The storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required by at least one function, and the like. The storage data area may store data (such as audio data, a phonebook, etc.) created during use of the terminal device 100, and the like. In addition, the internal memory 121 may include a high speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, a Universal Flash Storage (UFS), and the like. The processor 110 executes various functional applications of the terminal device 100 and data processing by executing instructions stored in the internal memory 121 and/or instructions stored in a memory provided in the processor.

The terminal device 100 may implement an audio function through the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the earphone interface 170D, and the application processor. Such as music playing, recording, etc.

The audio module 170 is used to convert digital audio information into an analog audio signal output and also to convert an analog audio input into a digital audio signal. The audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be disposed in the processor 110, or some functional modules of the audio module 170 may be disposed in the processor 110.

The speaker 170A, also called a "horn", is used to convert the audio electrical signal into an acoustic signal. The terminal device 100 can listen to music through the speaker 170A, or listen to a handsfree call.

The receiver 170B, also called "earpiece", is used to convert the electrical audio signal into an acoustic signal. When the terminal device 100 answers a call or voice information, it is possible to answer a voice by bringing the receiver 170B close to the human ear.

The microphone 170C, also referred to as a "microphone," is used to convert sound signals into electrical signals. When making a call or sending voice information, the user can input a voice signal to the microphone 170C by uttering a voice signal close to the microphone 170C through the mouth of the user. The terminal device 100 may be provided with at least one microphone 170C. In other embodiments, the terminal device 100 may be provided with two microphones 170C, which may implement a noise reduction function in addition to collecting sound signals. In other embodiments, the terminal device 100 may further include three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, and implement directional recording functions.

The earphone interface 170D is used to connect a wired earphone. The headset interface 170D may be the USB interface 130, or may be an Open Mobile Terminal Platform (OMTP) standard interface of 3.5mm, or a cellular telecommunications industry association (cellular telecommunications industry association of the USA, CTIA) standard interface.

The pressure sensor 180A is used for sensing a pressure signal, and can convert the pressure signal into an electrical signal. In some embodiments, the pressure sensor 180A may be disposed on the display screen 194. The pressure sensor 180A can be of a wide variety, such as a resistive pressure sensor, an inductive pressure sensor, a capacitive pressure sensor, and the like. The capacitive pressure sensor may be a sensor comprising at least two parallel plates having an electrically conductive material. When a force acts on the pressure sensor 180A, the capacitance between the electrodes changes. The terminal device 100 determines the intensity of the pressure from the change in the capacitance. When a touch operation is applied to the display screen 194, the terminal device 100 detects the intensity of the touch operation based on the pressure sensor 180A. The terminal device 100 may also calculate the touched position from the detection signal of the pressure sensor 180A. In some embodiments, the touch operations that are applied to the same touch position but different touch operation intensities may correspond to different operation instructions. For example: and when the touch operation with the touch operation intensity smaller than the first pressure threshold value acts on the short message application icon, executing an instruction for viewing the short message. And when the touch operation with the touch operation intensity larger than or equal to the first pressure threshold value acts on the short message application icon, executing an instruction of newly building the short message.

The gyro sensor 180B may be used to determine the motion attitude of the terminal device 100. In some embodiments, the angular velocity of terminal device 100 about three axes (i.e., x, y, and z axes) may be determined by gyroscope sensor 180B. The gyro sensor 180B may be used for photographing anti-shake. Illustratively, when the shutter is pressed, the gyro sensor 180B detects the shake angle of the terminal device 100, calculates the distance to be compensated for by the lens module according to the shake angle, and allows the lens to counteract the shake of the terminal device 100 through a reverse movement, thereby achieving anti-shake. The gyroscope sensor 180B may also be used for navigation, somatosensory gaming scenes.

The air pressure sensor 180C is used to measure air pressure. In some embodiments, the terminal device 100 calculates an altitude from the barometric pressure measured by the barometric pressure sensor 180C to assist in positioning and navigation.

The magnetic sensor 180D includes a hall sensor. The terminal device 100 may detect the opening and closing of the flip holster using the magnetic sensor 180D. In some embodiments, when the terminal device 100 is a flip, the terminal device 100 may detect the opening and closing of the flip according to the magnetic sensor 180D. And then according to the opening and closing state of the leather sheath or the opening and closing state of the flip cover, the automatic unlocking of the flip cover is set.

The acceleration sensor 180E can detect the magnitude of acceleration of the terminal device 100 in various directions (generally, three axes). The magnitude and direction of gravity may be detected when the terminal device 100 is stationary. The method can also be used for recognizing the posture of the terminal equipment, and is applied to horizontal and vertical screen switching, pedometers and other applications.

A distance sensor 180F for measuring a distance. The terminal device 100 may measure the distance by infrared or laser. In some embodiments, the scene is photographed and the terminal device 100 may range using the distance sensor 180F to achieve fast focus.

The proximity light sensor 180G may include, for example, a Light Emitting Diode (LED) and a light detector, such as a photodiode. The light emitting diode may be an infrared light emitting diode. The terminal device 100 emits infrared light to the outside through the light emitting diode. The terminal device 100 detects infrared reflected light from a nearby object using a photodiode. When sufficient reflected light is detected, it can be determined that there is an object near the terminal device 100. When insufficient reflected light is detected, the terminal device 100 can determine that there is no object near the terminal device 100. The terminal device 100 can utilize the proximity light sensor 180G to detect that the user holds the terminal device 100 close to the ear for talking, so as to automatically turn off the screen to achieve the purpose of saving power. The proximity light sensor 180G may also be used in a holster mode, a pocket mode automatically unlocks and locks the screen.

The ambient light sensor 180L is used to sense ambient light brightness. The terminal device 100 may adaptively adjust the brightness of the display screen 194 according to the perceived ambient light level. The ambient light sensor 180L can also be used to automatically adjust the white balance when taking a picture. The ambient light sensor 180L may also cooperate with the proximity light sensor 180G to detect whether the terminal device 100 is in a pocket, in order to prevent accidental touches.

The fingerprint sensor 180H is used to collect a fingerprint. The terminal device 100 can utilize the collected fingerprint characteristics to realize fingerprint unlocking, access to an application lock, fingerprint photographing, fingerprint incoming call answering and the like.

The temperature sensor 180J is used to detect temperature. In some embodiments, the terminal device 100 executes a temperature processing policy using the temperature detected by the temperature sensor 180J. For example, when the temperature reported by the temperature sensor 180J exceeds the threshold, the terminal device 100 performs a reduction in performance of the processor located near the temperature sensor 180J, so as to reduce power consumption and implement thermal protection. In other embodiments, the terminal device 100 heats the battery 142 when the temperature is below another threshold to avoid abnormal shutdown of the terminal device 100 due to low temperature. In other embodiments, when the temperature is lower than a further threshold, the terminal device 100 performs boosting on the output voltage of the battery 142 to avoid abnormal shutdown due to low temperature.

The touch sensor 180K is also called a "touch device". The touch sensor 180K may be disposed on the display screen 194, and the touch sensor 180K and the display screen 194 form a touch screen, which is also called a "touch screen". The touch sensor 180K is used to detect a touch operation acting thereon or nearby. The touch sensor may communicate the detected touch operation to the application processor to determine the touch event type. Visual output associated with the touch operation may be provided through the display screen 194. In other embodiments, the touch sensor 180K may be disposed on the surface of the terminal device 100, different from the position of the display screen 194.

The bone conduction sensor 180M can acquire a vibration signal. In some embodiments, the bone conduction sensor 180M may acquire a vibration signal of the human vocal part vibrating the bone mass. The bone conduction sensor 180M may also contact the human body pulse to receive the blood pressure pulsation signal. In some embodiments, bone conduction sensor 180M may also be disposed in the headset, combined into bone conduction earphones. The audio module 170 may analyze a voice signal based on the vibration signal of the bone mass vibrated by the sound part acquired by the bone conduction sensor 180M, so as to implement a voice function. The application processor can analyze heart rate information based on the blood pressure beating signal acquired by the bone conduction sensor 180M, so as to realize the heart rate detection function.

The keys 190 include a power-on key, a volume key, and the like. The keys 190 may be mechanical keys. Or may be touch keys. The terminal device 100 may receive a key input, and generate a key signal input related to user setting and function control of the terminal device 100.

The motor 191 may generate a vibration cue. The motor 191 may be used to provide an electrical vibration indication, but also for touch vibration feedback. For example, touch operations applied to different applications (e.g., photographing, audio playing, etc.) may correspond to different vibration feedback effects. The motor 191 may also respond to different vibration feedback effects for touch operations applied to different areas of the display screen 194. Different application scenes (such as time reminding, receiving information, alarm clock, game and the like) can also correspond to different vibration feedback effects. The touch vibration feedback effect may also support customization.

Indicator 192 may be an indicator light that may be used to indicate a state of charge, a change in charge, or a message, missed call, notification, etc.

The SIM card interface 195 is used to connect a SIM card. The SIM card can be attached to and detached from the terminal device 100 by being inserted into the SIM card interface 195 or being pulled out of the SIM card interface 195. The terminal device 100 may support 1 or N SIM card interfaces, where N is a positive integer greater than 1. The SIM card interface 195 may support a Nano SIM card, a Micro SIM card, a SIM card, etc. The same SIM card interface 195 can be inserted with multiple cards at the same time. The types of the plurality of cards may be the same or different. The SIM card interface 195 may also be compatible with different types of SIM cards. The SIM card interface 195 may also be compatible with external memory cards. The terminal device 100 interacts with the network through the SIM card to implement functions such as communication and data communication. In some embodiments, the terminal device 100 employs eSIM, namely: an embedded SIM card. The eSIM card may be embedded in the terminal device 100 and cannot be separated from the terminal device 100.

The software system of the terminal device 100 may adopt a hierarchical architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture, or a cloud architecture. The embodiment of the present application takes an Android system with a layered architecture as an example, and exemplarily illustrates a software structure of the terminal device 100.

Fig. 2 is a block diagram of a software configuration of the terminal device 100 according to the embodiment of the present application.

The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer from top to bottom.

The application layer may include a series of application packages.

As shown in fig. 2, the application package may include camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, music, video, short message, etc. applications.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.

As shown in FIG. 2, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.

The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.

The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and answered, browsing history and bookmarks, phone books, etc.

The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The phone manager is used to provide the communication function of the terminal device 100. Such as management of call status (including on, off, etc.).

The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.

The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scrollbar text in a status bar at the top of the system, such as a notification of a running application in the background, or a notification that appears on the screen in the form of a dialog window. For example, text information is prompted in the status bar, a prompt tone is given, the terminal device vibrates, an indicator light flickers, and the like.

The Android Runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system.

The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.

The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.

The system library may include a plurality of functional modules. For example: surface managers (surface managers), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), and the like.

The surface manager is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications.

The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.

The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.

The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.

The storage area of the Android system can be an internal storage area and an external storage area. The internal storage area may be an internal memory and the external storage area may be an external memory card. However, since most of the existing terminal devices do not use an extended memory Card such as an SD-Card or a TF-Card, the internal memory area and the external memory area may also be a logically partitioned area concept, i.e., the internal memory area is generally referred to as/data/directory, and the external memory area is generally referred to as/sdcard/directory.

Data/directory: the system mainly comprises two subdirectories, namely an app directory and a data directory. The app directory is mainly used for storing executable files of system application programs (apps) and user apps. The data directory is mainly used for storing private files of the app, such as information of a user, cache files and the like.

/sdcard/catalog: the file system comprises a plurality of commonly used subdirectories, such as a download directory, a music directory, a pictures directory and the like, and also comprises a plurality of directories for storing large-size private files of the application.

Namely, the internal storage area and the external storage area of the Android system can store the private files of the application. For the access of the external storage area, the Android system can be managed through an sdcardfs file system. The sdcardfs file system is not a conventional disk file system, and is a stacked file system, which may also be called a wrap packed file system, and may pass various command parameters sent by the Android system call to an underlying file system, for example, to a fourth-generation extended file system (ext 4). The function of the sdcardfs file system is the same as that of the original fuse file system, so that the Android system can perform refined access authority control on files managed by the sdcardfs file system, independent authorization of each app is realized, and each app has different authorities to access an external storage area.

The underlying file system only supports access control of traditional sandboxes such as autonomous access control (DAC) and Mandatory Access Control (MAC), and cannot meet relatively flexible application dynamic authorization access control. Referring to FIG. 3, FIG. 3 shows a schematic diagram of access control for an sdcardfs file system. As shown in fig. 3, the sdcardfs file system may wrap the/data/media directory in the underlying file system (e.g., ext 4) as a root directory and provide a file operation interface to the upper layer application in its own file view (/ storage/emulated, i.e., sdcard directory). After encapsulation by the sdcardfs file system, the/data/media directory in the underlying file system can be only open access to few system critical services through the DAC, MAC, while other system services and applications can only access the/data/media directory in the underlying file system through the open interface of the sdcardfs file system. The sdcardfs file system may manage access rights of the application through a dynamic authorization mechanism (access control implemented in a user mode), that is, the access control of the application may be implemented through a UGO model, so that a process of data interaction between the user mode and a kernel mode may be reduced. In addition, the UGO model can perform rights management by classifying operators who access files into three categories, namely, owner (user), group (group) and other group (other). The owner refers to a user (also referred to as an application) who creates a file or a directory, and the users in the same group refer to users who belong to the same group as the file owner.

While managing access rights for applications through a dynamic authorization mechanism, the sdcardfs file system creates only three file views, a default view, a read view, and a write view, for/sdcard/directory. The main difference between the three file views is that the group groups to which the files belong and the corresponding permissions are different. The user is the owner of the corresponding file, the owner can read and write the file, and the others does not have the read-write permission. The group of each file in the default view is sdcard _ rw, the authority of the group is readable and writable, but the application does not belong to the sdcard _ rw group, so that the application mounted with the default view can only read and write the file of the application according to the authority of the user, but cannot read and write the files of other applications; the group of each file in the read view is an everybody, the authority of the group is read-only, and the applications belong to the everybody group, so that the applications mounted with the read view can read and write own files according to the authority of a user and can read files of other applications according to the authority of the group; the write view is similar to the read view, except that the permission of the everybody group is reading and writing, that is, the application mounted with the write view can read and write the file of the application according to the permission of the user and can read and write the files of other applications according to the permission of the group. Specifically, when a certain application does not apply for the external storage right, the application is mounted with a default view (i.e., a mount default mount point), which indicates that the application can only access its own file in the external storage area; when an application applies for reading the external storage right, the application is mounted with a read view (namely mounting a read mounting point) to indicate that the application can access files in the whole external storage area; when an application applies to read-write external storage right, the application is mounted with a write view (i.e., a mount write point), which indicates that the application can read and write files in the whole external storage area. In addition, the Android system can also manage a bottom file system and modify the mount point of the application through a vold mechanism. In particular, the vold mechanism may modify the mount point of an application by modifying the namespace.

Although, starting with the Android Q version, the Android system provides a thorough sandboxing mechanism for external storage, i.e., a partitioned storage mechanism. However, the partition storage mechanism is only applicable to Android Q and later versions, that is, the partition storage mechanism is only applicable to applications with targetSDK version greater than or equal to 29. And the targetSDK version of many current applications is less than 29, and the partitioned storage mechanism cannot be applied, so that the partitioned storage mechanism is difficult to fall to the ecology. In addition, the partition storage mechanism also primarily controls whether the accessing application allows sandboxing to access other applications, but the accessed application does not have the right to allow other applications to access its files.

As can be seen from the above, the granularity of the authority management of the application performed by the current Android system through the sdcardfs file system is relatively coarse. All applications can access the external storage area by applying for the authority, once a certain application applies for the authority, the application can read and/or write all files (including private files stored in the external storage area by other applications) in the external storage area at will, and the accessed application cannot determine whether to allow the access of other applications, and cannot ensure that own files are not damaged or leaked, so that the private files stored in the external storage area by the application are easily leaked or damaged, the safety of the private files is influenced, and the user experience is reduced.

In order to solve the above problem, an embodiment of the present application provides a private file protection method, where a first preset application that needs to protect a private file may be set in advance in a terminal device according to a requirement. When the terminal device obtains a file access request of a first application in the terminal device to request for accessing a target file of a second application in the terminal device, the terminal device may determine whether the target file is a private file of the second application, and determine whether the second application is a first preset application. If the target file is a private file of the second application and the second application is the first preset application, the terminal device can refuse the file access request of the first application to prevent the current file access behavior of the first application, so that the security of the private file of the second application is ensured, the risk that the private file of the second application is leaked or damaged is reduced, the user experience is improved, and the method has strong usability and practicability.

Referring to fig. 4, fig. 4 is a schematic view illustrating a scene provided in an embodiment of the present application. As shown in fig. 4, a plurality of applications (also referred to as application programs in the embodiment of the present application) such as a clock, a calendar, a gallery, a memo, file management, an e-mail, music, a calculator, weather, a browser, settings, a recorder, a camera, an address book, information, and the like may be installed in the terminal device. The application installed in the terminal device may be an application that the terminal device leaves factory, for exampleSo that the application can be calendar, information, browser, camera, gallery and the like which are carried by the factory. Alternatively, the user may download the installed application, for example, the user may download the installed application from the application market

And the like.

When a first application in the terminal device, such as application B, wants to access a target file of a second application in the terminal device, such as application a, the first application may send a file access request, for example, a file access request may be sent to the sdcardfs file system in the terminal device. The first application is any application in the terminal equipment, the second application is any application except the first application in the terminal equipment, and the target file is a file stored in the external storage area by the second application. After the sdcardfs file system in the terminal device obtains the file access request of the first application, it may determine whether a target file requested to be accessed by the first application is a private file of the second application, and determine whether the second application is a first preset application that requires protection of the private file. When the target file is determined to be a private file of the second application and the second application is a first preset application requiring protection of the private file, the sdcardfs file system in the terminal device may reject the file access request of the first application to prohibit the current file access behavior of the first application, that is, prohibit the first application from accessing the private file of the second application, thereby ensuring the security of the private file of the second application and reducing the risk that the private file of the second application is leaked or damaged.

It can be understood that, when the target file requested to be accessed by the first application is not a private file of the second application, or the second application is not an application that requires protection of the private file, the terminal device may determine that the target file of the second application is a file that can be accessed, that is, may determine that the first application can access the target file of the second application, at this time, the sdcardfs file system in the terminal device may forward the file access request of the first application to an underlying file system in the terminal device, thereby implementing access of the first application to the target file of the second application.

The file access request may be a request for performing a read operation on a target file of the second application, or may be a request for performing a read-write operation on a target file of the second application.

Referring to fig. 5 and 6, fig. 5 is a diagram illustrating an example of a read mount point according to an embodiment of the present disclosure. FIG. 6 shows an exemplary diagram of write mounting points provided by an embodiment of the present application. As shown in fig. 5 and fig. 6, to meet the requirement of protecting private files of some applications, the terminal device may configure a special group at the read mount point and the write mount point, for example, the group may be referred to as an apprivate group. It should be understood that the appchange group is only schematically illustrated, and should not be construed as a limitation to the embodiment of the present application, and in the embodiment of the present application, the group may be referred to by other names, for example, the sdcard _ rw group described above. Wherein files belonging to the sdcard _ rw group can only be accessed by user rights. The appchange group of the read mount point and the appchange group of the write mount point are the same group, that is, the appchange group of the read mount point and the appchange group of the write mount point have the same application. The application in the appprivate group is a first preset application which requires protection of the private file, and the private file stored in the external storage area by the first preset application cannot be accessed by other applications. The applications in the everybody group are applications that do not require protection of private files, and the private files stored in the external storage area can be accessed by other applications. As shown in fig. 5 and 6, the exemplary map of mount points may include seven columns, where the first column indicates the access rights, i.e., drwxr-x- - -and drwxrwx- - -indicate the access rights. The second column indicates the number of subdirectories, i.e. 3, 4, 3, 2, etc. indicates the number of subdirectories. The third column indicates the affiliated user of the directory, i.e., radio, u0_ a33, system, etc. indicates the affiliated user of the directory. The fourth column indicates the group to which the directory belongs, i.e., everybody, appprivate, etc., indicates the group to which the directory belongs. The fifth column indicates the number of bytes occupied by the directory, i.e., 3488 indicates the number of bytes occupied by the directory. The sixth column indicates the creation or modification time of the directory, i.e. 2020-02-28, etc.. The seventh column indicates the directory name.

In this embodiment of the present application, the terminal device may maintain an application list apprivatedata _ ids list, and may add the uid of the first preset application that needs private file protection to the apprivatedata _ ids list, where the apprivatedata _ ids list is the uid list of the first preset application. Specifically, the terminal device may maintain the apprivatedata _ ids list in the sdcardfs driver. When the terminal device is powered on, or an application is installed or uninstalled, the terminal device may update the apprivatedata _ ids list. It should be understood that in the Android system, each application is given a unique user identity (uid) at installation time. Meanwhile, each application has a group identity (gid), where the gid to which each application belongs may be multiple, and may include an everybody group, for example. While the apprivate group does not have any applications.

In this case, the amount of the solvent to be used, after updating the apprivatedata _ ids list, protection of the private file of the first preset application may be achieved by modifying an access control mechanism of the external storage area. Specifically, the sdcardfs driver may modify, when creating three file views, get _ gid called, that is, when the uid of the application requested to access is not a root (only the system has a root, and no root uid exists in other applications), and the uid of the application requested to access is located in the apprivatedata _ uids list, get _ gid may return AID _ APP _ PRIVATE (i.e., the uid of the apprivate group), which indicates that the application requested to access is the first default application that requires protection of its own PRIVATE file, and therefore, none of the other applications that mount any file view may access the PRIVATE file of the application requested to access, that is, none of the applications that mount default view, read view, or write view may access the PRIVATE file of the application stored in the external storage area. And when the uid of the application requested to access is root or the uid of the second application is not in the apprivatedata _ uid, the get _ gid can return the gid of the mount point where the application requested to access is located, which indicates that the application requested to access does not require to protect its private file, and other applications can access the private file of the application requested to access according to the applied external storage permission or read-write external storage permission.

Therefore, when the first application requests to access the second application, if the terminal device determines that the uid of the second application is not root and the uid of the second application is located in the apprivatedata _ uid list, the terminal device may cause get _ gid to return AID _ APP _ PRIVATE, and even if the first application applies for reading the external storage right or reading and writing the external storage right, the first application may not perform read operation or read-write operation on the PRIVATE file of the second application, so as to meet the protection requirement of the PRIVATE file of the second application. When the terminal device determines that the uid of the second application is root or the uid of the second application is not in the apprivatedata _ uid list, the terminal device may return the get _ gid to the gid of the mount point where the second application is located, and at this time, if the first application applies for reading the external storage right, the first application may access the private file of the second application only in a read manner; when the first application applies to the read-write external storage right, the first application can access the private file of the second application in a read-write mode.

In the embodiment of the application, the first preset application may be set by a developer, that is, the developer may set the first preset application that requires protection of the private file in a development process. Specifically, a developer may add a protection tag, for example, < meta-data android: name = "apprivatedata" android: value = "true"/>, in a source code file (e.g., android) of an application to identify the application as a first preset application requiring protection of a private file through the protection tag. Thus, when the application is installed to the terminal device, the terminal device may extract the protection tag from android manifest.xml of the application and save to the application information, such as hwFlags | = absappticationinfo.app _ PRAVATE _ DATA, while modifying the packages.list format, adding the protection tag of the application, such as com.tronbut.protectscardfs 102021/DATA/user/0/com.tronbut.protectscardfs default: targetSdkVersion =29non 11 1. Subsequently, the terminal device may notify the sdcardfs file system of the package.list that there is an update, and at this time, the sdcardfs file system may update the apprivatedata _ ids list in the sdcardfs driver, and add the uid of the application to the apprivatedata _ ids list, that is, add the application to the apprivate group.

In one example, the first preset application may also be set by default by the terminal device. For example, the terminal device may default an application related to user personal information (e.g., name, birthday, identification number, telephone, address, mailbox, bank account, etc.), contact information (e.g., address book, weChat friend, etc.), short message, chat record, location information, call record, order information, etc. to a first preset application that needs private file protection. For example, the terminal device may relate to the user's personal real information

Etc. relating to user social information

Etc. banking, financial, etc. applications relating to user financial information, relating to user order information

Etc., 12306 railroad application related to user travel information, etc., and application related to a map of user location information, etc., are set as the first preset application by default.

In another example, the first preset application may also be customized by a user. That is, the user may also set any one or more applications in the terminal device to be the first preset application that needs to perform private file protection in a customized manner. For example, the user may be to

And self-defining setting of bank application and the like as a first preset application.

Wherein, when the terminal device sets the first preset application by default or sets the first preset application by user definition, the terminal device can generate a protection tag of the first preset application, and storing the protection tag to the application information, and modifying a format of a package. Subsequently, the terminal device may notify the sdcardfs file system of the package.list that there is an update, and at this time, the sdcardfs file system may update the apprivatedata _ ids list in the sdcardfs driver, and add the uid of the application to the apprivatedata _ ids list, that is, add the application to the apprivate group.

In an example, the embodiment of the present application may also be provided with a service or an application (hereinafter, referred to as a second preset application) that allows access to the private file of the first preset application in the apprivatedata _ ids list, where the second preset application has an authority to access the private file of the first preset application in the apprivatedata _ ids list, for example, an apprivate group may be configured for the second preset application, that is, the second preset application may be assigned to the apprivate group, so as to give the second preset application the authority to access the first preset application in the apprivatedata _ ids list. The second preset application may be set by default by the terminal device or may be set by user-defined, which is not limited in this embodiment of the present application. For example, the terminal device may set a unified second preset application for all the first preset applications by default, that is, the second preset application may have a right to access private files of all the first preset applications. For example, the second preset application may be a multimedia database MediaStore or other system key module set by the terminal device as a default, and/or a clone service, a backup service, a housekeeping application, or other special applications. Or, the user may also set a corresponding second preset application for each first preset application in a user-defined manner, and the second preset applications corresponding to each first preset application may be the same or different. For example, a user may set a second preset application a corresponding to the first preset application a in a user-defined manner, may set a second preset application B corresponding to the first preset application B and the first preset application C in a user-defined manner, and so on, so that the second preset application a may access the private file of the first preset application a, and the second preset application B may access the private file of the first preset application B and the first preset application C. The following description is given by taking an example in which the second preset application has a right to access all the private files of the first preset application.

Specifically, when the target file requested to be accessed by the first application is a private file of the second application and the second application is a first preset application requiring private file protection, the terminal device may further determine whether the first application is the second preset application, that is, whether the first application has a right to access the private file of the second application. When the first application is the second preset application, the first application is indicated to have the authority of accessing the private file of the second application, and at this time, the terminal device can allow the first application to access the private file of the second application. When the first application is not the second preset application, the first application is indicated to have no authority for accessing the private file of the second application, and at this time, the terminal device can reject the file access request of the first application so as to protect the security of the private file of the second application.

Therefore, in the aforementioned get _ gid, when the first application requests to access the target file of the second application, the terminal device may determine, according to the authority or the application type of the first application, a current mount point corresponding to the first application (i.e., a virtual mount point corresponding to the first application performing the current access). When gid of the current mount point corresponding to the first application is AID _ sdcad _ RW, it indicates that the first application is a second preset application that can access all files of the second application, for example, the first application may be a system key module such as MediaStore, and/or a special application such as clone service, backup service, and housekeeping application, and at this time get _ gid returns AID _ sdcad _ RW to indicate that the first application can directly access a private file of the second application. That is, when the first application is the second preset application, the terminal device may configure the group of the first application as sdcard _ rw, so that the first application may access the private file of the second application.

The private file protection method provided by the embodiment of the application can achieve refined access control according to different objects (namely accessed applications), and supports more flexible authority management of the external storage files (namely files stored in the external storage area) so as to protect the private files of the applications from being accessed and/or damaged by other applications. In addition, for the device not suitable for the scheme provided by the embodiment of the application, the application can run on the device in a compatible manner, the running of the application on the device is not influenced, and the device has strong usability and practicability.

Based on the above description, the private file protection method provided by the embodiment of the present application will be briefly described below.

Referring to fig. 7, fig. 7 shows a schematic flowchart of a private file protection method provided in this embodiment, where the method may be applied to the terminal device shown in fig. 1. As shown in fig. 7, the method may include:

s701, the terminal device obtains a file access request of a first application in the terminal device, the file access request is used for requesting to access a target file of a second application in the terminal device, and the target file is a file stored in an external storage area of the terminal device.

S702, when the target file is a private file of a second application and the second application is a first preset application, the terminal device rejects a file access request of the first application, and the first preset application is an application which requires to protect the private file.

In the embodiment of the application, the terminal device may set the first preset application which needs to perform private file protection according to the requirement in advance. When the terminal device obtains a file access request of a first application in the terminal device to request for accessing a target file of a second application in the terminal device, the terminal device may determine whether the target file is a private file of the second application, and determine whether the second application is a first preset application. When the target file is a private file of the second application and the second application is the first preset application, the terminal device can reject the file access request of the first application to prevent the current file access behavior of the first application, ensure the security of the private file of the second application, reduce the risk that the private file of the second application is leaked or damaged, and improve user experience.

It should be noted that the first preset application may be determined according to whether the application in the terminal device includes the protection tag. Specifically, the terminal device may determine an application including the protection tag in the terminal device as a third application, and may set the third application as the first preset application. Subsequently, the terminal device may construct an application group (may also be referred to as a group in this embodiment) corresponding to the first preset application according to the first identifier of the third application. The protection tag is used for identifying that the third application requires protection of the private file, and the first identifier may be an uid of the application.

In one example, the first preset application needing private file protection may be set by a developer, that is, the developer may add a protection tag in a source code file of the application to indicate that the application needs private file protection. Therefore, the terminal device can obtain the source code file of each application in the terminal device, and can determine whether each application is an application requiring private file protection according to whether the source code file contains the protection tag.

After the application group corresponding to the first preset application is constructed according to the first identifier of the third application, the terminal device may obtain a second identifier of the second application (i.e., the uid of the second application), and may determine whether the second application is the first preset application according to the second identifier of the second application and each first identifier in the application group, that is, determine whether the second application is an application that needs to perform private file protection.

In a possible implementation manner, a second preset application that allows access to the private file of the first preset application may also be set in the terminal device. Therefore, when it is determined that the target file is a private file of the second application and the second application is the first preset application, the terminal device may further determine whether the first application is the second preset application, that is, whether the first application is the second preset application that can access the private file of the first preset application. When the first application is not the second preset application, it is indicated that the first application does not have the authority to access the private file of the second application, and at this time, the terminal device may reject the file access request of the first application to protect the security of the private file of the second application. And when the first application is the second preset application, the first application is indicated to have the authority of accessing the private file of the second application, and at this time, the terminal device can allow the first application to access the private file of the second application.

Wherein the second preset application can be set by default by the terminal device, the setting can also be customized by a user, and the embodiment of the application does not limit the setting at all.

It should be noted that, after acquiring the file access request of the first application in the terminal device, the terminal device may first determine whether the first application has the right to access the external storage area. When the first application has the right to access the external storage area, the terminal device determines whether the target file is a private file of the second application and whether the second application is a first preset application. When the first application does not have the authority to access the external storage area, the first application is indicated to be incapable of accessing any file of the external storage area, namely, the file of the second application is not accessed, and at the moment, the terminal equipment can directly refuse the file access request of the first application.

It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by functions and internal logic of the process, and should not constitute any limitation to the implementation process of the embodiments of the present application.

The embodiment of the present application further provides a terminal device, where the terminal device includes at least one memory, at least one processor, and a computer program that is stored in the at least one memory and is executable on the at least one processor, and when the processor executes the computer program, the terminal device is enabled to implement the steps in any of the method embodiments. Illustratively, the structure of the terminal device may be as shown in fig. 1.

Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a computer, the computer is enabled to implement the steps in any of the method embodiments.

Embodiments of the present application provide a computer program product, which, when running on a terminal device, enables the terminal device to implement the steps in any of the above method embodiments.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the processes in the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable storage medium may include at least: any entity or device capable of carrying computer program code to an apparatus/terminal device, recording medium, computer memory, read-only memory (ROM), random Access Memory (RAM), electrical carrier signals, telecommunications signals, and software distribution medium. Such as a USB flash disk a mobile hard disk magnetic or optical disks, etc. In certain jurisdictions, computer-readable storage media may not be an electrical carrier signal or a telecommunications signal in accordance with legislative and proprietary practices.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present application, and they should be construed as being included in the present application.

Claims

1. A private file protection method is applied to terminal equipment, and is characterized by comprising the following steps:

2. The method according to claim 1, wherein the terminal device denies the file access request of the first application, comprising:

and when the first application is not the second preset application, the terminal equipment rejects the file access request of the first application.

3. The method according to claim 1 or 2, characterized in that the method further comprises:

4. The method according to claim 3, wherein the obtaining, by the terminal device, a third application including a protection tag comprises:

5. The method of claim 3, wherein the obtaining, by the terminal device, a third application containing a protection tag comprises:

6. The method according to any one of claims 3 to 5, further comprising:

the terminal equipment acquires a second identifier of the second application;

7. The method according to any one of claims 1 to 6, wherein after the terminal device obtains the file access request of the first application in the terminal device, the method comprises:

the terminal equipment determines whether the first application has the authority to access the external storage area;

8. A private file protection device is applied to terminal equipment, and is characterized by comprising:

and the file protection module is used for refusing the file access request of the first application when the target file is the private file of the second application and the second application is a first preset application, wherein the first preset application is an application requiring private file protection.

9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor, when executing the computer program, causes the terminal device to carry out the method according to any one of claims 1 to 7.

10. A computer-readable storage medium, in which a computer program is stored, which, when executed by a computer, causes the computer to carry out the method according to any one of claims 1 to 7.