CN113496039A - Authority management method and terminal - Google Patents

Authority management method and terminal Download PDF

Info

Publication number
CN113496039A
CN113496039A CN202010269503.4A CN202010269503A CN113496039A CN 113496039 A CN113496039 A CN 113496039A CN 202010269503 A CN202010269503 A CN 202010269503A CN 113496039 A CN113496039 A CN 113496039A
Authority
CN
China
Prior art keywords
party application
permission
authority
terminal
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010269503.4A
Other languages
Chinese (zh)
Inventor
王旭光
黄虎
王晓林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Mobile Communications Technology Co Ltd
Original Assignee
Hisense Mobile Communications Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Mobile Communications Technology Co Ltd filed Critical Hisense Mobile Communications Technology Co Ltd
Priority to CN202010269503.4A priority Critical patent/CN113496039A/en
Publication of CN113496039A publication Critical patent/CN113496039A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Telephone Function (AREA)

Abstract

The invention discloses a permission management method and a terminal, wherein in a permission request page for requesting operation permission, a user can trigger an operation for refusing to grant operation permission and continuously installing a third-party application, the third-party application is continuously installed in a display interface in response to the operation of the user, and the third-party application is limited to execute the operation corresponding to the operation permission in the running process of the third-party application, so that the problem that the installation of the third-party application can be automatically stopped after the user does not grant the operation permission is avoided, the execution of the operation corresponding to the operation permission is limited in the running process of the third-party application, the safety of user privacy data and system data is protected, the safety of the terminal is improved, and the use experience of the user is improved.

Description

Authority management method and terminal
Technical Field
The invention relates to the technical field of terminals, in particular to a permission management method and a terminal.
Background
In order to protect the security of the private data when the user uses the terminal, when the application program accesses the protected private data during running, the permission of accessing the private data is requested to the user, and the application program can access the protected private data only after the user is authorized, so that the security of the data is improved.
However, when many current application programs are installed, when an access right is granted to a user, if the user is determined not to grant the access right, the installation is automatically stopped, and the user cannot use the application program; only after the user grants all access rights can the application program be installed continuously, the risk of leakage of user privacy data is increased, and the security of the terminal is low.
Disclosure of Invention
The exemplary embodiment of the present invention provides a method and a terminal for rights management, which are used to solve the problem that the security of the terminal is low due to the current rights management scheme.
According to a first aspect of the exemplary embodiments, there is provided a terminal comprising a display screen and a processor;
the processor is used for displaying an authority request page of the third-party application requesting the operation authority in a display interface if the third-party application requests to acquire the operation authority in the installation process of the third-party application;
responding to an operation which is triggered in the permission request page by a user and represents that the permission of operation is refused and the third-party application is continuously installed, and continuously installing the third-party application and limiting the third-party application to execute the operation corresponding to the operation permission;
the display screen is used for displaying the permission request page.
In the embodiment of the invention, in the permission request page for requesting the operation permission, the user can trigger the operation for refusing to grant the operation permission and continuously installing the third-party application, the third-party application is continuously installed in the display interface in response to the operation of the user, and the third-party application is limited to execute the operation corresponding to the operation permission in the running process of the third-party application, so that the problem that the installation of the third-party application is automatically stopped after the user does not grant the operation permission is avoided, the operation corresponding to the operation permission is limited to be executed in the running process of the third-party application, the safety of user privacy data and system data is protected, the safety of a terminal is improved, and the use experience of the user is improved.
In a possible implementation manner, before continuing to install the third-party application and limiting the third-party application to execute the operation corresponding to the operation authority, the processor is further configured to:
setting a first permission configuration parameter corresponding to the operation permission as a parameter representing permission of installation through an installation management service; and
and setting a second permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through the permission management service.
In the embodiment of the invention, the operation authority of the third-party application is managed by the installation management service and the authority management service at the same time, so that the third-party application is restricted from executing the operation corresponding to the operation authority while being continuously installed, and the use experience of a user is improved.
In a possible implementation manner, when the third-party application continues to be installed, the processor is specifically configured to:
if the first permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission for installation, continuing to install the third-party application;
when the third-party application is restricted from executing the operation corresponding to the operation permission, the processor is specifically configured to:
and if the second permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
In the embodiment of the invention, after responding to the operation which is triggered by the user and represents that the operation permission is refused to be granted and the third-party application is continuously installed, the second permission configuration parameter corresponding to the operation permission is determined to be the parameter which represents that the installation is allowed, so that the third-party application can be continuously installed after the installation permission is confirmed, and the requirement of the user is met.
And if the third-party application executes the operation corresponding to the operation authority in the running process, after the second authority configuration parameter corresponding to the operation authority is determined to be the parameter representing the refusal of authorization, the third-party application is limited to execute the operation corresponding to the operation authority, so that the safety of the user privacy data is protected.
In a possible implementation manner, when the third-party application is restricted from executing the operation corresponding to the operation permission, the processor is specifically configured to:
and when the third-party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or a null value to the third-party application through a system interface.
In the embodiment of the invention, when the second configuration parameter corresponding to the operation authority is determined to be the parameter representing refusal of authorization, the preset false operation data or the null value is returned to the third-party application through the system interface, so that the purpose of limiting the third-party application to execute the operation corresponding to the operation authority is achieved.
According to a second aspect of the exemplary embodiments, there is provided a terminal for rights management, the terminal comprising:
comprises a display screen and a processor;
the processor is used for displaying a permission request page of a third-party application requesting the operation permission in a display interface if the third-party application requests to acquire the operation permission when the third-party application starts to run;
responding to an operation which is triggered in the permission request page by a user and represents that the permission of operation is refused and the third-party application is continuously operated, and continuously operating the third-party application and limiting the third-party application to execute the operation corresponding to the permission of operation;
the display screen is used for displaying the permission request page.
In the embodiment of the invention, in the permission request page for requesting the operation permission, the user can trigger the operation which indicates that the operation permission is refused to be granted and the third-party application is continuously operated, the third-party application is continuously operated in the display interface in response to the operation of the user, and the third-party application is limited to execute the operation corresponding to the operation permission in the operation process of the third-party application, so that the problem that the third-party application automatically stops operating after the user does not grant the operation permission is avoided, the operation corresponding to the operation permission is limited to be executed in the operation process of the third-party application, the safety of user privacy data and system data is protected, the safety of terminal is improved, and the use experience of the user is improved.
In a possible implementation manner, before continuing to run the third-party application and limiting the third-party application to execute the operation corresponding to the operation authority, the processor is further configured to:
setting a third permission configuration parameter corresponding to the operation permission as a parameter representing permission to operate through an operation management service; and
and setting a fourth permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through a permission management service.
In the embodiment of the invention, the operation authority of the third-party application is managed by the operation management service and the authority management service at the same time, so that the third-party application is limited to execute the operation corresponding to the operation authority while continuing to operate, and the use experience of a user is improved.
In a possible implementation manner, when the third-party application continues to run, the processor is specifically configured to:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third-party application;
when the third-party application is restricted from executing the operation corresponding to the operation permission, the processor is specifically configured to:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
In the embodiment of the invention, after responding to the operation which is triggered by the user and represents that the operation permission is refused to be granted and the third-party application is continuously operated, the third permission configuration parameter corresponding to the operation permission is determined to be the parameter which represents the permission to be operated, so that the third-party application can be continuously operated after the permission to be operated is confirmed, and the requirement of the user is met.
And if the third-party application executes the operation corresponding to the operation authority in the running process, after determining that the fourth authority configuration parameter corresponding to the operation authority is the parameter representing the refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation authority, thereby protecting the safety of the user privacy data.
In a possible implementation manner, when the third-party application is restricted from executing the operation corresponding to the operation permission, the processor is specifically configured to:
and when the third-party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or a null value to the third-party application through a system interface.
In the embodiment of the invention, when the fourth configuration parameter corresponding to the operation authority is determined to be the parameter representing refusal of authorization, the preset false operation data or the null value is returned to the third-party application through the system interface, so that the purpose of limiting the third-party application to execute the operation corresponding to the operation authority is achieved.
According to a third aspect of the exemplary embodiments there is provided a method of rights management, the method comprising:
in the installation process of a third-party application, if the third-party application requests to acquire an operation authority, a terminal displays an authority request page of the third-party application requesting the operation authority in a display interface;
and the terminal responds to the operation which is triggered in the permission request page by the user and indicates that the permission of operation is refused to be granted and the third-party application is continuously installed, and the terminal continuously installs the third-party application and limits the third-party application to execute the operation corresponding to the permission of operation.
In a possible implementation manner, before continuing to install the third-party application and limiting the third-party application to execute the operation corresponding to the operation authority, the method further includes:
the terminal sets a first authority configuration parameter corresponding to the operation authority as a parameter representing permission of installation through an installation management service; and
and the terminal sets the second authority configuration parameter corresponding to the operation authority as a parameter representing refusal of authorization through the authority management service.
In one possible embodiment, when the installation of the third-party application is continued, the method includes:
if the terminal determines that the first permission configuration parameter corresponding to the operation permission is a parameter indicating permission to install, continuing to install the third-party application;
when the third-party application is limited to execute the operation corresponding to the operation authority, the method comprises the following steps:
and if the terminal determines that the second permission configuration parameter corresponding to the operation permission is a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
In a possible implementation manner, when limiting the third-party application to execute the operation corresponding to the operation authority, the method includes:
and when the third-party application requests to execute the operation corresponding to the operation authority, the terminal returns preset false operation data or a null value to the third-party application through a system interface.
According to a fourth aspect of the exemplary embodiments there is provided a method of rights management, the method comprising:
when a third-party application starts to run, if the third-party application requests to acquire an operation authority, a permission request page of the third-party application requesting the operation authority is displayed in a display interface;
the terminal responds to the operation which is triggered in the permission request page by the user and indicates that the permission of operation is refused to be granted and the third-party application is continuously operated, and the third-party application is continuously operated and is limited to execute the operation corresponding to the permission of operation;
in a possible implementation manner, before continuing to run the third-party application and limiting the third-party application to execute the operation corresponding to the operation authority, the method further includes:
the terminal sets a third permission configuration parameter corresponding to the operation permission as a parameter representing permission to operate through an operation management service; and
and the terminal sets the fourth permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through the permission management service.
In one possible embodiment, when the third party application continues to run, the method includes:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third-party application;
when the third-party application is limited to execute the operation corresponding to the operation authority, the method comprises the following steps:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
In a possible implementation manner, when limiting the third-party application to execute the operation corresponding to the operation authority, the method includes:
and when the third-party application requests to execute the operation corresponding to the operation authority, the terminal returns preset false operation data or a null value to the third-party application through a system interface.
On the basis of the common knowledge in the field, the above preferred conditions can be combined randomly to obtain the preferred embodiments of the invention.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a software architecture of a terminal according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a user interface of a terminal provided by an embodiment of the present invention;
FIG. 4 is a flow chart illustrating a first rights management method provided by an embodiment of the invention;
fig. 5 is a schematic diagram illustrating a first permission request page provided by an embodiment of the present invention;
fig. 6 is a schematic diagram illustrating a second permission request page provided by an embodiment of the present invention;
FIG. 7 is a diagram illustrating a first set of applications for user-setting an insecure application according to an embodiment of the present invention;
FIG. 8 is a diagram illustrating a second set of applications for user-configurable insecure applications provided by an embodiment of the invention;
FIG. 9 is a diagram illustrating an application program set of a third user setup insecure application provided by an embodiment of the invention;
FIG. 10 is a diagram illustrating the removal of an unsecure application from a collection of applications provided by an embodiment of the present invention;
FIG. 11 is a flowchart illustrating a first method for rights management according to an embodiment of the present invention;
FIG. 12 is a flow chart illustrating a second rights management method provided by an embodiment of the invention;
FIG. 13 is a diagram illustrating a third permission request page provided by an embodiment of the invention;
FIG. 14 is a diagram illustrating a fourth permission request page provided by an embodiment of the invention;
FIG. 15 is a flowchart illustrating a second method for rights management according to an embodiment of the present invention;
fig. 16 is a block diagram illustrating a first terminal according to an embodiment of the present invention;
fig. 17 is a block diagram illustrating an example of the structure of a first rights management unit according to an embodiment of the present invention;
fig. 18 is a block diagram illustrating a second terminal according to an embodiment of the present invention;
fig. 19 is a block diagram illustrating an example of the structure of a second rights management unit according to an embodiment of the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be described in detail and removed with reference to the accompanying drawings. In the description of the embodiments of the present invention, where "/" denotes an or meaning, for example, a/B may denote a or B; "and/or" in the text is only an association relationship describing an associated object, and means that three relationships may exist, for example, a and/or B may mean: three cases of a alone, a and B both, and B alone exist, and in addition, "a plurality" means two or more than two in the description of the embodiment of the present invention.
In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, features defined as "first" and "second" may explicitly or implicitly include one or more of the features, and in the description of embodiments of the invention, "plurality" means two or more unless indicated otherwise.
Some terms appearing herein are explained below:
1. the term "and/or" in the embodiments of the present invention describes an association relationship of associated objects, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
2. In the embodiment of the invention, the PMS service is one of core services in an Android system, manages all work related to the package, such as installation and uninstallation of common applications.
Fig. 1 shows a schematic structural diagram of a terminal 100.
The following describes an embodiment specifically by taking the terminal 100 as an example. It should be understood that the terminal 100 shown in fig. 1 is merely an example, and that the terminal 100 may have more or fewer components than shown in fig. 1, may combine two or more components, or may have a different configuration of components. The various components shown in the figures may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
A block diagram of a hardware configuration of the terminal 100 according to an exemplary embodiment is exemplarily shown in fig. 1. As shown in fig. 1, the terminal 100 includes: a Radio Frequency (RF) circuit 110, a memory 120, a display unit 130, a camera 140, a sensor 150, an audio circuit 160, a Wireless Fidelity (Wi-Fi) module 170, a processor 180, a bluetooth module 181, and a power supply 190.
The RF circuit 110 may be used for receiving and transmitting signals during information transmission and reception or during a call, and may receive downlink data of a base station and then send the downlink data to the processor 180 for processing; the uplink data may be transmitted to the base station. Typically, the RF circuitry includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like.
The memory 120 may be used to store software programs and data. The processor 180 performs various functions of the terminal 100 and data processing by executing software programs or data stored in the memory 120. The memory 120 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. The memory 120 stores an operating system that enables the terminal 100 to operate. The memory 120 of the present invention may store an operating system and various application programs, and may also store codes for performing the methods according to the embodiments of the present invention.
The display unit 130 may be used to receive input numeric or character information and generate signal input related to user settings and function control of the terminal 100, and particularly, the display unit 130 may include a touch screen 131 disposed on the front surface of the terminal 100 and may collect touch operations of a user thereon or nearby, such as clicking a button, dragging a scroll box, and the like.
The display unit 130 may also be used to display a Graphical User Interface (GUI) of information input by or provided to the user and various menus of the terminal 100. Specifically, the display unit 130 may include a display screen 132 disposed on the front surface of the terminal 100. The display screen 132 may be configured in the form of a liquid crystal display, a light emitting diode, or the like. The display unit 130 may be used to display various graphical user interfaces described in the present invention.
The touch screen 131 may cover the display screen 132, or the touch screen 131 and the display screen 132 may be integrated to implement the input and output functions of the terminal 100, and after the integration, the touch screen may be referred to as a touch display screen for short. The display unit 130 of the present invention can display the application programs and the corresponding operation steps.
The camera 140 may be used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing elements convert the light signals into electrical signals which are then passed to the processor 180 for conversion into digital image signals.
The terminal 100 may further comprise at least one sensor 150, such as an acceleration sensor 151, a distance sensor 152, a fingerprint sensor 153, a temperature sensor 154. The terminal 100 may also be configured with other sensors such as a gyroscope, barometer, hygrometer, thermometer, infrared sensor, light sensor, motion sensor, etc.
Audio circuitry 160, speaker 161, and microphone 162 may provide an audio interface between a user and terminal 100. The audio circuit 160 may transmit the electrical signal converted from the received audio data to the speaker 161, and convert the electrical signal into a sound signal for output by the speaker 161. The terminal 100 may also be provided with a volume button for adjusting the volume of the sound signal. On the other hand, the microphone 162 converts the collected sound signal into an electrical signal, converts the electrical signal into audio data after being received by the audio circuit 160, and outputs the audio data to the RF circuit 110 to be transmitted to, for example, another terminal or outputs the audio data to the memory 120 for further processing. The microphone 162 can acquire the voice of the user in the present invention.
Wi-Fi belongs to a short-distance wireless transmission technology, and the terminal 100 can help a user to send and receive e-mails, browse webpages, access streaming media, and the like through the Wi-Fi module 170, and provides wireless broadband internet access for the user.
The processor 180 is a control center of the terminal 100, connects various parts of the entire terminal using various interfaces and lines, and performs various functions of the terminal 100 and processes data by running or executing software programs stored in the memory 120 and calling data stored in the memory 120. In some embodiments, processor 180 may include one or more processing units; the processor 180 may also integrate an application processor, which mainly handles operating systems, user interfaces, applications, etc., and a baseband processor, which mainly handles wireless communications. It will be appreciated that the baseband processor described above may not be integrated into the processor 180. The processor 180 of the present invention may run an operating system, an application program, a user interface display, and a touch response, and the processing method according to the embodiments of the present invention. Further, the processor 180 is coupled with the display unit 130.
And the bluetooth module 181 is configured to perform information interaction with other bluetooth devices having a bluetooth module through a bluetooth protocol. For example, the terminal 100 may establish a bluetooth connection with a wearable electronic device (e.g., a smart watch) having a bluetooth module via the bluetooth module 181, so as to perform data interaction.
The terminal 100 also includes a power supply 190 (e.g., a battery) to power the various components. The power supply may be logically connected to the processor 180 through a power management system to manage charging, discharging, power consumption, etc. through the power management system. The terminal 100 may also be configured with power buttons for powering the terminal on and off, and locking the screen.
Fig. 2 is a block diagram of a software configuration of the terminal 100 according to the embodiment of the present invention.
The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer from top to bottom.
The application layer may include a series of application packages.
As shown in fig. 2, the application package may include applications such as camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, music, video, short message, etc.
The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.
As shown in FIG. 2, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.
The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.
The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.
The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.
The phone manager is used to provide a communication function of the terminal 100. Such as management of call status (including on, off, etc.).
The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.
The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, text information is prompted in the status bar, a prompt tone is given, the terminal vibrates, an indicator light flashes, and the like.
The Android Runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system.
The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.
The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: surface managers (surface managers), Media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., OpenGL ES), 2D graphics engines (e.g., SGL), and the like.
The surface manager is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications.
The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.
The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.
The 2D graphics engine is a drawing engine for 2D drawing.
The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.
The following describes exemplary workflow of the terminal 100 software and hardware in connection with capturing a photo scene.
When the touch screen 131 receives a touch operation, a corresponding hardware interrupt is issued to the kernel layer. The kernel layer processes the touch operation into an original input event (including touch coordinates, a time stamp of the touch operation, and other information). The raw input events are stored at the kernel layer. And the application program framework layer acquires the original input event from the kernel layer and identifies the control corresponding to the input event. Taking the touch operation as a touch click operation, and taking a control corresponding to the click operation as a control of a camera application icon as an example, the camera application calls an interface of an application framework layer, starts the camera application, further starts a camera drive by calling a kernel layer, and captures a still image or a video through the camera 140.
The terminal 100 in the embodiment of the present invention may be a mobile phone, a tablet computer, a wearable device, a notebook computer, a television, and the like.
Fig. 3 is a schematic diagram for illustrating a user interface on a terminal (e.g., terminal 100 of fig. 1). In some implementations, a user can open a corresponding application by touching an application icon on the user interface, or can open a corresponding folder by touching a folder icon on the user interface.
The terminal of the embodiment of the invention requests the user to grant the operation authority in the installation process of the third-party application or before accessing the system interface or the user data protected by the authority, and the user can continue to install the third-party application after the active authorization or access the system interface or the user data protected by the authority in the operation process, thereby improving the safety of the user data and the system.
The following describes the rights management methods for the third-party application in the installation process or the operation process, respectively.
A method for managing authority in the installation process of third-party application.
In the installation process, when a plurality of operation rights are granted to a user, if it is determined that the user does not grant all the operation rights, the installation is automatically stopped, so that the user cannot normally install and use the application program.
In view of the foregoing problems, an embodiment of the present invention provides a method for rights management, and as shown in fig. 4, is a flowchart of the method for rights management provided in the embodiment of the present invention, where the flowchart includes the following steps:
step S401, in the process of installing the third-party application, if the third-party application requests to acquire the operation authority, displaying an authority request page of the third-party application requesting the operation authority in a display interface;
step S402, responding to the operation which is triggered in the permission request page by the user and indicates that the operation permission is refused to be granted and the third-party application is continuously installed, continuously installing the third-party application and limiting the third-party application to execute the operation corresponding to the operation permission.
In the terminal of the embodiment of the invention, in the installation process of the third-party application, if the third-party application requests to acquire the operation authority. Displaying a permission request page of the third-party application requesting the operation permission in a display interface;
wherein, the operation authority includes: the authority of accessing the contact person data of the user, the authority of accessing the short message information data, the authority of accessing the positioning data, the authority of accessing the camera data, the authority of accessing the recording data and the like.
The permission request page comprises an icon for a user to trigger and grant the operation permission of the third-party application, an icon for the user to trigger and show that the user refuses to grant the operation permission of the third-party application, and an icon for the user to trigger and show that the user refuses to grant the operation permission and continues to install the operation of the third-party application.
For example, assuming that the third-party application requests to acquire the authority to access the user contact data during the installation process, an authority request page for requesting the authority to access the user contact data is displayed in the display interface as shown in fig. 5, and the "allow" icon, the "deny" icon, and the "not authorize and continue" icon are included in the request interface.
In an optional implementation manner, the permission request page according to the embodiment of the present invention may further include an icon for the user to trigger denial of granting permission and no longer display the permission request page.
For example, assuming that a third-party application needs to acquire a right to access camera data during installation, a right request page for requesting a right to access camera data is displayed in the display page as shown in fig. 6, and a "allow" icon, a "deny" icon, an "not authorize and continue" icon, and a "deny not to ask again" icon are included in the request page.
In an optional implementation manner, the third-party application in the embodiment of the present invention may be an application in a preset application set; wherein, the application set comprises the application which is not confirmed to be safe.
In implementation, when the third-party application requests to acquire the operation right in the installation process, the terminal determines that the preset application set includes the package name and the signature of the third-party application according to the package name (packageaname) and the signature of the third-party application, and then the terminal determines that the third-party application is in the preset application set.
It should be noted that the preset application set may be stored in the terminal in the form of a blacklist, where the blacklist includes applications that are not safe to be confirmed.
In the embodiment of the invention, the preset application set can be obtained from the server by the terminal, and can also be preset by the user according to the actual requirements of the user.
In implementation, a user may set a set of applications including insecure applications according to the following:
in the mode 1, the terminal responds to the operation which is triggered by the user and used for indicating that the third-party application is unsafe application, and adds the third-party application selected by the user to the set of unsafe confirmed applications.
For example, as shown in fig. 7, the user may pop up an option for adding the third-party application to the set of applications determined to be unsafe by long-pressing an icon corresponding to the third-party application in the display interface of the terminal, and add the third-party application selected by the user to the set of applications determined to be unsafe after the user clicks the add option.
And 2, the terminal responds to the operation triggered by the user in the setting page of the third-party application and used for adding the third-party application to the unsafe confirmation application set, and adds the third-party application selected by the user to the unsafe confirmation application set.
For example, as shown in fig. 8, an option for adding an application to an insecure confirmation application set is set in a setting page of each third-party application of the terminal, and after the user clicks the add option, the third-party application selected by the user is added to the insecure confirmation application set.
And 3, the terminal responds to an option which is triggered in the third-party application list for confirming the safety and is used for adding the third-party application to the application set for confirming the safety, and the third-party application selected by the user is added to the application set for confirming the safety.
For example, as shown in fig. 9, in the list of the third-party applications confirmed to be safe, in response to an instruction triggered by the user to add an application in the list of the third-party applications confirmed to be safe to a blacklist, the terminal adds the third-party application selected by the user to the set of the third-party applications confirmed to be unsafe.
In addition, the user can delete the application from the third-party application set which is determined to be unsafe.
In an optional implementation manner, the terminal deletes the third-party application selected by the user from the application set in response to an instruction triggered by the user to delete the application in the third-party application set that is determined to be unsafe.
For example, as shown in the third party application set display interface of FIG. 10 that identifies insecurity, the user may select deletion for the "XX poetry album" application in the application set.
After a permission request page requesting operation permission is displayed in a display interface, a user can trigger operation indicating that permission of operation permission is denied and a third-party application is continuously installed in the permission request page, a terminal responds to the operation of the user, an installation management service sets a first permission configuration parameter corresponding to the operation permission obtained by the request of the third-party application as a parameter indicating permission of installation, and a permission management service sets a second permission configuration parameter corresponding to the operation permission obtained by the request of the third-party application as a parameter indicating permission of denial.
The installation management service is a PMS service, and the authority management service is a mobile _ safe service.
In implementation, the terminal responds to an operation that the user triggers and indicates that the operation permission is denied and the third-party application is installed, the PMS service sets a first permission configuration parameter corresponding to the operation permission acquired by the request of the third-party application as a parameter indicating that installation is allowed, the mobile _ safe service calls a setPermission interface, and sets a second permission configuration parameter corresponding to the operation permission acquired by the request of the third-party application as a parameter indicating that authorization is denied.
After responding to the operation which is triggered in the permission request page by the user and represents that the operation permission is refused to be granted and the third-party application is continuously installed, the third-party application calls a Check Self permission interface to determine that the first permission configuration parameter corresponding to the operation permission is the parameter representing that the installation is allowed, and then the third-party application is continuously installed in the display interface.
And when the third-party application needs to execute the operation corresponding to the operation authority in the running process, determining that the second authority configuration parameter corresponding to the operation authority is a parameter representing refusal of authorization, and limiting the third-party application to execute the operation corresponding to the operation authority in the running process of the third-party application.
Specifically, when the third-party application requests to execute the operation corresponding to the operation authority, the preset false operation data or the null value is returned to the third-party application through the system interface.
In implementation, when an operation corresponding to an operation authority needs to be executed in the running process of a third-party application, the mobile _ Safe service calls a CheckPermissionEX interface to determine that a second authority configuration parameter corresponding to the operation authority of the third-party application is a parameter representing denial of authorization, and then returns preset false operation data or a null value to the third-party application to limit the third-party application to execute the operation corresponding to the operation authority.
In the method for authority management provided in the embodiment of the invention, after a terminal responds to an operation that a user triggers and indicates that the operation authority is refused to be granted and a third-party application is continuously installed in an authority request page, an installation management service enables a first authority configuration parameter corresponding to the operation authority triggered by the user to be a parameter indicating that the installation is allowed, the third-party application can continue the installation after determining that the first authority configuration parameter indicates that the installation is allowed, and before the third-party application executes the operation corresponding to the operation authority, a second authority configuration parameter corresponding to the operation authority in the authority management service is determined to be a parameter indicating that the authorization is refused, so that the operation corresponding to the operation authority of the third-party application is limited, and the third-party application can be continuously installed and normally run, and the security of user privacy data and system data is protected.
Fig. 11 is a complete flowchart of a method for managing rights in a third-party application installation process according to an embodiment of the present invention, which specifically includes the following steps:
step 1101, in the process of installing the third-party application by the terminal, if the third-party application requests to acquire the operation authority, displaying an authority request page of the third-party application requesting the operation authority in a display interface;
step S1102, responding to an operation which is triggered by a user in an authority request page and represents that the operation authority is refused to be granted and a third-party application is continuously installed, setting a first authority configuration parameter corresponding to the operation authority as a parameter representing that the installation is allowed through an installation management service, and setting a second authority configuration parameter corresponding to the operation authority as a parameter representing that the authorization is refused through the authority management service;
step S1103, if the first permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to install, continuing to install the third-party application;
step S1104, if it is determined that the second permission configuration parameter corresponding to the operation permission is a parameter indicating that authorization is denied, returning preset false operation data or a null value to the third-party application through the system interface when an operation corresponding to the operation permission is requested to be executed in the running process of the third-party application.
And secondly, a permission management method in the running process of the third-party application.
When some third-party applications request a user to grant a plurality of operation rights in the running process, if it is determined that the user does not grant all the operation rights, the running is automatically stopped, so that the user cannot use the application program.
In view of the foregoing problems, an embodiment of the present invention provides a method for managing rights in a third-party application running process, and as shown in fig. 12, is a flowchart of a method for managing rights in a third-party application running process, which is provided in an embodiment of the present invention, and the flowchart includes the following steps:
step S1201, if the third party application requests to acquire the operation authority, displaying an authority request page of the third party application requesting the operation authority in a display interface;
step S1202, responding to an operation that indicates that the user refuses to grant the operation permission and continues to run the third-party application, triggered in the permission request page, and continuing to run the third-party application and restricting the third-party application from executing the operation corresponding to the operation permission.
According to the terminal provided by the embodiment of the invention, in the running process of the third-party application, if the third-party application requests to acquire the operation authority, the terminal can be used for receiving the operation authority. Displaying a permission request page of the third-party application requesting the operation permission in a display interface;
the permission request page comprises an icon for a user to trigger and grant the operation permission of the third-party application, an icon for the user to trigger and show that the user refuses to grant the operation permission of the third-party application, and an icon for the user to trigger and show that the user refuses to grant the operation permission and continues to run the operation of the third-party application.
For example, assuming that the third-party application requests to acquire the authority to access the short message data in the running process, an authority request page for requesting the authority to access the short message data is displayed in the display interface as shown in fig. 13, and the request interface includes an "allow" icon, a "deny" icon, and an "unauthorized and continue" icon.
In an optional implementation manner, the permission request page according to the embodiment of the present invention may further include an icon for the user to trigger denial of granting permission and no longer display the permission request page.
For example, assuming that a third-party application needs to acquire a right to access the positioning data during operation, a right request page for requesting the right to access the positioning data is displayed in the display page as shown in fig. 14, and the "allow" icon, the "deny" icon, the "not authorize and continue" icon, and the "deny not to ask again" icon are included in the request page.
In an optional embodiment, the third-party application is an application in a preset application set;
wherein, the application set comprises the application which is not confirmed to be safe.
In implementation, when a third-party application requests to acquire an operation right in an operation process, the terminal determines that a preset application set contains a package name (packagemame) and a signature of the third-party application according to the package name (packagemame) and the signature of the third-party application, and then the terminal determines that the third-party application is in the preset application set.
It should be noted that the preset application set may be stored in the terminal in the form of a blacklist, where the blacklist includes applications that are not safe to be confirmed.
In the embodiment of the invention, the preset application set can be obtained from the server by the terminal, and can also be preset by the user according to the actual requirements of the user.
In implementation, the method for the user to set the application set including the unsafe application is the same as the method described in the above method for managing the permission in the third-party application installation process, and details are not repeated here.
In another alternative embodiment, the third-party application is an application program that the user refuses to grant the operation authority and quits the operation in the last operation process.
In implementation, when a third-party application requests to acquire an operation right in the running process, a Package Management Service (PMS) Service calls a system interface to determine that a user refuses to grant the operation right in the last running process of the third-party application and quits the running.
After a permission request page requesting operation permission is displayed in a display interface, a user can trigger operation indicating that operation permission is refused to be granted and a third-party application is continuously operated in the permission request page, a terminal responds to the operation of the user, an operation management service sets a third permission configuration parameter corresponding to the operation permission obtained by the third-party application request as a parameter indicating that the operation is allowed, and a fourth permission configuration parameter corresponding to the operation permission obtained by the third-party application request is set as a parameter indicating that the authorization is refused by the permission management service.
The operation management service is a PMS service, and the authority management service is a mobile _ safe service.
In implementation, the terminal responds to an operation that the user triggers and indicates that the operation permission is refused to be granted and the third-party application continues to run, the PMS service sets a third permission configuration parameter corresponding to the operation permission obtained by the request of the third-party application as a parameter indicating that the running is allowed, the mobile _ safe service calls a setPermission interface, and sets a fourth permission configuration parameter corresponding to the operation permission obtained by the request of the third-party application as a parameter indicating that the authorization is refused.
After responding to the operation which is triggered in the permission request page by the user and represents that the operation permission is refused to be granted and the third-party application is continuously operated, the third-party application calls a Check Self permission interface to determine that the third permission configuration parameter corresponding to the operation permission is the parameter representing the permission to be operated, and then the third-party application is continuously operated in the display interface.
And when the third-party application needs to execute the operation corresponding to the operation authority in the running process, determining that the fourth authority configuration parameter corresponding to the operation authority is a parameter representing refusal of authorization, and limiting the third-party application to execute the operation corresponding to the operation authority in the running process of the third-party application.
Specifically, when the third-party application requests to execute the operation corresponding to the operation authority, the preset false operation data or the null value is returned to the third-party application through the system interface.
In implementation, when an operation corresponding to an operation authority needs to be executed in the running process of a third-party application, the mobile _ Safe service calls a CheckPermissionEX interface to determine that a fourth authority configuration parameter corresponding to the operation authority of the third-party application is a parameter indicating denial of authorization, and then returns preset false operation data or a null value to the third-party application to limit the third-party application to execute the operation corresponding to the operation authority.
In the method for managing the authority in the running of the third-party application program, after the terminal responds to the trigger of the user in the authority request page, which indicates that the operation authority is refused to be granted and the operation of the third-party application is continuously run, the operation management service sets the third authority configuration parameter corresponding to the operation authority of the user triggering operation as a parameter representing the operation permission, the third party application, upon determining that the third privilege is configured to indicate a parameter that allows operation, may continue to operate, and before the third party application executes the operation corresponding to the operation authority, determining that the fourth authority configuration parameter corresponding to the operation authority in the authority management service is a parameter representing refusal of authorization, then limiting the operation corresponding to the operation authority of the third party application, therefore, the third-party application can continue to run, and meanwhile, the safety of user privacy data and system data is protected.
Fig. 15 is a complete flowchart of a method for managing rights in a third-party application running process according to an embodiment of the present invention, which specifically includes the following steps:
step S1501, when the terminal starts the operation of the third-party application, if the third-party application requests to acquire the operation authority, displaying an authority request page of the third-party application requesting the operation authority in a display interface;
step S1502, responding to an operation which is triggered by a user in an authority request page and indicates that the operation authority is refused to be granted and a third-party application is continuously operated, and setting a third authority configuration parameter corresponding to the operation authority as a parameter indicating that the operation is allowed through an operation management service; and
setting a fourth permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through the permission management service;
step S1503, if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third-party application;
step S1504, if it is determined that the fourth permission configuration parameter corresponding to the operation permission is a parameter indicating denial of authorization, returning preset false operation data or a null value to the third-party application through the system interface.
As shown in fig. 16, the embodiment of the present invention provides a first terminal, which includes a processor 1601, a display 1602;
the processor 1601 is configured to, in a third-party application installation process, display, in a display interface, an authority request page, where the third-party application requests the operation authority, if the third-party application requests to acquire the operation authority;
responding to an operation which is triggered in the permission request page by a user and represents that the permission of operation is refused and the third-party application is continuously installed, and continuously installing the third-party application and limiting the third-party application to execute the operation corresponding to the operation permission;
the display screen 1602 is used for displaying the permission request page.
In a possible implementation manner, before continuing to install the third-party application and limiting the third-party application to execute the operation corresponding to the operation authority, the processor 1601 is further configured to:
setting a first permission configuration parameter corresponding to the operation permission as a parameter representing permission of installation through an installation management service; and
and setting a second permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through the permission management service.
In a possible implementation, when the third-party application continues to be installed, the processor 1601 is specifically configured to:
if the first permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission for installation, continuing to install the third-party application;
when the third-party application is limited to execute the operation corresponding to the operation authority, the processor 1601 is specifically configured to:
and if the second permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
In a possible implementation manner, when limiting the third-party application to execute the operation corresponding to the operation permission, the processor 1601 is specifically configured to:
and when the third-party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or a null value to the third-party application through a system interface.
As shown in fig. 17, an embodiment of the present invention provides a first apparatus for rights management, including:
a first display module 1701, configured to, in a third-party application installation process, display, in a display interface, an authority request page, where the third-party application requests to acquire an operation authority, where the third-party application requests to acquire the operation authority;
the first processing module 1702 is configured to respond to an operation that indicates that the user refuses to grant the operation permission and continues to install the third-party application, where the operation is triggered by the user in the permission request page, continue to install the third-party application, and limit the third-party application to execute an operation corresponding to the operation permission.
In a possible implementation manner, before continuing to install the third-party application and limiting the third-party application to execute the operation corresponding to the operation permission, the first processing module 1702 is further configured to:
setting a first permission configuration parameter corresponding to the operation permission as a parameter representing permission of installation through an installation management service; and
and setting a second permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through the permission management service.
In a possible implementation manner, when the third-party application continues to be installed, the first processing module 1702 is specifically configured to:
if the first permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission for installation, continuing to install the third-party application;
when the third-party application is limited to execute the operation corresponding to the operation permission, the first processing module 1702 is specifically configured to:
and if the second permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
In a possible implementation manner, when the third-party application is limited to execute the operation corresponding to the operation permission, the first processing module 1702 is specifically configured to:
and when the third-party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or a null value to the third-party application through a system interface.
As shown in fig. 18, the second terminal according to the embodiment of the present invention includes a processor 1801, a display 1802;
the processor 1801 is configured to, when a third-party application starts running, display, in a display interface, an authority request page, where the third-party application requests to acquire an operation authority, where the operation authority is requested by the third-party application;
responding to an operation which is triggered in the permission request page by a user and represents that the permission of operation is refused and the third-party application is continuously operated, and continuously operating the third-party application and limiting the third-party application to execute the operation corresponding to the permission of operation;
the display 1802 is used to display the permission request page.
In a possible implementation manner, before continuing to run the third-party application and limiting the third-party application to execute the operation corresponding to the operation permission, the processor 1801 is further configured to:
setting a third permission configuration parameter corresponding to the operation permission as a parameter representing permission to operate through an operation management service; and
and setting a fourth permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through a permission management service.
In a possible implementation manner, when the third-party application continues to run, the processor 1801 is specifically configured to:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third-party application;
when the third-party application is restricted from executing the operation corresponding to the operation authority, the processor 1801 is specifically configured to:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
In a possible implementation manner, when the third-party application is limited to execute the operation corresponding to the operation authority, the processor 1801 is specifically configured to:
and when the third-party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or a null value to the third-party application through a system interface.
As shown in fig. 19, an apparatus for providing a second kind of rights management according to an embodiment of the present invention includes:
the second display module 1901 is configured to, when a third-party application starts to run, display, in a display interface, a permission request page, where the third-party application requests to acquire an operation permission, where the permission request page requests the operation permission;
the second processing module 1902 is configured to respond to an operation that the user refuses to grant the operation permission and continues to run the third-party application, where the operation is triggered in the permission request page by the user, continue to run the third-party application and limit the third-party application to execute the operation corresponding to the operation permission.
In a possible implementation manner, before continuing to run the third-party application and limiting the third-party application to execute the operation corresponding to the operation permission, the second processing module 1902 is further configured to:
setting a third permission configuration parameter corresponding to the operation permission as a parameter representing permission to operate through an operation management service; and
and setting a fourth permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through a permission management service.
In a possible implementation manner, when the third-party application continues to run, the second processing module 1902 is specifically configured to:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third-party application;
when the third-party application is limited to execute the operation corresponding to the operation permission, the second processing module 1902 is specifically configured to:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
In a possible implementation manner, when limiting the third-party application to execute the operation corresponding to the operation permission, the second processing module 1902 is specifically configured to:
and when the third-party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or a null value to the third-party application through a system interface.
An embodiment of the present application further provides a computer storage medium, where computer program instructions are stored in the computer storage medium, and when the instructions are run on a computer, the instructions cause the computer to execute the rights management method described above.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A terminal is characterized by comprising a display screen and a processor;
the processor is used for displaying an authority request page of the third-party application requesting the operation authority in a display interface if the third-party application requests to acquire the operation authority in the installation process of the third-party application;
responding to an operation which is triggered in the permission request page by a user and represents that the permission of operation is refused and the third-party application is continuously installed, and continuously installing the third-party application and limiting the third-party application to execute the operation corresponding to the operation permission;
the display screen is used for displaying the permission request page.
2. The terminal of claim 1, wherein before continuing to install the third-party application and restricting the third-party application from performing the operation corresponding to the operation permission, the processor is further configured to:
setting a first permission configuration parameter corresponding to the operation permission as a parameter representing permission of installation through an installation management service; and
and setting a second permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through the permission management service.
3. The terminal of claim 2, wherein, in the continuing to install the third-party application, the processor is specifically to:
if the first permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission for installation, continuing to install the third-party application;
when the third-party application is restricted from executing the operation corresponding to the operation permission, the processor is specifically configured to:
and if the second permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
4. The terminal according to claim 2 or 3, wherein, when limiting the third-party application to execute the operation corresponding to the operation authority, the processor is specifically configured to:
and when the third-party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or a null value to the third-party application through a system interface.
5. A terminal is characterized by comprising a display screen and a processor;
the processor is used for displaying a permission request page of a third-party application requesting the operation permission in a display interface if the third-party application requests to acquire the operation permission when the third-party application starts to run;
responding to an operation which is triggered in the permission request page by a user and represents that the permission of operation is refused and the third-party application is continuously operated, and continuously operating the third-party application and limiting the third-party application to execute the operation corresponding to the permission of operation;
the display screen is used for displaying the permission request page.
6. The terminal of claim 5, wherein before continuing to run the third-party application and restricting the third-party application from performing the operation corresponding to the operation permission, the processor is further configured to:
setting a third permission configuration parameter corresponding to the operation permission as a parameter representing permission to operate through an operation management service; and
and setting a fourth permission configuration parameter corresponding to the operation permission as a parameter representing refusal of authorization through a permission management service.
7. The terminal of claim 6, wherein, while continuing to run the third-party application, the processor is specifically configured to:
if the third permission configuration parameter corresponding to the operation permission is determined to be a parameter indicating permission to operate, continuing to operate the third-party application;
when the third-party application is restricted from executing the operation corresponding to the operation permission, the processor is specifically configured to:
and if the fourth permission configuration parameter corresponding to the operation permission is determined to be a parameter representing refusal of authorization, limiting the third-party application to execute the operation corresponding to the operation permission in the running process of the third-party application.
8. The terminal according to claim 5 or 7, wherein, when limiting the third-party application to execute the operation corresponding to the operation authority, the processor is specifically configured to:
and when the third-party application requests to execute the operation corresponding to the operation authority, returning preset false operation data or a null value to the third-party application through a system interface.
9. A method of rights management, the method comprising:
in the installation process of a third-party application, if the third-party application requests to acquire an operation authority, a terminal displays an authority request page of the third-party application requesting the operation authority in a display interface;
responding to the operation which is triggered in the permission request page by the user and represents that the operation permission is refused to be granted and the third-party application is continuously installed, and continuously installing the third-party application and limiting the third-party application to execute the operation corresponding to the operation permission by the terminal.
10. A method of rights management, the method comprising:
when a third-party application starts to run, if the third-party application requests to acquire an operation authority, a permission request page of the third-party application requesting the operation authority is displayed in a display interface;
responding to the operation which is triggered in the permission request page by the user and represents that the operation permission is refused to be granted and the third-party application is continuously operated, and continuously operating the third-party application by the terminal and limiting the third-party application to execute the operation corresponding to the operation permission.
CN202010269503.4A 2020-04-08 2020-04-08 Authority management method and terminal Pending CN113496039A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010269503.4A CN113496039A (en) 2020-04-08 2020-04-08 Authority management method and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010269503.4A CN113496039A (en) 2020-04-08 2020-04-08 Authority management method and terminal

Publications (1)

Publication Number Publication Date
CN113496039A true CN113496039A (en) 2021-10-12

Family

ID=77995732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010269503.4A Pending CN113496039A (en) 2020-04-08 2020-04-08 Authority management method and terminal

Country Status (1)

Country Link
CN (1) CN113496039A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024046080A1 (en) * 2022-08-29 2024-03-07 华为技术有限公司 Application program installation method and apparatus, and electronic device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal
CN105354489A (en) * 2015-10-29 2016-02-24 小米科技有限责任公司 Right granting method and apparatus
CN110084047A (en) * 2019-03-20 2019-08-02 努比亚技术有限公司 A kind of access right control method, terminal and computer readable storage medium
CN110532764A (en) * 2019-08-19 2019-12-03 维沃移动通信有限公司 A kind of method, mobile terminal and the readable storage medium storing program for executing of permission processing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal
CN105354489A (en) * 2015-10-29 2016-02-24 小米科技有限责任公司 Right granting method and apparatus
CN110084047A (en) * 2019-03-20 2019-08-02 努比亚技术有限公司 A kind of access right control method, terminal and computer readable storage medium
CN110532764A (en) * 2019-08-19 2019-12-03 维沃移动通信有限公司 A kind of method, mobile terminal and the readable storage medium storing program for executing of permission processing

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024046080A1 (en) * 2022-08-29 2024-03-07 华为技术有限公司 Application program installation method and apparatus, and electronic device

Similar Documents

Publication Publication Date Title
CN113032766B (en) Application authority management method and device
CN110084035B (en) Electronic device and method for suggesting a response guide when a rejection occurs
CN111656347B (en) Project display method and terminal
CN113835569A (en) Terminal device, quick start method for internal function of application and storage medium
CN111274564A (en) Communication terminal and application unlocking method in split screen mode
CN113836540A (en) Method, apparatus, storage medium, and program product for managing application rights
CN114020379A (en) Terminal device, information feedback method and storage medium
CN113835928A (en) Application backup and recovery method, device, storage medium, and program product
CN112825072B (en) Communication terminal and data sharing method
CN112835472A (en) Communication terminal and display method
CN113496039A (en) Authority management method and terminal
CN113642010B (en) Method for acquiring data of extended storage device and mobile terminal
CN111600862B (en) User account management method and device
CN114035870A (en) Terminal device, application resource control method and storage medium
CN111159734A (en) Communication terminal and multi-application data inter-access processing method
CN111163220B (en) Display method, communication terminal and computer storage medium
CN114675786A (en) Large-capacity storage mounting method, device, terminal and medium
CN114020377A (en) Terminal device, picture information protection method and storage medium
CN113938890B (en) Data sharing method and terminal equipment
CN111258699B (en) Page display method and communication terminal
CN115017473B (en) Authorization method and electronic equipment
CN112000411B (en) Mobile terminal and display method of recording channel occupation information thereof
CN114154180A (en) Data sharing method and terminal equipment
CN111142648B (en) Data processing method and intelligent terminal
CN113835889A (en) Method for acquiring input event and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination