CN113836540A - Method, apparatus, storage medium, and program product for managing application rights - Google Patents
Method, apparatus, storage medium, and program product for managing application rights Download PDFInfo
- Publication number
- CN113836540A CN113836540A CN202111025309.2A CN202111025309A CN113836540A CN 113836540 A CN113836540 A CN 113836540A CN 202111025309 A CN202111025309 A CN 202111025309A CN 113836540 A CN113836540 A CN 113836540A
- Authority
- CN
- China
- Prior art keywords
- application
- target application
- authority
- permission
- security level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000002159 abnormal effect Effects 0.000 claims abstract description 28
- 238000013475 authorization Methods 0.000 claims description 35
- 238000004590 computer program Methods 0.000 claims description 12
- 230000005856 abnormality Effects 0.000 claims description 3
- 230000008859 change Effects 0.000 abstract description 2
- 239000010410 layer Substances 0.000 description 19
- 238000010586 diagram Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 12
- 230000003993 interaction Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000005236 sound signal Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 239000012792 core layer Substances 0.000 description 1
- 238000007599 discharging Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Stored Programmes (AREA)
Abstract
The application relates to the technical field of intelligent terminals, and provides a method, equipment, a storage medium and a program product for managing application permission, which are used for solving the problem that application cannot run due to permission management change after android system version upgrading. And when the target application is run and crashed, acquiring the abnormal description information of the target application. And analyzing whether the reason causing the crash is the incompatibility of the authority management or not based on the abnormal description information. If the target application is not permitted to run in the android system version, the permission safety level of the target application in the android system version can be determined, and then a prompt box is output to enable a user to confirm whether to grant corresponding permission to continue running the target application. After granting the rights is granted, the corresponding rights may be granted. In summary, according to the embodiment of the application, after the version of the android system is updated, the authority management of the target application is compatible with the new version of the android system, and the target application can be guaranteed to run on the new version of the android system.
Description
Technical Field
The present application relates to the field of intelligent terminal technology, and in particular, to a method, device, storage medium, and program product for managing application rights.
Background
With the development and updating of Android devices, the Android system version is updated every year. After the version of the Android system is updated, some applications cannot be normally used. And a certain time is also needed for carrying out corresponding adaptation development on the Android system of the new version, which obviously cannot meet the use requirements of users.
Therefore, how to be compatible with the new Android system version can lead the old application to be the problem concerned in the industry in the generation and operation of the new Android system version.
Disclosure of Invention
The application aims to provide a method, equipment, a storage medium and a program product for managing application permission, which are used for solving the problem that target application cannot run due to permission management change after android system version upgrading.
In a first aspect, the present application provides a method for managing application permissions, the method comprising:
if receiving an operation crash message of a target application, acquiring abnormal description information of the target application;
retrieving a specified keyword from the abnormality description information; the specified keyword is used for indicating that the authority is abnormal;
if the specified keyword is retrieved, acquiring an authority name from the abnormal description information;
determining a permission security level based on the permission name;
outputting an authorization prompt box based on the authority security level;
and if the authorization operation aiming at the authorization prompt box is received, the authority corresponding to the authority security level is granted to the target application.
In some embodiments, the obtaining the authority name from the exception description information specifically includes:
inquiring an authority name field from the abnormal description information;
and acquiring the field value of the authority name field as the authority name.
In some embodiments, the privilege security level includes:
application availability rating and hazard rating.
In some embodiments, the determining the authority security level based on the authority name specifically includes:
and calling a system authority management interface to inquire the authority security level corresponding to the authority name.
In some embodiments, if the permission security level is the danger level, the granting the permission corresponding to the permission security level to the target application specifically includes:
running the target application in a secure space mode.
In some embodiments, the running the target application in the secure space mode specifically includes:
if the target application calls a first type system interface to execute a first read-write operation on a first database, executing the first read-write operation in an area outside the first database; the first type system interface is an interface which forbids the target application to call in the safe space mode;
if the target application calls a second type system interface to execute a second read-write operation on a second database, executing the second read-write operation in the second database, or executing the second read-write operation in an area outside the second database; and the second class database is an interface allowing the target application to call in the safe space mode.
In some embodiments, the method further comprises:
if the specified keyword is not retrieved, outputting an exception prompt box, wherein the exception prompt box is used for displaying the exception of the target application and the user operation item;
and if receiving the operation of closing the target application aiming at the abnormal prompt box, stopping running the target application.
In a second aspect, the present application further provides a terminal device, including:
a display for displaying a user interface of a target application;
a memory for storing executable instructions of the processor;
a processor for executing the executable instructions to implement any of the methods as provided in the first aspect of the application.
In a third aspect, an embodiment of the present application further provides a computer-readable storage medium, where instructions, when executed by a processor of a terminal device, enable the terminal device to perform any one of the methods as provided in the first aspect of the present application.
In a fourth aspect, an embodiment of the present application provides a computer program product comprising a computer program that, when executed by a processor, performs any of the methods as provided in the first aspect of the present application.
The technical scheme provided by the embodiment of the application at least has the following beneficial effects:
based on the method for managing the application permission, when the user uses the target application after the android system is updated, application collapse caused by abnormal application permission is avoided, a visible application permission control interaction mode is provided for the user, user experience is improved, and compatibility of the old application to a new version android system is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application. On the basis of the common knowledge in the field, the above preferred conditions can be combined randomly to obtain the preferred embodiments of the application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
fig. 2 is a schematic diagram of a software architecture of a terminal device according to an embodiment of the present disclosure;
fig. 3 is a flowchart illustrating a method for managing application permissions according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a user interface of an authorization prompt box according to an embodiment of the present application;
FIG. 5 is a schematic view of a user interface of an authority prompt box according to an embodiment of the present application;
fig. 6 is a schematic flowchart of a method for managing application rights according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. The embodiments described are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Also, in the description of the embodiments of the present application, "/" indicates or means, for example, a/B may indicate a or B; "and/or" in the text is only an association relationship describing an associated object, and means that three relationships may exist, for example, a and/or B may mean: three cases of a alone, a and B both, and B alone exist, and in addition, "a plurality" means two or more than two in the description of the embodiments of the present application.
The terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," or "second" may explicitly or implicitly include one or more of that feature, and in the description of embodiments of the application, "a plurality" means two or more unless otherwise indicated.
The method for managing application authority provided by the present application will be described with reference to the following embodiments.
The method and the device mainly solve the problem that the application cannot run due to the fact that the authority management is changed after the android system version is upgraded. The inventive concept of the present application can be summarized as follows: when the target application runs and crashes, the abnormal description information of the target application can be obtained. The exception description information carries the cause of the crash. Therefore, whether the reason for the crash is the incompatibility of the authority management is analyzed based on the abnormal description information. If the target application is not permitted to run in the android system version, the permission safety level of the target application in the android system version can be determined, and then a prompt box is output to enable a user to confirm whether to grant corresponding permission to continue running the target application. After the permission is granted, the corresponding permission can be granted, and the target application can be guaranteed to run on the new version android system. To sum up, when the target application is used after the android system is updated, whether the target application crashes due to the permission problem can be analyzed based on the abnormal description information of the target application, and then when the crash caused by the permission problem is determined, the corresponding application permission is granted to the target application through the authorization prompt box, a visible application permission control interaction mode is provided for a user, so that the application can normally run, the situation that the application cannot run due to the abnormal application permission is avoided, the user experience is improved, and the compatibility of the old application to the new version android system is improved.
After the main inventive concepts of the embodiments of the present application are introduced, some simple descriptions are provided below for application scenarios to which the technical solutions of the embodiments of the present application can be applied, and it should be noted that the application scenarios described below are only used for describing the embodiments of the present application and are not limited. In specific implementation, the technical scheme provided by the embodiment of the application can be flexibly applied according to actual needs.
First, fig. 1 shows a schematic configuration diagram of a terminal device 100.
The following specifically describes the embodiment by taking the terminal device 100 as an example. It should be understood that the terminal device 100 shown in fig. 1 is only an example, and the terminal device 100 may have more or less components than those shown in fig. 1, may combine two or more components, or may have a different configuration of components. The various components shown in the figures may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.
A block diagram of a hardware configuration of a terminal device 100 according to an exemplary embodiment is exemplarily shown in fig. 1. As shown in fig. 1, the terminal device 100 includes: a Radio Frequency (RF) circuit 110, a memory 120, a display unit 130, a camera 140, a sensor 150, an audio circuit 160, a Wireless Fidelity (Wi-Fi) module 170, a processor 180, a bluetooth module 181, and a power supply 190.
The RF circuit 110 may be used for receiving and transmitting signals during information transmission and reception or during a call, and may receive downlink data of a base station and then send the downlink data to the processor 180 for processing; the uplink data may be transmitted to the base station. Typically, the RF circuitry includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like.
The memory 120 may be used to store software programs and data. The processor 180 performs various functions of the terminal device 100 and data processing by executing software programs or data stored in the memory 120. The memory 120 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. The memory 120 stores an operating system that enables the terminal device 100 to operate. The memory 120 may store an operating system and various application programs, and may also store program codes for performing the methods described in the embodiments of the present application.
The display unit 130 may be used to receive input numeric or character information, generate signal input related to user settings and function control of the terminal device 100, and specifically, the display unit 130 may include a touch screen 131 disposed on the front surface of the terminal device 100, and may collect touch operations of a user thereon or nearby, such as clicking a button for allowing authorization, clicking a button for rejecting authorization, clicking a button for entering a secure space, dragging a scroll box, and the like.
The display unit 130 may also be used to display a Graphical User Interface (GUI) of information input by or provided to the user and various menus of the terminal apparatus 100. Specifically, the display unit 130 may include a display screen 132 disposed on the front surface of the terminal device 100. The display screen 132 may be configured in the form of a liquid crystal display, a light emitting diode, or the like. The display unit 130 may be configured to display a user interface of the target application, display an authorization prompt box and an authority prompt box, and the like.
The touch screen 131 may cover the display screen 132, or the touch screen 131 and the display screen 132 may be integrated to implement the input and output functions of the terminal device 100, and after the integration, the touch screen may be referred to as a touch display screen for short. In the present application, the display unit 130 may display the application programs and the corresponding operation steps.
The camera 140 may be used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing elements convert the light signals into electrical signals which are then passed to the processor 180 for conversion into digital image signals.
The terminal device 100 may further comprise at least one sensor 150, such as an acceleration sensor 151, a distance sensor 152, a fingerprint sensor 153, a temperature sensor 154. The terminal device 100 may also be configured with other sensors such as a gyroscope, barometer, hygrometer, thermometer, infrared sensor, light sensor, motion sensor, and the like.
The audio circuitry 160, speaker 161, microphone 162 may provide an audio interface between the user and the terminal device 100. The audio circuit 160 may transmit the electrical signal converted from the received audio data to the speaker 161, and convert the electrical signal into a sound signal for output by the speaker 161. The terminal device 100 may also be provided with a volume button for adjusting the volume of the sound signal. On the other hand, the microphone 162 converts the collected sound signal into an electrical signal, converts the electrical signal into audio data after being received by the audio circuit 160, and outputs the audio data to the RF circuit 110 to be transmitted to, for example, another terminal device, or outputs the audio data to the memory 120 for further processing. In this application, the microphone 162 may capture the voice of the user.
Wi-Fi belongs to a short-distance wireless transmission technology, and the terminal device 100 can help a user to send and receive e-mails, browse webpages, access streaming media and the like through the Wi-Fi module 170, and provides wireless broadband internet access for the user.
The processor 180 is a control center of the terminal device 100, connects various parts of the entire terminal device using various interfaces and lines, and performs various functions of the terminal device 100 and processes data by running or executing software programs stored in the memory 120 and calling data stored in the memory 120. In some embodiments, processor 180 may include one or more processing units; the processor 180 may also integrate an application processor, which mainly handles operating systems, user interfaces, applications, etc., and a baseband processor, which mainly handles wireless communications. It will be appreciated that the baseband processor described above may not be integrated into the processor 180. In the present application, the processor 180 may run an operating system, an application program, a user interface display, and a touch response, and the processing method described in the embodiments of the present application. Further, the processor 180 is coupled with the display unit 130.
And the bluetooth module 181 is configured to perform information interaction with other bluetooth devices having a bluetooth module through a bluetooth protocol. For example, the terminal device 100 may establish a bluetooth connection with a wearable terminal device (e.g., a smart watch) also equipped with a bluetooth module through the bluetooth module 181, so as to perform data interaction.
The terminal device 100 also includes a power supply 190 (such as a battery) for powering the various components. The power supply may be logically connected to the processor 180 through a power management system to manage charging, discharging, power consumption, etc. through the power management system. The terminal device 100 may further be configured with a power button for powering on and off the terminal device, and locking the screen.
Fig. 2 is a block diagram of a software configuration of the terminal device 100 according to the embodiment of the present application.
The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system may be divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer, from top to bottom, respectively.
The application layer may include a series of application packages.
As shown in fig. 2, the application package may include applications such as camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, music, video, short message, etc.
The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.
As shown in FIG. 2, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.
The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.
The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, dialed and answered calls, browsing history and bookmarks, phone books, short messages, etc.
The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, a display interface including an authorization prompt box may include a view displaying text and a view displaying pictures.
The phone manager is used to provide the communication function of the terminal device 100. Such as management of call status (including on, off, etc.).
The resource manager provides various resources, such as localized strings, icons, pictures, layout files, video files, etc., to the application.
The notification manager allows the application to display notification information (e.g., message digest of short message, message content) in the floating window, can be used to convey notification-type messages, and can automatically disappear after a short dwell without user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, text information is prompted in the status bar, a prompt tone is given, the terminal device vibrates, an indicator light flickers, and the like.
The Android Runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system.
The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.
The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.
The system library may include a plurality of functional modules. For example: surface managers (surface managers), Media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., OpenGL ES), 2D graphics engines (e.g., SGL), and the like.
The surface manager is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications.
The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.
The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.
A 2D (an animation mode) graphics engine is a drawing engine for 2D drawing.
The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.
The terminal device 100 in the embodiment of the present application may be a mobile phone, a tablet computer, a wearable device, a television, and other terminal devices that can be equipped with an android system.
Based on the above description, a flowchart of a method for managing application rights according to an embodiment of the present application is shown in fig. 3, which includes the following steps:
in step 301, if a running crash message of the target application is received, exception description information of the target application is obtained.
The exception description information of the target application may include a reason for an application crash exception, for example, android.
Then, in step 302, a specified keyword is retrieved from the abnormality description information, the specified keyword being used to indicate that the authority is abnormal. For example, the specified keyword is, for example, SecurityException, and it is determined that the authority is abnormal if the specified keyword is included.
In another embodiment, if the specified keyword is not retrieved, the specified keyword indicates that the specified keyword is not an authority class exception, an exception prompt box is output, the exception prompt box is used for displaying an exception of the target application and a user operation item, the user operation item comprises an application closing option, and if a target application closing operation aiming at the exception prompt box is received, the target application stops running.
In step 303, if the specified keyword is retrieved, the authority name is obtained from the abnormal description information.
In one embodiment, obtaining the authority name from the exception description information specifically includes: and inquiring the authority name field from the abnormal description information, and then acquiring the field value of the authority name field as the authority name. For example, after the query is that the authority is abnormal, the android. One example is: permission, write _ exterior _ STORAGE.
Then "WRITE _ exterior _ STORAGE" is the authority name obtained from the exception description information. Because the types of the application authorities are more, other authority name character strings can be contained, and the retrieval process is consistent.
In step 304, a privilege security level is determined based on the privilege name.
In one embodiment, the authority security level is determined based on the authority name, that is, the authority security level corresponding to the authority name is queried by calling a system authority management interface. The above privilege security levels include: application availability rating and hazard rating. The permission of the application availability level refers to that the application can be operated after being authorized, such as reading an address book. A hazard level authority, such as the authority to read a system setting database, may generally require operation in a secure space mode.
In step 305, an authorization prompt box is output based on the privilege security level.
In step 306, if an authorization operation for the authorization prompt box is received, an authority corresponding to the authority security level is granted to the target application.
In one embodiment, the permission security level is an application availability level, and it can be determined that the application crash exception is caused by the application not applying for and obtaining user permission to use the application permission. At this time, the system outputs an authorization prompt box to prompt the user that the current operation of the application needs the authorization of the authority, and displays the operation options of the user. As shown in fig. 4, the user operation items of the authorization prompt box can be divided into an allowance operation item and a denial operation item, and if the user clicks the allowance operation item, the authorization operation for the authorization prompt box is responded, and the right corresponding to the application availability level is granted to the target application; and if the user clicks refusal, closing the current authorization prompt box, and closing the target application because the target application cannot run due to no permission.
Further, regardless of whether the user allows authorization or not, the process is a process other than the process in which the application crashes and exits, and the target application actually exits from the current operation and needs the user to start the application again. In order to facilitate the simple operation of the user, in the embodiment of the application, after the user allows authorization, the system actively pulls up the application again, so that the restart operation of the user can be avoided, and the user can continue to operate the target application at the user level.
In addition, as shown in fig. 4, although the display effect of the authorization prompt box interface is similar to that of the ordinary permission box, the authorization prompt box interface is different from the ordinary permission box interface in source, and the authorization prompt box is actively popped up by the system and does not need to be actively applied. And the common authority frame is displayed only by the application terminal initiating the authority application.
In another embodiment, if the permission security level is a danger level, the target application is operated in the secure space mode, and the permission corresponding to the permission security level is granted to the target application. Fig. 5 is a schematic diagram of an authority prompt box when the authority security level is a danger level.
It should be noted that the secure space mode is to put the application into a space or mode isolated from the system, and in this state, all called system interfaces of the application are different from the return values of the real system interfaces. For example, in the secure space mode, the target application cannot read and write the system setting database, but in the secure space mode, the target application may call these system interfaces at will, and only these interfaces do not really respond to the actions of the target application, or do not really affect the data stored in the actual system database.
The interfaces which can be called by the target application in the safe space mode are divided into a first system interface and a second system interface, wherein the first system interface corresponds to the application permission of the danger level, the second system interface corresponds to the application permission of the application availability level, if the operation of the target application related to the application permission of the danger level, the first system interface is called, and if the operation of the target application related to the application permission of the application availability level, the second system interface is called.
Based on these two types of system interfaces, the target application is run in the secure space mode, which can be implemented as:
and if the target application calls the first type system interface to execute the first read-write operation on the first database, executing the first read-write operation in an area outside the first database, wherein the first type system interface is an interface which forbids the target application to call in a safe space mode. For example, the application tries to write a new value aaa into the setting database a and obtains a return value, where the first type of system interface is an interface corresponding to the setting database a, the first database is the setting database a, the first read-write operation is to write a new value aaa, and the system writes aaa into a new position, which is different from the setting database a originally designed by the system, for example, called a (false). In this case, the system does not output an exception while the target application is operating normally.
And if the target application calls the second type system interface to execute second read-write operation on the second database, executing the second read-write operation in the second database, or executing the second read-write operation in an area outside the second database, wherein the second type database allows the interface called by the target application in a safe space mode. For example, the target application reads the address book information, the second type system interface is an interface corresponding to the communication rate, the second database is a database where the address book information is located, and the second read-write operation is reading the address book information. In this case, the target application can operate normally.
In some embodiments, the overall flow of the method of managing application permissions is shown in FIG. 6:
in step 601, an operation crash message of the target application is received, and exception description information of the target application is obtained.
In step 602, keywords are retrieved from the anomaly description information.
In step 603, it is determined whether the privilege class is abnormal.
In step 604, if it is determined that the rights class is not abnormal, an abnormal prompt box is output.
In step 605, receiving the application closing operation for the exception prompt box, and stopping running the target application.
In step 606, if it is determined that the authority class is abnormal, the authority name is obtained.
In step 607, it is determined whether the authority security level is a danger level based on the authority name.
In step 608, if the privilege security level is not a risk level, an authorization prompt box is output.
Then, in step 609, it is determined whether an authorization operation for the authorization prompt box is received.
In step 610, if an authorization operation for the authorization prompt box is received, an authority corresponding to the authority security level is granted to the target application, and the target application is restarted.
In step 611, if an authorization rejection operation for the authorization prompt box is received, the authorization prompt box is closed, and the target application is stopped running.
In step 612, if the permission security level is a danger level, a safety space prompt box is output.
In step 613, it is determined whether the secure space mode is entered.
In step 614, if the user selects to enter the secure space mode, the rights corresponding to the security level of the rights are granted to the target application in the secure space.
In step 615, if the user does not select to enter the secure space mode, the secure space prompt box is closed, and the target application is stopped running.
The steps really realize the management of the application permission after the android system is updated, the corresponding application permission is granted to the target application through the authorization prompt box, a visible application permission control interaction mode is provided for a user, meanwhile, the application can normally run in a safe space mode, application collapse caused by abnormal application permission is avoided, user experience is improved, and the compatibility of the target application to a new system is improved.
Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
The embodiments provided in the present application are only a few examples of the general concept of the present application, and do not limit the scope of the present application. Any other embodiments extended according to the scheme of the present application without inventive efforts will be within the scope of protection of the present application for a person skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A method of managing application permissions, the method comprising:
if receiving an operation crash message of a target application, acquiring abnormal description information of the target application;
retrieving a specified keyword from the abnormality description information; the specified keyword is used for indicating that the authority is abnormal;
if the specified keyword is retrieved, acquiring an authority name from the abnormal description information;
determining a permission security level based on the permission name;
outputting an authorization prompt box based on the authority security level;
and if the authorization operation aiming at the authorization prompt box is received, the authority corresponding to the authority security level is granted to the target application.
2. The method according to claim 1, wherein the obtaining the authority name from the abnormal description information specifically includes:
inquiring an authority name field from the abnormal description information;
and acquiring the field value of the authority name field as the authority name.
3. The method of claim 1, wherein the privilege security level comprises:
application availability rating and hazard rating.
4. The method according to claim 1, wherein the determining the authority security level based on the authority name specifically includes:
and calling a system authority management interface to inquire the authority security level corresponding to the authority name.
5. The method according to claim 3, wherein if the permission security level is the danger level, the granting the permission corresponding to the permission security level to the target application specifically comprises:
running the target application in a secure space mode.
6. The method according to claim 5, wherein the running the target application in the secure space mode specifically comprises:
if the target application calls a first type system interface to execute a first read-write operation on a first database, executing the first read-write operation in an area outside the first database; the first type system interface is an interface which forbids the target application to call in the safe space mode;
if the target application calls a second type system interface to execute a second read-write operation on a second database, executing the second read-write operation in the second database, or executing the second read-write operation in an area outside the second database; the second type database is an interface which allows the target application to be called under the safe space mode.
7. The method of claim 1, further comprising:
if the specified keyword is not retrieved, outputting an exception prompt box, wherein the exception prompt box is used for displaying the exception of the target application and the user operation item;
and if receiving the operation of closing the target application aiming at the abnormal prompt box, stopping running the target application.
8. A terminal device, comprising:
a display for displaying a user interface of a target application;
a memory for storing executable instructions of the processor;
a processor for executing the executable instructions to implement the method of managing application rights of any of claims 1-7.
9. A computer-readable storage medium, wherein instructions in the computer-readable storage medium, when executed by a processor of a terminal device, enable the terminal device to perform the method of managing application rights of any of claims 1-7.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, carries out the method of managing application rights of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111025309.2A CN113836540A (en) | 2021-09-02 | 2021-09-02 | Method, apparatus, storage medium, and program product for managing application rights |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111025309.2A CN113836540A (en) | 2021-09-02 | 2021-09-02 | Method, apparatus, storage medium, and program product for managing application rights |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113836540A true CN113836540A (en) | 2021-12-24 |
Family
ID=78961965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111025309.2A Pending CN113836540A (en) | 2021-09-02 | 2021-09-02 | Method, apparatus, storage medium, and program product for managing application rights |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113836540A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114840874B (en) * | 2022-01-10 | 2023-06-06 | 华为技术有限公司 | Application program management method and related device |
| CN116702163A (en) * | 2022-09-27 | 2023-09-05 | 荣耀终端有限公司 | Authority management method and terminal equipment |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100306847A1 (en) * | 2009-05-26 | 2010-12-02 | Microsoft Corporation | Identifying security properties of systems from application crash traffic |
| US20140283107A1 (en) * | 2013-03-14 | 2014-09-18 | Appsense Limited | Secure data management |
| WO2015102513A1 (en) * | 2013-12-30 | 2015-07-09 | Limited Liability Company Mail.Ru | Systems and methods for assisting user in software application crashes |
| CN106681853A (en) * | 2016-12-30 | 2017-05-17 | 深圳天珑无线科技有限公司 | Application crashing processing method and mobile terminal |
| WO2017219589A1 (en) * | 2016-06-19 | 2017-12-28 | 乐视控股(北京)有限公司 | Method and system for processing program crash message |
| JP2018081384A (en) * | 2016-11-14 | 2018-05-24 | キヤノン株式会社 | Information processing device and authority management method and program |
| CN108874466A (en) * | 2018-06-08 | 2018-11-23 | Oppo(重庆)智能科技有限公司 | Control call method, electronic device and computer readable storage medium |
| CN109815083A (en) * | 2018-12-21 | 2019-05-28 | 瑞庭网络技术(上海)有限公司 | A kind of monitoring method of application crashes, device, electronic equipment and medium |
| CN109815680A (en) * | 2018-12-27 | 2019-05-28 | 歌尔股份有限公司 | Management method, device, terminal device and the storage medium of application permission |
| CN109901941A (en) * | 2018-12-15 | 2019-06-18 | 中国平安人寿保险股份有限公司 | Application crash processing method and processing device, computer installation and storage medium |
| CN110765007A (en) * | 2019-09-29 | 2020-02-07 | 南京大学 | Crash information online analysis method for android application |
| CN111259374A (en) * | 2020-01-08 | 2020-06-09 | 苏宁云计算有限公司 | Authority abnormity detection method and device, computer equipment and storage medium |
| CN112541166A (en) * | 2019-09-20 | 2021-03-23 | 杭州中天微系统有限公司 | Method, system and computer readable storage medium |
| CN112667421A (en) * | 2020-12-25 | 2021-04-16 | 平安科技(深圳)有限公司 | Authorization detection method, device, terminal and storage medium |
| CN113326502A (en) * | 2021-06-27 | 2021-08-31 | 刘秀萍 | Android application classification authorization method for quantitative evaluation of suspicious behaviors |
-
2021
- 2021-09-02 CN CN202111025309.2A patent/CN113836540A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100306847A1 (en) * | 2009-05-26 | 2010-12-02 | Microsoft Corporation | Identifying security properties of systems from application crash traffic |
| US20140283107A1 (en) * | 2013-03-14 | 2014-09-18 | Appsense Limited | Secure data management |
| WO2015102513A1 (en) * | 2013-12-30 | 2015-07-09 | Limited Liability Company Mail.Ru | Systems and methods for assisting user in software application crashes |
| WO2017219589A1 (en) * | 2016-06-19 | 2017-12-28 | 乐视控股(北京)有限公司 | Method and system for processing program crash message |
| JP2018081384A (en) * | 2016-11-14 | 2018-05-24 | キヤノン株式会社 | Information processing device and authority management method and program |
| CN106681853A (en) * | 2016-12-30 | 2017-05-17 | 深圳天珑无线科技有限公司 | Application crashing processing method and mobile terminal |
| CN108874466A (en) * | 2018-06-08 | 2018-11-23 | Oppo(重庆)智能科技有限公司 | Control call method, electronic device and computer readable storage medium |
| CN109901941A (en) * | 2018-12-15 | 2019-06-18 | 中国平安人寿保险股份有限公司 | Application crash processing method and processing device, computer installation and storage medium |
| CN109815083A (en) * | 2018-12-21 | 2019-05-28 | 瑞庭网络技术(上海)有限公司 | A kind of monitoring method of application crashes, device, electronic equipment and medium |
| CN109815680A (en) * | 2018-12-27 | 2019-05-28 | 歌尔股份有限公司 | Management method, device, terminal device and the storage medium of application permission |
| CN112541166A (en) * | 2019-09-20 | 2021-03-23 | 杭州中天微系统有限公司 | Method, system and computer readable storage medium |
| CN110765007A (en) * | 2019-09-29 | 2020-02-07 | 南京大学 | Crash information online analysis method for android application |
| CN111259374A (en) * | 2020-01-08 | 2020-06-09 | 苏宁云计算有限公司 | Authority abnormity detection method and device, computer equipment and storage medium |
| CN112667421A (en) * | 2020-12-25 | 2021-04-16 | 平安科技(深圳)有限公司 | Authorization detection method, device, terminal and storage medium |
| CN113326502A (en) * | 2021-06-27 | 2021-08-31 | 刘秀萍 | Android application classification authorization method for quantitative evaluation of suspicious behaviors |
Non-Patent Citations (2)
| Title |
|---|
| CAY S.HORSTMANN 等: "Java 2核心技术 卷Ⅱ 高级特性", 30 November 2000, 机械工业出版社, pages: 545 - 548 * |
| 俞研;金凤;吴家顺;: "基于自定义安全策略的Android应用细粒度访问控制方法", 南京理工大学学报, no. 02, 30 April 2016 (2016-04-30) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114840874B (en) * | 2022-01-10 | 2023-06-06 | 华为技术有限公司 | Application program management method and related device |
| CN116702163A (en) * | 2022-09-27 | 2023-09-05 | 荣耀终端有限公司 | Authority management method and terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113032766B (en) | Application authority management method and device | |
| CN111367456A (en) | Communication terminal and display method in multi-window mode | |
| CN113836540A (en) | Method, apparatus, storage medium, and program product for managing application rights | |
| CN113835569A (en) | Terminal device, quick start method for internal function of application and storage medium | |
| CN113835571A (en) | Terminal device, information display method and storage medium | |
| CN113709026B (en) | Method, device, storage medium and program product for processing instant communication message | |
| CN113835928A (en) | Application backup and recovery method, device, storage medium, and program product | |
| CN111935353B (en) | Mobile terminal and short message display method thereof | |
| CN114675786A (en) | Large-capacity storage mounting method, device, terminal and medium | |
| CN114035870A (en) | Terminal device, application resource control method and storage medium | |
| CN113900740A (en) | Method and device for loading multiple list data | |
| CN114594894A (en) | Interface element marking method, terminal device and storage medium | |
| CN111163220B (en) | Display method, communication terminal and computer storage medium | |
| CN111159734A (en) | Communication terminal and multi-application data inter-access processing method | |
| CN114020377A (en) | Terminal device, picture information protection method and storage medium | |
| CN113496039A (en) | Authority management method and terminal | |
| CN113642010A (en) | Method for acquiring data of extended storage device and mobile terminal | |
| CN113760164A (en) | Display device and response method of control operation thereof | |
| CN113938890B (en) | Data sharing method and terminal equipment | |
| CN114020379B (en) | Terminal equipment, information feedback method and storage medium | |
| CN111258699B (en) | Page display method and communication terminal | |
| CN114154180A (en) | Data sharing method and terminal equipment | |
| CN114675765A (en) | Terminal device, function searching method and storage medium | |
| CN112764832A (en) | Application program installing and uninstalling method and communication terminal | |
| CN115329373A (en) | User data protection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |