CN108717507A - A kind of management method and system of Android application programs permission - Google Patents
A kind of management method and system of Android application programs permission Download PDFInfo
- Publication number
- CN108717507A CN108717507A CN201810360740.4A CN201810360740A CN108717507A CN 108717507 A CN108717507 A CN 108717507A CN 201810360740 A CN201810360740 A CN 201810360740A CN 108717507 A CN108717507 A CN 108717507A
- Authority
- CN
- China
- Prior art keywords
- program
- permission
- authorization
- public key
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 72
- 238000013475 authorization Methods 0.000 claims abstract description 71
- 238000012795 verification Methods 0.000 claims abstract description 39
- 230000006855 networking Effects 0.000 claims abstract description 9
- 238000009434 installation Methods 0.000 claims description 21
- 238000000034 method Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims 2
- 230000008859 change Effects 0.000 description 3
- 230000015654 memory Effects 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000004308 accommodation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of management methods and system of Android application programs permission, are related to the video terminals field such as multimedia terminal, which includes authority management module, permission update module and verification authorization module.Authority management module is used to store and update on network:The correspondence of program ID, the public key of program and program authority three.Permission update module is used for after equipment networking, and the correspondence, and the correspondence of the public key of the program ID, program on more new equipment, program authority are obtained from network.Verify authorization module to be used for after receiving the authorization requests of program authority, the correspondence in corresponding equipment, verification authorization requests whether program ID, program public key corresponding to program authority in the range of, if in range, to program authorization;If not in range, refuse to program authorization.
Description
Technical field
The present invention relates to the video terminals fields such as multimedia terminal, and in particular to a kind of Android application programs permission
Management method and system.
Background technology
With universal, more and more internet developers, the telecom operators of the video terminal based on android system
Participate in the exploitation and publication of application program.In the conventional technology, the publication needs of application program are signed, each to develop
When quotient, operator sign to the application program respectively developed, the private key and public key held are different, so different fortune
The signature for the application program that battalion quotient, developer are developed is different.Private key generally remains in application developer hand, answers
It is then completed by private key with the signature of program;Public key then adheres in the application.When application program is installed, system is logical
The public key in parsing application program is crossed, public key is reused and application program is verified, application program is prevented to be tampered.
But since application program in equipment when running, function is different, and operating system required for running assigns
Permission it is also different, these permissions are broadly divided into common permission and super-ordinate right, and be divided into super-ordinate right for system weigh
Limit and root authority.Application program is after being endowed different permissions, for operational capacities such as the function of equipment, management, safety
Also different.
The key of android system super-ordinate right signature is that (System build person is typically equipment life by System build person at present
Produce producer) management.When application program needs super-ordinate right, the key of system meeting signature verification, when key meets internal system
When the verification key of storage, application program can just be endowed super-ordinate right.Therefore, the application journey of translator's exploitation is compiled for nonsystematic
Sequence is when being configured, upgrading etc. operation, if necessary to assign permission by system, it usually needs developer hands over application program
System build person is given, after authorizing application program system signature by System build person, can ensure that system can be to application program
Assignment, and then ensure the use of program.
But there is drawbacks for this processing mode:
1, the application program person that must give System build, after authorizing signature by System build person, application program can just lead to
The system of mistake obtains the permission of its needs.
When 2, because of application program updating, system meeting signature verification, so before upgrading, developer needs to submit again
Application program is carried out authorizing signature by System build person, application program can obtain system authorization, have the right to System build person
Limit is upgraded.
3, because the signature key differences that each System build person uses, cause the signature of application program cannot be general, using journey
The operator of sequence when being directly managed and upgrade to application program, is inconvenient by management platform.
4, the publication and upgrading of application program need by:Operator submits application program, operator to System build person
Application, System build person verify application program, and System build person signature, using publication, application program updating etc. flows in equipment
The publication flow of journey, application program is longer, is unfavorable for its Rapid Popularization, uses.
Therefore above 4 drawbacks how are solved, realize the management of android system application program permission, are urgent at present
Problem to be solved.
Invention content
In view of the deficiencies in the prior art, the purpose of the present invention is to provide a kind of Android application programs permissions
Management method and system, can while not changing application signature, efficiency and safety help application program mandate.
To achieve the above objectives, the technical solution adopted by the present invention is that:
A kind of management system of Android application programs permission comprising:
Authority management module, for storing and updating on network:Program ID, the public key of program and program authority three
Correspondence;
Permission update module, for after equipment networking, the correspondence, and the journey on more new equipment to be obtained from network
The correspondence of sequence ID, the public key of program, program authority;
Authorization module is verified, for after receiving the authorization requests of program authority, corresponding to the correspondence in equipment,
Verify authorization requests whether program ID, program public key corresponding to program authority in the range of, if in range, to
Program authorization;If not in range, refuse to program authorization.
Based on the above technical solution, program ID, the public key of program, program are preset in the permission update module
The initial correspondence of permission.
Based on the above technical solution, described program permission includes multiple Permission Levels, the verification authorization module
It is program authorization according to Permission Levels.
Based on the above technical solution, the verification authorization module is only in the super-ordinate right application for receiving program,
Verify authorization requests whether program ID, program public key corresponding to program authority in the range of.
Based on the above technical solution, the super-ordinate right application of described program includes the installation of program or awarding for upgrading
Power request, after verification authorization module receives the authorization requests of installation or upgrading of program, the mandate of verification installation or upgrading is asked
Seeking Truth it is no program ID, program public key corresponding to program authority in the range of, if not in range, refuse to program
It authorizes;If in range, to program authorization;To after program authorization, the public key carried to program verifies, if public
Key is legal, then allows to install or upgrade;If public key is illegal, forbids installing or upgrade.
Based on the above technical solution, a kind of management method of Android application programs permission, specific steps
For:
S1:Manager stores and the program ID on update network, the public key of program and the corresponding of program authority three are closed
System;
S2:Equipment obtains the correspondence on network, and the program ID on more new equipment, the public key of program, program authority
Correspondence;
S3:Whether equipment obtains the authorization requests of program authority, confirm the request of verification permission grant in program ID, program
In the range of the corresponding program authority of public key, if in range, to program authorization, if not in range, refuse to
Program authorization.
Based on the above technical solution, before step S1, it is additionally provided with step S0:In equipment pre-set programs ID,
The public key of program, the correspondence of program authority.
Based on the above technical solution, setting program authority is multiple Permission Levels, the specific step of the step S3
Suddenly it is:
The authorization requests for obtaining program, search the corresponding Permission Levels of its program authority, and according to power according to correspondence
The grade of limit is program authorization.
Based on the above technical solution, step S3 is specially:Equipment obtains authority request, is only receiving super-ordinate right
When application, confirm verification permission grant request whether program ID, program public key corresponding to program authority in the range of, such as
Fruit is in range, then to program authorization, if not in range, refuses to program authorization.
Based on the above technical solution, the authorization requests of installation or the upgrading of program are arranged to ask for super-ordinate right,
Step S3 is specially:Obtain installation or upgrade request, verification installation or upgrade request whether program ID, program public key institute it is right
In the range of the program authority answered, if in range, to program authorization, if not in range, refuse to award to program
Power, to after program authorization, verification authorization module verifies program ID and the program public key carried, if public key is legal,
Then allow to install or upgrade, if public key is illegal, forbids installing or upgrade.
Compared with the prior art, the advantages of the present invention are as follows:
(1) authority management module, permission update module and verification authorization module, authority management module are equipped in the present invention
The correspondence with more new procedures ID, the public key of program and program authority three can be stored in the network platform in time, is made
Calling program permission can be corresponding with program ID and program public key in time by authority management module;Permission update module joins in equipment
After net, that is, correspondence is obtained and updated, ensures that program authority can be corresponding with program ID and program public key in time in equipment;School
Test authorization module verification not application program mandate in time, it is no longer necessary to the program upgraded every time is submitted into equipment vendors,
Different equipment vendors need not be submitted to so that application program can efficiency and safety it is authorized.
(2) the permission update module in the present invention is equipped with the initial corresponding pass of program ID, the public key of program, program authority
System, in equipment operation for the first time, factory reset and when can not network, still be able to by initial correspondence to program into
Row authorizes, and effective prevention apparatus does not have the case where can not being authorized caused by correspondence
(3) present invention is provided with multiple Permission Levels to program authority, by the mandate of Permission Levels limiting program, relatively
In to read-write photo, make a phone call, receive and dispatch the permissions such as short message and confirm one by one, more convenient and efficiency.
Description of the drawings
Fig. 1 is a kind of management method of Android application programs permission of the present invention and the structural schematic diagram of system embodiment;
Fig. 2 is a kind of management method of Android application programs permission of the present invention and the flow chart of system embodiment.
Specific implementation mode
The embodiment of the present invention is described in further detail below in conjunction with attached drawing.
Embodiment 1
Shown in Figure 1, the embodiment of the present invention 1 provides a kind of management system of Android application programs permission, including power
Limit management module, permission update module, verification authorization module.
Authority management module can be stored and be updated on network:Program ID, the public key of program and program authority three couple
The relationship answered.I.e. authority management module can be by adjusting the program authority in correspondence, to manage program institute energy on network
The permission enough authorized, it is no longer necessary to which developer or operator repeat to submit application program, and equipment vendors is required to authorize signature.
Specifically, authority management module network can be in the management platform of equipment, establish, one database of update
List, in Database Lists, including application name, the public key used in application signature and application program can assign
The operation permission given, the correspondence of this three is established by Database Lists.When the operation program that program can assign becomes
When change, equipment vendors can be by the way that directly by authority management module, in management platform, corresponding application name be answered
The permission adjustment run with program signature public key used, is done directly the mandate to application permission.Relative to existing,
Operator or developer are needing more new application, it is necessary to submit to equipment vendors first and authorize signature, the direct right to use
Limit management module management operating permission enhanced convenience and rapid.
Preferably, journey will can be applied with storage device model, producer, software version number etc. in Database Lists
Program authority can more accurately be searched, correspond to and be updated to the information that sequence distinguishes by this information, moreover it is possible to
Multiple lookup modes are enough provided, in the case where partial information is lost, the operation prepared still is able to and information is lost in completion, ensure
The stability of system.
Permission update module is used for after equipment networking, from authority management module obtain program ID, program public key and
The correspondence of program authority three, and relationship correspondence is updated to equipment.Equipment start networking after, permission update module with
Network, i.e. equipment rights management platform connect.Reporting MAC address or unit type parameter can be passed through so that land identification MAC
Behind address or unit type, the permission that application program authority information that such equipment is run is sent to equipment by message updates
Module.And after obtaining message, there are the application programs inside equipment to run authority information by message for permission update module.Pass through power
Update module is limited, equipment can download to new authorization policy in equipment after networking, ensure that program can authorize in equipment
Permission keep newest permission state.
Specifically, when developer or operator need to be updated program, equipment vendors can be required to make
Program ID, the public key of program and program authority three's correspondence intermediate range on network or platform are adjusted with authority management module
The addition of sequence permission allows to upgrade, and then permission update module can obtain the correspondence on more new equipment after equipment networking.
It should be noted that described program ID can be the title of program, the mandate number of program or program energy in text
The device type being enough adapted to, as long as can be identified for that and distinguish the program.And for network described in text, can be instrument factory
The application management platform of quotient can also be some program application management management platforms, as long as being related to program authorization or upgrading peace
Dress.
Program ID and program public key are set simultaneously, can solve the problems, such as the application program operation rights conflict of identical packet name.
The present invention judges whether some application program has super-ordinate right by the public key information combination of application package name, signature.No
It is possible to appearance using identical packet name development and application program with application developers, but different application is developed
The public key information that quotient's signature uses is different.By way of packet name and public key combination, it is ensured that application program is only
One property.Even if public key information can be obtained by parsing APP, packet name can be modified as with public key as, but with public key
The private key matched is kept in application developer hand.It goes to parse unmatched private key using public key, verification can be caused to fail.
Authorization module is verified, the verification authorization module is used for after the authorization requests for receiving program authority permission, corresponding
The correspondence in equipment, verification authorization requests program ID, program public key corresponding to program authority in the range of,
To program authorization if in range, refuse if not in range to program authorization.It, may in program operation process
The various permissions of demand, at this point, program can send the authorization requests to the permission of needs, verification authorization module is receiving the transmission
Authorization requests after, can confirm the apllied power of PROGRAMMED REQUESTS by directly compareing already existing correspondence in equipment
Whether limit is to have the right, if having the right mandate, is refused if having no right.
For example, the image editing software on mobile phone reads the photograph in photograph album due to needing, and may be authorized to verification
Module sends out the authorization requests for reading photograph album permission, and verifies after authorization module receives the authorization requests, can directly compare and set
Standby upper program ID, the public key of program and program authority three's correspondence, confirm image editing software program ID and
Among permission corresponding to program public key, if there is the permission for reading photograph album photograph, if it is present allow to authorize, if
There is no do not run mandate then.
In conclusion the present invention is by being arranged a program ID, the public key of program and the correspondence of program authority three,
And the correspondence on network and equipment is kept synchronizing by authority management module, permission update module so that instrument factory
Quotient can be more convenient management application mandate:As long as in device management platform addition application package name, public key, operation power
Limit can make application program obtain super-ordinate right, can increase to the permission of the application program of equipment operation in management platform
The operations such as add, delete, changing, inquiring.Developer or operator submit application program to be set to different with no longer needing simultaneously
Standby manufacturer.Super-ordinate right can be obtained using the signature of application developers, does not have to the signature of change application program, avoids
The trouble that application program is signed again to equipment development quotient.
Embodiment 2
On the basis of embodiment 1, permission update module is preset with the initial of program ID, the public key of program and program authority
Correspondence.Equipment is being produced or is being not network at the beginning, although equipment vendors are logical after replying default setting
Program ID, the public key of program and the correspondence of program authority three on authority management module management network are crossed, permission is more
New module can not obtain correspondence, that is, do not have correspondence in equipment, at this moment such as in the case of no networking from network
Fruit has the authorization requests that application program sends out permission, and although verification authorization module has received the authorization requests of permission, but do not have
Above-mentioned correspondence will be unable to verify the application program whether in the extent of competence of permission, lead to not authorize, even
System is unable to operate normally.If permission update module is preset with the correspondence of program ID, the public key of program and program authority,
It verifies authorization module and the permitted permission of application program present in default correspondence is confirmed by preset correspondence,
So that system in the case of failed cluster can trouble-free operation, ensure that the stability of system.
For example, the program of internal system needs the permission of read-write storage, in mobile phone after factory reset,
The program can send out the authorization requests of permission, it is desirable that authorize read-write storage, permission update module is due to being preset with program ID, program
Public key and program authority correspondence, can directly be updated in equipment, verification authorization module compare equipment on correspondence
Relationship, you can confirm the memory read-write permission of the program be within the allowable range, therefore verify authorization module the program is awarded
Power allows its read-write storage, system to be then able to smooth operation.
Embodiment 3
On the basis of embodiment 1, program authority includes multiple Permission Levels, and verification authorization module is according to Permission Levels
Program authorization.In systems there is many permissions, such as read the permission of photograph album, the permission of short message reading, the permission for receiving and dispatching short message,
Using camera permission, use microphone permission etc..But it is different application or program its permission for needing not fully
It is identical, it needs then to need chat class software using the permission of camera software and degree photograph album if for photography software
Use the permission of microphone or soft keyboard.It corresponds to multiple and different if it is the public key of each program ID and program, needs to set
Standby manufacturer expends a large amount of manpower and materials can generate various corresponding numbers simultaneously because different program corresponding authorities is not quite similar
According to causing managerial confusion.But if after program authority is divided into multiple Permission Levels, the Basic application of system corresponds to
Super-ordinate right ensures that it can run, and unessential software corresponds to rudimentary permission and ensureing that it can be using the same of part permission
When, the sensitive permission of equipment is will not relate to, system stable operation will not be impacted.Therefore multiple power are set for program authority
Grade is limited, while it is that program carries out authorizing the management that equipment vendors can be made more convenient to verify authorization module according to Permission Levels
Application program, while ensureing the operation of the safety and stablization of system.
For example, program authority is set to super-ordinate right, intermediate permission and rudimentary permission, wherein super-ordinate right to possess
All permissions, intermediate permission are then set as possessing the operation that components of system as directed sensitive permission is such as capable of monitoring system, rudimentary power
Limit, which is not related to the bright sensitive permission of system then, is only capable of the operation of support program and such as reads and writes storage region, and in its system system it is interior
The public key of the program ID and program that deposit management program correspond to the super-ordinate right of program authority, antivirus, the security software setting of equipment
Intermediate permission, and rudimentary permission is then arranged in the imaging program in equipment.When program is run, storage management has corresponded to height
Grade permission, can be managed by internally depositing, and the big distribution condition of other program internal memories in adjustment system possesses larger power
Limit;Antivirus, security software are set as relaying permission, can monitor other programs, but can not influence the operation of system;If
Rudimentary permission is arranged in standby photographing program, uses memory, photograph album and camera, cannot influence the normal operation of equipment completely.
It should be noted that the super-ordinate right in text can be that developer either feel by operator or equipment management manufacturer
The permission being managed is needed, and by verifying the permission that can be authorized, and rudimentary permission can be then program acquiescence operation
Permission.
Preferably, verification authorization module is only when receiving super-ordinate right application, when application program Permission Levels compared with
When low, verification authorization module can not verify, and program acquiescence allows to use the permission, only when the more advanced power of program requirements
Wait in limited time, verification authorization module just need confirm permission authorization requests program ID, program public key corresponding to program weigh
In the range of limit, and judge whether to authorize.By the differentiation to Permission Levels, it is capable of the operation effect of faster procedure and system
Rate, at the same ensure program and system can stablize, safety running.
For example, novel read routine needs text novel access limit etc. rudimentary permission in normal operation,
Verification authorization module does not verify these rudimentary permissions, and acquiescence novel read routine can directly be run.But when the novel is read
When reader needs to carry out the super-ordinate right of updating operation, verification authorization module then corresponds to program ID, program public key and journey
The correspondence of sequence permission authorizes, such novel read routine can if novel read routine correspondence includes the permission
Upgraded, refuses to authorize if not comprising if, novel read routine can not be upgraded.Ensure only in equipment management manufacturer
Developer or operator's application are received, and in the case of license, novel read routine can be upgraded.Simultaneously no longer
Need equipment management manufacturer giving program public key repeatedly.
Embodiment 4
On the basis of embodiment 3, the super-ordinate right application of program includes the authorization requests of installation or the upgrading of program, school
After testing the authorization requests of installation or upgrading that authorization module receives program, whether the authorization requests of verification installation or upgrading are in journey
Sequence ID, program public key corresponding to program authority in the range of, if not in range, refuse to program authorization;If
In range, then to program authorization;To after program authorization, the public key carried to program verifies, if public key is legal,
Allow to install or upgrade;If public key is illegal, forbids installing or upgrade.When program is installed or is upgraded, if
Standby management manufacturer can directly authoring program installed or upgraded, while program ensures there is still a need for public key verification is carried out
The legal and safety of program.It, can be general for different manufacturers, different equipment such as set-top box, mobile phone terminal etc..If
Standby management manufacturer can authorize the program installation procedure containing public key between by equipment authority management module, eliminate developer
Or program is submitted by operator, waits public key to be granted etc. flow, accelerates the efficiency of program beaching accommodation application platform, more just
Just.And due to equipment vendors' difference, the key of signature is different.When application program updating lives installation, need to set to different
It after standby manufacturer's signature, then is deployed on network and is upgraded, unified rise can not be carried out to identical application program on distinct device
Grade.The developer of application program of the present invention can according to oneself signature make application program can when application program updating
Not have to change signature, the problem of cannot can mutually upgrading to avoid the application program of distinct device developer signature.
Embodiment 5
Shown in Figure 2, the embodiment of the present invention 5 provides a kind of management method of Andriod application programs permission, specific
Steps are as follows:
S1:Manager stores and the program ID on update network, the public key of program and the corresponding of program authority three are closed
System.The correspondence of storage and more new procedures ID, the public key of program and program authority three on network, simplify equipment pipe
Manage the flow of manufacturer's giving program permission, that is, no longer needing developer, either application or upgrade procedure are submitted repeatedly by operator,
It is required that equipment management manufacturer is authorized to program again.Equipment management manufacturer only needs to update journey in network or application platform
The relationship of sequence ID, the public key of program and program authority three just complete its mandate to program.
S2:Equipment obtains the correspondence on network, and the program ID on more new equipment, the public key of program, program authority
Correspondence.Equipment equipment can independently obtain by network program ID, the public key of program, program authority after networking
Correspondence downloads to new authorization policy in equipment, ensures that the permission that program can authorize in equipment keeps newest fair
Perhaps state.
S3:Equipment obtains permission grant request, confirms that permission grant asks the corresponding program of public key in program ID, program
In the range of permission, to program authorization if in range, refuse if not in range to program authorization.In equipment
There is program at runtime, needs the request that will send out permission after permission to equipment, and equipment can be by directly compareing in equipment
Already existing correspondence confirms that program authorization asks whether apllied permission is to have the right, if having the right mandate, if
Have no right, refuses.Ensure that program can not exceed power and be operated to system and equipment, influence equipment and system safety and
Stability.
Carry out whole description is carried out to the embodiment of the above method below by further distance:
A:The correspondence of program ID, the public key of program and program authority in application platform is arranged in equipment management manufacturer;
B:Device power is switched on, and connects upper application platform;
C:Equipment is according to application platform, program ID, the public key of program and the correspondence of program authority on more new equipment;
D:Application program is run, and applies running permission;
E:Equipment judges whether the permission of application program exceedes power, if exceeding power, does not authorize, if not exceeding power,
Enter step F;
F:The public key of the program ID and program that judge application program are corresponding also permission in correspondence, if
Including then authorizing, do not authorized if not comprising if.
In summary method, the present invention is by being arranged a program ID, the public key of program and the correspondence of program authority three
Relationship ensure that network is synchronous with the holding of the correspondence in equipment so that developer or operator submit with no longer needing
Application program gives different equipment vendors.
Embodiment 6
On the basis of embodiment 5, before step S1, it is additionally provided with step S0:Pre-set programs ID, program in equipment
The correspondence of public key, program authority.If having no the correspondence of preset program ID, the public key of program, program authority in equipment
Relationship, then it will be unable to verify the application program whether in the extent of competence of permission, lead to not to authorize in addition system without
Method normal operation;Conversely, equipment confirms that the application program present in default correspondence permits by preset correspondence
Perhaps permission so that system in the case of failed cluster can trouble-free operation, ensure that the stability of system.
Embodiment 7
On the basis of embodiment 5, setting program authority be multiple Permission Levels, and step S3 the specific steps are:It obtains
The authorization requests of program fetch search the corresponding Permission Levels of its program authority according to correspondence, and are according to the grade of permission
Program authorization.After program authority is divided into multiple Permission Levels, the Basic application of system can correspond to super-ordinate right, ensure its energy
Enough operations, unessential software correspond to rudimentary permission while ensureing that it can use part permission, will not relate to equipment
Sensitive permission will not impact system stable operation.Therefore multiple Permission Levels are set for program authority, while verification is awarded
Power module is that program carries out authorizing the management application that equipment vendors can be made more convenient according to Permission Levels, is ensured simultaneously
The operation of the safety and stablization of system.
Preferably, step S3 is specially:Equipment obtains the authorization requests of permission, only when receiving super-ordinate right application, really
Recognize the authorization requests of permission program ID, program public key corresponding to program authority in the range of, if in range, to
If program authorization is refused not in range to program authorization.Ensure only equipment management manufacturer receive developer or
Person operator applies, and in the case of license, novel read routine can be upgraded.No longer need equipment management factory simultaneously
Quotient's giving program public key repeatedly.
Embodiment 8
On the basis of embodiment 7, the authorization requests of installation or the upgrading of program are set and are asked for super-ordinate right, step S3
Specially:Obtain installation or upgrade request, verification installation or upgrade request whether program ID, program public key corresponding to journey
In the range of sequence permission, if in range, to program authorization, if not in range, refuse to program authorization, Xiang Cheng
After sequence mandate, the public key carried to program verifies, if public key is legal, allows to install or upgrade, if public key is non-
Method is then forbidden installing or be upgraded.Equipment management manufacturer can authorize the journey containing public key between by equipment authority management module
Sequence installation procedure eliminates developer or operator and submits program, waits public key to be granted etc. flow, accelerates program and logs in and sets
The efficiency of standby application platform, it is more convenient.
Carry out whole description is carried out to the embodiment of the above method below by further distance:
A:The correspondence of program ID, the public key of program and program authority in application platform is arranged in equipment management manufacturer;
B:Device power is switched on, and connects upper application platform;
C:Equipment is according to application platform, program ID, the public key of program and the correspondence of program authority on more new equipment;
D:Application program is run, and applies running permission;
E:Equipment receives application, judge application permission whether be installation either upgrading authority if it is installation or rise
Grade permission then enters step F, if not then being run with default behavior
F:Judge whether the permission of application program exceedes power, if exceeding power, do not authorize, if not exceeding power, enters
Step G;
G:The public key of the program ID and program that judge application program are corresponding also permission in correspondence, if
Including then authorizing, do not authorized if not comprising if.
When program needs upgrading, equipment management manufacturer is in device management platform addition application package name, public key, fortune
Row permission can make application program obtain upgrading or installation permission, be more convenient, be safer.
The present invention is not only limited to above-mentioned preferred forms, anyone can show that other are each under the inspiration of the present invention
The product of kind of form, however, make any variation in its shape or structure, it is every have with the present invention it is same or similar as
Technical solution, within its protection domain.
Claims (10)
1. a kind of management system of Android application programs permission, which is characterized in that it includes:
Authority management module, for storing and updating on network:Pair of program ID, the public key of program and program authority three
It should be related to;
Permission update module, for after equipment networking, the correspondence, and the program on more new equipment to be obtained from network
The correspondence of ID, the public key of program, program authority;
Authorization module is verified, for after receiving the authorization requests of program authority, the correspondence in corresponding equipment to verify
Authorization requests whether program ID, program public key corresponding to program authority in the range of, if in range, to program
It authorizes;If not in range, refuse to program authorization.
2. a kind of management system of Android application programs permission as described in claim 1, it is characterised in that:The permission
The initial correspondence of program ID, the public key of program, program authority is preset in update module.
3. a kind of management system of Android application programs permission as described in claim 1, it is characterised in that:Described program
Permission includes multiple Permission Levels, and the verification authorization module is program authorization according to Permission Levels.
4. a kind of management system of Android application programs permission as claimed in claim 3, it is characterised in that:The verification
Whether authorization module only in the super-ordinate right application for receiving program, just verifies authorization requests in program ID, the public key institute of program
In the range of corresponding program authority.
5. a kind of management system of Android application programs permission as claimed in claim 4, it is characterised in that:Described program
Super-ordinate right application include program installation or upgrading authorization requests, verification authorization module receives installation or the liter of program
Grade authorization requests after, verification installation or upgrading authorization requests whether program ID, program public key corresponding to program power
In the range of limit, if not in range, refuse to program authorization;If in range, to program authorization;It is awarded to program
Quan Hou, the public key carried to program verifies, if public key is legal, allows to install or upgrade;If public key is illegal,
Forbid installing or upgrade.
6. a kind of management method of Android application programs permission, which is characterized in that its specific steps are:
S1:Manager stores and updates program ID, the public key of program and the correspondence of program authority three on network;
S2:Equipment obtains the correspondence on network, and pair of the public key of the program ID, program on more new equipment, program authority
It should be related to;
S3:Equipment obtain program authority authorization requests, verification authorization requests whether program ID, program the corresponding journey of public key
In the range of sequence permission, if in range, to program authorization, if not in range, refuse to program authorization.
7. a kind of management method of Android application programs permission as claimed in claim 6, it is characterised in that:In step S1
Before, it is additionally provided with step S0:The correspondence of pre-set programs ID, the public key of program, program authority in equipment.
8. a kind of management method of Android application programs permission as claimed in claim 6, it is characterised in that:It is described to journey
The detailed process of sequence mandate is:Described program permission includes multiple Permission Levels, obtains the authorization requests of program, is closed according to corresponding
The corresponding Permission Levels of its program authority are searched by system, and are program authorization according to the grade of permission.
9. a kind of management method of Android application programs permission as claimed in claim 8, it is characterised in that:In step S3,
Equipment only when receiving super-ordinate right application, just verify authorization requests whether program ID, program public key corresponding to program
In the range of permission, if in range, to program authorization, if not in range, refuse to program authorization.
10. a kind of management method of Android application programs permission as claimed in claim 9, which is characterized in that step S3 tools
Body is:The super-ordinate right application of described program includes the authorization requests of installation or the upgrading of program, and equipment receives the peace of program
Dress or upgrading authorization requests after, verification installation or upgrade request whether program ID, program public key corresponding to program power
In the range of limit, if in range, to program authorization, if not in range, refuse, to program authorization, to award to program
Quan Hou, the public key carried to program verifies, if public key is legal, allows to install or upgrade, if public key is illegal,
Forbid installing or upgrade.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810360740.4A CN108717507A (en) | 2018-04-20 | 2018-04-20 | A kind of management method and system of Android application programs permission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810360740.4A CN108717507A (en) | 2018-04-20 | 2018-04-20 | A kind of management method and system of Android application programs permission |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108717507A true CN108717507A (en) | 2018-10-30 |
Family
ID=63899312
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810360740.4A Pending CN108717507A (en) | 2018-04-20 | 2018-04-20 | A kind of management method and system of Android application programs permission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108717507A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711724A (en) * | 2020-06-10 | 2020-09-25 | 中国联合网络通信集团有限公司 | Authority management method, system, computer device and storage medium |
| CN113626770A (en) * | 2021-08-04 | 2021-11-09 | 北京锐安科技有限公司 | Authorization control method, device, equipment and storage medium for application program |
| WO2022142756A1 (en) * | 2020-12-31 | 2022-07-07 | 中兴通讯股份有限公司 | High-level permission granting method and system, device, and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103888948A (en) * | 2014-03-31 | 2014-06-25 | 中国联合网络通信集团有限公司 | Safety control method and device of intelligent terminal mobile applications |
| CN106372496A (en) * | 2016-08-31 | 2017-02-01 | 福建联迪商用设备有限公司 | Method and system for improving payment terminal application security |
| CN107918731A (en) * | 2016-10-11 | 2018-04-17 | 百度在线网络技术(北京)有限公司 | Method and apparatus for controlling the authority to access to open interface |
-
2018
- 2018-04-20 CN CN201810360740.4A patent/CN108717507A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103888948A (en) * | 2014-03-31 | 2014-06-25 | 中国联合网络通信集团有限公司 | Safety control method and device of intelligent terminal mobile applications |
| CN106372496A (en) * | 2016-08-31 | 2017-02-01 | 福建联迪商用设备有限公司 | Method and system for improving payment terminal application security |
| CN107918731A (en) * | 2016-10-11 | 2018-04-17 | 百度在线网络技术(北京)有限公司 | Method and apparatus for controlling the authority to access to open interface |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711724A (en) * | 2020-06-10 | 2020-09-25 | 中国联合网络通信集团有限公司 | Authority management method, system, computer device and storage medium |
| WO2022142756A1 (en) * | 2020-12-31 | 2022-07-07 | 中兴通讯股份有限公司 | High-level permission granting method and system, device, and medium |
| CN113626770A (en) * | 2021-08-04 | 2021-11-09 | 北京锐安科技有限公司 | Authorization control method, device, equipment and storage medium for application program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9906492B2 (en) | Gateway device, and service providing system | |
| CN111275857B (en) | Control method of intelligent lock and intelligent lock | |
| EP1564957B1 (en) | Method and apparatus for providing dynamic security management | |
| DE60218124T2 (en) | Apparatus and method for restricting access to and storage of content | |
| CN102904869B (en) | Method and apparatus for remote authentication | |
| CN103098068A (en) | Method and apparatus for an ephemeral trusted device | |
| CN107615292A (en) | For the system and method for the installation for managing the application package for needing excessive risk authority to access | |
| CN108717507A (en) | A kind of management method and system of Android application programs permission | |
| CN113031980A (en) | OTA system software upgrading control method and terminal equipment | |
| CN107749894A (en) | A kind of safety, simple, intelligence Internet of things system | |
| CN110049040A (en) | To the methods, devices and systems of the control authority authorization of smart machine | |
| CN110008690A (en) | Right management method, device, equipment and the medium of terminal applies | |
| BRPI0209741B1 (en) | secure application deployment and execution in a wireless environment | |
| CN105871794A (en) | Distributed file system date storage method and system, client and server | |
| CN109815680B (en) | Application authority management method and device, terminal equipment and storage medium | |
| CN106295330A (en) | Call the control device and method of API | |
| CN108108597A (en) | Authentication method and device based on NGTP architecture | |
| CN110708336A (en) | Video terminal authentication method and device, electronic equipment and storage medium | |
| US20020013909A1 (en) | Method of dynamic determination of access rights | |
| CN101854624A (en) | Dynamic loading software authentication method, monitoring method and device for mobile terminal | |
| CN112052030A (en) | Interface authority configuration method, storage medium and system of vehicle-mounted application program | |
| CN107070875A (en) | Release the method and smart machine of smart machine and the binding relationship of user | |
| CN111639021A (en) | Permission testing method and device of application program and terminal equipment | |
| CN111786995B (en) | Account password management method, management middleware, system, equipment and storage medium | |
| CN108418957A (en) | Intelligent mobile phone intervenes the method, apparatus and vehicle of onboard system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181030 |
|
| RJ01 | Rejection of invention patent application after publication |