CN110851823A - Data access method, device, terminal and storage medium - Google Patents
Data access method, device, terminal and storage medium Download PDFInfo
- Publication number
- CN110851823A CN110851823A CN201911098758.2A CN201911098758A CN110851823A CN 110851823 A CN110851823 A CN 110851823A CN 201911098758 A CN201911098758 A CN 201911098758A CN 110851823 A CN110851823 A CN 110851823A
- Authority
- CN
- China
- Prior art keywords
- data
- access
- path
- application program
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 244000035744 Hura crepitans Species 0.000 claims description 77
- 238000012545 processing Methods 0.000 claims description 13
- 230000002093 peripheral effect Effects 0.000 description 10
- 230000001133 acceleration Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 6
- 101100264195 Caenorhabditis elegans app-1 gene Proteins 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 239000000919 ceramic Substances 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 239000011230 binding agent Substances 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000006641 stabilisation Effects 0.000 description 1
- 238000011105 stabilization Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a data access method, a data access device, a terminal and a storage medium, and belongs to the technical field of internet. The method comprises the following steps: receiving a data access request sent by a first application program on a terminal, wherein the data access request carries a first access path for accessing data to be accessed; acquiring a path index of a first access path; when the data access request is determined to be used for accessing the data of the second application program according to the path index, acquiring the authority information of the data to be accessed; when the first application program is determined to have the authority to access the data to be accessed according to the authority information, the redirection to the first access path is shielded; and based on the first access path, reading the data to be accessed from the storage space corresponding to the first access path, and returning the read data to the first application program. When the first application program has the authority of accessing the data of the second application program, the first application program can access the data of the second application program, and the flexibility of data access is improved.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a data access method, apparatus, terminal, and storage medium.
Background
With the development of internet technology, two identical application programs can be simultaneously run in electronic devices such as mobile phones and tablet computers. For example, to distinguish work from life, a person may run two identical application programs in one electronic device at the same time, one login work account as a work application, and the other login personal account as a personal application, and data of the work application and the personal application are isolated and cannot be accessed to each other.
In the related art, a sandbox is established in the android system, which can provide an independent, isolated operating environment for applications. And copying the installation package of the application program into the sandbox so that the application program can run in the sandbox. In the aspect of data access, the file path of the application program in the sandbox is redirected to the specified path of the sandbox, so that the application program in the sandbox can only access the file of the specified path of the sandbox, and the data isolation of the application program in the sandbox and the application program outside the sandbox is realized.
In the related art, data of an application program inside a sandbox and data of an application program outside the sandbox are completely isolated, and flexibility of data access is weak.
Disclosure of Invention
The embodiment of the application provides a data access method, a data access device, a terminal and a storage medium, and can solve the problem of weak data access flexibility. The technical scheme is as follows:
according to an aspect of an embodiment of the present application, there is provided a data access method, including:
receiving a data access request sent by a first application program on a terminal, wherein the data access request carries a first access path for accessing data to be accessed;
acquiring a path index of the first access path;
when the data access request is determined to be used for accessing data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
when the first application program is determined to have the authority to access the data to be accessed according to the authority information, shielding redirection of the first access path;
and based on the first access path, reading the data to be accessed from the storage space corresponding to the first access path, and returning the read data to the first application program.
According to another aspect of embodiments of the present application, there is provided a data access apparatus, including:
the terminal comprises a receiving module, a processing module and a processing module, wherein the receiving module is configured to receive a data access request sent by a first application program on the terminal, and the data access request carries a first access path for accessing data to be accessed;
an obtaining module configured to obtain a path index of the first access path; when the data access request is determined to be used for accessing data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
the shielding module is configured to shield redirection of the first access path when the first application program is determined to have the authority of accessing the data to be accessed according to the authority information;
and the access module is configured to read the data to be accessed from the storage space corresponding to the first access path based on the first access path, and return the read data to the first application program.
In one possible implementation, the apparatus further includes: a matching module configured to match the path index with each index in path access tools, the path access tools including a first path access tool including a first index of a first storage path of at least one first data of the first application and a second path access tool including a second index of a second storage path of at least one second data of the second application;
a determination module configured to determine that the data access request is for accessing data of a second application on a terminal when the path index matches a second index in the second path access tool.
In another possible implementation manner, the apparatus further includes:
the obtaining module is further configured to obtain a first storage path of at least one first data of the first application program and a second storage path of at least one second data of the second application program;
the generating module is configured to generate a first index corresponding to the first storage path of each first data according to the first storage path of each first data, and generate a second index corresponding to the second storage path of each second data according to the second storage path of each second data;
an encapsulation module configured to encapsulate a first index corresponding to the first storage path of each first data in the first path access tool, and encapsulate a second index corresponding to the second storage path of each second data in the second path access tool;
a merging module configured to merge the first path access tool and the second path access tool into the path access tool.
In another possible implementation manner, the apparatus further includes:
the display module is configured to display a setting interface of authority information when receiving a storage instruction of the data to be accessed in the second application program;
the setting module is configured to set the authority information of the data to be accessed as permission to access when receiving the operation of permitting the first application program to access the data to be accessed based on the setting interface;
the setting module is further configured to set the authority information of the data to be accessed as access prohibition when receiving an operation of prohibiting the first application program from accessing the data to be accessed based on the setting interface.
In another possible implementation manner, the apparatus further includes:
the display module is further configured to display an authority setting interface corresponding to the second application program;
the setting module is further configured to set permission information of the data of the second application program to allow access when receiving an operation of allowing the first application program to access the data of the second application program based on the permission setting interface;
the setting module is further configured to set the permission information of the data of the second application program to be prohibited from being accessed when receiving an operation of prohibiting the first application program from accessing the data of the second application program based on the permission setting interface.
In another possible implementation manner, the apparatus further includes:
the conversion module is configured to convert the first access path into a second access path when the first application program is determined not to have the authority of accessing the data to be accessed according to the authority information;
the access module is further configured to read data corresponding to the second access path from a storage space corresponding to the second access path based on the second access path, and return the read data corresponding to the second access path to the first application program; or,
the access module is further configured to return prompt information when the data corresponding to the second access path is not read from the storage space corresponding to the second access path, where the prompt information is used to indicate that the first application does not have the right to access the data to be accessed.
In another possible implementation manner, the apparatus further includes:
the conversion module is further configured to convert the first access path into a second access path when the data access request is determined to be used for accessing data of a first application program on the terminal according to the path index;
a redirection module configured to redirect the second access path to a third access path;
the access module is further configured to read data corresponding to the third access path from the storage space corresponding to the third access path based on the third access path, and return the read data corresponding to the third access path to the first application program.
According to another aspect of the embodiments of the present application, there is provided a terminal, where the terminal includes a processor and a memory, where at least one program code is stored in the memory, and the at least one program code is loaded and executed by the processor to implement the data access method according to any one of the foregoing possible implementation manners.
According to another aspect of the embodiments of the present application, there is provided a computer-readable storage medium having at least one program code stored therein, the at least one program code being loaded and executed by a processor to implement the data access method according to any one of the above-mentioned possible implementation manners.
In the embodiment of the application, a first application program running in a sandbox sends a data access request when accessing data, the data access request carries a first access path used for accessing the data to be accessed, when the data access request is determined to be used for accessing data of a second application program on a terminal according to a path index of the first access path and the first application program has the authority of accessing the data to be accessed, redirection to the first access path is shielded, the data to be accessed is read from a storage space corresponding to the first access path based on the first access path, and the read data is returned to the first application program. The method and the device introduce the path index and the authority information, shield redirection to the first access path when the first application program in the sandbox is determined to access data of the second application program outside the sandbox and has the authority of accessing the data of the second application program according to the path index and the authority information, and access the data to be accessed based on the first access path. When the first application program has the authority of accessing the data of the second application program, the first application program can access the data of the second application program, and the flexibility of data access is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic illustration of an implementation environment provided by an embodiment of the present application;
FIG. 2 is a schematic diagram of an application accessing data according to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating a first application accessing data according to an embodiment of the present application;
FIG. 4 is a diagram illustrating a privilege information check provided in an embodiment of the present application;
FIG. 5 is a schematic diagram of a redirection of a path provided by an embodiment of the present application;
FIG. 6 is a flow chart of a data access method provided by an embodiment of the present application;
FIG. 7 is a flow chart of a data access method provided by an embodiment of the present application;
fig. 8 is a schematic structural diagram of a data access device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a terminal according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The terms "first," "second," "third," and "fourth," etc. in the description and claims of this application and in the accompanying drawings, if any, are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic diagram of an implementation environment provided by an embodiment of the present application. Referring to fig. 1, the implementation environment includes a terminal 101 and a server 102; the terminal 101 and the server 102 are connected via a wireless or wired network. Moreover, an application program that the server 102 provides services may be installed on the terminal 101, and a user corresponding to the terminal 101 may implement functions such as data transmission and message interaction through the application program.
The terminal 101 may be a computer, a mobile phone, a tablet computer or other electronic devices. The application program may be any application program installed on the terminal 101; the application program may be an application program in the operating system of the terminal 101, or may be an application program provided by a third party. For example, the application may be a social application, a music application, a video application, a shopping application, or an information browsing application, among others. The information browsing application may be a news application or a reading application, etc. The server 102 may be a backend server 102 corresponding to the application. Accordingly, the server 102 may be a social application server, music server, video server, shopping server, or information browsing application server, among others.
In the android system, access to data is primarily through a Content Provider (Content Provider) component. Referring to fig. 2, the application may Access different Data through a content provider component, and specifically, the application of the Business Layer (Business Layer) may perform read and write operations on a network resource (Internet), a lightweight database (SQLite), and a file (Files) of the Data Layer (Data Layer) through the content provider component of the Data Access Layer (Data Layer) based on an inter-process communication mechanism (Binder) and an Anonymous Shared Memory subsystem (Ashmem).
In the embodiment of the application, two identical application programs can be simultaneously run on the terminal. Where one application runs inside the sandbox and another application runs outside the sandbox. To distinguish between the two applications, the application running inside the sandbox is described as the first application and the application running outside the sandbox is described as the second application. The first application and the second application may run based on different accounts, for example, the applications are social applications, the first application may log in to a work account for work communication, and the second application may log in to a personal account for personal life communication. The application program may store some data with a large occupied space in the external storage space, for example, some data such as pictures, videos, audios, or files with a large occupied space may be stored in the external storage space. The first application program in the sandbox can perform data reading and writing operations through the virtual storage space in the sandbox, the virtual storage space is realized by redirecting a data path, referring to fig. 3, the first application program initiates the data reading and writing operations, hooks the first application program to perform the data reading and writing operations through a Hook (Hook) technology, redirects the data path specified by the data reading and writing operations into the virtual storage space in the sandbox, and performs the data reading and writing operations on the virtual storage space in the sandbox through system call. For example, the data path designated by the read/write operation of the first application program on the data is "/sdcard/title/QQ _ Images", and the data path is redirected to "/sdcard/sandbox/title/QQ _ Images", so as to realize the read/write operation of the first application program on the data of the virtual storage space in the sandbox.
And the data path of the first application program is redirected, and only the data in the virtual storage space can be accessed, so that the data stored by the first application program and the data stored by the second application program are isolated. In practical applications, some data stored by the first application and the second application do not need to be isolated, for example, some pictures that can be disclosed do not need to be isolated. By the method provided by the embodiment of the application, the terminal can flexibly access the data according to the dynamically set authority information of the data. For example, referring to fig. 4, when a first application wants to access a multimedia library, a check of the rights information needs to be performed. When the permission information is used for indicating that the first application program has the permission to access the multimedia library of the second application program, namely the permission information is allowed to access, the first application program can access the multimedia library of the second application program; when the permission information is used to indicate that the first application does not have permission to access the multimedia library of the second application, the first application does not access the multimedia library of the second application.
When the first application program accesses data, the terminal redirects a path for accessing the data. The terminal can redirect the path according to the redirection rule. The redirection rule may be to add a sandbox prefix or delete a sandbox prefix. The sandbox prefix in the path may be "/sandbox". For example, referring to fig. 5, when the path of the first application accessing data is "/sdcard/app 1/Images (/ memory card/first application/picture)", the terminal redirects the path of the first application accessing data to "/sdcard/sandbox/app 1/Images (/ memory card/sandbox/first application/picture)". When the path of the first application program accessing the data is "/sdcard/sandbox/app 1/Images", the terminal redirects the path of the first application program accessing the data to "/sdcard/app 1/Images".
Fig. 6 is a flowchart of a data access method according to an embodiment of the present application. Referring to fig. 6, the embodiment includes:
601. the terminal receives a data access request sent by a first application program on the terminal, wherein the data access request carries a first access path for accessing data to be accessed.
The data access request is used for requesting to access the data to be accessed. The first access path is a path for storing the data to be accessed in the storage space, and is used for reading the data to be accessed from the storage space.
When an interface of a first application program is displayed on the terminal and an access operation which is executed by a user and used for indicating data to be accessed is received, the first application program sends a data access request to an operating system of the terminal. The operating system receives a data access request sent by a first application program on the terminal, wherein the data access request carries a first access path for accessing data to be accessed. The access operation performed by the user to indicate data to be accessed may be a click operation, a gesture operation, a voice control operation, or the like, and is not particularly limited herein.
For example, the first application program is a social application, when a chat interface of the first application program is displayed on the terminal, the user clicks a control sharing a picture of the second application program on the interface, the first application program sends a data access request to the operating system, the data access request is used for requesting to access the picture of the second application program, and the data access request carries a first access path of the picture of the second application program.
602. The terminal acquires a path index of the first access path.
The path index of the first access path is used to determine whether the first access path is used to access a memory space corresponding to a first application within the sandbox or is used to determine whether the first access path is used to access a memory space corresponding to a second application outside the sandbox.
The terminal may obtain the path index of the first access path from a database storing the first access path and the path index of the first access path.
Before acquiring the path index of the first access path, the terminal may generate the path index of the first access path, and store the first access path and the index of the first access path in the database. In a possible implementation manner, the step of generating, by the terminal, the path index of the first access path may be: when the terminal stores the data to be accessed, the path index of the first access path is determined according to the number of the data stored in the storage space corresponding to the application program for storing the data to be accessed.
For example, when the application on the terminal stores the data to be accessed, if the number of the data already stored in the storage space of the application is 10, the data to be accessed is the 11 th data to be stored by the application, and the path index of the first access path for generating the data to be accessed is 11.
In another possible implementation manner, the terminal may generate an index of the first access path according to the form of the first access path. Correspondingly, the step of generating, by the terminal, the path index of the first access path may further be: when the terminal stores the data to be accessed, generating a first access path of the data to be accessed according to information such as an application program where the data to be accessed is located, the data type of the data to be accessed and the like; and the terminal generates a path index of the data to be accessed according to the form of the first access path of the data to be accessed.
For example, a path for accessing memory corresponding to a first application within a sandbox typically carries a "sandbox" and a path for accessing memory corresponding to a second application outside of the sandbox typically does not carry a "sandbox". The terminal may generate an index of the first access path according to whether the first access path has "sandbox". When the first access path does not contain the 'sandbox', generating an index of the first access path as '0'; when the first access path has "sandbox", the index of the first access path is generated to be "1".
603. And the terminal determines that the data access request is used for accessing the data of the second application program on the terminal according to the path index.
When the first application program accesses data through the content provider component, the path access tool can be obtained through the content provider component, and the data access request is determined to be used for accessing the data of the second application program on the terminal according to the matching condition of the path index and the index in the path access tool. Correspondingly, the steps can be as follows: the terminal matches the path index with each index in the path access tools, each path access tool comprises a first path access tool and a second path access tool, the first path access tool comprises a first index of a first storage path of at least one first data of a first application program, and the second path access tool comprises a second index of a second storage path of at least one second data of a second application program; when the path index matches a second index in a second path access tool, it is determined that the data access request is for accessing data of a second application on the terminal. When the path index matches a first index in the first path access tool, it is determined that the data access request is for accessing data of a first application on the terminal.
For example, the indices in the path access tool are "1", "2", "3", "4", and "5"; the first index in the first path access tool is "1", "2", and "4"; the second index in the second path access tool is "3" and "5". When the path index of the first access data is '3', the path index is matched with a second index in a second path access tool, and the data access request is determined to be used for accessing data of a second application program on the terminal; when the path index of the first access data is "2", the path index is matched with the first index in the first path access tool, and it is determined that the data access request is for accessing data of the first application program on the terminal.
Referring to fig. 7, when the first application accesses data through the content provider component, the path access tool may be obtained through a query (query) method provided by the content provider component. The terminal acquires the path index of the first access path, and matches the path index with the index in the path access tool, so that the data access request can be determined to be used for accessing the data of the first application program on the terminal or the data access request is used for accessing the data of the second application program on the terminal. In a sandbox scenario, redirection of the path is generally achieved by adding a "sandbox" to the path. The first storage path of the data of the first application is usually provided with a "sandbox", and the first storage path of the first application can be regarded as a "redirected" path, the second storage path of the data of the second application is usually not provided with a "sandbox", and the second storage path of the data of the second application can be regarded as a path without "redirected". The determination that the data access request is for accessing data of the first application on the terminal or the data access request is for accessing data of the second application may be regarded as a determination of whether the first access path is redirected. When the first access path is redirected, the data access request is indicated for accessing data of the first application program, and when the first access path is not redirected, the data access request is indicated for accessing data of the second application program.
It should be noted that, before matching the path index with each index in the path access tool, the path access tool needs to be generated according to a first storage path of data stored in the first application program and a second storage path of data stored in the second application program. Correspondingly, generating the path access tool according to the first storage path of the data stored by the first application program and the second storage path of the data stored by the second application program can be realized through the following steps (1) to (3):
(1) the terminal acquires a first storage path of at least one first data of a first application program and a second storage path of at least one second data of a second application program.
When the terminal applies the data access method provided by the embodiment of the application for the first time, a path access tool needs to be initialized. The terminal needs to acquire a first storage path of at least one first data stored in a storage space of a current first application program in the sandbox and a second storage path of at least one second data stored in a storage space of a current second application program outside the sandbox.
For example, when the terminal initializes the path access tool, the first application program stores 10 first data in the storage space inside the sandbox, the second application program stores 8 second data in the storage space outside the sandbox, and the terminal needs to obtain a first storage path of each first data in the 10 first data and a second storage path of each second data in the 8 second data, respectively.
When new first data is stored in a storage space corresponding to a first application program or new second data is stored in a storage space corresponding to a second application program, the terminal acquires a first storage path of the first data or a second storage path of the second data.
(2) And the terminal generates a first index corresponding to the first storage path of each first data according to the first storage path of each first data, and generates a second index corresponding to the second storage path of each second data according to the second storage path of each second data.
This step is similar to the step of generating the path index of the first access path by the terminal, and is not described herein again.
(3) The terminal encapsulates a first index corresponding to a first storage path of each first data in a first path access tool, and encapsulates a second index corresponding to a second storage path of each second data in a second path access tool; merging the first path access tool and the second path access tool into a path access tool.
The terminal encapsulates a first index corresponding to the first storage path of each first data in the first path access tool, and when the path index of the first access path matches the first index in the first path access tool, it can be determined that the data access request corresponding to the first access path is used for accessing the data of the first application program. And the terminal encapsulates a second index corresponding to a second storage path of the second data in the second path access tool, and when the path index of the first access path is matched with the second index in the second path access tool, the terminal can determine that the data access request corresponding to the first access path is used for accessing the data of the second application program.
The terminal merges a first path access tool and a second path access tool into the path access tool, when a first application program accesses data through a content provider component, the path access tool can be obtained through a query method provided by the content provider component, a path index of a first access path is matched with a first index in the first path access tool and a second index in the second path access tool respectively, when the path index of the first access path is matched with the first index in the first path access tool, a data access request is determined to be used for accessing data of the first application program, and when the path index of the first access path is matched with the second index in the second path access tool, the data access request is determined to be used for accessing data of the second application program.
Another point to be noted is that the terminal can determine that the data access request is for accessing data of the second application on the terminal through steps 602 and 603. The terminal may also determine, based on the form of the first access path, that the data access request is for accessing data of a second application on the terminal. In a sandbox scenario, a first storage path for data of a first application is typically accompanied by a "sandbox" and a second storage path for data of a second application is typically devoid of a "sandbox". The determination that the data access request is for accessing data of the first application on the terminal or the data access request is for accessing data of the second application may be made by determining whether the first access path has "sandbox" therein. And when the first access path is provided with the 'sandbox', determining that the data access request is used for accessing the data of the first application program on the terminal, and when the first access path is not provided with the 'sandbox', determining that the data access request is used for accessing the data of the second application program on the terminal.
It should be noted that, according to the path index, the terminal may also determine that the data access request is used for accessing the data of the first application program on the terminal. When the terminal determines that the data access request is for accessing the data of the first application on the terminal according to the path index, step 604 and step 605 are not performed any more.
When the terminal determines that the data access request is used for accessing the data of the first application program on the terminal according to the path index, converting the first access path into a second access path; redirecting the second access path to a third access path; and based on the third access path, reading the data corresponding to the third access path from the storage space corresponding to the third access path, and returning the read data corresponding to the third access path to the first application program. With continued reference to fig. 7, when the terminal determines that the data access request is for accessing data of the first application on the terminal, i.e., that the first access path is redirected, the first access path is converted into the second access path.
Wherein the step of converting the first access path into the second access path may be implemented according to a redirection rule. For example, the first access path is "/sdcard/sandbox/concentration/QQ _ Images", and the second access path converted according to the redirection rule is "/sdcard/concentration/QQ _ Images".
When the first application program accesses data, the terminal redirects a path for accessing the data. The terminal may redirect the second access path to a third access path. For example, the second access path is "/sdcard/tencent/QQ _ Images", and the redirected third access path is "/sdcard/sandbox/tencent/QQ _ Images". The third access path is the same as the first access path and is used for accessing data of the first application program.
In this embodiment, the terminal can match the path index of the first access path with the index in the path access tool, and determine that the data access request is used for accessing data of the second application program on the terminal or the data access request is used for accessing data of the first application program on the terminal. The data access request is determined to be used for accessing the data of which application program in a matching index mode, and the efficiency is high.
604. And when the data access request is determined to be used for accessing the data of the second application program on the terminal according to the path index, the terminal acquires the authority information of the data to be accessed.
The first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox.
The terminal may store the authority information of the data to be accessed in a storage space accessible by the first application, and when it is determined that the data access request is for accessing the data of the second application on the terminal, the terminal acquires the authority information of the data to be accessed from the storage space in which the authority information is stored. The terminal can associate the first access path of the data to be accessed with the authority information of the data to be accessed, and acquire the authority information of the data to be accessed according to the first access path. The terminal can also associate the path index of the first access path of the data to be accessed with the authority information of the data to be accessed, and acquire the authority information of the data to be accessed according to the path index.
The terminal can also store the authority information of the data to be accessed in the server, and when the data access request is determined to be used for accessing the data of the second application program on the terminal, the terminal acquires the authority information of the data to be accessed from the server.
The terminal may also obtain the permission information of the data to be accessed through other manners, and the manner in which the terminal obtains the permission information of the data to be accessed is not particularly limited herein.
In the embodiment of the application, the terminal can acquire the authority information of the data to be accessed, so that the data can be accessed according to the authority information, and the flexibility of data access is improved.
It should be noted that the terminal supports the user to set the authority information of the data when storing the data. In a possible implementation manner, before the terminal acquires the permission information of the data to be accessed, the permission information set by the second application program may be received. Correspondingly, the step that the terminal supports the user to set the authority information of the data when the data is stored can be as follows: in the second application program, when a storage instruction of data to be accessed is received, the terminal displays a setting interface of the authority information; when receiving an operation of allowing a first application program to access data to be accessed based on a setting interface, setting authority information of the data to be accessed as permission to access by a terminal; when receiving an operation of prohibiting the first application program from accessing the data to be accessed based on the setting interface, the terminal sets the authority information of the data to be accessed as prohibited access.
When the terminal runs the second application program and the user triggers the operation of storing the data to be accessed, the terminal receives a storage instruction of the data to be accessed and displays a setting interface of the permission information. The setup interface is used to ask the user whether the first application in the sandbox has access to the data to be accessed. For example, the setting interface may be set as a pop-up window, and when the user triggers the operation of saving the picture, the setting interface is displayed in the current interface, and provides text information of whether the picture allows the first application program to access and buttons of yes and no which can be clicked. When the clicking operation to the 'yes' is received, the terminal sets the authority information of the picture as permission to access, and when the clicking operation to the 'no' is received, the terminal sets the authority information of the picture as prohibition to access.
In another possible implementation manner, the terminal further supports that the user sets the authority information for the stored data. Before the terminal acquires the authority information of the data to be accessed, the authority information set by the user can be received through a setting interface in an operating system of the terminal or a setting interface of an application program of a sandbox environment provided on the terminal. Correspondingly, the step that the terminal supports the user to set the authority information for the stored data may be: the terminal displays an authority setting interface corresponding to the second application program; when receiving an operation of allowing the first application program to access the data of the second application program based on the permission setting interface, the terminal sets permission information of the data of the second application program to allow access; when receiving an operation of prohibiting the first application program from accessing the data of the second application program based on the permission setting interface, the terminal sets permission information of the data of the second application program to prohibit access.
The terminal can set the permission setting interface corresponding to the second application program as a sub-interface of the setting interface in the terminal operating system. The terminal can also set the permission setting interface corresponding to the second application program as a sub-interface of the setting interface of the application program providing the sandbox environment on the terminal. The terminal can also set the authority setting interface corresponding to the second application program as a sub-interface of the second application program.
And when receiving the operation that the user sets that the second application program can be opened in a double mode or receiving the operation that the user opens the authority setting interface, displaying the authority setting interface for inquiring whether the first application program of the user can access the data of the second application program. For example, a permission setting interface is displayed in the current interface, and the permission setting interface can provide text information of whether the first application can access all data of the second application and clicked yes and no buttons. When the clicking operation of 'yes' is received, the terminal sets the authority information of the data of the second application program to be allowed to access, namely the first application program can access all the data stored in the external storage space by the second application program; when the clicking operation of 'no' is received, the terminal sets the authority information of the data of the second application program to be access-prohibited, namely the first application program does not have the authority of accessing the data of the second application program.
The permission setting interface may also be used to ask the user which data of the second application the first application is able to access. For example, a pop-up window is displayed in the current interface, and the pop-up window can provide text information of which data of the second application can be accessed by the first application, and options of "picture", "video and audio", "document", and "access prohibition", etc. When receiving an operation that a user selects a picture option, the terminal sets the permission information as a picture which can be stored in an external storage space by a first application program and can be accessed by a second application program; when receiving an operation that a user selects an 'access prohibition' option, the terminal sets the authority information as the authority of the first application program which does not access the data of the second application program.
In the embodiment of the application, the terminal supports the user to set the authority information of the data to be accessed, the user can set which data can be shared and which data cannot be shared according to the self requirement, and the experience degree of the user can be improved.
605. When the first application program is determined to have the authority to access the data to be accessed according to the authority information, the terminal shields the redirection of the first access path; and based on the first access path, reading the data to be accessed from the storage space corresponding to the first access path, and returning the read data to the first application program.
When the first application program accesses data, the terminal redirects a path for accessing the data. When the first application program is determined to have the right to access the data to be accessed, the first application program is allowed to access the data to be accessed of the second application program, and the first access path pointing to the storage space of the second application program does not need to be redirected. When the first application has the right to access the data to be accessed of the second application, the terminal needs to shield the redirection to the first access path.
When the terminal determines that the first application has the right to access the data to be accessed, it may be marked that the first access path does not need to be redirected. For example, when the terminal determines that the first application has the right to access the data to be accessed, the first access path may carry a flag "1", where the flag "1" is used to indicate that the first access path does not need to be redirected. Before the terminal executes the redirection operation to the first access path, whether the first access path carries a mark '1' is judged. If the first access path carries the mark '1', the redirection operation of the first access path is not executed, namely the redirection of the first access path is shielded; and if the first access path does not carry the mark '1', executing redirection operation on the first access path.
In the embodiment of the application, when the first application program has the right to access the data of the second application program, the terminal shields the redirection of the first access path, so that the first application program can access the data of the second application program, the data of the first application program and the data of the second application program are not completely isolated any more, and the flexibility of data access is improved.
It should be noted that, according to the permission information, the terminal may also determine that the first application does not have the permission to access the data to be accessed. When the first application program does not have the right to access the data to be accessed, the first application program cannot access the data to be accessed.
In a possible implementation manner, when the terminal determines that the first application does not have the right to access the data to be accessed, the first access path is redirected to the storage space corresponding to the first application, and the data is read from the storage space corresponding to the first application. Correspondingly, when the terminal determines that the first application program does not have the right to access the data to be accessed, the step of accessing the data may be: when the terminal determines that the first application program does not have the authority to access the data to be accessed according to the authority information, the first access path is converted into a second access path; and based on the second access path, reading the data corresponding to the second access path from the storage space corresponding to the second access path, and returning the read data corresponding to the second access path to the first application program.
In one possible implementation, the second access path may be a path generated by the first access path according to a redirection rule. The redirection rule may add a "sandbox" prefix at a specified location of the first access path. For example, the first access path is "/sdcard/tencent/QQ _ Images/img _ 1", and the second access path generated by the first access path according to the redirection rule may be "/sdcard/sandbox/tencent/QQ _ Images/img _ 1".
In another possible implementation manner, the second access path has no corresponding data in the storage space corresponding to the second access path. And when the data corresponding to the second access path cannot be read from the storage space corresponding to the second access path, returning prompt information, wherein the prompt information is used for indicating that the first application program does not have the right of accessing the data to be accessed.
In another possible implementation manner, when the terminal determines that the first application does not have the right to access the data to be accessed, prompt information may also be directly returned, where the prompt information is used to indicate that the first application does not have the right to access the data to be accessed. The step of converting the first access path to the second access path is not performed anymore.
In another possible implementation manner, when the terminal determines that the first application does not have the right to access the data to be accessed, the terminal may not return any information or data and may not perform the step of converting the first access path into the second access path.
It should be noted that, with continued reference to fig. 7, when it is determined that the first application has the right to access the data to be accessed, that is, when it is determined that the first access path is not redirected, the terminal shields the redirection of the first access path. Based on the first access path, reading data to be accessed from a storage space corresponding to the first access path, returning the read data to the first application program, namely after completing data operation, removing the shielding of the redirection of the first access path, namely recovering the redirection of the first access path.
In the embodiment of the application, when the first application program does not have the authority of accessing the data of the second application program, the first application program does not access the data to be accessed of the second application program, and the security of data access can be improved.
In the embodiment of the application, the path index and the authority information are introduced, when the first application program in the sandbox is determined to access the data of the second application program outside the sandbox and has the authority of accessing the data of the second application program according to the path index and the authority information, the redirection of the first access path is shielded, and the data to be accessed is accessed based on the first access path. When the first application program has the authority of accessing the data of the second application program, the first application program can access the data of the second application program, and the flexibility of data access is improved.
All the above optional technical solutions may be combined arbitrarily to form optional embodiments of the present application, and are not described herein again.
Fig. 8 is a schematic structural diagram of a data access device according to an embodiment of the present application. Referring to fig. 8, the apparatus includes:
a receiving module 801, configured to receive a data access request sent by a first application on a terminal, where the data access request carries a first access path for accessing data to be accessed;
an obtaining module 802 configured to obtain a path index of the first access path; when the data access request is determined to be used for accessing the data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
a shielding module 803 configured to shield redirection to the first access path when it is determined that the first application has the right to access the data to be accessed according to the right information;
and the access module 804 is configured to read data to be accessed from the storage space corresponding to the first access path based on the first access path, and return the read data to the first application program.
In one possible implementation, the apparatus further includes: a matching module configured to match the path index with each index in path access tools, the path access tools including a first path access tool including a first index of a first storage path of at least one first data of a first application and a second path access tool including a second index of a second storage path of at least one second data of a second application;
a determination module configured to determine that the data access request is for accessing data of a second application on the terminal when the path index matches a second index in the second path access tool.
In another possible implementation manner, the apparatus further includes:
an obtaining module 802, further configured to obtain a first storage path of at least one first data of a first application and a second storage path of at least one second data of a second application;
the generating module is configured to generate a first index corresponding to the first storage path of each first data according to the first storage path of each first data, and generate a second index corresponding to the second storage path of each second data according to the second storage path of each second data;
the encapsulation module is configured to encapsulate a first index corresponding to the first storage path of each first data in the first path access tool, and encapsulate a second index corresponding to the second storage path of each second data in the second path access tool;
a merging module configured to merge the first path access tool and the second path access tool into a path access tool.
In another possible implementation manner, the apparatus further includes:
the display module is configured to display a setting interface of the authority information when receiving a storage instruction of the data to be accessed in the second application program;
the setting module is configured to set the authority information of the data to be accessed as permission to access when receiving an operation of permitting the first application program to access the data to be accessed based on the setting interface;
the setting module is further configured to set the authority information of the data to be accessed as access prohibition when receiving operation of prohibiting the first application program from accessing the data to be accessed based on the setting interface.
In another possible implementation manner, the apparatus further includes:
the display module is also configured to display an authority setting interface corresponding to the second application program;
the setting module is further configured to set the authority information of the data of the second application program to be allowed to be accessed when receiving an operation of allowing the first application program to access the data of the second application program based on the authority setting interface;
the setting module is further configured to set the authority information of the data of the second application program to be access-prohibited when receiving an operation of prohibiting the first application program from accessing the data of the second application program based on the authority setting interface.
In another possible implementation manner, the apparatus further includes:
the conversion module is configured to convert the first access path into a second access path when the first application program is determined not to have the authority of accessing the data to be accessed according to the authority information;
the access module 804 is further configured to read data corresponding to the second access path from the storage space corresponding to the second access path based on the second access path, and return the read data corresponding to the second access path to the first application; or,
the accessing module 804 is further configured to return prompt information when the data corresponding to the second access path is not read from the storage space corresponding to the second access path, where the prompt information is used to indicate that the first application program does not have the right to access the data to be accessed.
In another possible implementation manner, the apparatus further includes:
a conversion module configured to convert the first access path into a second access path when it is determined that the data access request is for accessing data of the first application on the terminal according to the path index;
a redirection module configured to redirect the second access path to a third access path;
the access module 804 is further configured to read data corresponding to the third access path from the storage space corresponding to the third access path based on the third access path, and return the read data corresponding to the third access path to the first application.
In the embodiment of the application, the path index and the authority information are introduced, when the first application program in the sandbox is determined to access the data of the second application program outside the sandbox and has the authority of accessing the data of the second application program according to the path index and the authority information, the redirection of the first access path is shielded, and the data to be accessed is accessed based on the first access path. When the first application program has the authority of accessing the data of the second application program, the first application program can access the data of the second application program, and the flexibility of data access is improved.
It should be noted that: in the data access device provided in the above embodiment, only the division of the above functional modules is taken as an example for data access, and in practical applications, the above function distribution may be completed by different functional modules as needed, that is, the internal structure of the terminal is divided into different functional modules to complete all or part of the above described functions. In addition, the data access device and the data access method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments and are not described herein again.
Fig. 9 shows a block diagram of a terminal 900 according to an exemplary embodiment of the present application. The terminal 900 may be: a smart phone, a tablet computer, an MP3 player (Moving Picture Experts Group Audio Layer III, motion video Experts compression standard Audio Layer 3), an MP4 player (Moving Picture Experts Group Audio Layer iv, motion video Experts compression standard Audio Layer 4), a notebook computer, or a desktop computer. Terminal 900 may also be referred to by other names such as user equipment, portable terminals, laptop terminals, desktop terminals, and the like.
In general, terminal 900 includes: a processor 901 and a memory 902.
In some embodiments, terminal 900 can also optionally include: a peripheral interface 903 and at least one peripheral. The processor 901, memory 902, and peripheral interface 903 may be connected by buses or signal lines. Various peripheral devices may be connected to the peripheral interface 903 via a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of a radio frequency circuit 904, a touch display screen 905, a camera assembly 906, an audio circuit 907, a positioning assembly 908, and a power supply 909.
The peripheral interface 903 may be used to connect at least one peripheral related to I/O (Input/Output) to the processor 901 and the memory 902. In some embodiments, the processor 901, memory 902, and peripheral interface 903 are integrated on the same chip or circuit board; in some other embodiments, any one or two of the processor 901, the memory 902 and the peripheral interface 903 may be implemented on a separate chip or circuit board, which is not limited by this embodiment.
The Radio Frequency circuit 904 is used for receiving and transmitting RF (Radio Frequency) signals, also called electromagnetic signals. The radio frequency circuitry 904 communicates with communication networks and other communication devices via electromagnetic signals. The radio frequency circuit 904 converts an electrical signal into an electromagnetic signal to transmit, or converts a received electromagnetic signal into an electrical signal. Optionally, the radio frequency circuit 904 comprises: an antenna system, an RF transceiver, one or more amplifiers, a tuner, an oscillator, a digital signal processor, a codec chipset, a subscriber identity module card, and so forth. The radio frequency circuit 904 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocols include, but are not limited to: metropolitan area networks, various generation mobile communication networks (2G, 3G, 4G, and 5G), Wireless local area networks, and/or WiFi (Wireless Fidelity) networks. In some embodiments, the radio frequency circuit 904 may also include NFC (Near Field Communication) related circuits, which are not limited in this application.
The display screen 905 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display screen 905 is a touch display screen, the display screen 905 also has the ability to capture touch signals on or over the surface of the display screen 905. The touch signal may be input to the processor 901 as a control signal for processing. At this point, the display 905 may also be used to provide virtual buttons and/or a virtual keyboard, also referred to as soft buttons and/or a soft keyboard. In some embodiments, the display 905 may be one, providing the front panel of the terminal 900; in other embodiments, the number of the display panels 905 may be at least two, and each of the display panels is disposed on a different surface of the terminal 900 or is in a foldable design; in still other embodiments, the display 905 may be a flexible display disposed on a curved surface or a folded surface of the terminal 900. Even more, the display screen 905 may be arranged in a non-rectangular irregular figure, i.e. a shaped screen. The Display panel 905 can be made of LCD (liquid crystal Display), OLED (Organic Light-Emitting Diode), and the like.
The camera assembly 906 is used to capture images or video. Optionally, camera assembly 906 includes a front camera and a rear camera. Generally, a front camera is disposed at a front panel of the terminal, and a rear camera is disposed at a rear surface of the terminal. In some embodiments, the number of the rear cameras is at least two, and each rear camera is any one of a main camera, a depth-of-field camera, a wide-angle camera and a telephoto camera, so that the main camera and the depth-of-field camera are fused to realize a background blurring function, and the main camera and the wide-angle camera are fused to realize panoramic shooting and VR (Virtual Reality) shooting functions or other fusion shooting functions. In some embodiments, camera assembly 906 may also include a flash. The flash lamp can be a monochrome temperature flash lamp or a bicolor temperature flash lamp. The double-color-temperature flash lamp is a combination of a warm-light flash lamp and a cold-light flash lamp, and can be used for light compensation at different color temperatures.
The positioning component 908 is used to locate the current geographic location of the terminal 900 to implement navigation or LBS (location based Service). The positioning component 908 may be a positioning component based on the GPS (global positioning System) of the united states, the beidou System of china, the graves System of russia, or the galileo System of the european union.
In some embodiments, terminal 900 can also include one or more sensors 910. The one or more sensors 910 include, but are not limited to: acceleration sensor 911, gyro sensor 912, pressure sensor 913, fingerprint sensor 914, optical sensor 915, and proximity sensor 916.
The acceleration sensor 911 can detect the magnitude of acceleration in three coordinate axes of the coordinate system established with the terminal 900. For example, the acceleration sensor 911 may be used to detect the components of the gravitational acceleration in three coordinate axes. The processor 901 can control the touch display 905 to display the user interface in a landscape view or a portrait view according to the gravitational acceleration signal collected by the acceleration sensor 911. The acceleration sensor 911 may also be used for acquisition of motion data of a game or a user.
The gyro sensor 912 may detect a body direction and a rotation angle of the terminal 900, and the gyro sensor 912 may cooperate with the acceleration sensor 911 to acquire a 3D motion of the user on the terminal 900. The processor 901 can implement the following functions according to the data collected by the gyro sensor 912: motion sensing (such as changing the UI according to a user's tilting operation), image stabilization at the time of photographing, game control, and inertial navigation.
Pressure sensors 913 may be disposed on the side bezel of terminal 900 and/or underneath touch display 905. When the pressure sensor 913 is disposed on the side frame of the terminal 900, the user's holding signal of the terminal 900 may be detected, and the processor 901 performs left-right hand recognition or shortcut operation according to the holding signal collected by the pressure sensor 913. When the pressure sensor 913 is disposed at a lower layer of the touch display 905, the processor 901 controls the operability control on the UI interface according to the pressure operation of the user on the touch display 905. The operability control comprises at least one of a button control, a scroll bar control, an icon control and a menu control.
The fingerprint sensor 914 is used for collecting a fingerprint of the user, and the processor 901 identifies the user according to the fingerprint collected by the fingerprint sensor 914, or the fingerprint sensor 914 identifies the user according to the collected fingerprint. Upon recognizing that the user's identity is a trusted identity, processor 901 authorizes the user to perform relevant sensitive operations including unlocking the screen, viewing encrypted information, downloading software, paying, and changing settings, etc. The fingerprint sensor 914 may be disposed on the front, back, or side of the terminal 900. When a physical key or vendor Logo is provided on the terminal 900, the fingerprint sensor 914 may be integrated with the physical key or vendor Logo.
The optical sensor 915 is used to collect ambient light intensity. In one embodiment, the processor 901 may control the display brightness of the touch display 905 based on the ambient light intensity collected by the optical sensor 915. Specifically, when the ambient light intensity is high, the display brightness of the touch display screen 905 is increased; when the ambient light intensity is low, the display brightness of the touch display screen 905 is turned down. In another embodiment, the processor 901 can also dynamically adjust the shooting parameters of the camera assembly 906 according to the ambient light intensity collected by the optical sensor 915.
Proximity sensor 916, also known as a distance sensor, is typically disposed on the front panel of terminal 900. The proximity sensor 916 is used to collect the distance between the user and the front face of the terminal 900. In one embodiment, when the proximity sensor 916 detects that the distance between the user and the front face of the terminal 900 gradually decreases, the processor 901 controls the touch display 905 to switch from the bright screen state to the dark screen state; when the proximity sensor 916 detects that the distance between the user and the front surface of the terminal 900 gradually becomes larger, the processor 901 controls the touch display 905 to switch from the breath screen state to the bright screen state.
Those skilled in the art will appreciate that the configuration shown in fig. 9 does not constitute a limitation of terminal 900, and may include more or fewer components than those shown, or may combine certain components, or may employ a different arrangement of components.
In an exemplary embodiment, there is also provided a computer readable storage medium having at least one program code stored therein, the at least one program code being executable by a processor in a terminal to perform the data access method in the above-described embodiments. For example, the computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The present application also provides a computer program product comprising one or more computer programs for implementing the data access method provided by the above-mentioned method embodiments when executed by a processor.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only exemplary of the present application and should not be taken as limiting, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (10)
1. A method of data access, the method comprising:
receiving a data access request sent by a first application program on a terminal, wherein the data access request carries a first access path for accessing data to be accessed;
acquiring a path index of the first access path;
when the data access request is determined to be used for accessing data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
when the first application program is determined to have the authority to access the data to be accessed according to the authority information, shielding redirection of the first access path;
and based on the first access path, reading the data to be accessed from the storage space corresponding to the first access path, and returning the read data to the first application program.
2. The method of claim 1, further comprising:
matching the path index with each index in path access tools, wherein the path access tools comprise a first path access tool and a second path access tool, the first path access tool comprises a first index of a first storage path of at least one first data of the first application program, and the second path access tool comprises a second index of a second storage path of at least one second data of the second application program;
and when the path index is matched with a second index in the second path access tool, determining that the data access request is used for accessing data of a second application program on the terminal.
3. The method of claim 2, wherein prior to matching the path index with each index in a path access tool, the method further comprises:
acquiring a first storage path of at least one first data of the first application program and a second storage path of at least one second data of the second application program;
generating a first index corresponding to the first storage path of each first data according to the first storage path of each first data, and generating a second index corresponding to the second storage path of each second data according to the second storage path of each second data;
encapsulating a first index corresponding to the first storage path of each first data in the first path access tool, and encapsulating a second index corresponding to the second storage path of each second data in the second path access tool;
merging the first path access tool and the second path access tool into the path access tool.
4. The method according to claim 1, wherein before the obtaining the authority information of the data to be accessed, the method further comprises:
in the second application program, when a storage instruction of the data to be accessed is received, a setting interface of authority information is displayed;
when receiving an operation of allowing the first application program to access the data to be accessed based on the setting interface, setting the authority information of the data to be accessed as permission to access;
and when receiving an operation of prohibiting the first application program from accessing the data to be accessed based on the setting interface, setting the authority information of the data to be accessed as access prohibition.
5. The method according to claim 1, wherein before the obtaining the authority information of the data to be accessed, the method further comprises:
displaying an authority setting interface corresponding to the second application program;
when receiving an operation of allowing the first application program to access the data of the second application program based on the permission setting interface, setting permission information of the data of the second application program to be allowed to access;
and when receiving an operation of prohibiting the first application program from accessing the data of the second application program based on the permission setting interface, setting permission information of the data of the second application program to prohibit access.
6. The method of claim 1, further comprising:
when the first application program is determined not to have the authority of accessing the data to be accessed according to the authority information, converting the first access path into a second access path;
based on the second access path, reading data corresponding to the second access path from a storage space corresponding to the second access path, and returning the read data corresponding to the second access path to the first application program; or,
and when the data corresponding to the second access path cannot be read from the storage space corresponding to the second access path, returning prompt information, wherein the prompt information is used for indicating that the first application program does not have the authority of accessing the data to be accessed.
7. The method of claim 1, further comprising:
when the data access request is determined to be used for accessing the data of the first application program on the terminal according to the path index, converting the first access path into a second access path;
redirecting the second access path to a third access path;
based on the third access path, reading data corresponding to the third access path from a storage space corresponding to the third access path, and returning the read data corresponding to the third access path to the first application program.
8. A data access apparatus, characterized in that the apparatus comprises:
the terminal comprises a receiving module, a processing module and a processing module, wherein the receiving module is configured to receive a data access request sent by a first application program on the terminal, and the data access request carries a first access path for accessing data to be accessed;
an obtaining module configured to obtain a path index of the first access path; when the data access request is determined to be used for accessing data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
the shielding module is configured to shield redirection of the first access path when the first application program is determined to have the authority of accessing the data to be accessed according to the authority information;
and the access module is configured to read the data to be accessed from the storage space corresponding to the first access path based on the first access path, and return the read data to the first application program.
9. A terminal, characterized in that the terminal comprises a processor and a memory, in which at least one program code is stored, which is loaded and executed by the processor to implement the data access method according to any of claims 1-7.
10. A computer-readable storage medium having stored therein at least one program code, the at least one program code being loaded and executed by a processor, to implement the data access method of any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911098758.2A CN110851823B (en) | 2019-11-12 | 2019-11-12 | Data access method, device, terminal and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911098758.2A CN110851823B (en) | 2019-11-12 | 2019-11-12 | Data access method, device, terminal and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110851823A true CN110851823A (en) | 2020-02-28 |
CN110851823B CN110851823B (en) | 2023-03-10 |
Family
ID=69601586
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911098758.2A Active CN110851823B (en) | 2019-11-12 | 2019-11-12 | Data access method, device, terminal and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110851823B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111399790A (en) * | 2020-02-29 | 2020-07-10 | 惠州华阳通用电子有限公司 | Picture sharing system and implementation method thereof |
CN112199183A (en) * | 2020-11-02 | 2021-01-08 | Tcl通讯(宁波)有限公司 | Method and device for controlling application scene data, storage medium and mobile terminal |
CN112528273A (en) * | 2020-12-29 | 2021-03-19 | 天津开心生活科技有限公司 | Medical data detection method, device, medium and electronic equipment |
CN115510429A (en) * | 2022-11-21 | 2022-12-23 | 统信软件技术有限公司 | Sandbox application access right control method, computing device and readable storage medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003104954A2 (en) * | 2002-06-06 | 2003-12-18 | Green Border Technologies | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US20140282501A1 (en) * | 2013-03-12 | 2014-09-18 | Qualcomm Incorporated | Algorithm and Apparatus To Deploy Virtual Machine Monitor on Demand |
EP3048552A1 (en) * | 2015-01-21 | 2016-07-27 | Samsung Electronics Co., Ltd. | Apparatus and method for running multiple instances of a same application in mobile devices |
CN106355100A (en) * | 2016-11-22 | 2017-01-25 | 北京奇虎科技有限公司 | Safety protection system and method |
CN106406986A (en) * | 2016-11-24 | 2017-02-15 | 宇龙计算机通信科技(深圳)有限公司 | Resource sharing method and device |
CN106503157A (en) * | 2016-10-24 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | One kind opens application system and its data shared access method, system |
CN106778291A (en) * | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | The partition method and isolating device of application program |
CN106970978A (en) * | 2017-03-28 | 2017-07-21 | 联想(北京)有限公司 | Data sharing method and device |
CN109271211A (en) * | 2017-07-18 | 2019-01-25 | 阿里巴巴集团控股有限公司 | Method, apparatus of attending to anything else, equipment and the medium of application program |
CN109491725A (en) * | 2018-11-12 | 2019-03-19 | 火烈鸟网络(广州)股份有限公司 | Application program can interact more extractions of root and system, storage medium, electronic equipment |
-
2019
- 2019-11-12 CN CN201911098758.2A patent/CN110851823B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003104954A2 (en) * | 2002-06-06 | 2003-12-18 | Green Border Technologies | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US20140282501A1 (en) * | 2013-03-12 | 2014-09-18 | Qualcomm Incorporated | Algorithm and Apparatus To Deploy Virtual Machine Monitor on Demand |
EP3048552A1 (en) * | 2015-01-21 | 2016-07-27 | Samsung Electronics Co., Ltd. | Apparatus and method for running multiple instances of a same application in mobile devices |
CN106503157A (en) * | 2016-10-24 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | One kind opens application system and its data shared access method, system |
CN106355100A (en) * | 2016-11-22 | 2017-01-25 | 北京奇虎科技有限公司 | Safety protection system and method |
CN106778291A (en) * | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | The partition method and isolating device of application program |
CN106406986A (en) * | 2016-11-24 | 2017-02-15 | 宇龙计算机通信科技(深圳)有限公司 | Resource sharing method and device |
CN106970978A (en) * | 2017-03-28 | 2017-07-21 | 联想(北京)有限公司 | Data sharing method and device |
CN109271211A (en) * | 2017-07-18 | 2019-01-25 | 阿里巴巴集团控股有限公司 | Method, apparatus of attending to anything else, equipment and the medium of application program |
CN109491725A (en) * | 2018-11-12 | 2019-03-19 | 火烈鸟网络(广州)股份有限公司 | Application program can interact more extractions of root and system, storage medium, electronic equipment |
Non-Patent Citations (2)
Title |
---|
P. WRENCH;B. IRWIN: "A Sandbox-Based Approach to the Deobfuscation and Dissection of PHP-Based Malware" * |
崔海娜: "基于虚拟化及重定向技术的Android沙箱的设计与实现" * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111399790A (en) * | 2020-02-29 | 2020-07-10 | 惠州华阳通用电子有限公司 | Picture sharing system and implementation method thereof |
CN111399790B (en) * | 2020-02-29 | 2023-03-28 | 惠州华阳通用电子有限公司 | Picture sharing system and implementation method thereof |
CN112199183A (en) * | 2020-11-02 | 2021-01-08 | Tcl通讯(宁波)有限公司 | Method and device for controlling application scene data, storage medium and mobile terminal |
CN112528273A (en) * | 2020-12-29 | 2021-03-19 | 天津开心生活科技有限公司 | Medical data detection method, device, medium and electronic equipment |
CN115510429A (en) * | 2022-11-21 | 2022-12-23 | 统信软件技术有限公司 | Sandbox application access right control method, computing device and readable storage medium |
CN115510429B (en) * | 2022-11-21 | 2023-04-14 | 统信软件技术有限公司 | Sandbox application access right control method, computing device and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110851823B (en) | 2023-03-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110674022B (en) | Behavior data acquisition method and device and storage medium | |
CN110602321B (en) | Application program switching method and device, electronic device and storage medium | |
CN110851823B (en) | Data access method, device, terminal and storage medium | |
CN111597008A (en) | Popup management method, popup management device, terminal and storage medium | |
CN109068008B (en) | Ringtone setting method, device, terminal and storage medium | |
CN108717365B (en) | Method and device for executing function in application program | |
CN110032417A (en) | Session entry mask method, apparatus, equipment and storage medium | |
CN111159604A (en) | Picture resource loading method and device | |
CN113051015A (en) | Page rendering method and device, electronic equipment and storage medium | |
CN113377647B (en) | Page processing method, device, server, terminal and readable storage medium | |
CN107943484B (en) | Method and device for executing business function | |
CN110825465B (en) | Log data processing method and device, electronic equipment and storage medium | |
CN110502708B (en) | Method, device and storage medium for communication based on JSbridge | |
CN111580892B (en) | Method, device, terminal and storage medium for calling service components | |
CN113495770A (en) | Method, device, terminal and storage medium for displaying application page | |
CN111241451A (en) | Webpage processing method and device, computer equipment and storage medium | |
CN114816600B (en) | Session message display method, device, terminal and storage medium | |
CN109101158A (en) | Import the method, apparatus and storage medium of list of songs | |
CN111158780B (en) | Method, device, electronic equipment and medium for storing application data | |
CN109189525B (en) | Method, device and equipment for loading sub-page and computer readable storage medium | |
CN111191254B (en) | Access verification method, device, computer equipment and storage medium | |
CN113076452A (en) | Application classification method, device, equipment and computer readable storage medium | |
CN111866047B (en) | Data decoding method, device, computer equipment and storage medium | |
CN110968549A (en) | File storage method and device, electronic equipment and medium | |
CN112764824A (en) | Method, device, equipment and storage medium for triggering identity authentication in application program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40022444 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant |