CN110851823B - Data access method, device, terminal and storage medium - Google Patents

Data access method, device, terminal and storage medium Download PDF

Info

Publication number
CN110851823B
CN110851823B CN201911098758.2A CN201911098758A CN110851823B CN 110851823 B CN110851823 B CN 110851823B CN 201911098758 A CN201911098758 A CN 201911098758A CN 110851823 B CN110851823 B CN 110851823B
Authority
CN
China
Prior art keywords
data
access
path
application program
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911098758.2A
Other languages
Chinese (zh)
Other versions
CN110851823A (en
Inventor
杜文涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201911098758.2A priority Critical patent/CN110851823B/en
Publication of CN110851823A publication Critical patent/CN110851823A/en
Application granted granted Critical
Publication of CN110851823B publication Critical patent/CN110851823B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The application provides a data access method, a data access device, a terminal and a storage medium, and belongs to the technical field of the Internet. The method comprises the following steps: receiving a data access request sent by a first application program on a terminal, wherein the data access request carries a first access path for accessing data to be accessed; acquiring a path index of a first access path; when the data access request is determined to be used for accessing the data of the second application program according to the path index, acquiring the authority information of the data to be accessed; when the first application program is determined to have the authority to access the data to be accessed according to the authority information, the redirection to the first access path is shielded; and based on the first access path, reading the data to be accessed from the storage space corresponding to the first access path, and returning the read data to the first application program. When the first application program has the authority of accessing the data of the second application program, the first application program can access the data of the second application program, and the flexibility of data access is improved.

Description

Data access method, device, terminal and storage medium
Technical Field
The present application relates to the field of internet technologies, and in particular, to a data access method, apparatus, terminal, and storage medium.
Background
With the development of internet technology, two identical application programs can be simultaneously run in electronic devices such as mobile phones and tablet computers. For example, to distinguish work from life, a person may run two identical application programs in one electronic device at the same time, one login work account as a work application, and the other login personal account as a personal application, and data of the work application and the personal application are isolated and cannot be accessed to each other.
In the related art, a sandbox is established in the android system, which can provide an independent, isolated operating environment for applications. And copying the installation package of the application program into the sandbox so that the application program can run in the sandbox. In the aspect of data access, the file path of the application program in the sandbox is redirected to the specified path of the sandbox, so that the application program in the sandbox can only access the file of the specified path of the sandbox, and the data isolation of the application program in the sandbox and the application program outside the sandbox is realized.
In the related art, data of an application program inside a sandbox and data of an application program outside the sandbox are completely isolated, and flexibility of data access is weak.
Disclosure of Invention
The embodiment of the application provides a data access method, a data access device, a terminal and a storage medium, and can solve the problem of weak data access flexibility. The technical scheme is as follows:
according to an aspect of an embodiment of the present application, there is provided a data access method, including:
receiving a data access request sent by a first application program on a terminal, wherein the data access request carries a first access path for accessing data to be accessed;
acquiring a path index of the first access path;
when the data access request is determined to be used for accessing data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
when the first application program is determined to have the authority to access the data to be accessed according to the authority information, shielding redirection of the first access path;
and based on the first access path, reading the data to be accessed from the storage space corresponding to the first access path, and returning the read data to the first application program.
According to another aspect of embodiments of the present application, there is provided a data access apparatus, including:
the terminal comprises a receiving module, a processing module and a processing module, wherein the receiving module is configured to receive a data access request sent by a first application program on the terminal, and the data access request carries a first access path for accessing data to be accessed;
an obtaining module configured to obtain a path index of the first access path; when the data access request is determined to be used for accessing data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
the shielding module is configured to shield redirection of the first access path when the first application program is determined to have the authority of accessing the data to be accessed according to the authority information;
and the access module is configured to read the data to be accessed from the storage space corresponding to the first access path based on the first access path, and return the read data to the first application program.
In one possible implementation, the apparatus further includes: a matching module configured to match the path index with each index in path access tools, the path access tools including a first path access tool including a first index of a first storage path of at least one first data of the first application and a second path access tool including a second index of a second storage path of at least one second data of the second application;
a determination module configured to determine that the data access request is for accessing data of a second application on a terminal when the path index matches a second index in the second path access tool.
In another possible implementation manner, the apparatus further includes:
the obtaining module is further configured to obtain a first storage path of at least one first data of the first application program and a second storage path of at least one second data of the second application program;
the generating module is configured to generate a first index corresponding to the first storage path of each first data according to the first storage path of each first data, and generate a second index corresponding to the second storage path of each second data according to the second storage path of each second data;
an encapsulation module configured to encapsulate a first index corresponding to the first storage path of each first data in the first path access tool, and encapsulate a second index corresponding to the second storage path of each second data in the second path access tool;
a merging module configured to merge the first path access tool and the second path access tool into the path access tool.
In another possible implementation manner, the apparatus further includes:
the display module is configured to display a setting interface of authority information when receiving a storage instruction of the data to be accessed in the second application program;
the setting module is configured to set the authority information of the data to be accessed as permission to access when receiving the operation of permitting the first application program to access the data to be accessed based on the setting interface;
the setting module is further configured to set the authority information of the data to be accessed as access prohibition when receiving an operation of prohibiting the first application program from accessing the data to be accessed based on the setting interface.
In another possible implementation manner, the apparatus further includes:
the display module is further configured to display an authority setting interface corresponding to the second application program;
the setting module is further configured to set the authority information of the data of the second application program to allow access when receiving an operation of allowing the first application program to access the data of the second application program based on the authority setting interface;
the setting module is further configured to set the authority information of the data of the second application program to be prohibited from being accessed when an operation of prohibiting the first application program from accessing the data of the second application program is received based on the authority setting interface.
In another possible implementation manner, the apparatus further includes:
the conversion module is configured to convert the first access path into a second access path when the first application program is determined not to have the authority to access the data to be accessed according to the authority information;
the access module is further configured to read data corresponding to the second access path from a storage space corresponding to the second access path based on the second access path, and return the read data corresponding to the second access path to the first application program; alternatively, the first and second electrodes may be,
the access module is further configured to return prompt information when the data corresponding to the second access path is not read from the storage space corresponding to the second access path, where the prompt information is used to indicate that the first application program does not have the right to access the data to be accessed.
In another possible implementation manner, the apparatus further includes:
the conversion module is further configured to convert the first access path into a second access path when the data access request is determined to be used for accessing data of a first application program on the terminal according to the path index;
a redirection module configured to redirect the second access path to a third access path;
the access module is further configured to read data corresponding to the third access path from the storage space corresponding to the third access path based on the third access path, and return the read data corresponding to the third access path to the first application program.
According to another aspect of the embodiments of the present application, there is provided a terminal, where the terminal includes a processor and a memory, where at least one program code is stored in the memory, and the at least one program code is loaded and executed by the processor to implement the data access method according to any one of the foregoing possible implementation manners.
According to another aspect of the embodiments of the present application, there is provided a computer-readable storage medium having at least one program code stored therein, the at least one program code being loaded and executed by a processor to implement the data access method according to any one of the above-mentioned possible implementation manners.
In the embodiment of the application, a first application program running in a sandbox sends a data access request when accessing data, the data access request carries a first access path used for accessing the data to be accessed, when the data access request is determined to be used for accessing data of a second application program on a terminal according to a path index of the first access path and the first application program has the authority of accessing the data to be accessed, redirection to the first access path is shielded, the data to be accessed is read from a storage space corresponding to the first access path based on the first access path, and the read data is returned to the first application program. The method and the device introduce the path index and the authority information, shield redirection to the first access path when the first application program in the sandbox is determined to access data of the second application program outside the sandbox and has the authority of accessing the data of the second application program according to the path index and the authority information, and access the data to be accessed based on the first access path. When the first application program has the authority of accessing the data of the second application program, the first application program can access the data of the second application program, and the flexibility of data access is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic illustration of an implementation environment provided by an embodiment of the present application;
FIG. 2 is a schematic diagram of an application accessing data according to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating a first application accessing data according to an embodiment of the present application;
fig. 4 is a schematic diagram of a permission information check provided in an embodiment of the present application;
FIG. 5 is a schematic diagram of a redirection of a path according to an embodiment of the present application;
FIG. 6 is a flowchart of a data access method provided in an embodiment of the present application;
FIG. 7 is a flowchart of a data access method provided in an embodiment of the present application;
fig. 8 is a schematic structural diagram of a data access device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a terminal according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, the following detailed description of the embodiments of the present application will be made with reference to the accompanying drawings.
The terms "first," "second," "third," and "fourth," etc. in the description and claims of this application and in the accompanying drawings, if any, are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic diagram of an implementation environment provided by an embodiment of the present application. Referring to fig. 1, the implementation environment includes a terminal 101 and a server 102; the terminal 101 and the server 102 are connected through a wireless or wired network. In addition, an application program that the server 102 provides services may be installed on the terminal 101, and a user corresponding to the terminal 101 may implement functions such as data transmission and message interaction through the application program.
The terminal 101 may be a computer, a mobile phone, a tablet computer or other electronic devices. The application program may be any application program installed on the terminal 101; the application program may be an application program in the operating system of the terminal 101, or may be an application program provided by a third party. For example, the application may be a social application, a music application, a video application, a shopping application, or an information browsing application, among others. The information browsing application may be a news application or a reading application, etc. The server 102 may be a backend server 102 for an application. Accordingly, the server 102 may be a social application server, music server, video server, shopping server, or information browsing application server, among others.
In the android system, access to data is primarily through Content Provider (Content Provider) components. Referring to fig. 2, the application may Access different Data through a content provider component, and specifically, the application of the Business Layer (Business Layer) may perform read and write operations on a network resource (Internet), a lightweight database (SQLite), and a file (Files) of the Data Layer (Data Layer) through the content provider component of the Data Access Layer (Data Layer) based on an inter-process communication mechanism (Binder) and an Anonymous Shared Memory subsystem (Ashmem).
In the embodiment of the application, two identical application programs can be simultaneously run on the terminal. Where one application runs inside the sandbox and another application runs outside the sandbox. To distinguish between the two applications, the application running inside the sandbox is described as the first application and the application running outside the sandbox is described as the second application. The first application and the second application may run based on different accounts, for example, the applications are social applications, the first application may log in to a work account for work communication, and the second application may log in to a personal account for personal life communication. The application program may store some data with a large occupied space in the external storage space, for example, some data such as pictures, videos, audios, or files with a large occupied space may be stored in the external storage space. A first application program in the sandbox may perform a read/write operation on data through a virtual storage space in the sandbox, where the virtual storage space is implemented by redirecting a data path, and referring to fig. 3, the first application program initiates a read/write operation on the data, hooks the read/write operation on the data by hooking the first application program through a Hook (Hook) technology, redirects the data path specified by the read/write operation to the virtual storage space in the sandbox, and implements the read/write operation on the data in the virtual storage space in the sandbox through system call. For example, the data path designated by the first application program for reading and writing data is "/sdcard/content/QQ _ Images", and the data path is redirected to "/sdcard/sandbox/content/QQ _ Images" to implement the reading and writing operation of the first application program for data of the virtual storage space in the sandbox.
And the data path of the first application program is redirected, and only the data in the virtual storage space can be accessed, so that the data stored by the first application program and the data stored by the second application program are isolated. In practical applications, some data stored by the first application and the second application do not need to be isolated, for example, some pictures that can be disclosed do not need to be isolated. By the method provided by the embodiment of the application, the terminal can flexibly access the data according to the dynamically set authority information of the data. For example, referring to fig. 4, when a first application wants to access a multimedia library, a check of the rights information needs to be made. When the permission information is used for indicating that the first application program has the permission to access the multimedia library of the second application program, namely the permission information is allowed to access, the first application program can access the multimedia library of the second application program; when the permission information is used to indicate that the first application does not have permission to access the multimedia library of the second application, the first application does not access the multimedia library of the second application.
When the first application program accesses data, the terminal redirects a path for accessing the data. The terminal can redirect the path according to the redirection rule. The redirection rule may be to add a sandbox prefix or delete a sandbox prefix. The sandbox prefix in the path may be "/sandbox". For example, referring to fig. 5, when the path of the first application accessing data is "/sdcard/app1/Images (/ memory card/first application/picture)", the terminal redirects the path of the first application accessing data to "/sdcard/sandbox/app1/Images (/ memory card/sandbox/first application/picture)". When the path of the data accessed by the first application program is '/sdcard/sandbox/app 1/Images', the terminal redirects the path of the data accessed by the first application program to '/sdcard/app 1/Images'.
Fig. 6 is a flowchart of a data access method according to an embodiment of the present application. Referring to fig. 6, the embodiment includes:
601. the terminal receives a data access request sent by a first application program on the terminal, wherein the data access request carries a first access path for accessing data to be accessed.
The data access request is used for requesting to access the data to be accessed. The first access path is a path for storing the data to be accessed in the storage space, and is used for reading the data to be accessed from the storage space.
When an interface of a first application program is displayed on the terminal and an access operation which is executed by a user and used for indicating data to be accessed is received, the first application program sends a data access request to an operating system of the terminal. The operating system receives a data access request sent by a first application program on the terminal, wherein the data access request carries a first access path for accessing data to be accessed. The access operation performed by the user to indicate the data to be accessed may be a click operation, a gesture operation, a voice control operation, or the like, which is not specifically limited herein.
For example, the first application program is a social application, when a chat interface of the first application program is displayed on the terminal, the user clicks a control sharing a picture of the second application program on the interface, the first application program sends a data access request to the operating system, the data access request is used for requesting to access the picture of the second application program, and the data access request carries a first access path of the picture of the second application program.
602. The terminal acquires a path index of the first access path.
The path index of the first access path is used to determine whether the first access path is used to access a memory space corresponding to a first application within the sandbox or is used to determine whether the first access path is used to access a memory space corresponding to a second application outside the sandbox.
The terminal may obtain the path index of the first access path from a database storing the first access path and the path index of the first access path.
Before acquiring the path index of the first access path, the terminal may generate the path index of the first access path, and store the first access path and the index of the first access path in the database. In a possible implementation manner, the step of generating, by the terminal, the path index of the first access path may be: when the terminal stores the data to be accessed, the path index of the first access path is determined according to the number of the data stored in the storage space corresponding to the application program for storing the data to be accessed.
For example, when the application on the terminal stores the data to be accessed, if the number of the data already stored in the storage space of the application is 10, the data to be accessed is the 11 th data to be stored by the application, and the path index of the first access path for generating the data to be accessed is 11.
In another possible implementation manner, the terminal may generate an index of the first access path according to a form of the first access path. Correspondingly, the step of generating, by the terminal, the path index of the first access path may further be: when the terminal stores the data to be accessed, generating a first access path of the data to be accessed according to information such as an application program where the data to be accessed is located, the data type of the data to be accessed and the like; and the terminal generates a path index of the data to be accessed according to the form of the first access path of the data to be accessed.
For example, a path for accessing memory corresponding to a first application within a sandbox typically carries a "sandbox" and a path for accessing memory corresponding to a second application outside of the sandbox typically does not carry a "sandbox". The terminal may generate an index of the first access path according to whether the first access path has "sandbox". When the first access path does not contain the 'sandbox', generating an index of the first access path as '0'; when the first access path has "sandbox", the index of the first access path is generated to be "1".
603. And the terminal determines that the data access request is used for accessing the data of the second application program on the terminal according to the path index.
When the first application program accesses data through the content provider component, the path access tool can be obtained through the content provider component, and the data access request is determined to be used for accessing data of a second application program on the terminal according to the matching condition of the path index and the index in the path access tool. Correspondingly, the steps can be as follows: the terminal matches the path index with each index in the path access tools, wherein the path access tools comprise a first path access tool and a second path access tool, the first path access tool comprises a first index of a first storage path of at least one first data of a first application program, and the second path access tool comprises a second index of a second storage path of at least one second data of a second application program; when the path index matches a second index in the second path access tool, it is determined that the data access request is for accessing data of a second application on the terminal. When the path index matches a first index in the first path access tool, it is determined that the data access request is for accessing data of a first application on the terminal.
For example, the indices in the path access tool are "1", "2", "3", "4", and "5"; the first index in the first path access tool is "1", "2", and "4"; the second index in the second path access tool is "3" and "5". When the path index of the first access data is '3', the path index is matched with a second index in a second path access tool, and the data access request is determined to be used for accessing data of a second application program on the terminal; when the path index of the first access data is "2", the path index is matched with the first index in the first path access tool, and it is determined that the data access request is for accessing data of the first application program on the terminal.
Referring to fig. 7, when the first application accesses data through the content provider component, the path access tool may be obtained through a query method provided by the content provider component. The terminal acquires the path index of the first access path, and matches the path index with the index in the path access tool, so that the data access request can be determined to be used for accessing the data of the first application program on the terminal or the data access request is used for accessing the data of the second application program on the terminal. In a sandbox scenario, redirection of the path is generally achieved by adding a "sandbox" to the path. The first storage path of the data of the first application is usually provided with a "sandbox", and the first storage path of the first application can be regarded as a "redirected" path, the second storage path of the data of the second application is usually not provided with a "sandbox", and the second storage path of the data of the second application can be regarded as a path without "redirected". The determination that the data access request is for accessing data of the first application on the terminal or the data access request is for accessing data of the second application may be regarded as a determination of whether the first access path is redirected. When the first access path is redirected, the data access request is indicated for accessing data of the first application program, and when the first access path is not redirected, the data access request is indicated for accessing data of the second application program.
It should be noted that, before matching the path index with each index in the path access tool, the path access tool needs to be generated according to a first storage path of data stored in the first application program and a second storage path of data stored in the second application program. Correspondingly, generating the path access tool according to the first storage path of the data stored by the first application program and the second storage path of the data stored by the second application program can be realized through the following steps (1) to (3):
(1) The terminal acquires a first storage path of at least one first data of a first application program and a second storage path of at least one second data of a second application program.
When the terminal applies the data access method provided by the embodiment of the application for the first time, a path access tool needs to be initialized. The terminal needs to acquire a first storage path of at least one first data stored in a storage space of a current first application program in the sandbox and a second storage path of at least one second data stored in a storage space of a current second application program outside the sandbox.
For example, when the terminal initializes the path access tool, the first application program stores 10 first data in the storage space inside the sandbox, the second application program stores 8 second data in the storage space outside the sandbox, and the terminal needs to obtain a first storage path of each first data in the 10 first data and a second storage path of each second data in the 8 second data, respectively.
When new first data is stored in a storage space corresponding to a first application program or new second data is stored in a storage space corresponding to a second application program, the terminal acquires a first storage path of the first data or a second storage path of the second data.
(2) And the terminal generates a first index corresponding to the first storage path of each first data according to the first storage path of each first data, and generates a second index corresponding to the second storage path of each second data according to the second storage path of each second data.
This step is similar to the step of generating the path index of the first access path by the terminal, and is not described herein again.
(3) The terminal encapsulates a first index corresponding to a first storage path of each first data in a first path access tool, and encapsulates a second index corresponding to a second storage path of each second data in a second path access tool; merging the first path access tool and the second path access tool into a path access tool.
The terminal encapsulates a first index corresponding to the first storage path of each first data in the first path access tool, and when the path index of the first access path matches the first index in the first path access tool, it may be determined that the data access request corresponding to the first access path is used for accessing the data of the first application. And the terminal encapsulates a second index corresponding to a second storage path of the second data in the second path access tool, and when the path index of the first access path is matched with the second index in the second path access tool, the terminal can determine that the data access request corresponding to the first access path is used for accessing the data of the second application program.
The terminal merges a first path access tool and a second path access tool into the path access tool, when a first application program accesses data through a content provider component, the path access tool can be obtained through a query method provided by the content provider component, a path index of a first access path is matched with a first index in the first path access tool and a second index in the second path access tool respectively, when the path index of the first access path is matched with the first index in the first path access tool, a data access request is determined to be used for accessing data of the first application program, and when the path index of the first access path is matched with the second index in the second path access tool, the data access request is determined to be used for accessing data of the second application program.
Another point to be noted is that the terminal can determine that the data access request is for accessing data of the second application on the terminal through steps 602 and 603. The terminal may also determine, based on the form of the first access path, that the data access request is for accessing data of a second application on the terminal. In a sandbox scenario, a first storage path for data of a first application is typically provided with a "sandbox" and a second storage path for data of a second application is typically not provided with a "sandbox". The data access request may be determined for accessing data of the first application on the terminal or the data access request for accessing data of the second application by determining whether the first access path has "sandbox" therein. And when the first access path has the 'sandbox', determining that the data access request is used for accessing the data of the first application program on the terminal, and when the first access path does not have the 'sandbox', determining that the data access request is used for accessing the data of the second application program on the terminal.
It should be noted that, according to the path index, the terminal may also determine that the data access request is used for accessing the data of the first application program on the terminal. When the terminal determines that the data access request is for accessing the data of the first application on the terminal according to the path index, step 604 and step 605 are not performed any more.
When the terminal determines that the data access request is used for accessing the data of the first application program on the terminal according to the path index, converting the first access path into a second access path; redirecting the second access path to a third access path; and based on the third access path, reading data corresponding to the third access path from the storage space corresponding to the third access path, and returning the read data corresponding to the third access path to the first application program. With continued reference to fig. 7, when the terminal determines that the data access request is for accessing data of the first application on the terminal, i.e., that the first access path is redirected, the first access path is converted into the second access path.
Wherein the step of converting the first access path into the second access path may be implemented according to a redirection rule. For example, the first access path is "/sdcard/sandbox/concentration/QQ _ Images", and the second access path converted according to the redirection rule is "/sdcard/concentration/QQ _ Images".
When the first application program accesses data, the terminal redirects a path for accessing the data. The terminal may redirect the second access path to a third access path. For example, the second access path is "/sdcard/tencent/QQ _ Images", and the redirected third access path is "/sdcard/sandbox/tencent/QQ _ Images". The third access path is the same as the first access path and is used for accessing data of the first application program.
In this embodiment, the terminal may match the path index of the first access path with an index in the path access tool, and determine that the data access request is for accessing data of a second application program on the terminal or that the data access request is for accessing data of a first application program on the terminal. The data access request is determined to be used for accessing the data of which application program in a matching index mode, and the efficiency is high.
604. And when the data access request is determined to be used for accessing the data of the second application program on the terminal according to the path index, the terminal acquires the authority information of the data to be accessed.
The first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox.
The terminal may store the authority information of the data to be accessed in a storage space accessible by the first application, and when it is determined that the data access request is for accessing data of the second application on the terminal, the terminal acquires the authority information of the data to be accessed from the storage space in which the authority information is stored. The terminal can associate the first access path of the data to be accessed with the authority information of the data to be accessed, and acquire the authority information of the data to be accessed according to the first access path. The terminal can also associate the path index of the first access path of the data to be accessed with the authority information of the data to be accessed, and acquire the authority information of the data to be accessed according to the path index.
The terminal can also store the authority information of the data to be accessed in the server, and when the data access request is determined to be used for accessing the data of the second application program on the terminal, the terminal acquires the authority information of the data to be accessed from the server.
The terminal may also obtain the permission information of the data to be accessed through other manners, and the manner in which the terminal obtains the permission information of the data to be accessed is not particularly limited herein.
In the embodiment of the application, the terminal can acquire the authority information of the data to be accessed, so that the data can be accessed according to the authority information, and the flexibility of data access is improved.
It should be noted that the terminal supports the user to set the authority information of the data when storing the data. In a possible implementation manner, before the terminal acquires the permission information of the data to be accessed, the permission information set by the second application program may be received. Correspondingly, the step that the terminal supports the user to set the authority information of the data when the data is stored can be as follows: in the second application program, when a storage instruction of data to be accessed is received, the terminal displays a setting interface of the authority information; when receiving an operation of allowing a first application program to access data to be accessed based on a setting interface, setting authority information of the data to be accessed as permission to access by the terminal; when receiving an operation of prohibiting the first application program from accessing the data to be accessed based on the setting interface, the terminal sets the authority information of the data to be accessed as prohibited access.
When the terminal runs the second application program and the user triggers the operation of storing the data to be accessed, the terminal receives a storage instruction of the data to be accessed and displays a setting interface of the permission information. The setup interface is used to ask the user whether the first application in the sandbox has access to the data to be accessed. For example, the setting interface may be configured as a pop-up window, and when the user triggers the operation of saving the picture, the setting interface is displayed in the current interface, and provides text information of whether the picture allows the first application program to access and clickable yes and no buttons. When the clicking operation of 'yes' is received, the terminal sets the authority information of the picture as access permission, and when the clicking operation of 'no' is received, the terminal sets the authority information of the picture as access prohibition.
In another possible implementation manner, the terminal further supports that the user sets the authority information for the stored data. Before the terminal acquires the authority information of the data to be accessed, the authority information set by the user can be received through a setting interface in an operating system of the terminal or a setting interface of an application program of a sandbox environment provided on the terminal. Correspondingly, the step that the terminal supports the user to set the authority information for the stored data may be: the terminal displays an authority setting interface corresponding to the second application program; when receiving an operation of allowing the first application program to access the data of the second application program based on the permission setting interface, the terminal sets permission information of the data of the second application program to allow access; when receiving an operation of prohibiting the first application program from accessing the data of the second application program based on the authority setting interface, the terminal sets the authority information of the data of the second application program as prohibited to access.
The terminal can set the permission setting interface corresponding to the second application program as a sub-interface of the setting interface in the terminal operating system. The terminal can also set the permission setting interface corresponding to the second application program as a sub-interface of the setting interface of the application program providing the sandbox environment on the terminal. The terminal can also set the authority setting interface corresponding to the second application program as a sub-interface of the second application program.
And when receiving the operation that the user sets that the second application program can be opened in a double mode or receiving the operation that the user opens the authority setting interface, displaying the authority setting interface for inquiring whether the first application program of the user can access the data of the second application program. For example, a permission setting interface is displayed in the current interface, and the permission setting interface can provide text information of whether the first application can access all data of the second application and clicked yes and no buttons. When the clicking operation of 'yes' is received, the terminal sets the authority information of the data of the second application program to be allowed to access, namely the first application program can access all the data stored in the external storage space by the second application program; when the clicking operation of 'no' is received, the terminal sets the authority information of the data of the second application program to be access-prohibited, namely the first application program does not have the authority of accessing the data of the second application program.
The permission setting interface may also be used to ask the user which data of the second application the first application is able to access. For example, a pop-up window is displayed in the current interface, and the pop-up window can provide text information of which data of the second application can be accessed by the first application, and options of "picture", "video and audio", "document", and "access prohibition", etc. When receiving an operation that a user selects a picture option, the terminal sets the permission information as a picture which can be stored in an external storage space by a first application program and can be accessed by a second application program; when receiving an operation that a user selects an 'access prohibition' option, the terminal sets the authority information as the authority of the first application program which does not access the data of the second application program.
In the embodiment of the application, the terminal supports the user to set the authority information of the data to be accessed, the user can set which data can be shared and which data cannot be shared according to the self requirement, and the experience degree of the user can be improved.
605. When the first application program is determined to have the authority to access the data to be accessed according to the authority information, the terminal shields the redirection of the first access path; and based on the first access path, reading the data to be accessed from the storage space corresponding to the first access path, and returning the read data to the first application program.
When the first application program accesses the data, the terminal redirects the path of the accessed data. When the first application program is determined to have the right to access the data to be accessed, the first application program is allowed to access the data to be accessed of the second application program, and the first access path pointing to the storage space of the second application program does not need to be redirected. When the first application has the right to access the data to be accessed of the second application, the terminal needs to shield the redirection to the first access path.
When the terminal determines that the first application has the right to access the data to be accessed, it may be marked that the first access path does not need to be redirected. For example, when the terminal determines that the first application has the right to access the data to be accessed, the first access path may carry a flag "1", the flag "1" being used to indicate that the first access path does not need to be redirected. Before the terminal executes the redirection operation to the first access path, whether the first access path carries a mark '1' is judged. If the first access path carries the mark '1', the redirection operation of the first access path is not executed, namely the redirection of the first access path is shielded; and if the first access path does not carry the label '1', executing redirection operation on the first access path.
In the embodiment of the application, when the first application program has the right to access the data of the second application program, the terminal shields the redirection of the first access path, so that the first application program can access the data of the second application program, the data of the first application program and the data of the second application program are not completely isolated any more, and the flexibility of data access is improved.
It should be noted that, according to the permission information, the terminal may also determine that the first application does not have the permission to access the data to be accessed. When the first application program does not have the right to access the data to be accessed, the first application program cannot access the data to be accessed.
In a possible implementation manner, when the terminal determines that the first application does not have the right to access the data to be accessed, the first access path is redirected to the storage space corresponding to the first application, and the data is read from the storage space corresponding to the first application. Correspondingly, when the terminal determines that the first application program does not have the right to access the data to be accessed, the step of accessing the data may be: when the terminal determines that the first application program does not have the authority to access the data to be accessed according to the authority information, converting the first access path into a second access path; and based on the second access path, reading the data corresponding to the second access path from the storage space corresponding to the second access path, and returning the read data corresponding to the second access path to the first application program.
In one possible implementation, the second access path may be a path generated by the first access path according to a redirection rule. The redirection rule may add a "sandbox" prefix at a specified location of the first access path. For example, the first access path is "/sdcard/tencent/QQ _ Images/img _1", and the second access path generated by the first access path according to the redirection rule may be "/sdcard/sandbox/tencent/QQ _ Images/img _1".
In another possible implementation manner, the second access path has no corresponding data in the storage space corresponding to the second access path. And when the data corresponding to the second access path cannot be read from the storage space corresponding to the second access path, returning prompt information, wherein the prompt information is used for indicating that the first application program does not have the right of accessing the data to be accessed.
In another possible implementation manner, when the terminal determines that the first application does not have the right to access the data to be accessed, the terminal may also directly return a prompt message, where the prompt message is used to indicate that the first application does not have the right to access the data to be accessed. The step of converting the first access path to the second access path is not performed anymore.
In another possible implementation manner, when the terminal determines that the first application does not have the right to access the data to be accessed, the terminal may not return any information or data and may not perform the step of converting the first access path into the second access path.
It should be noted that, with reference to fig. 7, when it is determined that the first application has the right to access the data to be accessed, that is, when it is determined that the first access path is not redirected, the terminal shields redirection of the first access path. Based on the first access path, reading data to be accessed from a storage space corresponding to the first access path, returning the read data to the first application program, namely after completing data operation, removing the shielding of the redirection of the first access path, namely recovering the redirection of the first access path.
In the embodiment of the application, when the first application program does not have the authority to access the data of the second application program, the first application program does not access the data to be accessed of the second application program, and the security of data access can be improved.
In the embodiment of the application, the path index and the authority information are introduced, when the first application program in the sandbox is determined to access the data of the second application program outside the sandbox and has the authority of accessing the data of the second application program according to the path index and the authority information, the redirection of the first access path is shielded, and the data to be accessed is accessed based on the first access path. When the first application program has the authority of accessing the data of the second application program, the first application program can access the data of the second application program, and the flexibility of data access is improved.
All the above optional technical solutions may be combined arbitrarily to form optional embodiments of the present application, and are not described herein again.
Fig. 8 is a schematic structural diagram of a data access device according to an embodiment of the present application. Referring to fig. 8, the apparatus includes:
a receiving module 801 configured to receive a data access request sent by a first application on a terminal, where the data access request carries a first access path for accessing data to be accessed;
an obtaining module 802 configured to obtain a path index of the first access path; when the data access request is determined to be used for accessing the data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
a shielding module 803 configured to shield redirection to the first access path when it is determined that the first application has the authority to access the data to be accessed according to the authority information;
and the access module 804 is configured to read data to be accessed from the storage space corresponding to the first access path based on the first access path, and return the read data to the first application program.
In one possible implementation, the apparatus further includes: a matching module configured to match the path index with each index in path access tools, the path access tools including a first path access tool including a first index of a first storage path of at least one first data of a first application and a second path access tool including a second index of a second storage path of at least one second data of a second application;
a determination module configured to determine that the data access request is for accessing data of a second application on the terminal when the path index matches a second index in the second path access tool.
In another possible implementation manner, the apparatus further includes:
an obtaining module 802, further configured to obtain a first storage path of at least one first data of a first application program and a second storage path of at least one second data of a second application program;
the generating module is configured to generate a first index corresponding to the first storage path of each first data according to the first storage path of each first data, and generate a second index corresponding to the second storage path of each second data according to the second storage path of each second data;
the encapsulation module is configured to encapsulate a first index corresponding to the first storage path of each first data in the first path access tool, and encapsulate a second index corresponding to the second storage path of each second data in the second path access tool;
a merging module configured to merge the first path access tool and the second path access tool into a path access tool.
In another possible implementation manner, the apparatus further includes:
the display module is configured to display a setting interface of the authority information when receiving a storage instruction of the data to be accessed in the second application program;
the setting module is configured to set the authority information of the data to be accessed as permission to access when receiving an operation of permitting the first application program to access the data to be accessed based on the setting interface;
the setting module is further configured to set the authority information of the data to be accessed as access prohibition when receiving operation of prohibiting the first application program from accessing the data to be accessed based on the setting interface.
In another possible implementation manner, the apparatus further includes:
the display module is also configured to display a permission setting interface corresponding to the second application program;
the setting module is further configured to set the authority information of the data of the second application program to be allowed to be accessed when receiving an operation of allowing the first application program to access the data of the second application program based on the authority setting interface;
the setting module is further configured to set the authority information of the data of the second application program to be access-prohibited when receiving an operation of prohibiting the first application program from accessing the data of the second application program based on the authority setting interface.
In another possible implementation manner, the apparatus further includes:
the conversion module is configured to convert the first access path into a second access path when the first application program is determined not to have the authority to access the data to be accessed according to the authority information;
the access module 804 is further configured to read data corresponding to the second access path from the storage space corresponding to the second access path based on the second access path, and return the read data corresponding to the second access path to the first application; alternatively, the first and second electrodes may be,
the accessing module 804 is further configured to, when the data corresponding to the second access path is not read from the storage space corresponding to the second access path, return a prompt message, where the prompt message is used to indicate that the first application program does not have a right to access the data to be accessed.
In another possible implementation manner, the apparatus further includes:
a conversion module configured to convert the first access path into a second access path when it is determined that the data access request is for accessing data of the first application on the terminal according to the path index;
a redirection module configured to redirect the second access path to a third access path;
the access module 804 is further configured to read data corresponding to the third access path from the storage space corresponding to the third access path based on the third access path, and return the read data corresponding to the third access path to the first application.
In the embodiment of the application, the path index and the authority information are introduced, when the first application program in the sandbox is determined to access the data of the second application program outside the sandbox and has the authority of accessing the data of the second application program according to the path index and the authority information, the redirection to the first access path is shielded, and the data to be accessed is accessed based on the first access path. When the first application program has the authority of accessing the data of the second application program, the first application program can access the data of the second application program, and the flexibility of data access is improved.
It should be noted that: in the data access device provided in the foregoing embodiment, only the division of the functional modules is illustrated in the data access, and in practical applications, the functions may be distributed by different functional modules as needed, that is, the internal structure of the terminal is divided into different functional modules to complete all or part of the functions described above. In addition, the data access device and the data access method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments and are not described herein again.
Fig. 9 shows a block diagram of a terminal 900 according to an exemplary embodiment of the present application. The terminal 900 may be: a smart phone, a tablet computer, an MP3 player (Moving Picture Experts Group Audio Layer III, motion Picture Experts compression standard Audio Layer 3), an MP4 player (Moving Picture Experts Group Audio Layer IV, motion Picture Experts compression standard Audio Layer 4), a notebook computer, or a desktop computer. Terminal 900 may also be referred to by other names such as user equipment, portable terminals, laptop terminals, desktop terminals, and the like.
In general, terminal 900 includes: a processor 901 and a memory 902.
Processor 901 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and so forth. The processor 901 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 901 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 901 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 901 may further include an AI (Artificial Intelligence) processor for processing computing operations related to machine learning.
Memory 902 may include one or more computer-readable storage media, which may be non-transitory. The memory 902 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in the memory 902 is used to store at least one program code for execution by the processor 901 to implement the data access methods provided by the method embodiments herein.
In some embodiments, terminal 900 can also optionally include: a peripheral interface 903 and at least one peripheral. The processor 901, memory 902, and peripheral interface 903 may be connected by buses or signal lines. Each peripheral may be connected to the peripheral interface 903 by a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of a radio frequency circuit 904, a touch display screen 905, a camera assembly 906, an audio circuit 907, a positioning assembly 908, and a power supply 909.
The peripheral interface 903 may be used to connect at least one peripheral related to I/O (Input/Output) to the processor 901 and the memory 902. In some embodiments, the processor 901, memory 902, and peripheral interface 903 are integrated on the same chip or circuit board; in some other embodiments, any one or two of the processor 901, the memory 902 and the peripheral interface 903 may be implemented on a separate chip or circuit board, which is not limited by this embodiment.
The Radio Frequency circuit 904 is used for receiving and transmitting RF (Radio Frequency) signals, also called electromagnetic signals. The radio frequency circuitry 904 communicates with communication networks and other communication devices via electromagnetic signals. The radio frequency circuit 904 converts an electrical signal into an electromagnetic signal to transmit, or converts a received electromagnetic signal into an electrical signal. Optionally, the radio frequency circuit 904 comprises: an antenna system, an RF transceiver, one or more amplifiers, a tuner, an oscillator, a digital signal processor, a codec chipset, a subscriber identity module card, and so forth. The radio frequency circuit 904 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocols include, but are not limited to: metropolitan area networks, various generation mobile communication networks (2G, 3G, 4G, and 5G), wireless local area networks, and/or WiFi (Wireless Fidelity) networks. In some embodiments, the radio frequency circuit 904 may also include NFC (Near Field Communication) related circuits, which are not limited in this application.
The display screen 905 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display screen 905 is a touch display screen, the display screen 905 also has the ability to capture touch signals on or over the surface of the display screen 905. The touch signal may be input to the processor 901 as a control signal for processing. At this point, the display 905 may also be used to provide virtual buttons and/or a virtual keyboard, also referred to as soft buttons and/or a soft keyboard. In some embodiments, the display 905 may be one, providing the front panel of the terminal 900; in other embodiments, the number of the display panels 905 may be at least two, and each of the display panels is disposed on a different surface of the terminal 900 or is in a foldable design; in still other embodiments, the display 905 may be a flexible display disposed on a curved surface or a folded surface of the terminal 900. Even more, the display screen 905 may be arranged in a non-rectangular irregular figure, i.e. a shaped screen. The Display panel 905 may be made of LCD (Liquid Crystal Display), OLED (Organic Light-Emitting Diode), or other materials.
The camera assembly 906 is used to capture images or video. Optionally, camera assembly 906 includes a front camera and a rear camera. Generally, a front camera is disposed at a front panel of the terminal, and a rear camera is disposed at a rear surface of the terminal. In some embodiments, the number of the rear cameras is at least two, and each rear camera is any one of a main camera, a depth-of-field camera, a wide-angle camera and a telephoto camera, so that the main camera and the depth-of-field camera are fused to realize a background blurring function, the main camera and the wide-angle camera are fused to realize panoramic shooting and a VR (Virtual Reality) shooting function or other fusion shooting functions. In some embodiments, camera assembly 906 may also include a flash. The flash lamp can be a monochrome temperature flash lamp or a bicolor temperature flash lamp. The double-color-temperature flash lamp is a combination of a warm-light flash lamp and a cold-light flash lamp, and can be used for light compensation at different color temperatures.
Audio circuit 907 may include a microphone and a speaker. The microphone is used for collecting sound waves of a user and the environment, converting the sound waves into electric signals, and inputting the electric signals to the processor 901 for processing, or inputting the electric signals to the radio frequency circuit 904 for realizing voice communication. For stereo sound acquisition or noise reduction purposes, the microphones may be multiple and disposed at different locations of the terminal 900. The microphone may also be an array microphone or an omni-directional pick-up microphone. The speaker is used to convert the electrical signals from the processor 901 or the radio frequency circuit 904 into sound waves. The loudspeaker can be a traditional film loudspeaker and can also be a piezoelectric ceramic loudspeaker. When the speaker is a piezoelectric ceramic speaker, the speaker can be used for purposes such as converting an electric signal into a sound wave audible to a human being, or converting an electric signal into a sound wave inaudible to a human being to measure a distance. In some embodiments, audio circuit 907 may also include a headphone jack.
The positioning component 908 is used to locate the current geographic Location of the terminal 900 for navigation or LBS (Location Based Service). The Positioning component 908 may be a Positioning component based on the GPS (Global Positioning System) in the united states, the beidou System in china, the graves System in russia, or the galileo System in the european union.
Power supply 909 is used to provide power to the various components in terminal 900. The power source 909 may be ac, dc, disposable or rechargeable. When power source 909 comprises a rechargeable battery, the rechargeable battery may support wired or wireless charging. The rechargeable battery can also be used to support fast charge technology.
In some embodiments, terminal 900 can also include one or more sensors 910. The one or more sensors 910 include, but are not limited to: acceleration sensor 911, gyro sensor 912, pressure sensor 913, fingerprint sensor 914, optical sensor 915, and proximity sensor 916.
The acceleration sensor 911 can detect the magnitude of acceleration in three coordinate axes of the coordinate system established with the terminal 900. For example, the acceleration sensor 911 may be used to detect the components of the gravitational acceleration in three coordinate axes. The processor 901 can control the touch display 905 to display the user interface in a landscape view or a portrait view according to the gravitational acceleration signal collected by the acceleration sensor 911. The acceleration sensor 911 may also be used for acquisition of motion data of a game or a user.
The gyro sensor 912 may detect a body direction and a rotation angle of the terminal 900, and the gyro sensor 912 may cooperate with the acceleration sensor 911 to acquire a 3D motion of the user on the terminal 900. The processor 901 can implement the following functions according to the data collected by the gyro sensor 912: motion sensing (such as changing the UI according to a user's tilting operation), image stabilization while shooting, game control, and inertial navigation.
Pressure sensors 913 may be disposed on the side bezel of terminal 900 and/or underneath touch display 905. When the pressure sensor 913 is disposed on the side frame of the terminal 900, the user's holding signal of the terminal 900 may be detected, and the processor 901 performs left-right hand recognition or shortcut operation according to the holding signal collected by the pressure sensor 913. When the pressure sensor 913 is disposed at a lower layer of the touch display 905, the processor 901 controls the operability control on the UI interface according to the pressure operation of the user on the touch display 905. The operability control comprises at least one of a button control, a scroll bar control, an icon control, and a menu control.
The fingerprint sensor 914 is used for collecting a fingerprint of the user, and the processor 901 identifies the user according to the fingerprint collected by the fingerprint sensor 914, or the fingerprint sensor 914 identifies the user according to the collected fingerprint. Upon recognizing that the user's identity is a trusted identity, processor 901 authorizes the user to perform relevant sensitive operations including unlocking the screen, viewing encrypted information, downloading software, paying, and changing settings, etc. The fingerprint sensor 914 may be disposed on the front, back, or side of the terminal 900. When a physical key or vendor Logo is provided on the terminal 900, the fingerprint sensor 914 may be integrated with the physical key or vendor Logo.
The optical sensor 915 is used to collect ambient light intensity. In one embodiment, the processor 901 may control the display brightness of the touch screen 905 based on the ambient light intensity collected by the optical sensor 915. Specifically, when the ambient light intensity is high, the display brightness of the touch display screen 905 is increased; when the ambient light intensity is low, the display brightness of the touch display screen 905 is turned down. In another embodiment, the processor 901 may also dynamically adjust the shooting parameters of the camera assembly 906 according to the ambient light intensity collected by the optical sensor 915.
Proximity sensor 916, also known as a distance sensor, is typically disposed on the front panel of terminal 900. The proximity sensor 916 is used to collect the distance between the user and the front face of the terminal 900. In one embodiment, when the proximity sensor 916 detects that the distance between the user and the front face of the terminal 900 gradually decreases, the processor 901 controls the touch display 905 to switch from the bright screen state to the dark screen state; when the proximity sensor 916 detects that the distance between the user and the front surface of the terminal 900 gradually becomes larger, the processor 901 controls the touch display 905 to switch from the breath screen state to the bright screen state.
Those skilled in the art will appreciate that the configuration shown in fig. 9 does not constitute a limitation of terminal 900, and may include more or fewer components than those shown, or may combine certain components, or may employ a different arrangement of components.
In an exemplary embodiment, there is also provided a computer-readable storage medium having at least one program code stored therein, the at least one program code being executable by a processor in a terminal to perform the data access method in the above-described embodiments. For example, the computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The present application also provides a computer program product comprising one or more computer programs for implementing the data access method provided by the above-mentioned method embodiments when executed by a processor.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is intended only to illustrate the alternative embodiments of the present application, and should not be construed as limiting the present application, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (10)

1. A method of data access, the method comprising:
receiving a data access request sent by a first application program on a terminal, wherein the data access request carries a first access path for accessing data to be accessed;
acquiring a path index of the first access path;
when the data access request is determined to be used for accessing data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
when the first application program is determined to have the authority to access the data to be accessed according to the authority information, shielding redirection of the first access path;
and based on the first access path, reading the data to be accessed from the storage space corresponding to the first access path, and returning the read data to the first application program.
2. The method of claim 1, further comprising:
matching the path index with each index in path access tools, wherein the path access tools comprise a first path access tool and a second path access tool, the first path access tool comprises a first index of a first storage path of at least one first data of the first application program, and the second path access tool comprises a second index of a second storage path of at least one second data of the second application program;
and when the path index is matched with a second index in the second path access tool, determining that the data access request is used for accessing data of a second application program on the terminal.
3. The method of claim 2, wherein prior to matching the path index with each index in a path access tool, the method further comprises:
acquiring a first storage path of at least one first data of the first application program and a second storage path of at least one second data of the second application program;
generating a first index corresponding to the first storage path of each first data according to the first storage path of each first data, and generating a second index corresponding to the second storage path of each second data according to the second storage path of each second data;
encapsulating a first index corresponding to the first storage path of each first data in the first path access tool, and encapsulating a second index corresponding to the second storage path of each second data in the second path access tool;
merging the first path access tool and the second path access tool into the path access tool.
4. The method according to claim 1, wherein before the obtaining the authority information of the data to be accessed, the method further comprises:
in the second application program, when a storage instruction of the data to be accessed is received, a setting interface of authority information is displayed;
when receiving an operation of allowing the first application program to access the data to be accessed based on the setting interface, setting the authority information of the data to be accessed as permission to access;
and when the operation of forbidding the first application program to access the data to be accessed is received based on the setting interface, setting the authority information of the data to be accessed as forbidding access.
5. The method according to claim 1, wherein before the obtaining the authority information of the data to be accessed, the method further comprises:
displaying an authority setting interface corresponding to the second application program;
when receiving an operation of allowing the first application program to access the data of the second application program based on the permission setting interface, setting permission information of the data of the second application program to be allowed to access;
and when receiving an operation of prohibiting the first application program from accessing the data of the second application program based on the authority setting interface, setting the authority information of the data of the second application program as access prohibition.
6. The method of claim 1, further comprising:
when the first application program is determined not to have the authority to access the data to be accessed according to the authority information, converting the first access path into a second access path;
based on the second access path, reading data corresponding to the second access path from a storage space corresponding to the second access path, and returning the read data corresponding to the second access path to the first application program; alternatively, the first and second electrodes may be,
and when the data corresponding to the second access path cannot be read from the storage space corresponding to the second access path, returning prompt information, wherein the prompt information is used for indicating that the first application program does not have the authority of accessing the data to be accessed.
7. The method of claim 1, further comprising:
when the data access request is determined to be used for accessing the data of the first application program on the terminal according to the path index, converting the first access path into a second access path;
redirecting the second access path to a third access path;
based on the third access path, reading data corresponding to the third access path from a storage space corresponding to the third access path, and returning the read data corresponding to the third access path to the first application program.
8. A data access apparatus, characterized in that the apparatus comprises:
the terminal comprises a receiving module, a processing module and a processing module, wherein the receiving module is configured to receive a data access request sent by a first application program on the terminal, and the data access request carries a first access path for accessing data to be accessed;
an obtaining module configured to obtain a path index of the first access path; when the data access request is determined to be used for accessing data of a second application program on the terminal according to the path index, acquiring authority information of the data to be accessed, wherein the first application program and the second application program are the same application program, the first application program runs in a sandbox of the terminal, and the second application program runs outside the sandbox;
the shielding module is configured to shield redirection of the first access path when the first application program is determined to have the authority of accessing the data to be accessed according to the authority information;
and the access module is configured to read the data to be accessed from the storage space corresponding to the first access path based on the first access path, and return the read data to the first application program.
9. A terminal, characterized in that the terminal comprises a processor and a memory, in which at least one program code is stored, which is loaded and executed by the processor to implement the data access method according to any of claims 1-7.
10. A computer-readable storage medium having stored therein at least one program code, the at least one program code being loaded and executed by a processor, to implement the data access method of any one of claims 1 to 7.
CN201911098758.2A 2019-11-12 2019-11-12 Data access method, device, terminal and storage medium Active CN110851823B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911098758.2A CN110851823B (en) 2019-11-12 2019-11-12 Data access method, device, terminal and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911098758.2A CN110851823B (en) 2019-11-12 2019-11-12 Data access method, device, terminal and storage medium

Publications (2)

Publication Number Publication Date
CN110851823A CN110851823A (en) 2020-02-28
CN110851823B true CN110851823B (en) 2023-03-10

Family

ID=69601586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911098758.2A Active CN110851823B (en) 2019-11-12 2019-11-12 Data access method, device, terminal and storage medium

Country Status (1)

Country Link
CN (1) CN110851823B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111399790B (en) * 2020-02-29 2023-03-28 惠州华阳通用电子有限公司 Picture sharing system and implementation method thereof
CN112199183A (en) * 2020-11-02 2021-01-08 Tcl通讯(宁波)有限公司 Method and device for controlling application scene data, storage medium and mobile terminal
CN112528273B (en) * 2020-12-29 2023-06-06 天津开心生活科技有限公司 Medical data detection method, device, medium and electronic equipment
CN115510429B (en) * 2022-11-21 2023-04-14 统信软件技术有限公司 Sandbox application access right control method, computing device and readable storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3048552A1 (en) * 2015-01-21 2016-07-27 Samsung Electronics Co., Ltd. Apparatus and method for running multiple instances of a same application in mobile devices
CN106355100A (en) * 2016-11-22 2017-01-25 北京奇虎科技有限公司 Safety protection system and method
CN106406986A (en) * 2016-11-24 2017-02-15 宇龙计算机通信科技(深圳)有限公司 Resource sharing method and device
CN106503157A (en) * 2016-10-24 2017-03-15 宇龙计算机通信科技(深圳)有限公司 One kind opens application system and its data shared access method, system
CN106778291A (en) * 2016-11-22 2017-05-31 北京奇虎科技有限公司 The partition method and isolating device of application program
CN106970978A (en) * 2017-03-28 2017-07-21 联想(北京)有限公司 Data sharing method and device
CN109271211A (en) * 2017-07-18 2019-01-25 阿里巴巴集团控股有限公司 Method, apparatus of attending to anything else, equipment and the medium of application program
CN109491725A (en) * 2018-11-12 2019-03-19 火烈鸟网络(广州)股份有限公司 Application program can interact more extractions of root and system, storage medium, electronic equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1525522A2 (en) * 2002-06-06 2005-04-27 Green Border Technologies Method and system for implementing a secure application execution environment using derived user accounts for internet content
US9396011B2 (en) * 2013-03-12 2016-07-19 Qualcomm Incorporated Algorithm and apparatus to deploy virtual machine monitor on demand

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3048552A1 (en) * 2015-01-21 2016-07-27 Samsung Electronics Co., Ltd. Apparatus and method for running multiple instances of a same application in mobile devices
CN106503157A (en) * 2016-10-24 2017-03-15 宇龙计算机通信科技(深圳)有限公司 One kind opens application system and its data shared access method, system
CN106355100A (en) * 2016-11-22 2017-01-25 北京奇虎科技有限公司 Safety protection system and method
CN106778291A (en) * 2016-11-22 2017-05-31 北京奇虎科技有限公司 The partition method and isolating device of application program
CN106406986A (en) * 2016-11-24 2017-02-15 宇龙计算机通信科技(深圳)有限公司 Resource sharing method and device
CN106970978A (en) * 2017-03-28 2017-07-21 联想(北京)有限公司 Data sharing method and device
CN109271211A (en) * 2017-07-18 2019-01-25 阿里巴巴集团控股有限公司 Method, apparatus of attending to anything else, equipment and the medium of application program
CN109491725A (en) * 2018-11-12 2019-03-19 火烈鸟网络(广州)股份有限公司 Application program can interact more extractions of root and system, storage medium, electronic equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
P. Wrench ; B. Irwin.A Sandbox-Based Approach to the Deobfuscation and Dissection of PHP-Based Malware.2015,第106卷(第106期),全文. *
崔海娜.基于虚拟化及重定向技术的Android沙箱的设计与实现.2018,(10),全文. *

Also Published As

Publication number Publication date
CN110851823A (en) 2020-02-28

Similar Documents

Publication Publication Date Title
CN110674022B (en) Behavior data acquisition method and device and storage medium
CN110851823B (en) Data access method, device, terminal and storage medium
CN110602321B (en) Application program switching method and device, electronic device and storage medium
CN111597008A (en) Popup management method, popup management device, terminal and storage medium
CN109068008B (en) Ringtone setting method, device, terminal and storage medium
CN108717365B (en) Method and device for executing function in application program
CN111159604A (en) Picture resource loading method and device
CN110968815B (en) Page refreshing method, device, terminal and storage medium
CN111866140A (en) Fusion management apparatus, management system, service calling method, and medium
CN110677713A (en) Video image processing method and device and storage medium
CN107943484B (en) Method and device for executing business function
CN109995804B (en) Target resource information display method, information providing method and device
CN110825465A (en) Log data processing method and device, electronic equipment and storage medium
CN114816600B (en) Session message display method, device, terminal and storage medium
CN113051015B (en) Page rendering method and device, electronic equipment and storage medium
CN110502708B (en) Method, device and storage medium for communication based on JSbridge
CN110968549B (en) File storage method, device, electronic equipment and medium
CN113836426A (en) Information pushing method and device and electronic equipment
CN109189525B (en) Method, device and equipment for loading sub-page and computer readable storage medium
CN113076452A (en) Application classification method, device, equipment and computer readable storage medium
CN113495770A (en) Method, device, terminal and storage medium for displaying application page
CN111241451A (en) Webpage processing method and device, computer equipment and storage medium
CN111191254A (en) Access verification method and device, computer equipment and storage medium
CN112764824A (en) Method, device, equipment and storage medium for triggering identity authentication in application program
CN111414563B (en) Webpage interaction method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40022444

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant