CN111444539B - Authority processing method and device, storage medium and terminal - Google Patents
Authority processing method and device, storage medium and terminal Download PDFInfo
- Publication number
- CN111444539B CN111444539B CN202010221045.7A CN202010221045A CN111444539B CN 111444539 B CN111444539 B CN 111444539B CN 202010221045 A CN202010221045 A CN 202010221045A CN 111444539 B CN111444539 B CN 111444539B
- Authority
- CN
- China
- Prior art keywords
- application
- permission
- rights
- authorized
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
Abstract
The embodiment of the application discloses a permission processing method, a permission processing device, a storage medium and a terminal. The authority processing method comprises the following steps: receiving an application multi-opening request of a first application, and opening a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving a permission verification request of the second application, acquiring an application identifier of the second application; acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications; responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result; and operating the second application according to the authority verification result. According to the embodiment of the application, the application permission of the multi-opening application and the application permission of the original application are set separately, so that the safety isolation of the multi-opening application is realized, and the safety of the multi-opening application can be effectively improved.
Description
Technical Field
The present application relates to the field of mobile terminal applications, and in particular, to a method and apparatus for processing rights, a storage medium, and a terminal.
Background
In an Android (Android) system, a permission processing implementation means conventionally used by a mobile phone manufacturer is implemented based on a multi-user mechanism of a native Google, but the implementation means can conflict with functions of the native multi-user, android for Work (a set of schemes for supporting Android application in enterprises for dominant development of Google, and can realize that a working application and a personal application, abbreviated as AFW) are supported on the same device at the same time.
In the related technology, a plug-in technology and a virtualization technology are generally used for realizing multi-opening application, and a layer of virtual space is added between a system service layer and an application layer by the virtualization technology in a proxy system service mode, so that the virtual multi-opening application runs in the virtual space. But it has drawbacks in terms of safety and functionality.
Disclosure of Invention
The embodiment of the application provides a permission processing method, a permission processing device, a storage medium and a terminal, which can effectively improve the safety of multi-application.
The embodiment of the application provides a right processing method, which comprises the following steps:
receiving an application multi-opening request of a first application, and opening a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in a virtual environment;
When receiving a permission verification request of the second application, acquiring an application identifier of the second application;
acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications;
responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result;
and operating the second application according to the authority verification result.
Correspondingly, the embodiment of the application also provides a permission processing device, which comprises:
the receiving unit is used for receiving an application multi-opening request of the first application, and starting a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in the virtual environment;
the first acquisition unit is used for acquiring an application identifier of the second application when receiving the permission verification request of the second application;
the second acquisition unit is used for acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications;
the verification unit is used for verifying the rights to be verified in the rights verification request based on the rights subset to obtain a rights verification result;
And the operation unit is used for operating the second application according to the authority verification result.
Accordingly, an embodiment of the present application further provides a storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps in the rights processing method as described above.
Correspondingly, the embodiment of the application also provides a terminal, which comprises a processor and a memory, wherein the memory stores a plurality of instructions, and the processor loads the instructions to execute the steps in the authority processing method.
According to the embodiment of the application, the application permission of the multi-opening application and the application permission of the original application are set separately, so that the safety isolation of the multi-opening application is realized, and the safety of the multi-opening application can be effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a first rights processing method according to an embodiment of the present application.
Fig. 2 is a flow chart of a second rights processing method according to an embodiment of the present application.
Fig. 3 is a schematic view of a rights setting interface of a rights processing method according to an embodiment of the present application.
Fig. 4 is a block diagram of a first rights processing apparatus according to an embodiment of the present application.
Fig. 5 is a block diagram of a second rights processing device according to an embodiment of the present application.
Fig. 6 is a schematic structural diagram of a terminal according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to fall within the scope of the application.
Based on the above problems, the embodiments of the present application provide a method, an apparatus, a storage medium, and a terminal for processing rights, which can effectively improve the efficiency of cleaning garbage data in a terminal memory. The following will describe in detail. The following description of the embodiments is not intended to limit the preferred embodiments.
Referring to fig. 1, fig. 1 is a flow chart of an authority processing method according to an embodiment of the application. The rights processing method can be applied to mobile terminals such as terminals, tablet computers, notebook computers, palm computers, portable media players (Portable Media Player, PMP), and fixed terminals such as desktop computers. The specific flow of the authority processing method can be as follows:
101. and receiving an application multi-opening request of the first application, and starting a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in the virtual environment.
Specifically, an application multi-opening request of the first application is received, an application multi-opening instruction can be triggered through user operation, and the application multi-opening request is sent to the system service according to the application multi-opening instruction. After receiving the request for multiple applications, starting to start the second application. The first application may be an original application installed on the terminal, and the second application may be a multi-application, that is, a split application of the original application, running in the virtual environment.
Specifically, the application multi-opening means that at least two identical applications are simultaneously opened on one terminal device, and at least two accounts can be logged in and run in the background at the same time. The implementation means of the application multi-opening is generally to implement the multi-opening application by using a plug-in technology and a virtualization technology. A virtual space is added between a system service layer and an application layer by a mode of proxy system service, so that a virtual multi-application runs in the virtual space. The virtualization technology mainly constructs an agent above the original system service through the HOOK technology, and a set of virtual environment is built for the application in the agent, so that the multi-application can run in the virtual environment.
The HOOK function can process (change) the execution behavior of the function and can force the end of the message transfer. In short, the program of the system is pulled out to become the code segment executed by the user.
In some embodiments, after receiving the application multi-open request, active malicious detection of the multi-open application is required before starting running the second application in the virtual environment in order to avoid the multi-open application mechanism being utilized by malware. Then, before the step of "opening the second application according to the application multi-opening request", the following steps may be included:
acquiring application information of the first application;
performing security detection on the second application based on the application information;
and if the detection is passed, opening a second application according to the application multi-opening request.
Specifically, the application message for obtaining the first application may include a plurality of types, and for example, the application message may include an application installation package name, a hash fingerprint, and the like. The hash function is also called hash function or hash function, which is a unique digital fingerprint, belongs to a cryptographic algorithm which can only encrypt and not decrypt, can compress and reduce information or data, and fixes the format of the data just like all functions.
The specific application message of the original application meeting the multi-opening condition can be pre-stored in the system on the premise of being used for confirming whether the current multi-opening application is a malicious application or has possible malicious behaviors under the specific condition. The malicious detection mechanism may be triggered in various situations, such as when an application is multi-start initialized, when an application is started, when a request is made for a right, when an application accesses a file resource, when an application jumps, etc.
And after the second application is detected to pass, starting the second application, and effectively ensuring the use safety of the application program.
102. And when receiving the permission verification request of the second application, acquiring the application identification of the second application.
Specifically, after the second application is started, when some functions are performed, it is necessary to acquire the application authority. For example, if the second application needs to take a picture, the camera authority needs to be acquired; if the second application needs to send information, then the contact rights need to be obtained, and so on.
The second application may send a permission verification request when the second application needs to acquire the corresponding permission. When receiving the permission verification request sent by the second application, the application identifier of the second application can be obtained. Wherein the application identifiers can be used to represent the uniqueness of the applications, each of which can correspond to a unique identifier. The application identifier may be a character string consisting of letters or numbers or symbols, etc., and for example, the application identifier obtained to the second application may be ABC1.
103. And acquiring a permission subset corresponding to the application identifier from the permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to the plurality of applications.
Specifically, after the application identifier of the second application is obtained, a permission subset corresponding to the application identifier may be obtained from the permission set. The permission set may include authorized application permissions and application permissions to be authorized corresponding to the plurality of applications.
Specifically, the plurality of applications refer to original applications that can implement the application multi-open function; the authorized application permission may refer to that when the user installs the original applications after downloading the original applications, multiple opening permission setting is performed on the original applications, and when the application permission is authorized, the user can be authorized to do not perform authorization, but when the original applications are multiple opening, the user can grant permission again according to actual situations.
For example, the permission set may include a plurality of authorized application permissions such as an authorized application permission 1, an authorized application permission 2, an authorized application permission 3, an authorized application permission 4, and a plurality of to-be-authorized application permissions such as an to-be-authorized application permission 1, an to-be-authorized application permission 2, an to-be-authorized application permission 3, an to-be-authorized application permission 4, and the like. Wherein the plurality of authorized application rights and the application rights to be authorized can be respectively corresponding to different applications. For example, application a may include: the application B may include an authorized application right 3, an authorized application right 4, and the like.
Specifically, a permission subset corresponding to the application identifier is obtained from the permission set. The permission set can be divided into a plurality of permission subsets according to application identifiers of different applications, and the permission subsets can comprise authorized application permissions and application permissions to be authorized corresponding to the applications.
For example, the permission set may include two permission subsets, and the application identifier corresponding to the permission subsets may be ABC1, ABC2. ABC1 corresponds to authorized application authority 1, application authority 1 to be authorized, application authority 2 to be authorized and application authority 3 to be authorized; ABC2 corresponds to authorized application rights 1, application rights 1 to be authorized, and the like.
The application identifier obtained from the second application may be ABC1, the authorized application right corresponding to the second application may be determined to be authorized application right 1 according to the application identifier ABC1, the application right to be authorized may be application right 1 to be authorized, application right 2 to be authorized, and application right 3 to be authorized.
104. And responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result.
Specifically, after the permission subset corresponding to the second application is obtained, the permission verification request of the second application may be responded based on the permission subset. The application rights in the rights verification request can be verified through the authorized application rights in the rights subset, and a verification result is obtained.
In some embodiments, the step of responding to the rights verification request and performing rights verification based on the rights subset may include the following steps:
determining an authorized application authority list corresponding to the second application according to the authority subset;
acquiring rights to be verified in the rights verification request;
matching the rights to be verified with the authorized application rights list;
if the matching is successful, the right to be verified is successfully verified;
if the matching fails, the verification of the right to be verified fails.
Specifically, an authorized application permission list corresponding to the second application is determined according to the permission sub-set, and in the previous step, the permission sub-set corresponding to the second application is obtained from the permission set according to the application identifier of the second application, wherein the permission sub-set comprises all authorized applications and applications to be authorized corresponding to the second application. The list of authorized application rights may be determined based on the authorized applications in the subset of rights.
Specifically, the right to be verified in the right verification request is obtained, and the right to be verified can be expressed as the right which needs to be obtained by the current second application so as to execute the corresponding function. The right to be verified can be determined through the right verification request, and the right can be one application right or a plurality of application rights.
Specifically, the rights to be verified are matched with the authorized application rights list, and whether the rights pass the verification can be obtained according to the matching result. The authority to be verified is matched with the authorized application authority list, whether the authority to be verified exists or not can be judged through the authorized authority list, if the authority to be verified exists in the authorized authority list, the matching is successful, the authority to be verified passes the verification, and the second application can use the authority to be verified; if the authority to be verified does not exist in the authorized authority list, the matching fails, the authority to be verified does not pass, and the second application cannot use the authority to be verified.
For example, the rights to be verified may be camera rights, and the authorized application rights list may include: the contact person authority, the voice authority and the position authority can judge that the authorized application authority list does not have the camera authority, and the authority verification fails; for another example, the rights to be verified may be voice rights, and the authorized application rights list may include: the contact person authority, the voice authority and the position authority can judge that the authorized application authority list has the voice authority, and the authority verification is passed.
In some embodiments, in order to enable a user to select rights according to actual situations when using the multi-open application, some functions are completed, and the user can set rights by himself in the process of running the application. For example, after the step of "verifying the rights to be verified fails", the following steps may be further included:
acquiring all application rights to be authorized in the rights sub-set;
generating a permission setting interface according to all application permissions to be authorized;
displaying the permission setting interface on a current display interface, and prompting a user to set the permission;
and processing the application permission to be authorized according to the operation of the user on the permission setting interface to obtain a permission granting result.
Specifically, all application rights to be authorized in the right subset corresponding to the second application are obtained, and a list of application rights to be authorized can be obtained. According to the application permission list to be authorized, a permission setting interface can be generated, the permission setting interface is displayed on a current display screen, the appliance is prompted to set the permission, and then the permission to be verified in the permission verification request can be set according to the operation of a user on the permission setting interface, namely, the application permission to be authorized is set, and a permission grant result of the permission to be verified can be obtained.
In some embodiments, the step of "processing the application rights to be authorized according to the operation of the user on the rights setting interface" may include the following procedures:
acquiring user operation information;
determining a selection control operated by a user according to the user operation information;
and granting the permission of the application permission to be authorized corresponding to the selection control operated by the user.
Specifically, the user operation information is obtained, and the user operation information may be a touch operation, and the touch operation may include various modes such as clicking a screen, sliding the screen, pressing a physical key, and the like.
The permission setting interface may include all applications to be authorized and multiple choices, where each application to be authorized may correspond to a selection control, and the selection control may be in multiple manifestations, for example, the selection control may be a selection box, a selection button, and so on.
Specifically, a selection control set by a user is determined according to user operation, and then the application permission to be authorized for user authorization can be determined according to the selection control.
For example, the permission setting interface may include an application permission 1 to be authorized, an application permission 2 to be authorized, an application permission 3 to be authorized, and the like, where the application permission 1 to be authorized corresponds to the selection control 1, the application permission 2 to be authorized corresponds to the selection control 2, the application permission 3 to be authorized corresponds to the selection control 3, the selection control may be a selection box 3, the detection of the user operation may be clicking the selection box 1, and a sign of 'v' appears in the selection box 1, so that it is determined that the user authorizes the application permission to be authorized. The rights granting result can be obtained.
105. And operating the second application according to the authority verification result.
Specifically, the second application is operated according to the authority verification result, the current user executes the function A through the second application, the function A needs to acquire the authority 1, after passing the authority verification, the authority 1 is verified, and the second application can acquire the function A required to be executed by the user executed by the authority 1. The security of the user privacy information is ensured, and meanwhile, the use experience of the multi-application is not influenced.
In some embodiments, after the step of "running the second application according to the rights verification result", the steps of:
when a data access request of the second application is received, determining a position of a data file to be accessed according to the data access request;
judging whether the position of the data file to be accessed is a preset position or not;
if not, redirecting the access path of the data access request to obtain a target access path;
and performing data access based on the target access path.
Specifically, a data access request of the second application is received, and the file position of the data to be accessed is determined according to the data access request. Where the file location may refer to the location of the file in memory, for example, the file location may be: system refers to the display of the location of the file that can be seen by the user under the System file directory.
After the file position of the data to be accessed is obtained, it may be determined whether the file position is the same as the preset position. Wherein the preset location may be a data storage location of the second application, when the application is accessing an application under its own directory, such as/data/a, but only the application can access the directory, the multi-open application of the application needs to redirect the access path to, for example
Data can be accessed only under/dualaps/data/a.
For example, the preset location may be/Appa/data, and the file location of the data to be accessed may be/System, and then it may be determined that the file location of the data to be accessed is not the preset location.
If the position of the data file to be accessed is not the preset position, the access path of the data access can be redirected, and the target access path is obtained. Path redirection may refer to changing an original path of a data access request according to a preset location and a file location of data to be accessed.
For example, the preset location may be/Appa/data, the file location of the data to be accessed may be/System, the access path may be redirected, the target access path may be obtained as/Appa/data/System, and the data access may be completed based on the modified target access path.
The embodiment of the application discloses a right processing method, which comprises the following steps: receiving an application multi-opening request of a first application, and opening a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving a permission verification request of the second application, acquiring an application identifier of the second application; acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications; responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result; and operating the second application according to the authority verification result. According to the embodiment of the application, the application permission of the multi-opening application and the application permission of the original application are set separately, so that the safety isolation of the multi-opening application is realized, and the safety of the multi-opening application can be effectively improved.
Referring to fig. 2, fig. 2 is a flow chart of a second permission processing method according to an embodiment of the present application. The specific scene application of the authority processing method can be as follows:
201. and the terminal receives the application multi-opening instruction and starts to start the multi-opening application according to the application multi-opening instruction.
Specifically, the terminal receives an application multi-opening instruction, and the application multi-opening instruction can be triggered through user operation. When the application is multi-opened, the application needs to have a multi-opening function, and the application with the multi-opening function can display two application icons on the terminal application display interface. One application icon corresponds to an open entry of an application, and the other application icon corresponds to an open entry of a multi-open application.
For example, the user may trigger the application multi-open instruction by clicking on an application icon corresponding to the multi-open application. The terminal can start to start the multi-open application according to the application multi-open instruction.
202. The terminal monitors the security of the multi-open application and judges whether the multi-open application is a security application or not.
Specifically, when the terminal starts to start the multi-open application according to the application multi-open instruction, in order to avoid the opening of the malicious application, the multi-open application can be monitored safely, and whether the multi-open application is a safe application or not is judged.
For example, when the multi-application is monitored for security, if the multi-application passes the security monitoring, the multi-application is a security application, and step 204 may be performed; for another example, if the multi-application fails the security monitoring, the multi-application is not a security application, possibly a malicious application, and step 203 may be performed.
203. And the terminal fails to start the multi-opening application and ends the operation.
Specifically, when the terminal detects that the multi-open application is not a secure application, the multi-open application stops being started, and other program operation of the terminal is prevented from being influenced or user data is prevented from being leaked.
204. The terminal acquires an application identifier of the multi-open application, and acquires a permission subset corresponding to the multi-open application from the permission set according to the application identifier.
Specifically, when the terminal detects that the multi-open application is a secure application, the corresponding application permission can be granted to the multi-open application. Specifically, the terminal may obtain an application identifier of the multi-open application, and after obtaining the application identifier of the multi-open application, determine, according to the application identifier, all application rights corresponding to the application identifier from an application rights library, that is, a rights subset corresponding to the multi-open application.
All application rights in the rights subset corresponding to the multi-open application may include the application rights to be authorized and the authorized application rights.
For example, the obtaining the permission set corresponding to the multi-application may include: rights 1 authorized, rights 2 authorized, rights 3 authorized, rights 1 to be authorized, rights 2 to be authorized, and so forth.
205. The terminal generates a rights setting interface based on the rights sub-collection.
Specifically, after the terminal obtains the permission subset corresponding to the multi-application, the terminal may generate a permission setting interface according to the permission subset. And acquiring all application rights to be authorized in the rights sub-set, obtaining an application rights list to be authorized, and displaying the application rights list to be authorized on a rights setting interface so as to enable a user to set. Referring to fig. 3, fig. 3 is a schematic view of an authority setting interface of an authority processing method according to an embodiment of the present application.
For example, fig. 3 includes an application right 1, an application right 2, an application right 3, an application right 4, and a selection control corresponding to the right side of each application right, where the selection control may be a sliding button, and the application right is set by a switch through the sliding button. The application permission displayed by the application permission setting interface can be application permission to be authorized, and a user can set the application permission according to the function which is currently required to be completed.
206. And the terminal grants the permission to the multi-open application according to the operation of the user on the permission setting interface to obtain a permission granting result.
Specifically, the terminal grants permission to the multi-open application according to the operation of the user on the permission setting interface, please refer to fig. 3, at this time, the sliding button of the selection control corresponding to the right side of each application permission is located on the right side, and "Off" can be seen on the selection control, which can indicate that the application permission is in a closed state, that is, the multi-open application cannot acquire the application permission.
For example, the user may slide the sliding button on the selection control corresponding to the application right 1 to the left side, and then the application right 1 may be opened, and the multi-open application obtains the application right 1.
207. And the terminal runs the multi-open application according to the permission grant result.
Specifically, after the user completes the operation of the full-line setting interface, the multi-open application can obtain the permission granting result according to the user operation, and start to run based on the permission granting result, if the application permission authorized for the user is executed when a certain function is executed, the application permission can be obtained to complete the corresponding function.
The embodiment of the application discloses a right processing method, which comprises the following steps: receiving an application multi-opening request of a first application, and opening a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving a permission verification request of the second application, acquiring an application identifier of the second application; acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications; responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result; and operating the second application according to the authority verification result. According to the embodiment of the application, the application permission of the multi-opening application and the application permission of the original application are set separately, so that the safety isolation of the multi-opening application is realized, and the safety of the multi-opening application can be effectively improved.
In order to facilitate better implementation of the rights processing method provided by the embodiment of the application, the embodiment of the application also provides a device based on the rights processing method. Wherein the meaning of nouns is the same as in the rights handling method described above, specific implementation details may be referred to the description in the method embodiments.
Referring to fig. 4, fig. 4 is a block diagram of a first rights handling unit according to an embodiment of the present application, which can be applied to a mobile terminal such as a terminal, a tablet computer, a notebook computer, a palm top computer, a portable media player (Portable Media Player, PMP), and a fixed terminal such as a desktop computer, and the device includes:
the receiving unit 301 is configured to receive an application multi-opening request of a first application, and open a second application according to the application multi-opening request, where the second application is a split application corresponding to the first application in a virtual environment;
a first obtaining unit 302, configured to obtain an application identifier of the second application when receiving a permission verification request of the second application;
a second obtaining unit 303, configured to obtain a subset of rights corresponding to the application identifier from a set of rights, where the set of rights includes authorized application rights and application rights to be authorized corresponding to a plurality of applications;
The verification unit 304 is configured to verify the rights to be verified in the rights verification request based on the rights subset, so as to obtain a rights verification result;
and the operation unit 305 is used for operating the second application according to the authority verification result.
In some embodiments, referring to fig. 5, fig. 5 is a block diagram of a first rights processing device according to an embodiment of the present application, and the verification unit 304 may include:
a determining subunit 3041, configured to determine, according to the permission subset, an authorized application permission list corresponding to the second application;
a first obtaining subunit 3042, configured to obtain a right to be verified in the right verification request;
a matching subunit 3043, configured to match the rights to be verified with the authorized application rights list;
the first execution subunit 3044 is configured to verify the right to be verified successfully if the matching is successful;
the second execution subunit 3045 is configured to verify the authority to be verified if the matching fails.
In some embodiments, the verification unit 304 may further include:
the second acquisition subunit is used for acquiring all application rights to be authorized in the rights subset;
The generation subunit is used for generating a permission setting interface according to all the application permissions to be authorized;
the display subunit is used for displaying the authority setting interface on a current display interface and prompting a user to set the authority;
and the processing subunit is used for processing the application permission to be authorized according to the operation of the user on the permission setting interface to obtain a permission granting result.
In some embodiments, the processing subunit is specifically configured to: acquiring user operation information; determining a selection control operated by a user according to the user operation information; and granting the permission of the application permission to be authorized corresponding to the selection control operated by the user.
In some embodiments, the rights processing apparatus may further include:
the determining unit is used for determining the position of the data file to be accessed according to the data access request when the data access request of the second application is received;
the judging unit is used for judging whether the position of the data file to be accessed is a preset position or not;
the processing unit is used for redirecting the access path of the data access request if not, so as to obtain a target access path;
and the access unit is used for accessing the data based on the target access path.
In some embodiments, the rights processing apparatus may further include:
a third acquiring unit, configured to acquire application information of the first application;
the detection unit is used for carrying out security detection on the second application based on the application information;
and the starting unit is used for starting the second application according to the application multi-opening request if the detection passes.
The embodiment of the application discloses a permission processing device, which comprises: receiving an application multi-opening request of a first application, and opening a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving a permission verification request of the second application, acquiring an application identifier of the second application; acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications; responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result; and operating the second application according to the authority verification result. According to the embodiment of the application, the application permission of the multi-opening application and the application permission of the original application are set separately, so that the safety isolation of the multi-opening application is realized, and the safety of the multi-opening application can be effectively improved.
The embodiment of the application also provides a terminal. As shown in fig. 6, the terminal may include Radio Frequency (RF) circuitry 601, memory 602 including one or more storage media, input unit 603, display unit 604, sensor 605, audio circuit 606, wireless fidelity (WiFi, wireless Fidelity) module 607, processor 608 including one or more processing cores, and power supply 609. It will be appreciated by those skilled in the art that the terminal structure shown in fig. 6 is not limiting of the terminal and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components. Wherein:
the RF circuit 601 may be used for receiving and transmitting signals during the process of receiving and transmitting information, in particular, after receiving downlink information of a base station, the downlink information is processed by one or more processors 608; in addition, data relating to uplink is transmitted to the base station. Typically, RF circuitry 601 includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a subscriber identity module (SIM, subscriber Identity Module) card, a transceiver, a coupler, a low noise amplifier (LNA, low Noise Amplifier), a duplexer, and the like. In addition, the RF circuitry 601 may also communicate with networks and other devices through wireless communications.
The memory 602 may be used to store software programs and modules that are stored in the memory 602 for execution by the processor 608 to perform various functional applications and data processing. The memory 602 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for at least one function (such as a sound playing function, an image playing function, etc.), and the like. In addition, the memory 602 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 602 may also include a memory controller to provide access to the memory 602 by the processor 608 and the input unit 603.
The input unit 603 may be used to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, in one particular embodiment, the input unit 603 may include a touch-sensitive surface, as well as other input devices. The touch-sensitive surface, also referred to as a touch display screen or a touch pad, may collect touch operations thereon or thereabout by a user (e.g., operations thereon or thereabout by a user using any suitable object or accessory such as a finger, stylus, etc.), and actuate the corresponding connection means according to a predetermined program. The input unit 603 may comprise other input devices in addition to a touch sensitive surface. In particular, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.
The display unit 604 may be used to display information input by a user or information provided to the user and various graphical user interfaces of the server, which may be composed of graphics, text, icons, video and any combination thereof. The display unit 604 may include a display panel, which may be optionally configured in the form of a liquid crystal display (LCD, liquid Crystal Display), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch-sensitive surface may overlay a display panel, and upon detection of a touch operation thereon or thereabout, the touch-sensitive surface is passed to the processor 608 to determine the type of touch event, and the processor 608 then provides a corresponding visual output on the display panel based on the type of touch event. Although in fig. 6 the touch sensitive surface and the display panel are implemented as two separate components for input and output functions, in some embodiments the touch sensitive surface may be integrated with the display panel to implement the input and output functions.
The terminal may also include at least one sensor 605, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel according to the brightness of ambient light, and a proximity sensor that may turn off the display panel and the backlight when the server moves to the ear.
Audio circuitry 606, speakers, and a microphone may provide an audio interface between the user and the server. The audio circuit 606 may transmit the received electrical signal after audio data conversion to a speaker, where the electrical signal is converted to a sound signal for output; on the other hand, the microphone converts the collected sound signals into electrical signals, which are received by the audio circuit 606 and converted into audio data, which are processed by the audio data output processor 608 for transmission to, for example, a terminal via the RF circuit 601, or which are output to the memory 602 for further processing. The audio circuit 606 may also include an ear bud jack to provide communication between the peripheral ear bud and the server.
The WiFi belongs to a short-distance wireless transmission technology, and the terminal can help the user to send and receive e-mail, browse web pages, access streaming media and the like through the WiFi module 607, so that wireless broadband internet access is provided for the user. Although fig. 6 shows a WiFi module 607, it is understood that it does not belong to the essential constitution of the terminal, and can be omitted entirely as required within a range that does not change the essence of the application.
The processor 608 is a control center of the terminal, and connects various parts of the entire terminal using various interfaces and lines, and performs various functions of the server and processes data by running or executing software programs and modules stored in the memory 602, and calling data stored in the memory 602, thereby performing overall monitoring of the terminal. Optionally, the processor 608 may include one or more processing cores; preferably, the processor 608 may integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., with a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 608.
The terminal also includes a power supply 609 (e.g., a battery) for powering the various components, which may be logically connected to the processor 608 via a power management system so as to provide for managing charging, discharging, and power consumption by the power management system. The power supply 609 may also include one or more of any components, such as a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
Specifically, in this embodiment, the processor 608 in the terminal loads executable files corresponding to the processes of one or more application programs into the memory 602 according to the following instructions, and the processor 608 executes the application programs stored in the memory 602, so as to implement various functions:
receiving an application multi-opening request of a first application, and opening a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in a virtual environment;
when receiving a permission verification request of the second application, acquiring an application identifier of the second application;
acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications;
Responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result;
and operating the second application according to the authority verification result.
The embodiment of the application discloses a permission processing method, a permission processing device, a storage medium and a terminal. The authority processing method comprises the following steps: receiving an application multi-opening request of a first application, and opening a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving a permission verification request of the second application, acquiring an application identifier of the second application; acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications; responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result; and operating the second application according to the authority verification result. According to the embodiment of the application, the application permission of the multi-opening application and the application permission of the original application are set separately, so that the safety isolation of the multi-opening application is realized, and the safety of the multi-opening application can be effectively improved.
Those of ordinary skill in the art will appreciate that all or a portion of the steps in the various methods of the above embodiments may be performed by instructions, or by controlling associated hardware by instructions, which may be stored in a storage medium and loaded and executed by a processor.
To this end, an embodiment of the present application provides a storage medium having stored therein a plurality of instructions capable of being loaded by a processor to perform the steps of any of the rights processing methods provided by the embodiments of the present application. For example, the instructions may perform the steps of:
receiving an application multi-opening request of a first application, and opening a second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving a permission verification request of the second application, acquiring an application identifier of the second application; acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications; responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result; and operating the second application according to the authority verification result.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
Wherein the storage medium may include: read Only Memory (ROM), random access Memory (RAM, random Access Memory), magnetic or optical disk, and the like.
The steps in any one of the rights processing methods provided in the embodiments of the present application may be executed by the instructions stored in the storage medium, so that the beneficial effects that any one of the rights processing methods provided in the embodiments of the present application may be achieved are detailed in the previous embodiments, and are not described herein.
The above describes the rights processing method, device, storage medium and terminal provided by the embodiments of the present application in detail, and specific examples are applied to describe the principles and embodiments of the present application, and the description of the above embodiments is only used to help understand the method and core idea of the present application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in light of the ideas of the present application, the present description should not be construed as limiting the present application.
Claims (9)
1. A rights processing method, characterized by comprising:
Receiving an application multi-opening request of a first application, and acquiring an application installation package name and a digital fingerprint of the first application, wherein the first application is an application installed on a terminal;
detecting whether a second application is a malicious application or has malicious behavior based on the application installation package name and the digital fingerprint;
if the second application is not a malicious application and does not have malicious behaviors, opening the second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in the virtual environment;
when receiving a permission verification request of the second application, acquiring an application identifier of the second application;
acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications;
responding to the permission verification request based on the permission subset and performing permission verification to obtain a permission verification result;
and operating the second application according to the authority verification result.
2. The method of claim 1, wherein responding to the permission verification request and performing permission verification based on the subset of permissions comprises:
Determining an authorized application authority list corresponding to the second application according to the authority subset;
acquiring rights to be verified in the rights verification request;
matching the rights to be verified with the authorized application rights list;
if the matching is successful, the right to be verified is successfully verified;
if the matching fails, the verification of the right to be verified fails.
3. The method of claim 2, further comprising, after the verifying the rights to be verified fails:
acquiring all application rights to be authorized in the rights sub-set;
generating a permission setting interface according to all application permissions to be authorized;
displaying the permission setting interface on a current display interface, and prompting a user to set the permission;
and processing the application permission to be authorized according to the operation of the user on the permission setting interface to obtain a permission granting result.
4. A method according to claim 3, wherein the rights setting interface comprises a selection control;
the processing the application permission to be authorized according to the operation of the user on the permission setting interface comprises the following steps:
acquiring user operation information;
Determining a selection control operated by a user according to the user operation information;
and granting the permission of the application permission to be authorized corresponding to the selection control operated by the user.
5. The method of claim 1, further comprising, after running the second application according to the rights verification result:
when a data access request of the second application is received, determining a position of a data file to be accessed according to the data access request;
judging whether the position of the data file to be accessed is a preset position or not;
if not, redirecting the access path of the data access request to obtain a target access path;
and performing data access based on the target access path.
6. A rights processing apparatus, characterized by comprising:
the terminal comprises a receiving unit, a receiving unit and a processing unit, wherein the receiving unit is used for receiving an application multi-opening request of a first application, and acquiring an application installation package name and a digital fingerprint of the first application, wherein the first application is an application installed at the terminal; detecting whether a second application is a malicious application or has malicious behavior based on the application installation package name and the digital fingerprint; if the second application is not a malicious application and does not have malicious behaviors, opening the second application according to the application multi-opening request, wherein the second application is a split application corresponding to the first application in the virtual environment;
The first acquisition unit is used for acquiring an application identifier of the second application when receiving the permission verification request of the second application;
the second acquisition unit is used for acquiring a permission subset corresponding to the application identifier from a permission set, wherein the permission set comprises authorized application permissions and application permissions to be authorized corresponding to a plurality of applications;
the verification unit is used for verifying the rights to be verified in the rights verification request based on the rights subset to obtain a rights verification result;
and the operation unit is used for operating the second application according to the authority verification result.
7. The apparatus of claim 6, wherein the authentication unit comprises:
a determining subunit, configured to determine an authorized application permission list corresponding to the second application according to the permission subset;
the first acquisition subunit is used for acquiring the rights to be verified in the rights verification request;
the matching subunit is used for matching the rights to be verified with the authorized application rights list;
the first execution subunit is used for verifying the right to be verified successfully if the matching is successful;
and the second execution subunit is used for verifying the authority to be verified if the matching fails.
8. A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps of the rights processing method of any of claims 1 to 5.
9. A terminal comprising a processor and a memory, the memory storing a plurality of instructions, the processor loading the instructions to perform the steps in the rights handling method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010221045.7A CN111444539B (en) | 2020-03-26 | 2020-03-26 | Authority processing method and device, storage medium and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010221045.7A CN111444539B (en) | 2020-03-26 | 2020-03-26 | Authority processing method and device, storage medium and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111444539A CN111444539A (en) | 2020-07-24 |
| CN111444539B true CN111444539B (en) | 2023-10-03 |
Family
ID=71648718
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010221045.7A Active CN111444539B (en) | 2020-03-26 | 2020-03-26 | Authority processing method and device, storage medium and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111444539B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111931160B (en) * | 2020-08-13 | 2024-03-29 | 企查查科技股份有限公司 | Authority verification method, authority verification device, terminal and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106650410A (en) * | 2016-12-29 | 2017-05-10 | 北京奇虎科技有限公司 | Method and device for android application permission control |
| CN106650324A (en) * | 2016-10-10 | 2017-05-10 | 广东欧珀移动通信有限公司 | Application program authority management method and device and mobile terminal |
| CN108932427A (en) * | 2018-05-18 | 2018-12-04 | 华中科技大学 | A kind of Android is using the control method and system for limiting access in more open loop borders |
| CN109388435A (en) * | 2017-08-04 | 2019-02-26 | 北京多点在线科技有限公司 | Realize app while the repeatedly method and apparatus of opening operation |
-
2020
- 2020-03-26 CN CN202010221045.7A patent/CN111444539B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106650324A (en) * | 2016-10-10 | 2017-05-10 | 广东欧珀移动通信有限公司 | Application program authority management method and device and mobile terminal |
| CN106650410A (en) * | 2016-12-29 | 2017-05-10 | 北京奇虎科技有限公司 | Method and device for android application permission control |
| CN109388435A (en) * | 2017-08-04 | 2019-02-26 | 北京多点在线科技有限公司 | Realize app while the repeatedly method and apparatus of opening operation |
| CN108932427A (en) * | 2018-05-18 | 2018-12-04 | 华中科技大学 | A kind of Android is using the control method and system for limiting access in more open loop borders |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111444539A (en) | 2020-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210336780A1 (en) | Key updating method, apparatus, and system | |
| WO2017198161A1 (en) | Network connection method, apparatus, storage medium, and terminal | |
| US9703971B2 (en) | Sensitive operation verification method, terminal device, server, and verification system | |
| CN110417543B (en) | Data encryption method, device and storage medium | |
| WO2017185711A1 (en) | Method, apparatus and system for controlling smart device, and storage medium | |
| CN106778175B (en) | Interface locking method and device and terminal equipment | |
| WO2017084288A1 (en) | Method and device for verifying identity | |
| CN108881103B (en) | Network access method and device | |
| JP2018537027A (en) | Service processing method, device and system | |
| US20160241544A1 (en) | User identity verification method and system, password protection apparatus and storage medium | |
| WO2014108005A1 (en) | Co-verification method, two-dimensional code generation method, and device and system therefor | |
| CN109416800B (en) | Authentication method of mobile terminal and mobile terminal | |
| CN108475304B (en) | Method and device for associating application program and biological characteristics and mobile terminal | |
| WO2014000652A1 (en) | Browser plug-in installation method, device and terminal | |
| CN112528288A (en) | Running method of trusted application, information processing and memory allocation method and device | |
| WO2016078504A1 (en) | Identity authentication method and device | |
| WO2013159632A1 (en) | Method, firewall, terminal and readable storage medium for implementing security protection | |
| WO2018214748A1 (en) | Method and apparatus for displaying application interface, terminal and storage medium | |
| US20170323115A1 (en) | Method and apparatus for remotely deleting information | |
| CN108090345B (en) | Linux system external command execution method and device | |
| US10764038B2 (en) | Method and apparatus for generating terminal key | |
| CN108460251B (en) | Method, device and system for running application program | |
| CN106447325B (en) | NFC communication-based processing method and device and mobile terminal | |
| CN111444539B (en) | Authority processing method and device, storage medium and terminal | |
| WO2015062241A1 (en) | Method, device and terminal for protecting application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |