CN112347503A - Management method, management device and computer storage medium - Google Patents

Management method, management device and computer storage medium Download PDF

Info

Publication number
CN112347503A
CN112347503A CN202011093638.6A CN202011093638A CN112347503A CN 112347503 A CN112347503 A CN 112347503A CN 202011093638 A CN202011093638 A CN 202011093638A CN 112347503 A CN112347503 A CN 112347503A
Authority
CN
China
Prior art keywords
storage area
current application
identifier
application
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011093638.6A
Other languages
Chinese (zh)
Inventor
彭京
余洋成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Chuanyin Communication Technology Co ltd
Original Assignee
Chongqing Chuanyin Communication Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Chuanyin Communication Technology Co ltd filed Critical Chongqing Chuanyin Communication Technology Co ltd
Priority to CN202011093638.6A priority Critical patent/CN112347503A/en
Publication of CN112347503A publication Critical patent/CN112347503A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a management method, a management device and a computer storage medium, wherein the management method comprises the following steps: acquiring a current application identifier and an identifier of a target storage area to be accessed by the current application; detecting whether the storage area identifier corresponding to the current application identifier contains the identifier of the target storage area or not according to the access permission relationship between the set application identifier and the storage area identifier; and determining whether to allow the current application to access the target storage area according to the obtained detection result. According to the method and the device, whether the target storage area is the accessible storage area corresponding to the current application is judged according to the current application identifier and the identifier of the target storage area to be accessed by the current application, and whether the current application is allowed to access the target storage area is further determined, so that the privacy and the safety of data are improved.

Description

Management method, management device and computer storage medium
Technical Field
The present application relates to the field of information technology, and in particular, to a management method, an apparatus, and a computer storage medium.
Background
With the rise of mobile internet and the rapid development of computer technology, the degree of social informatization is continuously improved, and data and information resources become important novel resources acknowledged worldwide. Therefore, it is necessary to develop security research on management, integration, development, configuration, and the like of resources. In the prior art, various methods have been proposed for improving the security of resource data, for example, dividing a resource accessed by an application into two parts, protecting a key common resource part shared by a plurality of applications in a read-only manner through a predetermined file system, and preventing any application from tampering system resources. However, in the prior art, only the private resource directory and the public resource directory are divided and safely managed for the application access resources, and the mutual access of the private resource directories of different applications is not safely managed, so that the privacy and the safety of data are influenced.
The foregoing description is provided for general background information and is not admitted to be prior art.
Disclosure of Invention
The application aims to provide a management method, a management device and a computer storage medium.
In order to achieve the purpose, the technical scheme of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a management method, including:
acquiring a current application identifier and an identifier of a target storage area to be accessed by the current application;
detecting whether the storage area identifier corresponding to the current application identifier contains the identifier of the target storage area or not according to the access permission relationship between the set application identifier and the storage area identifier;
and determining whether to allow the current application to access the target storage area according to the obtained detection result.
As an embodiment, the determining whether to allow the current application to access the target storage area according to the obtained detection result includes:
when determining that the storage area identifier corresponding to the current application identifier contains the identifier of the target storage area according to the obtained detection result, allowing the current application to access the target storage area; and/or the presence of a gas in the gas,
and when determining that the storage area identifier corresponding to the current application identifier does not contain the identifier of the target storage area according to the obtained detection result, forbidding the current application to access the target storage area.
As an embodiment, after prohibiting the current application from accessing the target storage area, the method further includes:
sending out an early warning message whether to finish the current application;
and after receiving a confirmation instruction for finishing the current application, closing the current application.
As an implementation manner, before the obtaining of the identifier of the current application and the identifier of the target storage area to be accessed by the current application, the method further includes:
after detecting that a new application is created, newly creating or distributing a private storage area to the new application; optionally, the private storage area is a storage area accessible only to the new application;
and establishing and storing an access permission relation between the new application identifier and the private storage area identifier.
As one of the implementation modes, the method further comprises the following steps:
establishing and storing an allowed access relation between the new application identifier and the created public storage area identifier; optionally, the common storage area is a storage area accessible by each application.
As an embodiment, the identification of the target storage area is an identification of the public storage area, and after the current application is allowed to access the target storage area, the method further includes:
acquiring an operation object and an operation to be executed corresponding to the current application;
judging whether the current application has the operation authority of executing the operation to be executed on the operation object;
and determining whether to allow the current application to execute the operation to be executed on the operation object according to the obtained judgment result.
As an implementation manner, the operation object is a data file already created by the current application, and the operation to be executed is a write operation, further including:
determining the type of data to be written when the current application is allowed to execute the operation to be executed on the operation object;
and storing the data to be written into a memory sub-area which is matched with the type of the data to be written in the common memory area.
As one of the implementation modes, the method further comprises the following steps:
and dividing the common storage area according to a preset data type so as to divide the common storage area into at least one storage sub-area corresponding to the preset data type.
In a second aspect, an embodiment of the present application provides a management apparatus, which includes a processor and a storage device for storing a program; when executed by the processor, the program causes the processor to implement the management method according to the first aspect.
In a third aspect, an embodiment of the present application provides a computer storage medium storing a computer program, where the computer program, when executed by a processor, implements the management method according to the first aspect.
The management method, the management device and the computer storage medium provided by the embodiment of the application comprise the following steps: acquiring a current application identifier and an identifier of a target storage area to be accessed by the current application; detecting whether the storage area identifier corresponding to the current application identifier contains the identifier of the target storage area or not according to the access permission relationship between the set application identifier and the storage area identifier; and determining whether to allow the current application to access the target storage area according to the obtained detection result. Therefore, whether the target storage area is an accessible storage area corresponding to the current application or not is judged according to the current application identifier and the identifier of the target storage area to be accessed by the current application, and whether the current application is allowed to access the target storage area or not is further determined, so that the privacy and the safety of data are improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of a hardware structure of a mobile terminal according to an embodiment of the present disclosure;
fig. 2 is a communication network system architecture diagram according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a management method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a management device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a management device according to an embodiment of the present disclosure;
FIG. 6 is a flow chart illustrating the partitioning of a storage area according to an embodiment of the present application;
FIG. 7 is a diagram illustrating an effect of a memory region being divided according to an embodiment of the present application;
FIG. 8 is a schematic flow chart illustrating automatic classification of common storage area data in an embodiment of the present application;
fig. 9 is a schematic flowchart of a management method according to an embodiment of the present application;
fig. 10 is a schematic diagram illustrating an effect of the pop-up box prompt in the embodiment of the present application.
The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings. With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the recitation of an element by the phrase "comprising an … …" does not exclude the presence of additional like elements in the process, method, article, or apparatus that comprises the element, and further, where similarly-named elements, features, or elements in different embodiments of the disclosure may have the same meaning, or may have different meanings, that particular meaning should be determined by their interpretation in the embodiment or further by context with the embodiment.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context. Also, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms "comprises," "comprising," "includes" and/or "including," when used in this specification, specify the presence of stated features, steps, operations, elements, components, items, species, and/or groups, but do not preclude the presence, or addition of one or more other features, steps, operations, elements, components, species, and/or groups thereof. The terms "or" and/or "as used herein are to be construed as inclusive or meaning any one or any combination. Thus, "A, B or C" or "A, B and/or C" means "any of the following: a; b; c; a and B; a and C; b and C; A. b and C ". An exception to this definition will occur only when a combination of elements, functions, steps or operations are inherently mutually exclusive in some way.
It should be understood that, although the steps in the flowcharts in the embodiments of the present application are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least some of the steps in the figures may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, in different orders, and may be performed alternately or at least partially with respect to other steps or sub-steps of other steps.
It should be noted that step numbers such as S301 and S302 are used herein for the purpose of more clearly and briefly describing the corresponding contents, and do not constitute a substantial limitation on the sequence, and those skilled in the art may perform S302 first and then S301 in specific implementation, but these should be within the scope of the present application.
It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for the convenience of description of the present application, and have no specific meaning in themselves. Thus, "module", "component" or "unit" may be used mixedly.
The apparatus may be embodied in various forms. For example, the devices described in the present application may include mobile terminals such as a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a navigation device, a wearable device, a smart band, a pedometer, and the like, and fixed terminals such as a Digital TV, a desktop computer, and the like.
The following description will be given taking a mobile terminal as an example, and it will be understood by those skilled in the art that the configuration according to the embodiment of the present application can be applied to a fixed type terminal in addition to elements particularly used for mobile purposes.
Referring to fig. 1, which is a schematic diagram of a hardware structure of a mobile terminal for implementing various embodiments of the present application, the mobile terminal 100 may include: an RF (Radio Frequency) unit 101, a wireless network module 102, an audio output unit 103, an a/V (audio/video) input unit 104, a sensor 105, a display unit 106, a user input unit 107, an interface unit 108, a memory 109, a processor 110, and a power supply 111. Those skilled in the art will appreciate that the mobile terminal architecture shown in fig. 1 is not intended to be limiting of mobile terminals, which may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following describes each component of the mobile terminal in detail with reference to fig. 1:
the radio frequency unit 101 may be configured to receive and transmit signals during information transmission and reception or during a call, and specifically, receive downlink information of a base station and then process the downlink information to the processor 110; in addition, the uplink data is transmitted to the base station. Typically, radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with a network and other devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA2000(Code Division Multiple Access 2000), WCDMA (Wideband Code Division Multiple Access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access), FDD-LTE (Frequency Division duplex Long Term Evolution), and TDD-LTE (Time Division duplex Long Term Evolution).
The wireless network belongs to the short-distance wireless transmission technology, the mobile terminal can help the user to receive and send e-mails, browse webpages, access streaming media and the like through the wireless network module 102, and wireless broadband internet access is provided for the user. Although fig. 1 shows the wireless network module 102, it is understood that it does not belong to the essential constitution of the mobile terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the wireless network module 102 or stored in the memory 109 into an audio signal and output as sound when the mobile terminal 100 is in a call signal reception mode, a call mode, a recording mode, a voice recognition mode, a broadcast reception mode, or the like. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the mobile terminal 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 103 may include a speaker, a buzzer, and the like.
The a/V input unit 104 is used to receive audio or video signals. The a/V input Unit 104 may include a Graphics Processing Unit (GPU) 1041 and a microphone 1042, the Graphics processor 1041 Processing image data of still pictures or video obtained by an image capturing device (e.g., a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 106. The image frames processed by the graphic processor 1041 may be stored in the memory 109 (or other storage medium) or transmitted via the radio frequency unit 101 or the wireless network module 102. The microphone 1042 may receive sounds (audio data) via the microphone 1042 in a phone call mode, a recording mode, a voice recognition mode, or the like, and may be capable of processing such sounds into audio data. The processed audio (voice) data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 101 in case of a phone call mode. The microphone 1042 may implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated in the course of receiving and transmitting audio signals.
The mobile terminal 100 also includes at least one sensor 105, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that may optionally adjust the brightness of the display panel 1061 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 1061 and/or the backlight when the mobile terminal 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a fingerprint sensor, a pressure sensor, an iris sensor, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.
The display unit 106 is used to display information input by a user or information provided to the user. The Display unit 106 may include a Display panel 1061, and the Display panel 1061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The user input unit 107 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the mobile terminal. Specifically, the user input unit 107 may include a touch panel 1071 and other input devices 1072. The touch panel 1071, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 1071 (e.g., an operation performed by the user on or near the touch panel 1071 using a finger, a stylus, or any other suitable object or accessory), and drive a corresponding connection device according to a predetermined program. The touch panel 1071 may include two parts of a touch detection device and a touch controller. Optionally, the touch detection device detects a touch orientation of a user, detects a signal caused by a touch operation, and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and can receive and execute commands sent by the processor 110. In addition, the touch panel 1071 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 1071, the user input unit 107 may include other input devices 1072. In particular, other input devices 1072 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like, and are not limited to these specific examples.
Further, the touch panel 1071 may cover the display panel 1061, and when the touch panel 1071 detects a touch operation thereon or nearby, the touch panel 1071 transmits the touch operation to the processor 110 to determine the type of the touch event, and then the processor 110 provides a corresponding visual output on the display panel 1061 according to the type of the touch event. Although the touch panel 1071 and the display panel 1061 are shown in fig. 1 as two separate components to implement the input and output functions of the mobile terminal, in some embodiments, the touch panel 1071 and the display panel 1061 may be integrated to implement the input and output functions of the mobile terminal, and is not limited herein.
The interface unit 108 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 108 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal 100 and external devices.
The memory 109 may be used to store software programs as well as various data. The memory 109 may mainly include a program storage area and a data storage area, and optionally, the program storage area may store an operating system, an application program (such as a sound playing function, an image playing function, and the like) required by at least one function, and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 109 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 110 is a control center of the mobile terminal, connects various parts of the entire mobile terminal using various interfaces and lines, and performs various functions of the mobile terminal and processes data by operating or executing software programs and/or modules stored in the memory 109 and calling data stored in the memory 109, thereby performing overall monitoring of the mobile terminal. Processor 110 may include one or at least one processing unit; preferably, the processor 110 may integrate an application processor and a modem processor, optionally, the application processor mainly handles operating systems, user interfaces, application programs, etc., and the modem processor mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110.
The mobile terminal 100 may further include a power supply 111 (e.g., a battery) for supplying power to various components, and preferably, the power supply 111 may be logically connected to the processor 110 via a power management system, so as to manage charging, discharging, and power consumption management functions via the power management system.
Although not shown in fig. 1, the mobile terminal 100 may further include a bluetooth module or the like, which is not described in detail herein.
In order to facilitate understanding of the embodiments of the present application, a communication network system on which the mobile terminal of the present application is based is described below.
Referring to fig. 2, fig. 2 is an architecture diagram of a communication Network system according to an embodiment of the present disclosure, where the communication Network system is an LTE system of a universal mobile telecommunications technology, and the LTE system includes a UE (User Equipment) 201, an E-UTRAN (Evolved UMTS Terrestrial Radio Access Network) 202, an EPC (Evolved Packet Core) 203, and an IP service 204 of an operator, which are in communication connection in sequence.
Specifically, the UE201 may be the terminal 100 described above, and is not described herein again.
The E-UTRAN202 includes eNodeB2021 and other eNodeBs 2022, among others. Alternatively, the eNodeB2021 may be connected with other enodebs 2022 through a backhaul (e.g., X2 interface), the eNodeB2021 is connected to the EPC203, and the eNodeB2021 may provide the UE201 access to the EPC 203.
The EPC203 may include an MME (Mobility Management Entity) 2031, an HSS (Home Subscriber Server) 2032, other MMEs 2033, an SGW (Serving gateway) 2034, a PGW (PDN gateway) 2035, and a PCRF (Policy and Charging Rules Function) 2036, and the like. Optionally, the MME2031 is a control node that handles signaling between the UE201 and the EPC203, providing bearer and connection management. HSS2032 is used to provide registers to manage functions such as home location register (not shown) and holds subscriber specific information about service characteristics, data rates, etc. All user data may be sent through SGW2034, PGW2035 may provide IP address assignment for UE201 and other functions, and PCRF2036 is a policy and charging control policy decision point for traffic data flow and IP bearer resources, which selects and provides available policy and charging control decisions for a policy and charging enforcement function (not shown).
The IP services 204 may include the internet, intranets, IMS (IP Multimedia Subsystem), or other IP services, among others.
Although the LTE system is described as an example, it should be understood by those skilled in the art that the present application is not limited to the LTE system, but may also be applied to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA, and future new network systems.
Based on the above mobile terminal hardware structure and communication network system, various embodiments of the present application are provided.
Referring to fig. 3, for the management method provided in the embodiment of the present application, the management method may be applicable to a situation that application access needs to be managed, the management method may be executed by a management device provided in the embodiment of the present application, the management device may be implemented in a software and/or hardware manner, and in a specific application, the management device may specifically be a terminal, a cloud server, and the like. The terminal may be implemented in various forms, and the terminal described in this embodiment may include a mobile terminal such as a mobile phone, a tablet computer, a notebook computer, a palm computer, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a wearable device, a smart band, a pedometer, and the like. In this embodiment, taking an execution subject of the management method as an example of a terminal, the management method includes the following steps:
step S301: acquiring a current application identifier and an identifier of a target storage area to be accessed by the current application;
here, the current application may be an application generated by the terminal executing a current application program, and the current application identifier is used to uniquely identify an identity of the current application, specifically, may be a full path name of the current application, and may also be an identity assigned to the current application by the terminal. The identifier of the target storage area is used for uniquely identifying the target storage area, and specifically may be a name, a number, and the like of the target storage area. The target storage area is a storage area to be accessed by the current application, namely a storage area which needs to be accessed by the terminal when the current application is operated.
Step S302: detecting whether the storage area identifier corresponding to the current application identifier contains the identifier of the target storage area or not according to the access permission relationship between the set application identifier and the storage area identifier;
here, the access permission relationship may include a binding relationship between different application identifiers and accessible storage area identifiers, and the terminal may obtain all storage area identifiers corresponding to the current application identifier, that is, identifiers of all storage areas accessible by the current application, according to the access permission relationship, and further detect whether the storage area identifier corresponding to the current application identifier includes an identifier of the target storage area, that is, detect whether the target storage area is a storage area accessible by the current application.
It should be noted that, in order to facilitate security management of data of applications, in the embodiment of the present application, a private storage area may be actively allocated to each application separately and a public storage area may be shared, and optionally, the private storage area is accessible only by the respective corresponding application, and the public storage area is accessible by all applications. Therefore, the target storage area may be a private storage area or a public storage area. In an embodiment, before obtaining the identifier of the current application and the identifier of the target storage area to be accessed by the current application, the method may further include: after detecting that a new application is created, newly creating or distributing a private storage area to the new application; optionally, the private storage area is a storage area accessible only to the new application; and establishing and storing an access permission relation between the new application identifier and the private storage area identifier. It can be understood that, when the terminal detects that a new application is created, for example, an installed application program is started for the first time to create a new application, and a private storage area is created for the new application or the created private storage area is allocated to the new application, so that the new application stores resources such as data which the new application needs to keep secret in the private storage area. Meanwhile, in order to facilitate the search of the relationship between each application and the corresponding private storage area, after a private storage area is newly built or allocated for the new application, the allowed access relationship between the new application identifier and the private storage area identifier can be further built and stored, so that the accessible storage area corresponding to the new application can be quickly obtained according to the new application identifier. Furthermore, since some data of at least one application may need to be shared with each other, and these data cannot be stored in its corresponding private storage area, in an embodiment, the method may further include: establishing and storing an allowed access relation between the new application identifier and the created public storage area identifier; optionally, the common storage area is a storage area accessible by each application. Specifically, after detecting that a new application is created, the terminal establishes and stores an allowed access relationship between an identifier of the new application and an identifier of a created public storage area, so as to use the public storage area as an accessible storage area of the new application. Therefore, after the creation of the new application is detected, the private storage area and/or the public storage area are/is distributed for the new application in time, and the privacy and the safety of data are further improved.
Step S303: and determining whether to allow the current application to access the target storage area according to the obtained detection result.
Specifically, when determining that the storage area identifier corresponding to the current application identifier contains the identifier of the target storage area according to the obtained detection result, allowing the current application to access the target storage area; and/or forbidding the current application to access the target storage area when determining that the storage area identifier corresponding to the current application identifier does not contain the identifier of the target storage area according to the obtained detection result.
It can be understood that, when the storage area identifier corresponding to the current application identifier includes the identifier of the target storage area, it indicates that the target storage area is a storage area accessible by the current application, and at this time, the current application may be allowed to access the target storage area; and when the storage area identifier corresponding to the current application identifier does not contain the identifier of the target storage area, it indicates that the target storage area is not a storage area accessible by the current application, and at this time, the current application may be prohibited from accessing the target storage area, so as to avoid data leakage and other behaviors. For example, assuming that a target storage area to be accessed by a current application is a storage area a, if the storage area a is a private storage area of another application, it indicates that the storage area a is not a storage area accessible by the current application, that is, it is necessary to prohibit the current application from accessing the storage area a.
In summary, in the management method provided in the foregoing embodiment, it is determined whether the target storage area is an accessible storage area corresponding to the current application according to the current application identifier and an identifier of the target storage area to be accessed by the current application, so as to determine whether to allow the current application to access the target storage area, thereby improving privacy and security of data.
In an embodiment, after the prohibiting the current application from accessing the target storage area, the method may further include:
sending out an early warning message whether to finish the current application;
and after receiving a confirmation instruction for finishing the current application, closing the current application.
It can be understood that, when the target storage area to be accessed by the current application is not a storage area accessible by the current application, if the target storage area to be accessed by the current application is a private storage area corresponding to a third-party application, at this time, the access behavior of the current application may be considered as an unauthorized access storage area behavior, and in order to prompt a user to stop the unauthorized access storage area behavior in time to avoid problems such as data leakage, an early warning message of whether to end the current application may be sent out, so that the current application is closed after a confirmation instruction of ending the current application is received. Of course, only the warning message that the application is currently unauthorized to access the storage area may be sent. Therefore, when the application unauthorized access storage area is detected, the user is warned to stop the unauthorized access of the storage area in time by giving an early warning to the user in time, and the privacy and the safety of data are further improved.
In an embodiment, the identifier of the target storage area is an identifier of the public storage area, and after allowing the current application to access the target storage area, the method further includes:
acquiring an operation object and an operation to be executed corresponding to the current application;
judging whether the current application has the operation authority of executing the operation to be executed on the operation object;
and determining whether to allow the current application to execute the operation to be executed on the operation object according to the obtained judgment result.
It can be understood that, when the identifier of the target storage area is the identifier of the public storage area, the current application accesses the public storage area, and at this time, the operation object and the operation to be executed corresponding to the current application are obtained. Here, the operation object corresponding to the current application may refer to a data file or the like in the public storage area, where the operation to be executed by the current application is to be executed, and the operation to be executed may refer to any one of writing, deleting, modifying, and viewing. It should be noted that, the current application may perform operations such as writing, deleting, modifying, and viewing on the data file generated in the common storage area, but may only perform a viewing operation on data generated in the common storage area by other applications, and may not perform operations such as deleting and modifying on the data file generated in the common storage area by other applications. The judging whether the current application has the operation authority of executing the operation to be executed on the operation object includes: detecting whether the operation object is the data file generated by the current application in the public storage area, if so, the current application has the operation authority of executing the operation to be executed on the operation object; if the operation object is not the data file generated by the current application in the public storage area, for example, the operation object is the data file generated by other applications in the public storage area, detecting whether the operation to be executed is a check operation, if the operation to be executed is the check operation, the current application has an operation permission for executing the operation to be executed on the operation object, otherwise, the current application does not have the operation permission for executing the operation to be executed on the operation object. Here, the determining whether to allow the current application to perform the operation to be performed on the operation object according to the obtained determination result includes: according to the obtained judgment result, when the current application is allowed to execute the operation to be executed on the operation object, the current application is allowed to execute the operation to be executed on the operation object; and prohibiting the current application from executing the operation to be executed on the operation object when determining that the current application is not allowed to execute the operation to be executed on the operation object according to the obtained judgment result. In addition, after the operation to be executed on the operation object is forbidden to be executed by the current application, a reminding message can be sent out to remind a user of illegal operation behaviors. Therefore, when the current application accesses the public storage area, whether the current application is allowed to execute the operation to be executed on the operation object is determined according to the operation object and the operation to be executed corresponding to the current application, so that the safety management of data is realized, and the privacy and the safety of the data are further improved.
In an embodiment, the operation object is a data file created by the current application and the operation to be executed is a write operation, further comprising: determining the type of data to be written when the current application is allowed to execute the operation to be executed on the operation object; and storing the data to be written into a memory sub-area which is matched with the type of the data to be written in the common memory area.
It is to be appreciated that the common storage area can be efficiently partitioned and automatically classified for improved data management efficiency. In an embodiment, the method further comprises: and dividing the common storage area according to a preset data type so as to divide the common storage area into at least one storage sub-area corresponding to the preset data type. Here, the preset data type may include a picture, a video, a document, and the like, and the common storage area may be divided into a picture storage sub-area, a video storage sub-area, a document storage sub-area, and the like according to the data type. Therefore, the efficient performance of subsequent management is improved by effectively dividing the resources of the public storage area.
Here, when the current application needs to write into the data file created by the current application in the common storage area, the type of data to be written may be obtained first, then the storage sub-area in the common storage area, which is matched with the type of the data to be written, is determined according to the type of the data to be written, and then the data to be written is stored in the storage sub-area in the common storage area, which is matched with the type of the data to be written. Therefore, the data are distributed to the corresponding memory sub-regions to form automatic classification memory, and the efficiency of subsequent management is improved.
Based on the same application concept of the foregoing embodiments, an embodiment of the present application provides a management apparatus, as shown in fig. 4, the apparatus including: a processor 410 and a memory 411 for storing computer programs capable of running on the processor 410; alternatively, the processor 410 illustrated in fig. 4 is not used to refer to the number of the processors 410 as one, but is only used to refer to the position relationship of the processor 410 relative to other devices, and in practical applications, the number of the processors 410 may be one or more; similarly, the memory 411 illustrated in fig. 4 is also used in the same sense, that is, it is only used to refer to the position relationship of the memory 411 with respect to other devices, and in practical applications, the number of the memory 411 may be one or more. The processor 410 is configured to implement any of the management methods described above when running the computer program.
The apparatus may further comprise: at least one network interface 412. The various components of the device are coupled together by a bus system 413. It is understood that the bus system 413 is used to enable connection communication between these components. The bus system 413 comprises, in addition to the data bus, a power bus, a control bus and a status signal bus. For clarity of illustration, however, the various buses are labeled as bus system 413 in FIG. 4.
Alternatively, memory 411 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Alternatively, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a magnetic random access Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), Synchronous Dynamic Random Access Memory (SLDRAM), Direct Memory (DRmb Access), and Random Access Memory (DRAM). The memory 411 described in embodiments herein is intended to comprise, without being limited to, these and any other suitable types of memory.
The memory 411 in the embodiment of the present application is used to store various types of data to support the operation of the apparatus. Examples of such data include: any computer program for operating on the device, such as operating systems and application programs; contact data; telephone book data; a message; a picture; video, etc. Optionally, the operating system contains various system programs, such as a framework layer, a core library layer, a driver layer, etc., for implementing various underlying services and handling hardware-based tasks. The application programs may include various application programs such as a Media Player (Media Player), a Browser (Browser), etc. for implementing various application services. Here, the program that implements the method of the embodiment of the present application may be included in an application program.
The present application further provides an apparatus, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the management method as described above.
The present application also provides a computer storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the management method as described above.
Embodiments of the present application further provide a computer program product, which includes computer program code, when the computer program code runs on a computer, the computer is caused to execute the management method as described in the above various possible embodiments.
An embodiment of the present application further provides a chip, which includes a memory and a processor, where the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that a device in which the chip is installed executes the management method described in the above various possible embodiments.
Based on the same application concept of the foregoing embodiments, the present embodiment describes in detail the technical solutions of the foregoing embodiments by a specific example. Referring to fig. 5, a specific structural diagram of the management device provided in this embodiment of the present application includes a storage access module 401, a storage management module 402, and an unauthorized warning module 403, where optionally, an application accesses its own private storage area and public storage area through the storage access module 401, the storage management module 402 divides each application into an independent private storage area and a unified public storage area, and subdivides the public storage area, and simultaneously actively identifies and blocks an unauthorized access behavior, and notifies the unauthorized warning module 403 to prompt a user, and the unauthorized warning module 403 is responsible for popping up a box to remind the user that an application has an unauthorized access behavior.
Based on the same application concept of the foregoing embodiments, referring to fig. 6, a schematic flow chart of memory area division in the embodiment of the present application includes the following steps:
step S501: the storage access module detects that a system starts an application program;
step S502: the storage management module allocates an independent private storage area for each application;
here, each application has its own private storage area, and when accessing its own private storage area, the add/delete modify and check operation can be freely performed, but the application cannot access the private storage areas of other applications.
Step S503: the storage management module allocates a uniform public storage area for all applications;
here, when accessing the common storage area, the application cannot delete and modify the file generated in the common storage area by other applications, and the file generated by itself can be modified arbitrarily.
Step S504: and the storage management module subdivides the common storage area.
Here, the memory management module subdivides the common memory region, including but not limited to dividing the common memory region into a picture memory sub-region, a media memory sub-region, a document memory sub-region, and the like. Optionally, the picture storage sub-region is used for storing picture data, the media storage sub-region is used for storing audio and video data, and the document storage sub-region is used for storing document data. Referring to fig. 7, which is a schematic diagram illustrating an effect after a storage area is divided in the embodiment of the present application, for four applications, such as an application a, an application B, an application C, and an application D, respective private storage areas correspond to the four applications respectively; for the common memory area, it can be divided into at least one memory sub-area including pictures, videos, documents, etc.
Based on the same application concept of the foregoing embodiment, referring to fig. 8, a schematic flow chart of automatically classifying data in a common storage area in the embodiment of the present application includes the following steps:
step S601: the storage access module detects that the application accesses the public storage area;
here, the storage access module detects that the application accesses the common storage area when the application writes data to the common storage area through the storage access module.
Step S602: the storage management module identifies the file type to be stored in the public storage area;
here, the storage management module may identify a file type, such as a picture type, a document type, a video audio type, or the like, by a file suffix name or file header data, or the like.
Step S603: and the storage management module automatically classifies and stores the data according to the file types.
Here, the storage management module assigns the identified files to fixed directories, forming an automatic classification storage, such as storing picture types in a picture area, document types in a document area, video and audio in a media area, and the like.
Based on the same application concept of the foregoing embodiments, referring to fig. 9, a specific flowchart of the management method provided by the embodiments of the present application is schematically illustrated, and the method includes the following steps:
step S701: the storage access module detects that an application accesses a storage area;
step S702: the storage management module judges whether the application accesses the private storage area of the application, if so, step S707 is executed, otherwise, step S703 is executed;
step S703: the storage management module judges whether the application accesses the public storage area, if so, step S707 is executed, otherwise, step S704 is executed;
step S704: the storage management module prevents the application from accessing the storage area;
step S705: the storage management module informs the override early warning module to give an alarm;
step S706: the unauthorized early warning module prompts the user application to have unauthorized access behavior;
step S707: the storage management module allows normal access by applications.
Specifically, when the application accesses the storage area through the storage access module, such as: the method comprises the steps that a document program reads and writes a document, a camera program generates a picture, a video program generates a video and the like, a storage management module judges whether application access is a private storage area of the storage management module, and if the application accesses the private storage area of the storage management module, the application is allowed to normally access; if the application accesses the private storage area, the storage management module judges whether the application accesses the public storage area, and if the application accesses the public storage area, the application is allowed to normally access; if the application accesses the private storage area of other applications, the storage management module prevents the application from accessing the storage area and informs the override early warning module, and the override early warning module pops up a frame to prompt that the XXX application has the override access to the storage area, and informs a user that the risk of data theft exists and the like. Here, the schematic diagram of the effect of the unauthorized warning module performing the pop-up box prompt is shown in fig. 10, and the user can select whether to stop the application or keep the operation in the pop-up box.
In summary, after the application is created, the storage management module automatically divides a private storage area for the application, the private storage area can only be managed by the application itself (such as addition, deletion, modification and check), and other applications cannot manage the private storage area. The application can also access the public storage area, but the storage data of other applications in the public area cannot be tampered, the storage data of other applications in the public area can only be read, or the storage data of the application in the public area is written and deleted, so that the privacy and the safety of the storage data in the private area and the public area are guaranteed. In addition, the public storage area is effectively divided and automatically classified, and public directory resources are efficiently managed. And when the application access is found not to belong to the private storage area of the user, the access is actively prevented, the risk that the application is unauthorized to access the stored data is prompted to exist in time through the popup frame early warning, the user can stop the application operation or unload the related harmful application at the first time, and the privacy safety of the user is guaranteed.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application.

Claims (10)

1. A method of management, comprising:
acquiring a current application identifier and an identifier of a target storage area to be accessed by the current application;
detecting whether the storage area identifier corresponding to the current application identifier contains the identifier of the target storage area or not according to the access permission relationship between the set application identifier and the storage area identifier;
and determining whether to allow the current application to access the target storage area according to the obtained detection result.
2. The method of claim 1, wherein the determining whether to allow the current application to access the target storage area according to the obtained detection result comprises:
when determining that the storage area identifier corresponding to the current application identifier contains the identifier of the target storage area according to the obtained detection result, allowing the current application to access the target storage area; and/or the presence of a gas in the gas,
and when determining that the storage area identifier corresponding to the current application identifier does not contain the identifier of the target storage area according to the obtained detection result, forbidding the current application to access the target storage area.
3. The method of claim 2, wherein after prohibiting the current application from accessing a target storage area, further comprising:
sending out an early warning message whether to finish the current application;
and after receiving a confirmation instruction for finishing the current application, closing the current application.
4. The method according to any one of claims 1 to 3, wherein before the obtaining of the current application identification and the identification of the target storage area to be accessed by the current application, further comprising:
after detecting that a new application is created, newly creating or distributing a private storage area to the new application;
and establishing and storing an access permission relation between the new application identifier and the private storage area identifier.
5. The method of claim 4, further comprising:
and establishing and storing the allowed access relation between the new application identification and the created public storage area identification.
6. The method of claim 5, wherein the identification of the target storage area is an identification of the common storage area, and wherein after allowing the current application to access the target storage area, further comprising:
acquiring an operation object and an operation to be executed corresponding to the current application;
judging whether the current application has the operation authority of executing the operation to be executed on the operation object;
and determining whether to allow the current application to execute the operation to be executed on the operation object according to the obtained judgment result.
7. The method of claim 6, wherein the operation object is a data file created by the current application and the operation to be performed is a write operation, further comprising:
determining the type of data to be written when the current application is allowed to execute the operation to be executed on the operation object;
and storing the data to be written into a memory sub-area which is matched with the type of the data to be written in the common memory area.
8. The method of claim 7, further comprising:
and dividing the common storage area according to a preset data type so as to divide the common storage area into at least one storage sub-area corresponding to the preset data type.
9. A management device, comprising: a processor and a memory for storing a computer program capable of running on the processor,
optionally, the processor, when running the computer program, implements the management method of any one of claims 1 to 8.
10. A computer storage medium, characterized in that a computer program is stored which, when executed by a processor, implements the management method according to any one of claims 1 to 8.
CN202011093638.6A 2020-10-14 2020-10-14 Management method, management device and computer storage medium Pending CN112347503A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011093638.6A CN112347503A (en) 2020-10-14 2020-10-14 Management method, management device and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011093638.6A CN112347503A (en) 2020-10-14 2020-10-14 Management method, management device and computer storage medium

Publications (1)

Publication Number Publication Date
CN112347503A true CN112347503A (en) 2021-02-09

Family

ID=74360687

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011093638.6A Pending CN112347503A (en) 2020-10-14 2020-10-14 Management method, management device and computer storage medium

Country Status (1)

Country Link
CN (1) CN112347503A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113791733A (en) * 2021-09-06 2021-12-14 青岛中科曙光科技服务有限公司 Information storage method, device, equipment and storage medium
CN114201418A (en) * 2021-12-13 2022-03-18 珠海格力电器股份有限公司 Data access method and device, electronic equipment and storage medium
CN115829337A (en) * 2023-02-23 2023-03-21 南京和电科技有限公司 Storage area risk early warning method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113791733A (en) * 2021-09-06 2021-12-14 青岛中科曙光科技服务有限公司 Information storage method, device, equipment and storage medium
CN114201418A (en) * 2021-12-13 2022-03-18 珠海格力电器股份有限公司 Data access method and device, electronic equipment and storage medium
CN114201418B (en) * 2021-12-13 2024-05-03 珠海格力电器股份有限公司 Data access method, device, electronic equipment and storage medium
CN115829337A (en) * 2023-02-23 2023-03-21 南京和电科技有限公司 Storage area risk early warning method and system
CN115829337B (en) * 2023-02-23 2023-08-04 南京和电科技有限公司 Storage area risk early warning method and system

Similar Documents

Publication Publication Date Title
CN112347503A (en) Management method, management device and computer storage medium
CN109472157B (en) Application data storage method, mobile terminal and computer storage medium
CN107563158B (en) Method, device and computer readable storage medium for displaying hidden application icon
CN108012270B (en) Information processing method, equipment and computer readable storage medium
CN107194217B (en) User data access control method, apparatus and computer-readable storage medium
CN113268298A (en) Application display method, mobile terminal and readable storage medium
CN107622213A (en) A kind of data access method, terminal and computer-readable recording medium
CN113094670A (en) Privacy protection method, terminal and storage medium
CN114065278A (en) Authority control method, intelligent terminal and storage medium
CN112464208B (en) File access method, mobile terminal and computer readable storage medium
CN107168747B (en) Method and device for distinguishing mobile terminal configuration and computer readable storage medium
CN112163194A (en) Authorization method of application permission, mobile terminal and computer storage medium
CN109409081B (en) Permission setting method, mobile terminal and computer storage medium
CN108900696B (en) Data processing method, terminal and computer readable storage medium
CN108108054B (en) Method, apparatus and computer-readable storage medium for predicting user sliding operation
CN115617293A (en) Data processing method, source end screen projection equipment and storage medium
CN112347505A (en) Data protection method and device and computer storage medium
CN112597476B (en) Application authority management method, device, terminal and storage medium
CN109710125B (en) Application control method, terminal and computer readable storage medium
CN112363988A (en) File sharing method, mobile terminal and storage medium
CN114125851B (en) Information processing method, mobile terminal and readable storage medium
CN108280333A (en) A kind of user right determines method, terminal device and computer storage media
CN109451176B (en) Application icon state switching method, terminal and computer storage medium
CN113626804A (en) Application program processing method, mobile terminal and storage medium
CN114416680A (en) Lightweight storage optimization method and device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination