CN113032830A - Electronic equipment control method and device and electronic equipment - Google Patents

Electronic equipment control method and device and electronic equipment Download PDF

Info

Publication number
CN113032830A
CN113032830A CN202110327790.4A CN202110327790A CN113032830A CN 113032830 A CN113032830 A CN 113032830A CN 202110327790 A CN202110327790 A CN 202110327790A CN 113032830 A CN113032830 A CN 113032830A
Authority
CN
China
Prior art keywords
application
file
target
storage directory
label
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110327790.4A
Other languages
Chinese (zh)
Inventor
李志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Youzhuju Network Technology Co Ltd
Original Assignee
Beijing Youzhuju Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Youzhuju Network Technology Co Ltd filed Critical Beijing Youzhuju Network Technology Co Ltd
Priority to CN202110327790.4A priority Critical patent/CN113032830A/en
Publication of CN113032830A publication Critical patent/CN113032830A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/172Caching, prefetching or hoarding of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure discloses an electronic equipment control method and device and electronic equipment. One embodiment of the method comprises: in response to receiving an operation request of an application for executing target operation on a target file in a user data storage area, determining whether the application has operation authority or not based on the type of the application and a label of the target file; and responding to the fact that the application has the operation authority, and agreeing to the application to execute target operation on the target file. The implementation mode can reduce damage of the application to the file in the user data storage area.

Description

Electronic equipment control method and device and electronic equipment
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to an electronic device control method and device and an electronic device.
Background
In practical applications, user data may be stored on the electronic device. The user data may be, for example, files such as pictures, documents, etc.
Generally, an Application (APP) for realizing various functions may be installed on an electronic device. These APPs, while performing some functions, may manipulate user data stored on the electronic device.
Disclosure of Invention
This disclosure is provided to introduce concepts in a simplified form that are further described below in the detailed description. This disclosure is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
The embodiment of the disclosure provides an electronic device control method and device and an electronic device, which can reduce the possibility that an application installed on a terminal device damages locally stored user data.
In a first aspect, an embodiment of the present disclosure provides an electronic device control method, including: in response to receiving an operation request of an application for executing target operation on a target file in a user data storage area, determining whether the application has operation authority or not based on the type of the application and a label of the target file; and responding to the fact that the application has the operation authority, and agreeing to the application to execute target operation on the target file.
In a second aspect, an embodiment of the present disclosure provides an electronic device control apparatus, including: a determining unit, configured to determine, in response to receiving an operation request for an application to perform a target operation on a target file in a user data storage area, whether the application has an operation authority based on a type to which the application belongs and a tag of the target file; and the agreement unit is used for responding to the fact that the application has the operation authority and agreeing to the application to execute the target operation on the target file.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including: one or more processors; storage means for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the electronic device control method according to the first aspect.
In a fourth aspect, an embodiment of the present disclosure provides a computer-readable medium, on which a computer program is stored, which when executed by a processor, implements the steps of the electronic device control method according to the first aspect.
According to the electronic device control method and device and the electronic device provided by the embodiment of the disclosure, if an operation request for executing a target operation on a target file in a user data storage area by an application is received, whether the application has an operation authority or not can be determined based on the type of the application and the tag of the target file, and further, if the application has the operation authority, the application can be agreed to execute the target operation on the target file. Therefore, when the application requests to execute the target operation on the target file, the type of the application and the label of the target file are combined to determine whether the application has the operation authority. On one hand, the application can more specifically execute the operation on the file in the user data storage area. On the other hand, damage of the application to the file in the user data storage area can be more effectively reduced.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
Fig. 1 is a flow diagram of some embodiments of an electronic device control method according to the present disclosure;
fig. 2 is a flow diagram of some embodiments of an electronic device control method according to the present disclosure;
FIG. 3 is a flow chart of some embodiments of an electronic device control method according to the present disclosure;
fig. 4A, 4B are flow diagrams of some embodiments of electronic device control methods according to the present disclosure;
FIG. 5 is a schematic block diagram of some embodiments of an electronic device control apparatus according to the present disclosure;
FIG. 6 is an exemplary system architecture to which the electronic device control methods of some embodiments of the present disclosure may be applied;
fig. 7 is a schematic diagram of a basic structure of an electronic device provided in accordance with some embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
Referring to fig. 1, a flow diagram of some embodiments of an electronic device control method according to the present disclosure is shown. As shown in fig. 1, the electronic device control method includes the following steps:
step 101, in response to receiving an operation request of an application for executing a target operation on a target file in a user data storage area, determining whether the application has an operation authority based on a type to which the application belongs and a tag of the target file.
In the present embodiment, an execution subject of the electronic device control method (e.g., the terminal device 601 shown in fig. 6) may receive an operation request by which an application executes a target operation on a target file in a user data storage area.
The Application may be any Application (App) installed in the execution.
The user data storage area may be a storage area for storing user data. In practical applications, the user data storage area may be provided by various storage media. For example, the Storage medium may be provided by UFS (Universal Flash Storage), EMMC (Embedded multimedia Media Card), SDcard (Secure Digital Memory Card), or the like. It should be noted that various files such as pictures, videos, audios, texts of the user can be stored in the user data storage area.
The target file may be any file that the application requests to perform the target operation. The target operation may include a read operation and/or a write operation.
In this embodiment, in response to receiving the operation request, the execution main body may determine whether the application has an operation authority based on the type to which the application belongs and the tag of the target file.
The types of applications may be divided according to specific needs.
The files stored in the user data storage area may each have a tag. The tags of the file are used to describe some properties of the file.
In some scenarios, the execution subject may determine the number of times an application of the type described above performs an operation on a file having the tag for a predetermined length of time. In response to the determined number of times being less than the preset number of times, the execution main body may determine that the application has the operation authority. Accordingly, in response to the determined number of times being greater than or equal to a preset number of times, the execution main body may determine that the application does not have the operation authority.
And 102, responding to the fact that the application has the operation authority, and agreeing to the application to execute target operation on the target file.
In this embodiment, in response to the application having the operation authority, the execution subject may agree with the application to execute the target operation on the target file. Further, the application may perform a target operation on the target file.
In the related art, when an application performs an operation on user data, the application is directly agreed to perform the operation on the user data. Thus, the modification, the false deletion, and the like of the user data by the application may be caused.
In the present embodiment, when an application requests to perform a target operation on a target file in a user data storage area, it is determined whether the application has an operation authority in combination with the type of the application and the tag of the target file. Further, the application is agreed to execute the target operation on the target file on the premise that the application has the operation authority. On one hand, the application can more specifically execute the operation on the file in the user data storage area. On the other hand, damage of the application to the file in the user data storage area can be more effectively reduced.
In some embodiments, the user data storage area is pre-divided into a first storage directory, a second storage directory, and a third storage directory. The first storage directory is provided with a read-write permission tag used for limiting read operation and/or write operation of the application, and the second storage directory is provided with a write-permission tag used for limiting write operation of the application.
The read-write permission tag may be a tag for describing restrictions on read operations and write operations. The write permission tag may be a tag for describing restriction on the write operation.
In practical application, the read operation and/or the write operation of the application to the file in the first storage directory can be limited by reading and writing the permission label. By writing the permission tag, the writing operation of the application to the file in the second storage directory can be restricted.
In some embodiments, the execution subject may execute the steps in the flow shown in fig. 2, where the flow includes step 201.
Step 201, for each file in the third storage directory, in response to the locking operation of the file, executing the first tag updating step. The first tag update step includes step 2011 and step 2012.
Step 2011 moves the file from the third storage directory to the target storage directory.
The target storage directory is either the first storage directory or the second storage directory.
The locking operation is various operations for locking a file, and can be set according to actual requirements. In some scenarios, the locking operation may be a triggering operation performed by a user on a locking control. The locking control may be exposed in response to a predetermined operation (e.g., a long press, double click, etc.) performed by the user on the file.
In practical applications, the file is moved to the first storage directory or the second storage directory, which may be determined according to a locking operation performed by a user. In some scenarios, if a locking control that a user performs a trigger operation is used to lock a read operation and a write operation of a file, the file is moved to the first storage directory. And if the locking control which is used for executing the trigger operation by the user is used for locking the write operation of the file, the file is moved to the second storage directory.
Step 2012, the tag of the file is updated to the permission tag set for the target storage directory.
In some scenarios, after the location of a file in the user data storage area has moved, the tag of the file remains the tag set for the storage directory in which the file was located before its moved location. Therefore, after the location of the file in the user data storage area is moved, the tag of the file needs to be updated to the tag set for the storage directory in which the file is located after the location is moved.
Thus, when a user performs a locking operation on a file in the third storage directory, by moving the file to the first storage directory, a read operation and/or a write operation of the application on the file may be restricted. Similarly, by moving the file to the second storage directory, the write operation of the application to the file may be restricted.
In some embodiments, the executing main body may execute the step 2011 in the following manner.
First, the user is prompted to enter an authentication password.
And secondly, in response to the fact that the authentication password input by the user is the same as the preset authentication password, the file is moved from the third storage directory to the target storage directory.
Therefore, when the user performs a locking operation on the file in the third storage directory, it is necessary to determine whether the authentication password input by the user is correct. Further, the file can be moved to the first storage directory or the second storage directory only when the verification password input by the user is correct. Thus, the limitation of the application on the read operation and/or the write operation of the file can be added more safely.
In some embodiments, the execution body may execute step 2012 above in the following manner.
Specifically, in response to satisfaction of the tag update condition, the tag of the file is updated to the authority tag set for the target storage directory.
Thus, after a file is moved from the third storage directory to the first storage directory or the second storage directory, when the tag update condition is satisfied, the tag of the file can be updated to the tag set for the first storage directory or the second storage directory. Therefore, the method can adapt to the scene of updating the label of the file at various occasions.
In some embodiments, the execution body may further execute the steps in the flow shown in fig. 3, where the flow includes step 301.
Step 301, for each file in the target storage directory, in response to the unlocking operation of the file, executing a second tag updating step. The second tag updating step includes step 3011 and step 3012.
Step 3011, move the file from the target storage directory to a third storage directory.
The unlocking operation is various operations for unlocking a file. In some scenarios, the unlock operation may be a trigger operation performed by a user on an unlock control. The unlock control may be exposed in response to a predetermined operation (e.g., a long press, double click, etc.) performed by the user on the file.
Step 3012, update the tag of the file to the tag set for the third storage directory.
Therefore, when a user performs an unlocking operation on a certain file in the first storage directory or the second storage directory, the file is moved to the third storage directory, and the label of the file is updated, so that the limitation of the application on the reading operation and/or the writing operation of the file is released.
In some embodiments, the executing agent may execute step 3011 as follows.
First, the user is prompted to enter an authentication password.
And secondly, in response to the fact that the verification password input by the user is the same as the preset verification password, the file is moved from the target storage directory to a third storage directory.
Therefore, when the user performs an unlocking operation on the file in the target storage directory, it is necessary to determine whether the verification password input by the user is correct. Further, the file can be moved to the third storage directory only when the authentication password input by the user is correct. This makes it possible to more securely release the restriction of the application on the read operation and/or write operation of the file.
In some embodiments, the executing agent may execute step 3012 as follows.
Specifically, in response to satisfaction of the tag update condition, the authority tag of the file is updated to the tag set for the third storage directory.
Thus, after the file is moved from the target storage directory to the third storage directory, when the tag update condition is satisfied, the tag of the file can be updated to the tag set for the third storage directory. Therefore, the method can adapt to the scene of updating the label of the file at various occasions.
Optionally, the tag update condition includes at least one of: detecting execution of a tag refresh command; a reboot of the operating system is detected.
The tag refresh command may be a command for refreshing a tag of a file. Typically, the tag refresh command is provided by the operating system. For example, the tag refresh command may be a "restore command".
Thus, after the location of the file in the user data storage area has moved, the tag of the file is updated by executing a tag refresh command or restarting the operating system.
In some embodiments, the user data store is a child of the system data store. The system data storage area may be a storage area for storing data required by the operating system.
At this time, the execution agent may set the authority tags of the first storage directory and the second storage directory in the following manner.
Specifically, setting an authority tag of a first storage directory aiming at a storage path of the first storage directory under a system data storage area; and setting the authority label of the second storage directory aiming at the storage path of the second storage directory under the system data storage area.
For example, the storage path of the first storage directory under the user data storage area is "/sdcard/aaa/xxx", and the storage directory under the system data storage area is "/data/media/0/aaa/xxx". At this time, tag information of the first memory directory may be set for the memory path "/data/media/0/aaa/xxx".
Similarly, the permission label of the second storage directory may be set for the storage path of the second storage directory under the system data storage area in a similar manner, which is not illustrated here.
Therefore, when the user data storage area is a sub storage area of the system data storage area, the authority tag of the target storage directory can be set aiming at the storage path of the target storage directory under the system data storage area. Thus, the flexibility of the authority tag of the target storage directory can be set more flexibly.
In some embodiments, the executing entity may execute the step 101 according to a flow shown in fig. 4A, where the flow includes the step 401.
Step 401, in response to that the tag of the target file is not the read-write permission tag or the write permission tag, determining that the application has the operation permission.
Therefore, when the label of the target file is not the authority label (the read-write authority label or the write authority label), after receiving the operation request of the application, the application is allowed to execute the target operation on the target file.
In some scenarios, the file in the third storage directory has a tag that is not a permission tag (read-write permission tag or write permission tag). At this time, when the target file is a file in the third storage directory, after receiving the operation request of the application, the application is granted to perform the target operation on the target file.
In some embodiments, the executing entity may execute the step 101 according to a flow shown in fig. 4B, where the flow includes a step 402 and a step 403.
Step 402, in response to that the tag of the target file is a read-write permission tag or a write-permission tag, determining at least one operation that the application has permission to the file with the tag based on the type to which the application belongs.
In some scenarios, at least one operation for which an application has permission to a file having a different tag is preset depending on the type of the application. Thus, the execution subject may determine, according to a preset, at least one operation that the application has authority to the file having the tag (i.e., the tag of the target file).
And step 403, in response to that the at least one operation includes a target operation, determining that the application has an operation authority.
In some embodiments, the flow shown in fig. 4B may further include step 404.
And step 404, in response to that the at least one operation does not include the target operation, determining that the application does not have the operation authority.
Therefore, when the label of the target file is the authority label, whether the target operation belongs to the operation of the application having the authority on the target file needs to be determined, and the application is not directly agreed to execute the target operation on the target file. Further, when the target operation is an operation which the application has authority to the target file, the application is agreed to execute the target operation on the target file. And when the target operation is not the operation of the application which has the authority on the target file, the application is not agreed to execute the target operation on the target file.
In some scenarios, the tags that the files in the first storage directory or the second storage directory have are permission tags. At this time, when the target file is a file in the first storage directory or the second storage directory, whether the application is permitted to execute the target operation on the target file is determined according to whether the target operation belongs to the operation of the application which has the authority on the target file.
In some embodiments, the execution body may further perform the following steps.
Specifically, in response to that the application does not have the operation authority, returning no-authority prompt information to the application.
The non-permission prompt message may be a prompt message for characterizing that the application does not have the operation permission.
In some scenarios, the application may present the non-permission hint information. At this time, the user can know that the application does not have the authority to perform the target operation on the target file.
Therefore, when the application does not have the operation authority, the user is prompted that the application does not have the operation authority through the no-authority prompting information.
In some embodiments, the types of applications include a first type, a second type, and a third type. The first type of application has a system signature and a system authority, the second type of application has a system signature and does not have a system authority, and the third type of application does not have a system signature and a system authority.
The system signature may be a signature provided by the operating system to the application. The system privilege may be a privilege that the operating system grants to the application.
In practical applications, applications with system authority and/or system signatures are verified in advance and have certain credibility. And, the priority of the system authority is higher than that of the system signature. It can be seen that the trustworthiness decreases for the first type of application, the second type of application, and the third type of application in order.
Thus, application categories are divided into a first type, a second type and a third type according to the credibility of the application. Therefore, when the application requests to execute the target operation on the target file, whether the application has the operation authority or not can be determined according to the reliability of the application. Therefore, the safety of the application operating the file in the user data storage area can be further improved. In some embodiments, the first type of application has read and write access to files with arbitrary tags in the user data storage area; the second type of application has read operation permission on files with read-write permission labels and write permission labels in the user data storage area, and has read operation permission and write operation permission on files with other labels in the user data storage area; and the third type of application has the read operation permission on the file with the write permission label and has the read operation permission and the write operation permission on the file with other labels.
The other label may be any label that is distinct from the rights label. That is, the other tag is any tag that is not used to characterize the rights of a read operation and/or a write operation.
In some scenarios, if the application is of the first type, the operations that the application has permission to perform on the target file include a read operation and a write operation.
In some scenarios, if the application belongs to the second type and the target file has a read-write permission tag or a write-permission tag, the operation of the application that has permission to the target file includes a read operation. If the application belongs to the second type and the target file has other tags, the operation of the application which has authority to the target file comprises a read operation and a write operation.
In some scenarios, if the application is of the third type and the target file has a write permission tag, the operation that the application has permission to the target file includes a read operation. If the application belongs to the third type and the target file has other tags, the operation of the application which has authority to the target file comprises a read operation and a write operation.
With further reference to fig. 5, as an implementation of the methods shown in the above figures, the present disclosure provides some embodiments of an electronic device control apparatus, which correspond to the method embodiment shown in fig. 1, and which may be specifically applied to various electronic devices.
As shown in fig. 5, the electronic device control apparatus of the present embodiment includes a determination unit 501 and an agreement unit 502. The determination unit 501 is configured to: and in response to receiving an operation request of an application for executing a target operation on a target file in the user data storage area, determining whether the application has an operation authority or not based on the type to which the application belongs and the label of the target file. The consent unit 502 is used to: and responding to the fact that the application has the operation authority, and agreeing to the application to execute target operation on the target file.
In this embodiment, specific processing of the determining unit 501 and the agreeing unit 502 of the electronic device control apparatus and technical effects thereof may refer to related descriptions of step 101 and step 102 in the corresponding embodiment of fig. 1, which are not described herein again.
In some embodiments, the user data storage area is pre-divided into a first storage directory, a second storage directory and a third storage directory, the first storage directory is provided with a read-write permission tag for limiting read operation and/or write operation of the application, and the second storage directory is provided with a write permission tag for limiting write operation of the application.
In some embodiments, the electronic device control apparatus further includes a first execution unit (not shown in the figure). The first execution unit is to: for each file in the third storage directory, in response to a locking operation for the file, performing a first tag updating step: moving the file from the third storage directory to a target storage directory, wherein the target storage directory is the first storage directory or the second storage directory; and updating the label of the file into a permission label set for the target storage directory.
In some embodiments, the user data store is a child of the system data store. The electronic device control apparatus further includes a setting unit (not shown in the drawings). The setting unit is used for: setting an authority label of a first storage directory aiming at a storage path of the first storage directory under a system data storage area; and setting the authority label of the second storage directory aiming at the storage path of the second storage directory under the system data storage area.
In some embodiments, the determining unit 501 is further configured to: and determining that the application has the operation authority in response to the fact that the label of the target file is not the read-write authority label or the write authority label.
In some embodiments, the determining unit 501 is further configured to: responding to that the label of the target file is a read-write permission label or a write-permission label, and determining at least one operation of the application having permission on the file with the label based on the type of the application; and determining that the application has the operation authority in response to the at least one operation comprising a target operation.
In some embodiments, the determining unit 501 is further configured to: and determining that the application does not have the operation authority in response to the at least one operation not including the target operation.
In some embodiments, the electronic device control apparatus further includes a return unit (not shown in the drawings). The return unit is used for: and returning no-permission prompt information to the application in response to the fact that the application does not have the operation permission.
In some embodiments, the types of applications include a first type, a second type, and a third type, wherein the first type of application has a system signature and system permissions, the second type of application has a system signature and does not have system permissions, and the third type of application does not have a system signature and system permissions.
In some embodiments, the first type of application has read and write access to files with arbitrary tags in the user data storage area; the second type of application has read operation permission on files with read-write permission labels and write permission labels in the user data storage area, and has read operation permission and write operation permission on files with other labels in the user data storage area; and the third type of application has the read operation permission on the file with the write permission label and has the read operation permission and the write operation permission on the file with other labels.
In some embodiments, the electronic device control apparatus further includes a second execution unit (not shown in the figure). The second execution unit is to: for each file in the target storage directory, in response to the unlocking operation of the file, executing a second tag updating step: moving the file from a target storage directory to a third storage directory, wherein the target storage directory is a first storage directory or a second storage directory; the tag of the file is updated to the tag set for the third storage directory.
In some embodiments, the second execution unit is further to: prompting the user to input an authentication password; and in response to the authentication password input by the user being the same as the preset authentication password, moving the file from the target storage directory to the third storage directory.
In some embodiments, the second execution unit is further to: and updating the authority label of the file to a label set for the third storage directory in response to the label updating condition being satisfied.
In some embodiments, the first execution unit is further to: prompting the user to input an authentication password; and in response to the authentication password input by the user being the same as the preset authentication password, moving the file from the third storage directory to the target storage directory.
In some embodiments, the first execution unit is further to: and in response to the label updating condition being met, updating the label of the file to the permission label set for the target storage directory.
In some embodiments, the tag update condition includes at least one of: detecting execution of a tag refresh command; a reboot of the operating system is detected.
With further reference to fig. 6, fig. 6 illustrates an exemplary system architecture to which the electronic device control methods of some embodiments of the present disclosure may be applied.
As shown in fig. 6, the system architecture may include an electronic device 601, wherein an application 602 is installed on the electronic device 601, and a user data storage 603 is provided.
The application 602 may be an application for implementing various functions. For example, the application 602 may be a shopping-type application, a search-type application, a social-type application, and so forth. In some scenarios, the application 602 may operate on files in the user data store 603. The files in the user data storage 603 may be, for example, text, video, audio, images, and so forth.
The electronic device 601 may be a terminal device or a server.
If the electronic device 601 is a terminal device, it may be hardware or software. When the terminal device is hardware, it may be various electronic devices having a display screen and supporting information interaction, including but not limited to a smart phone, a tablet computer, a laptop portable computer, a desktop computer, and the like. When the terminal device is software, the terminal device can be installed in the electronic devices listed above. It may be implemented as multiple pieces of software or software modules, or as a single piece of software or software module. And is not particularly limited herein.
If the electronic device 601 is a server, it may be hardware or software. When the server is hardware, it may be implemented as a distributed server cluster formed by multiple servers, or may be implemented as a single server. When the server is software, it may be implemented as multiple pieces of software or software modules (e.g., multiple pieces of software or software modules used to provide distributed services), or as a single piece of software or software module. And is not particularly limited herein.
In some scenarios, in response to receiving an operation request for the application 602 to perform a target operation on a target file in the user data storage 603, the electronic device 601 may determine whether the application 602 has an operation right based on a type to which the application 602 belongs and a tag of the target file. Further, in response to the application 602 having the operation authority, the electronic device 601 may agree that the application 602 performs the target operation on the target file. Thus, the application 602 can perform a target operation on a target file in the user data storage area 603 with an operation authority.
It should be noted that the electronic device control method provided by the embodiment of the present disclosure may be executed by the electronic device 601, and accordingly, the electronic device control apparatus may be provided in the electronic device 601.
It should be understood that the number of electronic devices, applications, and user data storage areas in FIG. 6 are merely illustrative. There may be any number of electronic devices, applications, and user data storage areas, as desired for implementation.
Referring now to fig. 7, shown is a schematic diagram of an electronic device (e.g., the terminal device shown in fig. 6) suitable for use in implementing some embodiments of the present disclosure. The terminal device in some embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle-mounted terminal (e.g., a car navigation terminal), and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure. The electronic device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 7, the electronic device may include a processing device (e.g., central processing unit, graphics processor, etc.) 701, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage device 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the electronic apparatus are also stored. The processing device 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
Generally, the following devices may be connected to the I/O interface 705: input devices 706 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 707 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 708 including, for example, magnetic tape, hard disk, etc.; and a communication device 709. The communication device 709 may allow the electronic device to communicate wirelessly or by wire with other devices to exchange data. While fig. 7 illustrates an electronic device having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in fig. 7 may represent one device or may represent multiple devices as desired.
In particular, according to some embodiments of the present disclosure, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via the communication means 709, or may be installed from the storage means 708, or may be installed from the ROM 702. The computer program, when executed by the processing device 701, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
It should be noted that the computer readable medium described in some embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In some embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be included in the electronic device or may exist separately without being incorporated in the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: in response to receiving an operation request of an application for executing target operation on a target file in a user data storage area, determining whether the application has operation authority or not based on the type of the application and a label of the target file; and responding to the fact that the application has the operation authority, and agreeing to the application to execute target operation on the target file.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in some embodiments of the present disclosure may be implemented by software, and may also be implemented by hardware. The names of the units do not form a limitation on the units themselves in some cases, and for example, the consent unit may also be described as a unit that "agrees to the application to perform a target operation on a target file in response to the application having an operation authority".
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure in the embodiments of the present disclosure is not limited to the particular combination of the above-described features, but also encompasses other embodiments in which any combination of the above-described features or their equivalents is possible without departing from the scope of the present disclosure. For example, the above features may be interchanged with other features disclosed in this disclosure (but not limited to) those having similar functions.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (19)

1. An electronic device control method, the method further comprising:
in response to receiving an operation request of an application for executing a target operation on a target file in a user data storage area, determining whether the application has an operation authority or not based on a type to which the application belongs and a tag of the target file;
and in response to the application having the operation authority, agreeing to the application to execute the target operation on the target file.
2. The method according to claim 1, wherein the user data storage area is divided into a first storage directory, a second storage directory and a third storage directory in advance, the first storage directory is provided with a read-write permission tag for restricting read operation and/or write operation of an application, and the second storage directory is provided with a write permission tag for restricting write operation of an application.
3. The method of claim 2, further comprising:
for each file in the third storage directory, in response to a locking operation for the file, performing a first tag updating step:
moving the file from the third storage directory to a target storage directory, wherein the target storage directory is the first storage directory or the second storage directory;
and updating the label of the file into an authority label set for the target storage directory.
4. The method of claim 2, wherein the user data storage area is a child storage area of a system data storage area;
the permission labels of the first storage directory and the second storage directory are set in the following way:
setting an authority tag of the first storage directory aiming at a storage path of the first storage directory under the system data storage area;
and setting the authority label of the second storage directory aiming at the storage path of the second storage directory under the system data storage area.
5. The method of claim 2, wherein the determining whether the application has the operation right based on the type of the application and the label of the target file comprises:
and determining that the application has the operation authority in response to the fact that the label of the target file is not the read-write authority label and the write authority label.
6. The method of claim 2, wherein the determining whether the application has the operation right based on the type of the application and the label of the target file comprises:
in response to that the label of the target file is the read-write permission label or the write permission label, determining at least one operation which the application has permission to the file with the label based on the type to which the application belongs;
in response to the at least one operation comprising the target operation, determining that the application has operational rights.
7. The method of claim 5, wherein the determining whether the application has the operation right based on the type of the application and the tag of the target file further comprises:
determining that the application does not have operational rights in response to the at least one operation not including the target operation.
8. The method of claim 1, further comprising:
and in response to the application not having the operation authority, returning no-authority prompt information to the application.
9. The method of claim 1, wherein the types of applications comprise a first type, a second type and a third type, wherein the first type of application has a system signature and system permissions, wherein the second type of application has the system signature and does not have the system permissions, and wherein the third type of application does not have the system signature and the system permissions.
10. The method of claim 9,
the first type of application has read operation and write operation permission on the file with any label in the user data storage area;
the second type of application has read operation permission on files with read-write permission labels and write permission labels in the user data storage area, and has read operation permission and write operation permission on files with other labels in the user data storage area;
and the third type of application has the read operation permission on the file with the write permission label and has the read operation permission and the write operation permission on the file with other labels.
11. The method of claim 2, further comprising:
for each file in the target storage directory, in response to the unlocking operation of the file, executing a second tag updating step:
moving the file from the target storage directory to the third storage directory, wherein the target storage directory is the first storage directory or the second storage directory;
and updating the label of the file to the label set for the third storage directory.
12. The method of claim 11, wherein moving the file from the target storage directory to the third storage directory comprises:
prompting the user to input an authentication password;
and in response to the authentication password input by the user being the same as the preset authentication password, moving the file from the target storage directory to the third storage directory.
13. The method of claim 11, wherein updating the tag of the file to the tag set for the third storage directory comprises:
and updating the authority label of the file to the label set for the third storage directory in response to the label updating condition being met.
14. The method of claim 3, wherein moving the file from the third storage directory to the target storage directory comprises:
prompting the user to input an authentication password;
and moving the file from the third storage directory to the target storage directory in response to the authentication password input by the user being the same as the preset authentication password.
15. The method of claim 3, wherein updating the tag of the file to the permission tag set for the target storage directory comprises:
and in response to the condition of updating the label being met, updating the label of the file to the permission label set for the target storage directory.
16. The method of claim 13 or 15, wherein the tag update condition comprises at least one of:
detecting execution of a tag refresh command;
a reboot of the operating system is detected.
17. An electronic device control apparatus, comprising:
a determination unit configured to determine, in response to receiving an operation request for an application to perform a target operation on a target file in a user data storage area, whether the application has an operation authority based on a type to which the application belongs and a tag of the target file;
and the agreement unit is used for responding to the application having the operation authority and agreeing to the application to execute the target operation on the target file.
18. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-16.
19. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-16.
CN202110327790.4A 2021-03-26 2021-03-26 Electronic equipment control method and device and electronic equipment Pending CN113032830A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110327790.4A CN113032830A (en) 2021-03-26 2021-03-26 Electronic equipment control method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110327790.4A CN113032830A (en) 2021-03-26 2021-03-26 Electronic equipment control method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN113032830A true CN113032830A (en) 2021-06-25

Family

ID=76472591

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110327790.4A Pending CN113032830A (en) 2021-03-26 2021-03-26 Electronic equipment control method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN113032830A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150262183A1 (en) * 2014-03-12 2015-09-17 The Toronto-Dominion Bank Systems and methods for providing populated transaction interfaces based on system-generated triggers
CN106203159A (en) * 2016-06-30 2016-12-07 乐视控股(北京)有限公司 A kind of method and apparatus of application program operation file
CN106503579A (en) * 2016-09-29 2017-03-15 维沃移动通信有限公司 A kind of method and device of access target file
CN109871689A (en) * 2018-05-04 2019-06-11 360企业安全技术(珠海)有限公司 Hold-up interception method and device, storage medium, the electronic device of operation behavior
CN110555293A (en) * 2019-09-10 2019-12-10 百度在线网络技术(北京)有限公司 Method, apparatus, electronic device and computer readable medium for protecting data
CN111897786A (en) * 2020-05-27 2020-11-06 深圳市广和通无线股份有限公司 Log reading method and device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150262183A1 (en) * 2014-03-12 2015-09-17 The Toronto-Dominion Bank Systems and methods for providing populated transaction interfaces based on system-generated triggers
CN106203159A (en) * 2016-06-30 2016-12-07 乐视控股(北京)有限公司 A kind of method and apparatus of application program operation file
CN106503579A (en) * 2016-09-29 2017-03-15 维沃移动通信有限公司 A kind of method and device of access target file
CN109871689A (en) * 2018-05-04 2019-06-11 360企业安全技术(珠海)有限公司 Hold-up interception method and device, storage medium, the electronic device of operation behavior
CN110555293A (en) * 2019-09-10 2019-12-10 百度在线网络技术(北京)有限公司 Method, apparatus, electronic device and computer readable medium for protecting data
CN111897786A (en) * 2020-05-27 2020-11-06 深圳市广和通无线股份有限公司 Log reading method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
US11880477B2 (en) Time-based functionality restrictions
CN110569667B (en) Access control method and device, computer equipment and storage medium
CN111833507B (en) Visitor authentication method, device, equipment and computer readable storage medium
CN110704833A (en) Data permission configuration method, device, electronic device and storage medium
CN115102744B (en) Data access method and device
CN112257104A (en) Authority control method and device and electronic equipment
CN111079125A (en) Method and device for calling third-party library dynamic lifting authority by application program
US20180097817A1 (en) Generating short-term signatures for accessing cloud storage
CN111400625A (en) Page processing method and device, electronic equipment and computer readable storage medium
CN112183045A (en) Online document processing method and device and electronic equipment
KR20140112399A (en) Application access control method and electronic device implementing the same
CN114880011A (en) OTA (over the air) upgrading method and device, electronic equipment and readable storage medium
CN111460432B (en) On-line document authority control method, device, equipment and computer readable medium
CN111310145B (en) User right verification method and device and electronic equipment
CN112699407A (en) Service data access method, device, equipment and storage medium
CN116611087A (en) Encryption method, device, equipment and storage medium for basic input/output system
CN113032830A (en) Electronic equipment control method and device and electronic equipment
CN115328558A (en) Starting method and device and electronic equipment
CN111026504B (en) Processing method and device for configuring instruction for acquiring processor information in virtual machine, CPU chip, system on chip and computer
CN114386113A (en) Read-write control method, device and equipment for mobile storage equipment and storage medium
CN111901095B (en) Safe starting method and system based on hardware encryption
CN113486401A (en) Method, device, equipment and medium for verifying access authority
CN113641966B (en) Application integration method, system, equipment and medium
CN113742663B (en) Watermark file acquisition method and device and electronic equipment
CN117170586A (en) Data processing method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination