CN113176898A

CN113176898A - Multi-operating-system permission configuration method, terminal equipment and MDM equipment

Info

Publication number: CN113176898A
Application number: CN202110278223.4A
Authority: CN
Inventors: 吴张伟
Original assignee: Xi'an Shenniao Software Technology Co ltd
Current assignee: Xi'an Shenniao Software Technology Co ltd
Priority date: 2021-03-15
Filing date: 2021-03-15
Publication date: 2021-07-27

Abstract

The embodiment of the invention discloses a multi-operating system permission configuration method, terminal equipment and MDM equipment, which are applied to the technical field of multiple systems and can solve the problem that the control on a certain system or partial functions in the certain system cannot be realized aiming at certain users needing permission control in the prior art. The terminal device includes: the system comprises a Host system and M android operating systems, wherein each android operating system is provided with a management application program associated with the MDM equipment; the method comprises the following steps: receiving a first permission configuration instruction sent by an MDM device through a management application program in a first android operating system, wherein the first permission configuration instruction comprises: at least one first function item and authority configuration information of each first function item; configuring each first function item according to the authority configuration information of each first function item through a management application program in the first android operating system; wherein the first android operating system is any one of the M android operating systems.

Description

Multi-operating-system permission configuration method, terminal equipment and MDM equipment

Technical Field

The embodiment of the invention relates to the technical field of terminal equipment, in particular to a multi-operating-system permission configuration method, terminal equipment and MDM equipment.

Background

With the development of science and technology, in order to meet the daily work and life needs of users, the current terminal equipment can store two sets of operating systems, users can switch different operating systems for use, and for some users needing authority control, control over a certain system or partial functions in a certain system cannot be achieved.

Disclosure of Invention

The embodiment of the invention provides a multi-operating system authority configuration method, terminal equipment and MDM equipment, which are used for solving the problem that control over a certain system or partial functions in the certain system cannot be realized for certain users needing authority control in the prior art. In order to solve the above technical problem, the embodiment of the present invention is implemented as follows:

in a first aspect, a method for configuring multiple operating system permissions is provided, which is applied to a terminal device, where the terminal device includes: the MDM equipment comprises a main Host system and M android operating systems, wherein each android operating system is provided with a management application program related to the MDM equipment; the method comprises the following steps: receiving a first permission configuration instruction sent by the MDM device through a management application program in a first android operating system, wherein the first permission configuration instruction comprises: at least one first function item and authority configuration information of each first function item;

and configuring each first function item according to the authority configuration information of each first function item through a management application program in the first android operating system.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, before the receiving, by a management application in a first android operating system, a first permission configuration instruction sent by the MDM device, the method further includes:

sending first permission configuration request information to the MDM device through a management application program in the first android operating system, wherein the first permission configuration request information comprises: the at least one first function item and the authority configuration information of each first function item.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, the method further includes:

sending, by a management application in the first android operating system, identity information of the user to the MDM device, the identity information including: occupation of the user and behavior data of the user using the terminal device;

receiving, by a management application in the first android operating system, a second permission configuration instruction matched with the identity information and sent by the MDM device, where the second permission configuration instruction includes: at least one second function item and authority configuration information of each second function item;

and configuring each second function item according to the authority configuration information of each second function item through a management application program in the first android operating system.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, after configuring, by the management application in the first android operating system, each second function item according to the authority configuration information of each second function item, the method further includes:

receiving, by a management application in the first android operating system, an authorization release configuration instruction sent by the MDM device, where the authorization release configuration instruction includes: target function items and the configuration information of the permission of the target function items;

and releasing the authority configuration of the target function item through a management application program in the first android operating system according to the authority configuration releasing instruction.

creating the M android operating systems through a system management module of the Host system, wherein each android operating system in the M android operating systems is isolated from each other;

respectively controlling each android operating system in the M android operating systems through a system management module of the Host system;

wherein, the isolation mode among different android operating systems in the M android operating systems comprises: at least one of system isolation, file system isolation, and network isolation.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, the respectively controlling, by a system management module of the Host system, each of M android operating systems includes:

when a first android operating system is placed in a foreground for running, if a running instruction sent by a user and used for starting a second android operating system is detected through a management application program of the first android operating system, the running instruction is sent to a system management module of a Host system through the management application program, so that the system management module controls the second android operating system to start running in the background;

and/or the presence of a gas in the gas,

when the first android operating system is placed in a foreground for running, if a stop instruction which is sent by the user and used for stopping the second android operating system is detected through a management application program of the first android operating system, the stop instruction is sent to a system management module of the Host system through the management application program, so that the system management module controls the second android operating system to stop running;

the first android operating system and the second android operating system are different operating systems of the M android operating systems.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, the isolating manner includes the system isolation, and the controlling, by a system management module of the Host system, each of M android operating systems respectively includes:

acquiring a system identifier and a driver identifier of a current application program process through a system management module of the Host system, wherein the driver identifier is used for indicating a target driver;

if the system identifier is detected to be the same as the first identifier, controlling the first android operating system to run the target driver in the first namespace through a system management module of the Host system;

if the system identifier is detected to be the same as the second identifier, controlling the second android operating system to run the target driver in the second namespace through a system management module of the Host system;

wherein the first identifier is used to mark the first namespace of the first android operating system, and the second identifier is used to mark the second namespace of the second android operating system.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, if it is detected that the system identifier is the same as the first identifier, controlling, by a system management module of the Host system, the first android operating system to run the target driver in the first namespace includes:

if the system identifier is detected to be the same as the first identifier, determining the target driver corresponding to the driver identifier in the first namespace through a system management module of the Host system;

and running the first android operating system through a system management module of the Host system, and controlling the first android operating system to run the target driver in the first namespace through the system management module of the Host system.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, before the obtaining, by the system management module of the Host system, the system identifier and the driver identifier of the current application process, the method further includes:

according to a namespace technology, generating the first namespace of the first android operating system through a system management module of the Host system, and marking the first namespace to obtain the first identifier;

and according to the namespace technology, generating the second naming space of the second android operating system through a system management module of the Host system, and marking the second naming space to obtain the second identifier.

when the first android operating system runs in a foreground, the second android operating system runs in a background, and a target application program in the second android operating system receives a target message, the second android operating system sends the target message to an information transmission module of the Host system through a second process communication (IPC) channel, wherein the second IPC channel is a channel between the second android operating system and the information transmission module of the Host system;

and the information transmission module sends the target message to the first android operating system through a first IPC channel, wherein the first IPC channel is a channel between the first android operating system and the information transmission module, so that the first android operating system outputs the target message.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, after the first android operating system outputs the target message, the method further includes:

if a switching instruction used for indicating that the second android operating system is placed in the foreground for operation by the user is detected, sending first switching request information to a system switching module of a Host system through the first IPC channel by the first android operating system, wherein the first switching request information is used for requesting that the second android operating system be placed in the foreground for operation;

and controlling the second android operating system to be placed in the foreground for running through a system switching module of the Host system, and placing the first android operating system in the background for running.

As an optional implementation manner, in a first aspect of the embodiment of the present invention, the isolating manner includes the file system isolating, and the controlling, by a system management module of the Host system, each of M android operating systems respectively includes:

dividing the storage space of the terminal equipment into M storage areas through a system management module of the Host system, wherein the M storage areas are mutually independent;

respectively mounting the M android operating systems in the M storage areas through a system management module of the Host system, wherein the M android operating systems correspond to the M storage areas one by one;

and if the storage instruction used for storing the first target file by the user is detected, storing the first target file into the first storage area through a system management module of the Host system.

creating an M +1 th android operating system through a system management module of the Host system to obtain the M +1 th android operating systems;

dividing the storage space of the terminal equipment into M +1 storage areas through a system management module of the Host system, wherein the M +1 storage areas are mutually independent;

and respectively mounting the M +1 android operating systems in the M +1 storage areas through a system management module of the Host system, wherein the M +1 android operating systems correspond to the M +1 storage areas one by one.

creating M folders through a system management module of the Host system, wherein the M folders correspond to the M android operating systems one by one;

and setting the root directory of each android operating system as a folder corresponding to each android operating system through a system management module of the Host system.

As an optional implementation manner, in the first aspect of the embodiment of the present invention, the isolating manner includes the network isolation, and the controlling, by a system management module of the Host system, each of M android operating systems respectively includes:

creating a first virtual network card in an application program framework (API) frame of the first android operating system through a system management module of the Host system, and creating a second virtual network card in a frame of the second android operating system;

receiving a first IP address configured for the first virtual network card by the wireless network device through the first virtual network card in the first android operating system;

receiving a second IP address configured for the second virtual network card by the wireless network device through the second virtual network card in the second android operating system;

wherein the first IP address is different from the second IP address.

In a second aspect, a multiple operating system permission configuration method is provided, which is applied to an MDM device, and includes: sending a first permission configuration instruction to a management application program in a first android operating system of a terminal device, wherein the first permission configuration instruction comprises: at least one first function item, and authority configuration information of each first function item.

In a third aspect, a terminal device is provided, which includes: a transceiver module, configured to receive, through a management application in a first android operating system, a first permission configuration instruction sent by the MDM device, where the first permission configuration instruction includes: at least one first function item and authority configuration information of each first function item;

the processing module is used for configuring each first function item according to the authority configuration information of each first function item through a management application program in the first android operating system;

wherein the first android operating system is any one of the M android operating systems.

In a fourth aspect, there is provided an MDM device comprising: a transceiver module, configured to send a first permission configuration instruction to a management application in a first android operating system of a terminal device, where the first permission configuration instruction includes: at least one first function item, and authority configuration information of each first function item.

In a fifth aspect, a terminal device is provided, which includes:

a memory storing executable program code;

a processor coupled with the memory;

the processor calls the executable program code stored in the memory to execute the multiple operating system permission configuration method in the first aspect of the embodiment of the present invention.

In a sixth aspect, there is provided a MDM device comprising:

a memory storing executable program code;

a processor coupled with the memory;

the processor calls the executable program code stored in the memory to execute the multiple operating system permission configuration method in the second aspect of the embodiment of the invention.

A seventh aspect provides a multiple operating system permission configuration system, including: a terminal device in a fifth aspect of an embodiment of the present invention and an MDM device in a sixth aspect of an embodiment of the present invention.

In an eighth aspect, a computer-readable storage medium is provided, which stores a computer program, where the computer program enables a computer to execute the multiple operating system permission configuration method in the first aspect of the embodiment of the present invention or the multiple operating system permission configuration method in the second aspect of the embodiment of the present invention. The computer readable storage medium includes a ROM/RAM, a magnetic or optical disk, or the like.

In a ninth aspect, there is provided a computer program product for causing a computer to perform part or all of the steps of any one of the methods of the first aspect or part or all of the steps of any one of the methods of the second aspect when the computer program product is run on the computer.

A tenth aspect provides an application publishing platform for publishing a computer program product, wherein the computer program product, when run on a computer, causes the computer to perform part or all of the steps of any one of the methods of the first aspect or part or all of the steps of any one of the methods of the second aspect.

Compared with the prior art, the embodiment of the invention has the following beneficial effects:

in the embodiment of the present invention, a management application program associated with an MDM device is installed in each android operating system of a terminal device, and the terminal device may receive a first authority configuration instruction sent by the MDM device through the management application program in a first android operating system, where the first authority configuration instruction includes: at least one first function item and authority configuration information of each first function item; therefore, the terminal equipment can carry out authority configuration on each first function item according to the first authority configuration instruction. Through the scheme, the terminal equipment can carry out authority configuration according to the configuration instruction sent by the MDM equipment, so that the terminal equipment can carry out authority configuration for a certain android operating system or carry out authority configuration for partial functions in the certain android operating system.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a first flowchart illustrating a method for configuring multiple operating system permissions according to an embodiment of the present invention;

fig. 2 is a first schematic diagram of an architecture of an android operating system according to an embodiment of the present invention;

fig. 3 is a schematic diagram of an architecture of an android operating system according to an embodiment of the present invention;

fig. 4 is a flowchart illustrating a second method for configuring multiple operating system permissions according to an embodiment of the present invention;

fig. 5 is a third flowchart illustrating a method for configuring multiple operating system permissions according to an embodiment of the present invention;

fig. 6 is a fourth flowchart illustrating a method for configuring multiple operating system permissions according to an embodiment of the present invention;

fig. 7 is a first schematic structural diagram of a terminal device according to an embodiment of the present invention;

FIG. 8 is a schematic structural diagram of a MDM device according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of a terminal device according to an embodiment of the present invention;

FIG. 10 is a schematic structural diagram of a MDM device according to an embodiment of the present invention;

fig. 11 is a schematic structural diagram of a multiple operating system privilege configuration system according to an embodiment of the present invention;

fig. 12 is a schematic diagram of a hardware structure of a terminal device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The terms "first" and "second," and the like, in the description and in the claims of the present invention are used for distinguishing between different objects and not for describing a particular order of the objects. For example, the first android operating system and the second android operating system, etc. are used to distinguish different android operating systems, rather than to describe a particular order of the android operating systems.

The terms "comprises," "comprising," and any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It should be noted that, in the embodiments of the present invention, words such as "exemplary" or "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described as "exemplary" or "e.g.," an embodiment of the present invention is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In the related art, with the development of science and technology, in order to meet the daily work and life needs of users, the current terminal device stores two sets of operating systems, users can switch different operating systems for use, and for some users needing authority control, control over a certain system or control over part of functions in a certain system cannot be achieved.

In order to solve the above problem, an embodiment of the present invention provides a method for configuring multiple operating systems, a terminal device, and an MDM device, where a management application associated with the MDM device is installed in each android operating system of the terminal device, and the terminal device may receive a first right configuration instruction sent by the MDM device through the management application in a first android operating system, where the first right configuration instruction includes: at least one first function item and authority configuration information of each first function item; therefore, the terminal equipment can carry out authority configuration on each first function item according to the first authority configuration instruction. Through the scheme, the terminal equipment can carry out authority configuration according to the configuration instruction sent by the MDM equipment, so that the terminal equipment can carry out authority configuration for a certain android operating system or carry out authority configuration for partial functions in the certain android operating system.

The terminal device related to the embodiment of the present invention may be a live broadcast device, where the live broadcast device includes a host and a live broadcast display screen electrically connected to the host, and optionally, the live broadcast device may further include devices such as a microphone and a speaker, and the embodiment of the present invention is not limited. The Host is provided with a Host system and M android operating systems in the embodiment of the invention.

The terminal device according to the embodiment of the present invention may also be an electronic device such as a Mobile phone, a tablet Computer, a notebook Computer, a palmtop Computer, a vehicle-mounted terminal device, a wearable device, an Ultra-Mobile Personal Computer (UMPC), a netbook, or a Personal Digital Assistant (PDA). The wearable device may be a smart watch, a smart bracelet, a watch phone, a smart foot ring, a smart earring, a smart necklace, a smart headset, or the like, and the embodiment of the present invention is not limited.

The executing main body of the multi-operating system permission configuration method provided by the embodiment of the present invention may be the terminal device, or may also be a functional module and/or a functional entity capable of implementing the multi-operating system permission configuration method in the terminal device, which may be specifically determined according to actual use requirements, and the embodiment of the present invention is not limited. The following takes a terminal device as an example to exemplarily describe the multiple operating system permission configuration method provided by the embodiment of the present invention.

The multi-operating system permission configuration method provided by the embodiment of the invention can be applied to a scene that a user uses the terminal equipment.

Example one

As shown in fig. 1, an embodiment of the present invention provides a method for configuring multiple operating system permissions, where in the embodiment of the present invention, a terminal device may interact with an MDM device to implement the method for configuring multiple operating system permissions, and the method may further include the following steps:

101. and creating M android operating systems through a system management module of the Host system.

In the embodiment of the invention, the terminal device comprises a Host system and M android operating systems, wherein M is an integer greater than or equal to 2.

The Host system comprises a system management module (containment), and the system management module is mainly used for creating, destroying, running or stopping an android operating system.

It should be noted that the Host system is a system for controlling other android operating systems, and the core functions include: intersystem handover, intersystem information transfer. After the terminal equipment is started, the code of a Host system is automatically executed, and the Host system automatically creates an android operating system and runs the android operating system; in addition, the Host system can also create more android operating systems based on the kernel space and the running memory, and the android operating systems run in parallel and are independent of each other. However, in the terminal device, only one android operating system can run in the foreground, and other android operating systems can only run in the background of the terminal device.

It should be noted that the android operating system is a Linux-based operating system with free and open source codes, and is mainly applied to mobile devices. The android operating system adopts a layered architecture, as shown in fig. 2, which includes an application layer, an application framework layer, a system runtime library layer, and a Linux kernel layer, and further includes a runtime environment in the system runtime library layer.

Optionally, the Application layer (Application) is a developed Application, and belongs to a user Application layer, where the Application layer specifically includes: a main program, a contact, a browser, etc.

Alternatively, the Application Framework layer (Application Framework) is an Application Programming Interface (API) used by a developer to fully access an Application, that is, a series of services and systems hidden behind each Application. The design of the application architecture layer simplifies the application reuse mechanism, any one application can publish its own function blocks, and any other application can use its published function blocks on the basis of the security following the framework. Likewise, the user can also easily replace application components through the simplified application reuse mechanism.

Wherein, the application framework layer at least comprises:

(1) rich extensible Views (Views), which can be used to build applications, include lists (lists), grids (grids), text boxes (text boxes), buttons (buttons), and embeddable web browsers, among others.

(2) Content Providers (Content Providers) may enable an application to access data of another application (e.g., a contact database) or to share respective data.

(3) Resource managers (Resource managers) may provide access to non-code resources such as native strings, graphics, and layout files.

(4) A Notification Manager (Notification Manager) may cause the application to display custom hint information in the status bar.

(5) An Activity Manager (Activity Manager) may be used to manage the lifecycle of applications and provide the usual navigation fallback functionality.

Optionally, the system runtime Libraries (Libraries) include C/C + + Libraries that can be used by different application components.

Wherein, the system operation library layer at least comprises:

(1) and (4) system C library: the standard C system function library (Libc) inherited from Berkeley Software suite (BSD), which is specifically tailored for embedded (embedded) Linux based devices.

(2) Media library: the media library supports playback and recording of a variety of commonly used audio and video formats, as well as supporting still image files. The encoding formats include MPEG4, h.264, MP3, AAC, AMR, JPG, PNG.

(3) Surface Manager (Surface Manager): management of the display subsystem and seamless fusion of 2D and 3D layers for multiple applications.

(4) LibWebCore: and the web browser engine supports an Android browser and an embeddable web view.

(5) SGL: the underlying 2D graphics engine.

(6)3D libraries: the library may use hardware 3D acceleration or use highly optimized 3D soft acceleration.

(7) FreeType: bitmap (bitmap) and vector (vector) font displays.

(8) SQLite: a lightweight, powerful relational database engine that is available to all applications.

It should be noted that, in the system Runtime layer, an Android Runtime environment (Android Runtime) is further included, the running of the Java program needs to be supported by a Java Core package, and then the application program is run through a virtual machine, and a Core library (Core Libraries) in the Runtime environment is equivalent to a Java development Kit (Java Developer Kit, JDK) and is a Core library required for running the application program; the Dalvik Virtual Machine (Dalvik Virtual Machine) is equivalent to a Java Virtual Machine (Java Virtual Machine) and is a Virtual Machine developed for Android and required for running Android applications.

Optionally, a Linux Kernel layer (Linux Kernel) is a bottom implementation of the android operating system, and provides a Kernel system service, including: security, memory management, process management, network stacking, driver models, etc. The Linux core layer also includes a plurality of drivers, such as: display driver, input device driver, audio system driver, camera driver, WiFi driver, bluetooth driver, power management, it is through these drivers to drive the hardware device on our equipment.

To sum up, the hierarchical framework that android operating system adopted can use the service that the lower floor provided to provide unified service for the upper strata, shields the difference of this layer and below, when this layer and below have taken place the change, can not influence the upper strata, can say that high cohesion, low coupling.

In the embodiment of the present invention, as shown in fig. 3, the Host system and the M android operating systems are functional entities in a Linux kernel layer, and the management application in each android operating system can perform operations such as information transmission, system management, system switching, and the like through the process communication channel and each module of the Host system.

Wherein, in the Linux core layer, still include: the android operating system comprises functions such as a wireless local area network (WiFi), a frame buffer (Framebuffer), a Power supply (Power), a process communication (Binder), an audio (Radio), a Graphic Processing Unit (GPU), a virtual network card (VirtualNIC), an information Input (Input) and the like, wherein the functions exist in namespaces of different android operating systems through namespace technologies respectively.

102. Receiving a first permission configuration instruction sent by the MDM device through a management application program in a first android operating system.

In the embodiment of the present invention, a management application in a first android operating system may receive a first permission configuration instruction sent by an MDM device.

It should be noted that each android operating system is installed with a management application program, and each android operating system can be connected with the Host system through the management application program to implement instruction transceiving or data transmission between the android operating system and the Host system; each android operating system can also receive, through the management application, the permission configuration assigned by the MDM device.

Wherein, the first permission configuration instruction comprises: at least one first function item, and authority configuration information of each first function item.

For example, the first permission configuration instruction may include: disabling the microphone function of the first android operating system, and opening the screen rotation function of the first android operating system.

Optionally, before receiving, by the management application in the first android operating system, the first permission configuration instruction sent by the MDM device, the method may further include: and sending first permission configuration request information to the MDM equipment through a management application program in the first android operating system.

In the embodiment of the present invention, before the management application in the first android operating system receives the first permission configuration instruction sent by the MDM device, the management application in the first android operating system may also initiatively send first permission configuration request information to the MDM device, so that the MDM device performs permission configuration for the first android operating system according to the first permission configuration request information.

Wherein, the first permission configuration request information includes: at least one first function item, and authority configuration information of each first function item.

It should be noted that the first permission configuration request information sent by the management application in the first android operating system to the MDM device may be the same as the first permission configuration instruction sent by the MDM device to the management application in the first android operating system.

Optionally, the MDM device may further perform permission configuration on other function items in the first android operating system according to the current parameter information of the first android operating system.

The parameter information may include user identity information, location information, usage data, and the like.

103. And configuring each first function item according to the authority configuration information of each first function item through a management application program in the first android operating system.

In the embodiment of the present invention, after receiving the first permission configuration instruction sent by the MDM device, the management application in the first android operating system may configure each first function item according to the permission configuration information of each first function item.

The embodiment of the invention provides a method for configuring authority of multiple operating systems, wherein each android operating system of a terminal device is provided with a management application program associated with an MDM device, the terminal device can receive a first authority configuration instruction sent by the MDM device through the management application program in a first android operating system, and the first authority configuration instruction comprises the following steps: at least one first function item and authority configuration information of each first function item; therefore, the terminal equipment can carry out authority configuration on each first function item according to the first authority configuration instruction. Through the scheme, the terminal equipment can carry out authority configuration according to the configuration instruction sent by the MDM equipment, so that the terminal equipment can carry out authority configuration for a certain android operating system or carry out authority configuration for partial functions in the certain android operating system. .

Example two

As shown in fig. 4, an embodiment of the present invention provides a method for configuring multiple operating system permissions, where in the embodiment of the present invention, a terminal device may interact with an MDM device to implement the method for configuring multiple operating system permissions, and the method may further include the following steps:

401. and creating M android operating systems through a system management module of the Host system.

402. And sending the identity information of the user to the MDM device through a management application program in the first android operating system.

In an embodiment of the present invention, a management application in the first android operating system may actively send identity information of the user to the MDM device.

Wherein, the identity information of the user may include: the profession of the user, and the behavior data of the user using the terminal device. The behavior data is behavior statistics of terminal devices used by the user in history.

For example, a management application in a first android operating system may send to the MDM device: the user is a student, the user does not use the terminal device in the morning at 7:30 to 12:00, the user consumes at the restaurant at 12:10 to 12:30 at noon, the user does not use the terminal device at 14:00 to 18:30 in the afternoon, and the user uses the application program for searching the topic at 20:00 to 23:30 in the evening.

403. And receiving a second permission configuration instruction which is sent by the MDM equipment and matched with the identity information through a management application program in the first android operating system.

In the embodiment of the present invention, after receiving the identity information of the user sent by the management application in the first android operating system, the MDM device may perform permission configuration for the first android operating system according to the identity information of the user, and send the second permission configuration instruction to the management application in the first android operating system.

Wherein, the second permission configuration instruction may include: at least one second function item, and authority configuration information of each second function item.

For example, assume that the identity information of the user is: the user is a student, the user does not use the terminal device in the morning at 7:30 to 12:00, the user consumes at the restaurant at 12:10 to 12:30 at noon, the user does not use the terminal device at 14:00 to 18:30 in the afternoon, and the user uses the application program for searching the topic at 20:00 to 23:30 in the evening. The second permission configuration instruction sent by the MDM device to the management application in the first android operating system may include: disabling the network function and adjusting the screen brightness to a minimum in the morning at 7:30 to 12: 00; starting the network and payment functions at noon 12:10-12: 30; disabling network functions at 14:00-18:30 pm and adjusting screen brightness to a minimum; and the functions of the network, the microphone and the camera are started at 20:00-23:30 at night.

404. And configuring each second function item according to the authority configuration information of each second function item through a management application program in the first android operating system.

In the embodiment of the present invention, after the management application in the first android operating system receives the second permission configuration instruction sent by the MDM device, each second function item may be configured according to the permission configuration information of each second function item.

405. And receiving an unlocking authority configuration instruction sent by the MDM equipment through a management application program in the first android operating system.

In the embodiment of the present invention, the MDM device may further send an unlock permission configuration instruction to a management application in the first android operating system.

Wherein, the permission configuration removing instruction comprises: target function item, and disarm configuration information of the target function item.

406. And removing the authority configuration of the target function item through a management application program in the first android operating system according to the authority configuration removing instruction.

In the embodiment of the invention, after the management application program in the first android operating system receives the permission release configuration instruction sent by the MDM device, permission configuration of the target function item can be released according to the permission release configuration instruction.

The management application releases the authority configuration of the target function item, and restores the authority of the target function item to the authority before the authority configuration according to the second authority configuration instruction.

The embodiment of the invention provides a method for configuring authority of multiple operating systems, wherein each android operating system of a terminal device is provided with a management application program associated with an MDM device, the terminal device can receive a first authority configuration instruction sent by the MDM device through the management application program in a first android operating system, and the first authority configuration instruction comprises the following steps: at least one first function item and authority configuration information of each first function item; in this way, the terminal device can perform authority configuration for each first function item according to the first authority configuration instruction; and the MDM equipment can also be configured according to the user identity information when the authority is configured, and can also send an authority configuration removing instruction so as to remove the authority configuration of the functional items. Through the scheme, the terminal equipment can carry out authority configuration for a certain android operating system, or carry out authority configuration for partial functions in the certain android operating system, and management and control of the MDM equipment are more practical in fitting.

As an optional implementation manner, when the MDM device performs permission configuration for the first android operating system, permission configuration duration may also be increased.

It should be noted that, the MDM device may send a third permission configuration instruction to the management application in the first android operating system, where the third permission configuration instruction may include: at least one third function item, authority configuration information of each third function item and authority configuration duration of each third function item; and enabling the management application program in the first android operating system to carry out authority configuration on the functional items in the first android operating system according to the third authority configuration instruction.

Illustratively, it is assumed that the third permission configuration instruction includes: the network function is disabled for 1 hour, the payment function is disabled for 1 hour, and the camera function is started for 30 minutes. Therefore, the management application program in the first android operating system can disable the network function of the first android operating system for 1 hour, disable the payment function of the first android operating system for 1 hour, and open the camera function of the first android operating system for 30 minutes. And after 30 minutes, disabling the camera functionality of the first android operating system; after 1 hour, the network function and the payment function of the first android operating system are started.

Through the optional implementation mode, the MDM equipment can configure the permission and the permission duration to the first android operating system, so that the permission of the first android operating system can be automatically switched after the permission duration is reached, and the intelligence of the MDM equipment and the android operating system is increased.

As an optional implementation manner, when the MDM device performs permission configuration for the first android operating system, the MDM device may also perform configuration according to the location information of the terminal device.

It should be noted that, the MDM device may first obtain current location information of the terminal device, and send a fourth permission configuration instruction matched with the current location information to the management application program in the first android operating system, where the fourth permission configuration instruction may include: at least one fourth function item, and authority configuration information of each fourth function item.

For example, assuming that the MDM device acquires that the current location information of the terminal device is an office building, the user may be working, and the fourth permission configuration instruction may include: and starting the network function and closing the sound play-out function.

As another optional implementation manner, the management application in the first android operating system may obtain current location information, and send the current location information to the MDM device, and the MDM device may send a fourth permission configuration instruction matched with the current location information to the management application in the first android operating system.

Through the optional implementation mode, the MDM equipment can send the permission configuration instruction matched with the current position information to the management application program in the first android operating system, so that permission configuration can be more fit with the current position, and the intelligence of the MDM equipment and the android operating system is increased.

EXAMPLE III

As shown in fig. 5, an embodiment of the present invention provides a method for configuring multiple operating system permissions, where in the embodiment of the present invention, a Host system in a terminal device may interact with a management application in an android operating system to implement the method for configuring multiple operating system permissions, and the method may include the following steps:

501. and creating M android operating systems through a system management module of the Host system.

502. And respectively controlling each android operating system in the M android operating systems through a system management module of the Host system.

In the embodiment of the present invention, the system management module of the Host may respectively control each android operating system to start running or stop running, and specifically may include the following two implementation manners:

the implementation mode is as follows: when the first android operating system is placed in the foreground to run, if a running instruction sent by a user and used for starting the second android operating system is detected through a management application program of the first android operating system, the running instruction is sent to a system management module of the Host system through the management application program, so that the system management module controls the second android operating system to start running in the background.

It should be noted that, in the terminal device, there may be an android operating system running in the foreground, and other android operating systems may run in the background; and each android operating system can be provided with a management application program, and can be associated with the Host system through the management application program so as to realize instruction receiving and sending or data transmission between the android operating system and the Host system.

In the embodiment of the invention, when the first android operating system is set to be operated in the foreground, if the user needs to start to operate the second android operating system, the user can send the operation instruction in the management application program of the first android operating system, and after the management application program of the first android operating system detects the operation instruction, the operation instruction can be sent to the system management module of the Host system, so that the system management module can control the second android operating system to start to operate in the background according to the operation instruction.

And the running instruction is used for starting the second android operating system to run.

Optionally, the manner in which the user sends the operation instruction in the management application of the first android operating system may specifically include: a user clicks a control for starting the running of the second android operating system in the management application program; or, the user inputs preset text information or preset gesture information in the management application program, where the preset text information or the preset gesture information may be used to instruct sending of the operation instruction.

The implementation mode two is as follows: when the first android operating system is placed in the foreground for running, if a stop instruction sent by a user and used for stopping the second android operating system is detected through a management application program of the first android operating system, the stop instruction is sent to a system management module of the Host system through the management application program, and therefore the system management module controls the second android operating system to stop running.

It should be noted that, in the terminal device, only one android operating system can run in the foreground, and other android operating systems can only run in the background; and each android operating system is provided with a management application program, and can be associated with the Host system through the management application program so as to realize instruction receiving and sending or data transmission between the android operating system and the Host system.

In the embodiment of the invention, when the first android operating system is placed in the foreground for running, if the user needs to stop running the second android operating system, the user can send the stop instruction in the management application program of the first android operating system, and after the management application program of the first android operating system detects the stop instruction, the stop instruction can be sent to the system management module of the Host system, so that the system management module can control the second android operating system to stop running in the background according to the stop instruction.

And the stopping instruction is used for starting the second android operating system to stop running.

It should be noted that all the first android operating systems and the second android operating systems mentioned in the embodiment of the present invention are different operating systems of M android operating systems, and all the other android operating systems except the first android operating system and the second android operating system in the M android operating systems may implement the same method as the first android operating system and the second android operating system.

Optionally, the manner in which the user sends the stop instruction in the management application of the first android operating system may specifically include: clicking a control for stopping the running of the second android operating system in the management application program by the user; or, the user inputs preset text information or preset gesture information in the management application program, where the preset text information or the preset gesture information may be used to instruct sending of the stop instruction.

Through the two optional implementation modes, the terminal device can control each android operating system to start running or stop running through the system management module of the Host system, and independent control of each android operating system is achieved.

In the embodiment of the invention, each android operating system in the M android operating systems is isolated from each other.

Wherein, the isolation mode between different android operating systems includes: at least one of system isolation, file system isolation, and network isolation.

As an optional implementation manner, if the isolation manner between different android operating systems includes system isolation, the system management module of the Host system respectively controls each of the M android operating systems, which may specifically include: acquiring a system identifier and a driver identifier of a current application program process through a system management module of a Host system; if the system identifier is detected to be the same as the first identifier, controlling a first android operating system to run a target driver in a first namespace through a system management module of the Host system; and if the system identifier is the same as the second identifier, controlling a second android operating system to run a target driver in a second namespace through a system management module of the Host system.

The driver identification is used for indicating a target driver, the first identification is used for marking a first namespace of a first android operating system, and the second identification is used for marking a second namespace of a second android operating system.

It should be noted that the application process includes resources required by the application. Different application program processes are relatively independent, one application program process cannot directly access data of the other application program process, and the operation of the other application program process cannot be influenced by the operation failure of the one application program process.

Optionally, only one driver is provided in one terminal device, and each android operating system needs to use the driver independently, which requires isolating each android operating system through a namespace technology.

Namespace techniques are a way for the kernel layer to isolate kernel resources. By setting the name space, some application program processes can only see a part of resources related to the application program processes, other application program processes can only see the resources related to the application program processes, and the two application program processes cannot feel the existence of each other at all.

It should be noted that, the Host system may specify the related resources of one android operating system in one namespace, where M android operating systems correspond to M namespaces one to one, the namespace is a logical concept and is not a storage space where M entities exist, and the M namespaces may exist in parallel without interfering with each other. Setting up a namespace is a kind of encapsulation isolation to all system resources, so that processes in different namespaces have independent all system resources, changing system resources in one namespace only affects processes in the current namespace, and does not affect processes in other namespaces.

In the embodiment of the invention, a system management module of a Host system acquires a system identifier and a driver identifier of a current application program process, if the system identifier is the same as a first identifier, it can be shown that a first android operating system is currently operated in a foreground, and then the system management module controls the first android operating system to create a kernel thread in a first namespace so as to operate a target driver; if the system identifier is the same as the second identifier, it may be stated that the second android operating system is currently running in the foreground, and then the system management module controls the second android operating system to create a kernel thread in the second namespace to run the target driver.

The kernel can be regarded as a service process for managing software and hardware resources and responding to various reasonable and unreasonable requests of the user process. The kernel thread is the body of the kernel, one kernel thread can handle a specific thing, the kernel is responsible for scheduling the kernel thread, and the kernel thread only runs in a kernel mode. In the embodiment of the invention, the system management module creates a kernel thread in the first namespace to run the target driver, which is equivalent to creating a set of running environment for the target driver in the first namespace, so that the target driver can run normally.

It should be noted that the system identifier may be a number, each android operating system corresponds to a namespace, the system identifier of each namespace is different, and the system management module may determine the currently running android operating system and the namespace according to the number; the driver identifier may be an icon or text indicating the target driver.

Illustratively, assume that the first label is 3190 and the second label is 3846. The system management module of the Host system obtains that the system identifier of the current application program process is 3190, and the driver identifier is a camera pattern, so that the system identifier can be found to be the same as the first identifier, and the camera pattern indicates the camera driver, so that the system management module can run the first android operating system, and control the first android operating system to run the camera driver in the first namespace.

Optionally, if it is detected that the system identifier is the same as the first identifier, controlling, by a system management module of the Host system, the first android operating system to run the target driver in the first namespace, which may specifically include: if the system identifier is detected to be the same as the first identifier, determining a target driver corresponding to the driver identifier in a first name space through a system management module of the Host system; and running the first android operating system through a system management module of the Host system, and controlling the first android operating system to run the target driver in the first namespace through the system management module of the Host system.

In the embodiment of the present invention, the system management module may, when detecting that the system identifier is the same as the first identifier, first determine, in a first namespace of the first android operating system, a target driver corresponding to the driver identifier, run the first android operating system, and control the first android operating system to run the target driver in the first namespace.

Similarly, if it is detected that the system identifier is the same as the second identifier, controlling, by the system management module of the Host system, the second android operating system to run the target driver in the second namespace, which may specifically include: if the system identifier is detected to be the same as the second identifier, determining a target driver corresponding to the driver identifier in a second name space through a system management module of the Host system; and running a second android operating system through a system management module of the Host system, and controlling the second android operating system to execute the target driver in the second namespace through the system management module of the Host system.

In the embodiment of the present invention, the system management module may, when detecting that the system identifier is the same as the second identifier, first determine the target driver corresponding to the driver identifier in the second namespace of the second android operating system, run the second android operating system, and control the second android operating system to run the target driver in the second namespace.

Further, before the system management module of the Host system obtains the system identifier and the driver identifier of the current application process, the method may further include: according to a namespace (namespace) technology, generating a first namespace of a first android operating system through a system management module of a Host system, and marking the first namespace to obtain a first identifier; and according to the namespace technology, generating a second namespace of a second android operating system through a system management module of the Host system, and marking the second namespace to obtain a second identifier.

In the embodiment of the invention, the system management module can generate M namespaces for M android operating systems according to a namespace technology, the android operating systems correspond to the namespaces one by one, the M namespaces are marked, and the identification of each namespace is respectively obtained, so that each namespace has different identifications.

As another optional implementation manner, if the isolation manner between different android operating systems includes file system isolation, the system management module of the Host system respectively controls each of the M android operating systems, and specifically may include two implementation manners:

the implementation mode is as follows: dividing a storage space of the terminal equipment into M storage areas through a system management module of a Host system, wherein the M storage areas are mutually independent; respectively mounting M android operating systems in M storage areas through a system management module of a Host system, wherein the M android operating systems correspond to the M storage areas one by one; and if a storage instruction used for storing the first target file by the user is detected, storing the first target file into the first storage area through a system management module of the Host system.

In the embodiment of the invention, after M android operating systems are created by a system management module of a Host system, a storage space of a terminal device can be divided into M mutually independent storage areas, each android operating system is mounted in one storage area, and only one android operating system can be mounted in one storage area, so that when a foreground runs a first android operating system, a user can store files in the storage area corresponding to the first android operating system, and the isolation of file systems is realized.

It should be noted that the first android operating system is mounted in one storage area, that is, the root directory of the first android operating system is set as the storage area corresponding to the first android operating system.

The root directory is a top directory of a system storage file, namely a top directory of a logical drive, and the root directory and the subdirectories are relative concepts. In the embodiment of the present invention, the root directory may be understood as a saving path, and after the root directory of each android operating system is set as a folder corresponding to each android operating system, when the foreground runs the first android operating system, the system management module will save the file into the root directory of the first android operating system, that is, the first folder corresponding to the first android operating system.

Further, an M +1 th android operating system is created through a system management module of the Host system to obtain the M +1 android operating systems; dividing a storage space of the terminal equipment into M +1 storage areas through a system management module of a Host system, wherein the M +1 storage areas are mutually independent; the method comprises the steps that M +1 android operating systems are respectively mounted in M +1 storage areas through a system management module of a Host system, and the M +1 android operating systems correspond to the M +1 storage areas one by one.

In the embodiment of the invention, when a new android operating system is created by the system management module, the system management module needs to divide the storage space of the terminal device into M +1 mutually independent storage areas, and mount each android operating system in one storage area, and only one android operating system can be mounted in one storage area, so that when the first android operating system is operated by a current platform, a user can store files in the storage area corresponding to the first android operating system, and the isolation of the file systems is realized.

Through the implementation mode, the number of the storage areas divided by the storage space of the terminal equipment needs to be equal to the number of android operating systems, and when the number of the android operating systems is increased or reduced, the storage space of the terminal equipment needs to be divided again so as to realize the one-to-one correspondence between the android operating systems and the storage areas.

The implementation mode two is as follows: creating M folders through a system management module of a Host system, wherein the M folders correspond to M android operating systems one by one; and setting the root directory of each android operating system into a folder corresponding to each android operating system through a system management module of the Host system.

In the embodiment of the present invention, the system management module of the Host system may further create M folders corresponding to the M android operating systems one to one, and set the root directory of each android operating system as the folder corresponding to each android operating system.

It should be noted that the root directory is a top directory of a system storage file, that is, a top directory of a logical drive, and the root directory and the subdirectories are relative concepts. In the embodiment of the present invention, the root directory may be understood as a saving path, and after the root directory of each android operating system is set as a folder corresponding to each android operating system, when the foreground runs the first android operating system, the system management module will save the file into the root directory of the first android operating system, that is, the first folder corresponding to the first android operating system.

Exemplarily, assuming that 5 android operating systems exist in the terminal device, the system management module may establish 5 folders for the 5 android operating systems, set a root directory of the first android operating system as "C: \ User \ Program Files \ first android operating system", set a root directory of the second android operating system as "C: \ User \ Program Files \ second android operating system", set a root directory of the third android operating system as "C: \ User \ Program Files \ third android operating system", set a root directory of the fourth android operating system as "C: \ User \ Program Files \ fourth android operating system", and set a root directory of the fifth android operating system as "C: \ User \ Program Files \ fourth android operating system". When the foreground runs the first android operating system, the system management module can store the file into a folder of 'C: \ User \ Program Files \ first android operating system'.

Further, an M +1 th android operating system is created through a system management module of the Host system to obtain the M +1 android operating systems; creating an M +1 th folder through a system management module of the Host system; and setting the root directory of the M +1 th android operating system as the M +1 th folder through a system management module of the Host system.

Through the implementation mode, when the number of the android operating systems is increased or reduced, the system management module only needs to increase or reduce the folders corresponding to the changed android operating systems, the storage space does not need to be divided for many times, and the power consumption of the terminal equipment is reduced.

As another optional implementation manner, if the isolation manner between different android operating systems includes network isolation, the system management module of the Host system respectively controls each of the M android operating systems, which may specifically include: creating a first virtual network card in an application program framework (framework) of a first android operating system through a system management module of a Host system, and creating a second virtual network card in a framework of a second android operating system; receiving a first IP address configured for a first virtual network card by wireless network equipment through the first virtual network card in a first android operating system; and receiving a second IP address configured for the second virtual network card by the wireless network device through the second virtual network card in the second android operating system.

In the embodiment of the present invention, the system management module of the Host system may create different virtual network cards in a frame of each android operating system, where the different virtual network cards may request the wireless network device to allocate IP addresses, and the IP addresses received by the different virtual network cards are different, and the IP addresses may be used to distinguish different operating systems.

The embodiment of the invention provides a method for configuring permission of multiple operating systems, wherein a terminal device comprises a Host system and M android operating systems, the terminal device can create and respectively control each android operating system through a system management module of the Host system, and each android operating system is isolated through at least one isolation mode of system isolation, file system isolation and network isolation. Through the scheme, a plurality of android operating systems in the terminal equipment run independently and are isolated from each other, so that a user can use different android operating systems in different scenes, and the condition of privacy disclosure does not exist.

Example four

As shown in fig. 6, an embodiment of the present invention provides a method for configuring multiple operating system permissions, where in the embodiment of the present invention, a Host system in a terminal device may interact with a management application in an android operating system to implement the method for configuring multiple operating system permissions, and the method may further include the following steps:

601. and creating M android operating systems through a system management module of the Host system.

602. And the second android operating system sends the target message to an information transmission module of the Host system through a second IPC channel.

In the embodiment of the invention, when the first android operating system is placed in the foreground for running, the second android operating system is placed in the background for running, and the target application program in the second android operating system receives the target message, the management application program in the second android operating system sends the target message to the information transmission module of the Host system through an Inter-Process Communication (IPC) channel.

And the second IPC channel is a channel between the management application program in the second android operating system and the information transmission module of the Host system. The information transmission module of the Host system is mainly used for information transmission between different android operating systems, and the information transmission between the different android operating systems can only be transmitted through the Host system.

It should be noted that the information transmission module and the system management module may be the same module in the Host system.

For example, assuming that the first android operating system is placed in the foreground for running, the second android operating system is placed in the background for running, and at this time, the wechat application in the second android operating system suddenly receives a new message "eat", then the management application in the second android operating system can send the new message "eat" to the information transmission module of the Host system through the second IPC channel.

603. And the information transmission module sends the target message to the first android operating system through the first IPC channel.

In the embodiment of the invention, after the information transmission module of the Host system receives the target message sent by the second android operating system, the target message can be sent to the management application program in the first android operating system through the first IPC channel.

The first IPC channel is a channel between a management application program and an information transmission module in the first android operating system.

Optionally, after the management application in the first android operating system receives the target message sent by the information transmission module through the first IPC channel, the target message may be further output to notify the user that the second android operating system receives the target message.

604. And sending first switching request information to a system switching module of the Host system through the first IPC channel of the first android operating system.

In the embodiment of the invention, after the management application program in the first android operating system outputs the target message, if a switching instruction used for indicating that the second android operating system is placed in the foreground for running by a user is detected, the first switching request information is sent to a system switching module of the Host system through the first IPC channel by the management application program in the first android operating system.

The first switching request information is used for requesting to place the second android operating system in the foreground for operation, and a system switching module (Switch module) of the Host system is mainly used for switching between different android operating systems.

Optionally, the manner in which the user sends the switching instruction in the management application program in the first android operating system may specifically include: a user clicks a control for switching a second android operating system to be placed in the foreground for running in a management application program; or, the user inputs preset text information or preset gesture information in the management application program, and the preset text information or the preset gesture information can be used for indicating that the second android operating system is placed in the foreground for running.

605. And controlling the second android operating system to be placed in the foreground for running through a system switching module of the Host system.

In the embodiment of the invention, the system switching module of the Host system can switch the second android operating system to be placed in the foreground for running.

606. And placing the first android operating system in a background for running through a system switching module of the Host system.

In the embodiment of the invention, the system switching module of the Host system can switch the first android operating system to be placed in the background for running.

The embodiment of the invention provides a method for configuring authority of multiple operating systems, wherein a terminal device comprises a Host system and M android operating systems, when a new message is received by the android operating system running in a background, the message can be sent to an information transmission module of the Host system, the message is sent to the android operating system running in a foreground by the information transmission module of the Host system, and the terminal device can realize switching between the android operating systems running in the foreground and running in the background through a system switching module of the Host system. Through the scheme, the terminal equipment can realize information transmission and system switching among different android operating systems, so that each android operating system of the terminal equipment is more flexible.

EXAMPLE five

As shown in fig. 7, an embodiment of the present invention provides a terminal device, where the terminal device includes:

the transceiver module 701 is specifically configured to receive, by a management application in a first android operating system, a first right configuration instruction sent by the MDM device, where the first right configuration instruction includes: at least one first function item and authority configuration information of each first function item;

the processing module 702 is specifically configured to configure, by a management application in the first android operating system, each first function item according to the authority configuration information of each first function item.

Optionally, the transceiver module 701 is specifically configured to send first permission configuration request information to the MDM device through a management application in the first android operating system, where the first permission configuration request information includes: at least one first function item, and authority configuration information of each first function item.

Optionally, the transceiver module 701 is specifically configured to send, to the MDM device, identity information of the user through a management application in the first android operating system, where the identity information includes: occupation of the user and behavior data of the user using the terminal device;

the transceiver module 701 is specifically configured to receive, by a management application in the first android operating system, a second permission configuration instruction matched with the identity information and sent by the MDM device, where the second permission configuration instruction includes: at least one second function item and authority configuration information of each second function item;

the processing module 702 is specifically configured to configure, by the management application in the first android operating system, each second function item according to the authority configuration information of each second function item.

Optionally, the transceiver module 701 is specifically configured to receive, by a management application in the first android operating system, an authorization release configuration instruction sent by the MDM device, where the authorization release configuration instruction includes: target function items and the configuration information of the permission of the target function items;

the processing module 702 is specifically configured to release, by the management application in the first android operating system, the permission configuration for the target function item according to the permission configuration release instruction.

Optionally, the terminal device further includes:

the creating module 703 is configured to create M android operating systems through a system management module of the Host system, where each of the M android operating systems is isolated from each other;

the processing module 702 is configured to respectively control each of the M android operating systems through a system management module of the Host system;

The transceiver module 701 is specifically configured to, if the management application of the first android operating system detects an operation instruction sent by a user and used for starting the second android operating system, send the operation instruction to the system management module of the Host system through the management application, so that the system management module controls the second android operating system to start to operate in the background;

and/or the presence of a gas in the gas,

the receiving and sending module 701 is configured to, when the first android operating system is placed in a foreground for running, send a stop instruction to the system management module of the Host system through the management application program if the stop instruction sent by the user to stop the second android operating system is detected by the management application program of the first android operating system, so that the system management module controls the second android operating system to stop running;

Optionally, the processing module 702 is specifically configured to obtain, through a system management module of the Host system, a system identifier and a driver identifier of a current application program process, where the driver identifier is used to indicate a target driver;

the processing module 702 is specifically configured to, if it is detected that the system identifier is the same as the first identifier, control, by a system management module of the Host system, the first android operating system to run the target driver in the first namespace;

the processing module 702 is specifically configured to, if it is detected that the system identifier is the same as the second identifier, control, by using a system management module of the Host system, the second android operating system to run the target driver in the second namespace;

the first identification is used for marking a first namespace of a first android operating system, and the second identification is used for marking a second namespace of a second android operating system.

Optionally, the processing module 702 is specifically configured to, if it is detected that the system identifier is the same as the first identifier, determine, by the system management module of the Host system, a target driver corresponding to the driver identifier in the first namespace;

the processing module 702 is specifically configured to run the first android operating system through a system management module of the Host system, and control the first android operating system to run the target driver in the first namespace through the system management module of the Host system.

Optionally, the creating module 703 is specifically configured to generate a first namespace of the first android operating system through a system management module of the Host system according to a namespace technology, and mark the first namespace to obtain a first identifier;

the creating module 703 is specifically configured to generate a second namespace of the second android operating system through a system management module of the Host system according to the namespace technology, and mark the second namespace to obtain a second identifier.

Optionally, the transceiver module 701 is specifically configured to, when the first android operating system is configured to operate in a foreground, the second android operating system is configured to operate in a background, and a target application in the second android operating system receives a target message, send the target message to the information transmission module of the Host system through a second process communication IPC channel by the second android operating system, where the second IPC channel is a channel between the second android operating system and the information transmission module of the Host system;

the transceiver module 701 is specifically configured to send, by the information transmission module, the target message to the first android operating system through the first IPC channel, where the first IPC channel is a channel between the first android operating system and the information transmission module, so that the first android operating system outputs the target message.

Optionally, the transceiver module 701 is specifically configured to, if a switching instruction that a user instructs to place the second android operating system in the foreground for operation is detected, send first switching request information to a system switching module of the Host system through the first IPC channel via the first android operating system, where the first switching request information is used to request to place the second android operating system in the foreground for operation;

the processing module 702 is specifically configured to control the second android operating system to be placed in the foreground for running through the system switching module of the Host system, and place the first android operating system in the background for running.

Optionally, the creating module 703 is specifically configured to divide the storage space of the terminal device into M storage areas through a system management module of the Host system, where the M storage areas are independent of each other;

the processing module 702 is specifically configured to mount, through a system management module of the Host system, M android operating systems in M storage areas, where the M android operating systems correspond to the M storage areas one to one;

the processing module 702 is specifically configured to, if a storage instruction used by a user to store a first target file is detected, store the first target file in the first storage area through a system management module of the Host system.

Optionally, the creating module 703 is specifically configured to create an M +1 th android operating system through a system management module of the Host system, so as to obtain M +1 android operating systems;

a creating module 703, configured to divide a storage space of the terminal device into M +1 storage areas through a system management module of the Host system, where the M +1 storage areas are independent from each other;

the processing module 702 is specifically configured to mount, through a system management module of the Host system, M +1 android operating systems in M +1 storage areas, where the M +1 android operating systems correspond to the M +1 storage areas one to one.

Optionally, the creating module 703 is specifically configured to create M folders through a system management module of the Host system, where the M folders correspond to M android operating systems one to one;

the processing module 702 is specifically configured to set, by a system management module of the Host system, a root directory of each android operating system as a folder corresponding to each android operating system.

Optionally, the creating module 703 is specifically configured to create, by using a system management module of the Host system, a first virtual network card in an application framework frame of the first android operating system, and create a second virtual network card in a frame of the second android operating system;

the transceiver module 701 is specifically configured to receive, through a first virtual network card in the first android operating system, a first IP address configured for the first virtual network card by the wireless network device;

the transceiver module 701 is specifically configured to receive, through a second virtual network card in the second android operating system, a second IP address configured for the second virtual network card by the wireless network device;

wherein the first IP address is different from the second IP address.

In the embodiment of the present invention, each module may implement the multi-os permission configuration method provided in the above method embodiment, and may achieve the same technical effect, and in order to avoid repetition, details are not described here.

EXAMPLE six

As shown in fig. 8, embodiments of the present invention provide an MDM device comprising:

the transceiver module 801 is configured to send a first permission configuration instruction to a management application in a first android operating system of a terminal device, where the first permission configuration instruction includes: at least one first function item, and authority configuration information of each first function item.

Optionally, the transceiver module 801 is further configured to receive first permission configuration request information sent by a management application in the first android operating system, where the first permission configuration request information includes: at least one first function item, and authority configuration information of each first function item.

Optionally, the transceiver module 801 is further configured to receive identity information of the user sent by a management application in the first android operating system, where the identity information includes: occupation of the user and behavior data of the user using the terminal device;

the transceiver module 801 is further configured to send a second permission configuration instruction matched with the identity information to a management application in the first android operating system, where the second permission configuration instruction includes: at least one second function item, and authority configuration information of each second function item.

Optionally, the transceiver module 801 is further configured to send an permission release configuration instruction to a management application in the first android operating system, where the permission release configuration instruction includes: target function item, and disarm configuration information of the target function item.

EXAMPLE seven

As shown in fig. 9, an embodiment of the present invention further provides a terminal device, where the terminal device may include:

a memory 901 in which executable program code is stored;

a processor 902 coupled to a memory 901;

the processor 902 calls the executable program code stored in the memory 901 to execute the multiple operating system permission configuration method executed by the terminal device in the above-mentioned embodiments of the methods.

Example eight

As shown in fig. 10, embodiments of the present invention also provide an MDM device that may include:

a memory 1001 in which executable program code is stored;

a processor 1002 coupled to a memory 1001;

the processor 1002 calls the executable program code stored in the memory 1001 to execute the multi-os permission configuration method executed by the terminal device in the above-mentioned embodiments of the methods.

Example nine

As shown in fig. 11, an embodiment of the present invention further provides a multiple operating system permission configuration system, where the multiple operating system permission configuration system includes the terminal device shown in fig. 9 and the MDM device shown in fig. 10.

Example ten

As shown in fig. 12, an embodiment of the present invention further provides a terminal device or MDM device. Taking a terminal device as an example, the terminal device includes but is not limited to: a Radio Frequency (RF) circuit 1201, a memory 1202, an input unit 1203, a display unit 1204, a sensor 1205, an audio circuit 1206, a WiFi (wireless communication) module 1207, a processor 1208, a power supply 1209, and a camera 1120. The rf circuit 1201 includes a receiver 12011 and a transmitter 12012. Those skilled in the art will appreciate that the terminal device configuration shown in fig. 12 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.

RF circuit 1201 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, for processing downlink information of a base station after receiving the downlink information to processor 1208; in addition, the data for designing uplink is transmitted to the base station. In general, RF circuit 1201 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuit 1201 may also communicate with networks and other devices via wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to global system for mobile communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Message Service (SMS), etc.

The memory 1202 may be used to store software programs and modules, and the processor 1208 executes various functional applications and data processing of the terminal device by executing the software programs and modules stored in the memory 1202. The memory 1202 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal device, and the like. Further, the memory 1202 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The input unit 1203 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the terminal device. Specifically, the input unit 1203 may include a touch panel 12031 and other input devices 12032. The touch panel 12031, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 12031 (e.g., an operation performed by the user on or near the touch panel 12031 using a finger, a stylus, or any other suitable object or accessory), and drive a corresponding connection device according to a preset program. Alternatively, the touch panel 12031 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 1208, and can receive and execute commands sent by the processor 1208. In addition, the touch panel 12031 may be implemented by using various types of materials such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 1203 may include other input devices 12032 in addition to the touch panel 12031. In particular, other input devices 12032 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.

The display unit 1204 may be used to display information input by the user or information provided to the user, and various menus of the terminal device. The display unit 1204 may include a display panel 12041, and optionally, the display panel 12041 may be configured in the form of a Liquid Crystal Display (LCD), an organic light-Emitting diode (OLED), or the like. Further, the touch panel 12031 can cover the display panel 12041, and when the touch panel 12031 detects a touch operation thereon or nearby, the touch operation is transmitted to the processor 1208 to determine a touch event, and then the processor 1208 provides a corresponding visual output on the display panel 12041 according to the touch event. Although in fig. 12, the touch panel 12031 and the display panel 12041 are two separate components to implement the input and output functions of the terminal device, in some embodiments, the touch panel 12031 and the display panel 12041 may be integrated to implement the input and output functions of the terminal device.

The terminal device may also include at least one sensor 1205 such as a light sensor, motion sensor, and other sensors. In particular, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 12041 according to the brightness of ambient light, and a proximity sensor that may exit the display panel 12041 and/or backlight when the terminal device is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), detect the magnitude and direction of gravity when stationary, and can be used for applications (such as horizontal and vertical screen switching, related games, magnetometer attitude calibration) for recognizing the attitude of the terminal device, and related functions (such as pedometer and tapping) for vibration recognition; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured in the terminal device, detailed description is omitted here. In the embodiment of the present invention, the terminal device may include an acceleration sensor, a depth sensor, a distance sensor, or the like.

Audio circuitry 1206, speaker 12061, microphone 12062 may provide an audio interface between the user and the terminal device. The audio circuit 1206 can transmit the electrical signal converted from the received audio data to the speaker 12061, and the electrical signal is converted into a sound signal by the speaker 12061 and output; on the other hand, the microphone 12062 converts a collected sound signal into an electric signal, receives it by the audio circuit 1206, converts it into audio data, processes it by the audio data output processor 1208, and transmits it to, for example, another terminal device via the RF circuit 1201 or outputs it to the memory 1202 for further processing.

WiFi belongs to a short-distance wireless transmission technology, and the terminal device can help a user send and receive e-mails, browse webpages, access streaming media and the like through the WiFi module 1207, and provides wireless broadband internet access for the user. Although fig. 12 shows the WiFi module 1207, it is understood that it does not belong to the essential constitution of the terminal device, and may be omitted entirely as needed within the scope not changing the essence of the invention.

The processor 1208 is a control center of the terminal device, connects various parts of the entire terminal device by using various interfaces and lines, and performs various functions of the terminal device and processes data by running or executing software programs and/or modules stored in the memory 1202 and calling data stored in the memory 1202, thereby performing overall monitoring of the terminal device. Optionally, processor 1208 may include one or more processing units; preferably, the processor 1208 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It is to be appreciated that the modem processor described above may not be integrated into processor 1208.

The terminal device also includes a power supply 1209 (e.g., a battery) for powering the various components, which may preferably be logically coupled to the processor 1208 via a power management system that may be used to manage charging, discharging, and power consumption. Although not shown, the terminal device may further include a bluetooth module or the like, which is not described in detail herein.

Embodiments of the present invention provide a computer-readable storage medium storing a computer program, wherein the computer program causes a computer to execute some or all of the steps of the method as in the above method embodiments.

Embodiments of the present invention also provide a computer program product, wherein the computer program product, when run on a computer, causes the computer to perform some or all of the steps of the method as in the above method embodiments.

Embodiments of the present invention further provide an application publishing platform, where the application publishing platform is configured to publish a computer program product, where the computer program product, when running on a computer, causes the computer to perform some or all of the steps of the method in the above method embodiments.

It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. Those skilled in the art should also appreciate that the embodiments described in this specification are exemplary and alternative embodiments, and that the acts and modules illustrated are not required in order to practice the invention.

In various embodiments of the present invention, it should be understood that the sequence numbers of the above-mentioned processes do not imply an inevitable order of execution, and the execution order of the processes should be determined by their functions and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated units, if implemented as software functional units and sold or used as a stand-alone product, may be stored in a computer accessible memory. Based on such understanding, the technical solution of the present invention, which is a part of or contributes to the prior art in essence, or all or part of the technical solution, can be embodied in the form of a software product, which is stored in a memory and includes several requests for causing a computer device (which may be a personal computer, a server, a network device, or the like, and may specifically be a processor in the computer device) to execute part or all of the steps of the above-described method of each embodiment of the present invention.

It will be understood by those skilled in the art that all or part of the steps in the methods of the embodiments described above may be implemented by hardware instructions of a program, and the program may be stored in a computer-readable storage medium, where the storage medium includes Read-Only Memory (ROM), Random Access Memory (RAM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), One-time Programmable Read-Only Memory (OTPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Compact Disc Read-Only Memory (CD-ROM), or other Memory, such as a magnetic disk, or a combination thereof, A tape memory, or any other medium readable by a computer that can be used to carry or store data.

Claims

1. A multi-operating system permission configuration method is applied to a terminal device, and the terminal device comprises: the MDM equipment comprises a main Host system and M android operating systems, wherein each android operating system is provided with a management application program related to the MDM equipment; the method comprises the following steps:

receiving a first permission configuration instruction sent by the MDM device through a management application program in a first android operating system, wherein the first permission configuration instruction comprises: at least one first function item and authority configuration information of each first function item;

configuring each first function item according to the authority configuration information of each first function item through a management application program in the first android operating system;

2. The method for configuring multiple operating system permissions according to claim 1, further comprising, before receiving the first permission configuration instruction sent by the MDM device through the management application in the first android operating system:

3. The multi-os privilege configuration method of claim 1, wherein the method further comprises:

4. The method for configuring multiple operating system permissions according to claim 1, further comprising, after configuring, by the management application in the first android operating system, each of the second functional items according to the permission configuration information of the each of the second functional items:

5. The method for configuring multiple operating system permissions according to claim 1, further comprising, before receiving the first permission configuration instruction sent by the MDM device through the management application in the first android operating system:

6. The multi-operating-system permission configuration method according to claim 5, wherein the separately controlling each of the M android operating systems by a system management module of the Host system comprises:

when a first android operating system is placed in a foreground for running, if a running instruction sent by a user and used for starting a second android operating system is detected through a first management application program of the first android operating system, the running instruction is sent to a system management module of a Host system through the first management application program, so that the system management module controls the second android operating system to start running in the background;

and/or the presence of a gas in the gas,

when the first android operating system is placed in a foreground for running, if a stopping instruction sent by the user and used for stopping the second android operating system is detected through a first management application program of the first android operating system, the stopping instruction is sent to a system management module of the Host system through the first management application program, so that the system management module controls the second android operating system to stop running;

7. A multi-operating system authority configuration method is applied to an MDM device, and comprises the following steps:

sending a first permission configuration instruction to a management application program in a first android operating system of a terminal device, wherein the first permission configuration instruction comprises: at least one first function item, and authority configuration information of each first function item.

8. A terminal device, characterized in that the terminal device comprises:

a transceiver module, configured to receive, through a management application in a first android operating system, a first permission configuration instruction sent by the MDM device, where the first permission configuration instruction includes: at least one first function item and authority configuration information of each first function item;

9. An MDM device, characterized in that the MDM device comprises:

a transceiver module, configured to send a first permission configuration instruction to a management application in a first android operating system of a terminal device, where the first permission configuration instruction includes: at least one first function item, and authority configuration information of each first function item.

10. A multiple operating system privilege configuration system, characterized in that it comprises a terminal device according to claim 8 and an MDM device according to claim 9.