CN113505365A - Authority management method, device, electronic equipment and storage medium - Google Patents
Authority management method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113505365A CN113505365A CN202110753535.6A CN202110753535A CN113505365A CN 113505365 A CN113505365 A CN 113505365A CN 202110753535 A CN202110753535 A CN 202110753535A CN 113505365 A CN113505365 A CN 113505365A
- Authority
- CN
- China
- Prior art keywords
- scheduling
- authority
- application
- notification
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The invention discloses a permission management method, a device, an electronic device and a storage medium, which are characterized in that whether application calling operation is the scheduling of a third-party application is judged, if so, whether a sensitive behavior exists in the running process of the third-party application on a terminal is detected, if so, a permission scheduling notice is generated according to the sensitive behavior, and the scheduling occurrence of the sensitive permission of the running of the third-party application of a user is prompted on a screen status bar.
Description
Technical Field
The present invention relates to the field of terminal control technologies, and in particular, to a method and an apparatus for rights management, an electronic device, and a storage medium.
Background
With the development of science and technology, a mobile terminal is a necessary product for a user, and the user installs various application programs in the mobile terminal, and the application programs run in the terminal and need to acquire some rights of the terminal to realize normal use of the application programs, such as an address book, a camera, a microphone and the like, but the privacy of the user may be leaked by opening the rights, and if the user opens the terminal without knowing the risk of the rights, potential safety hazards may be brought to the user.
In order to solve the above problem, a certain monitoring mechanism is set for controlling the permission in the current terminal system, for example, when the application program is started for the first time, the user is prompted to authorize the permission in a popup mode, but the terminal system does not always perform popup prompting for the third-party application supporting the permission access. In addition, for system applications, the terminal is provided with the terminal, and the strategy of no prompt is adopted, but no matter the third party application or the system application is adopted, the current popup prompt can be avoided in a permission stealing mode, so that the privacy of a user can be leaked, and the current permission solution has great potential safety hazard.
Disclosure of Invention
The invention mainly aims to solve the technical problem that the privacy security of a user is low due to single standard of the traditional terminal authority monitoring.
The first aspect of the present invention provides a rights management method, including:
acquiring application calling operation of a user on a terminal;
judging whether the application scheduling operation is the scheduling of the third-party application;
if yes, detecting whether sensitive behaviors exist in the running process of the third-party application on the terminal after the third-party application runs;
and if so, generating an authority scheduling notification according to the sensitive behavior, and prompting on a screen status bar of the terminal, wherein the authority scheduling notification is used for prompting a user that the behavior of the third-party application running and having the sensitive authority on the scheduling terminal occurs.
Optionally, in a first implementation manner of the first aspect of the present invention, if it is determined that the application scheduling operation is not scheduling of the third-party application, the method for managing permissions further includes:
acquiring an authority scheduling rule of the system application on the terminal, controlling the system application corresponding to the application operation to run, and generating a running notice of the system application;
and prompting the operation notification on a screen status bar of the terminal in an icon form, wherein the operation notification is used for prompting a user that the operation of the system application has successfully scheduled the sensitive permission on the terminal.
Optionally, in a second implementation manner of the first aspect of the present invention, the detecting whether there is a sensitive behavior in the running process of the third-party application on the terminal after the third-party application runs includes:
after the third-party application runs, scheduling a preset sensitive behavior monitoring program, acquiring a running code of the third-party application, and analyzing an authority scheduling behavior code in the running code;
identifying the authority generated by the authority scheduling behavior code during the operation;
and if the permission is any one of the permissions of accessing terminal privacy information, reading/writing clipboards, positioning, a microphone and a camera, determining that the third-party application has sensitive behaviors in the running process.
Optionally, in a third implementation manner of the first aspect of the present invention, the generating an authority scheduling notification according to the sensitive behavior, and the prompting on the screen status bar of the terminal includes:
determining the authority type corresponding to the sensitive behavior;
detecting an execution state of the sensitive behavior;
selecting a corresponding notification template according to the execution state, and classifying all the sensitive behaviors;
generating a corresponding permission scheduling notification based on the execution state of each sensitive behavior and the notification template;
and after all the authority scheduling notices are combined according to the classification, the authority scheduling notices are displayed on a screen status bar of the terminal in an icon form, and prompt information is sent.
Optionally, in a fourth implementation manner of the first aspect of the present invention, after the generating an authority scheduling notification according to the sensitive behavior and prompting on a screen status bar of the terminal, the method further includes:
acquiring touch operation of a user on the screen status bar;
and determining the authority scheduling notification of the selected sensitive behavior or the running notification of the selected system application according to the touch operation, generating a historical scheduling detail report of the corresponding authority of the application based on the authority scheduling notification or the running notification, and displaying the historical scheduling detail report.
Optionally, in a fifth implementation manner of the first aspect of the present invention, the generating a history scheduling detail report of an authority corresponding to an application based on the authority scheduling notification or the operation notification includes:
judging whether the authority corresponding to the authority scheduling notification or the operation notification is the authority capable of changing the authorization state or not to obtain a judgment result;
acquiring all scheduling conditions of the corresponding application to the authority in a specific time window, wherein the specific time window is a time period obtained by extending a T length forward based on a latest scheduled time point of the authority;
generating a historical scheduling detail report based on all scheduling cases.
Optionally, in a sixth implementation manner of the first aspect of the present invention, after the generating the historical scheduling detail report based on all the scheduling cases, the method further includes:
configuring a skip interface of a permission change page in the historical scheduling detail report;
setting the operability of the skip interface according to the judgment result;
and configuring a jump entry for quickly entering the sensitive behavior record of the third-party application or the system application and an option for uninstalling the third-party application or the system application in the historical scheduling detail report, so that a user can view the behavior record of all the sensitive behaviors called by the third-party application or the system application and select to uninstall the third-party application or the system application.
A second aspect of the present invention provides a rights management apparatus comprising:
the acquisition module is used for acquiring application calling operation of a user on the terminal;
the judging module is used for judging whether the application scheduling operation is the scheduling of the third-party application;
the detection module is used for detecting whether sensitive behaviors exist in the running of the third-party application on the terminal after the third-party application runs when the application scheduling operation is judged to be the scheduling of the third-party application;
and the notification module is used for generating an authority scheduling notification according to the sensitive behavior and prompting on a screen status bar of the terminal when the sensitive behavior of the third-party application in the running process of the terminal is detected, wherein the authority scheduling notification is used for prompting a user that the behavior of the third-party application, which has the sensitive authority in the scheduling terminal, exists in the running process of the third-party application.
Optionally, in a first implementation manner of the second aspect of the present invention, the notification module is further configured to:
when the application scheduling operation is judged not to be the scheduling of the third-party application, acquiring an authority scheduling rule of the system application on the terminal, controlling the system application corresponding to the application operation to run, and generating a running notice of the system application;
and prompting the operation notification on a screen status bar of the terminal in an icon form, wherein the operation notification is used for prompting a user that the operation of the system application has successfully scheduled the sensitive permission on the terminal.
Optionally, in a second implementation manner of the second aspect of the present invention, the detection module includes:
the analysis unit is used for scheduling a preset sensitive behavior monitoring program after the third-party application runs, acquiring the running code of the third-party application and analyzing the authority scheduling behavior code in the running code;
the identification unit is used for identifying the authority generated by the authority scheduling behavior code during the operation;
and the determining unit is used for determining that sensitive behaviors exist in the running of the third-party application when the authority is any one of the authorities of accessing the privacy information of the terminal, reading/writing a clipboard, positioning, a microphone and a camera.
Optionally, in a third implementation manner of the second aspect of the present invention, the notification module includes:
the detection unit is used for determining the authority type corresponding to the sensitive behavior; and detecting an execution state of the sensitive behavior;
the selection unit is used for selecting a corresponding notification template according to the execution state and classifying all the sensitive behaviors;
a notification generation unit, configured to generate a corresponding permission scheduling notification based on the execution state of each sensitive behavior and the notification template;
and the display unit is used for merging all the authority scheduling notices according to the classification, displaying the authority scheduling notices on a screen status bar of the terminal in an icon form and sending prompt information.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the rights management apparatus further includes a report generating module, which is specifically configured to:
acquiring touch operation of a user on the screen status bar;
and determining the authority scheduling notification of the selected sensitive behavior or the running notification of the selected system application according to the touch operation, generating a historical scheduling detail report of the corresponding authority of the application based on the authority scheduling notification or the running notification, and displaying the historical scheduling detail report.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the report generating module includes a report generating unit, which is specifically configured to:
judging whether the authority corresponding to the authority scheduling notification or the operation notification is the authority capable of changing the authorization state or not to obtain a judgment result;
acquiring all scheduling conditions of the corresponding application to the authority in a specific time window, wherein the specific time window is a time period obtained by extending a T length forward based on a latest scheduled time point of the authority;
generating a historical scheduling detail report based on all scheduling cases.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the report generating module further includes a configuration unit, which is specifically configured to:
configuring a skip interface of a permission change page in the historical scheduling detail report;
setting the operability of the skip interface according to the judgment result;
and configuring a jump entry for quickly entering the sensitive behavior record of the third-party application or the system application and an option for uninstalling the third-party application or the system application in the historical scheduling detail report, so that a user can view the behavior record of all the sensitive behaviors called by the third-party application or the system application and select to uninstall the third-party application or the system application.
A third aspect of the present invention provides an electronic device comprising: a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the rights management method provided by the first aspect when executing the computer program.
A fourth aspect of the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps in the rights management method provided by the first aspect described above.
According to the technical scheme, whether the application calling operation is the scheduling of the third-party application is judged, if yes, whether the sensitive behavior exists in the running process of the third-party application on the terminal is detected, if yes, the permission scheduling notification is generated according to the sensitive behavior, and the scheduling occurrence of the operation sensitive permission of the third-party application of the user is prompted on the screen status bar.
Furthermore, the authority scheduling behavior code in the running code of the third-party application is directly monitored by scheduling the sensitive behavior monitoring program, so that the monitoring is more direct and accurate, monitoring rules do not need to be set for each authority to monitor, the mode of monitoring the code is simpler and more direct, the accurate determination of monitoring is also ensured, and the safety performance is greatly improved. Meanwhile, a popup window is not needed, the user is prompted to operate authorization, and the use experience is greatly improved.
Drawings
FIG. 1 is a schematic diagram of a first embodiment of a rights management method of the present invention;
FIG. 2 is a diagram of a second embodiment of the rights management method of the present invention;
FIG. 3 is a diagram of a third embodiment of the rights management method of the present invention;
FIG. 4 is a diagram of a rights management unit according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of another embodiment of the rights management unit of the invention;
fig. 6 is a schematic diagram of an embodiment of an electronic device in the invention.
Detailed Description
The embodiment of the invention provides a permission management method, which is characterized in that when a terminal is detected to have a third-party application scheduled, whether the scheduling behavior of the third-party application is a sensitive behavior is judged, if yes, a permission scheduling notice is generated according to the sensitive behavior and is prompted on a screen status bar, and whether the scheduling of an application program on the terminal to some permissions of the terminal in the running process is illegal scheduling is detected based on the mode.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a specific process of the embodiment of the present invention is described below, after the terminal detects the scheduling data of the application program, based on the scheduling data, whether the scheduling data belongs to the sensitive permission scheduling is performed, and if so, a permission scheduling notification is displayed on a status bar of the terminal, so that a user or the terminal performs corresponding processing.
Referring to fig. 1, a first embodiment of a rights management method according to an embodiment of the present invention includes:
101. acquiring application calling operation of a user on a terminal;
in this embodiment, the terminal refers to a terminal including a touch screen, and a user may operate on the touch screen to implement scheduling of an application, such as starting, changing a display position, and the like.
In this step, the application scheduling operation refers to an operation behavior of starting the application program, which is generated by operating on a display screen of the terminal after the user installs the application program on the terminal, and the operation includes clicking, sliding and the like. Specifically, the authority scheduling use on the terminal is realized through the operation, that is, the application scheduling operation refers to the scheduling operation of the authority of the terminal, such as the authority of making a call, reading/modifying a contact, reading/sending a short message, reading/writing a clipboard, positioning, a microphone, a camera and the like.
In practical application, the application scheduling operation of the user on the terminal is acquired, and specifically, the application scheduling operation is detected by a sensor arranged under a touch screen, such as a pressure sensor and a track sensor.
102. Judging whether the application scheduling operation is the scheduling of the third-party application;
in this embodiment, the application types installed in the terminal include a system application and a third-party application, where the system refers to an application carried by the terminal system, and the third-party application is an application program developed by a non-terminal manufacturer based on the terminal system.
After the application scheduling operation is obtained, the corresponding application icon is determined based on the operation position of the application scheduling operation, the program name, the developer information and the like of the scheduled application are obtained based on the corresponding relation between the application icon and the application installation package or the installation data, whether the application belongs to a third-party application is judged based on the information, specifically, the program name of the application and a preset system application name table are matched and inquired during judgment, if the program name is inquired, the third-party application is not used, otherwise, the third-party application is used. Meanwhile, the judgment can also be carried out by identifying the developer information.
103. If so, detecting whether sensitive behaviors exist in the running process of the third-party application on the terminal after the third-party application runs;
in this step, the sensitive behavior refers to a behavior that a third party application needs to acquire a reading or modifying authority of the private information on the terminal when running, or a behavior that a function such as a camera, a microphone, positioning, and the like on the terminal is called, that is, an operation behavior that a sensitive authority is predefined on the scheduling terminal. In practical application, in addition to default of the authority into the sensitive behavior, the user defines other authorities as sensitive authorities according to the needs of the user, and behaviors of the third-party application in scheduling the sensitive authorities can be detected as sensitive behaviors.
In this embodiment, the step may be specifically implemented by monitoring whether a field of a sensitive permission exists in a code of the third-party application, and if so, determining that a sensitive behavior exists in the running of the third-party application.
Furthermore, the method can also be implemented by calling a preset code analysis tool, such as a sensitive behavior monitoring program, and the specific implementation includes:
after the third-party application runs, scheduling a preset sensitive behavior monitoring program, acquiring a running code of the third-party application, and analyzing an authority scheduling behavior code in the running code;
identifying the authority generated by the authority scheduling behavior code during the operation;
and if the permission is any one of the permissions of accessing terminal privacy information, reading/writing clipboards, positioning, a microphone and a camera, determining that the third-party application has sensitive behaviors in the running process.
104. And if so, generating an authority scheduling notice according to the sensitive behavior, and prompting on a screen status bar of the terminal.
In this step, the permission scheduling notification is to prompt the user that a behavior of the third-party application running with a sensitive permission on the scheduling terminal occurs.
In this embodiment, a notification of whether the scheduling permission of the sensitive behavior is successful is generated according to the execution state of the sensitive behavior, specifically, the corresponding sensitive permission is determined according to the sensitive behavior, and the type of the sensitive permission is identified, where the type includes an information processing permission and a function scheduling permission, and when the type is identified as the information processing permission, the terminal directly intercepts the continuous execution of the sensitive behavior, generates an intercepted permission scheduling notification, and configures an option for modifying the access authorization of the sensitive behavior in the notification. When the function scheduling authority is identified, the sensitive behavior is allowed to be continuously executed, an authority scheduling notice with the authority scheduling success is generated, and meanwhile, an authority modification option is configured in the notice, so that a user can conveniently adjust the authority according to the notice.
The authority scheduling notification is formed into an icon or a notification symbol, the icon or the notification symbol is displayed on a screen status bar of the terminal, and the display and the control of the terminal to send out a prompt signal, such as a short message ring or screen flashing and the like, are also included.
In this embodiment, if it is determined that the application scheduling operation is not the scheduling of the third-party application, the method for managing the permission further includes:
acquiring an authority scheduling rule of the system application on the terminal, controlling the system application corresponding to the application operation to run, and generating a running notice of the system application;
and prompting the operation notification on a screen status bar of the terminal in an icon form, wherein the operation notification is used for prompting a user that the operation of the system application has successfully scheduled the sensitive permission on the terminal.
In the embodiment of the invention, whether the operation of the third-party application has the sensitive behavior is detected by detecting the operation process of the third-party application, so that a corresponding permission scheduling notification is generated to prompt a user that the operation of the application has the behavior of obtaining the sensitive permission, so that the user can conveniently modify the application in the subsequent process, the fact that the privacy information is modified or leaked can be timely known, and the safety of data is greatly improved. Meanwhile, the method does not need to set specific monitoring rules, greatly improves compatibility and universality, and realizes all-round monitoring of the authority.
Referring to fig. 2, a second embodiment of the rights management method according to the embodiment of the invention includes:
201. acquiring application calling operation of a user on a terminal;
202. judging whether the application scheduling operation is the scheduling of the third-party application;
203. after the third-party application runs, scheduling a preset sensitive behavior monitoring program, acquiring a running code of the third-party application, and analyzing an authority scheduling behavior code in the running code;
in this embodiment, the sensitive behavior monitoring program is a code analysis tool, each code in the third-party application running is analyzed through the tool, whether a code field for invoking the permission exists in each code is detected, if yes, a complete code subprogram where the code is located is recorded and marked as the permission scheduling behavior code, or the subprogram where the code is located is marked, the permission scheduling behavior code is indicated through the mark, and then the step 204 is skipped to perform type identification of the scheduling permission.
204. Identifying the authority generated by the authority scheduling behavior code during the operation;
in the step, the authority includes privacy information reading or modification authority and function scheduling authority, specifically, a scheduling interface in the scheduling behavior code is obtained by analyzing the scheduling interface of each marked scheduling behavior code, whether authority scheduling exists in the code is judged based on the scheduling interface, if yes, whether the scheduling authority is a sensitive authority set in the terminal is judged, if yes, sensitive behavior is determined to exist, and an identification result is output until all authority scheduling behavior codes marked in the third-party application are identified.
205. If the permission is any one of the permissions of accessing the terminal privacy information, reading/writing a clipboard, positioning, a microphone and a camera, determining that a sensitive behavior exists in the running of the third-party application;
206. determining the authority type corresponding to the sensitive behavior, and detecting the execution state of the sensitive behavior;
in the step, the sensitive behaviors are classified according to the identification result, the classification is specifically realized according to the type of the authority, and the type of the obtained authority can be determined according to the extracted scheduling interface.
In this embodiment, when a system on a terminal is developed, a corresponding access interface is allocated based on a storage location of terminal privacy information, and when an application or an external part needs to read the privacy information, reading must be realized through the interface, and even when reading, a corresponding read address needs to be configured according to different information, therefore, after determining a scheduling interface, what type of information is scheduled by an authority scheduling behavior code is included, a corresponding scheduling address is determined based on the type of information, and for functions such as a clipboard, a positioning function, a microphone and a camera on the terminal, a corresponding scheduling interface is allocated similarly, and a scheduling interface of the function corresponds to one interface of the function, to which type of authority the function belongs can be identified according to the scheduling interface.
In this embodiment, after the third party applies to the scheduling authority, the monitoring program for detecting sensitive behavior sets different control modes according to different types of authorities, including interception and release, where interception is an authority for reading information classes, and release is an authority for scheduling function classes. Thus, this step also requires determining the final execution state for each sensitive behavior, with different notifications generated based on different execution states.
207. Selecting a corresponding notification template according to the execution state, and classifying all sensitive behaviors;
in this embodiment, the permission scheduling notification is preset with corresponding notification templates, including two types, namely, a notification template of information type permission and a notification template of function type permission, and each type of template is further divided into two versions, namely, interception and release.
208. Generating corresponding authority scheduling notification based on the execution state of each sensitive behavior and a notification template;
in the step, after the notification template is obtained, the information of the modified field in the notification template is identified, and the content of the corresponding field in the notification template is adjusted according to the execution state and the specific authority, so that the authority scheduling notification of each sensitive behavior is obtained.
Further, after generating the permission scheduling notification, the method further includes classifying the permission scheduling notification according to the classified category to obtain a notification set, and executing step 209.
209. And after all the authority scheduling notices are combined according to the classification, the authority scheduling notices are displayed on a screen status bar of the terminal in an icon form, and prompt information is sent.
In this embodiment, the merging is specifically performed according to the type of the sensitive behavior (that is, the permission type), for example, the permission of the private information is merged, and in addition, the merging of the notifications of the sensitive behavior of the same type also includes merging according to the execution state, that is, in the merging process, the permission scheduling notifications are classified according to the permission type and the execution state and then merged, and at least two notification sets, which are sets of interception and release, exist in the same permission type.
After merging, each notification set is mapped with a notification icon or a conversion notification entity, the notification entity can be understood as extraction of a keyword, and then the notification icon or the notification entity is displayed on a screen status bar, wherein the display specifically can be direct display, or can be display in modes of flashing, ringing and the like.
In the embodiment of the invention, when the fact that the third-party application is scheduled on the terminal is detected, whether the scheduling behavior of the third-party application is a sensitive behavior is judged, if yes, the permission scheduling notification is generated according to the sensitive behavior and is prompted on the screen status bar.
Referring to fig. 3, a third embodiment of the rights management method according to the embodiment of the invention includes:
301. acquiring application calling operation of a user on a terminal;
302. judging whether the application scheduling operation is the scheduling of the third-party application;
in this embodiment, if it is determined that the application scheduling operation is not scheduling of a third-party application, obtaining an authority scheduling rule of the system application on the terminal, controlling the system application corresponding to the application operation to run, and generating a running notification of the system application;
and prompting the operation notification on a screen status bar of the terminal in an icon form, wherein the operation notification is used for prompting a user that the operation of the system application has successfully scheduled the sensitive permission on the terminal.
303. If so, detecting whether sensitive behaviors exist in the running process of the third-party application on the terminal after the third-party application runs;
the step is to extract the scheduling behavior through a code analysis tool, and then match the scheduling behavior with a preset sensitive behavior table, wherein the sensitive behavior table is a sensitive authority table, and specifically comprises the following steps:
after the third-party application runs, scheduling a preset sensitive behavior monitoring program, acquiring a running code of the third-party application, and analyzing an authority scheduling behavior code in the running code;
identifying the authority generated by the authority scheduling behavior code during the operation;
and if the permission is any one of the permissions of accessing terminal privacy information, reading/writing clipboards, positioning, a microphone and a camera, determining that the third-party application has sensitive behaviors in the running process.
304. If yes, generating an authority scheduling notice according to the sensitive behavior, and prompting on a screen status bar of the terminal;
in this step, the permission scheduling notification is to prompt the user that a behavior of the third-party application running with a sensitive permission on the scheduling terminal occurs.
In this embodiment, the generation of the permission scheduling notification may be modified and implemented by using a preset notification template, specifically:
determining the authority type corresponding to the sensitive behavior;
detecting an execution state of the sensitive behavior;
selecting a corresponding notification template according to the execution state, and classifying all the sensitive behaviors;
generating a corresponding permission scheduling notification based on the execution state of each sensitive behavior and the notification template;
and after all the authority scheduling notices are combined according to the classification, the authority scheduling notices are displayed on a screen status bar of the terminal in an icon form, and prompt information is sent.
305. Acquiring touch operation of a user on a screen status bar;
in this embodiment, after the prompting, the user further selects the sensitive behavior to be changed to modify the permission by pulling down the screen status bar on the touch screen of the terminal. Of course, after the notification, if the touch operation of the user on the screen status bar is not detected for a long time, the notification of the timeout on the screen status bar is made clear after the time is reached, so as to reduce the consumption of terminal resources.
306. And determining the authority scheduling notification of the selected sensitive behavior or the running notification of the selected system application according to the touch operation, generating a historical scheduling detail report of the authority corresponding to the application based on the authority scheduling notification or the running notification, and displaying the historical scheduling detail report.
In the step, during the icon display process and within 30 seconds after the icon display process, if the notification center is called by pulling down the screen, the details of the recent application calling sensitive behavior can be called by clicking the behavior reminding area of the status bar.
In this embodiment, when the history scheduling detail report is generated, in order to facilitate authorized modification of sensitive behaviors of the notification by subsequent users, jump information of an entry permission change page is added to the history scheduling detail report.
Optionally, if the authority scheduling notification of the third-party application is selected, the generating of the historical scheduling detail report of the authority corresponding to the application based on the authority scheduling notification or the operation notification includes:
judging whether the authority corresponding to the authority scheduling notification is the authority capable of changing the authorization state or not to obtain a judgment result;
acquiring all scheduling conditions of the third-party application on the authority in a specific time window, wherein the specific time window is a time period obtained by extending a T length forward based on a latest scheduled time point of the authority;
generating a historical scheduling detail report based on all scheduling cases.
Further, after the generating the historical scheduling detail report based on all the scheduling cases, the method further includes:
configuring a skip interface of a permission change page in the historical scheduling detail report;
setting the operability of the skip interface according to the judgment result;
and configuring a jump entry for quickly entering the sensitive behavior record of the third-party application and an option for uninstalling the third-party application in the historical scheduling detail report, so that a user can view the behavior record of all sensitive behaviors called by the third-party application or select to uninstall the third-party application.
In this embodiment, if the operation notification of the system application is selected, the generating of the history scheduling detail report of the authority corresponding to the application based on the authority scheduling notification or the operation notification includes:
judging whether the authority corresponding to the operation notification is the authority capable of changing the authorization state or not to obtain a judgment result;
acquiring all scheduling conditions of the system application on the authority in a specific time window, wherein the specific time window is a time period obtained by extending a T length forward based on a latest scheduled time point of the authority;
generating a historical scheduling detail report based on all scheduling cases.
Further, after the generating the historical scheduling detail report based on all the scheduling cases, the method further includes:
configuring a skip interface of a permission change page in the historical scheduling detail report;
setting the operability of the skip interface according to the judgment result;
and configuring a jump entry for quickly entering the sensitive behavior record of the system application and an option for uninstalling the system application in the historical scheduling detail report, so that a user can view the behavior record of all the sensitive behaviors called by the system application or select to uninstall the system application.
Specifically, in the detail page, for the authority of the application that can change the authorization state, the user can adjust the authorization, such as all the above-mentioned authorities of the third-party application and partial authorities of the system application;
for the authority of the application which can not change the authorization state, the adjustment authorization operation is not provided, such as the basic authority of the system application;
in addition, a jump entry for quickly entering the application behavior record and an option for unloading the application are provided, and a user can select to view the behavior record of the application calling all the authorities or select to unload the application.
In summary, the method provided by the embodiment of the present invention directly monitors the authority scheduling behavior code in the running code of the third-party application by scheduling the sensitive behavior monitoring program, so that the monitoring is more direct and accurate, and it is not necessary to set a monitoring rule for monitoring for each authority, the mode of monitoring the code is simpler and more direct, the accurate determination of the monitoring is ensured, and the security performance is greatly improved. Meanwhile, a popup window is not needed, the user is prompted to operate authorization, and the use experience is greatly improved.
In the above description of the rights management method in the embodiment of the present invention, the rights management apparatus in the embodiment of the present invention is described below with reference to fig. 4, and an embodiment of the rights management apparatus in the embodiment of the present invention includes:
an obtaining module 401, configured to obtain an application calling operation of a user on a terminal;
a determining module 402, configured to determine whether the application scheduling operation is scheduling of a third-party application;
a detecting module 403, configured to detect whether a sensitive behavior exists in the running of the third-party application on the terminal after the third-party application runs when it is determined that the application scheduling operation is scheduling of the third-party application;
the notification module 404 is configured to, when it is detected that there is a sensitive behavior in the running process of the third-party application on the terminal, generate an authority scheduling notification according to the sensitive behavior, and prompt on a screen status bar of the terminal, where the authority scheduling notification is a behavior that prompts a user that there is a sensitive authority on the scheduling terminal in the running process of the third-party application.
The device provided by the embodiment judges whether the application calling operation is the scheduling of the third-party application, if so, detects whether the third-party application has sensitive behavior in the running process on the terminal, and if so, generates the authority scheduling notification according to the sensitive behavior, and prompts the scheduling occurrence of the operation of the third-party application of the user with sensitive authority on the screen status bar.
Further, referring to fig. 5, fig. 5 is a detailed schematic diagram of each module of the rights management device, where the rights management device includes:
an obtaining module 401, configured to obtain an application calling operation of a user on a terminal;
a determining module 402, configured to determine whether the application scheduling operation is scheduling of a third-party application;
a detecting module 403, configured to detect whether a sensitive behavior exists in the running of the third-party application on the terminal after the third-party application runs when it is determined that the application scheduling operation is scheduling of the third-party application;
the notification module 404 is configured to, when it is detected that there is a sensitive behavior in the running process of the third-party application on the terminal, generate an authority scheduling notification according to the sensitive behavior, and prompt on a screen status bar of the terminal, where the authority scheduling notification is a behavior that prompts a user that there is a sensitive authority on the scheduling terminal in the running process of the third-party application.
Wherein the notification module 404 is further configured to:
when the application scheduling operation is judged not to be the scheduling of the third-party application, acquiring an authority scheduling rule of the system application on the terminal, controlling the system application corresponding to the application operation to run, and generating a running notice of the system application;
and prompting the operation notification on a screen status bar of the terminal in an icon form, wherein the operation notification is used for prompting a user that the operation of the system application has successfully scheduled the sensitive permission on the terminal.
Wherein the detection module 403 comprises:
the analysis unit 4031 is configured to schedule a preset sensitive behavior monitoring program after the third-party application runs, acquire a running code of the third-party application, and analyze an authority scheduling behavior code in the running code;
an identifying unit 4032, configured to identify a right generated by the right scheduling behavior code during runtime;
a determining unit 4033, configured to determine that there is a sensitive behavior in the running of the third-party application when the authority is any one of access to terminal privacy information, reading/writing of a clipboard, positioning, a microphone, and a camera.
Wherein the notification module 404 comprises:
the detecting unit 4041 is configured to determine an authority type corresponding to the sensitive behavior; and detecting an execution state of the sensitive behavior;
a selecting unit 4042, configured to select a corresponding notification template according to the execution state, and classify all the sensitive behaviors;
a notification generating unit 4043, configured to generate a corresponding permission scheduling notification based on the execution status of each sensitive behavior and the notification template;
the display unit 4044 is configured to merge all the authority scheduling notifications according to the classifications, display the merged authority scheduling notifications on a screen status bar of the terminal in an icon form, and send a prompt message.
The rights management apparatus further includes a report generating module 405, which is specifically configured to:
acquiring touch operation of a user on the screen status bar;
and determining the authority scheduling notification of the selected sensitive behavior or the running notification of the selected system application according to the touch operation, generating a historical scheduling detail report of the corresponding authority of the application based on the authority scheduling notification or the running notification, and displaying the historical scheduling detail report.
The report generating module 405 includes a report generating unit 4051, which is specifically configured to:
judging whether the authority corresponding to the authority scheduling notification or the operation notification is the authority capable of changing the authorization state or not to obtain a judgment result;
acquiring all scheduling conditions of the corresponding application to the authority in a specific time window, wherein the specific time window is a time period obtained by extending a T length forward based on a latest scheduled time point of the authority;
generating a historical scheduling detail report based on all scheduling cases.
The report generating module 405 further includes a configuration unit 4052, which is specifically configured to:
configuring a skip interface of a permission change page in the historical scheduling detail report;
setting the operability of the skip interface according to the judgment result;
and configuring a jump entry for quickly entering the sensitive behavior record of the third-party application or the system application and an option for uninstalling the third-party application or the system application in the historical scheduling detail report, so that a user can view the behavior record of all the sensitive behaviors called by the third-party application or the system application and select to uninstall the third-party application or the system application.
In the embodiment of the invention, the authority scheduling behavior code in the running code of the third-party application is directly monitored by the scheduling sensitive behavior monitoring program, so that the monitoring is more direct and accurate, the monitoring rule does not need to be set for each authority to monitor, the mode of monitoring the code is simpler and more direct, the accurate determination of the monitoring is ensured, and the safety performance is greatly improved. Meanwhile, a popup window is not needed, the user is prompted to operate authorization, and the use experience is greatly improved.
Fig. 4 and 5 describe the rights management apparatus in the embodiment of the present invention in detail from the perspective of the modular functional entity, and the electronic device in the embodiment of the present invention is described in detail from the perspective of the hardware processing.
Fig. 6 is a schematic structural diagram of an electronic device 600, which may have a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 610 (e.g., one or more processors) and a memory 620, and one or more storage media 630 (e.g., one or more mass storage devices) for storing applications 633 or data 632. Memory 620 and storage medium 630 may be, among other things, transient or persistent storage. The program stored in the storage medium 630 may include one or more modules (not shown), each of which may include a sequence of instructions for operating the electronic device 600. Further, the processor 610 may be configured to communicate with the storage medium 630 to execute a series of instruction operations in the storage medium 630 on the electronic device 600. In actual applications, the application program 633 may be divided into functions of the acquisition module 401, the judgment module 402, the detection module 403, the notification module 404, and the report generation module 405 (modules in a virtual device).
The electronic device 600 may also include one or more power supplies 640, one or more wired or wireless network interfaces 650, one or more input-output interfaces 660, and/or one or more operating systems 631, such as: windows Server, MacOSX, Unix, Linux, FreeBSD, etc. Those skilled in the art will appreciate that the electronic device structure shown in fig. 6 may also include more or fewer components than shown, or combine certain components, or a different arrangement of components.
The embodiment of the present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and may also be a volatile computer-readable storage medium, where instructions or a computer program are stored in the computer-readable storage medium, and when the instructions or the computer program are executed, the computer executes the steps of the rights management method provided in the foregoing embodiment.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses, and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A rights management method, comprising:
acquiring application calling operation of a user on a terminal;
judging whether the application scheduling operation is the scheduling of the third-party application;
if yes, detecting whether sensitive behaviors exist in the running process of the third-party application on the terminal after the third-party application runs;
and if so, generating an authority scheduling notification according to the sensitive behavior, and prompting on a screen status bar of the terminal, wherein the authority scheduling notification is used for prompting a user that the behavior of the third-party application running and having the sensitive authority on the scheduling terminal occurs.
2. The method of claim 1, wherein if it is determined that the application scheduling operation is not scheduling of the third-party application, the method further comprises:
acquiring an authority scheduling rule of the system application on the terminal, controlling the system application corresponding to the application operation to run, and generating a running notice of the system application;
and prompting the operation notification on a screen status bar of the terminal in an icon form, wherein the operation notification is used for prompting a user that the operation of the system application has successfully scheduled the sensitive permission on the terminal.
3. The rights management method according to claim 2, wherein the detecting whether there is a sensitive behavior in the running process of the third-party application on the terminal after the third-party application runs comprises:
after the third-party application runs, scheduling a preset sensitive behavior monitoring program, acquiring a running code of the third-party application, and analyzing an authority scheduling behavior code in the running code;
identifying the authority generated by the authority scheduling behavior code during the operation;
and if the permission is any one of the permissions of accessing terminal privacy information, reading/writing clipboards, positioning, a microphone and a camera, determining that the third-party application has sensitive behaviors in the running process.
4. The rights management method of claim 1, wherein the generating of the rights scheduling notification according to the sensitive behavior and the prompting on the screen status bar of the terminal comprises:
determining the authority type corresponding to the sensitive behavior;
detecting an execution state of the sensitive behavior;
selecting a corresponding notification template according to the execution state, and classifying all the sensitive behaviors;
generating a corresponding permission scheduling notification based on the execution state of each sensitive behavior and the notification template;
and after all the authority scheduling notices are combined according to the classification, the authority scheduling notices are displayed on a screen status bar of the terminal in an icon form, and prompt information is sent.
5. The rights management method of claim 2, wherein after the generating of the rights scheduling notification according to the sensitive behavior and the prompting on the screen status bar of the terminal, further comprising:
acquiring touch operation of a user on the screen status bar;
and determining the authority scheduling notification of the selected sensitive behavior or the running notification of the selected system application according to the touch operation, generating a historical scheduling detail report of the corresponding authority of the application based on the authority scheduling notification or the running notification, and displaying the historical scheduling detail report.
6. The privilege management method according to claim 5, wherein the generating of the historical scheduling detail report of the corresponding privilege of the application based on the privilege scheduling notification or the running notification comprises:
judging whether the authority corresponding to the authority scheduling notification or the operation notification is the authority capable of changing the authorization state or not to obtain a judgment result;
acquiring all scheduling conditions of the corresponding application to the authority in a specific time window, wherein the specific time window is a time period obtained by extending a T length forward based on a latest scheduled time point of the authority;
generating a historical scheduling detail report based on all scheduling cases.
7. The rights management method of claim 6, after the generating historical scheduling details reports based on all scheduling cases, further comprising:
configuring a skip interface of a permission change page in the historical scheduling detail report;
setting the operability of the skip interface according to the judgment result;
and configuring a jump entry for quickly entering the sensitive behavior record of the third-party application or the system application and an option for uninstalling the third-party application or the system application in the historical scheduling detail report, so that a user can view the behavior record of all the sensitive behaviors called by the third-party application or the system application and select to uninstall the third-party application or the system application.
8. A rights management apparatus characterized by comprising:
the acquisition module is used for acquiring application calling operation of a user on the terminal;
the judging module is used for judging whether the application scheduling operation is the scheduling of the third-party application;
the detection module is used for detecting whether sensitive behaviors exist in the running of the third-party application on the terminal after the third-party application runs when the application scheduling operation is judged to be the scheduling of the third-party application;
and the notification module is used for generating an authority scheduling notification according to the sensitive behavior and prompting on a screen status bar of the terminal when the sensitive behavior of the third-party application in the running process of the terminal is detected, wherein the authority scheduling notification is used for prompting a user that the behavior of the third-party application, which has the sensitive authority in the scheduling terminal, exists in the running process of the third-party application.
9. An electronic device, comprising: a memory, a processor, and a computer program stored in the memory and executable on the processor;
the processor, when executing the computer program, implements the steps in the rights management method as claimed in any of claims 1 to 7.
10. A computer-readable storage medium, comprising: a computer program stored in the computer readable storage medium;
the computer program, when executed by a processor, implements the steps in the rights management method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110753535.6A CN113505365A (en) | 2021-07-02 | 2021-07-02 | Authority management method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110753535.6A CN113505365A (en) | 2021-07-02 | 2021-07-02 | Authority management method, device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113505365A true CN113505365A (en) | 2021-10-15 |
Family
ID=78011127
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110753535.6A Pending CN113505365A (en) | 2021-07-02 | 2021-07-02 | Authority management method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113505365A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024037369A1 (en) * | 2022-08-15 | 2024-02-22 | 华为技术有限公司 | Sensitive application behavior reminding method, related apparatus, and communication system |
-
2021
- 2021-07-02 CN CN202110753535.6A patent/CN113505365A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024037369A1 (en) * | 2022-08-15 | 2024-02-22 | 华为技术有限公司 | Sensitive application behavior reminding method, related apparatus, and communication system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109873803B (en) | Permission control method and device of application program, storage medium and computer equipment | |
| CN109388532B (en) | Test method, test device, electronic equipment and computer readable storage medium | |
| US9003544B2 (en) | Efficient securing of data on mobile devices | |
| US8595489B1 (en) | Grouping and ranking of application permissions | |
| CN100481101C (en) | Method for computer safety start | |
| CN103593238A (en) | Method and device for controlling invocation of application programming interfaces | |
| CN106557669A (en) | A kind of authority control method and device of application program installation process | |
| TW201250512A (en) | Threat level assessment of applications | |
| CN108763951B (en) | Data protection method and device | |
| US20200067759A1 (en) | Detecting driving and modifying access to a user device | |
| CN111190603B (en) | Private data detection method and device and computer readable storage medium | |
| WO2017173925A1 (en) | Software management method and device, terminal, and storage medium | |
| US11848935B2 (en) | Dynamically generating restriction profiles for managed devices | |
| US11846972B2 (en) | Method and apparatus for generating software test reports | |
| CN106557687A (en) | A kind of authority control method and device of application program installation process | |
| CN111259460B (en) | Locking state information display method and device | |
| CN113505365A (en) | Authority management method, device, electronic equipment and storage medium | |
| CN111695004B (en) | Application information processing method, device, computer equipment and storage medium | |
| CN106203148B (en) | Unauthorized data access blocking method and computing device with unauthorized data access blocking function | |
| JP2012008777A (en) | Application determination system and program | |
| WO2020250320A1 (en) | Operation log acquisition device, operation log acquisition method, and operation log acquisition program | |
| CN106708558B (en) | Method and device for closing application program | |
| WO2022193142A1 (en) | Behavior monitoring method and apparatus, terminal device, and computer readable storage medium | |
| CN113794718A (en) | Security authentication method and security authentication device for multiple application systems | |
| CN113656251A (en) | Method for monitoring application program behavior and related product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |