CN116089924A - Method, device, computer equipment and storage medium for accessing permission data - Google Patents
Method, device, computer equipment and storage medium for accessing permission data Download PDFInfo
- Publication number
- CN116089924A CN116089924A CN202111289213.7A CN202111289213A CN116089924A CN 116089924 A CN116089924 A CN 116089924A CN 202111289213 A CN202111289213 A CN 202111289213A CN 116089924 A CN116089924 A CN 116089924A
- Authority
- CN
- China
- Prior art keywords
- service identifier
- data type
- target
- data
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device, computer equipment and a storage medium for accessing authority data, which can be applied to various scenes such as cloud technology, intelligent traffic and the like, and comprises the following steps: acquiring a first service identifier set; acquiring an authority data access request; if the target service identifier belongs to the first service identifier set, determining a target authority data type corresponding to a target application programming interface based on the target application programming interface indicated by the data access request; determining a permission data type corresponding to a target service identifier in the permission data access request based on a plurality of service identifiers in the first service identifier set; if the permission data type corresponding to the target service identifier comprises the target permission data type, accessing permission data corresponding to the target permission data type. By the method, the malicious party library can be effectively prevented from acquiring the authority data of the user, and the leakage of the authority data of the user is avoided, so that the reliability of the access of the authority data is improved.
Description
Technical Field
The present disclosure relates to the field of terminal security technologies, and in particular, to a method, an apparatus, a computer device, and a storage medium for accessing rights data.
Background
With the rapid development of network technology, the intelligent terminal device is not limited to providing services such as calling, short messages and the like for users, and can also provide application services with various functions such as position location, fee payment and the like. However, users enjoy convenient services and suffer from problems such as disclosure of authority data, for example, some service applications apply for business purposes to access the authority of the authority data so as to read the authority data such as call records, short message content, and position information of the users.
At present, the intelligent terminal equipment can use a non-open-source three-party library, such as an interface design (user interface design, UI) component, data analysis, list management and the like, if the user detects that the three-party library agrees to the application program to acquire related authority data, the three-party library can acquire the authority data and the calling process of an application programming interface (application programming interface, API) corresponding to the authority data is long after code confusion, so that the accuracy and the timeliness of acquiring the related authority data by intercepting the three-party library are reduced, the three-party library can possibly start an asynchronous thread to read the authority data of the user, for example, acquire the voice message of the user, and the three-party library can cause the leakage of the authority data after analyzing and uploading the voice message of the user to a server corresponding to the three-party library, thereby improving the possibility of the authority data leakage. Therefore, how to ensure the reliability of the access of the rights data is a problem to be solved.
Disclosure of Invention
The embodiment of the application provides a method, a device, computer equipment and a storage medium for accessing authority data, when a target service identifier belongs to a service identifier set allowing access to the authority data, determining a target authority data type to be called by an access request, determining a service type of the authority data to be called specifically, wherein the authority data type corresponding to the service type comprises the target authority data type, and calling the authority data corresponding to the target authority data type, so that a malicious party library is effectively prevented from acquiring the authority data of a user, the leakage of the authority data of the user is avoided, and the reliability of the authority data access is improved.
In view of this, a first aspect of the present application provides a method of accessing rights data, comprising:
acquiring a first service identifier set, wherein the first service identifier set comprises a plurality of service identifiers, each service identifier uniquely indicates a service type, the service identifier corresponds to at least one authority data type, and each authority data type uniquely corresponds to an application programming interface;
acquiring a permission data access request, wherein the permission data access request comprises a target service identifier, and the permission data access request indicates to call a target application programming interface;
If the target service identifier belongs to the first service identifier set, determining a target authority data type corresponding to a target application programming interface based on the target application programming interface indicated by the data access request;
determining a permission data type corresponding to a target service identifier in the permission data access request based on a plurality of service identifiers in the first service identifier set;
if the permission data type corresponding to the target service identifier comprises the target permission data type, accessing permission data corresponding to the target permission data type.
A second aspect of the present application provides a rights data access apparatus, comprising:
the system comprises an acquisition module, a control module and a control module, wherein the acquisition module is used for acquiring a first service identification set, the first service identification set comprises a plurality of service identifications, each service identification uniquely indicates a service type, the service identification corresponds to at least one authority data type, and each authority data type uniquely corresponds to an application programming interface;
the acquisition module is further used for acquiring a permission data access request, wherein the permission data access request comprises a target service identifier, and the permission data access request indicates to call a target application programming interface;
The determining module is used for determining a target authority data type corresponding to a target application programming interface based on the target application programming interface indicated by the data access request if the target service identifier belongs to the first service identifier set;
the determining module is further used for determining the authority data type corresponding to the target service identifier in the authority data access request based on the service identifiers in the first service identifier set;
and the access module is used for accessing the authority data corresponding to the target authority data type if the authority data type corresponding to the target service identifier comprises the target authority data type.
In one possible embodiment, the rights data access device further comprises a copy module;
each permission data type also uniquely corresponds to a preset access time range;
the determining module is also used for determining the access time of the access request of the permission data before the access module accesses the permission data corresponding to the target permission data type;
the access module is specifically configured to access the rights data corresponding to the target rights data type if the rights data type corresponding to the target service identifier includes the target rights data type and the access time of the rights data access request is within a preset access time range corresponding to the target rights data type;
And the copying module is used for copying the authority data corresponding to the access target authority data type after the access module accesses the authority data corresponding to the target authority data type, and generating data within a preset access time range corresponding to the target authority data type.
In one possible implementation manner, each authority data type also uniquely corresponds to a preset data access duration;
the access module is further used for acquiring the access time length of the access data corresponding to the target authority data type when the access module accesses the authority data corresponding to the target authority data type;
the access module is further configured to stop accessing the rights data corresponding to the target rights data type if the access duration of the rights data corresponding to the target rights data type is longer than the preset data access duration corresponding to the target rights data type.
In one possible implementation manner, the acquiring module is specifically configured to acquire a set of rights data types, where the set of rights data types includes a plurality of rights data types;
acquiring a second service identifier set, wherein the second service identifier set comprises a plurality of initial service identifiers;
acquiring an initialization authority setting request, wherein the initialization authority setting request comprises the corresponding relation between each initial service identifier in the second service identifier set and a plurality of authority data types in the authority data type set;
And generating a first service identifier set based on the corresponding relation included in the initialization right setting request.
In a possible implementation manner, the obtaining module is specifically configured to obtain a third service identifier set, where the third service identifier set includes the first service identifier;
acquiring a service identifier adding request, wherein the service identifier adding request comprises a second service identifier;
based on the service identifier adding request, adding the second service identifier into a third service identifier set to generate a first service identifier set, wherein the first service identifier set comprises a first service identifier and a second service identifier;
or alternatively, the first and second heat exchangers may be,
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is specifically used for acquiring a fourth service identifier set, wherein the fourth service identifier set comprises a first service identifier, a second service identifier and a third service identifier;
acquiring a service identifier removal request, wherein the service identifier removal request comprises a third service identifier;
and removing the third service identifier from the fourth service identifier set based on the service identifier removal request to generate a first service identifier set, wherein the first service identifier set comprises the first service identifier and the second service identifier.
In one possible implementation manner, the obtaining module is specifically configured to obtain a fifth service identifier set, where the fifth service identifier set includes a first service identifier, and the first service identifier corresponds to the first permission data type;
acquiring a rights data adding request, wherein the rights data adding request comprises a corresponding relation between a first service identifier and a second rights data type;
based on the permission data adding request, adding a corresponding relation between a first service identifier and a second permission data type in a fifth service identifier set to generate a first service identifier set, wherein the first service identifier set comprises a first service identifier, and the first service identifier corresponds to the first permission data type and the second permission data type;
or alternatively, the first and second heat exchangers may be,
the system comprises an acquisition module, a storage module and a control module, wherein the acquisition module is specifically used for acquiring a sixth service identifier set, the sixth service identifier set comprises a first service identifier, the first service identifier corresponds to a first authority data type, a second authority data type and a third authority data type;
acquiring a right data removing request, wherein the right data removing request comprises a corresponding relation between a first service identifier and a third right data type;
Based on the permission data removing request, removing the corresponding relation between the first service identifier and the third permission data type from the fourth service identifier set to generate a first service identifier set, wherein the first service identifier set comprises the first service identifier, and the first service identifier corresponds to the first permission data type and the second permission data type.
In one possible embodiment, the rights data access device further comprises a creation module;
the system comprises a creation module, a first distribution channel and a second distribution channel, wherein the creation module is used for creating the first distribution channel and the second distribution channel, the first distribution channel is used for processing the permission data access request, and the second distribution channel is used for processing the non-permission data access request.
A third aspect of the present application provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the method of the above aspects.
A fourth aspect of the present application provides a computer device, comprising: memory, transceiver, processor, and bus system; wherein the memory is used for storing programs; the processor is used for executing the program in the memory to realize the method in the aspects; the bus system is used for connecting the memory and the processor so as to enable the memory and the processor to communicate.
A fifth aspect of the present application provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the method described in the above aspects.
From the above technical solutions, the embodiments of the present application have the following advantages:
in an embodiment of the present application, a method for accessing rights data is provided, where a first service identifier set is obtained first, where the first service identifier set includes a plurality of service identifiers, each service identifier uniquely indicates a service type, the service identifier corresponds to at least one rights data type, and each rights data type uniquely corresponds to an application programming interface. And then acquiring an authority data access request, wherein the authority data access request comprises a target service identifier, the authority data access request indicates to call a target application programming interface, when the target service identifier belongs to a first service identifier set, the target authority data type corresponding to the target application programming interface is determined based on the target application programming interface indicated by the data access request, the authority data type corresponding to the target service identifier in the authority data access request is determined based on a plurality of service identifiers in the first service identifier set, and if the authority data type corresponding to the target service identifier comprises the target authority data type, the authority data corresponding to the target authority data type is accessed. By the method, when the target service identifier belongs to the service identifier set allowing access to the authority data, the target authority data type to be called by the access request is determined, and the service type of the authority data to be called specifically is determined, wherein the authority data type corresponding to the service type comprises the target authority data type, and the authority data corresponding to the target authority data type is called, so that the authority data of a user is effectively prevented from being acquired by a malicious party library, the leakage of the authority data of the user is avoided, and the reliability of the access to the authority data is improved.
Drawings
FIG. 1 is a system diagram of a method for accessing rights data in an embodiment of the present application;
FIG. 2 is a flowchart illustrating a method for accessing rights data according to an embodiment of the present application;
FIG. 3 is a schematic diagram of one embodiment of a method for accessing rights data provided by an embodiment of the present application;
FIG. 4 is a schematic diagram of another embodiment of a method for accessing rights data provided by an embodiment of the present application;
fig. 5 is a schematic structural diagram of a rights data access device according to an embodiment of the present application;
FIG. 6 is a schematic diagram of one embodiment of a server according to an embodiment of the present application;
fig. 7 is a schematic diagram of an embodiment of a terminal device in an embodiment of the present application.
Detailed Description
The embodiment of the application provides a method, a device, computer equipment and a storage medium for accessing authority data, when a target service identifier belongs to a service identifier set allowing access to the authority data, determining a target authority data type to be called by an access request, determining a service type of the authority data to be called specifically, wherein the authority data type corresponding to the service type comprises the target authority data type, and calling the authority data corresponding to the target authority data type, so that a malicious party library is effectively prevented from acquiring the authority data of a user, the leakage of the authority data of the user is avoided, and the reliability of the authority data access is improved.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims of this application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be capable of operation in sequences other than those illustrated or described herein, for example. Furthermore, the terms "comprises," "comprising," and "includes" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
With the rapid development of network technology, the intelligent terminal device is not limited to providing services such as calling, short messages and the like for users, and can also provide application services with various functions such as position location, fee payment and the like. However, users enjoy convenient services and suffer from problems such as disclosure of authority data, for example, some service applications apply for business purposes to access the authority of the authority data so as to read the authority data such as call records, short message content, and position information of the users. Based on the fact, on part of intelligent terminal equipment, the intelligent terminal equipment can read the authority data of the application to locate an executable file, then analyze the executable file to obtain relevant code call information, compare the executable file with a private function, or check the function which cannot be allowed to be called to determine text similarity, so that an API and an authority mapping table are established, the authority information of different types is used in specific application, the use condition of the application on the authority information is output, so that the authority information and the authority mapping table are obtained, whether the application is allowed to access certain authority data is determined, however, the mode needs to split a character string into a plurality of sub-strings to be spliced, the sub-strings are possibly sent from a server dynamically, the class object is initialized in a reflection mode after the splicing is completed to call a privacy function, so that the split character strings cannot be obtained in the matching process, the sub-strings cannot be locally found, the matching failure can be caused, the access of the authority data cannot be accurately ensured, and the reliability of the access of the authority data is lowered. And secondly, the intelligent terminal equipment can also use a non-open-source three-party library, such as a UI component, data analysis, list management and the like, if the user detects that the three-party library agrees to acquire related authority data by an application program, the three-party library can acquire the API corresponding to the authority data after code confusion, so that the accuracy and the effectiveness of acquiring the related authority data by the three-party library are reduced, the three-party library can possibly start an asynchronous thread mode to read the authority data of the user, for example, the voice message of the user is acquired, and the three-party library can cause the leakage of the authority data after analyzing and uploading the voice message of the user to a server corresponding to the three-party library, thereby improving the possibility of the authority data leakage. Therefore, how to ensure the reliability of the access of the rights data is a problem to be solved. Based on the above, the embodiment of the application provides a method for accessing the authority data, which can effectively prevent a malicious three-party library from acquiring the authority data of a user, and avoid the leakage of the authority data of the user, thereby improving the reliability of the access of the authority data.
First, for ease of understanding, some terms or concepts related to the embodiments of the present application are explained first.
1. Run time (run time)
Run time refers to deferring the determination of the data type from compile time to run time, and finally converting the data type into run time C language code, and modifying or replacing the method in the process of running the program through a run time mechanism.
The application scenario of the embodiment of the present application is described below. It will be appreciated that the method of rights data access may be performed by the terminal device or by the server. When the method for accessing the permission data is deployed on the terminal equipment, the terminal equipment can directly process the request for accessing the permission data by the method for accessing the permission data provided by the embodiment of the application so as to judge whether the request for accessing the permission data can be accessed or not, and the terminal equipment does not need to be connected with the internet at the moment, so that the reliability of the access of the permission data of the user can be better protected, and the process of the access of the permission data is more convenient. When the method for accessing the permission data is deployed on the server, the server can judge whether the request for accessing the permission data can be accessed and acquired according to the request for accessing the permission data sent by the receiving terminal equipment by the method for accessing the permission data, so that higher efficient processing efficiency can be provided for the request for accessing the permission data based on the hardware performance of the server, the efficiency for processing the request for accessing the permission data is improved, and the reliability of access of the permission data is further improved.
The method for accessing the permission data provided in the embodiment of the present application is described below by taking a terminal device as an execution body as an example. Referring to fig. 1, fig. 1 is a schematic diagram of a system of a method for accessing rights data in an embodiment of the present application, where, as shown in fig. 1, the rights data access system includes a server and a terminal device, and the terminal device may obtain a first service identifier set through communication connection with the server, so as to process an obtained rights data access request, determine, when a target service identifier belongs to the first service identifier set, a target rights data type corresponding to a target application programming interface, and include, in the rights data type corresponding to the target service identifier, a target rights data type, and access rights data corresponding to the target rights data type.
It should be noted that, the server in fig. 1 may be an independent physical server, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and artificial intelligence platforms. The terminal device may be a tablet computer, a notebook computer, a palm computer, a mobile phone, a personal computer (personal computer, PC) and an intelligent voice interaction device shown in fig. 1, and the terminal device may also include, but is not limited to, an intelligent home appliance, a vehicle-mounted terminal and the like. And the terminal device and the server may be directly or indirectly connected through a wireless network, a wired network, or a removable storage medium. Wherein the wireless network uses standard communication techniques and/or protocols. The wireless network is typically the internet, but may be any network including, but not limited to, bluetooth, a local area network (Local Area Network, LAN), a metropolitan area network (Metropolitan Area Network, MAN), a wide area network (Wide Area Network, WAN), a mobile, private network, or any combination of virtual private networks. In some embodiments, custom or dedicated data communication techniques may be used in place of or in addition to the data communication techniques described above. The removable storage medium may be a universal serial bus (Universal Serial Bus, USB) flash drive, a removable hard disk, or other removable storage medium, etc.
Second, although only five terminal devices and one server are shown in fig. 1, it should be understood that the example in fig. 1 is only for understanding the present solution, and the number of specific terminal devices and servers should be flexibly determined according to actual situations.
Second, embodiments of the present invention may be applied to various scenarios including, but not limited to, cloud technology (Cloud technology), intelligent transportation, assisted driving, etc. Cloud technology refers to a hosting technology for unifying serial resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data. The cloud technology is based on the general names of network technology, information technology, integration technology, management platform technology, application technology and the like applied by the cloud computing business mode, can form a resource pool, and is flexible and convenient as required. Cloud computing technology will become an important support. Background services of technical networking systems require a large amount of computing, storage resources, such as video websites, picture-like websites, and more portals. Along with the high development and application of the internet industry, each article possibly has an own identification mark in the future, the identification mark needs to be transmitted to a background system for logic processing, data with different levels can be processed separately, and various industry data needs strong system rear shield support and can be realized only through cloud computing.
Cloud computing (clouding) refers to the delivery and usage mode of the IT infrastructure, meaning that the required resources are obtained in an on-demand, easily scalable manner over the network; generalized cloud computing refers to the delivery and usage patterns of services, meaning that the required services are obtained in an on-demand, easily scalable manner over a network. Such services may be IT, software, internet related, or other services. Cloud Computing is a product of fusion of traditional computer and network technology developments such as Grid Computing (Grid Computing), distributed Computing (distributed Computing), parallel Computing (Parallel Computing), utility Computing (Utility Computing), network storage (Network Storage Technologies), virtualization (Virtualization), load balancing (Load balancing), and the like.
With the development of the internet, real-time data flow and diversification of connected devices, and the promotion of demands of search services, social networks, mobile commerce, open collaboration and the like, cloud computing is rapidly developed. Unlike the previous parallel distributed computing, the generation of cloud computing will promote the revolutionary transformation of the whole internet mode and enterprise management mode in concept.
The artificial intelligence cloud Service is also commonly called AIaaS (AI as a Service), and chinese is "AI as a Service"). The service mode of the artificial intelligent platform is the mainstream at present, and particularly, the AIaaS platform can split several common AI services and provide independent or packaged services at the cloud. This service mode is similar to an AI theme mall: all developers can access one or more artificial intelligence services provided by the use platform through an API interface, and partial deep developers can also use an AI framework and AI infrastructure provided by the platform to deploy and operate and maintain self-proprietary cloud artificial intelligence services.
Further, cloud Security (Cloud Security) refers to a generic term for Security software, hardware, users, institutions, and Security Cloud platforms based on Cloud computing business model applications. Cloud security fuses emerging technologies and concepts such as parallel processing, grid computing, unknown virus behavior judgment and the like, acquires the latest information of Trojan horse and malicious programs in the Internet through abnormal monitoring of a large number of network clients on software behaviors, sends the latest information to a server for automatic analysis and processing, and distributes solutions of viruses and Trojan horse to each client.
The main research directions of cloud security include: 1. cloud computing security is mainly used for researching how to guarantee security of cloud and various applications on the cloud, including cloud computer system security, security storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like. 2. Clouding of a safety infrastructure mainly researches how to build and integrate safety infrastructure resources by adopting cloud computing, optimizes a safety protection mechanism, and comprises the steps of constructing a super-large-scale safety event and an information acquisition and processing platform by a cloud computing technology, realizing acquisition and association analysis of mass information, and improving the control capability and risk control capability of the whole-network safety event. 3. Cloud security services, mainly research on various security services provided for users based on cloud computing platforms, such as anti-virus services and the like.
For ease of understanding, referring to fig. 2, fig. 2 is a schematic flow chart of a method for accessing rights data according to an embodiment of the present application, and referring to fig. 2, the flow chart of the method for accessing rights data is divided into three stages, specifically, an initialization environment stage, a configuration rights item stage and an access request processing stage. The following describes the functions and processes of each stage, specifically:
in the initialization environment stage A1, a first split channel is created and used for processing a permission data access request, and a second split channel is created and used for processing a non-permission data access request. And then acquiring a right data type set and a second service identifier set, wherein the right data type set comprises a plurality of right data types, the second service identifier set comprises a plurality of initial service identifiers, the initial service identifiers do not have corresponding relation with the right data types, an initialization right setting request generated based on user requirements is acquired, the initialization right setting request comprises corresponding relation between each initial service identifier in the second service identifier set and the plurality of right data types in the right data type set, and therefore a first service identifier set is generated based on the corresponding relation included in the initialization right setting request, and environment initialization is completed.
In the authority item constructing stage A2, authority data access is realized by the following four methods, firstly, each service identifier in the first service identifier set uniquely indicates a service type, and the service identifier carried in the authority data access request needs to exist in the first service identifier set to judge whether the current service type can access the authority data. Based on the above, the service identifier corresponds to at least one type of rights data, and each type of rights data uniquely corresponds to an application programming interface, so that the corresponding target rights data type is determined by the target application programming interface indicated to be invoked by the rights data access request, so as to determine whether the current service type can access the rights data corresponding to the target rights data type. Further, each permission data type also uniquely corresponds to a preset access time range, when the access time of the permission data access request is within the preset access time range corresponding to the target permission data type, the permission data corresponding to the target permission data type can be accessed, the permission data corresponding to the target permission data type can be copied, and the data generated within the preset access time range corresponding to the target permission data type can be generated. Finally, each authority data type also uniquely corresponds to a preset data access duration, so when the authority data corresponding to the target authority data type is accessed, if the access duration of the authority data corresponding to the target authority data type is longer than the preset data access duration corresponding to the target authority data type, the access of the authority data corresponding to the target authority data type is stopped.
In the access request processing stage A3, a hook is performed on a rights API method of the system by using a runtime to obtain the rights data access method provided in this embodiment, so as to monitor a call to the rights API, and based on this, a rights data access request can be obtained, and the request indicates to call a target application programming interface, thereby matching to a target rights data type corresponding to the target application programming interface, and implementing rights data access by four methods set in the construction rights item stage A2.
With reference to the foregoing description, taking an execution body as an example of a terminal device, a method for accessing rights data in the present application will be described with reference to fig. 3, where fig. 3 is a schematic diagram of one embodiment of a method for accessing rights data provided in an embodiment of the present application, and as shown in fig. 3, the method includes:
101. a first set of service identities is obtained.
In this embodiment, the terminal device obtains a first service identifier set, where the first service identifier set includes a plurality of service identifiers, each service identifier uniquely indicates a service type, the service identifier corresponds to at least one permission data type, and each permission data type uniquely corresponds to an application programming interface. The first service identifier set is a service identifier set in which the terminal equipment can be allowed to access different authority data types, namely, the service type indicated by each service identifier in the first service identifier set can access the corresponding authority data type.
Specifically, different service identifiers indicate different service types, but the rights data types corresponding to the different service identifiers may be the same or different. The foregoing rights data types include, but are not limited to, a microphone rights data type, a camera rights data type, an album rights data type, an address book rights data type, a bluetooth rights data type, a positioning rights data type, a network rights data type, etc., and in practical application, the rights data types may also include a rights data type for accessing the clipboard text data, a calendar rights data type, etc., and specific rights data types also need to be determined according to user requirements and practical application scenarios, which are not exhaustive herein.
For example, if the first service identifier set includes a service identifier "1" and a service identifier "2", and the service identifier "1" indicates a video playing service type, and the service identifier "2" indicates a voice input service type, the service identifier "1" may correspond to a bluetooth permission data type, a positioning permission data type, and a network permission data type, and the service identifier "2" may correspond to a microphone permission data type and a network permission data type. It should be understood that the foregoing examples are only for understanding the present solution, and the rights data types corresponding to different services also need to be determined according to the user requirements and the actual application scenario, so the foregoing examples should not be construed as limiting the present application.
102. And acquiring the permission data access request.
In this embodiment, the terminal device uses run to perform hook on the authority API method of the system, so as to obtain the authority data access method provided in this embodiment, and thus monitor the call of all the application program interfaces. Based on the above, when the user needs to access the rights data corresponding to the target rights data type, a rights data access request can be generated based on the rights data access operation, the rights data access request includes the target service identifier, and the rights data access request indicates to call the target application programming interface. Because the terminal device can monitor the call of all application programming interfaces, when the permission data access request indicates to call the target application programming interface, the terminal device can acquire the permission data access request.
For example, if a user needs to wear a bluetooth headset to play video and voice data when performing a video playing service, the user wants to access bluetooth permission data corresponding to a bluetooth permission data type at this time, so that the user applies for an operation of accessing the bluetooth permission data on an operation page of the video playing service, thereby generating a permission data access request including a target service identifier "1", wherein the target service identifier "1" indicates the video playing service type only, and the permission data access request indicates that a bluetooth application programming interface is invoked. Secondly, if the user performs voice input service, the microphone of the terminal device needs to be called for voice input, and at the moment, the user hopes to access the microphone permission corresponding to the microphone permission data type, so that the user can apply for the operation of accessing the microphone permission data on an operation page of the voice input service, thereby generating a permission data access request comprising a target service identifier '2', wherein the target service identifier '2' uniquely indicates the voice input service type, and the permission data access request indicates calling of a microphone application programming interface. It should be understood that the foregoing examples are only for understanding the present solution, and the rights data access request needs to be determined according to the actual application scenario, the actual rights data access requirement of the user, and the specific service, and thus the foregoing examples should not be construed as limiting the present application.
103. If the target service identifier belongs to the first service identifier set, determining a target authority data type corresponding to the target application programming interface based on the target application programming interface indicated by the data access request.
In this embodiment, after the terminal device obtains the permission data access request including the target service identifier through step 102, it will first perform a preliminary judgment to determine whether the target service identifier in the permission data access request belongs to the first service identifier set obtained in step 101, that is, whether the service type indicated by the current target service identifier can access the permission data. Because the first service identifier set is a service identifier set that the terminal equipment can be allowed to access different authority data types, when the target service identifier belongs to the first service identifier set, the target service type indicated by the target service identifier is indicated to be capable of accessing the authority data types, and the terminal equipment determines the target authority data types corresponding to the target application programming interfaces based on the target application programming interfaces indicated by the data access requests. Otherwise, if the target service identifier does not belong to the first service identifier set, it is indicated that the target service type indicated by the target service identifier cannot access the permission data type, so that the permission data access process is directly ended, and the target service type is prevented from executing the step of acquiring permission data.
For example, if the first service identifier set includes a service identifier "1" and a service identifier "2", the target service identifier included in the data access request is "3", the target service identifier "3" indicates the album service type uniquely, and the permission data access request indicates to invoke the bluetooth application programming interface, and at this time, the target service identifier "3" does not belong to the first service identifier set, and the terminal device will directly end the permission data access process. And if the target service identifier included in the data access request is 1, the target service identifier is 1 and uniquely indicates the video playing service type, and the permission data access request indicates to call the Bluetooth application programming interface, at this time, the target service identifier 1 belongs to the first service identifier set, and the terminal equipment further determines the Bluetooth permission data type corresponding to the Bluetooth application programming interface based on the Bluetooth application programming interface indicated by the data access request. It should be appreciated that the foregoing examples are merely for understanding the present solution, and that whether to execute a target rights data type needs to be determined based on a specific target service identification and a first set of service identifications, and that a specific target rights data type needs to be determined based on a specific target application programming interface, and thus the foregoing examples should not be construed as limiting the present application.
104. And determining the authority data type corresponding to the target service identifier in the authority data access request based on the service identifiers in the first service identifier set.
In this embodiment, since the first service identifier set obtained in step 101 includes a plurality of service identifiers, and the service identifiers correspond to at least one type of rights data, the terminal device determines the type of rights data corresponding to the target service identifier in the rights data access request based on the plurality of service identifiers, specifically, the type of rights data corresponding to each service identifier.
For example, if the first service identifier set includes a service identifier "1" and a service identifier "2", and the service identifier "1" corresponds to the bluetooth right data type, the positioning right data type, and the network right data type, the service identifier "2" corresponds to the microphone right data type and the network right data type. Based on this, if the target service identifier in the permission data access request is "1", it is indicated that the permission data type corresponding to the target service identifier "1" is a bluetooth permission data type, a positioning permission data type, and a network permission data type. If the target service identifier in the permission data access request is '2', the permission data type corresponding to the target service identifier '2' is indicated to be the microphone permission data type and the network permission data type. It should be understood that the foregoing examples are only for understanding the present solution, and specific rights data types corresponding to the target service identifier need to be determined according to the rights data types corresponding to the multiple service identifiers, and thus the foregoing examples should not be construed as limiting the present application.
105. If the permission data type corresponding to the target service identifier comprises the target permission data type, accessing permission data corresponding to the target permission data type.
In this embodiment, after the terminal device determines the rights data type corresponding to the target service identifier through step 104, it will be determined whether the target rights data type corresponding to the target application programming interface determined in step 103 exists in the rights data type corresponding to the target service identifier, that is, whether the target service type indicated by the target service identifier can access the target rights data type. Based on the above, if the permission data type corresponding to the target service identifier includes the target permission data type, the target service type indicated by the target service identifier can access the target permission data type, so that the terminal equipment accesses the permission data corresponding to the target permission data type. Otherwise, the permission data type corresponding to the target service identifier does not include the target permission data type, and the permission data corresponding to the target permission data type cannot be accessed by the target service type indicated by the target service identifier, so that the terminal equipment directly ends the permission data access process, and the permission data corresponding to the target permission data type is prevented from being acquired.
For example, if the service identifier "1" corresponds to the bluetooth right data type, the positioning right data type, and the network right data type, and the service identifier "2" corresponds to the microphone right data type and the network right data type. Based on this, if the data access request carries the service identifier "1" and indicates the bluetooth application programming interface, the bluetooth application programming interface corresponds to the bluetooth permission data type, and because the service identifier "1" corresponds to the bluetooth permission data type, the positioning permission data type and the network permission data type, and the bluetooth permission data type belongs to the permission data type corresponding to the service identifier "1", the terminal device will access the bluetooth permission data corresponding to the bluetooth permission data type. Secondly, if the data access request carries a service identifier "2" and indicates a bluetooth application programming interface, the bluetooth application programming interface corresponds to a bluetooth permission data type, and the service identifier "2" corresponds to the bluetooth permission data type, the positioning permission data type and the network permission data type, while the bluetooth permission data type does not belong to the permission data type corresponding to the service identifier "2", so that the terminal equipment directly ends the permission data access process, thereby avoiding acquiring bluetooth permission data corresponding to the bluetooth permission data type and avoiding revealing user permission data. It should be understood that the foregoing examples are only for understanding the present solution, and thus the foregoing examples should not be construed as limiting the present application, since whether to access rights data corresponding to a target rights data type needs to be determined based on a specific rights data type corresponding to a target service identification and an actual target rights data type.
In the embodiment of the application, the method for accessing the permission data is provided, when the target service identifier belongs to the service identifier set allowing access to the permission data, the target permission data type to be called for the access request is determined through the access request, the service type of the permission data to be specifically called is determined, the permission data corresponding to the service type comprises the target permission data type, and the permission data corresponding to the target permission data type is called, so that malicious three-party libraries are effectively prevented from acquiring the permission data of the user, the leakage of the permission data of the user is avoided, and the reliability of access to the permission data is improved.
Optionally, on the basis of the embodiment corresponding to fig. 3, in an optional embodiment of the method for accessing rights data provided in the embodiment of the present application, each rights data type also uniquely corresponds to a preset access time range;
before accessing the authority data corresponding to the target authority data type, the method for accessing the authority data further comprises the following steps:
determining access time of the permission data access request;
if the permission data type corresponding to the target service identifier includes a target permission data type, accessing permission data corresponding to the target permission data type, specifically including:
If the permission data type corresponding to the target service identifier comprises a target permission data type, and the access time of the permission data access request is within a preset access time range corresponding to the target permission data type, accessing permission data corresponding to the target permission data type;
after accessing the rights data corresponding to the target rights data type, the method for accessing the rights data further comprises the following steps:
copying access authority data corresponding to the target authority data type, and generating data within a preset access time range corresponding to the target authority data type.
In this embodiment, another method for accessing rights data is provided, in which each rights data type also uniquely corresponds to a preset access time range, where the preset access time range indicates a time range in which rights data corresponding to the rights data type can be accessed, for example, a microphone rights data type corresponds to a preset access time range of 9:00 to 18:00, i.e. the time to be able to access the microphone entitlement data corresponding to the microphone entitlement data type is at 9:00 to 18: 00. Similarly, the preset access time range corresponding to the camera authority data type is 8:00 to 20:00, namely, the time for accessing the camera authority data corresponding to the camera authority data type is 8:00 to 20: 00. The Bluetooth permission data type corresponds to a preset access time range of 8:00 to 21:00, namely the time for accessing the Bluetooth permission data corresponding to the Bluetooth permission data type is 8:00 to 21: 00. The album permission data type, the address list permission data type, the bluetooth permission data type, the positioning permission data type, the network permission data type and other permission data types may all correspond to a preset access time range, and the preset access time ranges corresponding to different permission data types may be the same or different, which is not limited herein. In practical applications, each rights data type may also uniquely correspond to a preset access date, where the preset access date indicates a specific date on which rights data corresponding to the rights data type can be accessed, for example, indicates that only monday to friday access is possible, or only weekend access is possible, which is not described herein and is specifically similar to the preset access time range.
Based on this, referring to fig. 4, fig. 4 is a schematic diagram of another embodiment of the method for accessing rights data provided in the embodiment of the present application, as shown in fig. 4, the terminal device obtains the first service identifier set in step B1 by a method similar to the foregoing embodiment, and obtains the request for accessing rights data in step B2 by a method similar to the foregoing embodiment, which is not repeated herein.
Then, before accessing the rights data corresponding to the target rights data type, that is, when the rights data access request is acquired in step B2, the terminal device can also determine the access time of the rights data access request in step B3. In step B4, by a method similar to the foregoing embodiment, when the target service identifier belongs to the first service identifier set, the target permission data type corresponding to the target application programming interface is determined based on the target application programming interface indicated by the data access request, which is not described herein. In step B5, by a method similar to the foregoing embodiment, the type of rights data corresponding to the target service identifier in the rights data access request is determined based on the plurality of service identifiers in the first service identifier set, which is not described herein.
Further, in step B6, the terminal device determines, by a method similar to the foregoing embodiment, whether the permission data type corresponding to the target service identifier includes the target permission data type, and detailed description thereof is omitted herein. At this time, if the terminal device can determine that the permission data type corresponding to the target service identifier includes the target permission data type, at this time, it is further required to determine whether the access time of the permission data access request is within a preset access time range corresponding to the target permission data type, and if the access time of the permission data access request is within the preset access time range corresponding to the target permission data type, the instruction book indicates that the permission data requested by the permission data access request can be accessed in the time period, so that the terminal device accesses the permission data corresponding to the target permission data type. Otherwise, the access time of the permission data access request is not in the preset access time range corresponding to the target permission data type, the target service type indicated by the target service identifier cannot access the permission data corresponding to the target permission data type, so that the terminal equipment directly ends the permission data access process, and the permission data corresponding to the target permission data type is prevented from being acquired.
For example, if the service identifier "1" corresponds to a bluetooth permission data type, a positioning permission data type, and a network permission data type, the bluetooth permission data type corresponds to a preset access time range of 8:00 to 21:00, the corresponding preset access time range of the positioning authority data type is 10:00 to 18:00, and the preset access time range corresponding to the network authority data type is 6:00 to 23:00. based on this, if the data access request carries a service identifier "1", and the access time of the data access request is 9:00, and the data access request indicates a bluetooth application programming interface, the bluetooth application programming interface corresponds to a bluetooth permission data type, because the service identifier "1" corresponds to a bluetooth permission data type, a positioning permission data type and a network permission data type, and the bluetooth permission data type belongs to a permission data type corresponding to the service identifier "1", and the access time of the data access request is 9:00 is in a preset access time range 8 corresponding to the Bluetooth permission data type: 00 to 21:00, so the terminal device will access the bluetooth permission data corresponding to the bluetooth permission data type.
Secondly, if the data access request carries a service identifier "1", and the access time of the data access request is 20:00, and the data access request indicates a positioning application programming interface, the positioning application programming interface corresponding to a positioning permission data type, because the service identifier "1" corresponds to a bluetooth permission data type, a positioning permission data type, and a network permission data type, and the positioning permission data type belongs to a permission data type corresponding to the service identifier "1", however, the access time of the data access request is 20:00 is not in the preset access time range 10 corresponding to the positioning authority data type: 00 to 18:00, the terminal device directly ends the access process of the permission data, thereby avoiding acquiring the Bluetooth permission data corresponding to the Bluetooth permission data type and avoiding revealing the user permission data. It should be understood that the foregoing examples are only for understanding the present solution, and therefore the foregoing examples should not be construed as limiting the present application, since whether to access the rights data corresponding to the target rights data type needs to be determined based on the specific rights data type corresponding to the target service identifier and the actual target rights data, and the specific preset access time range corresponding to the actual access time of the rights data access request and the target rights data type.
Further, in step B7, the permission data type corresponding to the target service identifier includes a target permission data type, and after the access time of the permission data access request is within a preset access time range corresponding to the target permission data type and the permission data corresponding to the target permission data type is accessed, the terminal equipment can copy the permission data corresponding to the access target permission data type, and the data is generated within the preset access time range corresponding to the target permission data type.
In the embodiment of the present application, another method for accessing rights data is provided, by adopting the above method, when the rights data type corresponding to the service type includes the target rights data type, it is further determined whether the access time of the rights data access request is within the preset access time range corresponding to the target rights data type, and further the limitation requirement of the access rights data is reinforced, so that the rights data corresponding to the target rights data type is invoked when the determination requirement is satisfied, and further the capability of preventing a malicious party library from acquiring the rights data of the user is further reinforced, thereby further avoiding the leakage of the rights data of the user, and further improving the reliability of the rights data access.
Optionally, based on the embodiment corresponding to fig. 3, in an optional embodiment of the method for accessing rights data provided in the embodiment of the present application, each rights data type also uniquely corresponds to a preset data access duration;
when the authority data corresponding to the target authority data type is accessed, the method for accessing the authority data further comprises the following steps:
acquiring access time length of the authority data corresponding to the access target authority data type;
if the access time length of the access to the permission data corresponding to the target permission data type is longer than the preset data access time length corresponding to the target permission data type, stopping accessing the permission data corresponding to the target permission data type.
In this embodiment, another method for accessing rights data is provided, where each rights data type also uniquely corresponds to a preset data access duration, where the preset data access duration indicates a duration that rights data corresponding to the rights data type can be accessed, for example, a duration that microphone rights data corresponding to the microphone rights data type can be accessed is 30 seconds (seconds, s), that is, a duration that microphone rights data corresponding to the microphone rights data type can be accessed is 30s. Similarly, the preset data access duration corresponding to the camera permission data type is 30 minutes (minutes), that is, the duration that the camera permission data corresponding to the camera permission data type can be accessed is 30 minutes. And the preset data access time length corresponding to the Bluetooth permission data type is 1 hour (hours), namely the time length that the Bluetooth permission data corresponding to the Bluetooth permission data type can be accessed is 1 hour. The album permission data type, the address list permission data type, the bluetooth permission data type, the positioning permission data type, the network permission data type and other permission data types can all correspond to a preset data access time length, and preset data access time lengths corresponding to different permission data types can be the same or different, and the method is not limited herein.
Based on the above, when the terminal device accesses the permission data corresponding to the target permission data type, the terminal device can also acquire the access time length of the permission data corresponding to the access target permission data type. It should be understood that the terminal device obtains the access duration in real time and continuously, that is, as long as the terminal device is still accessing the rights data corresponding to the target rights data type, the access duration is continuously and real-time recorded, and the access duration is the duration between the starting time point of the rights data corresponding to the target rights data type and the time point of the rights data corresponding to the target rights data type being accessed by the terminal device. Further, the terminal device judges the access duration of the access data corresponding to the access target authority data type and the preset data access duration corresponding to the target authority data type, and when the access duration of the access data corresponding to the access target authority data type is greater than the preset data access duration corresponding to the target authority data type, the terminal device indicates that the access duration of the access data can be exceeded, so that the terminal device directly stops accessing the authority data corresponding to the target authority data type, and the condition that the access of the authority data corresponding to the target authority data type is continuously obtained is avoided. Otherwise, if the access duration of the access permission data corresponding to the target permission data type is smaller than the preset data access duration corresponding to the target permission data type, the instruction is still in the duration that the permission data can be accessed, and therefore the terminal equipment can continue to access the permission data corresponding to the target permission data type based on the requirement.
For example, if the service identifier "1" corresponds to a bluetooth permission data type, a positioning permission data type, and a network permission data type, the bluetooth permission data type corresponds to a preset data access duration of 1h, the positioning permission data type corresponds to a preset data access duration of 10min, and the network permission data type corresponds to a preset data access duration of 6h. Based on the above, if the bluetooth permission data corresponding to the bluetooth permission data type is accessed through the bluetooth application programming interface, and the duration of accessing the bluetooth permission data corresponding to the bluetooth permission data type is 40min, the duration of accessing the bluetooth permission data corresponding to the bluetooth permission data type is smaller than the preset data access duration corresponding to the bluetooth permission data type, so that the access to the permission data corresponding to the bluetooth permission data type can be continued. And secondly, if the positioning authority data corresponding to the positioning authority data type is accessed through the positioning application programming interface, and the time length of the positioning authority data corresponding to the positioning authority data type is 10min and 2s, the time length of the positioning authority data corresponding to the positioning authority data type is longer than the preset data access time length corresponding to the Bluetooth authority data type, so that the access to the positioning authority data corresponding to the positioning authority data type is stopped. It should be understood that the foregoing examples are only for understanding the present solution, and the rights data corresponding to the access target rights data type needs to be flexibly determined according to the actual situation, and thus the foregoing examples should not be construed as limiting the present application.
In the embodiment of the application, another method for accessing the permission data is provided, and by adopting the method, when the permission data corresponding to the target permission data type is accessed, the access time length of the permission data is monitored and acquired in real time, and the access to the permission data is stopped under the condition that the access time length exceeds the preset data access time length, so that the real-time safety monitoring of the access permission data in the process of accessing the permission data is achieved, and the reliability of the access of the permission data is further improved.
Optionally, on the basis of the embodiment corresponding to fig. 3, in an optional embodiment of the method for accessing rights data provided in the embodiment of the present application, the obtaining a first service identifier set specifically includes:
acquiring a right data type set, wherein the right data type set comprises a plurality of right data types;
acquiring a second service identifier set, wherein the second service identifier set comprises a plurality of initial service identifiers;
acquiring an initialization authority setting request, wherein the initialization authority setting request comprises the corresponding relation between each initial service identifier in the second service identifier set and a plurality of authority data types in the authority data type set;
And generating a first service identifier set based on the corresponding relation included in the initialization right setting request.
In this embodiment, a method for acquiring a first service identifier set is provided, in which a terminal device acquires the first service identifier set in an initialized manner. Firstly, a terminal device firstly creates a set of authority data types by taking different authority data types as dimensions, then the different authority data types have corresponding access logics, namely, each time the access authority data types need to construct corresponding access authority instances, the access to the application programming interfaces corresponding to the authority data types can be carried out, therefore, after the access authority instances corresponding to each access authority data type are constructed, the application programming interfaces corresponding to the access authority data types can be called through the access authority instances corresponding to the access authority data types, and the specific follow-up is similar to the embodiment. For example, the set of rights data types includes a microphone rights data type, a camera rights data type, an album rights data type, an address book rights data type, a bluetooth rights data type, a location rights data type, and a network rights data type.
And secondly, the server can also acquire a second service identifier set, wherein the second service identifier set comprises a plurality of initial service identifiers, and the initial service identifiers do not establish a corresponding relation with the authority data types. The second service identifier set includes an initial service identifier "1" and an initial service identifier "2", where the initial service identifier "1" is only used to indicate a video playing service type, and the initial service identifier "2" indicates a voice input service type.
Based on the above, the user determines the corresponding relation between the service types indicated by the different initial service identifiers and the authority data types through the requirements, so as to generate an initialization authority setting request, wherein the initialization authority setting request comprises the corresponding relation between each initial service identifier in the second service identifier set and a plurality of authority data types in the authority data type set, and the terminal equipment obtains the initialization authority setting request. For example, the initialization authority setting request includes a correspondence between an initial service identifier "1" and a bluetooth authority data type, a positioning authority data type, and a network authority data type, and a correspondence between an initial service identifier "2" and a microphone authority data type, and a network authority data type.
Therefore, the terminal device can generate the first service identifier set based on the correspondence relationship included in the initialization permission setting request, that is, the correspondence relationship included in the initialization permission setting request, and establish the correspondence relationship between the plurality of permission data types in the permission data type set and the plurality of service identifiers in the second service identifier set, thereby generating the first service identifier set introduced in the foregoing embodiment. It should be understood that the foregoing examples are only for understanding the present solution, and the specific manner of the first service identification set needs to be determined based on actual situations, and thus the foregoing examples should not be construed as limiting the present application.
In the embodiment of the application, a method for acquiring a first service identifier set is provided, by adopting the method, a plurality of initial service identifiers which do not have a corresponding relation with authority data types are initialized, so that the acquired service identifier set can comprise the corresponding relation between the service identifiers and the authority data types, and each authority data type is provided with a corresponding application programming interface, thereby accurately positioning specific service access specific authority data types based on the corresponding relation between the service identifiers and the authority data types and the corresponding relation between the authority data types and the application programming interfaces in the process of actual authority data access, and further improving the reliability of authority data access.
Optionally, on the basis of the embodiment corresponding to fig. 3, in an optional embodiment of the method for accessing rights data provided in the embodiment of the present application, the obtaining a first service identifier set specifically includes:
acquiring a third service identifier set, wherein the third service identifier set comprises the first service identifier;
acquiring a service identifier adding request, wherein the service identifier adding request comprises a second service identifier;
based on the service identifier adding request, adding the second service identifier into a third service identifier set to generate a first service identifier set, wherein the first service identifier set comprises a first service identifier and a second service identifier;
or alternatively, the first and second heat exchangers may be,
the method for acquiring the first service identifier set specifically comprises the following steps:
acquiring a fourth service identifier set, wherein the fourth service identifier set comprises a first service identifier, a second service identifier and a third service identifier;
acquiring a service identifier removal request, wherein the service identifier removal request comprises a third service identifier;
and removing the third service identifier from the fourth service identifier set based on the service identifier removal request to generate a first service identifier set, wherein the first service identifier set comprises the first service identifier and the second service identifier.
In this embodiment, another method for obtaining the first service identifier set is provided, where a plurality of service identifiers included in the service identifier set can be added or removed.
In one embodiment, the terminal device obtains a third service identifier set, where the third service identifier set includes the first service identifier, it should be understood that the third service identifier set may also include the third service identifier, the fourth service identifier, and so on, but does not include the second service identifier in the third service identifier set. When the user agrees to the service type indicated by the second service identifier to access part of the authority data types, the user performs service identifier adding operation on the service type indicated by the second service identifier, so that the terminal device obtains a service identifier adding request, wherein the service identifier adding request comprises the second service identifier, and the second service identifier corresponds to at least one authority data type. The terminal device determines that the second service identifier needs to be added based on the service identifier adding request, so that the second service identifier is added to the third service identifier set to generate a first service identifier set, and the obtained first service identifier set comprises the first service identifier and the second service identifier.
Or in another embodiment, the terminal device obtains a fourth service identifier set, where the fourth service identifier set includes the first service identifier, the second service identifier, and the third service identifier. When the user needs to remove the service type indicated by the third service identifier and the corresponding authority data type, the user performs service identifier removing operation on the service type indicated by the third service identifier, so that the terminal device obtains a service identifier removing request, wherein the service identifier removing request comprises the third service identifier, and it is understood that the third service identifier corresponds to at least one authority data type. The terminal device determines that the third service identifier needs to be removed based on the service identifier removal request, removes the third service identifier from the fourth service identifier set, removes the corresponding relation between the third service identifier and the permission data type, and accordingly generates a first service identifier set, wherein the obtained first service identifier set comprises the first service identifier and the second service identifier.
In the embodiment of the present application, another method for acquiring a first service identifier set is provided, and by adopting the above method, an identifier to be added or removed can be determined directly through a service identifier adding request or a service identifier removing request, so that the service identifier is added or removed in an original service identifier set, and the invasiveness of an original code or engineering is weaker, thereby improving the flexibility and reliability of acquiring the service identifier set.
Optionally, on the basis of the embodiment corresponding to fig. 3, in an optional embodiment of the method for accessing rights data provided in the embodiment of the present application, the obtaining a first service identifier set specifically includes:
acquiring a fifth service identifier set, wherein the fifth service identifier set comprises a first service identifier, and the first service identifier corresponds to a first authority data type;
acquiring a rights data adding request, wherein the rights data adding request comprises a corresponding relation between a first service identifier and a second rights data type;
based on the permission data adding request, adding a corresponding relation between a first service identifier and a second permission data type in a fifth service identifier set to generate a first service identifier set, wherein the first service identifier set comprises a first service identifier, and the first service identifier corresponds to the first permission data type and the second permission data type;
or alternatively, the first and second heat exchangers may be,
the method for acquiring the first service identifier set specifically comprises the following steps:
acquiring a sixth service identifier set, wherein the sixth service identifier set comprises a first service identifier, and the first service identifier corresponds to a first authority data type, a second authority data type and a third authority data type;
Acquiring a right data removing request, wherein the right data removing request comprises a corresponding relation between a first service identifier and a third right data type;
based on the permission data removing request, removing the corresponding relation between the first service identifier and the third permission data type from the fourth service identifier set to generate a first service identifier set, wherein the first service identifier set comprises the first service identifier, and the first service identifier corresponds to the first permission data type and the second permission data type.
In this embodiment, another method for obtaining the first service identifier set is provided, where the rights data type corresponding to each service identifier included in the service identifier set can be added or removed. Taking the first service identifier set including the first service identifier, where the first service identifier corresponds to the first permission data type and the second permission data type as examples, the following description is performed.
In one embodiment, the terminal device obtains a fifth set of service identities, where the fifth set of service identities includes the first service identity, and the first service identity corresponds to the first permission data type, for example, the fifth set of service identities includes a first service identity "1", and the first service identity "1" corresponds to the bluetooth permission data type (first permission data type). Based on this, when the user wants the service type indicated by the first service identifier to access more rights data types, the user performs a rights data adding operation on the second rights data type, so that the terminal device obtains a rights data adding request, where the rights data adding request includes a correspondence between the first service identifier and the second rights data type, for example, the rights data adding request includes a correspondence between the first service identifier "1" and a positioning rights data type (second rights data type).
Therefore, the terminal equipment adds the corresponding relation between the first service identifier and the second authority data type in the fifth service identifier set based on the authority data adding request so as to generate the first service identifier set. Based on the foregoing examples, it can be seen that the correspondence between the first service identifier "1" and the positioning permission data type (the second permission data type) is added to the fifth service identifier set including the first service identifier "1", where the obtained first service identifier set includes the first service identifier, and the first service identifier corresponds to the first permission data type and the second permission data type, that is, the first service identifier set includes the first service identifier "1", and the first service identifier "1" corresponds to the bluetooth permission data type (the first permission data type) and the positioning permission data type (the second permission data type).
Alternatively, in another embodiment, the terminal device obtains a sixth service identifier set, where the sixth service identifier set includes a first service identifier, and the first service identifier corresponds to a first rights data type, a second rights data type, and a third rights data type, for example, the sixth service identifier set includes a first service identifier "1", and the first service identifier "1" corresponds to a bluetooth rights data type (first rights data type), a positioning rights data type (second rights data type), and a network rights data type (third rights data type). Based on this, when the user wishes to reduce the rights data type of the service type access indicated by the first service identifier, and determines to reduce the third rights data type, the user will perform a rights data removal operation on the third rights data type, so that the terminal device obtains a rights data removal request, where the rights data removal request includes a correspondence between the first service identifier and the third rights data type, for example, the rights data addition request includes a correspondence between the first service identifier "1" and the network rights data type (third rights data type).
Therefore, the terminal device removes the correspondence between the first service identifier and the third authority data type from the fourth service identifier set based on the authority data removal request, so as to generate a first service identifier set, where the first service identifier set includes the first service identifier, and the first service identifier corresponds to the first authority data type and the second authority data type, removes the correspondence between the first service identifier "1" and the network authority data type (the third authority data type) from the sixth service identifier set including the first service identifier "1", where the obtained first service identifier set includes the first service identifier, and the first service identifier corresponds to the first authority data type and the second authority data type, that is, the first service identifier set includes the first service identifier "1", and the first service identifier "1" corresponds to the bluetooth authority data type (the first authority data type) and the positioning authority data type (the second authority data type).
In the embodiment of the present application, another method for acquiring the first permission data set is provided, and by adopting the above method, the identifier to be added or removed can be determined directly through the permission data adding request or the permission data removing request, so that the permission data is added or removed in the original service identifier set, and the invasiveness of the original code or engineering is weaker, thereby improving the flexibility and reliability of acquiring the service identifier set.
Optionally, on the basis of the embodiment corresponding to fig. 3, in an optional embodiment of the method for accessing rights data provided in the embodiment of the present application, the method for accessing rights data further includes:
and creating a first shunting channel and a second shunting channel, wherein the first shunting channel is used for processing the authority data access request, and the second shunting channel is used for processing the non-authority data access request.
In this embodiment, the terminal device may also be capable of creating a first bypass channel and a second bypass channel, where the first bypass channel is used to process the permission data access request, and the second bypass channel is used to process the non-permission data access request. Specifically, the terminal device creates a plurality of shunting channels in the initialization environment stage shown in fig. 2, and different shunting channels are respectively used for processing the permission data access request and the non-permission data access request, so that the creation process of the application programming interface of the access permission data can be uniformly processed by the sub-thread for processing the permission data access request, therefore, the interaction event of the main thread for processing the non-permission data access request is not blocked, and the parameters or popup window of the permission data access are preloaded.
It should be understood that when multiple permission data access requests call the same application programming interface at the same time, the terminal device can also create a serial queue, and the execution calls related to the permission data access method are all placed in the serial queue for control, so as to ensure that the normal call and data processing of other application programming interfaces are not affected.
In the embodiment of the application, another method for accessing the permission data is provided, and by adopting the method, the creation process of the application programming interface for accessing the permission data is uniformly processed by the sub-thread for processing the permission data access request, so that the interaction event of the main thread for processing the non-permission data access request is not blocked, and the data processing efficiency and the permission data access reliability are ensured.
Fig. 5 is a schematic structural diagram of an apparatus for accessing rights data according to an embodiment of the present application, and as shown in fig. 5, the apparatus 500 for accessing rights data includes:
an obtaining module 501, configured to obtain a first service identifier set, where the first service identifier set includes a plurality of service identifiers, each service identifier uniquely indicates a service type, the service identifier corresponds to at least one permission data type, and each permission data type uniquely corresponds to an application programming interface;
The obtaining module 501 is further configured to obtain a rights data access request, where the rights data access request includes a target service identifier, and the rights data access request indicates to invoke a target application programming interface;
a determining module 502, configured to determine, if the target service identifier belongs to the first service identifier set, a target permission data type corresponding to the target application programming interface based on the target application programming interface indicated by the data access request;
the determining module 502 is further configured to determine, based on the plurality of service identifiers in the first service identifier set, a rights data type corresponding to the target service identifier in the rights data access request;
and the accessing module 503 is configured to access the rights data corresponding to the target rights data type if the rights data type corresponding to the target service identifier includes the target rights data type.
Optionally, on the basis of the embodiment corresponding to fig. 5, in another embodiment of the rights data access device provided in the embodiment of the present application, the rights data access device 500 further includes a copy module 504;
each permission data type also uniquely corresponds to a preset access time range;
the determining module 502 is further configured to determine an access time of the rights data access request before the accessing module 503 accesses the rights data corresponding to the target rights data type;
The access module 503 is specifically configured to access the rights data corresponding to the target rights data type if the rights data type corresponding to the target service identifier includes the target rights data type and the access time of the rights data access request is within a preset access time range corresponding to the target rights data type;
and a copying module 504, configured to copy, after the accessing module 503 accesses the rights data corresponding to the target rights data type, the rights data corresponding to the access target rights data type, and data generated within a preset access time range corresponding to the target rights data type.
Optionally, on the basis of the embodiment corresponding to fig. 5, in another embodiment of the rights data access apparatus 500 provided in the embodiment of the present application, each rights data type also uniquely corresponds to a preset data access duration;
the obtaining module 501 is further configured to obtain an access duration of the rights data corresponding to the access target rights data type when the access module 503 accesses the rights data corresponding to the target rights data type;
the access module 503 is further configured to stop accessing the rights data corresponding to the target rights data type if the access duration of the rights data corresponding to the target rights data type is longer than the preset data access duration corresponding to the target rights data type.
Optionally, on the basis of the embodiment corresponding to fig. 5, in another embodiment of the rights data access apparatus 500 provided in the embodiment of the present application, the obtaining module 501 is specifically configured to obtain a rights data type set, where the rights data type set includes a plurality of rights data types;
acquiring a second service identifier set, wherein the second service identifier set comprises a plurality of initial service identifiers;
acquiring an initialization authority setting request, wherein the initialization authority setting request comprises the corresponding relation between each initial service identifier in the second service identifier set and a plurality of authority data types in the authority data type set;
and generating a first service identifier set based on the corresponding relation included in the initialization right setting request.
Optionally, on the basis of the embodiment corresponding to fig. 5, in another embodiment of the rights data access apparatus 500 provided in the embodiment of the present application, the obtaining module 501 is specifically configured to obtain a third service identifier set, where the third service identifier set includes the first service identifier;
acquiring a service identifier adding request, wherein the service identifier adding request comprises a second service identifier;
Based on the service identifier adding request, adding the second service identifier into a third service identifier set to generate a first service identifier set, wherein the first service identifier set comprises a first service identifier and a second service identifier;
or alternatively, the first and second heat exchangers may be,
the obtaining module 501 is specifically configured to obtain a fourth service identifier set, where the fourth service identifier set includes a first service identifier, a second service identifier, and a third service identifier;
acquiring a service identifier removal request, wherein the service identifier removal request comprises a third service identifier;
and removing the third service identifier from the fourth service identifier set based on the service identifier removal request to generate a first service identifier set, wherein the first service identifier set comprises the first service identifier and the second service identifier.
Optionally, on the basis of the embodiment corresponding to fig. 5, in another embodiment of the rights data access apparatus 500 provided in the embodiment of the present application, the obtaining module 501 is specifically configured to obtain a fifth service identifier set, where the fifth service identifier set includes a first service identifier, and the first service identifier corresponds to a first rights data type;
acquiring a rights data adding request, wherein the rights data adding request comprises a corresponding relation between a first service identifier and a second rights data type;
Based on the permission data adding request, adding a corresponding relation between a first service identifier and a second permission data type in a fifth service identifier set to generate a first service identifier set, wherein the first service identifier set comprises a first service identifier, and the first service identifier corresponds to the first permission data type and the second permission data type;
or alternatively, the first and second heat exchangers may be,
the obtaining module 501 is specifically configured to obtain a sixth service identifier set, where the sixth service identifier set includes a first service identifier, and the first service identifier corresponds to a first permission data type, a second permission data type, and a third permission data type;
acquiring a right data removing request, wherein the right data removing request comprises a corresponding relation between a first service identifier and a third right data type;
based on the permission data removing request, removing the corresponding relation between the first service identifier and the third permission data type from the fourth service identifier set to generate a first service identifier set, wherein the first service identifier set comprises the first service identifier, and the first service identifier corresponds to the first permission data type and the second permission data type.
Optionally, on the basis of the embodiment corresponding to fig. 5, in another embodiment of the rights data access device 500 provided in the embodiment of the present application, the rights data access device 500 further includes a creation module 505;
The creating module 505 is configured to create a first bypass channel and a second bypass channel, where the first bypass channel is used for processing the permission data access request, and the second bypass channel is used for processing the non-permission data access request.
The embodiment of the present application further provides another rights data access device, which may be disposed on a server or may be disposed on a terminal device, where the application is described by taking the manner that the rights data access device is disposed on the server as an example, please refer to fig. 6, fig. 6 is a schematic diagram of an embodiment of a server in the embodiment of the present application, and as shown in the drawing, the server 1000 may generate relatively large differences due to different configurations or performances, and may include one or more central processing units (central processing units, CPU) 1022 (e.g., one or more processors) and a memory 1032, and one or more storage media 1030 (e.g., one or more mass storage devices) storing application programs 1042 or data 1044. Wherein memory 1032 and storage medium 1030 may be transitory or persistent. The program stored on the storage medium 1030 may include one or more modules (not shown), each of which may include a series of instruction operations on a server. Further, central processor 1022 may be configured to communicate with storage medium 1030 to perform a series of instruction operations in storage medium 1030 on server 1000.
The Server 1000 may also include one or more power supplies 1026, one or more wired or wireless network interfaces 1050, one or more input/output interfaces 1058, and/or one or more operating systems 1041, such as Windows Server TM ,Mac OSX TM ,Unix TM ,Linux TM ,FreeBSD TM Etc.
The steps performed by the server in the above embodiments may be based on the server structure shown in fig. 6.
The CPU1022 included in the server is used to execute the embodiments shown in fig. 3 and the respective embodiments corresponding to fig. 3.
The present application further provides a terminal device, as shown in fig. 7, for convenience of explanation, only a portion related to an embodiment of the present application is shown, and specific technical details are not disclosed, please refer to a method portion of an embodiment of the present application. The terminal device is taken as a mobile phone for example for explanation:
fig. 7 is a block diagram showing a part of the structure of a mobile phone related to a terminal provided in an embodiment of the present application. Referring to fig. 7, the mobile phone includes: radio Frequency (RF) circuitry 1110, memory 1120, input unit 1130, display unit 1140, sensors 1150, audio circuit 1160, wireless fidelity (wireless fidelity, wiFi) module 1170, processor 1180, power supply 1190, and the like. It will be appreciated by those skilled in the art that the handset construction shown in fig. 7 is not limiting of the handset and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
The following describes the components of the mobile phone in detail with reference to fig. 7:
the RF circuit 1110 may be used for receiving and transmitting signals during a message or a call, and in particular, after receiving downlink information of a base station, the downlink information is processed by the processor 1180; in addition, the data of the design uplink is sent to the base station. Typically, the RF circuitry 1110 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier (Low Noise Amplifier, LNA), a duplexer, and the like. In addition, RF circuitry 1110 may also communicate with networks and other devices via wireless communications. The wireless communications may use any communication standard or protocol including, but not limited to, global system for mobile communications (Global System of Mobile communication, GSM), general packet radio service (General Packet Radio Service, GPRS), code division multiple access (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), long term evolution (Long Term Evolution, LTE), email, short message service (Short Messaging Service, SMS), and the like.
The memory 1120 may be used to store software programs and modules, and the processor 1180 executes the software programs and modules stored in the memory 1120 to perform various functional applications and data processing of the cellular phone. The memory 1120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, memory 1120 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
The input unit 1130 may be used to receive input numerical or character information and generate key signal inputs related to object settings and function control of the mobile phone. In particular, the input unit 1130 may include a touch panel 1131 and other input devices 1132. The touch panel 1131, also referred to as a touch screen, may collect touch operations on or near an object (e.g., the object's operation on the touch panel 1131 using any suitable object or accessory such as a finger, a stylus, etc., or near the touch panel 1131) and drive the corresponding connection device according to a predetermined program. Alternatively, the touch panel 1131 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch azimuth of the object, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device and converts it into touch point coordinates, which are then sent to the processor 1180, and can receive commands from the processor 1180 and execute them. In addition, the touch panel 1131 may be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave. The input unit 1130 may include other input devices 1132 in addition to the touch panel 1131. In particular, other input devices 1132 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.
The display unit 1140 may be used to display information input by an object or information provided to the object and various menus of a mobile phone. The display unit 1140 may include a display panel 1141, and optionally, the display panel 1141 may be configured in the form of a liquid crystal display (Liquid Crystal Display, LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 1131 may overlay the display panel 1141, and when the touch panel 1131 detects a touch operation thereon or thereabout, the touch panel is transferred to the processor 1180 to determine the type of touch event, and then the processor 1180 provides a corresponding visual output on the display panel 1141 according to the type of touch event. Although in fig. 7, the touch panel 1131 and the display panel 1141 are two separate components for implementing the input and output functions of the mobile phone, in some embodiments, the touch panel 1131 may be integrated with the display panel 1141 to implement the input and output functions of the mobile phone.
The handset may also include at least one sensor 1150, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 1141 according to the brightness of ambient light, and the proximity sensor may turn off the display panel 1141 and/or the backlight when the mobile phone moves to the ear. As one of the motion sensors, the accelerometer sensor can detect the acceleration in all directions (generally three axes), and can detect the gravity and direction when stationary, and can be used for applications of recognizing the gesture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and knocking), and the like; as for other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc. that may be further configured in the mobile phone, details are not described here.
WiFi belongs to a short-distance wireless transmission technology, and a mobile phone can help an object to send and receive emails, browse webpages, access streaming media and the like through a WiFi module 1170, so that wireless broadband Internet access is provided for the object. Although fig. 7 shows a WiFi module 1170, it is understood that it does not belong to the necessary constitution of the handset.
The processor 1180 is a control center of the mobile phone, and connects various parts of the entire mobile phone using various interfaces and lines, and performs various functions and processes of the mobile phone by running or executing software programs and/or modules stored in the memory 1120 and calling data stored in the memory 1120, thereby performing overall monitoring of the mobile phone. In the alternative, processor 1180 may include one or more processing units; preferably, the processor 1180 may integrate an application processor and a modem processor, wherein the application processor primarily processes an operating system, an object interface, an application program, etc., and the modem processor primarily processes wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 1180.
The handset further includes a power supply 1190 (e.g., a battery) for powering the various components, which may be logically connected to the processor 1180 via a power management system so as to provide for the management of charging, discharging, and power consumption by the power management system.
Although not shown, the mobile phone may further include a camera, a bluetooth module, etc., which will not be described herein.
In the embodiment of the present application, the processor 1180 included in the terminal is configured to perform the embodiment shown in fig. 3 and the respective embodiments corresponding to fig. 3.
There is also provided in an embodiment of the present application a computer readable storage medium having stored therein a computer program which, when run on a computer, causes the computer to perform the steps performed by the terminal device in the method described in the embodiment shown in fig. 3.
There is also provided in an embodiment of the present application a computer program product comprising a program which, when run on a computer, causes the computer to perform the steps performed by a terminal device in a method as described in the embodiment shown in fig. 3.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the elements is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., at least two elements or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on at least two network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are merely for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (11)
1. A method of authorizing data access, comprising:
acquiring a first service identifier set, wherein the first service identifier set comprises a plurality of service identifiers, each service identifier uniquely indicates a service type, the service identifier corresponds to at least one authority data type, and each authority data type uniquely corresponds to an application programming interface;
acquiring a permission data access request, wherein the permission data access request comprises a target service identifier, and the permission data access request indicates to call a target application programming interface;
if the target service identifier belongs to the first service identifier set, determining a target authority data type corresponding to the target application programming interface based on the target application programming interface indicated by the data access request;
determining a right data type corresponding to the target service identifier in the right data access request based on the plurality of service identifiers in the first service identifier set;
and if the permission data type corresponding to the target service identifier comprises the target permission data type, accessing permission data corresponding to the target permission data type.
2. The method of claim 1, wherein each rights data type also uniquely corresponds to a preset access time range;
before the access to the rights data corresponding to the target rights data type, the method further includes:
determining the access time of the permission data access request;
and if the permission data type corresponding to the target service identifier includes the target permission data type, accessing permission data corresponding to the target permission data type, including:
if the permission data type corresponding to the target service identifier comprises the target permission data type and the access time of the permission data access request is within a preset access time range corresponding to the target permission data type, accessing permission data corresponding to the target permission data type;
after the access to the rights data corresponding to the target rights data type, the method further includes:
copying and accessing the authority data corresponding to the target authority data type, and generating data within a preset access time range corresponding to the target authority data type.
3. The method according to claim 1 or 2, wherein each rights data type also uniquely corresponds to a preset data access duration;
When the access to the rights data corresponding to the target rights data type is performed, the method further comprises:
acquiring access time length of access to the right data corresponding to the access target right data type;
and if the access time length of the access to the permission data corresponding to the target permission data type is longer than the preset data access time length corresponding to the target permission data type, stopping accessing the permission data corresponding to the target permission data type.
4. The method of claim 1, wherein the obtaining the first set of service identities comprises:
acquiring a right data type set, wherein the right data type set comprises a plurality of right data types;
acquiring a second service identifier set, wherein the second service identifier set comprises a plurality of initial service identifiers;
acquiring an initialization authority setting request, wherein the initialization authority setting request comprises the corresponding relation between each initial service identifier in the second service identifier set and the plurality of authority data types in the authority data type set;
and generating the first service identifier set based on the corresponding relation included in the initialization right setting request.
5. The method of claim 1, wherein the obtaining the first set of service identities comprises:
acquiring a third service identifier set, wherein the third service identifier set comprises the first service identifier;
acquiring a service identifier adding request, wherein the service identifier adding request comprises the second service identifier;
adding the second service identity to the third service identity set based on the service identity addition request to generate the first service identity set, wherein the second service identity is added to the third service identity set based on the service identity addition request, wherein the first service identity set is selected from the group consisting of
Or alternatively, the first and second heat exchangers may be,
the obtaining the first service identifier set includes:
acquiring a fourth service identifier set, wherein the fourth service identifier set comprises the first service identifier, the second service identifier and a third service identifier;
acquiring a service identifier removal request, wherein the service identifier removal request comprises the third service identifier;
and removing the third service identifier from the fourth service identifier set based on the service identifier removal request to generate the first service identifier set, wherein the first service identifier set comprises a first service identifier and a second service identifier.
6. The method of claim 1, wherein the obtaining the first set of service identities comprises:
a fifth service identifier set is obtained, wherein the fifth service identifier set comprises the first service identifier, and the first service identifier corresponds to the first authority data type;
acquiring a right data adding request, wherein the right data adding request comprises a corresponding relation between the first service identifier and the second right data type;
based on the permission data adding request, adding a corresponding relation between the first service identifier and the second permission data type in the fifth service identifier set to generate a first service identifier set, wherein the first service identifier set comprises a first service identifier, and the first service identifier corresponds to the first permission data type and the second permission data type;
or alternatively, the first and second heat exchangers may be,
the obtaining the first service identifier set includes:
a sixth service identifier set is obtained, wherein the sixth service identifier set comprises the first service identifier, and the first service identifier corresponds to the first authority data type, the second authority data type and the third authority data type;
Acquiring a right data removing request, wherein the right data removing request comprises a corresponding relation between the first service identifier and the third right data type;
and removing the corresponding relation between the first service identifier and the third authority data type from the fourth service identifier set based on the authority data removal request to generate the first service identifier set, wherein the first service identifier set comprises a first service identifier, and the first service identifier corresponds to the first authority data type and the second authority data type.
7. The method according to claim 1, wherein the method further comprises:
a first shunting channel and a second shunting channel are created, wherein the first shunting channel is used for processing the permission data access request, and the second shunting channel is used for processing the non-permission data access request.
8. A rights data access apparatus, characterized in that the rights data access apparatus comprises:
the system comprises an acquisition module, a control module and a control module, wherein the acquisition module is used for acquiring a first service identification set, the first service identification set comprises a plurality of service identifications, each service identification uniquely indicates a service type, the service identification corresponds to at least one authority data type, and each authority data type uniquely corresponds to an application programming interface;
The acquisition module is further used for acquiring a permission data access request, wherein the permission data access request comprises a target service identifier, and the permission data access request indicates to call a target application programming interface;
the determining module is configured to determine, if the target service identifier belongs to the first service identifier set, a target permission data type corresponding to the target application programming interface based on the target application programming interface indicated by the data access request;
the determining module is further configured to determine, based on the plurality of service identifiers in the first service identifier set, a rights data type corresponding to the target service identifier in the rights data access request;
and the access module is used for accessing the authority data corresponding to the target authority data type if the authority data type corresponding to the target service identifier comprises the target authority data type.
9. A computer device, comprising: memory, transceiver, processor, and bus system;
wherein the memory is used for storing programs;
the processor being adapted to execute a program in the memory to implement the method of any one of claims 1 to 7;
The bus system is used for connecting the memory and the processor so as to enable the memory and the processor to communicate.
10. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 7.
11. A computer program product comprising computer programs/instructions which, when executed by a processor, implement the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111289213.7A CN116089924A (en) | 2021-11-02 | 2021-11-02 | Method, device, computer equipment and storage medium for accessing permission data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111289213.7A CN116089924A (en) | 2021-11-02 | 2021-11-02 | Method, device, computer equipment and storage medium for accessing permission data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116089924A true CN116089924A (en) | 2023-05-09 |
Family
ID=86203021
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111289213.7A Pending CN116089924A (en) | 2021-11-02 | 2021-11-02 | Method, device, computer equipment and storage medium for accessing permission data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116089924A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116980182A (en) * | 2023-06-21 | 2023-10-31 | 杭州明实科技有限公司 | Abnormal request detection method and device and electronic equipment |
-
2021
- 2021-11-02 CN CN202111289213.7A patent/CN116089924A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116980182A (en) * | 2023-06-21 | 2023-10-31 | 杭州明实科技有限公司 | Abnormal request detection method and device and electronic equipment |
| CN116980182B (en) * | 2023-06-21 | 2024-02-27 | 杭州明实科技有限公司 | Abnormal request detection method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11025963B2 (en) | Data processing method, apparatus, and system for live streaming page | |
| CN108932429B (en) | Application program analysis method, terminal and storage medium | |
| US9800609B2 (en) | Method, device and system for detecting malware in a mobile terminal | |
| EP2446356B1 (en) | Migrating functionality in virtualized mobile devices | |
| US8233882B2 (en) | Providing security in mobile devices via a virtualization software layer | |
| US8341749B2 (en) | Preventing malware attacks in virtualized mobile devices | |
| US8219063B2 (en) | Controlling usage in mobile devices via a virtualization software layer | |
| US10198573B2 (en) | Method, device and computer storage medium for controlling the running of an application | |
| CN106598584B (en) | Method, device and system for processing resource file | |
| WO2015158300A1 (en) | Methods and terminals for generating and reading 2d barcode and servers | |
| TW201514747A (en) | Method, apparatus and system for detecting webpages | |
| CN109992965B (en) | Process processing method and device, electronic equipment and computer readable storage medium | |
| WO2018077041A1 (en) | Method and apparatus for running application | |
| CN108881103B (en) | Network access method and device | |
| US20190199795A1 (en) | Method and device for synchronizing backup data, storage medium, electronic device, and server | |
| Haris et al. | Evolution of android operating system: a review | |
| CN111478849B (en) | Service access method, device and storage medium | |
| WO2013159632A1 (en) | Method, firewall, terminal and readable storage medium for implementing security protection | |
| CN110032321B (en) | Application processing method and device, electronic equipment and computer readable storage medium | |
| CN106713608B (en) | Application function state modification method and device and terminal | |
| CN108090345B (en) | Linux system external command execution method and device | |
| WO2015062234A1 (en) | Mobile terminal resource processing method, device and apparatus | |
| CN111723163B (en) | Information processing method, device and system | |
| CN116089924A (en) | Method, device, computer equipment and storage medium for accessing permission data | |
| CN111177612B (en) | Page login authentication method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |