WO2018054230A1 - Method and device for controlling access right of application program - Google Patents

Method and device for controlling access right of application program Download PDF

Info

Publication number
WO2018054230A1
WO2018054230A1 PCT/CN2017/101041 CN2017101041W WO2018054230A1 WO 2018054230 A1 WO2018054230 A1 WO 2018054230A1 CN 2017101041 W CN2017101041 W CN 2017101041W WO 2018054230 A1 WO2018054230 A1 WO 2018054230A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
access
information
access right
authorized
Prior art date
Application number
PCT/CN2017/101041
Other languages
French (fr)
Chinese (zh)
Inventor
范孟利
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018054230A1 publication Critical patent/WO2018054230A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Definitions

  • the present invention relates to the field of communications, and in particular to an access control method and apparatus for an application.
  • the application When the application is installed in the terminal, the application will request access to the terminal, such as access to the phone, SMS, camera, address book, microphone.
  • the terminal such as access to the phone, SMS, camera, address book, microphone.
  • Most applications do not require these access rights at runtime, and the use of the application has nothing to do with these access rights.
  • the reason why the application will request access rights that are not used may be due to the design of the programming, or it may be deliberately required to maliciously obtain the information in the terminal. If the user does not allow the application to gain access, the application will not function properly or even start. If the user opens the access required by the application, the application will not use these access permissions when running, and sometimes it will bring hidden dangers to the information security of the terminal.
  • the picture beautification software when installing a picture beautification software, the picture beautification software requests to obtain a final call record; when installing a historical novel reading software, the reading software requests to read the user's location information.
  • the photo landscaping software does not use the call history, and the reading software has nothing to do with the user's location. If the user does not allow authorization for the access permission required by the application software, the application software cannot be used normally, or even the application software cannot be opened; if the access permission is opened for the application software, the call history, geographical location, and exposure may be unconsciously exposed. Important information such as address book and SMS memory.
  • the invention provides an access control method and device for an application program, which are used to solve the problem An issue where the application will not function properly when authorizing access to the application request.
  • An embodiment of the present invention provides a method for controlling access rights of an application, including: receiving a request sent by an application for authorizing access rights; determining whether to prohibit granting the access permission to the application; The application grants the access right, and the access right is closed for the application, and the information that the access right has been authorized is sent to the application.
  • Determining whether to prohibit the granting the access right to the application includes: generating, according to the request, prompt information including information of the access authority; receiving a selection instruction determined according to the prompt information; The selection instruction is a prohibition authorization instruction, and the access authority is prohibited from being granted to the application.
  • Determining whether to prohibit the granting the access right to the application includes: querying, according to the request, a preset application permission comparison table; the application permission comparison table records the matching application and access rights. Information; determining whether the information of the application and the access right match; if the information of the application and the access right do not match, prohibiting granting the access right to the application.
  • the method further includes: if the application has been authorized to access, the access is disabled, and the application is sent the information that the access authority has been authorized.
  • the method further includes: in the running of the application, if the application accesses based on the closed access right, feeding back the preset to the application information.
  • the embodiment of the present invention further provides an access control device for an application, comprising: a receiving module, configured to receive a request sent by an application for authorizing access rights; and a determining module configured to determine whether to prohibit the The application grants the access authority; the sending module is configured to determine, in the determining module, prohibiting granting the access right to the application In the case, the access right is closed for the application, and the information that the access right has been authorized is sent to the application.
  • the device further includes a determining module, configured to: generate, according to the request, prompt information including information of the access authority; receive a selection instruction determined according to the prompt information; if the selection If the instruction is an authorization authorization instruction, the access authority is prohibited from being granted to the application.
  • a determining module configured to: generate, according to the request, prompt information including information of the access authority; receive a selection instruction determined according to the prompt information; if the selection If the instruction is an authorization authorization instruction, the access authority is prohibited from being granted to the application.
  • the device further includes a determining module: the determining module is configured to query a preset application permission comparison table according to the request; the application permission comparison table records information of the matched application and access rights. Determining whether the information of the application and the access authority match; if the information of the application and the access right do not match, prohibiting granting the access right to the application.
  • the sending module is further configured to: if the application has been authorized to have access rights disabled, open the access right for the application, and send the access permission to the application has been authorized Information.
  • the sending module is further configured to: after the application is closed for the application, in the running of the application, if the application accesses based on the closed access right, the application is applied to the application The program feeds back the preset information.
  • An embodiment of the present invention further provides a storage medium, where the storage medium includes a stored program, where the program runs to execute an access permission control method of the application.
  • the present invention receives a request sent by an application for authorizing an access right; and in a case where the access right is prohibited from being granted to the application, the information that the access right has been authorized successfully is sent to the application.
  • the application is not granted the access right, but when the application receives the authorized information, the application believes that the application already has the required access rights, and can access the function or application corresponding to the access right. In this case, the application can be used normally.
  • FIG. 1 is a flowchart of an access right control method of an application according to a first embodiment of the present invention
  • FIG. 2 is a flowchart of an access right control method of an application according to a second embodiment of the present invention
  • FIG. 3 is a flowchart of a method for controlling access rights of an application according to a third embodiment of the present invention.
  • FIG. 4 is a system framework diagram of access authority control of an application according to a fourth embodiment of the present invention.
  • Figure 5 is a structural diagram of an access authority control apparatus of an application program according to a fifth embodiment of the present invention.
  • the present invention provides a method for controlling access rights of an application, comprising: receiving a request sent by an application for authorizing an access right; and in the case of prohibiting granting the access right to the application, the application is The program closes the access right and sends the application the information that the access right has been authorized successfully.
  • the application is not granted the access right, so that the application disables the access right, but when the application receives the authorized success information, the application considers that the application has the required access rights and can access the access right.
  • the corresponding function or application in this case, the application can be used normally.
  • the request is used to obtain access to the call record; in fact, the Mito software does not use the right to access the call record during the running process, so the access to the Mito software can be prohibited.
  • Permission to call records in the ban on the granting of Meitu software
  • the Mito software disables the right to access the call record, and the Mito software sends the permission to access the call record has been authorized successfully, and actually does not have permission to access the call record for the Mito software, but After receiving the information that the authorization has been successfully authorized, the Meitu software considers that the call record can be accessed.
  • the invention can solve the problem that the application program cannot be used normally when the authorization permission requested by the application is not allowed, and the hidden danger of the terminal information security caused by the malicious request permission of the application can be avoided, and the user is convenient to use the application.
  • the program can also improve the security of the terminal information, and the user experience is good.
  • This embodiment provides an access permission control method for an application.
  • the execution body of this embodiment is a terminal.
  • An application is installed in the terminal.
  • 1 is a flow chart of a method for controlling access rights of an application according to a first embodiment of the present invention.
  • Step S110 receiving a request sent by the application for granting access rights.
  • the access rights correspond to the functions or applications in the terminal.
  • An application can access a feature or application corresponding to that access right only if the application is granted access.
  • the navigation software needs to be granted the right to access the geographic location of the terminal, in order to obtain the geographical location of the terminal, and identify the geographical location of the terminal in the navigation software.
  • step S120 it is determined whether the access authority is prohibited from being granted to the application; if yes, step S140 is performed; if not, step S130 is performed.
  • the access right According to the user's input, it can be judged whether the access right can be granted to the application; or the access right that each application really needs to be used can be collected in advance, and according to the collected result, whether the access right can be granted to the application can be determined.
  • Step S130 in the case that the access permission is granted to the application, the access permission is turned on for the application, and the information that the access right has been authorized is sent to the application.
  • Turning on access for an application grants the application access to the application, enabling the application to access the application or feature for that access.
  • an instruction for granting the access right to the application may be received, the access permission is opened for the application according to the instruction, and the access right is sent to the application.
  • Step S140 in the case that the access right is prohibited from being granted to the application, the access right is closed for the application, and the information that the access right has been authorized is sent to the application.
  • Turning off access for an application means that the application is not granted access, so that the application cannot access the application or function corresponding to the access.
  • an instruction to prohibit the application from being granted the access right may be received, the access permission is closed for the application according to the instruction, and the application is disabled at the bottom of the system.
  • Access rights but in order for the application to be used normally, send information to the application that the access has been authorized successfully to notify the application that the access is already available.
  • the application After the application believes that the required access rights are all authorized, the application can be used normally.
  • the access rights that the application has been authorized are prohibited, the information that the access rights have been authorized is sent to the application. Further, if the access permission that the application does not need to be used is authorized, the access right may be turned off, and the access right is authorized to be sent to the application when the application is opened or during the running of the application. The successful information makes the application not to be used normally because access rights are prohibited.
  • the preset information is fed back to the application. Further, if it is forbidden to grant an access right to the application, the access right is closed for the application, and the information that the access right has been authorized successfully is sent to the application, the application accesses the corresponding access right.
  • the application is prohibited from accessing the function or application corresponding to the access right, and the preset information is fed back to the application, so that the application believes that the access right can be used normally.
  • the preset information may be a null value or information having a preset content.
  • the application considers that the required access rights have been authorized, and always believes that the required access rights have been authorized, so that the application can be used normally by the user, but the application cannot be truly used during use.
  • the function or application corresponding to the access right is accessed, so that the information security of the terminal is not threatened.
  • the terminal system includes security restrictions.
  • This safety limit includes: Dangerous rating.
  • the hazard level indicates a potential risk, the system does not automatically authorize the application, and needs to be confirmed by the user to authorize.
  • An application is installed in the terminal, and the application requesting access rights is considered by the end system to be a dangerous level.
  • the prompt information including the information of the access right may be generated; and the selection instruction determined according to the prompt information may be received; if the selection instruction is If the authorization instruction is not allowed, the access authority is prohibited from being granted to the application; if the selection instruction is an authorization authorization instruction, the application is allowed to grant the access authority.
  • the application has not been authorized to access one.
  • it is determined whether to grant the access permission to the application for each access right that has not been authorized.
  • FIG. 2 is a flow chart of a method for controlling access rights of an application according to a second embodiment of the present invention.
  • step S210 when the application is started, the access permission required by the application is queried according to the request of the application.
  • the access rights required by the application are the access rights that the application is expected to get when designing the application.
  • the access required by the application is not necessarily the access that is required to run the application.
  • the application's request is used to request authorization for the access required by the application.
  • step S220 may be directly executed after receiving the request.
  • Step S220 determining whether the access authority requested by the application has been authorized; if yes, executing step S270; if not, executing step S230.
  • a rights management option is set in the terminal system, in which the access rights of the application can be turned on or off.
  • Step S230 providing the user with the prompt information including the information of the access authority, and receiving the selection instruction determined according to the prompt information.
  • the prompt box includes information on whether to allow the application to grant the access permission, and sets whether or not to allow the application to grant the access permission. With this option the user can enter a selection command.
  • Choices include: a selection that allows the application to be granted the access and a selection that prohibits the application from being granted the access.
  • a selection instruction that allows authorization can be entered by an option that allows the application to be granted the access.
  • a selection instruction that prohibits authorization can be entered by disabling the option to grant the access to the application.
  • the selection instruction is: permission authorization instruction or prohibition authorization instruction.
  • Step S240 determining, according to the selection instruction, whether the user is allowed to grant the application The access authority is granted; if yes, step S250 is performed; if no, step S260 is performed.
  • the selection instruction is an permission authorization instruction, it may be determined that the user is allowed to grant the access authority to the application; if the selection instruction is the prohibition authorization instruction, it may be determined that the user is not allowed to grant the access right to the application.
  • a prompt box pops up in the user interface, and a prompt message "Whether the Mito software is allowed to access the current location information" is set in the prompt box, and the options "Yes” and “No” are set, if the user If "Yes” is selected, the user is allowed to access the current location information; if the user selects "No", the user is not allowed to access the current location information.
  • Step S250 authorizing the access right, and returning information to the application that the access right has been authorized.
  • Step S260 the access authority is not authorized, and information that the access right has been authorized is returned to the application.
  • step S270 the application is run.
  • the application After the application receives the information that the access rights have been authorized, it is determined that the access rights have been authorized. If all the access rights required by the application receive the information that has already been authorized, it can run normally.
  • the application works fine because the application believes that its required access rights are already authorized. If the user finds that there is no need to provide an access right for the application, in the setup menu, the access permission can be turned off, and the authorization for the access permission is disabled.
  • the application permission comparison table records information of the matched application and access rights; determining the application and the Whether the information of the access right matches; if the information of the application and the access right do not match, the access right is prohibited from being granted to the application; if the application and the access right match, the permission is allowed The application Grant the access rights.
  • the application has not been authorized to access one.
  • it is determined whether to grant the access permission to the application for each access right that has not been authorized.
  • FIG. 3 is a flow chart of a method for controlling access rights of an application according to a third embodiment of the present invention.
  • step S310 an application permission comparison table is set in advance.
  • the application permissions comparison table is used to record matching applications and access rights. Applications and access rights can be replaced with identifiers in the application permissions comparison table.
  • Matching the application and access rights means that the application will use that access right during the run.
  • the navigation software matches the access rights of the geographic location, and the access rights of the Mito software and the photo album match.
  • a mismatch between the application and the access rights indicates that the application does not use the access right during the run or that the application uses the access right as a malicious behavior during the run.
  • Malicious behavior includes that the information obtained by the application based on the access rights is not used in the running of the application, but directly sends the obtained information to the preset server.
  • the access rights of the Mito software and the geographical location do not match; the Mito software obtains the call record in the terminal based on the call record access right, and sends the call record to the server for sending the short message, which is a malicious behavior.
  • step S320 when the application is started, the access permission required by the application is queried according to the request of the application.
  • step S330 it is determined whether the access rights requested by the application are all authorized; if yes, step S370 is performed; if not, step S340 is performed.
  • Step S340 querying whether the information of the application and the access authority match according to the application permission comparison table; if yes, executing step S350; if not, executing step S360.
  • Step S350 authorizing the access right, and returning information to the application that the access right has been authorized.
  • Step S360 the access authority is not authorized, and information that the access right has been authorized is returned to the application.
  • step S370 the application is run.
  • the prompt information including the information of the access right may be generated, and the selection instruction input according to the prompt information may be received; if the selection instruction is the prohibition authorization instruction, Not authorizing the access right, and returning to the application information that the access right has been authorized; if the selecting instruction is an allow authorization command, authorizing the access right, and returning the access right to the application has been Authorized information.
  • the embodiment adds a rights management layer in the system architecture of the terminal, and the authority The management is responsible for controlling access to the application.
  • 4 is a system framework diagram of access authority control of an application according to a fourth embodiment of the present invention.
  • the system running on the terminal can be an Android (Android) system.
  • the system framework includes: application framework layer, rights management layer and application layer.
  • the rights management layer is used to control access rights of the application.
  • the application framework layer is used to manage the access rights of the application, that is, to enable or disable access rights.
  • the rights management layer is located between the application layer and the application framework layer. Authority management and applications The sequence layer can exchange information. The rights management layer and the application framework layer need to interact with each other through the system API.
  • the application generates a request for authorizing an access right at the application layer, and discriminates whether the user is allowed to authorize the access authority requested by the application, and the result is sent to the authority management layer;
  • the rights management layer controls the application framework layer to open the access authority, and forwards the information that the access authority of the application framework layer has been authorized to the application; if the authorization is not allowed, the rights management layer controls the application framework layer
  • the access permission is not turned on, and the information that the access permission of the application framework layer is not authorized is intercepted, and information that the access authority has been authorized is generated according to the information and forwarded to the application;
  • the application framework layer is opened under the control of the authority management layer or The access right is closed, and the corresponding information that the access right has been authorized or not authorized is generated, and the information is sent to the rights management layer.
  • the rights management layer may also discard the information that the access authority of the application framework layer is not authorized, and generate a message that the access authority has been authorized and send it to the application.
  • the application when the application is installed, the application can request access to the rights management layer.
  • the rights management layer reads the configuration information of the application according to the request, and queries the access rights required by the application.
  • the rights management layer pops up a prompt box at the application layer asking if the user is allowed to grant access.
  • the rights management layer sets a true identity for the access to the application and records it.
  • the true identity indicates that the access permission is enabled for the application at the application framework layer.
  • the rights management layer controls the application framework layer to enable this access for the application. After the application framework layer opens the access right for the application, the permission management layer returns information to the application that the access right has been authorized.
  • the rights management layer sets a pseudo identity for the access to the application and records it. This pseudo-identification indicates that the access right is disabled for the application at the application framework layer.
  • the rights management layer controls the application framework layer not to open the access rights, but when the rights management layer returns information to the application that the access rights are not authorized, The rights management layer intercepts the information and modifies the information to information that the access rights have been authorized. The rights management layer then sends the modified information to the application.
  • the rights management layer may first query whether the identifier corresponding to the access right is a true identifier or a pseudo identifier; if it is a true identifier, the application is allowed to utilize the access permission. Accessing the corresponding function or application; if it is a pseudo-identity, the application is prohibited from accessing the corresponding function or application by using the access right. When the application is prohibited from accessing the corresponding function or application by using the access right, the preset information can be returned to the application. This does not affect the normal use of the application, but also protects the security of user information and privacy.
  • the rights management option can be added in the setting menu, and the user can actively set the access rights of the application in the setting menu, and enable or disable the access right.
  • the rights management layer sets a pseudo identity for the access permission of the application and updates the record; Under the control of the application framework layer, the access permission granted to the application is disabled.
  • the permission management layer returns the information that the access right is not authorized to the application, the rights management layer intercepts the information and modifies the information to the Access rights have been granted, and the application still considers that access rights are available when it receives the modified information.
  • FIG. 5 is a block diagram showing an access authority control apparatus of an application program according to a fifth embodiment of the present invention.
  • the apparatus described in this embodiment can be set in the above-mentioned authority management layer.
  • the device includes:
  • the receiving module 510 is configured to receive, by the application, an authorization to authorize access rights. Request.
  • the determining module 520 is configured to determine whether to prohibit granting the access right to the application.
  • the sending module 530 is configured to: when the determining module 520 determines that the access permission is not granted to the application, disable the access right for the application, and send the access permission to the application Authorized information.
  • the determining module 520 is configured to generate prompt information including information of the access authority according to the request, receive a selection instruction determined according to the prompt information, and if the selection instruction is prohibited Authorization instructions prohibit the granting of the access rights to the application.
  • the determining module 520 is configured to query a preset application permission comparison table according to the request; the application permission comparison table records information of the matched application and access rights; Whether the information of the application and the access authority match; if the application does not match the access right, prohibiting granting the access right to the application.
  • the sending module 530 is further configured to: if the application has been authorized to have access rights disabled, open the access right for the application, and send the access to the application The information that the permission has been authorized.
  • the sending module 530 is further configured to: after the access authority is closed for the application, in the running of the application, if the application accesses based on the closed access right, then Feed back the preset information to the application.
  • the present invention receives a request sent by an application for authorizing an access right; and in a case where the access right is prohibited from being granted to the application, the information that the access right has been authorized successfully is sent to the application.
  • the application is not granted the access right, but when the application receives the authorized information, the application believes that the application already has the required access rights, and can access the function or application corresponding to the access right. In this case, the application can be used normally.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A method and a device for controlling the access right of an application program. The method comprises: receiving a request that is transmitted by an application program and used for granting an access right; determining whether to prohibit granting the access right to the application program; if granting the access right to the application program is prohibited, disabling the access right for the application program, and transmitting to the application program information that the access right has been granted. Thus the method does not actually grant the access right to the application program, but when the application program receives the information that the access right has been granted, it is considered that the application program has the required access right and can access a function or application corresponding to the access right, and in this case, the application program can be normally used.

Description

一种应用程序的访问权限控制方法及装置Access control method and device for application 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种应用程序的访问权限控制方法和装置。The present invention relates to the field of communications, and in particular to an access control method and apparatus for an application.
背景技术Background technique
目前,为了提升用户的生活质量,大量的终端应用程序应运而生,这些应用程序用途多种多样,有生活类、娱乐类、学习类等类型。At present, in order to improve the quality of life of users, a large number of terminal applications have emerged. These applications are used in a variety of ways, including life, entertainment, and learning.
在终端中安装应用程序时,应用程序会请求获得终端的访问权限,比如:访问电话、短信、相机、通讯录、麦克风的权限。然而,实际上大部分应用程序在运行时并不需要这些访问权限,应用程序的使用与这些访问权限毫无关系。之所以应用程序会请求获得不会使用到的访问权限,可能是因为模式化的程序设计造成的,也可能是需要恶意获取终端中的信息而故意为之。如果用户不允许应用程序获取访问权限,则该应用程序就不能正常使用,甚至无法启动。如果用户开启应用程序要求的访问权限,则应用程序运行时不会使用这些访问权限,有时还会给终端的信息安全带来隐患。When the application is installed in the terminal, the application will request access to the terminal, such as access to the phone, SMS, camera, address book, microphone. However, in practice most applications do not require these access rights at runtime, and the use of the application has nothing to do with these access rights. The reason why the application will request access rights that are not used may be due to the design of the programming, or it may be deliberately required to maliciously obtain the information in the terminal. If the user does not allow the application to gain access, the application will not function properly or even start. If the user opens the access required by the application, the application will not use these access permissions when running, and sometimes it will bring hidden dangers to the information security of the terminal.
例如:在安装一款图片美化软件时,该图片美化软件请求获取终通话记录;在安装一款历史小说阅读软件时,该阅读软件请求读取用户的位置信息。然而,图片美化软件不会使用到通话记录,阅读软件和用户的位置也没有任何关系。如果用户不允许对应用软件要求的访问权限授权,就无法正常使用该应用软件,甚至无法打开应用软件;如果为应用软件开启访问权限,可能会在不知不觉间暴露了通话记录、地理位置、通讯录、短信内存等重要信息。For example, when installing a picture beautification software, the picture beautification software requests to obtain a final call record; when installing a historical novel reading software, the reading software requests to read the user's location information. However, the photo landscaping software does not use the call history, and the reading software has nothing to do with the user's location. If the user does not allow authorization for the access permission required by the application software, the application software cannot be used normally, or even the application software cannot be opened; if the access permission is opened for the application software, the call history, geographical location, and exposure may be unconsciously exposed. Important information such as address book and SMS memory.
发明内容Summary of the invention
本发明提供一种应用程序的访问权限控制方法和装置,用以解决不允 许对应用程序请求的访问权限进行授权时,应用程序将无法正常使用的问题。The invention provides an access control method and device for an application program, which are used to solve the problem An issue where the application will not function properly when authorizing access to the application request.
为了解决上述技术问题,本发明是通过以下技术方案来解决的:In order to solve the above technical problems, the present invention is solved by the following technical solutions:
本发明实施例提供了一种应用程序的访问权限控制方法,包括:接收应用程序发送的用于对访问权限进行授权的请求;判断是否禁止为所述应用程序授予所述访问权限;如果禁止为所述应用程序授予所述访问权限,则为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。An embodiment of the present invention provides a method for controlling access rights of an application, including: receiving a request sent by an application for authorizing access rights; determining whether to prohibit granting the access permission to the application; The application grants the access right, and the access right is closed for the application, and the information that the access right has been authorized is sent to the application.
其中,判断是否禁止为所述应用程序授予所述访问权限,包括:根据所述请求,生成包含有所述访问权限的信息的提示信息;接收根据所述提示信息确定的选择指令;如果所述选择指令为禁止授权指令,则禁止为所述应用程序授予所述访问权限。Determining whether to prohibit the granting the access right to the application includes: generating, according to the request, prompt information including information of the access authority; receiving a selection instruction determined according to the prompt information; The selection instruction is a prohibition authorization instruction, and the access authority is prohibited from being granted to the application.
其中,判断是否禁止为所述应用程序授予所述访问权限,包括:根据所述请求,查询预设的应用程序权限对照表;所述应用程序权限对照表记录了匹配的应用程序和访问权限的信息;确定所述应用程序和所述访问权限的信息是否匹配;如果所述应用程序和所述访问权限的信息不匹配,则禁止为所述应用程序授予所述访问权限。Determining whether to prohibit the granting the access right to the application includes: querying, according to the request, a preset application permission comparison table; the application permission comparison table records the matching application and access rights. Information; determining whether the information of the application and the access right match; if the information of the application and the access right do not match, prohibiting granting the access right to the application.
其中,还包括:如果所述应用程序已经被授权的访问权限被禁止,则为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。The method further includes: if the application has been authorized to access, the access is disabled, and the application is sent the information that the access authority has been authorized.
其中,在为所述应用程序关闭所述访问权限之后,还包括:在所述应用程序运行中,如果所述应用程序基于被关闭的访问权限进行访问,则向所述应用程序反馈预设的信息。After the access permission is closed for the application, the method further includes: in the running of the application, if the application accesses based on the closed access right, feeding back the preset to the application information.
本发明实施例还提供了一种应用程序的访问权限控制装置,包括:接收模块,设置为接收应用程序发送的用于对访问权限进行授权的请求;判断模块,设置为判断是否禁止为所述应用程序授予所述访问权限;发送模块,设置为在所述判断模块判定禁止为所述应用程序授予所述访问权限的 情况下,为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。The embodiment of the present invention further provides an access control device for an application, comprising: a receiving module, configured to receive a request sent by an application for authorizing access rights; and a determining module configured to determine whether to prohibit the The application grants the access authority; the sending module is configured to determine, in the determining module, prohibiting granting the access right to the application In the case, the access right is closed for the application, and the information that the access right has been authorized is sent to the application.
其中,所述装置还包括判断模块:所述判断模块,设置为根据所述请求,生成包含有所述访问权限的信息的提示信息;接收根据所述提示信息确定的选择指令;如果所述选择指令为禁止授权指令,则禁止为所述应用程序授予所述访问权限。The device further includes a determining module, configured to: generate, according to the request, prompt information including information of the access authority; receive a selection instruction determined according to the prompt information; if the selection If the instruction is an authorization authorization instruction, the access authority is prohibited from being granted to the application.
其中,所述装置还包括判断模块:所述判断模块,设置为根据所述请求,查询预设的应用程序权限对照表;所述应用程序权限对照表记录了匹配的应用程序和访问权限的信息;确定所述应用程序和所述访问权限的信息是否匹配;如果所述应用程序和所述访问权限的信息不匹配,则禁止为所述应用程序授予所述访问权限。The device further includes a determining module: the determining module is configured to query a preset application permission comparison table according to the request; the application permission comparison table records information of the matched application and access rights. Determining whether the information of the application and the access authority match; if the information of the application and the access right do not match, prohibiting granting the access right to the application.
其中,所述发送模块还设置为:如果所述应用程序已经被授权的访问权限被禁止,则为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。The sending module is further configured to: if the application has been authorized to have access rights disabled, open the access right for the application, and send the access permission to the application has been authorized Information.
其中,所述发送模块还设置为:在为所述应用程序关闭所述访问权限之后,在所述应用程序运行中,如果所述应用程序基于被关闭的访问权限进行访问,则向所述应用程序反馈预设的信息。The sending module is further configured to: after the application is closed for the application, in the running of the application, if the application accesses based on the closed access right, the application is applied to the application The program feeds back the preset information.
本发明实施例还提供了一种存储介质,所述存储介质包括存储的程序,其中,所述程序运行时执行上述应用程序的访问权限控制方法。An embodiment of the present invention further provides a storage medium, where the storage medium includes a stored program, where the program runs to execute an access permission control method of the application.
本发明有益效果如下:The beneficial effects of the present invention are as follows:
本发明接收应用程序发送的用于对访问权限进行授权的请求;在禁止为该应用程序授予该访问权限的情况下,向该应用程序发送该访问权限已经授权成功的信息。这样,实际上没有为应用程序授予该访问权限,但是应用程序在接收到该已经被授权的信息时,认为应用程序已经具备所需的访问权限,可以访问该访问权限对应的功能或应用,在这种情况下,应用程序可以正常使用。 The present invention receives a request sent by an application for authorizing an access right; and in a case where the access right is prohibited from being granted to the application, the information that the access right has been authorized successfully is sent to the application. In this way, the application is not granted the access right, but when the application receives the authorized information, the application believes that the application already has the required access rights, and can access the function or application corresponding to the access right. In this case, the application can be used normally.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明第一实施例的应用程序的访问权限控制方法的流程图;1 is a flowchart of an access right control method of an application according to a first embodiment of the present invention;
图2是根据本发明第二实施例的应用程序的访问权限控制方法的流程图;2 is a flowchart of an access right control method of an application according to a second embodiment of the present invention;
图3是根据本发明第三实施例的应用程序的访问权限控制方法的流程图;3 is a flowchart of a method for controlling access rights of an application according to a third embodiment of the present invention;
图4是根据本发明第四实施例的应用程序的访问权限控制的系统框架图;4 is a system framework diagram of access authority control of an application according to a fourth embodiment of the present invention;
图5是根据本发明第五实施例的应用程序的访问权限控制装置的结构图。Figure 5 is a structural diagram of an access authority control apparatus of an application program according to a fifth embodiment of the present invention.
具体实施方式detailed description
本发明提供一种应用程序的访问权限控制方法,包括:接收应用程序发送的用于对访问权限进行授权的请求;在禁止为所述应用程序授予所述访问权限的情况下,为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经授权成功的信息。The present invention provides a method for controlling access rights of an application, comprising: receiving a request sent by an application for authorizing an access right; and in the case of prohibiting granting the access right to the application, the application is The program closes the access right and sends the application the information that the access right has been authorized successfully.
这样,实际上没有为应用程序授予该访问权限,使应用程序禁用该访问权限,但是应用程序在接收到该已经授权成功信息时,认为应用程序已经具备所需的访问权限,可以访问该访问权限对应的功能或应用,在这种情况下,应用程序可以正常使用。In this way, the application is not granted the access right, so that the application disables the access right, but when the application receives the authorized success information, the application considers that the application has the required access rights and can access the access right. The corresponding function or application, in this case, the application can be used normally.
例如:接收美图软件发送的请求,该请求用于获得访问通话记录的权限;实际上,美图软件在运行过程中不会使用到访问通话记录的权限,所以可以禁止为美图软件授予访问通话记录的权限;在禁止为美图软件授予 访问通话记录的权限时,使美图软件禁用该访问通话记录的权限,向美图软件发送访问通话记录的权限已经授权成功的信息,实际上没有为美图软件开启访问通话记录的权限,但是美图软件接收到已经授权成功的信息后,认为可以访问通话记录。For example, receiving a request sent by the Mito software, the request is used to obtain access to the call record; in fact, the Mito software does not use the right to access the call record during the running process, so the access to the Mito software can be prohibited. Permission to call records; in the ban on the granting of Meitu software When accessing the call record permission, the Mito software disables the right to access the call record, and the Mito software sends the permission to access the call record has been authorized successfully, and actually does not have permission to access the call record for the Mito software, but After receiving the information that the authorization has been successfully authorized, the Meitu software considers that the call record can be accessed.
通过本发明可以解决不允许对应用程序请求的访问权限进行授权时,应用程序将无法正常使用的问题,而且,可以避免应用程序恶意请求访问权限给终端信息安全带来的隐患,方便用户使用应用程序的同时还可以提升终端信息安全,用户体验效果好。The invention can solve the problem that the application program cannot be used normally when the authorization permission requested by the application is not allowed, and the hidden danger of the terminal information security caused by the malicious request permission of the application can be avoided, and the user is convenient to use the application. At the same time, the program can also improve the security of the terminal information, and the user experience is good.
以下结合附图以及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不限定本发明。The invention will be further described in detail below with reference to the drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
实施例一Embodiment 1
本实施例提供一种应用程序的访问权限控制方法。本实施例的执行主体为终端。在该终端中安装有应用程序。图1是根据本发明第一实施例的应用程序的访问权限控制方法的流程图。This embodiment provides an access permission control method for an application. The execution body of this embodiment is a terminal. An application is installed in the terminal. 1 is a flow chart of a method for controlling access rights of an application according to a first embodiment of the present invention.
步骤S110,接收应用程序发送的用于授予访问权限的请求。Step S110, receiving a request sent by the application for granting access rights.
在安装或运行应用程序时,接收应用程序发送的用于授予访问权限的请求。Receives a request from the application to grant access when the application is installed or running.
访问权限对应终端中的功能或应用。仅在应用程序被授予访问权限的情况下,应用程序才可以访问该访问权限对应的功能或应用。The access rights correspond to the functions or applications in the terminal. An application can access a feature or application corresponding to that access right only if the application is granted access.
例如:导航软件需要被授予访问终端地理位置的权限,才可以获得终端的地理位置,并在导航软件中标识出终端所在的地理位置。For example, the navigation software needs to be granted the right to access the geographic location of the terminal, in order to obtain the geographical location of the terminal, and identify the geographical location of the terminal in the navigation software.
步骤S120,判断是否禁止为该应用程序授予该访问权限;若是,则执行步骤S140;若否,则执行步骤S130。In step S120, it is determined whether the access authority is prohibited from being granted to the application; if yes, step S140 is performed; if not, step S130 is performed.
可以根据用户的输入,来判断是否可以为应用程序授予该访问权限;也可以预先收集每个应用程序真正需要使用的访问权限,根据收集的结果,判断是否可以为该应用程序授予该访问权。 According to the user's input, it can be judged whether the access right can be granted to the application; or the access right that each application really needs to be used can be collected in advance, and according to the collected result, whether the access right can be granted to the application can be determined.
步骤S130,在允许为该应用程序授予该访问权限的情况下,为该应用程序开启该访问权限,并向该应用程序发送该访问权限已经被授权的信息。Step S130, in the case that the access permission is granted to the application, the access permission is turned on for the application, and the information that the access right has been authorized is sent to the application.
为应用程序开启访问权限即是为该应用程序授权该访问权限,使该应用程序能够访问该访问权限对应的应用或功能。Turning on access for an application grants the application access to the application, enabling the application to access the application or feature for that access.
在允许为该应用程序授予该访问权限的情况下,可以接收到为该应用程序授予该访问权限的指令,根据该指令为该应用程序开启该访问权限,并向该应用程序发送该访问权限已经授权成功的信息,以便通知应用程序已经具备该访问权限。In the case that the application is allowed to grant the access right, an instruction for granting the access right to the application may be received, the access permission is opened for the application according to the instruction, and the access right is sent to the application. Authorize successful information to notify the application that the access is already available.
步骤S140,在禁止为该应用程序授予该访问权限的情况下,为该应用程序关闭该访问权限,并向该应用程序发送该访问权限已经被授权的信息。Step S140, in the case that the access right is prohibited from being granted to the application, the access right is closed for the application, and the information that the access right has been authorized is sent to the application.
为应用程序关闭访问权限即是不为该应用程序授予该访问权限,使该应用程序不能访问该访问权限对应的应用或功能。Turning off access for an application means that the application is not granted access, so that the application cannot access the application or function corresponding to the access.
在禁止为该应用程序授予该访问权限的情况下,可以接收到禁止为该应用程序授予该访问权限的指令,根据该指令为该应用程序关闭该访问权限,在系统底层使该应用程序禁用该访问权限,但是为了使应用程序可以被正常使用,向该应用程序发送该访问权限已经授权成功的信息,以便通知应用程序已经具备该访问权限。In the case that the application is prohibited from granting the access right, an instruction to prohibit the application from being granted the access right may be received, the access permission is closed for the application according to the instruction, and the application is disabled at the bottom of the system. Access rights, but in order for the application to be used normally, send information to the application that the access has been authorized successfully to notify the application that the access is already available.
在应用程序认为要求的访问权限全部被授权后,应用程序可以被正常使用。After the application believes that the required access rights are all authorized, the application can be used normally.
如果应用程序已经被授权的访问权限被禁止,则向该应用程序发送所述访问权限已经被授权的信息。进一步地,如果应用程序不需要使用的访问权限被授权,则可以关闭该访问权限,并在开启该应用程序时或者在运行该应用程序的过程中,向该应用程序发送所述访问权限已经授权成功的信息,使得该应用程序不会因为访问权限被禁止而不能被正常使用。If the access rights that the application has been authorized are prohibited, the information that the access rights have been authorized is sent to the application. Further, if the access permission that the application does not need to be used is authorized, the access right may be turned off, and the access right is authorized to be sent to the application when the application is opened or during the running of the application. The successful information makes the application not to be used normally because access rights are prohibited.
在应用程序运行中,如果该应用程序基于被关闭的访问权限进行访问, 则向该应用程序反馈预设的信息。进一步地,如果在禁止为应用程序授予某一访问权限,为该应用程序关闭该访问权限,且向该应用程序发送该访问权限已经授权成功的信息,则该应用程序在访问该访问权限对应的功能或应用时,禁止该应用程序在访问该访问权限对应的功能或应用,并向该应用程序反馈预设的信息,使该应用程序认为该访问权限可以正常使用。该预设的信息可以是空值或者具有预设内容的信息。While the application is running, if the application is accessed based on the closed access rights, The preset information is fed back to the application. Further, if it is forbidden to grant an access right to the application, the access right is closed for the application, and the information that the access right has been authorized successfully is sent to the application, the application accesses the corresponding access right. When the function or application is used, the application is prohibited from accessing the function or application corresponding to the access right, and the preset information is fed back to the application, so that the application believes that the access right can be used normally. The preset information may be a null value or information having a preset content.
在本实施例中,应用程序认为要求的访问权限已经被授权,并且始终认为要求的访问权限已经被授权,这样应用程序就可以被用户正常使用,然而应用程序在使用过程中又不能真正的对该访问权限对应的功能或应用进行访问,这样就不会对终端的信息安全造成威胁。In this embodiment, the application considers that the required access rights have been authorized, and always believes that the required access rights have been authorized, so that the application can be used normally by the user, but the application cannot be truly used during use. The function or application corresponding to the access right is accessed, so that the information security of the terminal is not threatened.
实施例二Embodiment 2
在请求授权的场景下,终端系统包括安全限制。该安全限制包括:危险等级Dangerous。危险等级表示会带来潜在的风险,系统不会自动为应用程序授权,需要得到用户的确认才会授权。在终端中安装应用程序,该应用程序请求获得访问权限会被终端系统认为是危险等级。In the scenario of requesting authorization, the terminal system includes security restrictions. This safety limit includes: Dangerous rating. The hazard level indicates a potential risk, the system does not automatically authorize the application, and needs to be confirmed by the user to authorize. An application is installed in the terminal, and the application requesting access rights is considered by the end system to be a dangerous level.
在本实施例中,可以根据应用程序发送的用于对访问权限进行授权的请求,生成包含有所述访问权限的信息的提示信息;接收根据该提示信息确定的选择指令;如果该选择指令为不允许授权指令,则禁止为该应用程序授予所述访问权限;如果该选择指令为允许授权指令,则允许为该应用程序授予所述访问权限。In this embodiment, according to the request for authorizing the access authority sent by the application, the prompt information including the information of the access right may be generated; and the selection instruction determined according to the prompt information may be received; if the selection instruction is If the authorization instruction is not allowed, the access authority is prohibited from being granted to the application; if the selection instruction is an authorization authorization instruction, the application is allowed to grant the access authority.
为了使本发明更加易懂,在本实施例中,应用程序尚未被授权的访问权限为一个。在实际场景中,如果应用程序尚未被授权的访问权限为多个,则针对每个尚未被授权的访问权限,分别确定是否允许为应用程序授予该访问权限。In order to make the present invention more understandable, in the present embodiment, the application has not been authorized to access one. In the actual scenario, if the application has not been authorized to have multiple access rights, it is determined whether to grant the access permission to the application for each access right that has not been authorized.
图2是根据本发明第二实施例的应用程序的访问权限控制方法的流程图。 2 is a flow chart of a method for controlling access rights of an application according to a second embodiment of the present invention.
步骤S210,在开启应用程序时,根据应用程序的请求,查询应用程序要求的访问权限。In step S210, when the application is started, the access permission required by the application is queried according to the request of the application.
应用程序要求的访问权限是指设计应用程序时希望应用程序取得的访问权限。应用程序要求的访问权限不一定是运行应用程序时需要使用的访问权限。The access rights required by the application are the access rights that the application is expected to get when designing the application. The access required by the application is not necessarily the access that is required to run the application.
应用程序的请求用于请求对应用程序要求的访问权限进行授权。The application's request is used to request authorization for the access required by the application.
在该请求中可以不携带访问权限的信息,可以通过查询应用程序的配置信息,查询该应用程序要求的访问权限的信息。如果该请求中携带了访问权限的信息,则可以在接收到该请求之后,直接执行步骤S220。In the request, the information of the access authority may not be carried, and the information of the access authority required by the application may be queried by querying the configuration information of the application. If the request carries the information of the access right, step S220 may be directly executed after receiving the request.
步骤S220,判断应用程序要求的访问权限是否已经被授权;若是,则执行步骤S270;若否,则执行步骤S230。Step S220, determining whether the access authority requested by the application has been authorized; if yes, executing step S270; if not, executing step S230.
为了防止在开启应用程序之前,用户已经将应用程序要求的访问权限关闭的情况,可以先判断应用程序要求的访问权限是否都已经被授权。进一步地,在终端系统中设置权限管理选项,在该权限管理选项中,可以开启或关闭应用程序的访问权限。In order to prevent the user from having to turn off the access required by the application before opening the application, it is possible to first determine whether the access rights required by the application have been authorized. Further, a rights management option is set in the terminal system, in which the access rights of the application can be turned on or off.
步骤S230,为用户提供包含访问权限的信息的提示信息,并接收根据提示信息确定的选择指令。Step S230, providing the user with the prompt information including the information of the access authority, and receiving the selection instruction determined according to the prompt information.
以弹出提示框的形式向用户提供提示信息。在该提示框中包括是否允许为该应用程序授予该访问权限的提示信息,并设置有是否允许为该应用程序授予该访问权限的选择项。通过该选择项用户可以输入选择指令。Provide prompt information to the user in the form of a pop-up prompt box. The prompt box includes information on whether to allow the application to grant the access permission, and sets whether or not to allow the application to grant the access permission. With this option the user can enter a selection command.
选择项包括:允许为该应用程序授予该访问权限的选择项和禁止为该应用程序授予该访问权限的选择项。通过允许为该应用程序授予该访问权限的选择项可以输入允许授权的选择指令。通过禁止为该应用程序授予该访问权限的选择项可以输入禁止授权的选择指令。Choices include: a selection that allows the application to be granted the access and a selection that prohibits the application from being granted the access. A selection instruction that allows authorization can be entered by an option that allows the application to be granted the access. A selection instruction that prohibits authorization can be entered by disabling the option to grant the access to the application.
选择指令为:允许授权指令或者禁止授权指令。The selection instruction is: permission authorization instruction or prohibition authorization instruction.
步骤S240,根据所述选择指令,确定用户是否允许为该应用程序授 予该访问权限;若是,则执行步骤S250;若否,则执行步骤S260。Step S240, determining, according to the selection instruction, whether the user is allowed to grant the application The access authority is granted; if yes, step S250 is performed; if no, step S260 is performed.
如果选择指令为允许授权指令,则可以确定用户允许为该应用程序授予该访问权限;如果选择指令为禁止授权指令,则可以确定用户不允许为该应用程序授予该访问权限。If the selection instruction is an permission authorization instruction, it may be determined that the user is allowed to grant the access authority to the application; if the selection instruction is the prohibition authorization instruction, it may be determined that the user is not allowed to grant the access right to the application.
例如:在启动美图软件时,在用户界面中弹出提示框,在提示框中设置提示信息“是否允许美图软件访问当前位置信息”,并设置选择项“是”和“否”,如果用户选择“是”,则表示用户允许美图软件访问当前位置信息;如果用户选择“否”,则表示用户不允许美图软件访问当前位置信息。For example, when launching the Mito software, a prompt box pops up in the user interface, and a prompt message "Whether the Mito software is allowed to access the current location information" is set in the prompt box, and the options "Yes" and "No" are set, if the user If "Yes" is selected, the user is allowed to access the current location information; if the user selects "No", the user is not allowed to access the current location information.
步骤S250,对该访问权限进行授权,并向该应用程序返回该访问权限已经被授权的信息。Step S250, authorizing the access right, and returning information to the application that the access right has been authorized.
步骤S260,不对该访问权限进行授权,并向该应用程序返回该访问权限已经被授权的信息。Step S260, the access authority is not authorized, and information that the access right has been authorized is returned to the application.
步骤S270,运行应用程序。In step S270, the application is run.
在应用程序接收到访问权限已经被授权的信息之后,确定该访问权限已经被授权。如果应用程序要求的所有访问权限都接收到已经被授权的信息,则可以正常运行。After the application receives the information that the access rights have been authorized, it is determined that the access rights have been authorized. If all the access rights required by the application receive the information that has already been authorized, it can run normally.
由于应用程序认为其要求的访问权限都已经被授权,所以应用程序可以运行正常。如果用户发现不需要为该应用软件提供某项访问权限,则可以在设置菜单中,关闭该访问权限,将对该访问权限的授权禁止掉。The application works fine because the application believes that its required access rights are already authorized. If the user finds that there is no need to provide an access right for the application, in the setup menu, the access permission can be turned off, and the authorization for the access permission is disabled.
实施例三Embodiment 3
根据应用程序发送的用于对访问权限进行授权的请求,查询预设的应用程序权限对照表;应用程序权限对照表记录了匹配的应用程序和访问权限的信息;确定所述应用程序和所述访问权限的信息是否匹配;如果所述应用程序和所述访问权限的信息不匹配,则禁止为所述应用程序授予所述访问权限;如果所述应用程序和所述访问权限匹配,则允许为所述应用程 序授予所述访问权限。Querying a preset application permission comparison table according to a request sent by the application for authorizing access rights; the application permission comparison table records information of the matched application and access rights; determining the application and the Whether the information of the access right matches; if the information of the application and the access right do not match, the access right is prohibited from being granted to the application; if the application and the access right match, the permission is allowed The application Grant the access rights.
为了使本发明更加易懂,在本实施例中,应用程序尚未被授权的访问权限为一个。在实际场景中,如果应用程序尚未被授权的访问权限为多个,则针对每个尚未被授权的访问权限,分别确定是否允许为应用程序授予该访问权限。In order to make the present invention more understandable, in the present embodiment, the application has not been authorized to access one. In the actual scenario, if the application has not been authorized to have multiple access rights, it is determined whether to grant the access permission to the application for each access right that has not been authorized.
图3是根据本发明第三实施例的应用程序的访问权限控制方法的流程图。3 is a flow chart of a method for controlling access rights of an application according to a third embodiment of the present invention.
步骤S310,预先设置应用程序权限对照表。In step S310, an application permission comparison table is set in advance.
应用程序权限对照表用于记录匹配的应用程序和访问权限。在应用程序权限对照表中应用程序和访问权限可以使用标示符来代替。The application permissions comparison table is used to record matching applications and access rights. Applications and access rights can be replaced with identifiers in the application permissions comparison table.
应用程序和访问权限相匹配说明应用程序在运行过程中会使用到该访问权限。例如:导航软件和地理位置的访问权限相匹配,美图软件和相册的访问权限相匹配。Matching the application and access rights means that the application will use that access right during the run. For example, the navigation software matches the access rights of the geographic location, and the access rights of the Mito software and the photo album match.
应用程序和访问权限不匹配说明应用程序在运行过程中不会使用到该访问权限或者应用程序在运行过程中使用该访问权限为恶意行为。A mismatch between the application and the access rights indicates that the application does not use the access right during the run or that the application uses the access right as a malicious behavior during the run.
恶意行为包括:应用程序基于该访问权限获得的信息不会用于应用程序的运行中,而是直接将获得的信息发送到预设的服务器。Malicious behavior includes that the information obtained by the application based on the access rights is not used in the running of the application, but directly sends the obtained information to the preset server.
例如:美图软件和地理位置的访问权限不匹配;美图软件基于通话记录访问权限获取终端中的通话记录,并将该通话记录发送到用于群发短信息的服务器,这属于恶意行为。For example, the access rights of the Mito software and the geographical location do not match; the Mito software obtains the call record in the terminal based on the call record access right, and sends the call record to the server for sending the short message, which is a malicious behavior.
步骤S320,在开启应用程序时,根据应用程序的请求,查询应用程序要求的访问权限。In step S320, when the application is started, the access permission required by the application is queried according to the request of the application.
步骤S330,判断应用程序要求的访问权限是否都已经被授权;若是,则执行步骤S370;若否,则执行步骤S340。In step S330, it is determined whether the access rights requested by the application are all authorized; if yes, step S370 is performed; if not, step S340 is performed.
步骤S340,根据应用程序权限对照表,查询该应用程序和该访问权限的信息是否匹配;若是,则执行步骤S350;若否,则执行步骤S360。 Step S340, querying whether the information of the application and the access authority match according to the application permission comparison table; if yes, executing step S350; if not, executing step S360.
在应用程序权限对照表中,查询是否存在该应用程序的标示符和该访问权限的信息的标示符的对应关系;如果存在,则说明该应用程序和该访问权限匹配;如果不存在,则说明该应用程序和该访问权限不匹配。In the application permission comparison table, query whether there is a correspondence between the identifier of the application and the identifier of the information of the access authority; if it exists, the application matches the access right; if not, the description is The app does not match this access.
步骤S350,对该访问权限进行授权,并向该应用程序返回该访问权限已经被授权的信息。Step S350, authorizing the access right, and returning information to the application that the access right has been authorized.
步骤S360,不对该访问权限进行授权,并向该应用程序返回该访问权限已经被授权的信息。Step S360, the access authority is not authorized, and information that the access right has been authorized is returned to the application.
步骤S370,运行应用程序。In step S370, the application is run.
在本实施例中,如果查询出该应用程序和该访问权限不匹配,则可以生成包含该访问权限的信息的提示信息,接收根据该提示信息输入的选择指令;如果选择指令为禁止授权指令,则不对该访问权限进行授权,并向该应用程序返回该访问权限已经被授权的信息;如果选择指令为允许授权指令,则对该访问权限进行授权,并向该应用程序返回该访问权限已经被授权的信息。In this embodiment, if it is found that the application does not match the access right, the prompt information including the information of the access right may be generated, and the selection instruction input according to the prompt information may be received; if the selection instruction is the prohibition authorization instruction, Not authorizing the access right, and returning to the application information that the access right has been authorized; if the selecting instruction is an allow authorization command, authorizing the access right, and returning the access right to the application has been Authorized information.
实施例四Embodiment 4
为了实现在禁止为所述应用程序授予所述访问权限的情况下,向所述应用程序发送所述访问权限已经被授权的信息,本实施例在终端的系统架构中增加权限管理层,由权限管理层负责进行应用程序的访问权限控制。图4是根据本发明第四实施例的应用程序的访问权限控制的系统框架图。In order to implement the information that the access authority has been authorized to be sent to the application in the case of forbidding the access permission to the application, the embodiment adds a rights management layer in the system architecture of the terminal, and the authority The management is responsible for controlling access to the application. 4 is a system framework diagram of access authority control of an application according to a fourth embodiment of the present invention.
终端运行的系统可以是Android(安卓)系统。The system running on the terminal can be an Android (Android) system.
系统框架包括:应用框架层、权限管理层和应用程序层。The system framework includes: application framework layer, rights management layer and application layer.
应用程序层,用于运行应用程序。Application layer for running applications.
权限管理层,用于控制应用程序的访问权限。The rights management layer is used to control access rights of the application.
应用框架层,用于管理应用程序的访问权限,即开启或关闭访问权限。The application framework layer is used to manage the access rights of the application, that is, to enable or disable access rights.
权限管理层位于应用程序层和应用框架层之间。权限管理层和应用程 序层可以交互信息。权限管理层和应用框架层需要通过系统API进行信息交互。The rights management layer is located between the application layer and the application framework layer. Authority management and applications The sequence layer can exchange information. The rights management layer and the application framework layer need to interact with each other through the system API.
应用程序在应用程序层生成用于对某一访问权限进行授权的请求,并判别用户是否允许对应用程序所请求的访问权限进行授权,判别结果被送到权限管理层;在允许被授权的情况下,权限管理层控制应用框架层打开该访问权限,并将应用框架层反馈的访问权限已经被授权的信息转发给该应用程序;在不允许被授权的情况下,权限管理层控制应用框架层不开启该访问权限,拦截应用框架层反馈的访问权限没有被授权的信息,根据该信息生成访问权限已经被授权的信息并转发给该应用程序;应用框架层在权限管理层的控制下打开或关闭该访问权限,生成相应的访问权限已经被授权或者没有被授权的信息,并将该信息发送到权限管理层。在该过程中,权限管理层也可以舍弃应用框架层反馈的访问权限没有被授权的信息,生成一个访问权限已经被授权的信息并发送给该应用程序。The application generates a request for authorizing an access right at the application layer, and discriminates whether the user is allowed to authorize the access authority requested by the application, and the result is sent to the authority management layer; Next, the rights management layer controls the application framework layer to open the access authority, and forwards the information that the access authority of the application framework layer has been authorized to the application; if the authorization is not allowed, the rights management layer controls the application framework layer The access permission is not turned on, and the information that the access permission of the application framework layer is not authorized is intercepted, and information that the access authority has been authorized is generated according to the information and forwarded to the application; the application framework layer is opened under the control of the authority management layer or The access right is closed, and the corresponding information that the access right has been authorized or not authorized is generated, and the information is sent to the rights management layer. In the process, the rights management layer may also discard the information that the access authority of the application framework layer is not authorized, and generate a message that the access authority has been authorized and send it to the application.
具体而言,在安装应用程序时,应用程序可以向权限管理层请求获得访问权限。权限管理层根据该请求读取应用程序的配置信息,查询出应用程序要求的访问权限。Specifically, when the application is installed, the application can request access to the rights management layer. The rights management layer reads the configuration information of the application according to the request, and queries the access rights required by the application.
权限管理层在应用程序层弹出提示框,询问用户是否允许授予访问权限。The rights management layer pops up a prompt box at the application layer asking if the user is allowed to grant access.
如果用户允许对该访问权限授权,则权限管理层为该应用程序的该访问权限设置一个真标识并记录。该真标识表示在应用框架层为该应用程序开启该访问权限。权限管理层控制应用框架层为该应用程序开启该访问权限。应用框架层在为该应用程序开启该访问权限之后,通过权限管理层向应用程序返回已经该访问权限已经被授权的信息。If the user allows authorization for the access, the rights management layer sets a true identity for the access to the application and records it. The true identity indicates that the access permission is enabled for the application at the application framework layer. The rights management layer controls the application framework layer to enable this access for the application. After the application framework layer opens the access right for the application, the permission management layer returns information to the application that the access right has been authorized.
如果用户不允许对该访问权限授权,则权限管理层为该应用程序的该访问权限设置一个伪标识并记录。该伪标识表示在应用框架层对该应用程序禁用该访问权限。权限管理层控制应用框架层不开启该访问权限,但是,在通过权限管理层向应用程序返回已经该访问权限没有被授权的信息时, 权限管理层拦截该信息并将该信息修改为该访问权限已经被授权的信息。之后,权限管理层将修改后的信息发送给应用程序。If the user does not allow authorization for the access, the rights management layer sets a pseudo identity for the access to the application and records it. This pseudo-identification indicates that the access right is disabled for the application at the application framework layer. The rights management layer controls the application framework layer not to open the access rights, but when the rights management layer returns information to the application that the access rights are not authorized, The rights management layer intercepts the information and modifies the information to information that the access rights have been authorized. The rights management layer then sends the modified information to the application.
在使用应用程序的过程中,如果应用程序基于访问权限进行访问时,权限管理层可以先查询该访问权限对应的标识是真标识还是伪标识;如果是真标识,则允许应用程序利用该访问权限访问对应的功能或应用;如果是伪标识,则禁止应用程序利用该访问权限访问对应的功能或应用。在禁止应用程序利用该访问权限访问对应的功能或应用时,可以向应用程序返回具有预设的信息。这样既不影响应用程序的正常使用,也保护了用户信息和隐私的安全。In the process of using the application, if the application accesses based on the access right, the rights management layer may first query whether the identifier corresponding to the access right is a true identifier or a pseudo identifier; if it is a true identifier, the application is allowed to utilize the access permission. Accessing the corresponding function or application; if it is a pseudo-identity, the application is prohibited from accessing the corresponding function or application by using the access right. When the application is prohibited from accessing the corresponding function or application by using the access right, the preset information can be returned to the application. This does not affect the normal use of the application, but also protects the security of user information and privacy.
在本实施例中,可以在设置菜单中加入权限管理选项,用户可以主动在设置菜单中对应用程序的访问权限进行设置,开启或是关闭访问权限。In this embodiment, the rights management option can be added in the setting menu, and the user can actively set the access rights of the application in the setting menu, and enable or disable the access right.
在使用应用程序的过程中,如果用户发现不需要为该应用程序提供某项访问权限,则可以在设置菜单中关闭该访问权限;在设置菜单中为某一应用程序关闭某一访问权限,会触发禁止对该应用程序的该访问权限进行授权的请求的发送,权限管理层在接收到该请求之后,权限管理层为该应用程序的该访问权限设置一个伪标识并更新记录;在权限管理层的控制下,应用框架层将为该应用程序授予的访问权限禁用,在通过权限管理层向应用程序返回该访问权限没有被授权的信息时,权限管理层拦截该信息并将该信息修改为该访问权限已经被授权,应用程序在接收到修改后的信息时,仍然认为可以使用该访问权限。In the process of using the application, if the user finds that he does not need to provide an access right for the application, he can close the access right in the setting menu; in the setting menu, close an access right for an application, Triggering a request to prohibit the authorization of the access right of the application, after receiving the request, the rights management layer sets a pseudo identity for the access permission of the application and updates the record; Under the control of the application framework layer, the access permission granted to the application is disabled. When the permission management layer returns the information that the access right is not authorized to the application, the rights management layer intercepts the information and modifies the information to the Access rights have been granted, and the application still considers that access rights are available when it receives the modified information.
实施例五Embodiment 5
本实施例提供一种应用程序的访问权限控制装置。如图5是根据本发明第五实施例的应用程序的访问权限控制装置的结构图。本实施例所述的装置可以被设置在上述权限管理层。This embodiment provides an access authority control apparatus for an application. Figure 5 is a block diagram showing an access authority control apparatus of an application program according to a fifth embodiment of the present invention. The apparatus described in this embodiment can be set in the above-mentioned authority management layer.
该装置包括:The device includes:
接收模块510,设置为接收应用程序发送的用于对访问权限进行授权 的请求。The receiving module 510 is configured to receive, by the application, an authorization to authorize access rights. Request.
判断模块520,设置为判断是否禁止为所述应用程序授予所述访问权限。The determining module 520 is configured to determine whether to prohibit granting the access right to the application.
发送模块530,设置为在判断模块520判定禁止为所述应用程序授予所述访问权限的情况下,为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。The sending module 530 is configured to: when the determining module 520 determines that the access permission is not granted to the application, disable the access right for the application, and send the access permission to the application Authorized information.
在一个实施例中,所述判断模块520,设置为根据所述请求,生成包含有所述访问权限的信息的提示信息;接收根据所述提示信息确定的选择指令;如果所述选择指令为禁止授权指令,则禁止为所述应用程序授予所述访问权限。In an embodiment, the determining module 520 is configured to generate prompt information including information of the access authority according to the request, receive a selection instruction determined according to the prompt information, and if the selection instruction is prohibited Authorization instructions prohibit the granting of the access rights to the application.
在另一实施例中,所述判断模块520,设置为根据所述请求,查询预设的应用程序权限对照表;所述应用程序权限对照表记录了匹配的应用程序和访问权限的信息;确定所述应用程序和所述访问权限的信息是否匹配;如果所述应用程序和所述访问权限不匹配,则禁止为所述应用程序授予所述访问权限。In another embodiment, the determining module 520 is configured to query a preset application permission comparison table according to the request; the application permission comparison table records information of the matched application and access rights; Whether the information of the application and the access authority match; if the application does not match the access right, prohibiting granting the access right to the application.
在又一实施例中,发送模块530还设置为:如果所述应用程序已经被授权的访问权限被禁止,则为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。In still another embodiment, the sending module 530 is further configured to: if the application has been authorized to have access rights disabled, open the access right for the application, and send the access to the application The information that the permission has been authorized.
在再一实施例中,发送模块530还设置为:在为所述应用程序关闭所述访问权限之后,在所述应用程序运行中,如果所述应用程序基于被关闭的访问权限进行访问,则向所述应用程序反馈预设的信息。In still another embodiment, the sending module 530 is further configured to: after the access authority is closed for the application, in the running of the application, if the application accesses based on the closed access right, then Feed back the preset information to the application.
本实施例所述的装置的功能已经在图1~图4所示的方法实施例中进行了描述,故本实施例的描述中未详尽之处,可以参见前述实施例中的相关说明,在此不做赘述。The functions of the device in this embodiment have been described in the method embodiments shown in FIG. 1 to FIG. 4, and therefore, in the description of the present embodiment, reference may be made to the related description in the foregoing embodiment. This will not be repeated.
尽管为示例目的,已经公开了本发明的优选实施例,本领域的技术人员将意识到各种改进、增加和取代也是可能的,因此,本发明的范围应当不限于上述实施例。 While the preferred embodiments of the present invention have been disclosed for purposes of illustration, those skilled in the art will recognize that various modifications, additions and substitutions are possible, and the scope of the invention should not be limited to the embodiments described above.
工业实用性Industrial applicability
本发明接收应用程序发送的用于对访问权限进行授权的请求;在禁止为该应用程序授予该访问权限的情况下,向该应用程序发送该访问权限已经授权成功的信息。这样,实际上没有为应用程序授予该访问权限,但是应用程序在接收到该已经被授权的信息时,认为应用程序已经具备所需的访问权限,可以访问该访问权限对应的功能或应用,在这种情况下,应用程序可以正常使用。 The present invention receives a request sent by an application for authorizing an access right; and in a case where the access right is prohibited from being granted to the application, the information that the access right has been authorized successfully is sent to the application. In this way, the application is not granted the access right, but when the application receives the authorized information, the application believes that the application already has the required access rights, and can access the function or application corresponding to the access right. In this case, the application can be used normally.

Claims (11)

  1. 一种应用程序的访问权限控制方法,包括:An application access control method includes:
    接收应用程序发送的用于对访问权限进行授权的请求;Receiving a request sent by an application to authorize access rights;
    判断是否禁止为所述应用程序授予所述访问权限;Determining whether to prohibit granting the access right to the application;
    如果禁止为所述应用程序授予所述访问权限,则为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。If the access right is prohibited from being granted to the application, the access right is turned off for the application, and the information that the access right has been authorized is sent to the application.
  2. 如权利要求1所述的方法,其中,判断是否禁止为所述应用程序授予所述访问权限,包括:The method of claim 1, wherein determining whether to prohibit granting the access right to the application comprises:
    根据所述请求,生成包含有所述访问权限的信息的提示信息;Generating, according to the request, prompt information including information of the access authority;
    接收根据所述提示信息确定的选择指令;Receiving a selection instruction determined according to the prompt information;
    如果所述选择指令为禁止授权指令,则禁止为所述应用程序授予所述访问权限。If the selection instruction is a prohibition authorization instruction, the access authority is prohibited from being granted to the application.
  3. 如权利要求1所述的方法,其中,判断是否禁止为所述应用程序授予所述访问权限,包括:The method of claim 1, wherein determining whether to prohibit granting the access right to the application comprises:
    根据所述请求,查询预设的应用程序权限对照表;所述应用程序权限对照表记录了匹配的应用程序和访问权限的信息;And querying, according to the request, a preset application permission comparison table; the application permission comparison table records information of the matched application and the access authority;
    确定所述应用程序和所述访问权限的信息是否匹配;Determining whether the information of the application and the access authority match;
    如果所述应用程序和所述访问权限的信息不匹配,则禁止为所述应用程序授予所述访问权限。If the information of the application and the access rights do not match, the access authority is prohibited from being granted to the application.
  4. 如权利要求1-3中任一项所述的方法,其中,还包括:The method of any of claims 1-3, further comprising:
    如果所述应用程序已经被授权的访问权限被禁止,则为所述应用 程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。If the application has been authorized to access access is disabled, then the application The program closes the access rights and sends the application the information that the access rights have been authorized.
  5. 如权利要求1-3中任一项所述的方法,其中,在为所述应用程序关闭所述访问权限之后,还包括:The method of any of claims 1-3, wherein after the accessing the access is closed for the application, the method further comprises:
    在所述应用程序运行中,如果所述应用程序基于被关闭的访问权限进行访问,则向所述应用程序反馈预设的信息。In the application running, if the application accesses based on the closed access right, the preset information is fed back to the application.
  6. 一种应用程序的访问权限控制装置,包括:An access control device for an application, comprising:
    接收模块,设置为接收应用程序发送的用于对访问权限进行授权的请求;a receiving module, configured to receive a request sent by an application for authorizing access rights;
    判断模块,设置为判断是否禁止为所述应用程序授予所述访问权限;a determining module, configured to determine whether to prohibit granting the access right to the application;
    发送模块,设置为在所述判断模块判定禁止为所述应用程序授予所述访问权限的情况下,为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。a sending module, configured to: when the determining module determines to prohibit granting the access right to the application, shutting down the access right for the application, and sending the access right to the application has been Authorized information.
  7. 如权利要求6所述的装置,其中,所述判断模块,设置为根据所述请求,生成包含有所述访问权限的信息的提示信息;接收根据所述提示信息确定的选择指令;如果所述选择指令为禁止授权指令,则禁止为所述应用程序授予所述访问权限。The apparatus of claim 6, wherein the determining module is configured to generate prompt information including information of the access authority according to the request; receive a selection instruction determined according to the prompt information; The selection instruction is a prohibition authorization instruction, and the access authority is prohibited from being granted to the application.
  8. 如权利要求6所述的装置,其中,所述判断模块,设置为根据所述请求,查询预设的应用程序权限对照表;所述应用程序权限对照表记录了匹配的应用程序和访问权限的信息;确定所述应用程序和所述访问权限的信息是否匹配;如果所述应用程序和所述访问权限的信息不匹配,则禁止为所述应用程序授予所述访问权限。 The device of claim 6, wherein the determining module is configured to query a preset application permission comparison table according to the request; the application permission comparison table records the matching application and access rights. Information; determining whether the information of the application and the access right match; if the information of the application and the access right do not match, prohibiting granting the access right to the application.
  9. 如权利要求6-8中任一所述的装置,其中,所述发送模块还设置为:如果所述应用程序已经被授权的访问权限被禁止,则为所述应用程序关闭所述访问权限,并向所述应用程序发送所述访问权限已经被授权的信息。The apparatus according to any one of claims 6-8, wherein the sending module is further configured to: if the application has been authorized to have access rights disabled, to close the access right for the application, And transmitting, to the application, the information that the access right has been authorized.
  10. 如权利要求6-8中任一所述的装置,其中,所述发送模块还设置为:在为所述应用程序关闭所述访问权限之后,在所述应用程序运行中,如果所述应用程序基于被关闭的访问权限进行访问,则向所述应用程序反馈预设的信息。The apparatus according to any one of claims 6-8, wherein the transmitting module is further configured to: after the accessing the access authority for the application, in the application running, if the application The access is fed back to the application based on the access rights that are turned off.
  11. 一种存储介质,所述存储介质包括存储的程序,其中,所述程序运行时执行权利要求1至5中任一项所述的方法。 A storage medium, the storage medium comprising a stored program, wherein the program is executed to perform the method of any one of claims 1 to 5.
PCT/CN2017/101041 2016-09-20 2017-09-08 Method and device for controlling access right of application program WO2018054230A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610834481.5 2016-09-20
CN201610834481.5A CN107844699A (en) 2016-09-20 2016-09-20 The access right control method and device of a kind of application program

Publications (1)

Publication Number Publication Date
WO2018054230A1 true WO2018054230A1 (en) 2018-03-29

Family

ID=61657391

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/101041 WO2018054230A1 (en) 2016-09-20 2017-09-08 Method and device for controlling access right of application program

Country Status (2)

Country Link
CN (1) CN107844699A (en)
WO (1) WO2018054230A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108549798A (en) * 2018-04-12 2018-09-18 珠海市魅族科技有限公司 Terminal equipment control method and device, terminal device and computer readable storage medium
CN116702163A (en) * 2022-09-27 2023-09-05 荣耀终端有限公司 Authority management method and terminal equipment

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848021B (en) * 2018-05-31 2021-06-15 泰康保险集团股份有限公司 Message forwarding method and device
CN110889109A (en) * 2018-09-10 2020-03-17 中兴通讯股份有限公司 Permission determination method and device and computer readable storage medium
CN110287694B (en) * 2019-06-26 2021-08-20 维沃移动通信有限公司 Application program management method, mobile terminal and storage medium
CN115017473B (en) * 2021-09-06 2023-10-20 荣耀终端有限公司 Authorization method and electronic equipment
CN115118697B (en) * 2022-06-27 2024-04-26 北京爱奇艺科技有限公司 Method and device for activating resource access rights

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050091658A1 (en) * 2003-10-24 2005-04-28 Microsoft Corporation Operating system resource protection
CN103679007A (en) * 2013-12-19 2014-03-26 深圳全智达通信股份有限公司 Method and device for managing application program permission and mobile device
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal
CN104809390A (en) * 2014-01-26 2015-07-29 中兴通讯股份有限公司 Safe operation method and device of system
CN105335649A (en) * 2015-10-14 2016-02-17 上海斐讯数据通信技术有限公司 Intelligent terminal application program authority management method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104156660B (en) * 2014-08-28 2016-10-26 东南大学 A kind of Android authority fine-grained access control method based on running environment state

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050091658A1 (en) * 2003-10-24 2005-04-28 Microsoft Corporation Operating system resource protection
CN103679007A (en) * 2013-12-19 2014-03-26 深圳全智达通信股份有限公司 Method and device for managing application program permission and mobile device
CN104809390A (en) * 2014-01-26 2015-07-29 中兴通讯股份有限公司 Safe operation method and device of system
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal
CN105335649A (en) * 2015-10-14 2016-02-17 上海斐讯数据通信技术有限公司 Intelligent terminal application program authority management method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108549798A (en) * 2018-04-12 2018-09-18 珠海市魅族科技有限公司 Terminal equipment control method and device, terminal device and computer readable storage medium
CN108549798B (en) * 2018-04-12 2023-11-07 珠海市魅族科技有限公司 Terminal equipment control method and device, terminal equipment and computer readable storage medium
CN116702163A (en) * 2022-09-27 2023-09-05 荣耀终端有限公司 Authority management method and terminal equipment

Also Published As

Publication number Publication date
CN107844699A (en) 2018-03-27

Similar Documents

Publication Publication Date Title
WO2018054230A1 (en) Method and device for controlling access right of application program
US8856859B2 (en) System and method for setting application permissions
US9118653B2 (en) System and method of secure sharing of resources which require consent of multiple resource owners using group URI's
CN106330958B (en) Secure access method and device
US11184360B2 (en) Systems and methods for controlling email access
US9270669B2 (en) Managing sharing of wireless network login passwords
US20050177724A1 (en) Authentication system and method
CN108337677B (en) Network authentication method and device
US20160277383A1 (en) Binding to a user device
US8590037B2 (en) Managing host application privileges
CN111131242A (en) Authority control method, device and system
US20160048688A1 (en) Restricting System Calls using Protected Storage
JP2014524174A (en) Apparatus and method for managing identification information in a multi-network system
KR20060089658A (en) Process for the secure management of the execution of an application
US20070197197A1 (en) Apparatus and methods for managing time sensitive application privileges on a wireless device
EP1956509A1 (en) System and method for setting application permissions
CN113987505A (en) Authority control method and device in operating system, electronic equipment and storage medium
CN107426182B (en) Access control method and system for storage management system
US20130254834A1 (en) Implementing policies for an enterprise network using policy instructions that are executed through a local policy framework
US20190036933A1 (en) Systems and methods for controlling email access
JP5750497B2 (en) Access control device, program, and access control system
CN114417303A (en) Login authentication management method, device, processor and machine-readable storage medium
WO2019091458A1 (en) Wireless connection method, wireless access point, terminal, and device having storage function
WO2018010256A1 (en) Method and device for wi-fi sharing
CN114866247B (en) Communication method, device, system, terminal and server

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17852298

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17852298

Country of ref document: EP

Kind code of ref document: A1