WO2022199672A1 - Access control method for precise permission revocation, related apparatus, and system - Google Patents

Access control method for precise permission revocation, related apparatus, and system Download PDF

Info

Publication number
WO2022199672A1
WO2022199672A1 PCT/CN2022/082869 CN2022082869W WO2022199672A1 WO 2022199672 A1 WO2022199672 A1 WO 2022199672A1 CN 2022082869 W CN2022082869 W CN 2022082869W WO 2022199672 A1 WO2022199672 A1 WO 2022199672A1
Authority
WO
WIPO (PCT)
Prior art keywords
agent
electronic device
permission
callee
access
Prior art date
Application number
PCT/CN2022/082869
Other languages
French (fr)
Chinese (zh)
Inventor
任兵飞
毛哲文
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022199672A1 publication Critical patent/WO2022199672A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues

Definitions

  • the present application relates to the field of computer and communication technologies, and in particular, to an access control method, related device and system for accurately revoking authority.
  • the present application provides an access control method, a related device and a system for accurately revoking authority, which can ensure that the object device obtains the accurate authority, and can accurately revoke the authority as required, so as to protect the data security in the object device.
  • an embodiment of the present application provides an access control method for accurately revoking authority, and the method is applied to a communication system including a first device and a second device, where a callee is installed in the first device, and a callee is installed in the second device.
  • a first caller is installed, the callee and the first caller are an application program APP or a functional component, the APP is a program entity that implements multiple functions, and the functional component is a program entity that implements a single function.
  • the method of the first aspect includes: the second device sends a first access request and first permission information to the first device, where the first access request is used by the first caller to invoke the callee to access the first resource in the first device,
  • the first permission information indicates the first permission, and the first permission includes the permission to invoke the callee and/or the permission to access the first resource;
  • the first device grants the first permission to the first agent in response to the first access request, Grant the callee the right to access the first agent, which is a service, process or thread;
  • the first device runs the callee, accesses the first agent, and accesses the first resource through the first authority possessed by the first agent ;
  • the first device terminates the first agent, or the first device revokes the first authority possessed by the first agent.
  • the first device may be referred to as a guest device, and the second device may be referred to as a subject device.
  • the object device accesses the first resource through the first proxy, avoiding directly granting the permission required by the access request to the callee, even if the callee passes the permission obtained by itself to other
  • the permission of the secondary transfer will also be invalid, so as to achieve the purpose of accurately revoking the permission.
  • the object device does not need to store a large amount of authority delegation information, which saves the storage resources of the object device.
  • the subject device applies to the user for the permission required for the access request, regardless of whether the object device or the callee has the authorization conditions, as long as the subject device or the caller has the authorization conditions, the object device will Ability to obtain the permissions required to access the request. This ensures that the access request initiated by the caller can be successfully responded, realizes the resource call between devices, and meets the actual needs of the user.
  • the first device may revoke the permission required by the access request transmitted by the second device in any of the following cases:
  • the first authority information also indicates the validity period of the first authority, if the validity period is valid once, the first device terminates the first agent or revokes the first authority possessed by the first agent after finishing accessing the first resource; if the validity period is If valid within the first time or within the first area, the first device terminates the first agent or revokes the first agent after the first time when the first permission information is received, or when it is located in a non-first area first authority.
  • the first device terminates the first agent or revokes the first authority possessed by the first agent after finishing accessing the first resource, or after finishing accessing the first resource for a second time.
  • the object device can revoke the permission after successfully responding to the access request, without the need to revoke the permission by passing the aging information, which avoids the situation that the permission has been invalidated before the resource call is completed, so as to realize the actual The user needs to accurately revoke the purpose of the permission.
  • the first device may grant access to the first agent to the first instance of the callee, and run the first instance to access the first agent.
  • the communication system further includes a third device, where a second caller is installed in the third device, and the second caller is an APP or a functional component.
  • the third device may send a second access request and second permission information to the first device, where the second access request is used by the second caller to call the callee to access the first resource, the second permission information indicates the second permission, the second The permission includes the permission to invoke the callee and/or the permission to access the first resource; the first device, in response to the second access request, grants the second permission to the second agent, and grants the permission to access the second agent to the callee
  • the second instance of , the second agent is a service, process or thread; the first device runs the second instance, accesses the second agent, and accesses the first resource through the second authority possessed by the second agent; wherein the first instance, The second instance is a process or thread running in random access memory RAM, the second instance is different from the first instance, and the second instance and the first instance are isolated from each other.
  • the object device provides services for multiple callers with multiple instances, and the permission obtained by the subject device can be granted to the revocation agent corresponding to the callee's instance created for the caller.
  • the authority of a caller will only be granted to the revocation agent corresponding to the instance, which can avoid the problems of authority mixing and authority expansion, thereby ensuring data security in the object device and preventing data abuse and leakage.
  • the first device before the first device grants the permission to access the first agent to the first instance of the callee, the first device may also create the first instance in response to the first access request.
  • the first agent includes: a first routing agent and a first revocation agent; the first routing agent and the first revocation agent are services, processes or threads.
  • the first device may grant the first authority to the first revocation agent, and grant the authority to access the first routing agent to the callee.
  • the first device may run the callee, access the first revocation proxy through the first routing proxy, and access the first resource through the first authority possessed by the first revocation proxy.
  • the first device may terminate the first routing agent and/or the first revocation agent, or the first device may revoke the first authority possessed by the first revocation agent.
  • the first routing agent and the second routing agent may be combined into the same agent. This can reduce resource consumption in the first device.
  • the first device may create the first agent in response to the first access request.
  • the first permission specifically includes: the permission of the second device to invoke the callee, and/or the permission of the second device to access the first resource; and/or the permission of the first caller to invoke The rights of the callee, and/or the rights of the first caller to access the first resource.
  • the permission required by the access request includes the information of the subject device and/or the caller
  • the user can obtain more detailed and detailed information about the permission required by the access request received by the current object device, thereby Decide whether to grant this permission.
  • the user can perform the authorization operation after fully understanding the permissions required for the access request, which can avoid user misoperation or misauthorization, and ensure data security in the object device.
  • the second device may directly send the permission information required by the first access request while sending the first access request to the first device based on a capability-based access control technology to the first device. For example, permission information required for the first access request granted by the user may be carried in the first access request. In this way, the time overhead caused by the permission synchronization in the centralized permission management mechanism can be avoided, and the efficiency of resource invocation can be improved.
  • the second device before sending the first permission information to the first device, the second device may output prompt information, where the prompt information is used to prompt the first permission; the second device may respond to the received user operation , and send the first permission information to the first device. In this way, the user can grant the first permission by entering a user action on the second device.
  • the operations received by the second device include one or more of the following: a user operation acting on the display screen, a preset face image, a preset fingerprint, a preset voice command, or User actions on the keys.
  • the embodiments of the present application provide an access control method for accurately revoking permissions, the method is applied to an electronic device, where a callee is installed in the electronic device, the callee is an application program APP or a functional component, and the APP is an implementation A program entity with multiple functions, and a functional component is a program entity that implements a single function.
  • the method of the second aspect includes: the electronic device receives a first access request and first permission information sent by the second device, where the first access request is used by the first caller in the second device to invoke the callee to access the electronic device the first resource, the first permission information indicates the first permission, and the first permission includes the permission to call the callee, and/or the permission to access the first resource; the first caller is an APP or a functional component; the electronic device responds to For the first access request, the first authority is granted to the first agent, and the authority to access the first agent is granted to the callee, and the first agent is a service, process or thread; the electronic device runs the callee, accesses the first agent, and passes The first authority possessed by the first agent accesses the first resource; the electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent.
  • the first device accesses the first resource through the first agent, avoiding directly granting the permission required by the access request to the callee, even if the callee passes the permission obtained by itself to the callee twice. For other callees, if the above method is executed, the permission of the secondary transfer will also be invalid, so as to achieve the purpose of accurately revoking the permission.
  • the first device does not need to store a large amount of authority delegation information, which saves the storage resources of the first device.
  • the subject device applies to the user for the permission required for the access request, regardless of whether the object device or the callee has the authorization conditions, as long as the subject device or the caller has the authorization conditions, the object device will Ability to obtain the permissions required to access the request. This ensures that the access request initiated by the caller can be successfully responded, realizes the resource call between devices, and meets the actual needs of the user.
  • an embodiment of the present application provides an access control method for accurately revoking permissions, the method is applied to an electronic device, where a first caller and a callee are installed in the electronic device, and the first caller and the callee are Application program APP or functional component, APP is a program entity that implements multiple functions, and a functional component is a program entity that implements a single function.
  • the method of the third aspect includes: the electronic device generates a first access request, and obtains a first permission, where the first access request is used by the first caller to call the callee to access the first resource in the electronic device, and the first permission includes calling the authority of the callee, and/or the authority to access the first resource; the electronic device, in response to the first access request, grants the first authority to the first agent, and grants the authority to access the first agent to the callee; the electronic device runs The callee accesses the first agent and accesses the first resource through the first authority possessed by the first agent; the electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent.
  • the electronic device can revoke the authority accurately and flexibly through the first agent.
  • the operations performed by the first device or the second device or the third device, in the method provided in the third aspect are all performed by the same electronic device, and , the interaction between the second device or the third device and the third device may be omitted.
  • the interaction between the second device or the third device and the third device may be omitted.
  • embodiments of the present application provide an electronic device, including: a memory and one or more processors; the memory is coupled to the one or more processors, and the memory is used to store computer program codes, and the computer program codes include computer instructions , one or more processors invoke computer instructions to cause the electronic device to perform the method of the second aspect or any one of the embodiments of the second aspect.
  • an embodiment of the present application provides an electronic device, including: a memory and one or more processors; the memory is coupled to the one or more processors, and the memory is used to store computer program codes, and the computer program codes include computer instructions , one or more processors invoke computer instructions to cause the electronic device to perform the method of the third aspect or any one of the embodiments of the third aspect.
  • an embodiment of the present application provides a communication system, including a first device and a second device, where the first device is configured to execute the method of the second aspect or any one of the implementation manners of the second aspect.
  • an embodiment of the present application provides a computer-readable storage medium, including instructions, when the instructions are executed on an electronic device, the electronic device causes the electronic device to perform the method of the second aspect or any one of the embodiments of the second aspect.
  • an embodiment of the present application provides a computer program product, which when the computer program product runs on a computer, causes the computer to execute the method of the second aspect or any one of the implementation manners of the second aspect.
  • an embodiment of the present application provides a computer-readable storage medium, including instructions, when the instructions are executed on an electronic device, the electronic device causes the electronic device to perform the method of the third aspect or any one of the embodiments of the third aspect.
  • an embodiment of the present application provides a computer program product, which when the computer program product runs on a computer, enables the computer to execute the third aspect or the method of any implementation manner of the third aspect.
  • the subject device can send an access request for invoking the callee to the object device, and transmit the permission information required by the access request granted by the user to the object device, and the object device can create the first access request. proxy, and grant the first proxy the permissions required by the access request. Afterwards, the guest device can respond to the access request through the first proxy.
  • the object device can revoke the authority obtained by the object device by revoking the authority granted to the first agent, or terminating the first agent. This solution can ensure that the object device obtains the accurate permission, and can revoke the permission precisely and flexibly according to the needs, so as to protect the data security in the object device.
  • FIG. 1A and FIG. 1B are schematic diagrams of a permission checking method, respectively;
  • FIG. 2A is a schematic structural diagram of a communication system 10 provided by an embodiment of the present application.
  • FIG. 2B is a distributed scenario provided by an embodiment of the present application.
  • 3A is a hardware structure diagram of an electronic device provided by an embodiment of the present application.
  • 3B is a software structure diagram of an electronic device provided by an embodiment of the present application.
  • 5A-5C are a set of user interfaces implemented on the main device 200 provided by the embodiment of the present application.
  • 5D-5F are a set of user interfaces implemented on the main device 300 provided by the embodiment of the present application.
  • 6A is a schematic diagram of creating an agent and granting authority according to an embodiment of the present application.
  • 6B is another schematic diagram of creating an agent and granting authority provided by an embodiment of the present application.
  • FIG. 7A is a software structure diagram of a main device provided by an embodiment of the present application.
  • FIG. 7B is a software structure diagram of an object device provided by an embodiment of the present application.
  • FIG. 8 is a flow chart of a single electronic device implementing an access control method based on a binder according to an embodiment of the present application.
  • first and second are only used for descriptive purposes, and should not be construed as implying or implying relative importance or implying the number of indicated technical features. Therefore, the features defined as “first” and “second” may explicitly or implicitly include one or more of the features. In the description of the embodiments of the present application, unless otherwise specified, the “multiple” The meaning is two or more.
  • GUI graphical user interface
  • the electronic device has authorization conditions means that the electronic device supports one or more authorization methods for user authorization.
  • the authorization methods may include but are not limited to: pop-up box authorization, fingerprint verification authorization, face verification authorization, voice command authorization, button authorization, etc., which are not limited here.
  • the fact that the application does not have authorization conditions means that the application cannot use various authorization methods provided by the electronic device. For example, when an app does not provide a user interface, the app does not support pop-up authorization.
  • a centralized authority management mechanism can be used, that is, an access control module (ie, authority management service) can perform resource calls on the access policy and authorization status.
  • an access control module ie, authority management service
  • APP2 will verify through the access control module whether the APP1 has the permission required to access the corresponding resource, which will generate additional time overhead.
  • the device where APP1 is located needs to send the access policy and the user's authorization status to the device where APP2 is located separately, which takes a lot of time.
  • the resource invocation based on the cloud service platform adopts a capability-based access control technology. Specifically, when the service caller requests to access the service provided by the cloud service platform, it directly transfers the permission required to access the service to the service entity, so as to provide the service entity with access to the corresponding resources and return the access result. In this way, the permission check can be performed directly by the service entity, and there is no need to perform additional permission verification through the access control module, which reduces the time overhead. In addition, after the service caller passes the permission to the service entity, there is a problem that it is difficult to revoke. On the one hand, when the service caller passes the authority to the service entity, it also passes the aging information.
  • This method may cause the permission to be invalid before the resource call is completed, so the invalidation can accurately revoke the permission according to the actual needs.
  • the cloud service platform needs to record a large amount of authority delegation information, which wastes storage resources. Moreover, the service entity may transfer the acquired authority twice. The cloud service platform cannot accurately revoke the authority according to the authority delegation information. revokes the permission owned by all service entities that have obtained the permission.
  • the following embodiments of the present application provide an access control method for accurately revoking authority, and the access control method can be applied to a stand-alone device or a distributed system including multiple electronic devices.
  • the subject device sends an access request for invoking the callee to the object device, and transmits the permission information required by the access request granted by the user to the object device, and the object device can create a proxy module , and grant the callee the permission to access the proxy module, and grant the proxy module the permission required for the access request.
  • the object device can create and run an instance of the callee, and respond to the access request initiated by the subject device through the proxy module. Afterwards, when the permission required by the access request needs to be revoked, the object device can revoke the permission granted to the proxy module, or can terminate the proxy module.
  • the subject device and the caller apply to the user for the permissions required by the access request.
  • the object device can obtain the access request. required permissions. This ensures that the access request initiated by the caller can be successfully responded, realizes the resource call between devices, and meets the actual needs of the user.
  • the object device responds to the access request by creating a proxy module, and the callee's instance and the proxy module directly perform the permission check in the process again, without the need for additional permission verification through the access control module, reducing the time overhead.
  • the object device can revoke the permissions required for the access request accurately and flexibly.
  • the object device can revoke the permission required by the access request after obtaining the access result, and does not need to revoke the permission by passing the aging information, which avoids the situation that the permission has been invalidated before the resource call is completed.
  • the proxy module the object device does not need to store a large amount of authority delegation information, and even if the object device transmits the acquired authority twice, the method provided by this embodiment of the present application can recover all the rights owned by the instance that has acquired the authority. Permission to achieve precise revocation.
  • the subject device when it sends the access request, it can use the capability-based access control technology to directly send the permission information required by the access request to the object device, avoiding the permission in the centralized permission management mechanism Time overhead caused by synchronization.
  • the proxy module may be an application program, a service, or an instance, a process, or a thread.
  • a process is an execution of an application on a computer.
  • a thread is a single sequential flow of control in the execution of an application.
  • a process can contain multiple threads.
  • the proxy module may specifically include a routing proxy and a revocation proxy, which is not limited in this embodiment of the present application.
  • the object device may grant the right to access the routing proxy to the callee, and grant the right required for the access request to the revocation proxy.
  • the object device can create and run an instance of the callee, find the corresponding revocation proxy through the routing proxy, and respond to the access request initiated by the subject device through the revocation proxy. Afterwards, when the authority required by the access request needs to be revoked, the guest device can revoke the authority granted to the revocation agent, and can also terminate the revocation agent and/or the routing agent.
  • the object device When the object device obtains multiple access requests, it can create different routing agents and revocation agents respectively, and a pair of routing agents and revocation agents are used to respond to one access request. In other embodiments, when the object device acquires multiple access requests, it can create one routing proxy and multiple revocation proxies, and the routing proxy cooperates with each revocation proxy to respond to each access request.
  • the object device when an object device receives access requests for invoking the same callee sent by multiple subject devices, the object device may create multiple instances of the callee, and one instance of the callee is used for Responds to an access request initiated by a caller.
  • the object device can grant the authority obtained by the caller in the subject device to the proxy module corresponding to the instance of the callee created for the caller.
  • the object device provides services for multiple callers in the form of multiple instances, which can ensure that the authority of one caller will only be given to the proxy module corresponding to the instance, which can avoid the problems of mixed use of authority and authority expansion, so as to ensure that the object Data security in the device to prevent data abuse and leakage.
  • the electronic device can obtain the required access request granted by the user. permissions. Afterwards, the electronic device can create a proxy module, grant the callee the right to access the proxy module, and grant the proxy module the rights required for the access request. The electronic device can create and run an instance of the callee, and respond to the access request through the proxy module. Afterwards, when the authority required by the access request needs to be revoked, the electronic device can revoke the authority granted to the proxy module, and can also terminate the proxy module.
  • the caller in the electronic device applies to the user for the permission required by the access request. Regardless of whether the callee has the authorization conditions, as long as the caller has the authorization conditions, the electronic device can obtain the required access request. permissions. Thus, it is ensured that the access request initiated by the caller can be successfully responded, and the resource call in the stand-alone device can be realized to meet the actual needs of the user.
  • the electronic device can revoke the permission required for the access request accurately and flexibly.
  • the proxy module can directly perform permission verification without additional access control modules, which can avoid the time overhead caused by permission verification. For details, please refer to the relevant description when implementing the access control method in a distributed system.
  • the electronic device when it obtains multiple access requests for calling the same callee, it can create multiple instances of the callee, and one instance of the callee is used to respond to the access initiated by one caller ask.
  • the electronic device may grant the authority acquired by the caller to the proxy module corresponding to the instance of the callee created for the caller. In this way, in the form of providing services for multiple callers with multiple instances, it can ensure that the authority of one caller will only be given to the proxy module corresponding to the instance, which can avoid the problems of mixed use of authority and enlargement of authority, thus ensuring that the data security to prevent data abuse and leakage.
  • an instance is an APP or a functional component in a running state.
  • An instance can refer to a process or a thread.
  • Instances are isolated from each other.
  • Electronic devices allocate physical addresses in random access memory (RAM) to different instances on a per-process basis.
  • RAM random access memory
  • the electronic device needs to run the instance, it will find the space corresponding to the instance in the RAM according to the virtual address, and run the instance in the space.
  • the virtual address is mapped with the physical address assigned to the instance by the electronic device, and the mapping relationship is stored in the controller of the electronic device. That is to say, the instance uses the virtual address to find the actual storage location of the memory data.
  • different instances can only access the physical address corresponding to their own virtual address through their own virtual addresses, that is, they cannot access the physical space of each other in RAM, so the instances are isolated from each other.
  • an embodiment of the present application provides a communication system 10 .
  • the communication system 10 includes a plurality of electronic devices.
  • Communication system 10 may also be referred to as distributed system 10 .
  • the multiple electronic devices included in the distributed system 10 are all intelligent terminal devices, which may be of various types, and the specific types of the multiple electronic devices are not limited in this embodiment of the present application.
  • the plurality of electronic devices include cell phones, and may also include tablet computers, desktop computers, laptop computers, handheld computers, notebook computers, smart screens, wearable devices, augmented reality (AR) devices, virtual Virtual reality (VR) devices, artificial intelligence (AI) devices, car devices, smart headsets, game consoles, and can also include Internet of things (IOT) devices or smart home devices such as smart water heaters, smart Lighting, smart air conditioners, etc.
  • IOT Internet of things
  • the plurality of devices in the distributed system 10 may also include non-portable terminal devices such as a laptop with a touch-sensitive surface or a touch panel, a desktop computer with a touch-sensitive surface or a touch panel, and the like Wait.
  • non-portable terminal devices such as a laptop with a touch-sensitive surface or a touch panel, a desktop computer with a touch-sensitive surface or a touch panel, and the like Wait.
  • the distributed system 10 When a plurality of electronic devices in the distributed system 10 are devices deployed in a home, the distributed system 10 may also be referred to as a home distributed system.
  • Multiple electronic devices in the distributed system 10 can be connected by logging into the same account.
  • multiple electronic devices can log in to the same Huawei account and connect and communicate remotely through the server.
  • Multiple electronic devices in the distributed system 10 can also log in to different accounts, but are connected in a binding manner. After an electronic device logs in to an account, the device management application can bind and log in to other electronic devices with different accounts or not logged in, and then these electronic devices can communicate with each other through the device management application.
  • Multiple electronic devices in the distributed system 10 may also establish connections by scanning two-dimensional codes, touching by near field communication (NFC), searching for Bluetooth devices, etc., which is not limited here.
  • NFC near field communication
  • the communication connections established between the plurality of electronic devices in the distributed system 10 may include, but are not limited to, wired connections, wireless connections such as bluetooth (BT) connections, wireless local area networks (WLANs) ) such as wireless fidelity point to point (Wi-Fi P2P) connections, near field communication (NFC) connections, infrared (IR) connections, and remote connections (such as connection) and so on.
  • wireless connections such as bluetooth (BT) connections, wireless local area networks (WLANs) ) such as wireless fidelity point to point (Wi-Fi P2P) connections, near field communication (NFC) connections, infrared (IR) connections, and remote connections (such as connection) and so on.
  • wireless connections such as bluetooth (BT) connections, wireless local area networks (WLANs) ) such as wireless fidelity point to point (Wi-Fi P2P) connections, near field communication (NFC) connections, infrared (IR) connections, and remote connections (such as connection) and so on.
  • Wi-Fi P2P wireless local area
  • multiple electronic devices in the distributed system may also be connected and communicate in combination with any of the foregoing manners, which is not limited in this embodiment of the present application.
  • Multiple electronic devices in the distributed system 10 may be configured with different software operating systems (operating systems, OS), including but not limited to and many more. in, For Huawei's Hongmeng system.
  • OS software operating systems
  • the multiple electronic devices may also be configured with the same software operating system, for example, they may be configured with the same software operating system.
  • the software systems in multiple electronic devices are , the distributed system 10 can be regarded as a hyperterminal.
  • each device in the distributed system 10 may install a traditional application program (application, APP), such as a camera application, a gallery application, a setting application, and the like.
  • application APP
  • the traditional APP may be referred to as APP for short.
  • the distributed system 10 may install distributed applications (distributed applications).
  • the distributed application may be a system application or a third-party application, which is not limited here.
  • System applications refer to applications provided or developed by manufacturers of electronic equipment
  • third-party applications refer to applications provided or developed by manufacturers of non-electronic equipment.
  • the manufacturer of the electronic device may include the manufacturer, supplier, provider or operator of the electronic device, and the like.
  • a manufacturer may refer to a manufacturer that processes and manufactures electronic equipment with self-made or purchased parts and raw materials.
  • the supplier may refer to the manufacturer that provides the complete machine, raw material or parts of the electronic equipment.
  • the operator may refer to a manufacturer responsible for the distribution of the electronic device.
  • a distributed application consists of one or more functional components.
  • a functional component is the smallest capability unit that can run independently in an electronic device, and is a concept of abstract encapsulation of a single capability.
  • APP integrates multiple functions, and functional components take each function as a separate service-based basic capability and exist independently. That is, a functional component is a program entity that implements a single function.
  • Each functional component can be downloaded, installed and run independently. Multiple functional components forming the same distributed application may be deployed in the same electronic device in the distributed system 10, or may be deployed in different electronic devices.
  • the functional component is only a word used in this embodiment, and the meaning it represents has been recorded in this embodiment, and its name does not constitute any limitation to this embodiment.
  • functional components may also be referred to as system components, system services, business functions, and other terms. Subsequent embodiments of the present application are collectively described as "functional components".
  • Functional components in can include the following two categories:
  • FA is a functional component that contains one or several sets of UI, which can provide the ability to interact with the user.
  • UI graphical user interface
  • a navigation interface in a map application a video call interface in an instant messaging application, etc., can be implemented as FA.
  • the FA is developed based on the MVVM (model-view-view-model) model, which separates the view UI and business logic, and deploys the business logic code and the view UI code separately.
  • MVVM model-view-view-model
  • an electronic device can integrate business logic code with other APPs and install it, while view UI code can be installed on other electronic devices.
  • the device where the view UI code is located can communicate with the device where the business logic code is located to obtain the data needed to display the UI.
  • FA supports the ability of page templates, such as Empty Ability, Login Ability, Setting Ability, etc.
  • FA adopts scripting language (javascript, JS) to provide declarative development mode, adopts HTML-like and cascading style sheet (CSS) declarative programming language as the development language of page layout and page style, and supports ECMAScript standard JS Language provides page business logic.
  • scripting language javascript, JS
  • CSS HTML-like and cascading style sheet
  • FA has the capabilities of free installation, independent operation, cross-device UI migration, and cross-device binary migration. FA also has the characteristics of multi-terminal deployment and distributed execution.
  • FA can call AA or APP to realize more and more complex functions.
  • PA is a functional component without UI, which can provide support for FA.
  • PA can provide computing power as a background service, or provide data access capability as a data warehouse.
  • beauty functions, positioning functions, audio and video encoding and decoding functions, etc. can be encapsulated as PA.
  • PA also has the characteristics of multi-terminal deployment and distributed execution. PAs only have dependencies on system services and do not have dependencies on other PAs.
  • PA actually encapsulates the realization of remote virtualization, remote invocation, PA management, cross-platform compatibility, security, etc., and opens up cross-device service enablement and arousal to developers for other devices to invoke the computing power of this device and coordinate with other devices.
  • the device does the computing work.
  • PA supports Service Ability, Data Ability, etc.
  • Service Ability is used to provide the ability to run tasks in the background.
  • Data Ability is used to provide a unified data access abstraction to the outside world.
  • PA can call FA or APP to realize more and more complex functions.
  • FA and PA are only a word used in this embodiment, and in some other embodiments of this application, they may also be referred to as other nouns.
  • PA atomic capability
  • FA may also be referred to as other terms such as atomic capability (AA), atomic application, meta-capability, atomic service, characteristic capability, and the like.
  • Multiple functional components composing a distributed application may be developed or provided by the same developer, or may be developed or provided by multiple developers separately, which is not limited here. Different developers jointly develop functional components, which can improve the development efficiency of distributed applications.
  • the functional components provide externally standardized interfaces for invocation.
  • APP can call functional components.
  • functional components can also call other functional components or APPs.
  • the called functional component can also continue to call another functional component or APP, so the multi-level call method can be called chain call.
  • each device After each device in the distributed system 10 establishes a communication connection, each device will synchronize the functional component information and APP information of other devices in the distributed system. Specifically, each device can synchronize the names of the functional components installed by itself and the APP to other devices, so as to subsequently call functional components such as FA and PA of other devices in the distributed system 10 . In some other embodiments, each device may also synchronize its own device identification, device type, etc. to other devices in the distributed system.
  • FIG. 2B exemplarily shows a possible distributed distance teaching business scenario.
  • the distributed system includes electronic devices such as smart phones, tablet computers, and smart screens.
  • the various devices in the distributed system are connected to each other in pairs.
  • Smartphones, tablets, and smart screens can be configured with different software operating systems (OS), for example, smartphones and tablets can be configured system, smart screen can be configured system.
  • OS software operating systems
  • “Online classroom” is installed in the smartphone.
  • “Online classroom” is an application program installed in an electronic device to provide teachers and students with various functions required for remote classes, and the name of the program is not limited in this embodiment of the present application.
  • “Online classroom” may include the following functional components: blackboard functional components, whiteboard functional components, audio and video codec functional components, and network connection functional components.
  • the blackboard functional components and the whiteboard functional components belong to the FA
  • the audio and video codec functional components and the network connection functional components belong to the PA.
  • the blackboard function component provides the function of teaching courses remotely.
  • the Whiteboard feature component provides the ability to answer questions remotely.
  • the audio and video codec function components provide video and audio codec functions.
  • the blackboard functional components can be migrated or switched to the smart screen, so as to explain the course on the smart screen.
  • Migrating or switching functional components from one device A to another device B can include the following two types: 1. UI migration. When the FA's view UI and business logic are separated, when device A can run business logic code, device B can be triggered to run the view UI code, and the user seems to have migrated functional components from device A to device B. 2, the overall migration. The overall migration means that after device B downloads and installs the functional component from device A or from the network, it runs the functional component and provides corresponding functions.
  • the "online classroom” is the caller, and the whiteboard functional component in the tablet computer and the blackboard functional component in the smart screen are the callee.
  • FIG. 2B also shows another possible distributed video call service scenario.
  • the smartphone may also be installed with other distributed applications, such as instant messaging applications.
  • Instant messaging applications can provide video calls, voice calls, and other communication features.
  • the instant messaging application may include the following functional components: video calling functional components, audio and video codec functional components, and network connection functional components.
  • the video calling function component of the application can be migrated or switched to the smart screen, so that the camera and display screen of the smart screen can be used to make video calls.
  • the blackboard functional component in the above-mentioned "online classroom” and the video calling functional component in the instant messaging application may be the same functional component. That is to say, the functional component in the smart screen can be called separately by the "online classroom” and instant messaging applications installed on the smart phone.
  • the instant messaging application is the caller
  • the video call functional component ie, the video call functional component in the smart screen
  • the service scenario shown in FIG. 2B is only used to assist in describing the technical solutions of the embodiments of the present application.
  • the distributed system shown in FIG. 2B may include more terminal devices, more or less functional components may be deployed in each device, and each distributed application may include more or less functional components .
  • each device after each device in the distributed system 10 establishes a communication connection, each device will synchronize functional component information and APP information of other devices in the distributed system. Specifically, each device can synchronize the names of the functional components and APPs installed by itself to other devices, so that the APPs, functional components, etc. of other devices can be called in the distributed system 10 later.
  • the party that initiates the invocation of the functional component or the APP may be referred to as the invoker.
  • the caller can be, for example, APP, FA or PA.
  • the initial initiator of the entire call chain can be called the first caller.
  • the first caller can be, for example, an APP or an FA.
  • the call chain is: APP1 calls PA1, PA1 calls PA2, PA2 calls FA1, then APP1 is the first caller.
  • the call chain is: FA1 calls PA1, PA1 calls PA2, then FA1 is the first caller.
  • the middle called party and the last called party can be called the callee.
  • the callee can be, for example, APP, FA or PA.
  • the caller may also be referred to as a subject application, and the callee may also be referred to as an object application.
  • the caller, and the callee can be deployed in the same electronic device or in different electronic devices.
  • the device where the caller is located is called the subject device, and the device where the callee is located is called the object device.
  • the application referred to in the following embodiments of the present application may include an APP or a functional component.
  • the main device After the main device generates an access request for invoking the callee in the object device, it can request the user to grant the permission required by the access request, and then send the access request and the permission information required by the access request granted by the user to the object equipment.
  • the guest device After receiving the access request sent by the subject device, the guest device can create a proxy module, grant the proxy module the authority required by the access request, and grant the callee the access rights to the proxy module.
  • the object device can create and run an instance of the callee, and respond to the access request initiated by the subject device through the proxy module. Afterwards, when the permission required by the access request needs to be revoked, the object device can revoke the permission granted to the proxy module, or can terminate the proxy module.
  • the object device when an object device receives access requests for invoking the same callee sent by multiple subject devices, the object device may create multiple instances of the callee, and one instance of the callee is used for Responds to an access request initiated by a caller.
  • the electronic device can obtain the access granted by the user after generating multiple access requests for invoking the callee in the process of running the caller. Request the required permissions. Afterwards, the electronic device can create a proxy module, grant the callee the right to access the proxy module, and grant the proxy module the rights required for the access request. The electronic device can create and run an instance of the callee, and respond to the access request through the proxy module. Afterwards, when the authority required by the access request needs to be revoked, the electronic device can revoke the authority granted to the proxy module, and can also terminate the proxy module.
  • the electronic device when the subject device and the object device are the same electronic device, if the electronic device obtains multiple access requests for invoking the same callee, the electronic device may create multiple instances of the callee , an instance of a callee used to respond to an access request initiated by a caller.
  • FIG. 3A is a schematic diagram of a hardware structure of an electronic device provided by an embodiment of the present application.
  • the electronic device may be any electronic device in the distributed system 10 shown in FIG. 2A .
  • the electronic device may be a subject device, a guest device, or a subject device and an object device at the same time.
  • the electronic device may include a processor 110 , an external memory interface 120 , an internal memory 121 , a universal serial bus (USB) interface 130 , a charge management module 140 , a power management module 141 , and a battery 142 , Antenna 1, Antenna 2, Mobile Communication Module 150, Wireless Communication Module 160, Audio Module 170, Speaker 170A, Receiver 170B, Microphone 170C, Headphone Interface 170D, Sensor Module 180, Key 190, Motor 191, Indicator 192, Camera 193 , a display screen 194, and a subscriber identification module (subscriber identification module, SIM) card interface 195 and the like.
  • a processor 110 an external memory interface 120 , an internal memory 121 , a universal serial bus (USB) interface 130 , a charge management module 140 , a power management module 141 , and a battery 142 , Antenna 1, Antenna 2, Mobile Communication Module 150, Wireless Communication Module 160, Audio Module 170, Speaker 170A, Receiver
  • the sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, and ambient light. Sensor 180L, bone conduction sensor 180M, etc.
  • the structures illustrated in the embodiments of the present application do not constitute a specific limitation on the electronic device.
  • the electronic device may include more or less components than shown, or combine some components, or separate some components, or arrange different components.
  • the illustrated components may be implemented in hardware, software, or a combination of software and hardware.
  • the processor 110 may include one or more processing units, for example, the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), controller, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (neural-network processing unit, NPU), etc. Wherein, different processing units may be independent devices, or may be integrated in one or more processors.
  • application processor application processor, AP
  • modem processor graphics processor
  • ISP image signal processor
  • controller video codec
  • digital signal processor digital signal processor
  • baseband processor baseband processor
  • neural-network processing unit neural-network processing unit
  • the controller can generate an operation control signal according to the instruction operation code and timing signal, and complete the control of fetching and executing instructions.
  • a memory may also be provided in the processor 110 for storing instructions and data.
  • the memory in processor 110 is cache memory. This memory may hold instructions or data that have just been used or recycled by the processor 110 . If the processor 110 needs to use the instruction or data again, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby increasing the efficiency of the system.
  • the wireless communication function of the electronic device can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the modulation and demodulation processor, the baseband processor, and the like.
  • Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals.
  • Each antenna in an electronic device can be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization.
  • the antenna 1 can be multiplexed as a diversity antenna of the wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
  • the mobile communication module 150 can provide a wireless communication solution including 2G/3G/4G/5G etc. applied on the electronic device.
  • the mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (LNA) and the like.
  • the mobile communication module 150 can receive electromagnetic waves from the antenna 1, filter and amplify the received electromagnetic waves, and transmit them to the modulation and demodulation processor for demodulation.
  • the mobile communication module 150 can also amplify the signal modulated by the modulation and demodulation processor, and then turn it into an electromagnetic wave for radiation through the antenna 1 .
  • at least part of the functional modules of the mobile communication module 150 may be provided in the processor 110 .
  • at least part of the functional modules of the mobile communication module 150 may be provided in the same device as at least part of the modules of the processor 110 .
  • the modem processor may include a modulator and a demodulator.
  • the modulator is used to modulate the low frequency baseband signal to be sent into a medium and high frequency signal.
  • the demodulator is used to demodulate the received electromagnetic wave signal into a low frequency baseband signal.
  • the demodulator then transmits the demodulated low-frequency baseband signal to the baseband processor for processing.
  • the low frequency baseband signal is processed by the baseband processor and passed to the application processor.
  • the application processor outputs sound signals through audio devices (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or videos through the display screen 194 .
  • the modem processor may be a stand-alone device.
  • the modem processor may be independent of the processor 110, and may be provided in the same device as the mobile communication module 150 or other functional modules.
  • the wireless communication module 160 can provide applications on electronic devices including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) networks), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions.
  • WLAN wireless local area networks
  • BT wireless fidelity
  • GNSS global navigation satellite system
  • frequency modulation frequency modulation
  • FM near field communication technology
  • NFC near field communication
  • IR infrared technology
  • the wireless communication module 160 may be one or more devices integrating at least one communication processing module.
  • the wireless communication module 160 receives electromagnetic waves via the antenna 2 , demodulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 .
  • the wireless communication module 160 can also receive the signal to be sent from the processor 110 , perform frequency modulation on it, amplify it, and convert it into electromagnetic waves for radiation through
  • the antenna 1 of the electronic device is coupled with the mobile communication module 150, and the antenna 2 is coupled with the wireless communication module 160, so that the electronic device can communicate with the network and other devices through wireless communication technology.
  • the wireless communication technology may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband Code Division Multiple Access (WCDMA), Time Division Code Division Multiple Access (TD-SCDMA), Long Term Evolution (LTE), BT, GNSS, WLAN, NFC , FM, and/or IR technology, etc.
  • the GNSS may include global positioning system (global positioning system, GPS), global navigation satellite system (global navigation satellite system, GLONASS), Beidou navigation satellite system (beidou navigation satellite system, BDS), quasi-zenith satellite system (quasi -zenith satellite system, QZSS) and/or satellite based augmentation systems (SBAS).
  • global positioning system global positioning system, GPS
  • global navigation satellite system global navigation satellite system, GLONASS
  • Beidou navigation satellite system beidou navigation satellite system, BDS
  • quasi-zenith satellite system quadsi -zenith satellite system, QZSS
  • SBAS satellite based augmentation systems
  • the electronic device realizes the display function through the GPU, the display screen 194, and the application processor.
  • the GPU is a microprocessor for image processing, and is connected to the display screen 194 and the application processor.
  • the GPU is used to perform mathematical and geometric calculations for graphics rendering.
  • Processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.
  • Display screen 194 is used to display images, videos, and the like.
  • Display screen 194 includes a display panel.
  • the display panel can be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode or an active-matrix organic light-emitting diode (active-matrix organic light).
  • LED diode AMOLED
  • flexible light-emitting diode flexible light-emitting diode (flex light-emitting diode, FLED), Miniled, MicroLed, Micro-oLed, quantum dot light-emitting diode (quantum dot light emitting diodes, QLED) and so on.
  • the electronic device may include 1 or N display screens 194 , where N is a positive integer greater than 1.
  • the electronic device can realize the shooting function through the ISP, the camera 193, the video codec, the GPU, the display screen 194 and the application processor.
  • the ISP is used to process the data fed back by the camera 193 .
  • the shutter is opened, the light is transmitted to the camera photosensitive element through the lens, the light signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing, and converts it into an image visible to the naked eye.
  • ISP can also perform algorithm optimization on image noise, brightness, and skin tone.
  • ISP can also optimize the exposure, color temperature and other parameters of the shooting scene.
  • the ISP may be provided in the camera 193 .
  • Camera 193 is used to capture still images or video.
  • the object is projected through the lens to generate an optical image onto the photosensitive element.
  • the photosensitive element can be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor.
  • CMOS complementary metal-oxide-semiconductor
  • the photosensitive element converts the optical signal into an electrical signal, and then transmits the electrical signal to the ISP to convert it into a digital image signal.
  • the ISP outputs the digital image signal to the DSP for processing.
  • DSP converts digital image signals into standard RGB, YUV and other formats of image signals.
  • the electronic device may include 1 or N cameras 193 , where N is a positive integer greater than 1.
  • a digital signal processor is used to process digital signals, in addition to processing digital image signals, it can also process other digital signals. For example, when the electronic device selects the frequency point, the digital signal processor is used to perform Fourier transform on the frequency point energy, etc.
  • Video codecs are used to compress or decompress digital video.
  • An electronic device may support one or more video codecs.
  • the electronic device can play or record videos in various encoding formats, such as: moving picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4 and so on.
  • MPEG moving picture experts group
  • MPEG2 moving picture experts group
  • MPEG3 MPEG4
  • MPEG4 moving picture experts group
  • the NPU is a neural-network (NN) computing processor.
  • NN neural-network
  • applications such as intelligent cognition of electronic devices can be realized, such as image recognition, face recognition, speech recognition, text understanding, etc.
  • the internal memory 121 may include one or more random access memories (RAM) and one or more non-volatile memories (NVM).
  • RAM random access memories
  • NVM non-volatile memories
  • Random access memory can include static random-access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM), double data rate synchronization Dynamic random access memory (double data rate synchronous dynamic random access memory, DDR SDRAM, such as fifth-generation DDR SDRAM is generally referred to as DDR5 SDRAM), etc.; non-volatile memory can include disk storage devices, flash memory (flash memory).
  • SRAM static random-access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • DDR SDRAM double data rate synchronization Dynamic random access memory
  • non-volatile memory can include disk storage devices, flash memory (flash memory).
  • the random access memory can be directly read and written by the processor 110, and can be used to store executable programs (eg, machine instructions) of an operating system or other running programs, and can also be used to store data of users and application programs.
  • executable programs eg, machine instructions
  • the random access memory can be directly read and written by the processor 110, and can be used to store executable programs (eg, machine instructions) of an operating system or other running programs, and can also be used to store data of users and application programs.
  • the non-volatile memory can also store executable programs and store data of user and application programs, etc., and can be loaded into the random access memory in advance for the processor 110 to directly read and write.
  • the external memory interface 120 can be used to connect an external non-volatile memory to expand the storage capacity of the electronic device.
  • the external non-volatile memory communicates with the processor 110 through the external memory interface 120 to realize the data storage function. For example, save music, video, etc. files in external non-volatile memory.
  • the electronic device can implement audio functions through the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone jack 170D, and the application processor. Such as music playback, recording, etc.
  • the audio module 170 is used for converting digital audio information into analog audio signal output, and also for converting analog audio input into digital audio signal. Audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be provided in the processor 110 , or some functional modules of the audio module 170 may be provided in the processor 110 .
  • Speaker 170A also referred to as a "speaker" is used to convert audio electrical signals into sound signals.
  • the electronic device can listen to music through the speaker 170A, or listen to a hands-free call.
  • the receiver 170B also referred to as "earpiece" is used to convert audio electrical signals into sound signals.
  • the voice can be received by placing the receiver 170B close to the human ear.
  • the microphone 170C also called “microphone” or “microphone” is used to convert sound signals into electrical signals.
  • the user can make a sound by approaching the microphone 170C through a human mouth, and input the sound signal into the microphone 170C.
  • the electronic device may be provided with at least one microphone 170C.
  • the electronic device may be provided with two microphones 170C, which can implement a noise reduction function in addition to collecting sound signals.
  • the electronic device can also be provided with three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, and implement directional recording functions.
  • the fingerprint sensor 180H is used to collect fingerprints. Electronic devices can use the collected fingerprint characteristics to unlock fingerprints, access application locks, take photos with fingerprints, and answer incoming calls with fingerprints.
  • the keys 190 include a power-on key, a volume key, and the like. Keys 190 may be mechanical keys. It can also be a touch key.
  • the electronic device may receive key input and generate key signal input related to user settings and function control of the electronic device.
  • Motor 191 can generate vibrating cues.
  • the indicator 192 can be an indicator light, which can be used to indicate the charging state, the change of the power, and can also be used to indicate a message, a missed call, a notification, and the like.
  • the pressure sensor 180A is used to sense pressure signals, and can convert the pressure signals into electrical signals.
  • the pressure sensor 180A may be provided on the display screen 194 .
  • Touch sensor 180K also called “touch device”.
  • the touch sensor 180K may be disposed on the display screen 194 , and the touch sensor 180K and the display screen 194 form a touch screen, also called a “touch screen”.
  • the touch sensor 180K is used to detect a touch operation on or near it.
  • the touch sensor can pass the detected touch operation to the application processor to determine the type of touch event.
  • Visual output related to touch operations may be provided through display screen 194 .
  • the touch sensor 180K may also be disposed on the surface of the electronic device, which is different from the location where the display screen 194 is located.
  • the mobile communication module 150 or the wireless communication module 160 can be used to establish a communication connection with other electronic devices (eg, object devices) in the distributed system 10.
  • other electronic devices eg, object devices
  • the mobile communication module 150 or the wireless communication module 160 can also be used to receive the function component information and APP information synchronized with other electronic devices after establishing a communication connection with other electronic devices.
  • the display screen 194, the fingerprint sensor 180H, the camera 193, the audio module 170, the button 190 and other modules can be used to provide various authorization methods, so that after the main device generates an access request for invoking the callee in the object device, request the user Grant the required permissions for this access request.
  • the processor 110 may acquire the permission required by the access request granted by the user in response to the user operation received by the above-mentioned several modules.
  • the mobile communication module 150 or the wireless communication module 160 can also be used to send the access request and the permission information granted by the user to the object device.
  • the display screen 194 can also be used to display the user interface displayed on the main device provided by the subsequent embodiments.
  • the internal memory 121 may be used to store functional component information and APP information synchronized by other electronic devices in the distributed system 10 .
  • the internal memory 121 can also be used to store the calling relationship between the caller in the subject device and the callee in the object device.
  • the calling relationship includes: the calling relationship ID, the information of the caller, and the information of the callee. For the specific content of the calling relationship, reference may be made to related descriptions in subsequent embodiments.
  • the mobile communication module 150 or the wireless communication module 160 can be used to establish a communication connection with other electronic devices (eg, main device) in the distributed system 10.
  • other electronic devices eg, main device
  • FIG. 2A For the specific manner of establishing a communication connection, please refer to the relevant description of FIG. 2A .
  • the mobile communication module 150 or the wireless communication module 160 can also be used to synchronize functional component information and APP information with other electronic devices after establishing a communication connection with other electronic devices.
  • the mobile communication module 150 or the wireless communication module 160 may also be configured to receive an access request sent by one or more main devices for invoking the same callee, and receive the required permissions for the access request granted by the user sent by the main device information.
  • the processor 110 may be configured to create multiple instances of the callee in response to received access requests sent by multiple subject devices, and one instance of the callee is used to respond to an access request initiated by a caller.
  • the processor 110 may be configured to create a proxy module, grant the callee the right to access the proxy module, and grant the proxy module the permission required to access the request.
  • the processor 110 can create and run an instance of the callee, and respond to the access request initiated by the main device through the proxy module. Afterwards, when it is necessary to revoke the authority required by the access request, the processor 110 can revoke the authority granted to the proxy module, and can also terminate the proxy module.
  • the processor 110 may create multiple instances of the callee when the object device receives access requests sent by multiple subject devices for invoking the same callee, and one instance of the callee uses In response to an access request initiated by a caller.
  • the processor 110 may grant the authority acquired by the caller in the subject device to the callee instance created for the caller.
  • the display screen 194 can also be used to display the user interface displayed on the object device provided by the subsequent embodiments.
  • the internal memory 121 may be used to store permission information, aging information, and the like required for the access request sent by each main device.
  • the internal memory 121 can also be used to store the calling relationship between the callee in the object device and the caller in the main device.
  • the invocation relationship includes: the invocation relationship ID, the instance information of the callee, and the information of each caller who invoked the instance. For the specific content of the calling relationship, reference may be made to related descriptions in subsequent embodiments.
  • FIG. 3B is a schematic diagram of a software structure of an electronic device provided by an embodiment of the present application.
  • the electronic device may be any electronic device in the distributed system 10 shown in FIG. 2A .
  • the electronic device may be a subject device, a guest device, or a subject device and an object device at the same time.
  • the software systems of electronic devices can all adopt a layered architecture, an event-driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture.
  • the software system of the electronic device includes but is not limited to Linux or other operating systems.
  • the layered architecture divides the software into several layers, and each layer has a clear role and division of labor. Layers communicate with each other through software interfaces.
  • the Android system is divided into four layers, which are, from top to bottom, an application layer, an application framework layer, an Android runtime (Android runtime) and a system library, and a kernel layer.
  • the application layer can include a series of application packages.
  • the application package may include APP, such as camera, gallery, calendar, call, map, navigation, WLAN, Bluetooth, music, video, short message and other applications.
  • the application layer may also include functional components such as FA, PA, and so on.
  • the application framework layer provides an application programming interface (application programming interface, API) and a programming framework for applications in the application layer.
  • the application framework layer includes some predefined functions.
  • the application framework layer may include a window manager, a content provider, a view system, a telephony manager, a resource manager, a notification manager, and the like.
  • a window manager is used to manage window programs.
  • the window manager can get the size of the display screen, determine whether there is a status bar, lock the screen, take screenshots, etc.
  • Content providers are used to store and retrieve data and make these data accessible to applications.
  • the data may include video, images, audio, calls made and received, browsing history and bookmarks, phone book, etc.
  • the view system includes visual controls, such as controls for displaying text, controls for displaying pictures, and so on. View systems can be used to build applications.
  • a display interface can consist of one or more views.
  • the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.
  • the phone manager is used to provide the communication function of the electronic device. For example, the management of call status (including connecting, hanging up, etc.).
  • the resource manager provides various resources for the application, such as localization strings, icons, pictures, layout files, video files and so on.
  • the notification manager enables applications to display notification information in the status bar, which can be used to convey notification-type messages, and can disappear automatically after a brief pause without user interaction. For example, the notification manager is used to notify download completion, message reminders, etc.
  • the notification manager can also display notifications in the status bar at the top of the system in the form of graphs or scroll bar text, such as notifications of applications running in the background, and notifications on the screen in the form of dialog windows. For example, text information is prompted in the status bar, a prompt sound is issued, the electronic device vibrates, and the indicator light flashes.
  • Android Runtime includes core libraries and a virtual machine. Android runtime is responsible for scheduling and management of the Android system.
  • the core library consists of two parts: one is the function functions that the java language needs to call, and the other is the core library of Android.
  • the application layer and the application framework layer run in virtual machines.
  • the virtual machine executes the java files of the application layer and the application framework layer as binary files.
  • the virtual machine is used to perform functions such as object lifecycle management, stack management, thread management, safety and exception management, and garbage collection.
  • a system library can include multiple functional modules. For example: surface manager (surface manager), media library (Media Libraries), 3D graphics processing library (eg: OpenGL ES), 2D graphics engine (eg: SGL), etc.
  • surface manager surface manager
  • media library Media Libraries
  • 3D graphics processing library eg: OpenGL ES
  • 2D graphics engine eg: SGL
  • the Surface Manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.
  • the media library supports playback and recording of a variety of commonly used audio and video formats, as well as still image files.
  • the media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.
  • the 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing.
  • 2D graphics engine is a drawing engine for 2D drawing.
  • the kernel layer is the layer between hardware and software.
  • the kernel layer contains at least display drivers, camera drivers, audio drivers, and sensor drivers.
  • FIG. 4 is a schematic flowchart of an access control method for accurately revoking authority provided by an embodiment of the present application. The method shown in FIG. 4 is described by taking the subject device calling resources in the object device as an example.
  • the method may include the following steps:
  • the number of the object device is one, and the object device can be any electronic device in the distributed system 10 .
  • the number of main devices may be one or multiple.
  • the main device can be any electronic device in the distributed system 10 .
  • the embodiments of the present application do not limit the manner in which the object device and the subject device establish a communication connection.
  • the communication connection can be established by logging in to the same account, binding the device, scanning a two-dimensional code, and the like.
  • the embodiment of this application does not limit the type of communication connection established between the subject device and the object device, for example, it may include wired connection, wireless connection such as Bluetooth connection, Wi-Fi P2P connection, NFC connection, IR connection, and remote connection, etc. Wait.
  • wireless connection such as Bluetooth connection, Wi-Fi P2P connection, NFC connection, IR connection, and remote connection, etc. Wait.
  • the guest device can send the information of the function components installed by itself and the APP information, such as identification and the like, to the host device.
  • the functional components or APPs that can be called are declared or defined by the developer during the development phase. The available-for-calling here only means that the functional components or APPs can be called by the caller, not that they are open or authorized to be called by a certain device.
  • the guest device may send capability information open to the host device to the host device, where the capability information indicates the APP and functional components that the guest device opens to the host device for invocation , resources, etc.
  • the capability information open to the main device means that the corresponding APP, functional components, and resources can be called by the main device.
  • the capability of the object device to be opened to the main device can be preset by the object device or set by the user.
  • electronic devices can open APPs or functional components with low confidentiality or low sensitivity to other devices.
  • electronic devices can open camera applications, gallery applications, etc. to other devices, but not banking applications. equipment.
  • the capabilities of the object device open to different subject devices may be the same or different, and there is no restriction here.
  • the subject device generates an access request, where the access request is used by the caller in the subject device to call the callee in the object device to access the first resource.
  • a caller is installed in the subject device, and a callee is installed in the object device.
  • Both the caller and the callee can be an APP or a functional component.
  • APP and functional components please refer to the foregoing related descriptions.
  • the access request generated by the main device may include: the identifier of the caller, the identifier of the callee, and the identifier of the first resource. In some embodiments, the access request may further include: the identity of the subject device and the identity of the object device.
  • the identifier of the subject device or the object device may be a device type, a device model, a device name, etc., which is not limited in this embodiment of the present application.
  • the device type here can be viewed from the function of the device, for example, it may include a mobile phone, a tablet computer, a smart headset, an IOT device, or a smart home device, and so on.
  • the identifier of the caller and the identifier of the callee can be the application identifier (APP ID).
  • the first resource may be a software resource or a hardware resource.
  • the hardware resources may include, for example, a camera, a fingerprint sensor, an audio device, a display screen, a motor, a flash, and the like provided by the device.
  • the software resources may include, for example, memory resources, computing capabilities (such as beauty algorithm capabilities, audio and video encoding and decoding capabilities), network capabilities, positioning functions, and the like possessed by the device.
  • the first resource may include one or more resources, which is not limited here.
  • the identity of the callee and the identity of the first resource may be the same.
  • the identifier of the callee may also be the identifier of the camera, which is used to indicate that the callee is a camera application.
  • each access request corresponds to an initiating device (ie, a main device) of the access request, a caller, a callee, and a first resource to be accessed.
  • the callee and the first resource corresponding to different access requests are the same, and the main device and the caller corresponding to different access requests may be different.
  • the main device may generate the access request in response to the received user operation during the process of running the caller.
  • the subject device 200 and the subject device 300 each generate an access request for the object device 100 as an example for description.
  • the main device 200 can be a tablet computer
  • the main device 300 can be a smart screen
  • the object device 100 can be a smart phone.
  • FIG. 5A exemplarily shows the user interface 51 provided by the “Gallery” in the main device 200 .
  • “Gallery” is a picture management application installed on the electronic device, and may also be called “album”, and the name of the application is not limited in this embodiment.
  • “Gallery” supports users to perform various operations on pictures stored on electronic devices or cloud servers, such as browsing, editing, deleting, and selecting.
  • the user interface 51 displays: a status bar 501 , a back key 502 , a page indicator 503 , a picture 504 , and one or more device options 505 .
  • the status bar 501 may include: one or more signal strength indicators of Wi-Fi signals, battery status indicators, time indicators, and the like.
  • the return key 502 is used to return to the previous page provided by the "Gallery”.
  • the page indicator 503 is used to indicate that the current page is a page provided by "Gallery".
  • the page indicator 503 may be implemented as text such as the text "Gallery", an icon or other form.
  • the picture 504 may be a picture stored in the main device 200 or a cloud server.
  • the picture 504 may be captured by the main device 200, or downloaded by the main device 200 from the network, or shared from other devices.
  • One or more device options 505 may correspond to devices in the distributed system 10 that may provide image processing capabilities to meet the image processing needs of the main device 200, such as smartphones and the like.
  • Device options 505 may be implemented as images, icons, text, etc., without limitation.
  • the main device 200 can detect the user operation acting on the device option 505 and, in response to the user operation, generate an access request, which is used for the “Gallery” application in the main device 200 to call the device Option 505 corresponds to the image processing functional component (FA) and image processing resources in the smartphone 1 (ie, the object device 100 ).
  • FA image processing functional component
  • FIG. 5D exemplarily shows the user interface 52 provided by the “Gallery” in the main device 300 .
  • displayed in the user interface 52 are: a status bar, a back key, a page indicator, a picture 508 , and one or more device options 509 .
  • Status bar, back key, page indicator, picture 508, one or more device options 509 can refer to the relevant description in FIG. 5A.
  • the main device 300 can detect the user operation acting on the device option 509, for example, the user selects the device option 509 through the remote control, and generates an access request in response to the user operation.
  • the access request The “Gallery” application used in the main device 300 invokes the image processing functional component (FA) and image processing resources in the smartphone 1 (ie, the object device 100 ) corresponding to the device option 505 .
  • FA image processing functional component
  • the subject device may also autonomously generate an access request for the object device in the process of running the caller in some cases. For example, each time the subject device makes a video call, it may generate an access request for the instant messaging application in the subject device to call the video call functional component and camera resources in the smart screen (ie, the object device 100 ) by default.
  • the subject device may further query whether the object device has granted the access authority to the callee and/or the first resource in the access request to the subject device. If so, proceed to the next steps. In this way, it can be ensured that the subject device can initiate an access request within the scope of the capability of the object device to be opened to the subject device, and will not initiate an access request outside the open capability range, which can increase the probability of the access request being responded to and reduce the number of devices between devices. of ineffective communication.
  • the main device may also directly perform subsequent steps after generating the access request.
  • the main device requests the user to grant the authority required by the access request generated by the main device.
  • S103 may be directly performed.
  • Sensitive resources may refer to resources that will pose a greater risk to user privacy after being leaked, such as resources whose privacy level is higher than a threshold.
  • Sensitive resources may include hardware resources, software resources, and stored data in electronic devices.
  • Hardware resources may include, for example, cameras, audio devices, display screens, and the like.
  • the software resources may include, for example, memory resources, computing capabilities (such as beauty algorithm capabilities, audio and video codec capabilities), network capabilities, positioning functions, high-confidential APPs (such as banking APPs), and the like.
  • Stored data may include, for example, stored user information, photos, videos, passwords that the user logs into the application, and the like.
  • the main device may also perform S103 first, and then perform S102, that is, the main device may first request the user to grant the permission, and then generate the access request after obtaining the permission.
  • the electronic device When the electronic device supports one or more authorization methods for user authorization, the electronic device has authorization conditions. When the caller supports one or more authorization methods for user authorization, the caller has authorization conditions.
  • the authorization methods may include but are not limited to: pop-up box authorization, fingerprint verification authorization, face verification authorization, voice command authorization, button authorization, etc., which are not limited here.
  • an electronic device has authorization conditions and the types of supported authorization methods depend on the hardware and/or software configuration of the electronic device. For example, supporting pop-up authorization requires the electronic device to configure the display. Fingerprint authentication and authorization are supported, and the electronic device needs to be equipped with a fingerprint sensor. Support face authentication authorization, which requires electronic devices to be equipped with cameras and face recognition algorithms. Supports voice command authorization, requires electronic devices to be equipped with microphones or other sound pickup devices. Button authorization is supported, and physical buttons need to be configured on the electronic device.
  • Whether the caller has authorization conditions depends on the function of the caller itself. For example, when the caller can provide a user interface, the caller can support pop-up authorization. For another example, when the caller can call the fingerprint sensor, the caller can support fingerprint authentication and authorization.
  • the permissions required for the access request generated by the subject device include: the permission to invoke the callee in the object device, and/or the permission to access the first resource in the object device.
  • the authority required for the access request specifically includes: the authority of the subject device to invoke the callee in the object device and/or to access the first resource.
  • the permission required by the access request specifically includes: the caller's permission to invoke the callee in the object device and/or to access the first resource.
  • the permission required by the access request specifically includes: the caller in the subject device calls the callee in the object device and/or the permission to access the first resource.
  • the subject device may use an authorization method supported by both the subject device and the caller during the process of running the caller to request the user to grant the permission required by the access request generated by itself.
  • the different authorization methods are described below.
  • prompt information can be output on the display screen, and the prompt information is used to prompt the permission required for the access request.
  • the main device can detect the user operation acting on the display screen, and in response to the user operation, obtain the permission required for the access request.
  • FIG. 5B exemplarily shows the displayed user interface 51 when the main device 200 uses the pop-up box authorization to request user authorization.
  • the window 506 includes: prompt information 506a, controls 506b, and controls 506c.
  • the prompt information 506a is used to prompt the user to grant the authority required by the access request generated by the main device 200 .
  • the prompt information 506a can be, for example, the text ""Gallery” needs to access your image processing resources, after authorization, the following applications will use this permission: Image Processing Function Component (FA)", where “Gallery” indicates the caller, " The image processing functional component (FA)” indicates the callee, and the "image processing resource” indicates that the first resource is a camera resource.
  • the prompt information 506a may include information of the subject device and the object device.
  • the prompt information 506a is used to prompt the user to grant the “Gallery” application in the subject device 200 the right to call the image processing function (FA) in the smartphone 1 (ie, the object device 100 ) to access image processing resources.
  • FA image processing function
  • the specific content of the prompt information 506a depends on the authority required for the access request, which is not limited here.
  • the control 506b can be used to monitor the user operation, and the main device 200, in response to the user operation, learns that the permission required by the access request generated by the main device 200 cannot be obtained currently.
  • the control 506c can be used to monitor the user operation.
  • the main device 200 successfully acquires the permission required by the access request generated by the main device 200, and the validity period of the permission is one time. That is, the permission required by the access request acquired by the main device 200 is valid once, and after the access request is responded, the main device 200 no longer has the permission.
  • the control 506d can be used to monitor the user operation, and the main device 200 successfully acquires the permission required by the access request generated by the main device 200 in response to the user operation, and the time limit of the permission is permanent. That is, the authority required for the access request acquired by the main device 200 is permanently valid.
  • the main device 200 receives the user operation acting on the control 506c, and obtains the permission of the “Gallery” in the main device 200 to call the image processing functional component (FA) in the object device 100 and access the image processing resources, And the time limit of this permission is valid once.
  • FA image processing functional component
  • FIG. 5E exemplarily shows the displayed user interface 52 when the main device 300 uses the pop-up box authorization to request user authorization.
  • window 510 included in the user interface 52 reference may be made to the window 506 in the user interface 51 shown in FIG. 5B , and details are not described here.
  • the main device 300 can receive a user operation acting on the control 510a. In response to the user operation, the main device 300 successfully obtains the permission required by the access request generated by the main device 300, and the validity period of the permission is for perpetual.
  • the main device When the main device supports fingerprint authentication and authorization, the user's fingerprint can be collected by the fingerprint sensor, and the collected fingerprint can be compared with the preset fingerprint. If the two fingerprints are consistent, the main device has obtained the permission required for the access request.
  • the main device may preset multiple fingerprints, and when different preset fingerprints are collected, obtain permissions required for access requests with different time-limits.
  • the main device When the main device supports face authentication and authorization, it can collect the user's face image through the camera, and compare the collected face image with the preset face image. If the two are consistent, the main device obtains the access request. required permissions.
  • the main device When the main device supports voice command authorization, it can collect the voice command input by the user through a microphone, receiver or other sound pickup device, and compare the collected voice command with the preset voice command. The device obtains the permissions required for the access request. In some embodiments, the main device may preset multiple voice commands, and acquire permissions required for access requests with different time-limits when different preset voice commands are collected.
  • the main device When the main device supports key authorization, the user's pressing operation can be collected through physical keys. If a preset pressing operation (such as one pressing operation, long pressing operation, two consecutive pressing operations, etc.) The device obtains the permissions required for the access request. In some embodiments, the main device may preset multiple pressing operations, and acquire permissions required for access requests with different time periods when different preset pressing operations are collected.
  • a preset pressing operation such as one pressing operation, long pressing operation, two consecutive pressing operations, etc.
  • the device obtains the permissions required for the access request.
  • the main device may preset multiple pressing operations, and acquire permissions required for access requests with different time periods when different preset pressing operations are collected.
  • the subject device when the subject device requests the user to grant the permission required by the access request generated by the subject device, if the permission required by the access request includes the information of the subject device and/or the caller, the user can learn about the current object More granular and detailed information about the permissions required by the access request received by the device to decide whether to grant the permission. In this way, it can be ensured that the user can perform the authorization operation after fully understanding the permissions required for the access request, which can avoid user misoperation or misauthorization, and ensure data security in the object device.
  • the subject device may, in response to the received user operation, obtain the permission granted by the user required for the access request generated by the subject device, and the permission granted by the user may be time-sensitive.
  • the time limit of the permission can include various, not limited to the one-time effective and permanent effective as shown in the above-mentioned FIG. 5B or FIG. 5E, and there may be more situations, such as effective within one week, effective within one month, within the first area Effective and so on, there is no restriction here.
  • the main device may perform S103 after each access request is generated. In other embodiments, after generating the access request, the main device may first determine whether the main device has the permission required by the access request, and if not, apply for the permission to the user through S103, which can reduce the number of users between the main and guest devices. It can improve the efficiency of calling resources across devices in a distributed system.
  • the subject device and the caller apply to the user for the permission required by the access request. Regardless of whether the object device or the callee has the authorization conditions, as long as the subject device or the caller has the authorization conditions, the object device can obtain the access request. required permissions. This ensures that the access request initiated by the caller can be successfully responded, realizes the resource call between devices, and meets the actual needs of the user.
  • the subject device sends the generated access request and the permission information required by the access request granted by the user to the object device.
  • the permission information indicates one or more of the following: whether the main device obtains the permission required by the access request, the permission required for the access request obtained by the main device, the permission obtained by the main device the time limit.
  • the subject device may directly send the permission information required by the access request to the object device while sending the access request to the object device based on the capability (capability) access control technology. For example, permission information required by the access request granted by the user may be carried in the access request. In this way, the time overhead caused by the permission synchronization in the centralized permission management mechanism can be avoided, and the efficiency of resource invocation can be improved.
  • the subject device may send the access request and the permission information required by the access request granted by the user to the guest device, respectively.
  • Executing the above S103-S104 can ensure that the main device initiates the access request after acquiring the permission required by the access request, which can ensure the security of the entire calling process.
  • the subject device may first send an access request to the guest device, and after receiving the access request, the guest device may directly send an authorization to the subject device after confirming that it does not have the authority required for the access request.
  • the authorization request is used to request the user to apply for the permission required by the access request.
  • the subject device may perform the operation of S103 in response to the authorization request, and send the permission information required by the access request granted by the user to the object device. That is to say, the subject device can apply to the user for the permission required by the access request under the trigger of the object device, without actively applying for the permission required by the access request from the user itself.
  • the subject device may find the object device corresponding to the access request according to the stored calling relationship, and send the access request and the acquired permission information required by the access request to the object device.
  • the permission information obtained by the callee in the object device may also be recorded or stored.
  • step S105 the object device creates multiple instances of the callee in response to the received access request.
  • the object device can activate different instances according to one or more of the following: the caller, the main device, the developer of the caller, the account of the user to which the caller belongs or the main device, etc. .
  • the object device may enable different callee instances to provide services for the corresponding callers.
  • the object device 100 can create two instances, Serves two callers separately.
  • the application identified as "ID3" in the main device 300 and the application identified as "ID4" in the main device 400 call the application identified as "ID1" in the object device 100 at the same time, because the developers of the two callers are the same , the object device 100 can create an instance to serve two callers at the same time.
  • the object device if there is an instance of the callee that provides services for the caller in the subject device in the object device, that is, the object device has created the instance before, the object device does not need to perform S105 to recreate the instance. If there is no instance of the callee serving the caller in the subject device in the guest device, the guest device performs S105 to create the instance.
  • the object device 100 after the object device 100 receives the access requests sent by the main device 200 and the main device 300, it will create two instances of image processing functional components (FA), which are the main device 200 and the main device 300 respectively.
  • the main device 300 provides the service.
  • the callee may be pre-installed in the guest device.
  • the guest device may download and install the callee from the network after receiving the access request sent by the guest device, or directly download and install the callee from the subject device.
  • the object device When the object device creates an instance of the callee, it can assign a user ID (user ID, UID) and a process identifier (PID) to the instance.
  • UID user ID
  • PID process identifier
  • the guest device may assign different UIDs to different instances of the callee.
  • the guest device may assign different PIDs to different instances of the callee. Therefore, the guest device can distinguish different instances of the same callee by UID or PID.
  • the object device may save the calling relationship composed of the caller and the instance of the callee.
  • the object device can also synchronize part of the content of the call relationship, such as the call relationship ID, the UID and PID of the callee instance created for the caller in the main device, to the main device, so that the main device can store the call relationship. .
  • the guest device may further record or store the permission information.
  • the object device may query whether the permission to access the callee and/or the first resource is open to the subject device, and only execute the subsequent steps if yes. In this way, invalid communication between host and guest devices can be reduced, and the efficiency of resource invocation can be improved.
  • the object device is an instance of the callee, and a routing proxy and a revocation proxy are created.
  • the routing agent and the revocation agent may be an application program, a service, or an instance, a process, or a thread.
  • the object device may correspondingly create a routing proxy and a revocation proxy for each instance of the callee, and at the same time, grant the right to access the routing proxy to the instance of the callee, and request the access
  • the required permissions are granted to the revocation agent.
  • FIG. 6A shows a situation where the object device 100 creates an instance and routes and revokes the proxy, and grants the instance and each proxy corresponding permissions.
  • the object device 100 has created two instances of the image processing functional component (FA), and created a routing agent and a revocation agent for each of the two instances.
  • FA image processing functional component
  • the object device may create a corresponding revocation proxy for each instance of the callee, but the two instances share a routing proxy. That is, routing agents can be reused. In this way, the overhead in the object device can be reduced, and the efficiency of resource access can be improved.
  • FIG. 6B shows another case where the object device 100 creates an instance, routes and revokes the proxy, and grants the instance and each proxy the corresponding authority.
  • the routing proxy and the revocation proxy may be created by the system of the object device, or may be created by the object device through the callee, which is not limited here.
  • the guest device can create the routing proxy and the revocation proxy by following the identity of the caller, for example, using the UID of the caller passed by the subject device to create the two proxies.
  • the system of the object device creates the routing proxy and the revocation proxy, which can prevent the callee from obtaining the permission required by the access request, thereby avoiding permission expansion or permission abuse, and can further protect the data security in the electronic device.
  • the guest device if a routing proxy and a revocation proxy corresponding to the instance of the callee exist in the guest device, the guest device does not need to perform S106 to recreate the routing proxy and the revocation proxy. If the routing proxy and the revocation proxy corresponding to the instance of the callee do not exist in the guest device, the guest device may perform S106 to create the routing proxy and the revocation proxy.
  • routing proxies and revocation proxies corresponding to the same callee instance may be combined into one proxy.
  • the object device can create multiple instances of the callee, create revocation proxies for each instance, and grant permissions required by each access request to different revocation proxies, such that a revocation proxy can only obtain one access request
  • the problems of permission mixing and permission expansion are avoided through mutually isolated revocation agents, which can ensure the data security in the object device and prevent data abuse and leakage.
  • the object device grants the permission to access the routing proxy to the instance of the callee, and grants the permission required for the access request to the revocation proxy.
  • the routing proxy corresponding to the instance of the same callee can access the corresponding revocation proxy, and at the same time, the instance of the callee cannot access the revocation proxy. That is to say, the access path in this embodiment of the present application can only be the instance of the callee-routing proxy-revocation proxy-first resource.
  • the object device runs an instance of the callee, accesses a routing proxy corresponding to the instance, finds a revocation proxy corresponding to the instance through the routing proxy, and accesses the first resource through the revocation proxy.
  • the object device running the instance of the callee can access the routing proxy. After that, the object device finds the revocation proxy corresponding to the instance of the callee through the routing proxy. Since the revocation proxy has the permission required for the access request, the object device can access the first resource through the revocation proxy.
  • the permission required for the access request includes the permission to invoke the callee, it can be considered that the permission includes the permission to invoke the callee to perform various operations, and therefore also includes the permission to access the first resource.
  • the object device grants the callee's instance, the routing proxy, and the revocation proxy's respective permissions, and when responding to the access request, the callee's instance, routing proxy, and revocation proxy directly perform permission checks, without the need for Additional permission verification is performed through the access control module, which reduces the time overhead.
  • the object device responds to the access request to access the first resource, which may specifically include one or more of the following:
  • the object device runs an instance of the callee created for the caller, and accesses the first resource to perform a series of operations, such as displaying a video call interface through a display screen, capturing images through a camera, performing computing operations, image processing, and obtaining location information and many more.
  • the object device sends the access result of accessing the first resource to the main device, for example, the image captured by the camera is sent to the main device, so that the main device can send it to the other end device that has a video call with it, and for example, the calculation result,
  • the obtained location information is sent to the main device and so on.
  • the object device receives the data sent by the main device, uses the data to access the first resource, and performs a series of operations.
  • the object device may receive an image sent by the main device and collected by the device at the other end of the video call, and display the image on the video call interface of the display screen.
  • the operation performed by the object device to access the first resource in response to the access request may be determined by the object device by default, or determined by the user on the object device side, or determined by the access request sent by the main device side. make restrictions.
  • FIG. 5C is the user interface 51 displayed after the host device 200 receives the access result of the object device 100 accessing the first resource.
  • the main device 200 can first send the picture 504 in FIG. 5A to the object device 100, and the picture 504 can be carried in the access request, and then the object device 100 can run the image processing function component created for the “Gallery” in the main device 200 (FA), and access the image processing resource in the object device 100 through the specific operation in S107 , and send the access result of the image processing resource processing the picture 504 to the main device 200 .
  • the host device 200 may display a picture 506 obtained after processing by the object device 100 according to the access result in the user interface 51 .
  • the definition of the picture 506 is higher than that of the picture 504 in FIG. 5A .
  • the processing of adjusting the sharpness of the picture 504 by the object device 100 may be selected by the user on the object device side on the object device, or executed by default on the object device.
  • prompt information 507 may also be displayed in the user interface 51 for prompting the resource invocation result.
  • FIG. 5F is the user interface 52 displayed by the host device 300 after receiving the access result of the object device 100 accessing the first resource.
  • the host device 300 can first send the picture 508 in FIG. 5D to the object device 100, and the picture 508 can be carried in the access request, and then the object device 100 can run the image processing function component created for the “Gallery” in the host device 300 (FA), and access the image processing resource in the object device 100 through the specific operation in S107 , and send the access result of the image processing resource processing the picture 508 to the main device 300 .
  • the host device 300 may display the picture 511 obtained by the object device 100 after processing according to the access result in the user interface 52 .
  • the image of the person in the picture 511 has undergone a slimming and shaping process.
  • the slimming and shaping process performed by the object device 100 on the character image in the picture 508 may be selected by the user on the object device side on the object device, or executed by default on the object device.
  • prompt information 512 may also be displayed in the user interface 52 for prompting the resource invocation result.
  • the object device revokes the permission required by the access request.
  • the guest device may revoke the permission required by the access request transmitted by the subject device in any of the following cases:
  • the object device can revoke the rights required for the access request according to the time limit indicated by the time limit information.
  • the object device can revoke the permission required by the access request after successfully responding to the access request, that is, after finishing accessing the first resource. For example, in the examples of FIGS. 5A-5C, after receiving the access request sent by the subject device 200, the object device 100 may immediately revoke the permission required by the access request after responding to the access request.
  • the object device may revoke the permission required for the access request after receiving the first time of the aging information.
  • the object device may revoke the permission required by the access request when it is not located in the first area.
  • the object device After successfully responding to the access request, that is, after finishing accessing the first resource, the object device can revoke the permission required by the access request according to its own permission revocation policy.
  • the permission revocation policy in the object device may include, but is not limited to: immediately revoke the permission required for the access request, revoke the permission required for the access request after a second time after successfully responding to the access request, and the instance of the callee exceeds the preset value.
  • the permission required for the access request is revoked, or the permission required for the access request is revoked when other conditions are met, and so on.
  • the object device can revoke the permission after successfully responding to the access request, without the need to revoke the permission by passing the aging information, which avoids the situation that the permission has been invalidated before the resource call is completed, so as to realize the actual The user needs to accurately revoke the purpose of the permission.
  • the object device can revoke the permissions required by the access request by using any one or more of the following:
  • the guest device revokes the permissions required for the access request granted to the revocation agent.
  • the revocation proxy cannot continue to access the first resource, and the instance of the callee and the routing proxy cannot access the first resource through the revocation proxy. To achieve the purpose of withdrawing permissions.
  • the guest device terminates the routing proxy and/or revokes the proxy.
  • Terminating the routing proxy and/or withdrawing the proxy may mean that the object device completely clears the relevant data of the routing proxy and/or the withdrawing proxy, and the routing proxy and/or the withdrawing proxy no longer exists in the object device. In this way, the instance of the subsequent callee cannot access the first resource through the routing proxy and the revocation proxy, so the purpose of reclaiming the authority can be achieved.
  • the first resource is accessed through the routing proxy and the revocation proxy, so as to avoid directly granting the permission required by the access request to the instance of the callee, even if the instance of the callee transmits its own permission twice For other callees, after executing the above S108, the permission of the secondary transmission will also be invalid, so as to achieve the purpose of accurately revoking the permission.
  • the object device does not need to store a large amount of authority delegation information, which saves the storage resources of the object device.
  • the guest device can also manage the life cycle of the callee's instance created for the caller in the subject device.
  • the object device can stop running or destroy the instance after running the instance and successfully respond to the access request, or it can stop running or destroy the instance after a preset time has elapsed, and it can also stop running or destroy the instance after the running instance has passed the When the resource in the object device is not accessed for a certain period of time, stop running or destroy the instance. Stopping the running instance means that the instance still exists in the guest device, but the instance is not running. Destroying an instance means that the object device deletes all data related to the instance, and the instance no longer exists in the object device.
  • a guest device (eg, guest device 100 ) may be referred to as a first device, one host device (eg, host device 200 ) may be referred to as a second device, and another host device (eg, host device 300 ) may be referred to as a third device .
  • the caller in the second device such as the "Gallery” in the main device 200
  • the caller in the third device such as the "Gallery” in the main device 300
  • the second caller By can be referred to as the second caller By.
  • the access request sent by the second device to the first device may be referred to as a first access request.
  • the access request sent by the third device to the first device may be referred to as a second access request.
  • the permission required by the first access request may be referred to as the first permission.
  • the authority required by the second authority information may be referred to as the second authority.
  • the permission information sent by the second device to the first device may be referred to as first permission information.
  • the permission information sent by the third device to the first device may be referred to as second permission information.
  • the instance of the callee executed by the first device in response to the first access request may be referred to as the first instance.
  • the instance of the callee executed by the first device in response to the second access request may be referred to as the second instance.
  • the routing proxy and the revocation proxy run by the first device in response to the first access request may be referred to as the first routing proxy and the first revocation proxy, respectively.
  • the agent may be referred to as the first agent.
  • the routing proxy and the revocation proxy run by the first device in response to the second access request may be referred to as the second routing proxy and the second revocation proxy, respectively.
  • the agent may be referred to as the second agent.
  • the method shown in FIG. 4 can also be applied to a single electronic device.
  • one or more callers and callees are installed in the electronic device, and the electronic device is both a subject device and an object device.
  • the electronic device may generate one or more access requests for invoking the same callee, where the access request is for the caller to invoke the callee to access the first resource in the electronic device.
  • the access request is for the caller to invoke the callee to access the first resource in the electronic device.
  • S103-S109 in the method shown in FIG. 4 may be executed, the difference is that the communication process between the object device and the subject device in FIG. 4 may be omitted.
  • the electronic device can create a routing proxy and a revocation proxy through the caller or the system, which can prevent the callee from obtaining the permission required for the access request, thereby avoiding permission expansion or permission abuse, and protecting the data in the electronic device. Safety.
  • the electronic device can create the routing proxy and the revocation proxy by using the identity of the caller, for example, can use the UID of the caller to create the two proxies.
  • FIG. 8 exemplarily shows a simple process for a single electronic device to implement the access control method provided by the embodiment of the present application based on the binder.
  • the electronic device includes a user space and a kernel space
  • the user space includes a caller (for example, APP1 ) and a callee (for example, APP2 )
  • the kernel space includes a binder driver.
  • the process may include the following steps:
  • APP1 informs the system to create or APP1 creates and revokes the routing proxy, and stipulates that the routing proxy can only be accessed through the P2 authority.
  • the binder driver passes the P2 authority to the routing agent by processing the command, and passes the P1 authority to the revocation agent.
  • the P1 permission is the permission required when APP1 requests to call APP2, and the permission is used to access the first resource.
  • APP2 responds to the request of APP1 and initiates a request for calling the first resource.
  • the system (such as the application scheduling management module) starts the routing agent according to the request of APP2. Because APP2 already has P2 permissions, it can start the routing agent.
  • the routing proxy directly forwards the request initiated by APP2 to the revocation proxy.
  • the revocation agent calls the first resource. Since the revocation agent already has the P1 authority, the first resource can be called.
  • APP1 can request the system to delete or APP1 delete the revocation proxy and/or routing proxy, or can withdraw the P1 permission of the revocation proxy through the binder driver, and the permission can be revoked.
  • permissions can also be granted and revoked based on binders in a manner similar to that in FIG. 8 , and the detailed implementation will not be repeated here.
  • the electronic device can revoke the permissions required for the access request accurately and flexibly through the routing proxy and the revocation proxy.
  • the routing proxy and the revocation proxy For details, please refer to the relevant description when implementing the access control method in a distributed system.
  • one caller in the electronic device may be called the first caller, and the other caller may be called the second caller.
  • the access request for invoking the callee and accessing the first resource, which is generated when the electronic device runs the first caller may be referred to as the first access request.
  • the access request for invoking the callee and accessing the first resource, which is generated when the electronic device runs the second caller may be referred to as a second access request.
  • the permission required by the first access request may be referred to as the first permission.
  • the authority required by the second authority information may be referred to as the second authority.
  • the instance of the callee executed by the electronic device in response to the first access request may be referred to as the first instance.
  • the instance of the callee executed by the third device in response to the second access request may be referred to as the second instance.
  • the routing proxy and the revocation proxy run by the electronic device in response to the first access request may be referred to as the first routing proxy and the first revocation proxy, respectively.
  • the agent may be referred to as the first agent.
  • the routing proxy and the revocation proxy executed by the electronic device in response to the second access request may be referred to as the second routing proxy and the second revocation proxy, respectively.
  • the agent may be referred to as the second agent.
  • FIG. 7A is a schematic diagram of a software structure of a main device provided by an embodiment of the present application.
  • the main device may be the main device 200 or the main device 300 in the embodiment of FIG. 4 .
  • the main device may include the following modules: an application information management module, a permission application module, a permission delegation module, a call relationship management module, and a call relationship library. in:
  • the application information management module is used to manage the information of each APP and functional components installed in the main device, such as names and so on.
  • the application information management module is also used to synchronize the information of the APP and functional components of the local machine to other devices, and simultaneously receive the information of the APP and functional components synchronized by other devices (eg, object devices).
  • the permission application module is used to apply to the user for the permission required for the access request when the subject device generates an access request for invoking the callee in the object device.
  • the authority delegation module is used to send the authority information applied by the authority application module to the object device according to the calling relationship.
  • the permission delegation module is configured to send the permission information applied for by the permission application module and the access request generated by the subject device to the object device at the same time.
  • the calling relationship management module is responsible for maintaining the calling relationship composed of the caller and the callee instance that provides services for the caller, and stores it in the calling relationship library.
  • the call relationship library is used to store the call relationship composed of the caller and the callee instance.
  • the invocation relationship includes: the invocation relationship ID, the instance information of the callee, and the information of each caller who invoked the instance.
  • the call relationship ID can be assigned by the subject device.
  • the object device and the main device can share the same invocation relationship ID, and the invocation relationship ID can be carried in the access request sent to the object device, which is allocated by the main device and sent to the object device.
  • the instance information of the callee may include one or more of the following: the device ID (device ID) of the object device, the APP ID of the callee, the UID and PID of the instance.
  • the PID is the identity identifier of the instance, and when the electronic device runs an instance, a unique PID is assigned to the instance. PID and UID can be synchronized from the guest device to the host device.
  • the caller information includes the caller's application ID (APP ID), and may also include one or more of the following: the device ID of the main device (device ID), the caller's developer signature, the caller's user ID (user ID, UID), the account (account ID) of the subject device. in:
  • APP ID used to identify the APP or functional component.
  • the device ID may be, for example, the name of the device, a serial number, a media access control (media access control, MAC) address, and the like.
  • Developer signature used to identify the developer.
  • the electronic device will assign different UIDs to different installed apps or functional components to distinguish them.
  • the electronic device may assign the same UID to each APP or functional component developed by the same developer.
  • the same APP or functional component may have different UIDs in different electronic devices.
  • account ID used to identify the user currently logged in to the electronic device, for example, a Huawei account.
  • FIG. 7A is only a schematic example, and the main device provided in this embodiment of the present application may further include more or less modules, which is not limited here.
  • Each module in the main device mentioned in FIG. 7A may be located in the application layer, application framework layer, system service layer, kernel layer, etc. in the electronic device shown in FIG. 3B , which is not limited here.
  • FIG. 7B is a schematic diagram of a software structure of a guest device provided by an embodiment of the present application.
  • the guest device may be the guest device 100 in the embodiment of FIG. 4 .
  • the object device may include the following modules: application information management module, instance management module, authority delegation module, routing proxy management module, revocation proxy management module, delegation revocation management module, invocation relationship management module, invocation relationship management module library. in:
  • the application information management module is used to manage the information of each APP and functional component installed in the object device, such as the name and so on.
  • the application information management module is also used for synchronizing the information of the APP and functional components of the machine to other devices, and at the same time receiving the information of the APP and functional components synchronized by other devices (such as the main device).
  • the instance management module is responsible for dynamically enabling the instance of the callee according to the information of the caller and providing services for the caller. Specifically, the instance management module can enable different callee instances for different callers. The instance management module is also used to manage the life cycle of each instance, such as starting, stopping, destroying, restarting, and so on.
  • the authorization delegation module is used to receive the authorization information required by the access request sent by the main device. And grant the permission to access the proxy module to the callee, and grant the permission required for the access request to the proxy module.
  • the proxy module may include revocation proxies and routing proxies.
  • the routing agent management module is used to create routing agents.
  • the routing proxy management module may create different routing proxies in response to different access requests.
  • the routing proxy management module may create a routing proxy for responding to all access requests obtained by the object device.
  • the revocation proxy management module is used to create revocation proxies.
  • the revocation proxy management module may create different revocation proxies in response to different access requests.
  • the delegated revocation management module is used for revoking the authority granted to the revocation agent, or terminating the revocation agent and/or the routing agent, when the object device needs it.
  • the calling relationship management module is responsible for maintaining the calling relationship composed of the caller and the callee instance that provides services for the caller, and stores it in the calling relationship library.
  • the call relationship library is used to store the call relationship composed of the caller and the callee instance.
  • the invocation relationship includes: the invocation relationship ID, the instance information of the callee, and the information of each caller who invoked the instance.
  • the relevant description of the main device in FIG. 7A For the specific content of the calling relationship, reference may be made to the relevant description of the main device in FIG. 7A .
  • FIG. 7B is only a schematic example, and the object device provided in this embodiment of the present application may further include more or less modules, which is not limited here.
  • Each module in the object device mentioned in FIG. 7B may be located in the application layer, application framework layer, system service layer, kernel layer, etc. in the electronic device shown in FIG. 3B , which is not limited here.
  • the above-mentioned embodiments it may be implemented in whole or in part by software, hardware, firmware or any combination thereof.
  • software it can be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions.
  • the computer program instructions when loaded and executed on a computer, result in whole or in part of the processes or functions described herein.
  • the computer may be a general purpose computer, special purpose computer, computer network, or other programmable device.
  • the computer instructions may be stored in or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server or data center Transmission to another website site, computer, server, or data center by wire (eg, coaxial cable, optical fiber, digital subscriber line) or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that includes one or more available media integrations.
  • the usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), and the like.
  • the process can be completed by instructing the relevant hardware by a computer program, and the program can be stored in a computer-readable storage medium.
  • the program When the program is executed , which may include the processes of the foregoing method embodiments.
  • the aforementioned storage medium includes: ROM or random storage memory RAM, magnetic disk or optical disk and other mediums that can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

An access control method for precise permission revocation, a related apparatus, and a system. In the method, a subject device may send an access request to an object device; a user grants permission information required by the access request, and the object device may create a first proxy and grant the permission required by the access request to the first proxy; and then the object device may respond to the access request by means of the first proxy, and may revoke the permission granted to the first proxy or terminate the first proxy to revoke the permission obtained by the object device. The present solution can ensure that the object device obtains an accurate permission and allows for precise and flexible revocation of the permission according to needs, thereby protecting data security of the object device in the process of resource invocation.

Description

精准撤销权限的访问控制方法、相关装置及系统Access control method, related device and system for accurately revoking authority
本申请要求于2021年03月26日提交中国专利局、申请号为202110327079.9、申请名称为“精准撤销权限的访问控制方法、相关装置及系统”的中国专利申请的优先权,以及,于2022年03月04日提交中国专利局、申请号为202210211570.X、申请名称为“精准撤销权限的访问控制方法、相关装置及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202110327079.9 and the application title "Access Control Method, Relevant Device and System for Precise Revocation of Authority" filed with the China Patent Office on March 26, 2021, and, in 2022 The priority of the Chinese patent application filed with the Chinese Patent Office on March 04 with the application number of 202210211570.X and the application title of "Access Control Method, Relevant Device and System for Precise Revocation of Authority", the entire contents of which are incorporated by reference in this application middle.
技术领域technical field
本申请涉及计算机及通信技术领域,尤其涉及精准撤销权限的访问控制方法、相关装置及系统。The present application relates to the field of computer and communication technologies, and in particular, to an access control method, related device and system for accurately revoking authority.
背景技术Background technique
在包含单个设备的单机场景中,该设备中的各个应用程序(application,APP)之间可以相互调用,并可以访问该设备中的各类资源。随着智能终端的发展,用户生活中的设备种类及数量也越来越多,各个设备互通互联的分布式场景正在逐渐实现。在分布式场景中,设备之间互相共享资源,例如共享计算能力、存储资源、网络资源等等,将成为未来的趋势。In a stand-alone scenario including a single device, various applications (application, APP) in the device can call each other, and can access various resources in the device. With the development of smart terminals, there are more and more types and quantities of devices in the user's life, and the distributed scenario where each device is interconnected is gradually being realized. In distributed scenarios, devices share resources with each other, such as shared computing power, storage resources, network resources, etc., which will become a future trend.
为了保护用户隐私,相关技术要求被调用的电子设备必须获取访问敏感信息的权限,并在权限检查通过后,才可以访问该敏感信息。In order to protect user privacy, related technologies require that the called electronic device must obtain permission to access sensitive information, and can access the sensitive information only after the permission check is passed.
在调用过程中,如何保证被调用的电子设备获取到准确的权限,并且可以根据需要撤销该权限,从而保护电子设备中的数据安全,保护用户隐私,是当前亟需解决的问题。During the calling process, how to ensure that the called electronic device obtains accurate permissions, and can revoke the permissions as needed, so as to protect data security in the electronic device and protect user privacy, is a problem that needs to be solved urgently.
发明内容SUMMARY OF THE INVENTION
本申请提供了精准撤销权限的访问控制方法、相关装置及系统,可以保证客体设备获取到准确的权限,并且可以根据需要精准地撤销该权限,保护客体设备中的数据安全。The present application provides an access control method, a related device and a system for accurately revoking authority, which can ensure that the object device obtains the accurate authority, and can accurately revoke the authority as required, so as to protect the data security in the object device.
第一方面,本申请实施例提供了一种精准撤销权限的访问控制方法,该方法应用于包含第一设备和第二设备的通信系统,第一设备中安装有被调用者,第二设备中安装有第一调用者,被调用者、第一调用者为应用程序APP或功能组件,APP为实现多个功能的程序实体,功能组件为实现单一功能的程序实体。In the first aspect, an embodiment of the present application provides an access control method for accurately revoking authority, and the method is applied to a communication system including a first device and a second device, where a callee is installed in the first device, and a callee is installed in the second device. A first caller is installed, the callee and the first caller are an application program APP or a functional component, the APP is a program entity that implements multiple functions, and the functional component is a program entity that implements a single function.
第一方面的方法包括:第二设备向第一设备发送第一访问请求和第一权限信息,第一访问请求用于第一调用者调用被调用者以访问第一设备中的第一资源,第一权限信息指示第一权限,第一权限包括调用被调用者的权限,和/或,访问第一资源的权限;第一设备响应于第一访问请求,将第一权限授予第一代理,将访问第一代理的权限授予被调用者,第一代理为服务、进程或线程;第一设备运行被调用者,访问第一代理,并通过第一代理具备的第一权限,访问第一资源;第一设备终止第一代理,或者,第一设备撤销第一代理具备的第一权限。The method of the first aspect includes: the second device sends a first access request and first permission information to the first device, where the first access request is used by the first caller to invoke the callee to access the first resource in the first device, The first permission information indicates the first permission, and the first permission includes the permission to invoke the callee and/or the permission to access the first resource; the first device grants the first permission to the first agent in response to the first access request, Grant the callee the right to access the first agent, which is a service, process or thread; the first device runs the callee, accesses the first agent, and accesses the first resource through the first authority possessed by the first agent ; the first device terminates the first agent, or the first device revokes the first authority possessed by the first agent.
在第一方面的方法中,第一设备可以称为客体设备,第二设备可以称为主体设备。In the method of the first aspect, the first device may be referred to as a guest device, and the second device may be referred to as a subject device.
实施第一方面提供的方法,客体设备通过第一代理来访问第一资源,避免直接将访问请求所需的权限授予给被调用者,即使被调用者将自身获取到的权限二次传递给其他被调用者,执行上述方法,二次传递的权限也将失效,从而达到精准撤销权限的目的。此外,通过第一代理,客体设备无需存储大量的权限委派信息,节约了客体设备的存储资源。Implementing the method provided in the first aspect, the object device accesses the first resource through the first proxy, avoiding directly granting the permission required by the access request to the callee, even if the callee passes the permission obtained by itself to other When the callee executes the above method, the permission of the secondary transfer will also be invalid, so as to achieve the purpose of accurately revoking the permission. In addition, through the first agent, the object device does not need to store a large amount of authority delegation information, which saves the storage resources of the object device.
此外,在第一方面提供的方法中,由主体设备来向用户申请访问请求所需的权限,无论客体设备或被调用者是否具备授权条件,只要主体设备或调用者具备授权条件,客体设备就能够获取访问请求所需的权限。从而保障调用者发起的访问请求能够被成功响应,实现设备间的资源调用,满足用户的实际需求。In addition, in the method provided in the first aspect, the subject device applies to the user for the permission required for the access request, regardless of whether the object device or the callee has the authorization conditions, as long as the subject device or the caller has the authorization conditions, the object device will Ability to obtain the permissions required to access the request. This ensures that the access request initiated by the caller can be successfully responded, realizes the resource call between devices, and meets the actual needs of the user.
结合第一方面,在一些实施方式中,第一设备可以在以下任意一种情况下,撤销第二设备传递过来的访问请求所需的权限:With reference to the first aspect, in some embodiments, the first device may revoke the permission required by the access request transmitted by the second device in any of the following cases:
1,如果第一权限信息还指示第一权限的时效,如果时效为一次有效,第一设备在结束访问第一资源后,终止第一代理或者撤销第一代理具备的第一权限;如果时效为在第一时间内有效或者在第一区域内有效,则第一设备在接收到第一权限信息的第一时间后,或者,在位于非第一区域时,终止第一代理或者撤销第一代理具备的第一权限。1. If the first authority information also indicates the validity period of the first authority, if the validity period is valid once, the first device terminates the first agent or revokes the first authority possessed by the first agent after finishing accessing the first resource; if the validity period is If valid within the first time or within the first area, the first device terminates the first agent or revokes the first agent after the first time when the first permission information is received, or when it is located in a non-first area first authority.
2,第一设备在结束访问第一资源后,或者,在结束访问第一资源的第二时间后,终止第一代理或者撤销第一代理具备的第一权限。2. The first device terminates the first agent or revokes the first authority possessed by the first agent after finishing accessing the first resource, or after finishing accessing the first resource for a second time.
通过第2种方式,客体设备可以在成功响应访问请求后撤销权限,无需通过传递时效信息来撤销该权限,也就避免了资源调用未完成时该权限就已经失效的情况,从而实现按照实际的用户需求精准撤销权限的目的。Through the second method, the object device can revoke the permission after successfully responding to the access request, without the need to revoke the permission by passing the aging information, which avoids the situation that the permission has been invalidated before the resource call is completed, so as to realize the actual The user needs to accurately revoke the purpose of the permission.
结合第一方面,在一些实施方式中,第一设备可以将访问第一代理的权限授予被调用者的第一实例,并且运行第一实例,访问第一代理。In conjunction with the first aspect, in some embodiments, the first device may grant access to the first agent to the first instance of the callee, and run the first instance to access the first agent.
在上述实施方式中,通信系统还包括第三设备,第三设备中安装有第二调用者,第二调用者为APP或功能组件。第三设备可以向第一设备发送第二访问请求和第二权限信息,第二访问请求用于第二调用者调用被调用者以访问第一资源,第二权限信息指示第二权限,第二权限包括调用被调用者的权限,和/或,访问第一资源的权限;第一设备响应于第二访问请求,将第二权限授予第二代理,将访问第二代理的权限授予被调用者的第二实例,第二代理为服务、进程或线程;第一设备运行第二实例,访问第二代理,并通过第二代理具备的第二权限,访问第一资源;其中,第一实例、第二实例为随机存取存储器RAM中运行的进程或线程,第二实例不同于第一实例,第二实例和第一实例相互隔离。In the above embodiment, the communication system further includes a third device, where a second caller is installed in the third device, and the second caller is an APP or a functional component. The third device may send a second access request and second permission information to the first device, where the second access request is used by the second caller to call the callee to access the first resource, the second permission information indicates the second permission, the second The permission includes the permission to invoke the callee and/or the permission to access the first resource; the first device, in response to the second access request, grants the second permission to the second agent, and grants the permission to access the second agent to the callee The second instance of , the second agent is a service, process or thread; the first device runs the second instance, accesses the second agent, and accesses the first resource through the second authority possessed by the second agent; wherein the first instance, The second instance is a process or thread running in random access memory RAM, the second instance is different from the first instance, and the second instance and the first instance are isolated from each other.
通过上述实施方式,客体设备以多实例为多个调用者分别提供服务的形式,可以将主体设备获取到的权限,授予给为该调用者创建的被调用者的实例对应的撤销代理。这样,可以保证一个调用者的权限只会给到和该实例对应的撤销代理,可以避免权限混用、权限扩大化问题,从而保证客体设备中的数据安全,防止数据滥用及泄露。Through the above embodiments, the object device provides services for multiple callers with multiple instances, and the permission obtained by the subject device can be granted to the revocation agent corresponding to the callee's instance created for the caller. In this way, it can be ensured that the authority of a caller will only be granted to the revocation agent corresponding to the instance, which can avoid the problems of authority mixing and authority expansion, thereby ensuring data security in the object device and preventing data abuse and leakage.
结合第一方面,在一些实施方式中,第一设备将访问第一代理的权限授予被调用者的第一实例之前,还可以响应于第一访问请求,创建第一实例。With reference to the first aspect, in some embodiments, before the first device grants the permission to access the first agent to the first instance of the callee, the first device may also create the first instance in response to the first access request.
结合第一方面,在一些实施方式中,第一代理包括:第一路由代理、第一撤销代理;第一路由代理、第一撤销代理为服务、进程或线程。第一设备可以将第一权限授予第一撤销代理,将访问第一路由代理的权限授予被调用者。并且,第一设备可以运行被调用者,通过第一路由代理访问第一撤销代理,并通过第一撤销代理具备的第一权限,访问第一资源。此外,第一设备可以终止第一路由代理和/或第一撤销代理,或者,第一设备可以撤销第一撤销代理具备的第一权限。With reference to the first aspect, in some embodiments, the first agent includes: a first routing agent and a first revocation agent; the first routing agent and the first revocation agent are services, processes or threads. The first device may grant the first authority to the first revocation agent, and grant the authority to access the first routing agent to the callee. In addition, the first device may run the callee, access the first revocation proxy through the first routing proxy, and access the first resource through the first authority possessed by the first revocation proxy. Furthermore, the first device may terminate the first routing agent and/or the first revocation agent, or the first device may revoke the first authority possessed by the first revocation agent.
在上一实施方式中,如果第一设备中还包括第二代理,第二代理包括第一路由代理和第一撤销代理,则第一路由代理和第二路由代理可以合成为同一个代理。这样可以减少第一设备中的资源消耗。In the previous embodiment, if the first device further includes the second agent, and the second agent includes the first routing agent and the first withdrawal agent, the first routing agent and the second routing agent may be combined into the same agent. This can reduce resource consumption in the first device.
结合第一方面,在一些实施方式中,第一设备响应于第一访问请求,将第一权限授予第 一代理之前,可以响应于第一访问请求,创建第一代理。With reference to the first aspect, in some embodiments, before granting the first authority to the first agent in response to the first access request, the first device may create the first agent in response to the first access request.
结合第一方面,在一些实施方式中,第一权限具体包括:第二设备调用被调用者的权限,和/或,第二设备访问第一资源的权限;和/或,第一调用者调用被调用者的权限,和/或,第一调用者访问第一资源的权限。With reference to the first aspect, in some embodiments, the first permission specifically includes: the permission of the second device to invoke the callee, and/or the permission of the second device to access the first resource; and/or the permission of the first caller to invoke The rights of the callee, and/or the rights of the first caller to access the first resource.
通过上一实施方式,如果访问请求所需的权限包含主体设备和/或调用者的信息时,用户可以获知关于当前客体设备接收到的访问请求所需的权限的更加细致、详细的信息,从而决定是否授予该权限。这样可以保证用户在充分了解访问请求所需的权限的情况下,再执行授权操作,可以避免用户误操作或者误授权,保证客体设备中的数据安全。Through the previous implementation, if the permission required by the access request includes the information of the subject device and/or the caller, the user can obtain more detailed and detailed information about the permission required by the access request received by the current object device, thereby Decide whether to grant this permission. In this way, it can be ensured that the user can perform the authorization operation after fully understanding the permissions required for the access request, which can avoid user misoperation or misauthorization, and ensure data security in the object device.
结合第一方面,在一些实施方式中,第二设备可以基于能力(capability)的访问控制技术,在向第一设备发送第一访问请求的同时,直接将第一访问请求所需的权限信息发送给第一设备。例如,用户授予的第一访问请求所需的权限信息可以被携带在该第一访问请求中。这样,可以避免集中式权限管理机制中的权限同步带来的时间开销,提高资源调用的效率。In combination with the first aspect, in some embodiments, the second device may directly send the permission information required by the first access request while sending the first access request to the first device based on a capability-based access control technology to the first device. For example, permission information required for the first access request granted by the user may be carried in the first access request. In this way, the time overhead caused by the permission synchronization in the centralized permission management mechanism can be avoided, and the efficiency of resource invocation can be improved.
结合第一方面,在一些实施方式中,第二设备向第一设备发送第一权限信息之前,可以输出提示信息,提示信息用于提示第一权限;第二设备可以响应于接收到的用户操作,向第一设备发送第一权限信息。这样,用户可以通过在第二设备上输入用户操作来授予第一权限。With reference to the first aspect, in some embodiments, before sending the first permission information to the first device, the second device may output prompt information, where the prompt information is used to prompt the first permission; the second device may respond to the received user operation , and send the first permission information to the first device. In this way, the user can grant the first permission by entering a user action on the second device.
结合上一实施方式,第二设备接收到的操作包括以下一项或多项:作用于显示屏的用户操作、预设的人脸图像、预设的指纹、预设的语音指令,或者,作用于按键的用户操作。In combination with the previous embodiment, the operations received by the second device include one or more of the following: a user operation acting on the display screen, a preset face image, a preset fingerprint, a preset voice command, or User actions on the keys.
第二方面,本申请实施例提供了一种精准撤销权限的访问控制方法,该方法应用于电子设备,电子设备中安装有被调用者,被调用者为应用程序APP或功能组件,APP为实现多个功能的程序实体,功能组件为实现单一功能的程序实体。In the second aspect, the embodiments of the present application provide an access control method for accurately revoking permissions, the method is applied to an electronic device, where a callee is installed in the electronic device, the callee is an application program APP or a functional component, and the APP is an implementation A program entity with multiple functions, and a functional component is a program entity that implements a single function.
第二方面的方法包括:电子设备接收到第二设备发送的第一访问请求和第一权限信息,第一访问请求用于第二设备中的第一调用者调用被调用者以访问电子设备中的第一资源,第一权限信息指示第一权限,第一权限包括调用被调用者的权限,和/或,访问第一资源的权限;第一调用者为APP或功能组件;电子设备响应于第一访问请求,将第一权限授予第一代理,将访问第一代理的权限授予被调用者,第一代理为服务、进程或线程;电子设备运行被调用者,访问第一代理,并通过第一代理具备的第一权限,访问第一资源;电子设备终止第一代理,或者,电子设备撤销第一代理具备的第一权限。The method of the second aspect includes: the electronic device receives a first access request and first permission information sent by the second device, where the first access request is used by the first caller in the second device to invoke the callee to access the electronic device the first resource, the first permission information indicates the first permission, and the first permission includes the permission to call the callee, and/or the permission to access the first resource; the first caller is an APP or a functional component; the electronic device responds to For the first access request, the first authority is granted to the first agent, and the authority to access the first agent is granted to the callee, and the first agent is a service, process or thread; the electronic device runs the callee, accesses the first agent, and passes The first authority possessed by the first agent accesses the first resource; the electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent.
实施第二方面提供的方法,第一设备通过第一代理来访问第一资源,避免直接将访问请求所需的权限授予给被调用者,即使被调用者将自身获取到的权限二次传递给其他被调用者,执行上述方法,二次传递的权限也将失效,从而达到精准撤销权限的目的。此外,通过第一代理,第一设备无需存储大量的权限委派信息,节约了第一设备的存储资源。Implementing the method provided in the second aspect, the first device accesses the first resource through the first agent, avoiding directly granting the permission required by the access request to the callee, even if the callee passes the permission obtained by itself to the callee twice. For other callees, if the above method is executed, the permission of the secondary transfer will also be invalid, so as to achieve the purpose of accurately revoking the permission. In addition, through the first agent, the first device does not need to store a large amount of authority delegation information, which saves the storage resources of the first device.
此外,在第二方面提供的方法中,由主体设备来向用户申请访问请求所需的权限,无论客体设备或被调用者是否具备授权条件,只要主体设备或调用者具备授权条件,客体设备就能够获取访问请求所需的权限。从而保障调用者发起的访问请求能够被成功响应,实现设备间的资源调用,满足用户的实际需求。In addition, in the method provided by the second aspect, the subject device applies to the user for the permission required for the access request, regardless of whether the object device or the callee has the authorization conditions, as long as the subject device or the caller has the authorization conditions, the object device will Ability to obtain the permissions required to access the request. This ensures that the access request initiated by the caller can be successfully responded, realizes the resource call between devices, and meets the actual needs of the user.
第二方面提供的方法中,电子设备所执行的各项操作,可参考第一方面提供的方法中关于第一设备侧的相关描述,这里不再赘述。In the method provided in the second aspect, for various operations performed by the electronic device, reference may be made to the relevant description on the first device side in the method provided in the first aspect, and details are not repeated here.
第三方面,本申请实施例提供了一种精准撤销权限的访问控制方法,该方法应用于电子设备,电子设备中安装有第一调用者和被调用者,第一调用者、被调用者为应用程序APP或功能组件,APP为实现多个功能的程序实体,功能组件为实现单一功能的程序实体。In a third aspect, an embodiment of the present application provides an access control method for accurately revoking permissions, the method is applied to an electronic device, where a first caller and a callee are installed in the electronic device, and the first caller and the callee are Application program APP or functional component, APP is a program entity that implements multiple functions, and a functional component is a program entity that implements a single function.
第三方面的方法包括:电子设备生成第一访问请求,并获取第一权限,第一访问请求用 于第一调用者调用被调用者以访问电子设备中的第一资源,第一权限包括调用被调用者的权限,和/或,访问第一资源的权限;电子设备响应于第一访问请求,将第一权限授予第一代理,将访问第一代理的权限授予被调用者;电子设备运行被调用者,访问第一代理,并通过第一代理具备的第一权限,访问第一资源;电子设备终止第一代理,或者,电子设备撤销第一代理具备的第一权限。The method of the third aspect includes: the electronic device generates a first access request, and obtains a first permission, where the first access request is used by the first caller to call the callee to access the first resource in the electronic device, and the first permission includes calling the authority of the callee, and/or the authority to access the first resource; the electronic device, in response to the first access request, grants the first authority to the first agent, and grants the authority to access the first agent to the callee; the electronic device runs The callee accesses the first agent and accesses the first resource through the first authority possessed by the first agent; the electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent.
实施第三方面提供的方法,电子设备通过第一代理,可以精准、灵活地撤销权限。By implementing the method provided by the third aspect, the electronic device can revoke the authority accurately and flexibly through the first agent.
第一方面或第二方面或上述任意一种实施方式中,由第一设备或第二设备或第三设备执行的操作,在第三方面提供的方法中,均由同一个电子设备执行,并且,第二设备或第三设备和第三设备之间的交互可以省略,具体可参考前文相关描述,这里不再赘述。In the first aspect or the second aspect or any one of the above embodiments, the operations performed by the first device or the second device or the third device, in the method provided in the third aspect, are all performed by the same electronic device, and , the interaction between the second device or the third device and the third device may be omitted. For details, reference may be made to the foregoing related description, which will not be repeated here.
第四方面,本申请实施例提供了一种电子设备,包括:存储器、一个或多个处理器;存储器与一个或多个处理器耦合,存储器用于存储计算机程序代码,计算机程序代码包括计算机指令,一个或多个处理器调用计算机指令以使得电子设备执行如第二方面或第二方面任意一种实施方式的方法。In a fourth aspect, embodiments of the present application provide an electronic device, including: a memory and one or more processors; the memory is coupled to the one or more processors, and the memory is used to store computer program codes, and the computer program codes include computer instructions , one or more processors invoke computer instructions to cause the electronic device to perform the method of the second aspect or any one of the embodiments of the second aspect.
第五方面,本申请实施例提供了一种电子设备,包括:存储器、一个或多个处理器;存储器与一个或多个处理器耦合,存储器用于存储计算机程序代码,计算机程序代码包括计算机指令,一个或多个处理器调用计算机指令以使得电子设备执行如第三方面或第三方面任意一种实施方式的方法。In a fifth aspect, an embodiment of the present application provides an electronic device, including: a memory and one or more processors; the memory is coupled to the one or more processors, and the memory is used to store computer program codes, and the computer program codes include computer instructions , one or more processors invoke computer instructions to cause the electronic device to perform the method of the third aspect or any one of the embodiments of the third aspect.
第六方面,本申请实施例提供了通信系统,包括第一设备、第二设备,第一设备用于执行如第二方面或第二方面任意一种实施方式的方法。In a sixth aspect, an embodiment of the present application provides a communication system, including a first device and a second device, where the first device is configured to execute the method of the second aspect or any one of the implementation manners of the second aspect.
第七方面,本申请实施例提供了一种计算机可读存储介质,包括指令,当指令在电子设备上运行时,使得电子设备执行如第二方面或第二方面任意一种实施方式的方法。In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium, including instructions, when the instructions are executed on an electronic device, the electronic device causes the electronic device to perform the method of the second aspect or any one of the embodiments of the second aspect.
第八方面,本申请实施例提供了一种计算机程序产品,当计算机程序产品在计算机上运行时,使得计算机执行第二方面或第二方面任意一种实施方式的方法。In an eighth aspect, an embodiment of the present application provides a computer program product, which when the computer program product runs on a computer, causes the computer to execute the method of the second aspect or any one of the implementation manners of the second aspect.
第九方面,本申请实施例提供了一种计算机可读存储介质,包括指令,当指令在电子设备上运行时,使得电子设备执行如第三方面或第三方面任意一种实施方式的方法。In a ninth aspect, an embodiment of the present application provides a computer-readable storage medium, including instructions, when the instructions are executed on an electronic device, the electronic device causes the electronic device to perform the method of the third aspect or any one of the embodiments of the third aspect.
第十方面,本申请实施例提供了一种计算机程序产品,当计算机程序产品在计算机上运行时,使得计算机执行第三方面或第三方面任意一种实施方式的方法。In a tenth aspect, an embodiment of the present application provides a computer program product, which when the computer program product runs on a computer, enables the computer to execute the third aspect or the method of any implementation manner of the third aspect.
实施本申请提供的技术方案,主体设备可以向客体设备发送用于调用被调用者的访问请求,并将用户授予的该访问请求所需的权限信息传递给该客体设备,客体设备可以创建第一代理,并将该访问请求所需的权限授予给该第一代理。之后,客体设备可以通过第一代理来响应该访问请求。并且,客体设备可以通过撤销授予给第一代理的权限,或者终止该第一代理,来撤销客体设备获取到的权限。该方案可以保证客体设备获取到准确的权限,并且可以根据需要精准、灵活地撤销该权限,保护客体设备中的数据安全。Implementing the technical solutions provided in this application, the subject device can send an access request for invoking the callee to the object device, and transmit the permission information required by the access request granted by the user to the object device, and the object device can create the first access request. proxy, and grant the first proxy the permissions required by the access request. Afterwards, the guest device can respond to the access request through the first proxy. In addition, the object device can revoke the authority obtained by the object device by revoking the authority granted to the first agent, or terminating the first agent. This solution can ensure that the object device obtains the accurate permission, and can revoke the permission precisely and flexibly according to the needs, so as to protect the data security in the object device.
附图说明Description of drawings
图1A及图1B分别为一种权限检查方式的示意图;FIG. 1A and FIG. 1B are schematic diagrams of a permission checking method, respectively;
图2A为本申请实施例提供的通信系统10的结构示意图;FIG. 2A is a schematic structural diagram of a communication system 10 provided by an embodiment of the present application;
图2B为本申请实施例提供的一种分布式场景;FIG. 2B is a distributed scenario provided by an embodiment of the present application;
图3A为本申请实施例提供的电子设备的硬件结构图;3A is a hardware structure diagram of an electronic device provided by an embodiment of the present application;
图3B为本申请实施例提供的电子设备的软件结构图;3B is a software structure diagram of an electronic device provided by an embodiment of the present application;
图4为本申请实施例提供的精准撤销权限的访问控制方法的流程图;4 is a flowchart of an access control method for accurately revoking authority provided by an embodiment of the present application;
图5A-图5C为本申请实施例提供的主体设备200上实现的一组用户界面;5A-5C are a set of user interfaces implemented on the main device 200 provided by the embodiment of the present application;
图5D-图5F为本申请实施例提供的主体设备300上实现的一组用户界面;5D-5F are a set of user interfaces implemented on the main device 300 provided by the embodiment of the present application;
图6A为本申请实施例提供的一种创建代理及授予权限的示意图;6A is a schematic diagram of creating an agent and granting authority according to an embodiment of the present application;
图6B本申请实施例提供的另一种创建代理及授予权限的示意图;6B is another schematic diagram of creating an agent and granting authority provided by an embodiment of the present application;
图7A为本申请实施例提供的主体设备的软件结构图;7A is a software structure diagram of a main device provided by an embodiment of the present application;
图7B为本申请实施例提供的客体设备的软件结构图;FIG. 7B is a software structure diagram of an object device provided by an embodiment of the present application;
图8为本申请实施例提供的单个电子设备基于binder来实现访问控制方法的流程。FIG. 8 is a flow chart of a single electronic device implementing an access control method based on a binder according to an embodiment of the present application.
具体实施方式Detailed ways
下面将结合附图对本申请实施例中的技术方案进行清楚、详尽地描述。其中,在本申请实施例的描述中,除非另有说明,“/”表示或的意思,例如,A/B可以表示A或B;文本中的“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况,另外,在本申请实施例的描述中,“多个”是指两个或多于两个。The technical solutions in the embodiments of the present application will be described clearly and in detail below with reference to the accompanying drawings. Wherein, in the description of the embodiments of the present application, unless otherwise specified, “/” means or, for example, A/B can mean A or B; “and/or” in the text is only a description of an associated object The association relationship indicates that there can be three kinds of relationships, for example, A and/or B can indicate that A exists alone, A and B exist at the same time, and B exists alone. In addition, in the description of the embodiments of this application , "plurality" means two or more than two.
以下,术语“第一”、“第二”仅用于描述目的,而不能理解为暗示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征,在本申请实施例的描述中,除非另有说明,“多个”的含义是两个或两个以上。Hereinafter, the terms "first" and "second" are only used for descriptive purposes, and should not be construed as implying or implying relative importance or implying the number of indicated technical features. Therefore, the features defined as "first" and "second" may explicitly or implicitly include one or more of the features. In the description of the embodiments of the present application, unless otherwise specified, the "multiple" The meaning is two or more.
本申请以下实施例中的术语“用户界面(user interface,UI)”,是应用程序或操作系统与用户之间进行交互和信息交换的介质接口,它实现信息的内部形式与用户可以接受形式之间的转换。用户界面是通过java、可扩展标记语言(extensible markup language,XML)等特定计算机语言编写的源代码,界面源代码在电子设备上经过解析,渲染,最终呈现为用户可以识别的内容。用户界面常用的表现形式是图形用户界面(graphic user interface,GUI),是指采用图形方式显示的与计算机操作相关的用户界面。它可以是在电子设备的显示屏中显示的文本、图标、按钮、菜单、选项卡、文本框、对话框、状态栏、导航栏、Widget等可视的界面元素。The term "user interface (UI)" in the following embodiments of this application is a medium interface for interaction and information exchange between an application program or an operating system and a user, which realizes the internal form of information and the form acceptable to the user. conversion between. The user interface is the source code written in a specific computer language such as java and extensible markup language (XML). A commonly used form of user interface is a graphical user interface (GUI), which refers to a user interface related to computer operations that is displayed graphically. It can be text, icons, buttons, menus, tabs, text boxes, dialog boxes, status bars, navigation bars, widgets, and other visual interface elements displayed on the display screen of the electronic device.
在包含多个电子设备的分布式系统中,如果被访问的电子设备不具备授权条件,或者,被调用的应用不具备授权条件,则该电子设备无法获取用户授予的访问资源的权限,因此不能实现单机设备中或者设备间的资源调用,不能满足用户的实际需求。电子设备具备授权条件是指,电子设备支持一种或多种授权方式以供用户授权。授权方式可包括但不限于:弹框授权、指纹验证授权、人脸验证授权、语音指令授权、按键授权等等,这里不做限制。应用不具备授权条件是指,该应用不能使用电子设备提供的各种授权方式。例如,应用不提供用户界面时,该应用不支持弹框授权。In a distributed system including multiple electronic devices, if the electronic device being accessed does not have the authorization conditions, or the called application does not have the authorization conditions, the electronic device cannot obtain the permission to access resources granted by the user, so it cannot Implementing resource calls in stand-alone devices or between devices cannot meet the actual needs of users. The electronic device has authorization conditions means that the electronic device supports one or more authorization methods for user authorization. The authorization methods may include but are not limited to: pop-up box authorization, fingerprint verification authorization, face verification authorization, voice command authorization, button authorization, etc., which are not limited here. The fact that the application does not have authorization conditions means that the application cannot use various authorization methods provided by the electronic device. For example, when an app does not provide a user interface, the app does not support pop-up authorization.
参考图1A,单机设备或者包含多个电子设备的分布式系统中,可以采用集中式的权限管理机制,即由访问控制模块(即权限管理服务)来对资源调用时的访问策略和授权状态进行同一管理。具体的,一个应用程序(例如APP1)调用另一个应用程序(例如APP2)时,APP2会通过访问控制模块校验该APP1是否具备访问对应资源所需的权限,会产生额外的时间开销。此外,在跨设备进行资源调用时,APP1所在设备需要单独将访问策略和用户的授权状态发送给APP2所在设备,时间开销大。Referring to FIG. 1A , in a stand-alone device or a distributed system including multiple electronic devices, a centralized authority management mechanism can be used, that is, an access control module (ie, authority management service) can perform resource calls on the access policy and authorization status. Same management. Specifically, when an application (eg APP1 ) calls another application (eg APP2 ), APP2 will verify through the access control module whether the APP1 has the permission required to access the corresponding resource, which will generate additional time overhead. In addition, when making resource calls across devices, the device where APP1 is located needs to send the access policy and the user's authorization status to the device where APP2 is located separately, which takes a lot of time.
参考图1B,基于云服务平台的资源调用,采用了基于能力(capability)的访问控制技术。具体的,服务调用者请求访问云服务平台提供的服务的同时,直接将访问该服务所需的权限 传递给该服务实体,以便提供该服务实体访问对应的资源并返回访问结果。这样可以直接由服务实体进行权限检查,无需通过访问控制模块来进行额外的权限校验,减少了时间开销。此外,服务调用者将权限传递给服务实体后,存在难以撤销的问题。一方面,服务调用者在将权限传递给服务实体时,同时传递时效信息,服务实体在时效之后,该权限自动时效。这种方式可能导致资源调用未完成时该权限就已经失效的情况,因此无效按照实际需求精准地撤销权限。另一方面,云服务平台需要记录大量的权限委派信息,浪费存储资源,并且,服务实体可能将获取到的权限进行二次传递,该云服务平台在根据权限委派信息撤销权限时,并不能精准地撤销所有获取到该权限的服务实体所拥有的该权限。Referring to FIG. 1B , the resource invocation based on the cloud service platform adopts a capability-based access control technology. Specifically, when the service caller requests to access the service provided by the cloud service platform, it directly transfers the permission required to access the service to the service entity, so as to provide the service entity with access to the corresponding resources and return the access result. In this way, the permission check can be performed directly by the service entity, and there is no need to perform additional permission verification through the access control module, which reduces the time overhead. In addition, after the service caller passes the permission to the service entity, there is a problem that it is difficult to revoke. On the one hand, when the service caller passes the authority to the service entity, it also passes the aging information. This method may cause the permission to be invalid before the resource call is completed, so the invalidation can accurately revoke the permission according to the actual needs. On the other hand, the cloud service platform needs to record a large amount of authority delegation information, which wastes storage resources. Moreover, the service entity may transfer the acquired authority twice. The cloud service platform cannot accurately revoke the authority according to the authority delegation information. revokes the permission owned by all service entities that have obtained the permission.
为了解决上述问题,本申请以下实施例提供了一种精准撤销权限的访问控制方法,该访问控制方法可以应用于单机设备,也可以应用于包含多个电子设备的分布式系统。In order to solve the above problem, the following embodiments of the present application provide an access control method for accurately revoking authority, and the access control method can be applied to a stand-alone device or a distributed system including multiple electronic devices.
该方法应用于分布式系统时,主体设备向客体设备发送用于调用被调用者的访问请求,并将用户授予的该访问请求所需的权限信息传递给该客体设备,客体设备可以创建代理模块,并将访问代理模块的权限授予给该被调用者,将该访问请求所需的权限授予给该代理模块。客体设备可以创建并运行被调用者的实例,通过该代理模块来响应该主体设备发起的访问请求。之后,在需要撤销该访问请求所需的权限时,客体设备可以撤销授予给代理模块的权限,也可以终止该代理模块。When the method is applied to a distributed system, the subject device sends an access request for invoking the callee to the object device, and transmits the permission information required by the access request granted by the user to the object device, and the object device can create a proxy module , and grant the callee the permission to access the proxy module, and grant the proxy module the permission required for the access request. The object device can create and run an instance of the callee, and respond to the access request initiated by the subject device through the proxy module. Afterwards, when the permission required by the access request needs to be revoked, the object device can revoke the permission granted to the proxy module, or can terminate the proxy module.
通过上述方法,由主体设备和调用者来向用户申请访问请求所需的权限,无论客体设备或被调用者是否具备授权条件,只要主体设备或调用者具备授权条件,客体设备就能够获取访问请求所需的权限。从而保障调用者发起的访问请求能够被成功响应,实现设备间的资源调用,满足用户的实际需求。Through the above method, the subject device and the caller apply to the user for the permissions required by the access request. Regardless of whether the object device or the callee has the authorization conditions, as long as the subject device or the caller has the authorization conditions, the object device can obtain the access request. required permissions. This ensures that the access request initiated by the caller can be successfully responded, realizes the resource call between devices, and meets the actual needs of the user.
并且,客体设备通过创建代理模块来响应访问请求,再次过程中直接由被调用者的实例、代理模块各自进行权限检查,无需通过访问控制模块来进行额外的权限校验,减少了时间开销。In addition, the object device responds to the access request by creating a proxy module, and the callee's instance and the proxy module directly perform the permission check in the process again, without the need for additional permission verification through the access control module, reducing the time overhead.
此外,客体设备通过创建代理模块,可以精准、灵活地撤销该访问请求所需的权限。客体设备可以在获取到访问结果后,撤销该访问请求所需的权限,无需通过传递时效信息来撤销该权限,也就避免了资源调用未完成时该权限就已经失效的情况。通过代理模块,客体设备无需存储大量的权限委派信息,并且,即使客体设备将获取到的权限进行二次传递,本申请实施例提供的方法也可以收回所有获取到该权限的实例所拥有的该权限,实现精准撤销。In addition, by creating a proxy module, the object device can revoke the permissions required for the access request accurately and flexibly. The object device can revoke the permission required by the access request after obtaining the access result, and does not need to revoke the permission by passing the aging information, which avoids the situation that the permission has been invalidated before the resource call is completed. Through the proxy module, the object device does not need to store a large amount of authority delegation information, and even if the object device transmits the acquired authority twice, the method provided by this embodiment of the present application can recover all the rights owned by the instance that has acquired the authority. Permission to achieve precise revocation.
在一些实施例中,主体设备发送访问请求的同时,可以采用基于能力(capability)的访问控制技术,直接将访问请求所需的权限信息发送给客体设备,避免了集中式权限管理机制中的权限同步带来的时间开销。In some embodiments, when the subject device sends the access request, it can use the capability-based access control technology to directly send the permission information required by the access request to the object device, avoiding the permission in the centralized permission management mechanism Time overhead caused by synchronization.
在本申请以下实施例中,代理模块可以为应用程序、服务,还可以是实例、进程或者线程。进程是应用程序在计算机上的一次执行活动。线程是应用程序执行中一个单一的顺序控制流程。一个进程可以包括多个线程。In the following embodiments of the present application, the proxy module may be an application program, a service, or an instance, a process, or a thread. A process is an execution of an application on a computer. A thread is a single sequential flow of control in the execution of an application. A process can contain multiple threads.
在一些实施例中,代理模块具体可以包括路由代理和撤销代理,本申请实施例对此不做限制。具体的,客体设备可以将访问路由代理的权限授予给被调用者,将该访问请求所需的权限授予给该撤销代理。客体设备可以创建并运行被调用者的实例,通过路由代理找到对应的撤销代理,并通过撤销代理来响应该主体设备发起的访问请求。之后,在需要撤销该访问请求所需的权限时,客体设备可以撤销授予给撤销代理的权限,也可以终止该撤销代理和/或路由代理。In some embodiments, the proxy module may specifically include a routing proxy and a revocation proxy, which is not limited in this embodiment of the present application. Specifically, the object device may grant the right to access the routing proxy to the callee, and grant the right required for the access request to the revocation proxy. The object device can create and run an instance of the callee, find the corresponding revocation proxy through the routing proxy, and respond to the access request initiated by the subject device through the revocation proxy. Afterwards, when the authority required by the access request needs to be revoked, the guest device can revoke the authority granted to the revocation agent, and can also terminate the revocation agent and/or the routing agent.
客体设备获取到多个访问请求时,可以分别创建不同的路由代理和撤销代理,一对路由 代理和撤销代理用于响应一个访问请求。在其他实施方式中,客体设备获取到多个访问请求时,可以创建一个路由代理和多个撤销代理,该路由代理和各个撤销代理分别合作,用于响应各个访问请求。When the object device obtains multiple access requests, it can create different routing agents and revocation agents respectively, and a pair of routing agents and revocation agents are used to respond to one access request. In other embodiments, when the object device acquires multiple access requests, it can create one routing proxy and multiple revocation proxies, and the routing proxy cooperates with each revocation proxy to respond to each access request.
在一些实施例中,客体设备接收到多个主体设备发送的用于调用同一被调用者的访问请求时,该客体设备可以创建多个该被调用者的实例,一个被调用者的实例用于响应一个调用者发起的访问请求。客体设备可以将主体设备中的调用者获取到的权限,授予给为该调用者创建的被调用者的实例对应的代理模块。这样,客体设备以多实例为多个调用者分别提供服务的形式,可以保证一个调用者的权限只会给到和该实例对应的代理模块,可以避免权限混用、权限扩大化问题,从而保证客体设备中的数据安全,防止数据滥用及泄露。In some embodiments, when an object device receives access requests for invoking the same callee sent by multiple subject devices, the object device may create multiple instances of the callee, and one instance of the callee is used for Responds to an access request initiated by a caller. The object device can grant the authority obtained by the caller in the subject device to the proxy module corresponding to the instance of the callee created for the caller. In this way, the object device provides services for multiple callers in the form of multiple instances, which can ensure that the authority of one caller will only be given to the proxy module corresponding to the instance, which can avoid the problems of mixed use of authority and authority expansion, so as to ensure that the object Data security in the device to prevent data abuse and leakage.
本申请实施例提供的访问控制方法应用于单机设备时,电子设备在运行调用者的过程中,生成多个用于调用被调用者的访问请求后,可以获取用户授予的该访问请求所需的权限。之后,该电子设备可以创建代理模块,并将访问代理模块的权限授予给该被调用者,将该访问请求所需的权限授予给该代理模块。电子设备可以创建并运行被调用者的实例,通过代理模块来响应访问请求。之后,在需要撤销该访问请求所需的权限时,电子设备可以撤销授予给代理模块的权限,还可以终止该代理模块。When the access control method provided by the embodiment of the present application is applied to a stand-alone device, after the electronic device generates multiple access requests for invoking the callee in the process of running the caller, the electronic device can obtain the required access request granted by the user. permissions. Afterwards, the electronic device can create a proxy module, grant the callee the right to access the proxy module, and grant the proxy module the rights required for the access request. The electronic device can create and run an instance of the callee, and respond to the access request through the proxy module. Afterwards, when the authority required by the access request needs to be revoked, the electronic device can revoke the authority granted to the proxy module, and can also terminate the proxy module.
在单机设备中,由电子设备中的调用者来向用户申请访问请求所需的权限,无论被调用者是否具备授权条件,只要调用者具备授权条件,该电子设备就能够获取访问请求所需的权限。从而保障调用者发起的访问请求能够被成功响应,实现单机设备中的资源调用,满足用户的实际需求。In a stand-alone device, the caller in the electronic device applies to the user for the permission required by the access request. Regardless of whether the callee has the authorization conditions, as long as the caller has the authorization conditions, the electronic device can obtain the required access request. permissions. Thus, it is ensured that the access request initiated by the caller can be successfully responded, and the resource call in the stand-alone device can be realized to meet the actual needs of the user.
并且,电子设备通过创建代理模块,可以精准、灵活地撤销该访问请求所需的权限。此外,代理模块可以直接进行权限校验,无需额外的访问控制模块,可以避免权限校验带来的时间开销。具体可参考在分布式系统中实施该访问控制方法时的相关描述。Moreover, by creating a proxy module, the electronic device can revoke the permission required for the access request accurately and flexibly. In addition, the proxy module can directly perform permission verification without additional access control modules, which can avoid the time overhead caused by permission verification. For details, please refer to the relevant description when implementing the access control method in a distributed system.
在一些实施例中,电子设备获取到多个用于调用同一被调用者的访问请求时,可以创建多个该被调用者的实例,一个被调用者的实例用于响应一个调用者发起的访问请求。电子设备可以将调用者获取到的权限,授予给为该调用者创建的被调用者的实例对应的代理模块。这样,以多实例为多个调用者分别提供服务的形式,可以保证一个调用者的权限只会给到和该实例对应的代理模块,可以避免权限混用、权限扩大化问题,从而保证电子设备中的数据安全,防止数据滥用及泄露。In some embodiments, when the electronic device obtains multiple access requests for calling the same callee, it can create multiple instances of the callee, and one instance of the callee is used to respond to the access initiated by one caller ask. The electronic device may grant the authority acquired by the caller to the proxy module corresponding to the instance of the callee created for the caller. In this way, in the form of providing services for multiple callers with multiple instances, it can ensure that the authority of one caller will only be given to the proxy module corresponding to the instance, which can avoid the problems of mixed use of authority and enlargement of authority, thus ensuring that the data security to prevent data abuse and leakage.
在本申请以下实施例中,实例是运行态的APP或功能组件。实例可以指进程,也可以指线程。In the following embodiments of the present application, an instance is an APP or a functional component in a running state. An instance can refer to a process or a thread.
实例与实例之间相互隔离。电子设备会以进程为单位为不同的实例分配随机存取存储器(random access memory,RAM)中的物理地址。电子设备在需要运行实例时,将根据虚拟地址找到RAM中对应分配给该实例的空间,并在该空间中运行该实例。其中,该虚拟地址与电子设备分配给实例的物理地址相映射,其映射关系存储在电子设备的控制器中。也就是说,实例是通过虚拟地址来实现找到内存数据的实际存储位置的。在这样的机制下,不同的实例之间通过自身的虚拟地址只能访问自身的虚拟地址对应的物理地址,即不能访问对方在RAM中的物理空间,因此实例之间相互隔离。Instances are isolated from each other. Electronic devices allocate physical addresses in random access memory (RAM) to different instances on a per-process basis. When the electronic device needs to run the instance, it will find the space corresponding to the instance in the RAM according to the virtual address, and run the instance in the space. The virtual address is mapped with the physical address assigned to the instance by the electronic device, and the mapping relationship is stored in the controller of the electronic device. That is to say, the instance uses the virtual address to find the actual storage location of the memory data. Under such a mechanism, different instances can only access the physical address corresponding to their own virtual address through their own virtual addresses, that is, they cannot access the physical space of each other in RAM, so the instances are isolated from each other.
主体设备、客体设备、调用者、被调用者的定义可参考后文实施例的相关描述。For the definitions of the subject device, the object device, the caller, and the callee, reference may be made to the related descriptions in the following embodiments.
下面,首先介绍本申请实施例提供的通信系统。In the following, the communication system provided by the embodiments of the present application is first introduced.
如图2A所示,本申请实施例提供了通信系统10。通信系统10包括:多个电子设备。通信系统10也可以称为分布式系统10。As shown in FIG. 2A , an embodiment of the present application provides a communication system 10 . The communication system 10 includes a plurality of electronic devices. Communication system 10 may also be referred to as distributed system 10 .
分布式系统10中包含的多个电子设备均为智能终端设备,可以为各种类型,本申请实施例对该多个电子设备的具体类型不作限制。例如,该多个电子设备包括手机,还可以包括平板电脑、桌面型计算机、膝上型计算机、手持计算机、笔记本电脑、智慧屏、可穿戴式设备、增强现实(augmented reality,AR)设备、虚拟现实(virtual reality,VR)设备、人工智能(artificial intelligence,AI)设备、车机、智能耳机,游戏机,还可以包括物联网(internet of things,IOT)设备或智能家居设备如智能热水器、智能灯具、智能空调等等。不限于此,分布式系统10中的多个设备还可以包括具有触敏表面或触控面板的膝上型计算机(laptop)、具有触敏表面或触控面板的台式计算机等非便携式终端设备等等。The multiple electronic devices included in the distributed system 10 are all intelligent terminal devices, which may be of various types, and the specific types of the multiple electronic devices are not limited in this embodiment of the present application. For example, the plurality of electronic devices include cell phones, and may also include tablet computers, desktop computers, laptop computers, handheld computers, notebook computers, smart screens, wearable devices, augmented reality (AR) devices, virtual Virtual reality (VR) devices, artificial intelligence (AI) devices, car devices, smart headsets, game consoles, and can also include Internet of things (IOT) devices or smart home devices such as smart water heaters, smart Lighting, smart air conditioners, etc. Not limited to this, the plurality of devices in the distributed system 10 may also include non-portable terminal devices such as a laptop with a touch-sensitive surface or a touch panel, a desktop computer with a touch-sensitive surface or a touch panel, and the like Wait.
分布式系统10中的多个电子设备均为部署在家庭中的设备时,分布式系统10也可被称为家庭分布式系统。When a plurality of electronic devices in the distributed system 10 are devices deployed in a home, the distributed system 10 may also be referred to as a home distributed system.
分布式系统10中的多个电子设备之间可以通过登录相同的账号进行连接。例如,多个电子设备可以登录同一华为账号,并通过服务器来远程连接并通信。Multiple electronic devices in the distributed system 10 can be connected by logging into the same account. For example, multiple electronic devices can log in to the same Huawei account and connect and communicate remotely through the server.
分布式系统10中的多个电子设备也可以登录不同账号,但通过绑定的方式进行连接。一个电子设备登录账号后,可以在设备管理应用中,绑定登录不同账号或未登录的其他电子设备,之后这些电子设备之间可以通过该设备管理应用通信。Multiple electronic devices in the distributed system 10 can also log in to different accounts, but are connected in a binding manner. After an electronic device logs in to an account, the device management application can bind and log in to other electronic devices with different accounts or not logged in, and then these electronic devices can communicate with each other through the device management application.
分布式系统10中的多个电子设备还可以通过扫描二维码、近场通信(near field communication,NFC)碰一碰、搜索蓝牙设备等方式建立连接,这里不做限制。Multiple electronic devices in the distributed system 10 may also establish connections by scanning two-dimensional codes, touching by near field communication (NFC), searching for Bluetooth devices, etc., which is not limited here.
总的来说,分布式系统10中的多个电子设备之间建立的通信连接可包括但不限于:有线连接、无线连接例如蓝牙(bluetooth,BT)连接、无线局域网(wireless local area networks,WLAN)例如无线保真点对点(wireless fidelity point to point,Wi-Fi P2P)连接、近距离无线通信(near field communication,NFC)连接,红外技术(infrared,IR)连接,以及远程连接(例如通过服务器建立的连接)等等。In general, the communication connections established between the plurality of electronic devices in the distributed system 10 may include, but are not limited to, wired connections, wireless connections such as bluetooth (BT) connections, wireless local area networks (WLANs) ) such as wireless fidelity point to point (Wi-Fi P2P) connections, near field communication (NFC) connections, infrared (IR) connections, and remote connections (such as connection) and so on.
此外,分布式系统中的多个电子设备也可以结合上述任意几种方式来连接并通信,本申请实施例对此不做限制。In addition, multiple electronic devices in the distributed system may also be connected and communicate in combination with any of the foregoing manners, which is not limited in this embodiment of the present application.
分布式系统10中的多个电子设备可以配置不同的软件操作系统(operating system,OS),包括但不限于
Figure PCTCN2022082869-appb-000001
等等。其中,
Figure PCTCN2022082869-appb-000002
为华为的鸿蒙系统。 Multiple electronic devices in the distributed system 10 may be configured with different software operating systems (operating systems, OS), including but not limited to
Figure PCTCN2022082869-appb-000001
and many more. in,
Figure PCTCN2022082869-appb-000002
For Huawei's Hongmeng system.
该多个电子设备也可以都配置相同的软件操作系统,例如可以均配置
Figure PCTCN2022082869-appb-000003
在多个电子设备的软件系统均为
Figure PCTCN2022082869-appb-000004
时,分布式系统10可以看作一个超级终端。 The multiple electronic devices may also be configured with the same software operating system, for example, they may be configured with the same software operating system.
Figure PCTCN2022082869-appb-000003
The software systems in multiple electronic devices are
Figure PCTCN2022082869-appb-000004
, the distributed system 10 can be regarded as a hyperterminal.
在本申请实施例中,分布式系统10中的各个设备可以安装传统的应用程序(application,APP),例如相机应用、图库应用、设置应用等等。后续实施例中,传统APP可以简称为APP。In this embodiment of the present application, each device in the distributed system 10 may install a traditional application program (application, APP), such as a camera application, a gallery application, a setting application, and the like. In subsequent embodiments, the traditional APP may be referred to as APP for short.
此外,本申请实施例提供的分布式系统10可以安装分布式应用(distributed application)。该分布式应用可以为系统应用,也可以为第三方应用,这里不做限制。系统应用是指电子设备的生产商所提供或研发的应用,第三方应用是指非电子设备的生产商所提供或研发的应用。电子设备的生产商可以包括该电子设备的制造商、供应商、提供商或运营商等。制造商可以是指以自制或采购的零件及原料来加工制造电子设备的生产厂商。供应商可以是指提供该电子设备的整机、原料或零件的厂商。运营商可以是指负责该电子设备的经销的厂商。In addition, the distributed system 10 provided by the embodiments of the present application may install distributed applications (distributed applications). The distributed application may be a system application or a third-party application, which is not limited here. System applications refer to applications provided or developed by manufacturers of electronic equipment, and third-party applications refer to applications provided or developed by manufacturers of non-electronic equipment. The manufacturer of the electronic device may include the manufacturer, supplier, provider or operator of the electronic device, and the like. A manufacturer may refer to a manufacturer that processes and manufactures electronic equipment with self-made or purchased parts and raw materials. The supplier may refer to the manufacturer that provides the complete machine, raw material or parts of the electronic equipment. The operator may refer to a manufacturer responsible for the distribution of the electronic device.
与包含多种能力(ability)的APP不同,分布式应用支持以单一能力(ability)为单位进行部署。一个分布式应用包括一个或多个功能组件。Unlike APPs that contain multiple abilities, distributed applications support deployment in units of a single ability. A distributed application consists of one or more functional components.
功能组件是电子设备中可独立运行的最小能力单元,是对单一能力进行抽象封装的概念。APP将多个功能集合在一起,而功能组件将各个功能作为单独的服务化基础能力,独立存在。 即,功能组件是实现单一功能的程序实体。A functional component is the smallest capability unit that can run independently in an electronic device, and is a concept of abstract encapsulation of a single capability. APP integrates multiple functions, and functional components take each function as a separate service-based basic capability and exist independently. That is, a functional component is a program entity that implements a single function.
每个功能组件都可以独立下载、安装并运行。组成同一个分布式应用的多个功能组件,可以部署在分布式系统10中的同一个电子设备中,也可以部署在不同电子设备中。Each functional component can be downloaded, installed and run independently. Multiple functional components forming the same distributed application may be deployed in the same electronic device in the distributed system 10, or may be deployed in different electronic devices.
功能组件只是本实施例中所使用的一个词语,其代表的含义在本实施例中已经记载,其名称并不能对本实施例构成任何限制。另外,在本申请其他一些实施例中,功能组件也可以称为系统组件、系统服务、业务功能等其他名词。本申请后续实施例统一以“功能组件”进行描述。The functional component is only a word used in this embodiment, and the meaning it represents has been recorded in this embodiment, and its name does not constitute any limitation to this embodiment. In addition, in some other embodiments of the present application, functional components may also be referred to as system components, system services, business functions, and other terms. Subsequent embodiments of the present application are collectively described as "functional components".
Figure PCTCN2022082869-appb-000005
为例,
Figure PCTCN2022082869-appb-000006
中的功能组件可以包括以下两种类别: by
Figure PCTCN2022082869-appb-000005
For example,
Figure PCTCN2022082869-appb-000006
Functional components in can include the following two categories:
(1)feature ability,FA。(1) feature ability, FA.
FA是包含一组或若干组UI的功能组件,可以提供与用户交互的能力。例如,地图应用中的导航界面、即时通讯应用中的视频通话界面等,可以实现为FA。FA is a functional component that contains one or several sets of UI, which can provide the ability to interact with the user. For example, a navigation interface in a map application, a video call interface in an instant messaging application, etc., can be implemented as FA.
在一些实施例中,FA基于MVVM(model-view-view-model)模式开发,将视图UI和业务逻辑分离,业务逻辑代码和视图UI代码分开部署。例如,一个电子设备可以将业务逻辑代码和其他APP集成在一起安装,而视图UI代码则可以安装到其他电子设备中。视图UI代码所在设备,可以和业务逻辑代码所在设备通信,以获取到展示UI所需要的数据。In some embodiments, the FA is developed based on the MVVM (model-view-view-model) model, which separates the view UI and business logic, and deploys the business logic code and the view UI code separately. For example, an electronic device can integrate business logic code with other APPs and install it, while view UI code can be installed on other electronic devices. The device where the view UI code is located can communicate with the device where the business logic code is located to obtain the data needed to display the UI.
FA支持page模板的能力,例如Empty Ability,Login Ability,Setting Ability等。FA采用脚本语言(java script,JS)提供声明式开发模式,采用类HTML和层叠样式表(cascading style sheet,CSS)声明式编程语言作为页面布局和页面样式的开发语言,并支持ECMAScript规范的JS语言提供页面业务逻辑。FA supports the ability of page templates, such as Empty Ability, Login Ability, Setting Ability, etc. FA adopts scripting language (javascript, JS) to provide declarative development mode, adopts HTML-like and cascading style sheet (CSS) declarative programming language as the development language of page layout and page style, and supports ECMAScript standard JS Language provides page business logic.
FA具有免安装、独立运行、跨设备UI迁移、跨设备二进制迁移等能力。FA还具有多端部署、分布执行的特性。FA has the capabilities of free installation, independent operation, cross-device UI migration, and cross-device binary migration. FA also has the characteristics of multi-terminal deployment and distributed execution.
FA可以调用AA或APP,实现更多、更复杂的功能。FA can call AA or APP to realize more and more complex functions.
(2)particle ability,PA。(2) particle ability, PA.
PA是无UI的功能组件,可以为FA提供支持,例如PA可以作为后台服务提供计算能力,或作为数据仓库提供数据访问能力。例如,美颜功能、定位功能、音视频编解码功能等,可以封装为PA。PA is a functional component without UI, which can provide support for FA. For example, PA can provide computing power as a background service, or provide data access capability as a data warehouse. For example, beauty functions, positioning functions, audio and video encoding and decoding functions, etc., can be encapsulated as PA.
PA同样具有多端部署、分布式执行等特性。PA仅对系统服务有依赖关系,和其他PA之间不存在依赖关系。PA also has the characteristics of multi-terminal deployment and distributed execution. PAs only have dependencies on system services and do not have dependencies on other PAs.
PA实际上将远程虚拟化、远程调用、PA管理、跨平台兼容、安全等实现做封装,对开发者开放跨设备的服务使能和唤起,以供其他设备调用本设备的计算能力,协同其他设备完成计算工作。PA支持Service Ability,Data Ability等。Service Ability用于提供后台运行任务的能力。Data Ability用于对外部提供统一的数据访问抽象。PA actually encapsulates the realization of remote virtualization, remote invocation, PA management, cross-platform compatibility, security, etc., and opens up cross-device service enablement and arousal to developers for other devices to invoke the computing power of this device and coordinate with other devices. The device does the computing work. PA supports Service Ability, Data Ability, etc. Service Ability is used to provide the ability to run tasks in the background. Data Ability is used to provide a unified data access abstraction to the outside world.
PA可以调用FA或APP,实现更多、更复杂的功能。PA can call FA or APP to realize more and more complex functions.
可以理解的是,“FA”、“PA”只是本实施例中所使用的一个词语,在本申请其他一些实施例中,其还可以被称为其他名词。例如,“PA”、“FA”也可以被称为例如原子能力(atomic ability,AA)、原子应用、元能力、原子化服务、特性能力等其他名词。It can be understood that "FA" and "PA" are only a word used in this embodiment, and in some other embodiments of this application, they may also be referred to as other nouns. For example, "PA", "FA" may also be referred to as other terms such as atomic capability (AA), atomic application, meta-capability, atomic service, characteristic capability, and the like.
组成一个分布式应用的多个功能组件可以由同一个开发者来开发或提供,可以由多个开发者分别开发或提供,这里不做限制。不同开发者共同开发功能组件,可以提高分布式应用的开发效率。Multiple functional components composing a distributed application may be developed or provided by the same developer, or may be developed or provided by multiple developers separately, which is not limited here. Different developers jointly develop functional components, which can improve the development efficiency of distributed applications.
在本申请实施例中,功能组件对外提供标准化的接口,以供调用。APP可调用功能组件。在一些情况下,功能组件也可以调用其他功能组件或APP。此外,被调用的功能组件也可以 继续调用另外的功能组件或APP,这样多级调用的方式可称为链式调用。In the embodiments of the present application, the functional components provide externally standardized interfaces for invocation. APP can call functional components. In some cases, functional components can also call other functional components or APPs. In addition, the called functional component can also continue to call another functional component or APP, so the multi-level call method can be called chain call.
分布式系统10中的各个设备建立通信连接后,各个设备将同步分布式系统中其他设备的功能组件信息以及APP信息。具体的,各个设备可以将自身安装的功能组件及APP的名称同步给其他设备,以供后续在分布式系统10中调用其他设备的FA、PA等功能组件。在其他一些实施例中,各个设备还可以将自己的设备标识、设备类型等等同步给分布式系统中的其他设备。After each device in the distributed system 10 establishes a communication connection, each device will synchronize the functional component information and APP information of other devices in the distributed system. Specifically, each device can synchronize the names of the functional components installed by itself and the APP to other devices, so as to subsequently call functional components such as FA and PA of other devices in the distributed system 10 . In some other embodiments, each device may also synchronize its own device identification, device type, etc. to other devices in the distributed system.
参考图2B,图2B示例性示出了一种可能的分布式的远程教学业务场景。Referring to FIG. 2B, FIG. 2B exemplarily shows a possible distributed distance teaching business scenario.
如图2B所示,分布式系统包含智能手机、平板电脑、智慧屏等电子设备。分布式系统中的各个设备两两相互连接。智能手机、平板电脑、智慧屏可以配置不同的软件操作系统(operating system,OS),例如智能手机和平板电脑可以配置
Figure PCTCN2022082869-appb-000007
系统,智慧屏可以配置
Figure PCTCN2022082869-appb-000008
系统。 As shown in FIG. 2B , the distributed system includes electronic devices such as smart phones, tablet computers, and smart screens. The various devices in the distributed system are connected to each other in pairs. Smartphones, tablets, and smart screens can be configured with different software operating systems (OS), for example, smartphones and tablets can be configured
Figure PCTCN2022082869-appb-000007
system, smart screen can be configured
Figure PCTCN2022082869-appb-000008
system.
智能手机中安装有“在线课堂”。“在线课堂”是一款安装于电子设备中、为老师和学生提供远程上课所需的各项功能的应用程序,本申请实施例对其名称不做限制。“在线课堂”可以包括以下几个功能组件:黑板功能组件、白板功能组件、音视频编解码功能组件、网络连接功能组件。其中,黑板功能组件、白板功能组件属于FA,音视频编解码功能组件、网络连接功能组件属于PA。黑板功能组件提供远程讲解课程的功能。白板功能组件提供远程回答问题的功能。音视频编解码功能组件提供视频音编解码功能。"Online Classroom" is installed in the smartphone. "Online Classroom" is an application program installed in an electronic device to provide teachers and students with various functions required for remote classes, and the name of the program is not limited in this embodiment of the present application. "Online Classroom" may include the following functional components: blackboard functional components, whiteboard functional components, audio and video codec functional components, and network connection functional components. Among them, the blackboard functional components and the whiteboard functional components belong to the FA, and the audio and video codec functional components and the network connection functional components belong to the PA. The blackboard function component provides the function of teaching courses remotely. The Whiteboard feature component provides the ability to answer questions remotely. The audio and video codec function components provide video and audio codec functions.
在老师侧,老师在智能手机上使用“在线课堂”时,可以将黑板功能组件迁移或切换到智慧屏上,从而在智慧屏上讲解课程。On the teacher's side, when the teacher uses the "online classroom" on the smartphone, the blackboard functional components can be migrated or switched to the smart screen, so as to explain the course on the smart screen.
在学生侧,学生在智能手机上使用“在线课堂”时,可以将白板功能组件迁移或切换到平板电脑上,从而在平板电脑上回答问题。On the student side, when students use Online Classroom on their smartphones, they can migrate or switch the whiteboard functionality to a tablet to answer questions on the tablet.
将功能组件由一个设备A迁移或切换至另一设备B,可以包括以下两种:1,UI迁移。在FA的视图UI和业务逻辑分离时,设备A可以运行业务逻辑代码时,可以触发设备B运行该视图UI的代码,用户看来就好像是将功能组件从设备A迁移到了设备B中。2,整体迁移。整体迁移是指设备B从设备A处或者从网络中下载并安装该功能组件后,运行该功能组件并提供相应的功能。Migrating or switching functional components from one device A to another device B can include the following two types: 1. UI migration. When the FA's view UI and business logic are separated, when device A can run business logic code, device B can be triggered to run the view UI code, and the user seems to have migrated functional components from device A to device B. 2, the overall migration. The overall migration means that after device B downloads and installs the functional component from device A or from the network, it runs the functional component and provides corresponding functions.
在该远程教学业务场景中,“在线课堂”为调用者,平板电脑中的白板功能组件、智慧屏中的黑板功能组件为被调用者。In this remote teaching business scenario, the "online classroom" is the caller, and the whiteboard functional component in the tablet computer and the blackboard functional component in the smart screen are the callee.
图2B还示出了另一种可能的分布式视频通话业务场景。FIG. 2B also shows another possible distributed video call service scenario.
如图2B所示,智能手机还可以安装有其他分布式应用,例如即时通讯应用。即时通讯应用可以提供视频通话、语音通话及其他通信功能。即时通信应用可以包括以下功能组件:视频通话功能组件、音视频编解码功能组件、网络连接功能组件。As shown in FIG. 2B, the smartphone may also be installed with other distributed applications, such as instant messaging applications. Instant messaging applications can provide video calls, voice calls, and other communication features. The instant messaging application may include the following functional components: video calling functional components, audio and video codec functional components, and network connection functional components.
用户在智能手机上使用即时通讯应用时,可以将该应用的视频通话功能组件迁移或者切换到智慧屏上,从而利用智慧屏的摄像头和显示屏来进行视频通话。When a user uses an instant messaging application on a smartphone, the video calling function component of the application can be migrated or switched to the smart screen, so that the camera and display screen of the smart screen can be used to make video calls.
上述“在线课堂”中的黑板功能组件,和,即时通讯应用中的视频通话功能组件,可以是同一个功能组件。也就是说,智慧屏中的该功能组件可以被智能手机上安装的“在线课堂”和即时通讯应用分别调用。The blackboard functional component in the above-mentioned "online classroom" and the video calling functional component in the instant messaging application may be the same functional component. That is to say, the functional component in the smart screen can be called separately by the "online classroom" and instant messaging applications installed on the smart phone.
在该视频通话业务场景中,即时通讯应用为调用者,智慧屏中的视频通话功能组件(即视频通话功能组件)为被调用者。In this video call service scenario, the instant messaging application is the caller, and the video call functional component (ie, the video call functional component) in the smart screen is the callee.
需要说明的是,如图2B所示的业务场景仅用于辅助描述本申请实施例的技术方案。在实际业务场景中,图2B所示的分布式系统可以包括更多的终端设备,各个设备中可以部署 更多或更少的功能组件,各分布式应用可以包括更多或更少的功能组件。It should be noted that the service scenario shown in FIG. 2B is only used to assist in describing the technical solutions of the embodiments of the present application. In an actual business scenario, the distributed system shown in FIG. 2B may include more terminal devices, more or less functional components may be deployed in each device, and each distributed application may include more or less functional components .
通过图2A所示的分布式系统10,以及,图2B所示的分布式场景,可以整合不同设备的软硬件能力,实现智慧化的全场景体验。Through the distributed system 10 shown in FIG. 2A and the distributed scenario shown in FIG. 2B , the software and hardware capabilities of different devices can be integrated to realize an intelligent full-scene experience.
在一些实施例中,分布式系统10中的各个设备建立通信连接后,各个设备将同步分布式系统中其他设备的功能组件信息以及APP信息。具体的,各个设备可以将自身安装的功能组件及APP的名称同步给其他设备,以供后续在分布式系统10中调用其他设备的APP、功能组件等等。In some embodiments, after each device in the distributed system 10 establishes a communication connection, each device will synchronize functional component information and APP information of other devices in the distributed system. Specifically, each device can synchronize the names of the functional components and APPs installed by itself to other devices, so that the APPs, functional components, etc. of other devices can be called in the distributed system 10 later.
在本申请后续实施例中:发起调用功能组件或APP的一方,可以称为调用者。调用者例如可以为APP、FA或PA。整个调用链的初始发起者,可以称为首调者。首调者例如可以为APP或FA。举例来说,调用链为:APP1调用PA1,PA1调用PA2,PA2调用FA1,则APP1为首调者。再举例来说,调用链为:FA1调用PA1,PA1调用PA2,则FA1为首调者。In subsequent embodiments of the present application, the party that initiates the invocation of the functional component or the APP may be referred to as the invoker. The caller can be, for example, APP, FA or PA. The initial initiator of the entire call chain can be called the first caller. The first caller can be, for example, an APP or an FA. For example, the call chain is: APP1 calls PA1, PA1 calls PA2, PA2 calls FA1, then APP1 is the first caller. For another example, the call chain is: FA1 calls PA1, PA1 calls PA2, then FA1 is the first caller.
在整个调用链中,中间被调用的一方以及最后被调用的一方,都可以称为被调用者。被调用者例如可以为APP、FA或PA。In the whole call chain, the middle called party and the last called party can be called the callee. The callee can be, for example, APP, FA or PA.
在本申请一些实施例中,调用者也可以称为主体应用,被调用者还可以称为客体应用。In some embodiments of the present application, the caller may also be referred to as a subject application, and the callee may also be referred to as an object application.
在调用链中,调用者,以及,被调用者,可以部署在同一个电子设备中,也可以部署在不同的电子设备中。In the call chain, the caller, and the callee, can be deployed in the same electronic device or in different electronic devices.
调用者所在设备称为主体设备,被调用者所在设备称为客体设备。The device where the caller is located is called the subject device, and the device where the callee is located is called the object device.
本申请以下实施例所称的应用,可以包括APP,也可以包括功能组件。The application referred to in the following embodiments of the present application may include an APP or a functional component.
在本申请实施例提供的分布式系统10中:In the distributed system 10 provided by the embodiment of the present application:
主体设备生成用于调用客体设备中被调用者的访问请求后,可以请求用户授予该访问请求所需的权限,之后可以将该访问请求和用户授予的该访问请求所需的权限信息发送给客体设备。After the main device generates an access request for invoking the callee in the object device, it can request the user to grant the permission required by the access request, and then send the access request and the permission information required by the access request granted by the user to the object equipment.
客体设备接收到主体设备发送的访问请求后,可以创建代理模块,并将该访问请求所需的权限授予给该代理模块,将访问代理模块的权限授予该被调用者。客体设备可以创建并运行被调用者的实例,通过该代理模块来响应该主体设备发起的访问请求。之后,在需要撤销该访问请求所需的权限时,客体设备可以撤销授予给代理模块的权限,也可以终止该代理模块。After receiving the access request sent by the subject device, the guest device can create a proxy module, grant the proxy module the authority required by the access request, and grant the callee the access rights to the proxy module. The object device can create and run an instance of the callee, and respond to the access request initiated by the subject device through the proxy module. Afterwards, when the permission required by the access request needs to be revoked, the object device can revoke the permission granted to the proxy module, or can terminate the proxy module.
在一些实施例中,客体设备接收到多个主体设备发送的用于调用同一被调用者的访问请求时,该客体设备可以创建多个该被调用者的实例,一个被调用者的实例用于响应一个调用者发起的访问请求。In some embodiments, when an object device receives access requests for invoking the same callee sent by multiple subject devices, the object device may create multiple instances of the callee, and one instance of the callee is used for Responds to an access request initiated by a caller.
在一些实施例中,主体设备和客体设备为同一个电子设备时,该电子设备在运行调用者的过程中,生成多个用于调用被调用者的访问请求后,可以获取用户授予的该访问请求所需的权限。之后,该电子设备可以创建代理模块,并将访问代理模块的权限授予给该被调用者,将该访问请求所需的权限授予给该代理模块。电子设备可以创建并运行被调用者的实例,通过代理模块来响应访问请求。之后,在需要撤销该访问请求所需的权限时,电子设备可以撤销授予给代理模块的权限,还可以终止该代理模块。In some embodiments, when the subject device and the object device are the same electronic device, the electronic device can obtain the access granted by the user after generating multiple access requests for invoking the callee in the process of running the caller. Request the required permissions. Afterwards, the electronic device can create a proxy module, grant the callee the right to access the proxy module, and grant the proxy module the rights required for the access request. The electronic device can create and run an instance of the callee, and respond to the access request through the proxy module. Afterwards, when the authority required by the access request needs to be revoked, the electronic device can revoke the authority granted to the proxy module, and can also terminate the proxy module.
在一些实施例中,主体设备和客体设备为同一个电子设备时,如果该电子设备获取到多个用于调用同一被调用者的访问请求,该电子设备可以创建多个该被调用者的实例,一个被调用者的实例用于响应一个调用者发起的访问请求。In some embodiments, when the subject device and the object device are the same electronic device, if the electronic device obtains multiple access requests for invoking the same callee, the electronic device may create multiple instances of the callee , an instance of a callee used to respond to an access request initiated by a caller.
关于分布式系统10中的各个电子设备所执行的操作的具体实现,可参考后续方法实施例的相关描述,这里不赘述。For the specific implementation of the operations performed by each electronic device in the distributed system 10, reference may be made to the related descriptions of the subsequent method embodiments, which are not repeated here.
参考图3A,图3A为本申请实施例提供的电子设备的硬件结构示意图。该电子设备可以为图2A所示分布式系统10中的任意一个电子设备。该电子设备可以为主体设备,也可以为客体设备,还可以同时为主体设备和客体设备。Referring to FIG. 3A , FIG. 3A is a schematic diagram of a hardware structure of an electronic device provided by an embodiment of the present application. The electronic device may be any electronic device in the distributed system 10 shown in FIG. 2A . The electronic device may be a subject device, a guest device, or a subject device and an object device at the same time.
如图3A所示,该电子设备可以包括处理器110,外部存储器接口120,内部存储器121,通用串行总线(universal serial bus,USB)接口130,充电管理模块140,电源管理模块141,电池142,天线1,天线2,移动通信模块150,无线通信模块160,音频模块170,扬声器170A,受话器170B,麦克风170C,耳机接口170D,传感器模块180,按键190,马达191,指示器192,摄像头193,显示屏194,以及用户标识模块(subscriber identification module,SIM)卡接口195等。其中传感器模块180可以包括压力传感器180A,陀螺仪传感器180B,气压传感器180C,磁传感器180D,加速度传感器180E,距离传感器180F,接近光传感器180G,指纹传感器180H,温度传感器180J,触摸传感器180K,环境光传感器180L,骨传导传感器180M等。As shown in FIG. 3A , the electronic device may include a processor 110 , an external memory interface 120 , an internal memory 121 , a universal serial bus (USB) interface 130 , a charge management module 140 , a power management module 141 , and a battery 142 , Antenna 1, Antenna 2, Mobile Communication Module 150, Wireless Communication Module 160, Audio Module 170, Speaker 170A, Receiver 170B, Microphone 170C, Headphone Interface 170D, Sensor Module 180, Key 190, Motor 191, Indicator 192, Camera 193 , a display screen 194, and a subscriber identification module (subscriber identification module, SIM) card interface 195 and the like. The sensor module 180 may include a pressure sensor 180A, a gyroscope sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, and ambient light. Sensor 180L, bone conduction sensor 180M, etc.
可以理解的是,本申请实施例示意的结构并不构成对电子设备的具体限定。在本申请另一些实施例中,电子设备可以包括比图示更多或更少的部件,或者组合某些部件,或者拆分某些部件,或者不同的部件布置。图示的部件可以以硬件,软件或软件和硬件的组合实现。It can be understood that the structures illustrated in the embodiments of the present application do not constitute a specific limitation on the electronic device. In other embodiments of the present application, the electronic device may include more or less components than shown, or combine some components, or separate some components, or arrange different components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
处理器110可以包括一个或多个处理单元,例如:处理器110可以包括应用处理器(application processor,AP),调制解调处理器,图形处理器(graphics processing unit,GPU),图像信号处理器(image signal processor,ISP),控制器,视频编解码器,数字信号处理器(digital signal processor,DSP),基带处理器,和/或神经网络处理器(neural-network processing unit,NPU)等。其中,不同的处理单元可以是独立的器件,也可以集成在一个或多个处理器中。The processor 110 may include one or more processing units, for example, the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processor (graphics processing unit, GPU), an image signal processor (image signal processor, ISP), controller, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (neural-network processing unit, NPU), etc. Wherein, different processing units may be independent devices, or may be integrated in one or more processors.
控制器可以根据指令操作码和时序信号,产生操作控制信号,完成取指令和执行指令的控制。The controller can generate an operation control signal according to the instruction operation code and timing signal, and complete the control of fetching and executing instructions.
处理器110中还可以设置存储器,用于存储指令和数据。在一些实施例中,处理器110中的存储器为高速缓冲存储器。该存储器可以保存处理器110刚用过或循环使用的指令或数据。如果处理器110需要再次使用该指令或数据,可从所述存储器中直接调用。避免了重复存取,减少了处理器110的等待时间,因而提高了系统的效率。A memory may also be provided in the processor 110 for storing instructions and data. In some embodiments, the memory in processor 110 is cache memory. This memory may hold instructions or data that have just been used or recycled by the processor 110 . If the processor 110 needs to use the instruction or data again, it can be called directly from the memory. Repeated accesses are avoided and the latency of the processor 110 is reduced, thereby increasing the efficiency of the system.
电子设备的无线通信功能可以通过天线1,天线2,移动通信模块150,无线通信模块160,调制解调处理器以及基带处理器等实现。The wireless communication function of the electronic device can be implemented by the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the modulation and demodulation processor, the baseband processor, and the like.
天线1和天线2用于发射和接收电磁波信号。电子设备中的每个天线可用于覆盖单个或多个通信频带。不同的天线还可以复用,以提高天线的利用率。例如:可以将天线1复用为无线局域网的分集天线。在另外一些实施例中,天线可以和调谐开关结合使用。Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals. Each antenna in an electronic device can be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization. For example, the antenna 1 can be multiplexed as a diversity antenna of the wireless local area network. In other embodiments, the antenna may be used in conjunction with a tuning switch.
移动通信模块150可以提供应用在电子设备上的包括2G/3G/4G/5G等无线通信的解决方案。移动通信模块150可以包括至少一个滤波器,开关,功率放大器,低噪声放大器(low noise amplifier,LNA)等。移动通信模块150可以由天线1接收电磁波,并对接收的电磁波进行滤波,放大等处理,传送至调制解调处理器进行解调。移动通信模块150还可以对经调制解调处理器调制后的信号放大,经天线1转为电磁波辐射出去。在一些实施例中,移动通信模块150的至少部分功能模块可以被设置于处理器110中。在一些实施例中,移动通信模块150的至少部分功能模块可以与处理器110的至少部分模块被设置在同一个器件中。The mobile communication module 150 can provide a wireless communication solution including 2G/3G/4G/5G etc. applied on the electronic device. The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (LNA) and the like. The mobile communication module 150 can receive electromagnetic waves from the antenna 1, filter and amplify the received electromagnetic waves, and transmit them to the modulation and demodulation processor for demodulation. The mobile communication module 150 can also amplify the signal modulated by the modulation and demodulation processor, and then turn it into an electromagnetic wave for radiation through the antenna 1 . In some embodiments, at least part of the functional modules of the mobile communication module 150 may be provided in the processor 110 . In some embodiments, at least part of the functional modules of the mobile communication module 150 may be provided in the same device as at least part of the modules of the processor 110 .
调制解调处理器可以包括调制器和解调器。其中,调制器用于将待发送的低频基带信号调制成中高频信号。解调器用于将接收的电磁波信号解调为低频基带信号。随后解调器将解 调得到的低频基带信号传送至基带处理器处理。低频基带信号经基带处理器处理后,被传递给应用处理器。应用处理器通过音频设备(不限于扬声器170A,受话器170B等)输出声音信号,或通过显示屏194显示图像或视频。在一些实施例中,调制解调处理器可以是独立的器件。在另一些实施例中,调制解调处理器可以独立于处理器110,与移动通信模块150或其他功能模块设置在同一个器件中。The modem processor may include a modulator and a demodulator. Wherein, the modulator is used to modulate the low frequency baseband signal to be sent into a medium and high frequency signal. The demodulator is used to demodulate the received electromagnetic wave signal into a low frequency baseband signal. The demodulator then transmits the demodulated low-frequency baseband signal to the baseband processor for processing. The low frequency baseband signal is processed by the baseband processor and passed to the application processor. The application processor outputs sound signals through audio devices (not limited to the speaker 170A, the receiver 170B, etc.), or displays images or videos through the display screen 194 . In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be independent of the processor 110, and may be provided in the same device as the mobile communication module 150 or other functional modules.
无线通信模块160可以提供应用在电子设备上的包括无线局域网(wireless local area networks,WLAN)(如无线保真(wireless fidelity,Wi-Fi)网络),蓝牙(bluetooth,BT),全球导航卫星系统(global navigation satellite system,GNSS),调频(frequency modulation,FM),近距离无线通信技术(near field communication,NFC),红外技术(infrared,IR)等无线通信的解决方案。无线通信模块160可以是集成至少一个通信处理模块的一个或多个器件。无线通信模块160经由天线2接收电磁波,将电磁波信号解调以及滤波处理,将处理后的信号发送到处理器110。无线通信模块160还可以从处理器110接收待发送的信号,对其进行调频,放大,经天线2转为电磁波辐射出去。The wireless communication module 160 can provide applications on electronic devices including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) networks), bluetooth (BT), global navigation satellite system (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2 , demodulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 . The wireless communication module 160 can also receive the signal to be sent from the processor 110 , perform frequency modulation on it, amplify it, and convert it into electromagnetic waves for radiation through the antenna 2 .
在一些实施例中,电子设备的天线1和移动通信模块150耦合,天线2和无线通信模块160耦合,使得电子设备可以通过无线通信技术与网络以及其他设备通信。所述无线通信技术可以包括全球移动通讯系统(global system for mobile communications,GSM),通用分组无线服务(general packet radio service,GPRS),码分多址接入(code division multiple access,CDMA),宽带码分多址(wideband code division multiple access,WCDMA),时分码分多址(time-division code division multiple access,TD-SCDMA),长期演进(long term evolution,LTE),BT,GNSS,WLAN,NFC,FM,和/或IR技术等。所述GNSS可以包括全球卫星定位系统(global positioning system,GPS),全球导航卫星系统(global navigation satellite system,GLONASS),北斗卫星导航系统(beidou navigation satellite system,BDS),准天顶卫星系统(quasi-zenith satellite system,QZSS)和/或星基增强系统(satellite based augmentation systems,SBAS)。In some embodiments, the antenna 1 of the electronic device is coupled with the mobile communication module 150, and the antenna 2 is coupled with the wireless communication module 160, so that the electronic device can communicate with the network and other devices through wireless communication technology. The wireless communication technology may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband Code Division Multiple Access (WCDMA), Time Division Code Division Multiple Access (TD-SCDMA), Long Term Evolution (LTE), BT, GNSS, WLAN, NFC , FM, and/or IR technology, etc. The GNSS may include global positioning system (global positioning system, GPS), global navigation satellite system (global navigation satellite system, GLONASS), Beidou navigation satellite system (beidou navigation satellite system, BDS), quasi-zenith satellite system (quasi -zenith satellite system, QZSS) and/or satellite based augmentation systems (SBAS).
电子设备通过GPU,显示屏194,以及应用处理器等实现显示功能。GPU为图像处理的微处理器,连接显示屏194和应用处理器。GPU用于执行数学和几何计算,用于图形渲染。处理器110可包括一个或多个GPU,其执行程序指令以生成或改变显示信息。The electronic device realizes the display function through the GPU, the display screen 194, and the application processor. The GPU is a microprocessor for image processing, and is connected to the display screen 194 and the application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.
显示屏194用于显示图像,视频等。显示屏194包括显示面板。显示面板可以采用液晶显示屏(liquid crystal display,LCD),有机发光二极管(organic light-emitting diode,OLED),有源矩阵有机发光二极体或主动矩阵有机发光二极体(active-matrix organic light emitting diode的,AMOLED),柔性发光二极管(flex light-emitting diode,FLED),Miniled,MicroLed,Micro-oLed,量子点发光二极管(quantum dot light emitting diodes,QLED)等。在一些实施例中,电子设备可以包括1个或N个显示屏194,N为大于1的正整数。Display screen 194 is used to display images, videos, and the like. Display screen 194 includes a display panel. The display panel can be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode or an active-matrix organic light-emitting diode (active-matrix organic light). emitting diode, AMOLED), flexible light-emitting diode (flex light-emitting diode, FLED), Miniled, MicroLed, Micro-oLed, quantum dot light-emitting diode (quantum dot light emitting diodes, QLED) and so on. In some embodiments, the electronic device may include 1 or N display screens 194 , where N is a positive integer greater than 1.
电子设备可以通过ISP,摄像头193,视频编解码器,GPU,显示屏194以及应用处理器等实现拍摄功能。The electronic device can realize the shooting function through the ISP, the camera 193, the video codec, the GPU, the display screen 194 and the application processor.
ISP用于处理摄像头193反馈的数据。例如,拍照时,打开快门,光线通过镜头被传递到摄像头感光元件上,光信号转换为电信号,摄像头感光元件将所述电信号传递给ISP处理,转化为肉眼可见的图像。ISP还可以对图像的噪点,亮度,肤色进行算法优化。ISP还可以对拍摄场景的曝光,色温等参数优化。在一些实施例中,ISP可以设置在摄像头193中。The ISP is used to process the data fed back by the camera 193 . For example, when taking a photo, the shutter is opened, the light is transmitted to the camera photosensitive element through the lens, the light signal is converted into an electrical signal, and the camera photosensitive element transmits the electrical signal to the ISP for processing, and converts it into an image visible to the naked eye. ISP can also perform algorithm optimization on image noise, brightness, and skin tone. ISP can also optimize the exposure, color temperature and other parameters of the shooting scene. In some embodiments, the ISP may be provided in the camera 193 .
摄像头193用于捕获静态图像或视频。物体通过镜头生成光学图像投射到感光元件。感光元件可以是电荷耦合器件(charge coupled device,CCD)或互补金属氧化物半导体 (complementary metal-oxide-semiconductor,CMOS)光电晶体管。感光元件把光信号转换成电信号,之后将电信号传递给ISP转换成数字图像信号。ISP将数字图像信号输出到DSP加工处理。DSP将数字图像信号转换成标准的RGB,YUV等格式的图像信号。在一些实施例中,电子设备可以包括1个或N个摄像头193,N为大于1的正整数。Camera 193 is used to capture still images or video. The object is projected through the lens to generate an optical image onto the photosensitive element. The photosensitive element can be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, and then transmits the electrical signal to the ISP to convert it into a digital image signal. The ISP outputs the digital image signal to the DSP for processing. DSP converts digital image signals into standard RGB, YUV and other formats of image signals. In some embodiments, the electronic device may include 1 or N cameras 193 , where N is a positive integer greater than 1.
数字信号处理器用于处理数字信号,除了可以处理数字图像信号,还可以处理其他数字信号。例如,当电子设备在频点选择时,数字信号处理器用于对频点能量进行傅里叶变换等。A digital signal processor is used to process digital signals, in addition to processing digital image signals, it can also process other digital signals. For example, when the electronic device selects the frequency point, the digital signal processor is used to perform Fourier transform on the frequency point energy, etc.
视频编解码器用于对数字视频压缩或解压缩。电子设备可以支持一种或多种视频编解码器。这样,电子设备可以播放或录制多种编码格式的视频,例如:动态图像专家组(moving picture experts group,MPEG)1,MPEG2,MPEG3,MPEG4等。Video codecs are used to compress or decompress digital video. An electronic device may support one or more video codecs. In this way, the electronic device can play or record videos in various encoding formats, such as: moving picture experts group (moving picture experts group, MPEG) 1, MPEG2, MPEG3, MPEG4 and so on.
NPU为神经网络(neural-network,NN)计算处理器,通过借鉴生物神经网络结构,例如借鉴人脑神经元之间传递模式,对输入信息快速处理,还可以不断的自学习。通过NPU可以实现电子设备的智能认知等应用,例如:图像识别,人脸识别,语音识别,文本理解等。The NPU is a neural-network (NN) computing processor. By drawing on the structure of biological neural networks, such as the transfer mode between neurons in the human brain, it can quickly process the input information, and can continuously learn by itself. Through the NPU, applications such as intelligent cognition of electronic devices can be realized, such as image recognition, face recognition, speech recognition, text understanding, etc.
内部存储器121可以包括一个或多个随机存取存储器(random access memory,RAM)和一个或多个非易失性存储器(non-volatile memory,NVM)。The internal memory 121 may include one or more random access memories (RAM) and one or more non-volatile memories (NVM).
随机存取存储器可以包括静态随机存储器(static random-access memory,SRAM)、动态随机存储器(dynamic random access memory,DRAM)、同步动态随机存储器(synchronous dynamic random access memory,SDRAM)、双倍资料率同步动态随机存取存储器(double data rate synchronous dynamic random access memory,DDR SDRAM,例如第五代DDR SDRAM一般称为DDR5SDRAM)等;非易失性存储器可以包括磁盘存储器件、快闪存储器(flash memory)。Random access memory can include static random-access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM), double data rate synchronization Dynamic random access memory (double data rate synchronous dynamic random access memory, DDR SDRAM, such as fifth-generation DDR SDRAM is generally referred to as DDR5 SDRAM), etc.; non-volatile memory can include disk storage devices, flash memory (flash memory).
随机存取存储器可以由处理器110直接进行读写,可以用于存储操作系统或其他正在运行中的程序的可执行程序(例如机器指令),还可以用于存储用户及应用程序的数据等。The random access memory can be directly read and written by the processor 110, and can be used to store executable programs (eg, machine instructions) of an operating system or other running programs, and can also be used to store data of users and application programs.
非易失性存储器也可以存储可执行程序和存储用户及应用程序的数据等,可以提前加载到随机存取存储器中,用于处理器110直接进行读写。The non-volatile memory can also store executable programs and store data of user and application programs, etc., and can be loaded into the random access memory in advance for the processor 110 to directly read and write.
外部存储器接口120可以用于连接外部的非易失性存储器,实现扩展电子设备的存储能力。外部的非易失性存储器通过外部存储器接口120与处理器110通信,实现数据存储功能。例如将音乐,视频等文件保存在外部的非易失性存储器中。The external memory interface 120 can be used to connect an external non-volatile memory to expand the storage capacity of the electronic device. The external non-volatile memory communicates with the processor 110 through the external memory interface 120 to realize the data storage function. For example, save music, video, etc. files in external non-volatile memory.
电子设备可以通过音频模块170,扬声器170A,受话器170B,麦克风170C,耳机接口170D,以及应用处理器等实现音频功能。例如音乐播放,录音等。The electronic device can implement audio functions through the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone jack 170D, and the application processor. Such as music playback, recording, etc.
音频模块170用于将数字音频信息转换成模拟音频信号输出,也用于将模拟音频输入转换为数字音频信号。音频模块170还可以用于对音频信号编码和解码。在一些实施例中,音频模块170可以设置于处理器110中,或将音频模块170的部分功能模块设置于处理器110中。The audio module 170 is used for converting digital audio information into analog audio signal output, and also for converting analog audio input into digital audio signal. Audio module 170 may also be used to encode and decode audio signals. In some embodiments, the audio module 170 may be provided in the processor 110 , or some functional modules of the audio module 170 may be provided in the processor 110 .
扬声器170A,也称“喇叭”,用于将音频电信号转换为声音信号。电子设备可以通过扬声器170A收听音乐,或收听免提通话。Speaker 170A, also referred to as a "speaker", is used to convert audio electrical signals into sound signals. The electronic device can listen to music through the speaker 170A, or listen to a hands-free call.
受话器170B,也称“听筒”,用于将音频电信号转换成声音信号。当电子设备接听电话或语音信息时,可以通过将受话器170B靠近人耳接听语音。The receiver 170B, also referred to as "earpiece", is used to convert audio electrical signals into sound signals. When the electronic device answers a call or a voice message, the voice can be received by placing the receiver 170B close to the human ear.
麦克风170C,也称“话筒”,“传声器”,用于将声音信号转换为电信号。当拨打电话或发送语音信息时,用户可以通过人嘴靠近麦克风170C发声,将声音信号输入到麦克风170C。电子设备可以设置至少一个麦克风170C。在另一些实施例中,电子设备可以设置两个麦克风170C,除了采集声音信号,还可以实现降噪功能。在另一些实施例中,电子设备还可以设置 三个,四个或更多麦克风170C,实现采集声音信号,降噪,还可以识别声音来源,实现定向录音功能等。The microphone 170C, also called "microphone" or "microphone", is used to convert sound signals into electrical signals. When making a call or sending a voice message, the user can make a sound by approaching the microphone 170C through a human mouth, and input the sound signal into the microphone 170C. The electronic device may be provided with at least one microphone 170C. In other embodiments, the electronic device may be provided with two microphones 170C, which can implement a noise reduction function in addition to collecting sound signals. In other embodiments, the electronic device can also be provided with three, four or more microphones 170C to collect sound signals, reduce noise, identify sound sources, and implement directional recording functions.
指纹传感器180H用于采集指纹。电子设备可以利用采集的指纹特性实现指纹解锁,访问应用锁,指纹拍照,指纹接听来电等。The fingerprint sensor 180H is used to collect fingerprints. Electronic devices can use the collected fingerprint characteristics to unlock fingerprints, access application locks, take photos with fingerprints, and answer incoming calls with fingerprints.
按键190包括开机键,音量键等。按键190可以是机械按键。也可以是触摸式按键。电子设备可以接收按键输入,产生与电子设备的用户设置以及功能控制有关的键信号输入。The keys 190 include a power-on key, a volume key, and the like. Keys 190 may be mechanical keys. It can also be a touch key. The electronic device may receive key input and generate key signal input related to user settings and function control of the electronic device.
马达191可以产生振动提示。Motor 191 can generate vibrating cues.
指示器192可以是指示灯,可以用于指示充电状态,电量变化,也可以用于指示消息,未接来电,通知等。The indicator 192 can be an indicator light, which can be used to indicate the charging state, the change of the power, and can also be used to indicate a message, a missed call, a notification, and the like.
压力传感器180A用于感受压力信号,可以将压力信号转换成电信号。在一些实施例中,压力传感器180A可以设置于显示屏194。The pressure sensor 180A is used to sense pressure signals, and can convert the pressure signals into electrical signals. In some embodiments, the pressure sensor 180A may be provided on the display screen 194 .
触摸传感器180K,也称“触控器件”。触摸传感器180K可以设置于显示屏194,由触摸传感器180K与显示屏194组成触摸屏,也称“触控屏”。触摸传感器180K用于检测作用于其上或附近的触摸操作。触摸传感器可以将检测到的触摸操作传递给应用处理器,以确定触摸事件类型。可以通过显示屏194提供与触摸操作相关的视觉输出。在另一些实施例中,触摸传感器180K也可以设置于电子设备的表面,与显示屏194所处的位置不同。Touch sensor 180K, also called "touch device". The touch sensor 180K may be disposed on the display screen 194 , and the touch sensor 180K and the display screen 194 form a touch screen, also called a “touch screen”. The touch sensor 180K is used to detect a touch operation on or near it. The touch sensor can pass the detected touch operation to the application processor to determine the type of touch event. Visual output related to touch operations may be provided through display screen 194 . In other embodiments, the touch sensor 180K may also be disposed on the surface of the electronic device, which is different from the location where the display screen 194 is located.
当图3A所示的电子设备为主体设备时:When the electronic device shown in FIG. 3A is the main device:
移动通信模块150或无线通信模块160,可用于和分布式系统10中的其他电子设备(例如客体设备)建立通信连接,建立通信连接的具体方式可参考图2A中的相关描述。The mobile communication module 150 or the wireless communication module 160 can be used to establish a communication connection with other electronic devices (eg, object devices) in the distributed system 10. For the specific manner of establishing a communication connection, reference may be made to the relevant description in FIG. 2A .
移动通信模块150或无线通信模块160,还可用于在和其他电子设备建立通信连接后,接收其他电子设备同步的功能组件信息以及APP信息。The mobile communication module 150 or the wireless communication module 160 can also be used to receive the function component information and APP information synchronized with other electronic devices after establishing a communication connection with other electronic devices.
显示屏194、指纹传感器180H、摄像头193、音频模块170、按键190等模块,可用于提供各类授权方式,以在该主体设备生成用于调用客体设备中被调用者的访问请求之后,请求用户授予该访问请求所需的权限。处理器110可响应于上述几个模块接收到的用户操作,获取用户授予的访问请求所需的权限。The display screen 194, the fingerprint sensor 180H, the camera 193, the audio module 170, the button 190 and other modules can be used to provide various authorization methods, so that after the main device generates an access request for invoking the callee in the object device, request the user Grant the required permissions for this access request. The processor 110 may acquire the permission required by the access request granted by the user in response to the user operation received by the above-mentioned several modules.
移动通信模块150或无线通信模块160,还可用于向客体设备发送访问请求和用户授予的权限信息。The mobile communication module 150 or the wireless communication module 160 can also be used to send the access request and the permission information granted by the user to the object device.
显示屏194还可用于显示后续实施例提供的在主体设备上显示的用户界面。The display screen 194 can also be used to display the user interface displayed on the main device provided by the subsequent embodiments.
内部存储器121可以用于存储分布式系统10中其他电子设备同步过来的功能组件信息以及APP信息。The internal memory 121 may be used to store functional component information and APP information synchronized by other electronic devices in the distributed system 10 .
内部存储器121还可用于存储主体设备中调用者和客体设备中被调用者之间的调用关系。该调用关系包括:调用关系ID、调用者的信息,和,被调用者的信息。该调用关系的具体内容可参考后续实施例的相关描述。The internal memory 121 can also be used to store the calling relationship between the caller in the subject device and the callee in the object device. The calling relationship includes: the calling relationship ID, the information of the caller, and the information of the callee. For the specific content of the calling relationship, reference may be made to related descriptions in subsequent embodiments.
当图3A所示的电子设备为客体设备时:When the electronic device shown in Figure 3A is a guest device:
移动通信模块150或无线通信模块160,可用于和分布式系统10中的其他电子设备(例如主体设备)建立通信连接,建立通信连接的具体方式可参考图2A相关描述。The mobile communication module 150 or the wireless communication module 160 can be used to establish a communication connection with other electronic devices (eg, main device) in the distributed system 10. For the specific manner of establishing a communication connection, please refer to the relevant description of FIG. 2A .
移动通信模块150或无线通信模块160,还可用于和其他电子设备建立通信连接后,向其他电子设备同步功能组件信息以及APP信息。The mobile communication module 150 or the wireless communication module 160 can also be used to synchronize functional component information and APP information with other electronic devices after establishing a communication connection with other electronic devices.
移动通信模块150或无线通信模块160,还可用于接收到一个或多个主体设备发送的用于调用同一被调用者的访问请求,并接收到主体设备发送的用户授予的访问请求所需的权限信息。The mobile communication module 150 or the wireless communication module 160 may also be configured to receive an access request sent by one or more main devices for invoking the same callee, and receive the required permissions for the access request granted by the user sent by the main device information.
处理器110可以用于响应接收到的多个主体设备发送的访问请求,创建多个该被调用者的实例,一个被调用者的实例用于响应一个调用者发起的访问请求。The processor 110 may be configured to create multiple instances of the callee in response to received access requests sent by multiple subject devices, and one instance of the callee is used to respond to an access request initiated by a caller.
处理器110可以用于创建代理模块,并将访问代理模块的权限授予给被调用者,将访问请求所需的权限授予给代理模块。处理器110备可以创建并运行被调用者的实例,通过代理模块来响应主体设备发起的访问请求。之后,在需要撤销该访问请求所需的权限时,处理器110可以撤销授予给代理模块的权限,还可以终止该代理模块。The processor 110 may be configured to create a proxy module, grant the callee the right to access the proxy module, and grant the proxy module the permission required to access the request. The processor 110 can create and run an instance of the callee, and respond to the access request initiated by the main device through the proxy module. Afterwards, when it is necessary to revoke the authority required by the access request, the processor 110 can revoke the authority granted to the proxy module, and can also terminate the proxy module.
在一些实施例中,处理器110在客体设备接收到多个主体设备发送的用于调用同一被调用者的访问请求时,可以创建多个该被调用者的实例,一个被调用者的实例用于响应一个调用者发起的访问请求。处理器110可以将主体设备中的调用者获取到的权限,授予给为该调用者创建的被调用者的实例。In some embodiments, the processor 110 may create multiple instances of the callee when the object device receives access requests sent by multiple subject devices for invoking the same callee, and one instance of the callee uses In response to an access request initiated by a caller. The processor 110 may grant the authority acquired by the caller in the subject device to the callee instance created for the caller.
显示屏194还可用于显示后续实施例提供的在客体设备上显示的用户界面。The display screen 194 can also be used to display the user interface displayed on the object device provided by the subsequent embodiments.
内部存储器121可以用于存储各个主体设备发送的访问请求所需的权限信息、时效信息等等。The internal memory 121 may be used to store permission information, aging information, and the like required for the access request sent by each main device.
内部存储器121还可用于存储客体设备中被调用者和主体设备中调用者之间的调用关系。该调用关系包括:调用关系ID、被调用者的实例信息,和,调用该实例的各个调用者信息。该调用关系的具体内容可参考后续实施例的相关描述。The internal memory 121 can also be used to store the calling relationship between the callee in the object device and the caller in the main device. The invocation relationship includes: the invocation relationship ID, the instance information of the callee, and the information of each caller who invoked the instance. For the specific content of the calling relationship, reference may be made to related descriptions in subsequent embodiments.
当图3A所示的电子设备同时为主体设备和客体设备时,上述主体设备以及客体设备中各个模块执行的操作均由该电子设备执行,并且,主体设备和客体设备之间的通信步骤可以省略。该电子设备中各个模块所执行的操作,可参考前文相关描述,这里不赘述。When the electronic device shown in FIG. 3A is the main device and the object device at the same time, the operations performed by each module in the above-mentioned main device and the object device are all performed by the electronic device, and the communication steps between the main device and the object device can be omitted. . For operations performed by each module in the electronic device, reference may be made to the foregoing related descriptions, which are not repeated here.
参考图3B,图3B为本申请实施例提供的电子设备的软件结构示意图。该电子设备可以为图2A所示分布式系统10中的任意一个电子设备。该电子设备可以为主体设备,也可以为客体设备,还可以同时为主体设备和客体设备。Referring to FIG. 3B , FIG. 3B is a schematic diagram of a software structure of an electronic device provided by an embodiment of the present application. The electronic device may be any electronic device in the distributed system 10 shown in FIG. 2A . The electronic device may be a subject device, a guest device, or a subject device and an object device at the same time.
电子设备的软件系统均可以采用分层架构,事件驱动架构,微核架构,微服务架构,或云架构等。示例性地,电子设备的软件系统包括但不限于
Figure PCTCN2022082869-appb-000009
Figure PCTCN2022082869-appb-000010
Linux或者其它操作系统。 The software systems of electronic devices can all adopt a layered architecture, an event-driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. Exemplarily, the software system of the electronic device includes but is not limited to
Figure PCTCN2022082869-appb-000009
Figure PCTCN2022082869-appb-000010
Linux or other operating systems.
分层架构将软件分成若干个层,每一层都有清晰的角色和分工。层与层之间通过软件接口通信。在一些实施例中,将Android系统分为四层,从上至下分别为应用程序层,应用程序框架层,安卓运行时(Android runtime)和系统库,以及内核层。The layered architecture divides the software into several layers, and each layer has a clear role and division of labor. Layers communicate with each other through software interfaces. In some embodiments, the Android system is divided into four layers, which are, from top to bottom, an application layer, an application framework layer, an Android runtime (Android runtime) and a system library, and a kernel layer.
应用程序层可以包括一系列应用程序包。The application layer can include a series of application packages.
如图3B所示,应用程序包可以包括APP,例如相机,图库,日历,通话,地图,导航,WLAN,蓝牙,音乐,视频,短信息等应用程序。应用程序层还可包括功能组件,例如FA、PA等等。As shown in FIG. 3B, the application package may include APP, such as camera, gallery, calendar, call, map, navigation, WLAN, Bluetooth, music, video, short message and other applications. The application layer may also include functional components such as FA, PA, and so on.
应用程序框架层为应用程序层的应用程序提供应用编程接口(application programming interface,API)和编程框架。应用程序框架层包括一些预先定义的函数。The application framework layer provides an application programming interface (application programming interface, API) and a programming framework for applications in the application layer. The application framework layer includes some predefined functions.
如图3B所示,应用程序框架层可以包括窗口管理器,内容提供器,视图系统,电话管理器,资源管理器,通知管理器等。As shown in Figure 3B, the application framework layer may include a window manager, a content provider, a view system, a telephony manager, a resource manager, a notification manager, and the like.
窗口管理器用于管理窗口程序。窗口管理器可以获取显示屏大小,判断是否有状态栏,锁定屏幕,截取屏幕等。A window manager is used to manage window programs. The window manager can get the size of the display screen, determine whether there is a status bar, lock the screen, take screenshots, etc.
内容提供器用来存放和获取数据,并使这些数据可以被应用程序访问。所述数据可以包括视频,图像,音频,拨打和接听的电话,浏览历史和书签,电话簿等。Content providers are used to store and retrieve data and make these data accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone book, etc.
视图系统包括可视控件,例如显示文字的控件,显示图片的控件等。视图系统可用于构建应用程序。显示界面可以由一个或多个视图组成的。例如,包括短信通知图标的显示界面,可以包括显示文字的视图以及显示图片的视图。The view system includes visual controls, such as controls for displaying text, controls for displaying pictures, and so on. View systems can be used to build applications. A display interface can consist of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.
电话管理器用于提供电子设备的通信功能。例如通话状态的管理(包括接通,挂断等)。The phone manager is used to provide the communication function of the electronic device. For example, the management of call status (including connecting, hanging up, etc.).
资源管理器为应用程序提供各种资源,比如本地化字符串,图标,图片,布局文件,视频文件等等。The resource manager provides various resources for the application, such as localization strings, icons, pictures, layout files, video files and so on.
通知管理器使应用程序可以在状态栏中显示通知信息,可以用于传达告知类型的消息,可以短暂停留后自动消失,无需用户交互。比如通知管理器被用于告知下载完成,消息提醒等。通知管理器还可以是以图表或者滚动条文本形式出现在系统顶部状态栏的通知,例如后台运行的应用程序的通知,还可以是以对话窗口形式出现在屏幕上的通知。例如在状态栏提示文本信息,发出提示音,电子设备振动,指示灯闪烁等。The notification manager enables applications to display notification information in the status bar, which can be used to convey notification-type messages, and can disappear automatically after a brief pause without user interaction. For example, the notification manager is used to notify download completion, message reminders, etc. The notification manager can also display notifications in the status bar at the top of the system in the form of graphs or scroll bar text, such as notifications of applications running in the background, and notifications on the screen in the form of dialog windows. For example, text information is prompted in the status bar, a prompt sound is issued, the electronic device vibrates, and the indicator light flashes.
Android Runtime包括核心库和虚拟机。Android runtime负责安卓系统的调度和管理。Android Runtime includes core libraries and a virtual machine. Android runtime is responsible for scheduling and management of the Android system.
核心库包含两部分:一部分是java语言需要调用的功能函数,另一部分是安卓的核心库。The core library consists of two parts: one is the function functions that the java language needs to call, and the other is the core library of Android.
应用程序层和应用程序框架层运行在虚拟机中。虚拟机将应用程序层和应用程序框架层的java文件执行为二进制文件。虚拟机用于执行对象生命周期的管理,堆栈管理,线程管理,安全和异常的管理,以及垃圾回收等功能。The application layer and the application framework layer run in virtual machines. The virtual machine executes the java files of the application layer and the application framework layer as binary files. The virtual machine is used to perform functions such as object lifecycle management, stack management, thread management, safety and exception management, and garbage collection.
系统库可以包括多个功能模块。例如:表面管理器(surface manager),媒体库(Media Libraries),三维图形处理库(例如:OpenGL ES),2D图形引擎(例如:SGL)等。A system library can include multiple functional modules. For example: surface manager (surface manager), media library (Media Libraries), 3D graphics processing library (eg: OpenGL ES), 2D graphics engine (eg: SGL), etc.
表面管理器用于对显示子系统进行管理,并且为多个应用程序提供了2D和3D图层的融合。The Surface Manager is used to manage the display subsystem and provides a fusion of 2D and 3D layers for multiple applications.
媒体库支持多种常用的音频,视频格式回放和录制,以及静态图像文件等。媒体库可以支持多种音视频编码格式,例如:MPEG4,H.264,MP3,AAC,AMR,JPG,PNG等。The media library supports playback and recording of a variety of commonly used audio and video formats, as well as still image files. The media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.
三维图形处理库用于实现三维图形绘图,图像渲染,合成,和图层处理等。The 3D graphics processing library is used to implement 3D graphics drawing, image rendering, compositing, and layer processing.
2D图形引擎是2D绘图的绘图引擎。2D graphics engine is a drawing engine for 2D drawing.
内核层是硬件和软件之间的层。内核层至少包含显示驱动,摄像头驱动,音频驱动,传感器驱动。The kernel layer is the layer between hardware and software. The kernel layer contains at least display drivers, camera drivers, audio drivers, and sensor drivers.
基于图2A所示的分布式系统10,图3A所示的电子设备的硬件结构,图3B所示的电子设备的软件结构,下面详细介绍本申请实施例提供的精准撤销权限的访问控制方法。Based on the distributed system 10 shown in FIG. 2A, the hardware structure of the electronic device shown in FIG. 3A, and the software structure of the electronic device shown in FIG.
参考图4,图4为本申请实施例提供的精准撤销权限的访问控制方法的流程示意图。图4所示的方法以主体设备调用客体设备中的资源为例进行说明。Referring to FIG. 4 , FIG. 4 is a schematic flowchart of an access control method for accurately revoking authority provided by an embodiment of the present application. The method shown in FIG. 4 is described by taking the subject device calling resources in the object device as an example.
如图4所示,该方法可包括如下步骤:As shown in Figure 4, the method may include the following steps:
S101,客体设备和主体设备建立连接,主体设备的数量为一个或多个。S101, a connection is established between the object device and the main device, and the number of the main device is one or more.
客体设备的数量为一个,客体设备可以为分布式系统10中的任意一个电子设备。The number of the object device is one, and the object device can be any electronic device in the distributed system 10 .
主体设备的数量可以为一个,也可以为多个。主体设备可以为分布式系统10中的任意电子设备。The number of main devices may be one or multiple. The main device can be any electronic device in the distributed system 10 .
本申请实施例对客体设备和主体设备建立通信连接的方式不做限定,例如可通过登录相同账号、绑定设备、扫描二维码等方式来建立通信连接等。本申请实施例对主体设备和客体设备之间建立的通信连接的类型不做限定,例如可包括有线连接、无线连接例如蓝牙连接、Wi-Fi P2P连接、NFC连接,IR连接,以及远程连接等等。具体可参考图2A中的相关描述。The embodiments of the present application do not limit the manner in which the object device and the subject device establish a communication connection. For example, the communication connection can be established by logging in to the same account, binding the device, scanning a two-dimensional code, and the like. The embodiment of this application does not limit the type of communication connection established between the subject device and the object device, for example, it may include wired connection, wireless connection such as Bluetooth connection, Wi-Fi P2P connection, NFC connection, IR connection, and remote connection, etc. Wait. For details, refer to the related description in FIG. 2A .
在一些实施例中,客体设备和主体设备建立连接后,客体设备可以向主体设备发送自身 安装的可供调用的功能组件信息以及APP信息,例如标识等等。可供调用的功能组件或APP由开发者在开发阶段声明或者定义,这里的可供调用仅仅是指功能组件或APP可以被调用者调用,并非是指开放或授权给某个设备调用。In some embodiments, after the connection between the guest device and the host device is established, the guest device can send the information of the function components installed by itself and the APP information, such as identification and the like, to the host device. The functional components or APPs that can be called are declared or defined by the developer during the development phase. The available-for-calling here only means that the functional components or APPs can be called by the caller, not that they are open or authorized to be called by a certain device.
在一些实施例中,客体设备和主体设备建立连接后,客体设备可以向主体设备发送开放给该主体设备的能力信息,该能力信息指示了客体设备开放给主体设备以供调用的APP、功能组件、资源等等。这里,开放给主体设备的能力信息是指对应的APP、功能组件、资源可以被该主体设备调用。客体设备开放给主体设备的能力,可以由该客体设备预先设定,也可以由用户设置。例如,电子设备可以将机密性较低或敏感度较低的APP或功能组件开放给其他设备,如电子设备可以将相机应用、图库应用等开放给其他设备,而不将银行类应用开放给其他设备。客体设备开放给不同主体设备的能力,可以相同,也可以不同,这里不做限制。In some embodiments, after a connection is established between the guest device and the host device, the guest device may send capability information open to the host device to the host device, where the capability information indicates the APP and functional components that the guest device opens to the host device for invocation , resources, etc. Here, the capability information open to the main device means that the corresponding APP, functional components, and resources can be called by the main device. The capability of the object device to be opened to the main device can be preset by the object device or set by the user. For example, electronic devices can open APPs or functional components with low confidentiality or low sensitivity to other devices. For example, electronic devices can open camera applications, gallery applications, etc. to other devices, but not banking applications. equipment. The capabilities of the object device open to different subject devices may be the same or different, and there is no restriction here.
S102,主体设备生成访问请求,该访问请求用于主体设备中的调用者调用客体设备中的被调用者,以访问第一资源。S102, the subject device generates an access request, where the access request is used by the caller in the subject device to call the callee in the object device to access the first resource.
在本申请实施例中,主体设备中安装有调用者,客体设备中安装有被调用者。调用者、被调用者均可以为APP或功能组件。APP、功能组件的定义可参考前文相关描述。In this embodiment of the present application, a caller is installed in the subject device, and a callee is installed in the object device. Both the caller and the callee can be an APP or a functional component. For the definitions of APP and functional components, please refer to the foregoing related descriptions.
主体设备生成的访问请求可以包括:调用者的标识、被调用者的标识以及第一资源的标识。在一些实施例中,该访问请求还可以包括:主体设备的标识、客体设备的标识。The access request generated by the main device may include: the identifier of the caller, the identifier of the callee, and the identifier of the first resource. In some embodiments, the access request may further include: the identity of the subject device and the identity of the object device.
主体设备或客体设备的标识可以为设备类型、设备型号、设备名称等等,本申请实施例对此不做限制。这里的设备类型可以从设备功能来看,例如可包括手机、平板电脑、智能耳机、IOT设备或智能家居设备等等。The identifier of the subject device or the object device may be a device type, a device model, a device name, etc., which is not limited in this embodiment of the present application. The device type here can be viewed from the function of the device, for example, it may include a mobile phone, a tablet computer, a smart headset, an IOT device, or a smart home device, and so on.
调用者的标识、被调用者的标识,可以为应用标识(APP ID)。The identifier of the caller and the identifier of the callee can be the application identifier (APP ID).
在本申请实施例中,第一资源可以为软件资源或硬件资源。硬件资源例如可包括该设备具备的摄像头、指纹传感器、音频设备、显示屏、马达、闪光灯等等。软件资源例如可包括该设备具备的内存资源、计算能力(例如美颜算法能力、音视频编解码能力)、网络能力、定位功能等等。第一资源可以包括一个或多个资源,这里不做限定。In this embodiment of the present application, the first resource may be a software resource or a hardware resource. The hardware resources may include, for example, a camera, a fingerprint sensor, an audio device, a display screen, a motor, a flash, and the like provided by the device. The software resources may include, for example, memory resources, computing capabilities (such as beauty algorithm capabilities, audio and video encoding and decoding capabilities), network capabilities, positioning functions, and the like possessed by the device. The first resource may include one or more resources, which is not limited here.
在一些情况下,被调用者的标识和第一资源的标识可以相同。例如,第一资源为摄像头时,该被调用者的标识也可以是该摄像头的标识,用于指示该被调用者为相机应用。In some cases, the identity of the callee and the identity of the first resource may be the same. For example, when the first resource is a camera, the identifier of the callee may also be the identifier of the camera, which is used to indicate that the callee is a camera application.
在本申请实施例中,每一个访问请求,都对应有访问请求的发起设备(即主体设备)、调用者、被调用者以及要求访问的第一资源。不同访问请求对应的被调用者和第一资源均相同,不同访问请求对应的主体设备、调用者可以不同。In this embodiment of the present application, each access request corresponds to an initiating device (ie, a main device) of the access request, a caller, a callee, and a first resource to be accessed. The callee and the first resource corresponding to different access requests are the same, and the main device and the caller corresponding to different access requests may be different.
在一些实施例中,主体设备可以在运行调用者的过程中,响应于接收到的用户操作,生成访问请求。In some embodiments, the main device may generate the access request in response to the received user operation during the process of running the caller.
下面以主体设备200和主体设备300各自生成针对客体设备100的访问请求为例进行说明。主体设备200可以为平板电脑,主体设备300可以为智慧屏,客体设备100可以为智能手机。Hereinafter, the subject device 200 and the subject device 300 each generate an access request for the object device 100 as an example for description. The main device 200 can be a tablet computer, the main device 300 can be a smart screen, and the object device 100 can be a smart phone.
图5A示例性示出了主体设备200中的“图库”提供的用户界面51。“图库”为安装于电子设备上的一款图片管理的应用程序,又可以称为“相册”,本实施例对该应用程序的名称不做限制。“图库”支持用户对存储于电子设备或者云端服务器上的图片进行各种操作,例如浏览、编辑、删除、选择等操作。FIG. 5A exemplarily shows the user interface 51 provided by the “Gallery” in the main device 200 . "Gallery" is a picture management application installed on the electronic device, and may also be called "album", and the name of the application is not limited in this embodiment. "Gallery" supports users to perform various operations on pictures stored on electronic devices or cloud servers, such as browsing, editing, deleting, and selecting.
如图5A所示,用户界面51中显示有:状态栏501、返回键502、页面指示符503、图片504、一个或多个设备选项505。As shown in FIG. 5A , the user interface 51 displays: a status bar 501 , a back key 502 , a page indicator 503 , a picture 504 , and one or more device options 505 .
其中,状态栏501可包括:Wi-Fi信号的一个或多个信号强度指示符,电池状态指示符、 时间指示符等等。The status bar 501 may include: one or more signal strength indicators of Wi-Fi signals, battery status indicators, time indicators, and the like.
返回键502用于返回“图库”提供的上一级页面。The return key 502 is used to return to the previous page provided by the "Gallery".
页面指示符503用于指示当前页面为“图库”提供的页面。页面指示符503可以实现为文本例如文本“图库”、图标或者其他形式。The page indicator 503 is used to indicate that the current page is a page provided by "Gallery". The page indicator 503 may be implemented as text such as the text "Gallery", an icon or other form.
图片504可以是存储于主体设备200或者云端服务器中的图片。图片504可以主体设备200拍摄得到的,也可以是主体设备200从网络中下载得到的,或者,从其他设备中分享得到的。The picture 504 may be a picture stored in the main device 200 or a cloud server. The picture 504 may be captured by the main device 200, or downloaded by the main device 200 from the network, or shared from other devices.
一个或多个设备选项505可对应于分布式系统10中,可以提供图像处理能力来满足主体设备200的图像处理需求的设备,例如智能手机等等。设备选项505可以实现为图像、图标、文本等等,这里不做限制。One or more device options 505 may correspond to devices in the distributed system 10 that may provide image processing capabilities to meet the image processing needs of the main device 200, such as smartphones and the like. Device options 505 may be implemented as images, icons, text, etc., without limitation.
如图5A所示,主体设备200可以检测到作用于设备选项505的用户操作,并响应于该用户操作,生成一个访问请求,该访问请求用于主体设备200中的“图库”应用调用该设备选项505对应的智能手机1(即客体设备100)中的图像处理功能组件(FA)和图像处理资源。As shown in FIG. 5A , the main device 200 can detect the user operation acting on the device option 505 and, in response to the user operation, generate an access request, which is used for the “Gallery” application in the main device 200 to call the device Option 505 corresponds to the image processing functional component (FA) and image processing resources in the smartphone 1 (ie, the object device 100 ).
图5D示例性示出了主体设备300中的“图库”提供的用户界面52。如图5D所示,用户界面52中显示有:状态栏、返回键、页面指示符、图片508、一个或多个设备选项509。FIG. 5D exemplarily shows the user interface 52 provided by the “Gallery” in the main device 300 . As shown in FIG. 5D , displayed in the user interface 52 are: a status bar, a back key, a page indicator, a picture 508 , and one or more device options 509 .
状态栏、返回键、页面指示符、图片508、一个或多个设备选项509,可参考图5A中的相关描述。Status bar, back key, page indicator, picture 508, one or more device options 509, can refer to the relevant description in FIG. 5A.
如图5D所示,主体设备300可以检测到作用于设备选项509的用户操作,例如用户通过遥控器选中该设备选项509的用户操作,并响应于该用户操作,生成一个访问请求,该访问请求用于主体设备300中的“图库”应用调用该设备选项505对应的智能手机1(即客体设备100)中的图像处理功能组件(FA)和图像处理资源。As shown in FIG. 5D , the main device 300 can detect the user operation acting on the device option 509, for example, the user selects the device option 509 through the remote control, and generates an access request in response to the user operation. The access request The “Gallery” application used in the main device 300 invokes the image processing functional component (FA) and image processing resources in the smartphone 1 (ie, the object device 100 ) corresponding to the device option 505 .
在另一些实施例中,主体设备也可以在运行调用者的过程中,在一些情况下自主地生成针对客体设备的访问请求。例如,主体设备可以在每次进行视频通话时,都默认生成用于主体设备中的即时通讯应用调用智慧屏(即客体设备100)中的视频通话功能组件和摄像头资源的访问请求。In other embodiments, the subject device may also autonomously generate an access request for the object device in the process of running the caller in some cases. For example, each time the subject device makes a video call, it may generate an access request for the instant messaging application in the subject device to call the video call functional component and camera resources in the smart screen (ie, the object device 100 ) by default.
在一些实施例中,主体设备在生成访问请求之后,还可以查询客体设备是否开放了访问该访问请求中的被调用者和/或第一资源的权限给主体设备。若是,则进一步执行后续步骤。这样,可以保证主体设备在客体设备开放给该主体设备的能力范围内,发起访问请求,而不会在该开放能力范围外发起访问请求,可以提高该访问请求被响应的概率,降低设备之间的无效沟通。In some embodiments, after generating the access request, the subject device may further query whether the object device has granted the access authority to the callee and/or the first resource in the access request to the subject device. If so, proceed to the next steps. In this way, it can be ensured that the subject device can initiate an access request within the scope of the capability of the object device to be opened to the subject device, and will not initiate an access request outside the open capability range, which can increase the probability of the access request being responded to and reduce the number of devices between devices. of ineffective communication.
在另一些实施例中,主体设备也可以在生成访问请求之后,直接执行后续步骤。In other embodiments, the main device may also directly perform subsequent steps after generating the access request.
S103,主体设备请求用户授予该主体设备生成的访问请求所需的权限。S103, the main device requests the user to grant the authority required by the access request generated by the main device.
在一些实施例中,主体设备生成访问请求后,可以直接执行S103。In some embodiments, after the main device generates the access request, S103 may be directly performed.
在另一些实施例中,主体设备生成访问请求后,可以在确认被调用者和/或第一资源为敏感资源的前提下,执行S103。这样可以保证客体设备中的敏感资源被访问时,可以获取用户的授权,从而保证用户数据的安全。敏感资源可以是指,被泄露后会对用户隐私造成较大风险的资源,例如隐私程度高于阈值的资源。敏感资源可以包括电子设备中的硬件资源、软件资源以及存储的数据。硬件资源例如可包括摄像头、音频设备、显示屏等等。软件资源例如可包括内存资源、计算能力(例如美颜算法能力、音视频编解码能力)、网络能力、定位功能、高机密性的APP(例如银行类APP)等等。存储的数据例如可包括存储的用户信息、照片、 视频、用户登录到应用程序的密码等等。In other embodiments, after the main device generates the access request, it may perform S103 on the premise that the callee and/or the first resource is a sensitive resource. In this way, it can be ensured that the user's authorization can be obtained when the sensitive resources in the object device are accessed, thereby ensuring the security of the user's data. Sensitive resources may refer to resources that will pose a greater risk to user privacy after being leaked, such as resources whose privacy level is higher than a threshold. Sensitive resources may include hardware resources, software resources, and stored data in electronic devices. Hardware resources may include, for example, cameras, audio devices, display screens, and the like. The software resources may include, for example, memory resources, computing capabilities (such as beauty algorithm capabilities, audio and video codec capabilities), network capabilities, positioning functions, high-confidential APPs (such as banking APPs), and the like. Stored data may include, for example, stored user information, photos, videos, passwords that the user logs into the application, and the like.
在本申请其他一些实施例中,主体设备也可以先执行S103,后执行S102,即主体设备可以先请求用户授予权限,并获取到该权限之后再生成访问请求。In some other embodiments of the present application, the main device may also perform S103 first, and then perform S102, that is, the main device may first request the user to grant the permission, and then generate the access request after obtaining the permission.
当电子设备支持一种或多种授权方式以供用户授权时,该电子设备具备授权条件。当调用者支持一种或多种授权方式以供用户授权时,该调用者具备授权条件。When the electronic device supports one or more authorization methods for user authorization, the electronic device has authorization conditions. When the caller supports one or more authorization methods for user authorization, the caller has authorization conditions.
授权方式可包括但不限于:弹框授权、指纹验证授权、人脸验证授权、语音指令授权、按键授权等等,这里不做限制。The authorization methods may include but are not limited to: pop-up box authorization, fingerprint verification authorization, face verification authorization, voice command authorization, button authorization, etc., which are not limited here.
电子设备是否具备授权条件以及支持的授权方式的种类,取决于该电子设备的硬件和/或软件配置。例如,支持弹框授权需要电子设备配置显示屏。支持指纹验证授权,需要电子设备配置指纹传感器。支持人脸验证授权,需要电子设备配置摄像头以及人脸识别算法。支持语音指令授权,需要电子设备配置麦克风或其他拾音设备。支持按键授权,需要电子设备配置物理按键。Whether an electronic device has authorization conditions and the types of supported authorization methods depend on the hardware and/or software configuration of the electronic device. For example, supporting pop-up authorization requires the electronic device to configure the display. Fingerprint authentication and authorization are supported, and the electronic device needs to be equipped with a fingerprint sensor. Support face authentication authorization, which requires electronic devices to be equipped with cameras and face recognition algorithms. Supports voice command authorization, requires electronic devices to be equipped with microphones or other sound pickup devices. Button authorization is supported, and physical buttons need to be configured on the electronic device.
调用者是否具备授权条件,取决于该调用者本身的功能。例如,调用者能够提供用户界面时,该调用者可以支持弹框授权。又例如,调用者能够调用指纹传感器时,该调用者可以支持指纹验证授权。Whether the caller has authorization conditions depends on the function of the caller itself. For example, when the caller can provide a user interface, the caller can support pop-up authorization. For another example, when the caller can call the fingerprint sensor, the caller can support fingerprint authentication and authorization.
主体设备生成的访问请求所需的权限包括:调用客体设备中的被调用者的权限,和/或,访问客体设备中第一资源的权限。The permissions required for the access request generated by the subject device include: the permission to invoke the callee in the object device, and/or the permission to access the first resource in the object device.
在一些实施例中,该访问请求所需的权限具体包括:主体设备调用客体设备中被调用者和/或访问第一资源的权限。In some embodiments, the authority required for the access request specifically includes: the authority of the subject device to invoke the callee in the object device and/or to access the first resource.
在一些实施例中,该访问请求所需的权限具体包括:调用者调用客体设备中被调用者和/或访问第一资源的权限。In some embodiments, the permission required by the access request specifically includes: the caller's permission to invoke the callee in the object device and/or to access the first resource.
在一些实施例中,该访问请求所需的权限具体包括:主体设备中的调用者调用客体设备中被调用者和/或访问第一资源的权限。In some embodiments, the permission required by the access request specifically includes: the caller in the subject device calls the callee in the object device and/or the permission to access the first resource.
在S103中,主体设备可以在运行调用者的过程中,使用主体设备和调用者均支持的授权方式,来请求用户授予自身生成的访问请求所需的权限。下面对不同的授权方式分别进行介绍。In S103, the subject device may use an authorization method supported by both the subject device and the caller during the process of running the caller to request the user to grant the permission required by the access request generated by itself. The different authorization methods are described below.
主体设备支持弹框授权时,可以在显示屏上输出提示信息,该提示信息用于提示该访问请求所需的权限。之后,主体设备可以检测到作用于显示屏的用户操作,并响应于该用户操作,获取到该访问请求所需的权限。When the main device supports pop-up authorization, prompt information can be output on the display screen, and the prompt information is used to prompt the permission required for the access request. After that, the main device can detect the user operation acting on the display screen, and in response to the user operation, obtain the permission required for the access request.
参考图5B,图5B示例性示出了主体设备200使用弹框授权的方式来请求用户授权时,所显示的用户界面51。Referring to FIG. 5B , FIG. 5B exemplarily shows the displayed user interface 51 when the main device 200 uses the pop-up box authorization to request user authorization.
用户界面51显示有窗口506。窗口506中包括:提示信息506a,控件506b,控件506c。提示信息506a用于提示用户授予主体设备200生成的访问请求所需的权限。提示信息506a例如可以为文本““图库”需要访问您的图像处理资源,授权后,有以下应用将使用该权限:图像处理功能组件(FA)”,其中,“图库”指示了调用者,“图像处理功能组件(FA)”指示了被调用者,“图像处理资源”指示了第一资源为摄像头资源。结合当前用户界面51的提供设备,用户在图5A中选择的设备选项505,用户还可获知主体设备为平板电脑,客体设备为设备选项505对应的智能手机1。在其他一些实施例中,提示信息506a可以包括主体设备和客体设备的信息。User interface 51 displays window 506 . The window 506 includes: prompt information 506a, controls 506b, and controls 506c. The prompt information 506a is used to prompt the user to grant the authority required by the access request generated by the main device 200 . The prompt information 506a can be, for example, the text ""Gallery" needs to access your image processing resources, after authorization, the following applications will use this permission: Image Processing Function Component (FA)", where "Gallery" indicates the caller, " The image processing functional component (FA)" indicates the callee, and the "image processing resource" indicates that the first resource is a camera resource. Combining with the device provided by the current user interface 51 and the device option 505 selected by the user in FIG. In some other embodiments, the prompt information 506a may include information of the subject device and the object device.
也就是说,提示信息506a用于提示用户授予主体设备200中的“图库”应用调用智能手机1(即客体设备100)中的图像处理功能组件(FA),以访问图像处理资源的权限。That is, the prompt information 506a is used to prompt the user to grant the “Gallery” application in the subject device 200 the right to call the image processing function (FA) in the smartphone 1 (ie, the object device 100 ) to access image processing resources.
不限于提示信息506a所示的形式,提示信息506a的具体内容取决于访问请求所需的权限,这里不做限制。Not limited to the form shown in the prompt information 506a, the specific content of the prompt information 506a depends on the authority required for the access request, which is not limited here.
控件506b可用于监听用户操作,主体设备200响应于该用户操作,获知当前未能获取到主体设备200生成的访问请求所需的权限。The control 506b can be used to monitor the user operation, and the main device 200, in response to the user operation, learns that the permission required by the access request generated by the main device 200 cannot be obtained currently.
控件506c可用于监听用户操作,主体设备200响应于该用户操作,成功获取到主体设备200生成的访问请求所需的权限,并且,该权限的时效为一次。即,主体设备200获取到的该访问请求所需的权限一次性有效,在该访问请求被响应之后,主体设备200不再具备该权限。The control 506c can be used to monitor the user operation. In response to the user operation, the main device 200 successfully acquires the permission required by the access request generated by the main device 200, and the validity period of the permission is one time. That is, the permission required by the access request acquired by the main device 200 is valid once, and after the access request is responded, the main device 200 no longer has the permission.
控件506d可用于监听用户操作,主体设备200响应于该用户操作,成功获取到主体设备200生成的访问请求所需的权限,并且,该权限的时效为永久。即,主体设备200获取到的该访问请求所需的权限永久有效。The control 506d can be used to monitor the user operation, and the main device 200 successfully acquires the permission required by the access request generated by the main device 200 in response to the user operation, and the time limit of the permission is permanent. That is, the authority required for the access request acquired by the main device 200 is permanently valid.
如图5B所示,主体设备200接收到作用于控件506c的用户操作,获取到主体设备200中的“图库”调用客体设备100中的图像处理功能组件(FA)并访问图像处理资源的权限,并且该权限的时效为一次有效。As shown in FIG. 5B , the main device 200 receives the user operation acting on the control 506c, and obtains the permission of the “Gallery” in the main device 200 to call the image processing functional component (FA) in the object device 100 and access the image processing resources, And the time limit of this permission is valid once.
参考图5E,图5E示例性示出了主体设备300使用弹框授权的方式来请求用户授权时,所显示的用户界面52。用户界面52中包含的窗口510可参考图5B所述用户界面51中的窗口506,这里不赘述。Referring to FIG. 5E , FIG. 5E exemplarily shows the displayed user interface 52 when the main device 300 uses the pop-up box authorization to request user authorization. For the window 510 included in the user interface 52, reference may be made to the window 506 in the user interface 51 shown in FIG. 5B , and details are not described here.
如图5E所示,主体设备300可以接收到作用于控件510a的用户操作,主体设备300响应于该用户操作,成功获取到主体设备300生成的访问请求所需的权限,并且,该权限的时效为永久。As shown in FIG. 5E , the main device 300 can receive a user operation acting on the control 510a. In response to the user operation, the main device 300 successfully obtains the permission required by the access request generated by the main device 300, and the validity period of the permission is for perpetual.
主体设备支持指纹验证授权时,可以通过指纹传感器采集用户的指纹,并将采集到的指纹和预置的指纹进行比对,若两个指纹一致,则主体设备获取到访问请求所需的权限。在一些实施例中,主体设备可以预置多个指纹,并在采集到不同的预置指纹时,获取到具有不同的时效的访问请求所需的权限。When the main device supports fingerprint authentication and authorization, the user's fingerprint can be collected by the fingerprint sensor, and the collected fingerprint can be compared with the preset fingerprint. If the two fingerprints are consistent, the main device has obtained the permission required for the access request. In some embodiments, the main device may preset multiple fingerprints, and when different preset fingerprints are collected, obtain permissions required for access requests with different time-limits.
主体设备支持人脸验证授权时,可以通过摄像头采集用户的人脸图像,并将采集到的人脸图像和预置的人脸图像进行比对,若两者一致,则主体设备获取到访问请求所需的权限。When the main device supports face authentication and authorization, it can collect the user's face image through the camera, and compare the collected face image with the preset face image. If the two are consistent, the main device obtains the access request. required permissions.
主体设备支持语音指令授权时,可以通过麦克风、受话器或者其他拾音设备来采集用户输入的语音指令,并将采集到的语音指令和预置的语音指令进行比对,若两者一致,则主体设备获取到访问请求所需的权限。在一些实施例中,主体设备可以预置多个语音指令,并在采集到不同的预置语音指令时,获取到具有不同的时效的访问请求所需的权限。When the main device supports voice command authorization, it can collect the voice command input by the user through a microphone, receiver or other sound pickup device, and compare the collected voice command with the preset voice command. The device obtains the permissions required for the access request. In some embodiments, the main device may preset multiple voice commands, and acquire permissions required for access requests with different time-limits when different preset voice commands are collected.
主体设备支持按键授权时,可以通过物理按键采集用户的按压操作,如果在物理按键上采集到了预设的按压操作(例如一次按压操作、长按操作、连续两次按压操作等等),则主体设备获取到访问请求所需的权限。在一些实施例中,主体设备可以预置多个按压操作,并在采集到不同的预置按压操作时,获取到具有不同的时效的访问请求所需的权限。When the main device supports key authorization, the user's pressing operation can be collected through physical keys. If a preset pressing operation (such as one pressing operation, long pressing operation, two consecutive pressing operations, etc.) The device obtains the permissions required for the access request. In some embodiments, the main device may preset multiple pressing operations, and acquire permissions required for access requests with different time periods when different preset pressing operations are collected.
在本申请实施例中,主体设备请求用户授予该主体设备生成的访问请求所需的权限时,如果访问请求所需的权限包含主体设备和/或调用者的信息时,用户可以获知关于当前客体设备接收到的访问请求所需的权限的更加细致、详细的信息,从而决定是否授予该权限。这样可以保证用户在充分了解访问请求所需的权限的情况下,再执行授权操作,可以避免用户误操作或者误授权,保证客体设备中的数据安全。In the embodiment of the present application, when the subject device requests the user to grant the permission required by the access request generated by the subject device, if the permission required by the access request includes the information of the subject device and/or the caller, the user can learn about the current object More granular and detailed information about the permissions required by the access request received by the device to decide whether to grant the permission. In this way, it can be ensured that the user can perform the authorization operation after fully understanding the permissions required for the access request, which can avoid user misoperation or misauthorization, and ensure data security in the object device.
可见,在S103中,主体设备可以响应于接收到的用户操作,获取到用户授予的该主体设备生成的访问请求所需的权限,并且用户授予的权限可能具有时效性。该权限的时效可以包 括多种,不限于上述图5B或图5E中示出的一次生效、永久有效,还可以有更多的情况,例如一周内有效,一个月内有效,在第一区域内有效等等,这里不做限制。It can be seen that, in S103, the subject device may, in response to the received user operation, obtain the permission granted by the user required for the access request generated by the subject device, and the permission granted by the user may be time-sensitive. The time limit of the permission can include various, not limited to the one-time effective and permanent effective as shown in the above-mentioned FIG. 5B or FIG. 5E, and there may be more situations, such as effective within one week, effective within one month, within the first area Effective and so on, there is no restriction here.
在一些实施例中,主体设备可以在每次生成访问请求之后执行S103。在另一些实施例中,主体设备可以在生成访问请求之后,首先判断主体设备是否具备该访问请求所需的权限,并在没有的情况下通过S103向用户申请权限,这样可以减少主客体设备之间的交互,提高分布式系统中跨设备调用资源的效率。In some embodiments, the main device may perform S103 after each access request is generated. In other embodiments, after generating the access request, the main device may first determine whether the main device has the permission required by the access request, and if not, apply for the permission to the user through S103, which can reduce the number of users between the main and guest devices. It can improve the efficiency of calling resources across devices in a distributed system.
通过S103,由主体设备和调用者来向用户申请访问请求所需的权限,无论客体设备或被调用者是否具备授权条件,只要主体设备或调用者具备授权条件,客体设备就能够获取访问请求所需的权限。从而保障调用者发起的访问请求能够被成功响应,实现设备间的资源调用,满足用户的实际需求。Through S103, the subject device and the caller apply to the user for the permission required by the access request. Regardless of whether the object device or the callee has the authorization conditions, as long as the subject device or the caller has the authorization conditions, the object device can obtain the access request. required permissions. This ensures that the access request initiated by the caller can be successfully responded, realizes the resource call between devices, and meets the actual needs of the user.
S104,主体设备将生成的访问请求、用户授予的该访问请求所需的权限信息,发送给客体设备。S104, the subject device sends the generated access request and the permission information required by the access request granted by the user to the object device.
在本申请实施例中,权限信息指示了以下一项或多项:主体设备是否获取到该访问请求所需的权限,主体设备获取到的该访问请求所需的权限,主体设备获取到的权限的时效。In this embodiment of the present application, the permission information indicates one or more of the following: whether the main device obtains the permission required by the access request, the permission required for the access request obtained by the main device, the permission obtained by the main device the time limit.
在一些实施例中,主体设备可以基于能力(capability)的访问控制技术,在向客体设备发送访问请求的同时,直接将访问请求所需的权限信息发送给客体设备。例如,用户授予的访问请求所需的权限信息可以被携带在该访问请求中。这样,可以避免集中式权限管理机制中的权限同步带来的时间开销,提高资源调用的效率。In some embodiments, the subject device may directly send the permission information required by the access request to the object device while sending the access request to the object device based on the capability (capability) access control technology. For example, permission information required by the access request granted by the user may be carried in the access request. In this way, the time overhead caused by the permission synchronization in the centralized permission management mechanism can be avoided, and the efficiency of resource invocation can be improved.
在一些实施例中,主体设备可以向客体设备分别发送访问请求,和,用户授予的该访问请求所需的权限信息。In some embodiments, the subject device may send the access request and the permission information required by the access request granted by the user to the guest device, respectively.
执行上述S103-S104,可以保证主体设备在获取访问请求所需的权限之后,再发起访问请求,可以保证整个调用过程的安全性。Executing the above S103-S104 can ensure that the main device initiates the access request after acquiring the permission required by the access request, which can ensure the security of the entire calling process.
在本申请另一些实施例中,主体设备可以先向客体设备发送访问请求,客体设备接收到访问请求之后,可以在确认自身没有该访问请求所需的权限后,或者,直接向主体设备发送授权请求,该授权请求用于请求用户申请该访问请求所需的权限。之后,主体设备可以响应于该授权请求,执行S103的操作,并将用户授予的该访问请求所需的权限信息,发送给客体设备。也就是说,主体设备可以在客体设备的触发下向用户申请访问请求所需的权限,而无需自身主动向用户申请访问请求所需的权限。In other embodiments of the present application, the subject device may first send an access request to the guest device, and after receiving the access request, the guest device may directly send an authorization to the subject device after confirming that it does not have the authority required for the access request. request, the authorization request is used to request the user to apply for the permission required by the access request. Afterwards, the subject device may perform the operation of S103 in response to the authorization request, and send the permission information required by the access request granted by the user to the object device. That is to say, the subject device can apply to the user for the permission required by the access request under the trigger of the object device, without actively applying for the permission required by the access request from the user itself.
在一些实施例中,主体设备可以根据存储的调用关系,找到访问请求对应的客体设备,并向该客体设备发送访问请求和获取到的访问请求所需的权限信息。In some embodiments, the subject device may find the object device corresponding to the access request according to the stored calling relationship, and send the access request and the acquired permission information required by the access request to the object device.
在一些实施例中,主体设备执行S104之后,还可以记录或者存储客体设备中的被调用者获取到的权限信息。In some embodiments, after the subject device performs S104, the permission information obtained by the callee in the object device may also be recorded or stored.
可选步骤S105,客体设备响应于接收到的访问请求,创建多个被调用者的实例。In optional step S105, the object device creates multiple instances of the callee in response to the received access request.
具体的,客体设备接收到多个访问请求后,可以根据以下一项或多项来启用不同的实例:调用者、主体设备、调用者的开发者、调用者所属用户或主体设备的账号等等。在上述一项或多项不相同时,客体设备可以启用不同的被调用者实例来为对应的调用者提供服务。Specifically, after receiving multiple access requests, the object device can activate different instances according to one or more of the following: the caller, the main device, the developer of the caller, the account of the user to which the caller belongs or the main device, etc. . When one or more of the above are different, the object device may enable different callee instances to provide services for the corresponding callers.
例如,主体设备200中标识为“ID2”的应用、主体设备300中标识为“ID3”的应用,同时调用客体设备100中标识为“ID1”的应用,则客体设备100可以创建两个实例,分别为两个调用者提供服务。For example, if the application identified as "ID2" in the main device 200 and the application identified as "ID3" in the main device 300 call the application identified as "ID1" in the object device 100, the object device 100 can create two instances, Serves two callers separately.
又例如,主体设备300中标识为“ID3”的应用、主体设备400中标识为“ID4”的应用,同时调用客体设备100中标识为“ID1”的应用,由于两个调用者的开发者相同,客体设备100 可以创建一个实例,同时为两个调用者提供服务。For another example, the application identified as "ID3" in the main device 300 and the application identified as "ID4" in the main device 400 call the application identified as "ID1" in the object device 100 at the same time, because the developers of the two callers are the same , the object device 100 can create an instance to serve two callers at the same time.
在一些实施例中,如果客体设备中存在为主体设备中的调用者提供服务的被调用者的实例,即客体设备之前已经创建过该实例,则客体设备无需执行S105重新创建该实例。如果客体设备中不存在为主体设备中的调用者提供服务的被调用者的实例,则客体设备执行S105以创建该实例。In some embodiments, if there is an instance of the callee that provides services for the caller in the subject device in the object device, that is, the object device has created the instance before, the object device does not need to perform S105 to recreate the instance. If there is no instance of the callee serving the caller in the subject device in the guest device, the guest device performs S105 to create the instance.
参考前文图5A及图5D中的示例,客体设备100接收到主体设备200和主体设备300各自发送的访问请求之后,将创建两个图像处理功能组件(FA)的实例,分别为主体设备200和主体设备300提供服务。Referring to the examples in FIGS. 5A and 5D above, after the object device 100 receives the access requests sent by the main device 200 and the main device 300, it will create two instances of image processing functional components (FA), which are the main device 200 and the main device 300 respectively. The main device 300 provides the service.
在一些实施例中,客体设备中可以提前安装被调用者。在另一些实施例中,客体设备可以在接收到客体设备发送的访问请求之后,从网络中下载并安装该被调用者,或者直接从主体设备处下载并安装该被调用者。In some embodiments, the callee may be pre-installed in the guest device. In other embodiments, the guest device may download and install the callee from the network after receiving the access request sent by the guest device, or directly download and install the callee from the subject device.
客体设备创建被调用者的实例时,可以为该实例分配用户标识(user ID,UID)和进程标识(process identifier,PID)。在一些实施例中,客体设备可以为被调用者的不同实例分配不同的UID。在一些实施例中,客体设备可以为被调用者的不同实例分配不同的PID。因此,客体设备可以通过UID或者PID来区分同一个被调用者的不同实例。When the object device creates an instance of the callee, it can assign a user ID (user ID, UID) and a process identifier (PID) to the instance. In some embodiments, the guest device may assign different UIDs to different instances of the callee. In some embodiments, the guest device may assign different PIDs to different instances of the callee. Therefore, the guest device can distinguish different instances of the same callee by UID or PID.
在一些实施例中,客体设备创建该被调用者的实例后,可以保存调用者和该被调用者的实例组成的调用关系,该调用关系的具体内容可参考后文相关描述。客体设备还可以将该调用关系中的部分内容,例如调用关系ID、为主体设备中的调用者创建的被调用者实例的UID、PID等等,同步给主体设备,便于主体设备存储该调用关系。In some embodiments, after creating the instance of the callee, the object device may save the calling relationship composed of the caller and the instance of the callee. For the specific content of the calling relationship, please refer to the related description below. The object device can also synchronize part of the content of the call relationship, such as the call relationship ID, the UID and PID of the callee instance created for the caller in the main device, to the main device, so that the main device can store the call relationship. .
在一些实施例中,客体设备接收到主体设备发送的权限信息后,还可以记录或者存储该权限信息。In some embodiments, after receiving the permission information sent by the subject device, the guest device may further record or store the permission information.
在一些实施例中,客体设备可以查询访问被调用者和/或访问第一资源的权限是否开放给主体设备,在是的情况下,才会执行后续步骤。这样可以减少主客体设备之间的无效沟通,提高资源调用的效率。In some embodiments, the object device may query whether the permission to access the callee and/or the first resource is open to the subject device, and only execute the subsequent steps if yes. In this way, invalid communication between host and guest devices can be reduced, and the efficiency of resource invocation can be improved.
可选步骤S106,客体设备为被调用者的实例,创建路由代理和撤销代理。In optional step S106, the object device is an instance of the callee, and a routing proxy and a revocation proxy are created.
在本申请实施例中,路由代理、撤销代理可以为应用程序、服务,还可以是实例、进程或者线程。In this embodiment of the present application, the routing agent and the revocation agent may be an application program, a service, or an instance, a process, or a thread.
在一些实施例中,客体设备可以为每一个被调用者的实例,都对应创建一个路由代理和撤销代理,同时,将该访问该路由代理的权限授予给该被调用者的实例,将访问请求所需的权限授予给该撤销代理。例如,参考图6A,图6A示出了一种客体设备100创建实例以及路由代理和撤销代理,以及,授予实例和各个代理相应权限的情况。如图所示,客体设备100创建了2个图像处理功能组件(FA)的实例,并分别为两个实例各自创建了一个路由代理和撤销代理。In some embodiments, the object device may correspondingly create a routing proxy and a revocation proxy for each instance of the callee, and at the same time, grant the right to access the routing proxy to the instance of the callee, and request the access The required permissions are granted to the revocation agent. For example, referring to FIG. 6A, FIG. 6A shows a situation where the object device 100 creates an instance and routes and revokes the proxy, and grants the instance and each proxy corresponding permissions. As shown in the figure, the object device 100 has created two instances of the image processing functional component (FA), and created a routing agent and a revocation agent for each of the two instances.
在另一些实施例中,客体设备可以为每一个被调用者的实例,都对应创建一个撤销代理,但两个实例共用一个路由代理。即,路由代理可以复用。这样,可以降低客体设备中的开销,提高资源访问的效率。参考图6B,图6B示出了另一种客体设备100创建实例以及路由代理和撤销代理,以及,授予实例和各个代理相应权限的情况。In other embodiments, the object device may create a corresponding revocation proxy for each instance of the callee, but the two instances share a routing proxy. That is, routing agents can be reused. In this way, the overhead in the object device can be reduced, and the efficiency of resource access can be improved. Referring to FIG. 6B, FIG. 6B shows another case where the object device 100 creates an instance, routes and revokes the proxy, and grants the instance and each proxy the corresponding authority.
在本申请实施例中,路由代理和撤销代理可以由客体设备的系统来创建,也可以由客体设备通过被调用者来创建,这里不做限制。并且,客体设备可以沿用调用者的身份来创建该路由代理和撤销代理,例如使用主体设备传递过来的该调用者的UID来创建这两个代理。由客体设备的系统来创建路由代理和撤销代理,可以避免被调用者获取到访问请求所需的权限, 从而避免权限扩大化或者权限滥用,可以进一步保护电子设备中的数据安全。In this embodiment of the present application, the routing proxy and the revocation proxy may be created by the system of the object device, or may be created by the object device through the callee, which is not limited here. Furthermore, the guest device can create the routing proxy and the revocation proxy by following the identity of the caller, for example, using the UID of the caller passed by the subject device to create the two proxies. The system of the object device creates the routing proxy and the revocation proxy, which can prevent the callee from obtaining the permission required by the access request, thereby avoiding permission expansion or permission abuse, and can further protect the data security in the electronic device.
在一些实施例中,如果客体设备中存在和被调用者的实例对应的路由代理和撤销代理,则客体设备无需执行S106来重新创建路由代理和撤销代理。如果客体设备中不存在和被调用者的实例对应的路由代理和撤销代理,则客体设备可以执行S106以创建路由代理和撤销代理。In some embodiments, if a routing proxy and a revocation proxy corresponding to the instance of the callee exist in the guest device, the guest device does not need to perform S106 to recreate the routing proxy and the revocation proxy. If the routing proxy and the revocation proxy corresponding to the instance of the callee do not exist in the guest device, the guest device may perform S106 to create the routing proxy and the revocation proxy.
在一些实施例中,同一个被调用者的实例对应的路由代理和撤销代理可以合成为一个代理。In some embodiments, routing proxies and revocation proxies corresponding to the same callee instance may be combined into one proxy.
通过S106,客体设备可以创建多个被调用者的实例,并且分别为各个实例创建撤销代理,将各个访问请求所需的权限授予给不同的撤销代理,这样一个撤销代理只能获取到一个访问请求所需的权限,通过相互隔离的撤销代理避免了权限混用、权限扩大化问题,可以保证客体设备中的数据安全,防止数据滥用及泄露。Through S106, the object device can create multiple instances of the callee, create revocation proxies for each instance, and grant permissions required by each access request to different revocation proxies, such that a revocation proxy can only obtain one access request For the required permissions, the problems of permission mixing and permission expansion are avoided through mutually isolated revocation agents, which can ensure the data security in the object device and prevent data abuse and leakage.
S107,客体设备将访问路由代理的权限授予给该被调用者的实例,将访问请求所需的权限授予给该撤销代理。S107, the object device grants the permission to access the routing proxy to the instance of the callee, and grants the permission required for the access request to the revocation proxy.
执行S107后,同一个被调用者的实例对应的路由代理,可以访问其对应的撤销代理,同时,该被调用者的实例不能访问该撤销代理。也就是说,本申请实施例中的访问路径只能是被调用者的实例-路由代理-撤销代理-第一资源。After S107 is executed, the routing proxy corresponding to the instance of the same callee can access the corresponding revocation proxy, and at the same time, the instance of the callee cannot access the revocation proxy. That is to say, the access path in this embodiment of the present application can only be the instance of the callee-routing proxy-revocation proxy-first resource.
S108,客体设备运行被调用者的实例,访问和该实例对应的路由代理,通过该路由代理找到和该实例对应的撤销代理,并通过该撤销代理来访问第一资源。S108, the object device runs an instance of the callee, accesses a routing proxy corresponding to the instance, finds a revocation proxy corresponding to the instance through the routing proxy, and accesses the first resource through the revocation proxy.
具体的,由于被调用者的实例具备访问路由代理的权限,因此,客体设备运行该被调用者的实例可以访问路由代理。之后,客体设备通过该路由代理找到该被调用者的实例对应的撤销代理,由于撤销代理具备访问请求所需的权限,因此客体设备可以通过该撤销代理来访问第一资源。当访问请求所需的权限包括调用被调用者的权限时,可以看做该权限包含调用被调用者执行各种操作的权限,因此也包含访问第一资源的权限。Specifically, since the instance of the callee has the right to access the routing proxy, the object device running the instance of the callee can access the routing proxy. After that, the object device finds the revocation proxy corresponding to the instance of the callee through the routing proxy. Since the revocation proxy has the permission required for the access request, the object device can access the first resource through the revocation proxy. When the permission required for the access request includes the permission to invoke the callee, it can be considered that the permission includes the permission to invoke the callee to perform various operations, and therefore also includes the permission to access the first resource.
可见,执行S108时,客体设备赋予被调用者的实例、路由代理、撤销代理各自的权限,并且在响应访问请求时,直接由被调用者的实例、路由代理、撤销代理各自进行权限检查,无需通过访问控制模块来进行额外的权限校验,减少了时间开销。It can be seen that when S108 is executed, the object device grants the callee's instance, the routing proxy, and the revocation proxy's respective permissions, and when responding to the access request, the callee's instance, routing proxy, and revocation proxy directly perform permission checks, without the need for Additional permission verification is performed through the access control module, which reduces the time overhead.
在本申请实施例中,不同的撤销代理之间相互隔离,因此不会出现撤销代理各自具备的权限出现混用及权限扩大化的情况。In the embodiment of the present application, different revocation agents are isolated from each other, so there is no situation in which the rights possessed by the revocation agents are mixed and the rights are enlarged.
在一些实施例中,客体设备响应访问请求以访问第一资源,具体可包括以下一项或多项:In some embodiments, the object device responds to the access request to access the first resource, which may specifically include one or more of the following:
1,客体设备运行为调用者创建的被调用者的实例,访问第一资源以执行一系列操作,例如通过显示屏显示视频通话界面、通过摄像头采集图像、执行计算操作、图像处理、获取位置信息等等。1. The object device runs an instance of the callee created for the caller, and accesses the first resource to perform a series of operations, such as displaying a video call interface through a display screen, capturing images through a camera, performing computing operations, image processing, and obtaining location information and many more.
2,客体设备将访问第一资源的访问结果发送给主体设备,例如将摄像头采集的图像发送给主体设备,以供主体设备发送给和其进行视频通话的另一端设备,又例如将计算结果、获取到的位置信息发送给主体设备等等。2. The object device sends the access result of accessing the first resource to the main device, for example, the image captured by the camera is sent to the main device, so that the main device can send it to the other end device that has a video call with it, and for example, the calculation result, The obtained location information is sent to the main device and so on.
3,客体设备接收主体设备发送的数据,并利用该数据来访问第一资源,并执行一系列操。例如客体设备可以接收主体设备发送的其进行视频通话的另一端设备采集的图像,将该图像显示在显示屏的视频通话界面中。3. The object device receives the data sent by the main device, uses the data to access the first resource, and performs a series of operations. For example, the object device may receive an image sent by the main device and collected by the device at the other end of the video call, and display the image on the video call interface of the display screen.
这里,客体设备响应访问请求以访问第一资源时所执行的操作,可以由客体设备默认决定,也可以由客体设备侧的用户决定,还可以由主体设备侧发送的访问请求来决定,这里不做限制。Here, the operation performed by the object device to access the first resource in response to the access request may be determined by the object device by default, or determined by the user on the object device side, or determined by the access request sent by the main device side. make restrictions.
示例性地,参考图5C,图5C为主体设备200接收到客体设备100访问第一资源的访问结果后所显示的用户界面51。主体设备200可以先将图5A中的图片504发送给客体设备100,该图片504可以被携带在访问请求中,然后客体设备100可以运行为主体设备200中的“图库”创建的图像处理功能组件(FA)的实例,并通过S107中的具体操作来访问客体设备100中的图像处理资源,并将图像处理资源对图片504处理后的访问结果发送给主体设备200。如图5C,主体设备200可以在用户界面51中根据该访问结果,显示客体设备100处理后得到的图片506。显然地,对比图5A中的图片504,图片506的清晰度更高。客体设备100对图片504调整清晰度的处理可以是客体设备侧用户在客体设备上选择的,或者是客体设备默认执行的。在一些实施例中,用户界面51中还可显示有提示信息507,用于提示资源调用结果。Exemplarily, referring to FIG. 5C , FIG. 5C is the user interface 51 displayed after the host device 200 receives the access result of the object device 100 accessing the first resource. The main device 200 can first send the picture 504 in FIG. 5A to the object device 100, and the picture 504 can be carried in the access request, and then the object device 100 can run the image processing function component created for the “Gallery” in the main device 200 (FA), and access the image processing resource in the object device 100 through the specific operation in S107 , and send the access result of the image processing resource processing the picture 504 to the main device 200 . As shown in FIG. 5C , the host device 200 may display a picture 506 obtained after processing by the object device 100 according to the access result in the user interface 51 . Obviously, the definition of the picture 506 is higher than that of the picture 504 in FIG. 5A . The processing of adjusting the sharpness of the picture 504 by the object device 100 may be selected by the user on the object device side on the object device, or executed by default on the object device. In some embodiments, prompt information 507 may also be displayed in the user interface 51 for prompting the resource invocation result.
类似地,参考图5F,图5F为主体设备300接收到客体设备100访问第一资源的访问结果后所显示的用户界面52。主体设备300可以先将图5D中的图片508发送给客体设备100,该图片508可以被携带在访问请求中,然后客体设备100可以运行为主体设备300中的“图库”创建的图像处理功能组件(FA)的实例,并通过S107中的具体操作来访问客体设备100中的图像处理资源,并将图像处理资源对图片508处理后的访问结果发送给主体设备300。如图5F,主体设备300可以在用户界面52中根据该访问结果,显示客体设备100处理后得到的图片511。显然地,对比图5D中的图片508,图片511中的人物图像进行了瘦身塑形处理。客体设备100对图片508中的人物图像进行的瘦身塑形处理可以是客体设备侧用户在客体设备上选择的,或者是客体设备默认执行的。在一些实施例中,用户界面52中还可显示有提示信息512,用于提示资源调用结果。Similarly, referring to FIG. 5F , FIG. 5F is the user interface 52 displayed by the host device 300 after receiving the access result of the object device 100 accessing the first resource. The host device 300 can first send the picture 508 in FIG. 5D to the object device 100, and the picture 508 can be carried in the access request, and then the object device 100 can run the image processing function component created for the “Gallery” in the host device 300 (FA), and access the image processing resource in the object device 100 through the specific operation in S107 , and send the access result of the image processing resource processing the picture 508 to the main device 300 . As shown in FIG. 5F , the host device 300 may display the picture 511 obtained by the object device 100 after processing according to the access result in the user interface 52 . Obviously, compared with the picture 508 in FIG. 5D , the image of the person in the picture 511 has undergone a slimming and shaping process. The slimming and shaping process performed by the object device 100 on the character image in the picture 508 may be selected by the user on the object device side on the object device, or executed by default on the object device. In some embodiments, prompt information 512 may also be displayed in the user interface 52 for prompting the resource invocation result.
S109,客体设备撤销访问请求所需的权限。S109, the object device revokes the permission required by the access request.
在本申请实施例中,客体设备可以在以下任意一种情况下,撤销主体设备传递过来的访问请求所需的权限:In this embodiment of the present application, the guest device may revoke the permission required by the access request transmitted by the subject device in any of the following cases:
1,如果主体设备传递过来的权限信息中包含时效信息,则客体设备可以根据该时效信息指示的时效来撤销访问请求所需的权限。1. If the authorization information transmitted by the subject device includes the time limit information, the object device can revoke the rights required for the access request according to the time limit indicated by the time limit information.
例如,如果时效信息指示一次有效,则客体设备可以在成功响应访问请求,即结束访问第一资源之后,撤销该访问请求所需的权限。例如,在图5A-图5C的示例中,客体设备100接收到主体设备200发送的访问请求后,可以在响应该访问请求之后,即刻撤销该访问请求所需的权限。For example, if the aging information indicates that it is valid for one time, the object device can revoke the permission required by the access request after successfully responding to the access request, that is, after finishing accessing the first resource. For example, in the examples of FIGS. 5A-5C, after receiving the access request sent by the subject device 200, the object device 100 may immediately revoke the permission required by the access request after responding to the access request.
又例如,如果时效信息指示在第一时间内有效,则客体设备可以在接收到时效信息的第一时间后,撤销该访问请求所需的权限。For another example, if the indication of the aging information is valid within the first time, the object device may revoke the permission required for the access request after receiving the first time of the aging information.
又例如,如果时效信息指示在第一区域内有效,则客体设备可以在位于非第一区域时,撤销该访问请求所需的权限。For another example, if the aging information indicates that it is valid in the first area, the object device may revoke the permission required by the access request when it is not located in the first area.
2,客体设备可以在成功响应访问请求,即结束访问第一资源后,按照自身的权限撤销策略来撤销访问请求所需的权限。2. After successfully responding to the access request, that is, after finishing accessing the first resource, the object device can revoke the permission required by the access request according to its own permission revocation policy.
客体设备中的权限撤销策略例如可包括但不限于:即刻撤销该访问请求所需的权限、成功响应访问请求的第二时间后撤销该访问请求所需的权限、被调用者的实例超过预设时长未访问客体设备中的第一资源时撤销该访问请求所需的权限,或者,在满足其他条件下撤销该访问请求所需的权限等等。For example, the permission revocation policy in the object device may include, but is not limited to: immediately revoke the permission required for the access request, revoke the permission required for the access request after a second time after successfully responding to the access request, and the instance of the callee exceeds the preset value. When the first resource in the object device is not accessed for a long time, the permission required for the access request is revoked, or the permission required for the access request is revoked when other conditions are met, and so on.
通过第2种方式,客体设备可以在成功响应访问请求后撤销权限,无需通过传递时效信息来撤销该权限,也就避免了资源调用未完成时该权限就已经失效的情况,从而实现按照实际的用户需求精准撤销权限的目的。Through the second method, the object device can revoke the permission after successfully responding to the access request, without the need to revoke the permission by passing the aging information, which avoids the situation that the permission has been invalidated before the resource call is completed, so as to realize the actual The user needs to accurately revoke the purpose of the permission.
具体的,本申请实施例中客体设备可以通过以下任意一项或多项,来撤销访问请求所需的权限:Specifically, in this embodiment of the present application, the object device can revoke the permissions required by the access request by using any one or more of the following:
1,客体设备撤销授予给撤销代理的访问请求所需的权限。1. The guest device revokes the permissions required for the access request granted to the revocation agent.
客体设备收回授予给撤销代理的访问请求所需的权限后,后续该撤销代理就无法继续访问第一资源,被调用者的实例以及路由代理也无法通过该撤销代理来访问第一资源,因此能够实现收回权限的目的。After the guest device withdraws the permissions required for the access request granted to the revocation proxy, the revocation proxy cannot continue to access the first resource, and the instance of the callee and the routing proxy cannot access the first resource through the revocation proxy. To achieve the purpose of withdrawing permissions.
2,客体设备终止路由代理和/或撤销代理。2. The guest device terminates the routing proxy and/or revokes the proxy.
终止路由代理和/或撤销代理,可以是指客体设备完全清空该路由代理和/或撤销代理的相关数据,客体设备中不再存在该路由代理和/或撤销代理。这样后续被调用者的实例也就无法过路由代理和撤销代理来访问第一资源,因此能够实现收回权限的目的。Terminating the routing proxy and/or withdrawing the proxy may mean that the object device completely clears the relevant data of the routing proxy and/or the withdrawing proxy, and the routing proxy and/or the withdrawing proxy no longer exists in the object device. In this way, the instance of the subsequent callee cannot access the first resource through the routing proxy and the revocation proxy, so the purpose of reclaiming the authority can be achieved.
在本申请实施例中,这样通过路由代理和撤销代理来访问第一资源,避免直接将访问请求所需的权限授予给被调用者的实例,即使被调用者的实例将自身的权限二次传递给其他被调用者,执行上述S108之后,二次传递的权限也将失效,从而达到精准撤销权限的目的。此外,通过路由代理和撤销代理,客体设备无需存储大量的权限委派信息,节约了客体设备的存储资源。In this embodiment of the present application, the first resource is accessed through the routing proxy and the revocation proxy, so as to avoid directly granting the permission required by the access request to the instance of the callee, even if the instance of the callee transmits its own permission twice For other callees, after executing the above S108, the permission of the secondary transmission will also be invalid, so as to achieve the purpose of accurately revoking the permission. In addition, through the routing proxy and the revocation proxy, the object device does not need to store a large amount of authority delegation information, which saves the storage resources of the object device.
在图4所示的方法中,客体设备还可以管理为主体设备中的调用者创建的被调用者的实例的生命周期。在一些实施例中,客体设备可以在运行该实例并成功响应访问请求后,停止运行或销毁该实例,也可以在经过预设时间后停止运行或销毁该实例,还可以在运行中的实例经过一定时长均未访问客体设备中的资源时,停止运行或销毁该实例。停止运行实例是指客体设备中仍然存在该实例,但该实例并未处于运行状态。销毁实例是指客体设备将该实例相关的所有数据删除,该客体设备中不再存在该实例。In the method shown in Figure 4, the guest device can also manage the life cycle of the callee's instance created for the caller in the subject device. In some embodiments, the object device can stop running or destroy the instance after running the instance and successfully respond to the access request, or it can stop running or destroy the instance after a preset time has elapsed, and it can also stop running or destroy the instance after the running instance has passed the When the resource in the object device is not accessed for a certain period of time, stop running or destroy the instance. Stopping the running instance means that the instance still exists in the guest device, but the instance is not running. Destroying an instance means that the object device deletes all data related to the instance, and the instance no longer exists in the object device.
在图4所示的访问控制方法中:In the access control method shown in Figure 4:
客体设备(例如客体设备100)可以被称为第一设备,一个主体设备(例如主体设备200)可以被称为第二设备,另一个主体设备(例如主体设备300)可以被称为第三设备。A guest device (eg, guest device 100 ) may be referred to as a first device, one host device (eg, host device 200 ) may be referred to as a second device, and another host device (eg, host device 300 ) may be referred to as a third device .
第二设备中的调用者例如主体设备200中的“图库”,可以被称为第一调用者,第三设备中的调用者例如主体设备300中的“图库”,可以被称为第二调用者。The caller in the second device, such as the "Gallery" in the main device 200, can be referred to as the first caller, and the caller in the third device, such as the "Gallery" in the main device 300, can be referred to as the second caller By.
第二设备向第一设备发送的访问请求,可以被称为第一访问请求。第三设备向第一设备发送的访问请求,可以被称为第二访问请求。第一访问请求所需的权限,可以称为第一权限。第二权限信息所需的权限,可以称为第二权限。The access request sent by the second device to the first device may be referred to as a first access request. The access request sent by the third device to the first device may be referred to as a second access request. The permission required by the first access request may be referred to as the first permission. The authority required by the second authority information may be referred to as the second authority.
第二设备向第一设备发送的权限信息,可以被称为第一权限信息。第三设备向第一设备发送的权限信息,可以被称为第二权限信息。The permission information sent by the second device to the first device may be referred to as first permission information. The permission information sent by the third device to the first device may be referred to as second permission information.
第一设备响应于第一访问请求所运行的被调用者的实例,可称为第一实例。第一设备响应于第二访问请求所运行的被调用者的实例,可称为第二实例。The instance of the callee executed by the first device in response to the first access request may be referred to as the first instance. The instance of the callee executed by the first device in response to the second access request may be referred to as the second instance.
第一设备响应于第一访问请求所运行的路由代理和撤销代理,可以分别称为第一路由代理和第一撤销代理。第一路由代理和第一撤销代理合成为一个代理时,该代理可以称为第一代理。The routing proxy and the revocation proxy run by the first device in response to the first access request may be referred to as the first routing proxy and the first revocation proxy, respectively. When the first routing agent and the first revocation agent are combined into one agent, the agent may be referred to as the first agent.
第一设备响应于第二访问请求所运行的路由代理和撤销代理,可以分别称为第二路由代理和第二撤销代理。第二路由代理和第二撤销代理合成为一个代理时,该代理可以称为第二代理。The routing proxy and the revocation proxy run by the first device in response to the second access request may be referred to as the second routing proxy and the second revocation proxy, respectively. When the second routing agent and the second revocation agent are combined into one agent, the agent may be referred to as the second agent.
不限于上述示例性列举的分布式系统,图4所示的方法还可以应用于单个电子设备中。例如,该电子设备中安装有一个或多个调用者,和,被调用者,该电子设备既是主体设备, 也是客体设备。该电子设备可以生成一个或多个用于调用同一被调用者的访问请求,该访问请求用于调用者调用被调用者以访问该电子设备中的第一资源。该访问请求的生成时机以及方式,可参考图4的S102中主体设备生成访问请求的相关描述。该电子设备生成访问请求之后,可以执行图4所示方法中的S103-S109,不同之处在于图4中客体设备和主体设备之间的通信过程可以省略。Not limited to the distributed system exemplified above, the method shown in FIG. 4 can also be applied to a single electronic device. For example, one or more callers and callees are installed in the electronic device, and the electronic device is both a subject device and an object device. The electronic device may generate one or more access requests for invoking the same callee, where the access request is for the caller to invoke the callee to access the first resource in the electronic device. For the generation timing and manner of the access request, reference may be made to the relevant description of the main device generating the access request in S102 of FIG. 4 . After the electronic device generates the access request, S103-S109 in the method shown in FIG. 4 may be executed, the difference is that the communication process between the object device and the subject device in FIG. 4 may be omitted.
此外,该电子设备可以通过调用者或者系统来创建路由代理和撤销代理,这样可以避免被调用者获取到访问请求所需的权限,从而避免权限扩大化或者权限滥用,可以保护电子设备中的数据安全。并且,该电子设备可以沿用调用者的身份来创建该路由代理和撤销代理,例如可以使用调用者的UID来创建这两个代理。In addition, the electronic device can create a routing proxy and a revocation proxy through the caller or the system, which can prevent the callee from obtaining the permission required for the access request, thereby avoiding permission expansion or permission abuse, and protecting the data in the electronic device. Safety. And, the electronic device can create the routing proxy and the revocation proxy by using the identity of the caller, for example, can use the UID of the caller to create the two proxies.
单个电子设备如何执行本申请实施例提供的访问控制方法,可参考图4的相关描述,这里不再赘述。For how a single electronic device executes the access control method provided by the embodiment of the present application, reference may be made to the related description in FIG. 4 , and details are not repeated here.
参考图8,图8示例性示出了单个电子设备基于binder来实现本申请实施例提供的访问控制方法的简单流程。如图8所示,电子设备包括用户空间和内核空间,用户空间包括调用者(例如APP1)和被调用者(例如APP2),内核空间包括binder驱动。Referring to FIG. 8 , FIG. 8 exemplarily shows a simple process for a single electronic device to implement the access control method provided by the embodiment of the present application based on the binder. As shown in FIG. 8 , the electronic device includes a user space and a kernel space, the user space includes a caller (for example, APP1 ) and a callee (for example, APP2 ), and the kernel space includes a binder driver.
如图8所示,该流程可包括如下步骤:As shown in Figure 8, the process may include the following steps:
1,APP1通知系统创建或APP1自己创建路由代理和撤销代理,同时规定只有通过P2权限才能访问路由代理。1. APP1 informs the system to create or APP1 creates and revokes the routing proxy, and stipulates that the routing proxy can only be accessed through the P2 authority.
2,APP1请求调用APP2。2. APP1 requests to call APP2.
3,binder驱动通过处理命令将P2权限传递给路由代理,将P1权限传递给撤销代理。P1权限是APP1请求调用APP2时所需的权限,该权限用于访问第一资源。3. The binder driver passes the P2 authority to the routing agent by processing the command, and passes the P1 authority to the revocation agent. The P1 permission is the permission required when APP1 requests to call APP2, and the permission is used to access the first resource.
4,APP2响应APP1的请求,发起调用第一资源的请求。4. APP2 responds to the request of APP1 and initiates a request for calling the first resource.
5,系统(如应用调度管理模块)根据APP2的请求,启动路由代理。因为APP2已经拥有了P2权限,因此可以启动路由代理。5. The system (such as the application scheduling management module) starts the routing agent according to the request of APP2. Because APP2 already has P2 permissions, it can start the routing agent.
6,路由代理将APP2发起的请求直接转发给撤销代理。6. The routing proxy directly forwards the request initiated by APP2 to the revocation proxy.
7,撤销代理调用第一资源,由于撤销代理已经拥有P1权限,因此可以调用该第一资源。7. The revocation agent calls the first resource. Since the revocation agent already has the P1 authority, the first resource can be called.
结束调用第一资源以后,APP1可以请求系统删除或APP1自己删除撤销代理和/或路由代理,也可以通过binder驱动收回撤销代理的P1权限,即可完成权限撤销。After finishing calling the first resource, APP1 can request the system to delete or APP1 delete the revocation proxy and/or routing proxy, or can withdraw the P1 permission of the revocation proxy through the binder driver, and the permission can be revoked.
分布式系统中,也可根据和图8类似的方式,基于binder来实现权限的授予和撤销,详细实现这里不再赘述。In a distributed system, permissions can also be granted and revoked based on binders in a manner similar to that in FIG. 8 , and the detailed implementation will not be repeated here.
在单机设备中,电子设备通过路由代理和撤销代理,可以精准、灵活地撤销该访问请求所需的权限。具体可参考在分布式系统中实施该访问控制方法时的相关描述。In a stand-alone device, the electronic device can revoke the permissions required for the access request accurately and flexibly through the routing proxy and the revocation proxy. For details, please refer to the relevant description when implementing the access control method in a distributed system.
在单机设备中执行本申请实施例提供的精准撤销权限的访问控制方法时,电子设备中的一个调用者可以被称为第一调用者,另一个调用者可以被称为第二调用者。电子设备运行第一调用者时生成的用于调用被调用者并访问第一资源的访问请求,可以被称为第一访问请求。电子设备运行第二调用者时生成的用于调用被调用者并访问第一资源的访问请求,可以被称为第二访问请求。第一访问请求所需的权限,可以称为第一权限。第二权限信息所需的权限,可以称为第二权限。When the access control method for precise revocation of permissions provided by the embodiments of the present application is executed in a stand-alone device, one caller in the electronic device may be called the first caller, and the other caller may be called the second caller. The access request for invoking the callee and accessing the first resource, which is generated when the electronic device runs the first caller, may be referred to as the first access request. The access request for invoking the callee and accessing the first resource, which is generated when the electronic device runs the second caller, may be referred to as a second access request. The permission required by the first access request may be referred to as the first permission. The authority required by the second authority information may be referred to as the second authority.
电子设备响应于第一访问请求所运行的被调用者的实例,可称为第一实例。第三设备响应于第二访问请求所运行的被调用者的实例,可称为第二实例。The instance of the callee executed by the electronic device in response to the first access request may be referred to as the first instance. The instance of the callee executed by the third device in response to the second access request may be referred to as the second instance.
电子设备响应于第一访问请求所运行的路由代理和撤销代理,可以分别称为第一路由代理和第一撤销代理。第一路由代理和第一撤销代理合成为一个代理时,该代理可以称为第一 代理。The routing proxy and the revocation proxy run by the electronic device in response to the first access request may be referred to as the first routing proxy and the first revocation proxy, respectively. When the first routing agent and the first revocation agent are combined into one agent, the agent may be referred to as the first agent.
电子设备响应于第二访问请求所运行的路由代理和撤销代理,可以分别称为第二路由代理和第二撤销代理。第二路由代理和第二撤销代理合成为一个代理时,该代理可以称为第二代理。The routing proxy and the revocation proxy executed by the electronic device in response to the second access request may be referred to as the second routing proxy and the second revocation proxy, respectively. When the second routing agent and the second revocation agent are combined into one agent, the agent may be referred to as the second agent.
参考图7A,图7A为本申请实施例提供的主体设备的软件结构示意图。该主体设备可以是图4实施例中的主体设备200或主体设备300。Referring to FIG. 7A , FIG. 7A is a schematic diagram of a software structure of a main device provided by an embodiment of the present application. The main device may be the main device 200 or the main device 300 in the embodiment of FIG. 4 .
如图7A所示,主体设备可包括如下几个模块:应用信息管理模块、权限申请模块、权限委派模块、调用关系管理模块、调用关系库。其中:As shown in FIG. 7A , the main device may include the following modules: an application information management module, a permission application module, a permission delegation module, a call relationship management module, and a call relationship library. in:
应用信息管理模块,用于管理主体设备所安装的各个APP、功能组件的信息,例如名称等等。应用信息管理模块还用于将本机的APP、功能组件的信息同步到其他设备中,同时接收其他设备(例如客体设备)同步的APP、功能组件的信息。The application information management module is used to manage the information of each APP and functional components installed in the main device, such as names and so on. The application information management module is also used to synchronize the information of the APP and functional components of the local machine to other devices, and simultaneously receive the information of the APP and functional components synchronized by other devices (eg, object devices).
权限申请模块,用于在主体设备生成用于调用客体设备中被调用者的访问请求时,向用户申请获取该访问请求所需的权限。The permission application module is used to apply to the user for the permission required for the access request when the subject device generates an access request for invoking the callee in the object device.
权限委派模块,用于根据调用关系,将权限申请模块申请到的权限信息,发送给客体设备。在一些实施例中,权限委派模块用于将权限申请模块申请到的权限信息,和,主体设备生成的访问请求同时发送给客体设备。The authority delegation module is used to send the authority information applied by the authority application module to the object device according to the calling relationship. In some embodiments, the permission delegation module is configured to send the permission information applied for by the permission application module and the access request generated by the subject device to the object device at the same time.
调用关系管理模块,负责维护调用者、为该调用者提供服务的被调用者实例组成的调用关系,并将其存储到调用关系库中。The calling relationship management module is responsible for maintaining the calling relationship composed of the caller and the callee instance that provides services for the caller, and stores it in the calling relationship library.
调用关系库,用于存储调用者和被调用者实例组成的调用关系。该调用关系包括:调用关系ID、被调用者的实例信息,和,调用该实例的各个调用者信息。The call relationship library is used to store the call relationship composed of the caller and the callee instance. The invocation relationship includes: the invocation relationship ID, the instance information of the callee, and the information of each caller who invoked the instance.
调用关系ID可以由主体设备分配。针对同一个调用关系,客体设备和主体设备可以共享同一个调用关系ID,该调用关系ID可以被携带在发送给客体设备的访问请求中,由主体设备分配后发送给客体设备。The call relationship ID can be assigned by the subject device. For the same invocation relationship, the object device and the main device can share the same invocation relationship ID, and the invocation relationship ID can be carried in the access request sent to the object device, which is allocated by the main device and sent to the object device.
被调用者的实例信息可包括以下一项或多项:客体设备的设备标识(device ID)、被调用者的APP ID、该实例的UID和PID。PID是实例的身份标识,电子设备运行一个实例即会给该实例分配一个唯一的PID。PID、UID可以由客体设备同步到主体设备中。The instance information of the callee may include one or more of the following: the device ID (device ID) of the object device, the APP ID of the callee, the UID and PID of the instance. The PID is the identity identifier of the instance, and when the electronic device runs an instance, a unique PID is assigned to the instance. PID and UID can be synchronized from the guest device to the host device.
调用者信息包括调用者的应用标识(APP ID),还可包括以下一项或多项:主体设备的设备标识(device ID)、调用者的开发者签名、调用者的用户标识(user ID,UID)、主体设备的账户(account ID)。其中:The caller information includes the caller's application ID (APP ID), and may also include one or more of the following: the device ID of the main device (device ID), the caller's developer signature, the caller's user ID (user ID, UID), the account (account ID) of the subject device. in:
APP ID,用于标识APP或功能组件。APP ID, used to identify the APP or functional component.
device ID,用于标识设备。device ID例如可以是设备的名称、序列号、媒体访问控制(media access control,MAC)地址等等。device ID, used to identify the device. The device ID may be, for example, the name of the device, a serial number, a media access control (media access control, MAC) address, and the like.
开发者签名,用于标识开发者。Developer signature, used to identify the developer.
UID,用于标识APP或功能组件所属用户。通常情况下,电子设备会为安装的不同APP或功能组件分配不同的UID,以作区分。在一些实施例中,电子设备可能为同一开发者开发的各个APP或功能组件分配相同的UID。同一个APP或功能组件在不同电子设备中,可能拥有不同的UID。UID, used to identify the user to which the APP or functional component belongs. Usually, the electronic device will assign different UIDs to different installed apps or functional components to distinguish them. In some embodiments, the electronic device may assign the same UID to each APP or functional component developed by the same developer. The same APP or functional component may have different UIDs in different electronic devices.
account ID,用于标识当前登录到电子设备的用户,例如可以是华为账号。account ID, used to identify the user currently logged in to the electronic device, for example, a Huawei account.
图7A仅为示意性举例,本申请实施例提供的主体设备还可以包括更多或更少的模块,这里不做限制。FIG. 7A is only a schematic example, and the main device provided in this embodiment of the present application may further include more or less modules, which is not limited here.
图7A提及的主体设备中的各个模块,可以位于图3B所示的电子设备中的应用程序层、 应用程序框架层、系统服务层、内核层等等,这里不做限制。Each module in the main device mentioned in FIG. 7A may be located in the application layer, application framework layer, system service layer, kernel layer, etc. in the electronic device shown in FIG. 3B , which is not limited here.
参考图7B,图7B为本申请实施例提供的客体设备的软件结构示意图。该客体设备可以是图4实施例中的客体设备100。Referring to FIG. 7B , FIG. 7B is a schematic diagram of a software structure of a guest device provided by an embodiment of the present application. The guest device may be the guest device 100 in the embodiment of FIG. 4 .
如图7B所示,客体设备可包括如下几个模块:应用信息管理模块、实例管理模块、权限委派模块、路由代理管理模块、撤销代理管理模块、委派撤销管理模块、调用关系管理模块、调用关系库。其中:As shown in FIG. 7B, the object device may include the following modules: application information management module, instance management module, authority delegation module, routing proxy management module, revocation proxy management module, delegation revocation management module, invocation relationship management module, invocation relationship management module library. in:
应用信息管理模块,用于管理客体设备所安装的各个APP、功能组件的信息,例如名称等等。应用信息管理模块还用于将本机的APP、功能组件的信息同步到其他设备中,同时接收其他设备(例如主体设备)同步的APP、功能组件的信息。The application information management module is used to manage the information of each APP and functional component installed in the object device, such as the name and so on. The application information management module is also used for synchronizing the information of the APP and functional components of the machine to other devices, and at the same time receiving the information of the APP and functional components synchronized by other devices (such as the main device).
实例管理模块,负责根据调用者的信息,动态启用被调用者的实例,为该调用者提供服务。具体的,实例管理模块可以为不同的调用者启用不同的被调用者的实例。实例管理模块还用于管理各个实例的生命周期,例如启动、停止、销毁、重启等等。The instance management module is responsible for dynamically enabling the instance of the callee according to the information of the caller and providing services for the caller. Specifically, the instance management module can enable different callee instances for different callers. The instance management module is also used to manage the life cycle of each instance, such as starting, stopping, destroying, restarting, and so on.
权限委派模块,用于接收主体设备发送的访问请求所需的权限信息。并将访问代理模块的权限授予给被调用者,将该访问请求所需的权限授予给代理模块。代理模块可以包括撤销代理和路由代理。The authorization delegation module is used to receive the authorization information required by the access request sent by the main device. And grant the permission to access the proxy module to the callee, and grant the permission required for the access request to the proxy module. The proxy module may include revocation proxies and routing proxies.
路由代理管理模块,用于创建路由代理。在一些实施例中,路由代理管理模块可以响应于不同的访问请求,创建不同的路由代理。在另一些实施例中,路由代理管理模块可以创建一个路由代理,用于响应客体设备获取到的全部访问请求。The routing agent management module is used to create routing agents. In some embodiments, the routing proxy management module may create different routing proxies in response to different access requests. In other embodiments, the routing proxy management module may create a routing proxy for responding to all access requests obtained by the object device.
撤销代理管理模块,用于创建撤销代理。在一些实施例中,撤销代理管理模块可以响应于不同的访问请求,创建不同的撤销代理。The revocation proxy management module is used to create revocation proxies. In some embodiments, the revocation proxy management module may create different revocation proxies in response to different access requests.
委派撤销管理模块,用于在客体设备需要时,撤销授予给撤销代理的权限,或者终止该撤销代理和/或路由代理。The delegated revocation management module is used for revoking the authority granted to the revocation agent, or terminating the revocation agent and/or the routing agent, when the object device needs it.
调用关系管理模块,负责维护调用者、为该调用者提供服务的被调用者实例组成的调用关系,并将其存储到调用关系库中。The calling relationship management module is responsible for maintaining the calling relationship composed of the caller and the callee instance that provides services for the caller, and stores it in the calling relationship library.
调用关系库,用于存储调用者和被调用者实例组成的调用关系。该调用关系包括:调用关系ID、被调用者的实例信息,和,调用该实例的各个调用者信息。该调用关系的具体内容可参考图7A中主体设备的相关描述。The call relationship library is used to store the call relationship composed of the caller and the callee instance. The invocation relationship includes: the invocation relationship ID, the instance information of the callee, and the information of each caller who invoked the instance. For the specific content of the calling relationship, reference may be made to the relevant description of the main device in FIG. 7A .
图7B仅为示意性举例,本申请实施例提供的客体设备还可以包括更多或更少的模块,这里不做限制。FIG. 7B is only a schematic example, and the object device provided in this embodiment of the present application may further include more or less modules, which is not limited here.
图7B提及的客体设备中的各个模块,可以位于图3B所示的电子设备中的应用程序层、应用程序框架层、系统服务层、内核层等等,这里不做限制。Each module in the object device mentioned in FIG. 7B may be located in the application layer, application framework layer, system service layer, kernel layer, etc. in the electronic device shown in FIG. 3B , which is not limited here.
本申请的各实施方式可以任意进行组合,以实现不同的技术效果。The various embodiments of the present application can be arbitrarily combined to achieve different technical effects.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介 质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The computer program instructions, when loaded and executed on a computer, result in whole or in part of the processes or functions described herein. The computer may be a general purpose computer, special purpose computer, computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server or data center Transmission to another website site, computer, server, or data center by wire (eg, coaxial cable, optical fiber, digital subscriber line) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that includes one or more available media integrations. The usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), and the like.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,该流程可以由计算机程序来指令相关的硬件完成,该程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法实施例的流程。而前述的存储介质包括:ROM或随机存储记忆体RAM、磁碟或者光盘等各种可存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented. The process can be completed by instructing the relevant hardware by a computer program, and the program can be stored in a computer-readable storage medium. When the program is executed , which may include the processes of the foregoing method embodiments. The aforementioned storage medium includes: ROM or random storage memory RAM, magnetic disk or optical disk and other mediums that can store program codes.
总之,以上所述仅为本申请技术方案的实施例而已,并非用于限定本申请的保护范围。凡根据本申请的揭露,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。In a word, the above descriptions are merely examples of the technical solutions of the present application, and are not intended to limit the protection scope of the present application. Any modification, equivalent replacement, improvement, etc. made according to the disclosure of this application shall be included within the protection scope of this application.

Claims (32)

  1. 一种精准撤销权限的访问控制方法,其特征在于,所述方法应用于包含第一设备和第二设备的通信系统,所述第一设备中安装有被调用者,所述第二设备中安装有第一调用者,所述被调用者、所述第一调用者为应用程序APP或功能组件,所述APP为实现多个功能的程序实体,所述功能组件为实现单一功能的程序实体;An access control method for accurately revoking authority, characterized in that the method is applied to a communication system including a first device and a second device, the first device is installed with a callee, and the second device is installed There is a first caller, the callee and the first caller are an application program APP or a functional component, the APP is a program entity that implements multiple functions, and the functional component is a program entity that implements a single function;
    所述方法包括:The method includes:
    所述第二设备向所述第一设备发送第一访问请求和第一权限信息,所述第一访问请求用于所述第一调用者调用所述被调用者以访问所述第一设备中的第一资源,所述第一权限信息指示第一权限,所述第一权限包括调用所述被调用者的权限,和/或,访问所述第一资源的权限;The second device sends a first access request and first permission information to the first device, where the first access request is used by the first caller to call the callee to access the first device the first resource, the first permission information indicates the first permission, and the first permission includes the permission to invoke the callee, and/or the permission to access the first resource;
    所述第一设备响应于所述第一访问请求,将所述第一权限授予第一代理,将访问所述第一代理的权限授予所述被调用者,所述第一代理为服务、进程或线程;In response to the first access request, the first device grants the first authority to a first agent, and grants the authority to access the first agent to the callee, where the first agent is a service, a process or thread;
    所述第一设备运行所述被调用者,访问所述第一代理,并通过所述第一代理具备的所述第一权限,访问所述第一资源;The first device runs the callee, accesses the first agent, and accesses the first resource through the first authority possessed by the first agent;
    所述第一设备终止所述第一代理,或者,所述第一设备撤销所述第一代理具备的所述第一权限。The first device terminates the first agent, or the first device revokes the first authority possessed by the first agent.
  2. 根据权利要求1所述的方法,其特征在于,所述第一权限信息还指示所述第一权限的时效,所述时效为以下任意一项:一次有效、在第一时间内有效或者在第一区域内有效;The method according to claim 1, wherein the first permission information further indicates the time limit of the first permission, and the time limit is any one of the following: valid once, valid within a first time, or valid within a first time valid in one area;
    所述第一设备终止所述第一代理,或者,所述第一设备撤销所述第一代理具备的所述第一权限,具体包括:The first device terminates the first agent, or the first device revokes the first authority possessed by the first agent, specifically including:
    如果所述时效为一次有效,所述第一设备在结束访问所述第一资源后,终止所述第一代理或者撤销所述第一代理具备的所述第一权限;If the time limit is valid for one time, after the first device finishes accessing the first resource, the first device terminates the first agent or revokes the first authority possessed by the first agent;
    如果所述时效为在所述第一时间内有效或者在所述第一区域内有效,则所述第一设备在接收到所述第一权限信息的所述第一时间后,或者,在位于非所述第一区域时,终止所述第一代理或者撤销所述第一代理具备的所述第一权限。If the time limit is valid within the first time or within the first area, the first device may, after receiving the first time of the first permission information, or at the When it is not in the first area, the first agent is terminated or the first authority possessed by the first agent is revoked.
  3. 根据权利要求1所述的方法,其特征在于,所述第一设备终止所述第一代理,或者,所述第一设备撤销所述第一代理具备的所述第一权限,具体包括:The method according to claim 1, wherein the first device terminates the first agent, or the first device revokes the first authority possessed by the first agent, specifically comprising:
    所述第一设备在结束访问所述第一资源后,或者,在结束访问所述第一资源的第二时间后,终止所述第一代理或者撤销所述第一代理具备的所述第一权限。After the first device finishes accessing the first resource, or after finishing accessing the first resource for a second time, the first device terminates the first agent or revokes the first agent provided by the first agent. permissions.
  4. 根据权利要求1-3任一项所述的方法,其特征在于,The method according to any one of claims 1-3, wherein,
    所述第一设备将访问所述第一代理的权限授予所述被调用者,具体包括:所述第一设备将访问所述第一代理的权限授予所述被调用者的第一实例;The first device granting the permission to access the first agent to the callee specifically includes: the first device granting the permission to access the first agent to the first instance of the callee;
    所述第一设备运行所述被调用者,访问所述第一代理,具体包括:所述第一设备运行所述第一实例,访问所述第一代理;The first device running the callee and accessing the first agent specifically includes: the first device running the first instance and accessing the first agent;
    所述通信系统还包括第三设备,所述第三设备中安装有第二调用者,所述第二调用者为所述APP或所述功能组件;所述方法还包括:The communication system further includes a third device, and a second caller is installed in the third device, and the second caller is the APP or the functional component; the method further includes:
    所述第三设备向所述第一设备发送第二访问请求和第二权限信息,所述第二访问请求用 于所述第二调用者调用所述被调用者以访问所述第一资源,所述第二权限信息指示第二权限,所述第二权限包括调用所述被调用者的权限,和/或,访问所述第一资源的权限;the third device sends a second access request and second permission information to the first device, where the second access request is used by the second caller to call the callee to access the first resource, The second permission information indicates a second permission, and the second permission includes the permission to invoke the callee, and/or the permission to access the first resource;
    所述第一设备响应于所述第二访问请求,将所述第二权限授予第二代理,将访问所述第二代理的权限授予所述被调用者的第二实例,所述第二代理为服务、进程或线程;the first device, in response to the second access request, grants the second permission to a second proxy, grants access to the second proxy to a second instance of the callee, the second proxy for a service, process or thread;
    所述第一设备运行所述第二实例,访问所述第二代理,并通过所述第二代理具备的所述第二权限,访问所述第一资源;The first device runs the second instance, accesses the second agent, and accesses the first resource through the second authority possessed by the second agent;
    其中,所述第一实例、所述第二实例为随机存取存储器RAM中运行的进程或线程,所述第二实例不同于所述第一实例,所述第二实例和所述第一实例相互隔离。Wherein, the first instance and the second instance are processes or threads running in random access memory RAM, the second instance is different from the first instance, the second instance and the first instance isolated from each other.
  5. 根据权利要求4所述的方法,其特征在于,所述第一设备将访问所述第一代理的权限授予所述被调用者的第一实例之前,所述方法还包括:The method of claim 4, wherein before the first device grants the first instance of the callee access to the first agent, the method further comprises:
    所述第一设备响应于所述第一访问请求,创建所述第一实例。The first device creates the first instance in response to the first access request.
  6. 根据权利要求1-5任一项所述的方法,其特征在于,所述第一代理包括:第一路由代理、第一撤销代理;所述第一路由代理、所述第一撤销代理为服务、进程或线程;The method according to any one of claims 1-5, wherein the first agent comprises: a first routing agent and a first withdrawing agent; the first routing agent and the first withdrawing agent are services , process or thread;
    所述第一设备将所述第一权限授予第一代理,将访问所述第一代理的权限授予所述被调用者,具体包括:所述第一设备将所述第一权限授予所述第一撤销代理,将访问所述第一路由代理的权限授予所述被调用者;The first device grants the first permission to the first agent, and grants the permission to access the first agent to the callee, which specifically includes: the first device grants the first permission to the first agent. a revocation proxy, granting the callee access to the first routing proxy;
    所述第一设备运行所述被调用者,访问所述第一代理,并通过所述第一代理具备的所述第一权限,访问所述第一资源,具体包括:所述第一设备运行所述被调用者,通过所述第一路由代理访问所述第一撤销代理,并通过所述第一撤销代理具备的所述第一权限,访问所述第一资源;The first device runs the callee, accesses the first agent, and accesses the first resource through the first authority possessed by the first agent, specifically including: the first device running The callee accesses the first revocation proxy through the first routing proxy, and accesses the first resource through the first authority possessed by the first revocation proxy;
    所述第一设备终止所述第一代理,或者,所述第一设备撤销所述第一代理具备的所述第一权限,具体包括:所述第一设备终止所述第一路由代理和/或所述第一撤销代理,或者,所述第一设备撤销所述第一撤销代理具备的所述第一权限。The first device terminates the first proxy, or the first device revokes the first authority possessed by the first proxy, which specifically includes: the first device terminates the first routing proxy and/or Or the first revocation agent, or the first device revokes the first authority possessed by the first revocation agent.
  7. 根据权利要求1-6任一项所述的方法,其特征在于,所述第一设备响应于所述第一访问请求,将所述第一权限授予第一代理之前,所述方法还包括:The method according to any one of claims 1-6, wherein before the first device grants the first permission to the first agent in response to the first access request, the method further comprises:
    所述第一设备响应于所述第一访问请求,创建所述第一代理。The first device creates the first proxy in response to the first access request.
  8. 根据权利要求1-7任一项所述的方法,其特征在于,所述第一权限具体包括:The method according to any one of claims 1-7, wherein the first authority specifically includes:
    所述第二设备调用所述被调用者的权限,和/或,所述第二设备访问所述第一资源的权限;the permission of the second device to invoke the callee, and/or the permission of the second device to access the first resource;
    和/或,and / or,
    所述第一调用者调用所述被调用者的权限,和/或,所述第一调用者访问所述第一资源的权限。The right of the first caller to invoke the callee, and/or the right of the first caller to access the first resource.
  9. 根据权利要求1-8任一项所述的方法,其特征在于,所述第二设备向所述第一设备发送第一访问请求和第一权限信息,具体包括:The method according to any one of claims 1-8, wherein the sending, by the second device, the first access request and the first permission information to the first device specifically includes:
    所述第二设备向所述第一设备发送第一访问请求,所述第一访问请求携带有第一权限信息。The second device sends a first access request to the first device, where the first access request carries first permission information.
  10. 根据权利要求1-9任一项所述的方法,其特征在于,所述第二设备向所述第一设备发送第一权限信息之前,所述方法还包括:The method according to any one of claims 1-9, wherein before the second device sends the first permission information to the first device, the method further comprises:
    所述第二设备输出提示信息,所述提示信息用于提示所述第一权限;the second device outputs prompt information, where the prompt information is used to prompt the first permission;
    所述第二设备接收到用户操作。The second device receives a user operation.
  11. 一种精准撤销权限的访问控制方法,其特征在于,所述方法应用于电子设备,所述电子设备中安装有被调用者,所述被调用者为应用程序APP或功能组件,所述APP为实现多个功能的程序实体,所述功能组件为实现单一功能的程序实体;An access control method for accurately revoking permissions, characterized in that the method is applied to an electronic device, and a callee is installed in the electronic device, and the callee is an application program APP or a functional component, and the APP is A program entity that realizes multiple functions, and the functional component is a program entity that realizes a single function;
    所述方法包括:The method includes:
    所述电子设备接收到所述第二设备发送的第一访问请求和第一权限信息,所述第一访问请求用于所述第二设备中的第一调用者调用所述被调用者以访问所述电子设备中的第一资源,所述第一权限信息指示第一权限,所述第一权限包括调用所述被调用者的权限,和/或,访问所述第一资源的权限;所述第一调用者为所述APP或所述功能组件;The electronic device receives a first access request and first permission information sent by the second device, where the first access request is used by a first caller in the second device to call the callee to access The first resource in the electronic device, the first permission information indicates a first permission, and the first permission includes the permission to invoke the callee, and/or the permission to access the first resource; the The first caller is the APP or the functional component;
    所述电子设备响应于所述第一访问请求,将所述第一权限授予第一代理,将访问所述第一代理的权限授予所述被调用者,所述第一代理为服务、进程或线程;The electronic device, in response to the first access request, grants the first authority to a first agent, and grants the callee the authority to access the first agent, where the first agent is a service, a process or thread;
    所述电子设备运行所述被调用者,访问所述第一代理,并通过所述第一代理具备的所述第一权限,访问所述第一资源;The electronic device runs the callee, accesses the first agent, and accesses the first resource through the first authority possessed by the first agent;
    所述电子设备终止所述第一代理,或者,所述电子设备撤销所述第一代理具备的所述第一权限。The electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent.
  12. 根据权利要求11所述的方法,其特征在于,所述第一权限信息还指示所述第一权限的时效,所述时效为以下任意一项:一次有效、在第一时间内有效或者在第一区域内有效;The method according to claim 11, wherein the first permission information further indicates the time limit of the first permission, and the time limit is any one of the following: valid once, valid within a first time, or valid within a first time valid in one area;
    所述电子设备终止所述第一代理,或者,所述电子设备撤销所述第一代理具备的所述第一权限,具体包括:The electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent, specifically including:
    如果所述时效为一次有效,所述电子设备在结束访问所述第一资源后,终止所述第一代理或者撤销所述第一代理具备的所述第一权限;If the time limit is valid for one time, the electronic device terminates the first agent or revokes the first authority possessed by the first agent after the electronic device finishes accessing the first resource;
    如果所述时效为在所述第一时间内有效或者在所述第一区域内有效,则所述电子设备在接收到所述第一权限信息的所述第一时间后,或者,在位于非所述第一区域时,终止所述第一代理或者撤销所述第一代理具备的所述第一权限。If the time limit is valid within the first time or within the first area, the electronic device may, after receiving the first time of the first permission information, or at a non- In the first area, the first agent is terminated or the first authority possessed by the first agent is revoked.
  13. 根据权利要求11所述的方法,其特征在于,所述电子设备终止所述第一代理,或者,所述电子设备撤销所述第一代理具备的所述第一权限,具体包括:The method according to claim 11, wherein the electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent, specifically comprising:
    所述电子设备在结束访问所述第一资源后,或者,在结束访问所述第一资源的第二时间后,终止所述第一代理或者撤销所述第一代理具备的所述第一权限。The electronic device terminates the first agent or revokes the first authority possessed by the first agent after ending access to the first resource, or after finishing accessing the first resource for a second time. .
  14. 根据权利要求11-13任一项所述的方法,其特征在于,The method according to any one of claims 11-13, wherein,
    所述电子设备将访问所述第一代理的权限授予所述被调用者,具体包括:所述电子设备将访问所述第一代理的权限授予所述被调用者的第一实例;The electronic device granting the right to access the first agent to the callee specifically includes: the electronic device granting the right to access the first agent to the first instance of the callee;
    所述电子设备运行所述被调用者,访问所述第一代理,具体包括:所述电子设备运行所述第一实例,访问所述第一代理;The electronic device running the callee and accessing the first agent specifically includes: the electronic device running the first instance and accessing the first agent;
    所述方法还包括:The method also includes:
    所述电子设备接收到第三设备发送的第二访问请求和第二权限信息,所述第二访问请求用于所述第三设备中的第二调用者调用所述被调用者以访问所述第一资源,所述第二权限信息指示第二权限,所述第二权限包括调用所述被调用者的权限,和/或,访问所述第一资源的权限;所述第二调用者为所述APP或所述功能组件;The electronic device receives a second access request and second permission information sent by a third device, where the second access request is used by a second caller in the third device to call the callee to access the The first resource, the second permission information indicates a second permission, and the second permission includes the permission to call the callee, and/or the permission to access the first resource; the second caller is the APP or the functional component;
    所述电子设备响应于所述第二访问请求,将所述第二权限授予第二代理,将访问所述第二代理的权限授予所述被调用者的第二实例,所述第二代理为服务、进程或线程;The electronic device, in response to the second access request, grants the second authority to a second agent, and grants the authority to access the second agent to a second instance of the callee, where the second agent is services, processes or threads;
    所述电子设备运行所述第二实例,访问所述第二代理,并通过所述第二代理具备的所述第二权限,访问所述第一资源;The electronic device runs the second instance, accesses the second agent, and accesses the first resource through the second authority possessed by the second agent;
    其中,所述第一实例、所述第二实例为随机存取存储器RAM中运行的进程或线程,所述第二实例不同于所述第一实例,所述第二实例和所述第一实例相互隔离。Wherein, the first instance and the second instance are processes or threads running in random access memory RAM, the second instance is different from the first instance, the second instance and the first instance isolated from each other.
  15. 根据权利要求14所述的方法,其特征在于,所述电子设备将访问所述第一代理的权限授予所述被调用者的第一实例之前,所述方法还包括:The method of claim 14, wherein before the electronic device grants the first instance of the callee access to the first agent, the method further comprises:
    所述电子设备响应于所述第一访问请求,创建所述第一实例。The electronic device creates the first instance in response to the first access request.
  16. 根据权利要求11-15任一项所述的方法,其特征在于,所述第一代理包括:第一路由代理、第一撤销代理;所述第一路由代理、所述第一撤销代理为服务、进程或线程;The method according to any one of claims 11-15, wherein the first agent comprises: a first routing agent and a first withdrawal agent; the first routing agent and the first withdrawal agent are services , process or thread;
    所述电子设备将所述第一权限授予第一代理,将访问所述第一代理的权限授予所述被调用者,具体包括:所述电子设备将所述第一权限授予所述第一撤销代理,将访问所述第一路由代理的权限授予所述被调用者;The electronic device grants the first authority to the first agent, and grants the callee the authority to access the first agent, specifically including: the electronic device grants the first authority to the first revocation an agent, granting the callee the right to access the first routing agent;
    所述电子设备运行所述被调用者,访问所述第一代理,并通过所述第一代理具备的所述第一权限,访问所述第一资源,具体包括:所述电子设备运行所述被调用者,通过所述第一路由代理访问所述第一撤销代理,并通过所述第一撤销代理具备的所述第一权限,访问所述第一资源;The electronic device runs the callee, accesses the first agent, and accesses the first resource through the first authority possessed by the first agent, specifically including: the electronic device running the The callee accesses the first revocation proxy through the first routing proxy, and accesses the first resource through the first authority possessed by the first revocation proxy;
    所述电子设备终止所述第一代理,或者,所述电子设备撤销所述第一代理具备的所述第一权限,具体包括:所述电子设备终止所述第一路由代理和/或所述第一撤销代理,或者,所述电子设备撤销所述第一撤销代理具备的所述第一权限。The electronic device terminates the first proxy, or the electronic device revokes the first authority possessed by the first proxy, specifically including: the electronic device terminates the first routing proxy and/or the electronic device The first revocation agent, or the electronic device revokes the first authority possessed by the first revocation agent.
  17. 根据权利要求11-16任一项所述的方法,其特征在于,所述电子设备响应于所述第一访问请求,将所述第一权限授予第一代理之前,所述方法还包括:The method according to any one of claims 11-16, wherein before the electronic device grants the first authority to the first agent in response to the first access request, the method further comprises:
    所述电子设备响应于所述第一访问请求,创建所述第一代理。The electronic device creates the first proxy in response to the first access request.
  18. 根据权利要求11-17任一项所述的方法,其特征在于,所述第一权限具体包括:The method according to any one of claims 11-17, wherein the first authority specifically includes:
    所述第二设备调用所述被调用者的权限,和/或,所述第二设备访问所述第一资源的权限;the permission of the second device to invoke the callee, and/or the permission of the second device to access the first resource;
    和/或,and / or,
    所述第一调用者调用所述被调用者的权限,和/或,所述第一调用者访问所述第一资源的权限。The right of the first caller to invoke the callee, and/or the right of the first caller to access the first resource.
  19. 根据权利要求11-18任一项所述的方法,其特征在于,所述电子设备接收到所述第二设备发送的第一访问请求和第一权限信息,具体包括:The method according to any one of claims 11-18, wherein the electronic device receives the first access request and the first permission information sent by the second device, and specifically includes:
    所述电子设备接收到所述第二设备发送的第一访问请求,所述第一访问请求携带有第一 权限信息。The electronic device receives a first access request sent by the second device, where the first access request carries first permission information.
  20. 一种精准撤销权限的访问控制方法,其特征在于,所述方法应用于电子设备,所述电子设备中安装有第一调用者和被调用者,所述第一调用者、所述被调用者为应用程序APP或功能组件,所述APP为实现多个功能的程序实体,所述功能组件为实现单一功能的程序实体;所述方法包括:An access control method for accurately revoking authority, characterized in that the method is applied to an electronic device, wherein a first caller and a callee are installed in the electronic device, and the first caller and the callee are installed in the electronic device. is an application program APP or a functional component, the APP is a program entity that implements multiple functions, and the functional component is a program entity that implements a single function; the method includes:
    所述电子设备生成第一访问请求,并获取第一权限,所述第一访问请求用于所述第一调用者调用所述被调用者以访问所述电子设备中的第一资源,所述第一权限包括调用所述被调用者的权限,和/或,访问所述第一资源的权限;The electronic device generates a first access request and acquires a first permission, the first access request is used by the first caller to call the callee to access the first resource in the electronic device, the The first permission includes the permission to invoke the callee, and/or the permission to access the first resource;
    所述电子设备响应于所述第一访问请求,将所述第一权限授予第一代理,将访问所述第一代理的权限授予所述被调用者;The electronic device, in response to the first access request, grants the first authority to a first agent, and grants the callee the authority to access the first agent;
    所述电子设备运行所述被调用者,访问所述第一代理,并通过所述第一代理具备的所述第一权限,访问所述第一资源;The electronic device runs the callee, accesses the first agent, and accesses the first resource through the first authority possessed by the first agent;
    所述电子设备终止所述第一代理,或者,所述电子设备撤销所述第一代理具备的所述第一权限。The electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent.
  21. 根据权利要求20所述的方法,其特征在于,所述第一权限具有时效,所述时效为以下任意一项:一次有效、在第一时间内有效或者在第一区域内有效;The method according to claim 20, wherein the first authority has a time limit, and the time limit is any one of the following: valid once, valid for a first time, or valid in a first area;
    所述电子设备终止所述第一代理,或者,所述电子设备撤销所述第一代理具备的所述第一权限,具体包括:The electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent, specifically including:
    如果所述时效为一次有效,所述电子设备在结束访问所述第一资源后,终止所述第一代理或者撤销所述第一代理具备的所述第一权限;If the time limit is valid for one time, the electronic device terminates the first agent or revokes the first authority possessed by the first agent after the electronic device finishes accessing the first resource;
    如果所述时效为在所述第一时间内有效或者在所述第一区域内有效,则所述电子设备在接收到所述第一权限信息的所述第一时间后,或者,在位于非所述第一区域时,终止所述第一代理或者撤销所述第一代理具备的所述第一权限。If the time limit is valid within the first time or within the first area, the electronic device may, after receiving the first time of the first permission information, or at a non- In the first area, the first agent is terminated or the first authority possessed by the first agent is revoked.
  22. 根据权利要求20所述的方法,其特征在于,所述电子设备终止所述第一代理,或者,所述电子设备撤销所述第一代理具备的所述第一权限,具体包括:The method according to claim 20, wherein the electronic device terminates the first agent, or the electronic device revokes the first authority possessed by the first agent, specifically comprising:
    所述电子设备在结束访问所述第一资源后,或者,在结束访问所述第一资源的第二时间后,终止所述第一代理或者撤销所述第一代理具备的所述第一权限。The electronic device terminates the first agent or revokes the first authority possessed by the first agent after ending access to the first resource, or after finishing accessing the first resource for a second time. .
  23. 根据权利要求20-22任一项所述的方法,其特征在于,所述电子设备中还安装有第二调用者,所述第二调用者为所述APP或所述功能组件;The method according to any one of claims 20-22, wherein a second caller is further installed in the electronic device, and the second caller is the APP or the functional component;
    所述电子设备将访问所述第一代理的权限授予所述被调用者,具体包括:所述电子设备将访问所述第一代理的权限授予所述被调用者的第一实例;The electronic device granting the right to access the first agent to the callee specifically includes: the electronic device granting the right to access the first agent to the first instance of the callee;
    所述电子设备运行所述被调用者,访问所述第一代理,具体包括:所述电子设备运行所述第一实例,访问所述第一代理;The electronic device running the callee and accessing the first agent specifically includes: the electronic device running the first instance and accessing the first agent;
    所述方法还包括:The method also includes:
    所述电子设备生成第二访问请求,并获取第二权限,所述第二访问请求用于所述第二调用者调用所述被调用者以访问所述第一资源,所述第二权限包括调用所述被调用者的权限,和/或,访问所述第一资源的权限;The electronic device generates a second access request, and acquires a second permission, the second access request is used by the second caller to call the callee to access the first resource, and the second permission includes the right to invoke the callee, and/or the right to access the first resource;
    所述电子设备响应于所述第二访问请求,将所述第二权限授予第二代理,将访问所述第二代理的权限授予所述被调用者的第二实例,所述第二代理为服务、进程或线程;The electronic device, in response to the second access request, grants the second authority to a second agent, and grants the authority to access the second agent to a second instance of the callee, where the second agent is services, processes or threads;
    所述电子设备运行所述第二实例,访问所述第二代理,并通过所述第二代理具备的所述第二权限,访问所述第一资源;The electronic device runs the second instance, accesses the second agent, and accesses the first resource through the second authority possessed by the second agent;
    其中,所述第一实例、所述第二实例为随机存取存储器RAM中运行的进程或线程,所述第二实例不同于所述第一实例,所述第二实例和所述第一实例相互隔离。Wherein, the first instance and the second instance are processes or threads running in random access memory RAM, the second instance is different from the first instance, the second instance and the first instance isolated from each other.
  24. 根据权利要求23所述的方法,其特征在于,所述电子设备将访问所述第一代理的权限授予所述被调用者的第一实例之前,所述方法还包括:The method of claim 23, wherein before the electronic device grants the first instance of the callee access to the first agent, the method further comprises:
    所述电子设备响应于所述第一访问请求,创建所述第一实例。The electronic device creates the first instance in response to the first access request.
  25. 根据权利要求20-24任一项所述的方法,其特征在于,所述第一代理包括:第一路由代理、第一撤销代理;所述第一路由代理、所述第一撤销代理为服务、进程或线程;The method according to any one of claims 20-24, wherein the first agent comprises: a first routing agent and a first withdrawing agent; the first routing agent and the first withdrawing agent are services , process or thread;
    所述电子设备将所述第一权限授予第一代理,将访问所述第一代理的权限授予所述被调用者,具体包括:所述电子设备将所述第一权限授予所述第一撤销代理,将访问所述第一路由代理的权限授予所述被调用者;The electronic device grants the first authority to the first agent, and grants the callee the authority to access the first agent, specifically including: the electronic device grants the first authority to the first revocation an agent, granting the callee the right to access the first routing agent;
    所述电子设备运行所述被调用者,访问所述第一代理,并通过所述第一代理具备的所述第一权限,访问所述第一资源,具体包括:所述电子设备运行所述被调用者,通过所述第一路由代理访问所述第一撤销代理,并通过所述第一撤销代理具备的所述第一权限,访问所述第一资源;The electronic device runs the callee, accesses the first agent, and accesses the first resource through the first authority possessed by the first agent, specifically including: the electronic device running the The callee accesses the first revocation proxy through the first routing proxy, and accesses the first resource through the first authority possessed by the first revocation proxy;
    所述电子设备终止所述第一代理,或者,所述电子设备撤销所述第一代理具备的所述第一权限,具体包括:所述电子设备终止所述第一路由代理和/或所述第一撤销代理,或者,所述电子设备撤销所述第一撤销代理具备的所述第一权限。The electronic device terminates the first proxy, or the electronic device revokes the first authority possessed by the first proxy, specifically including: the electronic device terminates the first routing proxy and/or the electronic device The first revocation agent, or the electronic device revokes the first authority possessed by the first revocation agent.
  26. 根据权利要求20-25任一项所述的方法,其特征在于,所述电子设备响应于所述第一访问请求,将所述第一权限授予第一代理之前,所述方法还包括:The method according to any one of claims 20-25, wherein before the electronic device grants the first permission to the first agent in response to the first access request, the method further comprises:
    所述电子设备响应于所述第一访问请求,创建所述第一代理。The electronic device creates the first proxy in response to the first access request.
  27. 根据权利要求20-26任一项所述的方法,其特征在于,所述第一权限具体包括:The method according to any one of claims 20-26, wherein the first authority specifically includes:
    所述电子设备调用所述被调用者的权限,和/或,所述电子设备访问所述第一资源的权限;the permission of the electronic device to invoke the callee, and/or the permission of the electronic device to access the first resource;
    和/或,and / or,
    所述第一调用者调用所述被调用者的权限,和/或,所述第一调用者访问所述第一资源的权限。The permission of the first caller to invoke the callee, and/or the permission of the first caller to access the first resource.
  28. 根据权利要求20-27任一项所述的方法,其特征在于,所述电子设备获取第一权限之前,所述方法还包括:The method according to any one of claims 20-27, wherein before the electronic device acquires the first permission, the method further comprises:
    所述电子设备输出提示信息,所述提示信息用于提示所述第一权限;The electronic device outputs prompt information, where the prompt information is used to prompt the first authority;
    所述电子设备接收到用户操作。The electronic device receives a user operation.
  29. 一种电子设备,其特征在于,包括:存储器、一个或多个处理器;所述存储器与所述一个或多个处理器耦合,所述存储器用于存储计算机程序代码,所述计算机程序代码包括 计算机指令,所述一个或多个处理器调用所述计算机指令以使得所述电子设备执行如权利要求11-19或20-28中任一项所述的方法。An electronic device, characterized in that it comprises: a memory and one or more processors; the memory is coupled to the one or more processors, and the memory is used to store computer program codes, and the computer program codes include Computer instructions invoked by the one or more processors to cause the electronic device to perform the method of any of claims 11-19 or 20-28.
  30. 一种计算机可读存储介质,包括指令,其特征在于,当所述指令在电子设备上运行时,使得所述电子设备执行如权利要求11-19或20-28中任一项所述的方法。A computer-readable storage medium comprising instructions, characterized in that, when the instructions are executed on an electronic device, the electronic device is caused to perform the method according to any one of claims 11-19 or 20-28 .
  31. 一种计算机程序产品,其特征在于,当所述计算机程序产品在计算机上运行时,使得计算机执行如权利要求11-19或20-28中任一项所述的方法。A computer program product, characterized in that, when the computer program product is run on a computer, the computer is caused to execute the method according to any one of claims 11-19 or 20-28.
  32. 一种通信系统,其特征在于,所述通信系统包括:第一设备、第二设备,所述第一设备用于执行如权利要求11-19中任一项所述的方法。A communication system, characterized in that the communication system comprises: a first device and a second device, wherein the first device is configured to execute the method according to any one of claims 11-19.
PCT/CN2022/082869 2021-03-26 2022-03-24 Access control method for precise permission revocation, related apparatus, and system WO2022199672A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN202110327079 2021-03-26
CN202110327079.9 2021-03-26
CN202210211570.XA CN115130132A (en) 2021-03-26 2022-03-04 Access control method for accurately revoking authority, related device and system
CN202210211570.X 2022-03-04

Publications (1)

Publication Number Publication Date
WO2022199672A1 true WO2022199672A1 (en) 2022-09-29

Family

ID=83376285

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/082869 WO2022199672A1 (en) 2021-03-26 2022-03-24 Access control method for precise permission revocation, related apparatus, and system

Country Status (2)

Country Link
CN (1) CN115130132A (en)
WO (1) WO2022199672A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116702100B (en) * 2022-10-21 2024-04-16 荣耀终端有限公司 Authority management method and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101097592A (en) * 2006-06-26 2008-01-02 华为技术有限公司 Method and apparatus for operating authority
US20140369485A1 (en) * 2013-06-13 2014-12-18 Jacada Inc. System and method for identifying a caller via a call connection, and matching the caller to a user session involving the caller
CN107784221A (en) * 2016-08-30 2018-03-09 阿里巴巴集团控股有限公司 Authority control method, service providing method, device, system and electronic equipment
CN111859418A (en) * 2020-06-24 2020-10-30 华为技术有限公司 Atomic capability calling method and terminal equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101097592A (en) * 2006-06-26 2008-01-02 华为技术有限公司 Method and apparatus for operating authority
US20140369485A1 (en) * 2013-06-13 2014-12-18 Jacada Inc. System and method for identifying a caller via a call connection, and matching the caller to a user session involving the caller
CN107784221A (en) * 2016-08-30 2018-03-09 阿里巴巴集团控股有限公司 Authority control method, service providing method, device, system and electronic equipment
CN111859418A (en) * 2020-06-24 2020-10-30 华为技术有限公司 Atomic capability calling method and terminal equipment

Also Published As

Publication number Publication date
CN115130132A (en) 2022-09-30

Similar Documents

Publication Publication Date Title
EP4002108B1 (en) Application start method and electronic device
CN109669723B (en) Hardware access method, apparatus, device and machine readable medium
WO2020238728A1 (en) Login method for intelligent terminal, and electronic device
WO2022179379A1 (en) Access control method, electronic device and system
WO2022089121A1 (en) Method and apparatus for processing push message
WO2020107463A1 (en) Electronic device control method and electronic device
WO2022022422A1 (en) Permission management method and terminal device
US20240086231A1 (en) Task migration system and method
WO2022253158A1 (en) User privacy protection method and apparatus
WO2022199672A1 (en) Access control method for precise permission revocation, related apparatus, and system
US20230236714A1 (en) Cross-Device Desktop Management Method, First Electronic Device, and Second Electronic Device
WO2022188683A1 (en) Flexibly authorized access control method, and related apparatus and system
WO2022199499A1 (en) Access control method, electronic device, and system
CN115114637A (en) Access control method based on permission transfer, related device and system
CN115238299A (en) Access control method based on security level, related device and system
WO2023284555A1 (en) Method for securely calling service, and method and apparatus for securely registering service
CN115203716A (en) Permission synchronization method, related device and system
CN115203731A (en) Access control method based on security sensitivity, related device and system
EP4266202A1 (en) Data protection method and system, and medium and electronic device
WO2022247626A1 (en) Application identity-based access control method, related apparatus, and system
US20240135033A1 (en) Access control method, electronic device, and system
US20240176872A1 (en) Access Control Method, Electronic Device, and System
WO2022194156A1 (en) Distributed access control method and related apparatus and system
CN115146305A (en) Access control method based on access policy, related device and system
CN115426122A (en) Access control method based on permission adaptation, related device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22774326

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22774326

Country of ref document: EP

Kind code of ref document: A1