WO2023185881A1

WO2023185881A1 - Application program permission management method, system, and related apparatus

Info

Publication number: WO2023185881A1
Application number: PCT/CN2023/084514
Authority: WO
Inventors: 王代斌
Original assignee: 华为技术有限公司
Priority date: 2022-03-30
Filing date: 2023-03-28
Publication date: 2023-10-05
Also published as: CN116933219A

Abstract

The present application provides an application program permission management method, a system, and a related apparatus. The method comprises: an electronic device generating first permission information, or displaying a user interface for indicating the first permission information, and the electronic device then being capable of receiving a first user operation and displaying a permission management interface; the electronic device receiving a second user operation on the permission management interface, and being capable of determining a device 3 where an application is located and a device 4 where a permission is located; according to the first permission information and the devices 3 and 4, the electronic device being capable of generating second permission information and sending same to the device 4; and the device 4 being capable of storing the second permission information, or refusing to store the second permission information and modifying the second permission information into third permission information. In addition, each electronic device in a system can use locally stored permission information to control resource access in the system. The method can improve the efficiency of managing the application program permission of each device in a communication system, save the time of a user, and optimize the device use experience of the user.

Description

Application rights management method, system and related devices

This application claims priority to the Chinese patent application filed with the China Patent Office on March 30, 2022, with application number 202210326241. incorporated in this application.

Technical field

The present application relates to the field of terminal technology, and in particular to application rights management methods, systems and related devices.

Background technique

With the continuous development of communication technology, various electronic devices have gradually become an important part of people's lives. Since electronic devices may store a large amount of sensitive data involving user privacy, how to manage permissions for many applications installed in electronic devices and protect user privacy has become a topic of increasing concern.

At present, with the development of information technology, the functions and categories of electronic devices on the market are becoming increasingly rich. There are gradually increasing scenarios where users hold multiple electronic devices at the same time and use each electronic device to work together. How to manage application permissions in a multi-device scenario and balance user privacy protection and user experience is a direction worthy of research in this field.

Contents of the invention

This application provides an application permission management method, system and related devices. By implementing this method, users can manage application permissions on only one electronic device without having to set them separately on each electronic device, and there is no need for the user to configure the application permissions on multiple electronic devices. Switch back and forth in electronic devices. As a result, the efficiency of managing application permissions of each device in the communication system can be improved, the user's time can be saved, and the user's device usage experience can be optimized.

In a first aspect, embodiments of the present application provide an application rights management method, which is applied to a communication system including a first device and a fifth device. The method includes: the first device generates first rights information, or, the first device A device displays a user interface for indicating first permission information, and the first permission information indicates an access policy of a first application of a second device to a first resource of a third device. After receiving the first operation, the first device displays a rights management interface. After receiving the second operation on the rights management interface, the first device determines that the fourth device and the fifth device are different, and the fourth device and the fifth device are different. The first device generates second permission information, the second permission information indicates the access policy of the first application of the fourth device to the first resource of the fifth device, and the access policy of the first permission information is the same as the access policy of the second permission information. The first device sends the second permission information to the fifth device.

By implementing the method provided in the first aspect, the user can manage the permissions of applications in the device itself or other devices in the communication system on an electronic device in the communication system. In this embodiment of the present application, the permissions of an application may include permissions for applications on a device to access resources on the same device, and may also include permissions for applications on a device to access resources on other devices across devices. In this way, if the user needs to set application permissions in multiple devices in the communication system, the above settings can be completed on only one electronic device. There is no need for the user to set settings on each electronic device separately, and there is no need for the user to go back and forth among multiple electronic devices. Switching can improve the efficiency of managing application permissions of each device in the communication system, save users' time, and optimize the user's device usage experience.

In conjunction with the first aspect, in some implementations, the first device, the second device, and the third device are the same device, and before the first device generates the first permission information, the method further includes: the first device runs the first application. First device shows first The first user interface provided by the application is used by the first application to request access to the first resource. A third operation is received, and the third operation is used to trigger the first device to generate the first permission information.

In conjunction with the above embodiments, after the first device receives the third operation, the method may further include: the first device displays a second user interface, and the second user interface includes prompt information and a first control. The prompt information is used to prompt to synchronize the access policy of the first application to the first resource with other devices. In this case, the first operation includes a user operation acting on the first control.

With reference to the first aspect, in some embodiments, the first device, the second device, and the third device are the same device; the user interface displayed by the first device for indicating the first permission information is provided by the setting application of the first device .

In conjunction with the above embodiments, the user interface for indicating the first permission information may include: prompt information and a second control. The prompt information is used to prompt to synchronize the access policy of the first application to the first resource to other devices in the communication system. In this case, the first operation includes a user operation acting on the second control.

Combined with the first aspect, in some implementations, the rights management interface displays: one or more device controls. The second operation includes: dragging the first device control to make the distance between the first device control and the second device control smaller than a preset value, or acting on the input of the first device control and the second device control respectively. operate. The fourth device is a device corresponding to the first device control, and the fifth device is a device corresponding to the second device control.

It can be understood that the user can select the fourth device and the fifth device for generating the second permission information in the above permission management interface. In most cases, the first device, the fourth device, and the fifth device are different.

With reference to the first aspect, in some implementations, after the first device sends the second permission information to the fifth device, the method further includes: the first device sends the second permission information to the fourth device. Alternatively, the first device sends the second permission information to the sixth device, the sixth device is different from the fifth device, and the sixth device is a device trusted by the first device. Alternatively, the first device sends the second permission information to the server, and the server is used to manage the first device, the second device, the third device, the fourth device, and the fifth device.

It can be understood that the second permission information can be stored in the electronic device or server in the communication system, so that the user can query or modify the permission information on each device, which improves the convenience of the user's permission information management.

In conjunction with the first aspect, in some implementations, after the first device sends the second permission information to the fifth device, the method further includes: after the fifth device receives the second permission information, store the second permission information.

In conjunction with the first aspect, in some implementations, after the first device sends the second permission information to the fifth device, the method further includes: the fifth device displays a second user interface, and the second user interface displays prompt information. The prompt information Used to ask the user whether to allow setting of the access policy indicated by the first permission information. The fifth device receives the fourth operation, and the fifth device stores the second permission information. Alternatively, the fifth device receives the fifth operation, the fifth device refuses to store the second permission information, and sends a notification message to the first device, and the first device deletes the stored second permission information.

It can be understood that, therefore, the first device must synchronize the second permission information based on the permission of the fifth device. Reduces the risk of permission information being maliciously tampered with without the fifth device's knowledge, ensuring user privacy and security.

With reference to the first aspect, in some embodiments, after the fifth device receives the fifth operation, the method further includes: the fifth device displays a third user interface, and the third user interface displays the first application pair of the fourth device. One or more access policies for the first resource of the five devices. The fifth device receives the sixth operation, generates and stores third permission information, the third permission information indicates the access policy of the first application of the fourth device to the first resource of the fifth device, and the access policy of the third permission information is different from Access policy for secondary permission information. The fifth device sends the third permission information to the first device. The first device updates the stored second permission information to the third permission information.

It can be understood that, after refusing to accept the second permission information generated by the first device, the fifth device can modify the rejected permission information and store the modified permission information. This way, user privacy can be protected from illegal infringement.

Combined with the first aspect, in some implementations, the fourth device sends an access request to the fifth device, and the access request is used to The first application in the fourth device requests access to the first resource in the fifth device. The fifth device displays prompt information and the second control. The prompt information is used to prompt that the first resource in the fifth device is being accessed by the first application in the fourth device. The fifth device receives the seventh operation that acts on the second control and displays a fourth user interface. The fourth user interface displays one or more access policies for the first resource of the fifth device by the first application of the fourth device. . The fifth device receives the eighth operation, generates and stores fourth permission information, the fourth permission information indicates the access policy of the first application of the fourth device to the first resource of the fifth device, and the access policy of the fourth permission information is different from Access policy for secondary permission information. The fifth device sends the fourth permission information to the first device. The first device updates the stored second permission information to fourth permission information.

It can be understood that when the resources of the fifth device are accessed by applications on other devices, the fifth device can display prompt information to let the user know in a timely manner that the resources on the device are being accessed by applications on other devices. In addition, users can also update the access policy in the permission information at any time according to current needs to protect user privacy from illegal infringement.

In conjunction with the first aspect, in some implementations, each electronic device in the communication system can use locally stored permission information to control resource access in the communication system. The locally stored permission information may include, for example, the aforementioned first permission information or second permission information. Specifically, the electronic device 200 may generate an access request, which is used to instruct the application 1 in the electronic device 200 to request access to the resource 1 in the electronic device 300 . Afterwards, the electronic device 200 may send an access request to the electronic device 300. The electronic device 300 receives the access request, and the electronic device 300 can authenticate. Electronic device 300 authentication is a process in which the electronic device 300 determines whether the application 1 in the electronic device 200 has the permission to access the resource 1 in the electronic device 300 based on the permission information database. Afterwards, the electronic device 300 can decide whether to respond to the access request based on the authentication result.

Combined with the above embodiments, after the electronic device 200 generates an access request and before the electronic device 200 can send an access request to the electronic device 300, the electronic device 200 can also authenticate. Electronic device 200 authentication is a process in which the electronic device 200 determines whether the application 1 in the electronic device 200 has the permission to access the resource 1 in the electronic device 300 based on the permission information database. If the electronic device 200 determines that the application 1 in the electronic device 200 does not have the permission to access the resource 1 in the electronic device 300, the electronic device 200 may terminate the processing of the above access request. If the electronic device 200 determines that the application 1 in the electronic device 200 has the permission to access the resource 1 in the electronic device 300, the electronic device 200 can continue to perform subsequent steps in the above implementation.

Combining the first aspect, the second device, the third device, the fourth device, and the fifth device are all devices trusted by the first device.

In a second aspect, embodiments of the present application provide an electronic device. The electronic device includes a memory and a processor. The memory is used to store a computer program, and the processor is used to call the computer program, so that the electronic device executes the first aspect or any of the first aspects. One embodiment of the method.

In a third aspect, embodiments of the present application provide a computer program product containing instructions, which when the computer program product is run on a computer, causes the computer to execute the method of the first aspect or any implementation of the first aspect.

In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, which includes instructions. When the instructions are run on an electronic device, the electronic device causes the electronic device to execute the method of the first aspect or any one of the embodiments of the first aspect.

It can be understood that the electronic device provided in the second aspect, the computer program product provided in the third aspect, and the computer-readable storage medium provided in the fourth aspect are all used to execute the method provided by the embodiment of the present application. Therefore, the beneficial effects it can achieve can be referred to the beneficial effects in the corresponding methods, and will not be described again here.

Description of drawings

Figure 1 is a schematic structural diagram of a communication system 10 provided by an embodiment of the present application;

Figure 2 is a schematic structural diagram of an electronic device 100 provided by an embodiment of the present application;

Figure 3 is a software structure block diagram of the electronic device 100 provided by the embodiment of the present application;

4A to 4C are involved when the application of the electronic device 100 provided by the embodiment of the present application requests permission to access resources. A set of user interfaces;

Figure 4D is a user interface for triggering the electronic device 100 to display a rights management interface provided by an embodiment of the present application;

Figures 5A to 5E are user interfaces for indicating first permission information of the electronic device 100 provided by the embodiment of the present application;

Figure 5F is another user interface for triggering the electronic device 100 to display a rights management interface provided by an embodiment of the present application;

Figures 6A to 6E are user interfaces involved in generating second permission information by the electronic device 100 provided by the embodiment of the present application;

Figures 7A to 7F are user interfaces involved in synchronizing permission information of the electronic device 100 provided by the embodiment of the present application;

Figures 8A to 8J are user interfaces involved in managing trusted devices/device groups by the electronic device 100 provided by the embodiment of the present application;

Figure 9 is a user interface involved in updating permission information of the electronic device 100 provided by the embodiment of the present application;

Figure 10 is a flow chart of an application rights management method provided by an embodiment of the present application.

Detailed ways

The technical solutions in the embodiments of the present application will be described clearly and in detail below with reference to the accompanying drawings. Among them, in the description of the embodiments of this application, unless otherwise stated, "/" means or, for example, A/B can mean A or B; "and/or" in the text is only a way to describe related objects. The association relationship means that there can be three relationships. For example, A and/or B can mean: A exists alone, A and B exist simultaneously, and B exists alone. In addition, in the description of the embodiment of the present application , "plurality" means two or more than two.

Hereinafter, the terms “first” and “second” are used for descriptive purposes only and shall not be understood as implying or implying relative importance or implicitly specifying the quantity of indicated technical features. Therefore, the features defined as “first” and “second” may explicitly or implicitly include one or more of the features. In the description of the embodiments of this application, unless otherwise specified, “plurality” The meaning is two or more.

Embodiments of the present application provide application rights management methods, systems and related devices.

By implementing the application rights management method provided by the embodiments of this application, the user can manage the rights of applications in the device itself or other devices in the communication system on an electronic device in the communication system. In this embodiment of the present application, the permissions of an application may include permissions for applications on a device to access resources on the same device, and may also include permissions for applications on a device to access resources on other devices across devices. In this way, if the user needs to set application permissions in multiple devices in the communication system, the above settings can be completed on only one electronic device. There is no need for the user to set settings on each electronic device separately, and there is no need for the user to go back and forth among multiple electronic devices. Switching can improve the efficiency of managing application permissions of each device in the communication system, save users' time, and optimize the user's device usage experience.

Specifically, in this method, after the user triggers the electronic device 100 to generate the first permission information, or after the electronic device 100 displays a user interface indicating the first permission information, the electronic device 100 may receive the first user operation, The rights management interface is displayed on the display screen. Upon receiving the second user operation on the rights management interface, the electronic device 100 can determine the device 3 where the application is located and the device 4 where the resource is located. The electronic device 100 can generate the second permission information based on the first permission information, and the device 3 and the device 4 . Afterwards, the electronic device 100 may send the second permission information to some or all electronic devices in the communication system.

The first permission information may be used to indicate the access policy of application 1 in device 1 to resource 1 in device 2. The second permission information may be used to indicate the access policy of application 1 in device 3 to resource 1 in device 4. The access policies for the first authority information and the second authority information are the same.

Among them, device 1 and device 2 may be the same device or different devices. Device 3 and device 4 may be the same device or different devices. The electronic device 100 and the device 1 may be the same device or different devices.

The electronic device 100 and the device 3 may be the same device or different devices. Electronic equipment 100 and equipment 3 phase At the same time, the above method supports the user to set on the electronic device 100 the access policy of the application program on the device for each resource in the communication system. When the electronic device 100 and the device 3 are different, the above method supports the user to set on the electronic device 100 access policies for various resources in the communication system for applications on other devices.

In the following embodiments of this application, the permission information may include the following items: the identification of the application, the identification of the device where the application is located, the identification of the resource, the identification of the device where the resource is located, and the access policy. This permission information is used to indicate the application's access policy to resources.

The resources of the electronic device may include data resources, software resources, hardware resources of the electronic device, and peripheral resources of the electronic device. The data resources may be, for example, text, images, audio and video, etc. stored in electronic devices. Software resources can be, for example, various applications, drivers, etc. stored in electronic devices. Hardware resources can be, for example, cameras, microphones, displays, etc. Peripheral resources may be, for example, mice, keyboards, speakers, etc. that are externally connected to the electronic device.

The process of an application accessing resources can be the process of obtaining data resources for the application, or the process of the application calling software resources, hardware resources or peripheral resources. Applications of electronic devices in the communication system can access the resources of this device or cross-device access the resources of other devices in the communication system.

In some embodiments, electronic device 100 may determine multiple groups of devices 3 and 4 . The electronic device 100 can batch generate multiple pieces of second permission information based on the first permission information and the above-mentioned multiple groups of devices 3 and 4 . As a result, the electronic device 100 can generate multiple pieces of permission information in a short period of time, that is, the user can simultaneously set resource access policies for multiple applications through the electronic device 100, which improves the efficiency of user application permission management.

In the above method, the electronic device 100 may send the second permission information to the electronic device associated with the second permission information. The electronic device associated with the second permission information is the device where the resource indicated by the second permission information is located. For example, the electronic device 100 may send the second permission information to the device 4 .

In some embodiments, after receiving the second permission information sent by the electronic device 100, the electronic device associated with the second permission information can store the second permission information to accept the access policy indicated by the second permission information; or , or the second permission information may not be stored to deny the access policy indicated by the second permission information. Therefore, the electronic device 100 must synchronize the second permission information based on the permission of the device 4 . This reduces the risk of permission information being maliciously tampered with without the knowledge of the device 4, and ensures user privacy and security.

In some embodiments, after the electronic device associated with the second permission information rejects the access policy indicated by the second permission information, the electronic device 100 may be notified of the rejection information. If the electronic device 100 stores the second permission information, then upon receiving the above rejection information, the electronic device 100 can delete the second permission information. If the electronic device 100 does not store the second permission information, then upon receiving the above rejection information, the electronic device 100 may no longer store the second permission information.

In some embodiments, after the electronic device associated with the second permission information rejects the access policy indicated by the second permission information, the second permission information can also be modified and the modified second permission information is sent to the electronic device. 100. If the electronic device 100 stores the second permission information, then after receiving the modified second permission information, the electronic device 100 can update the stored second permission information to the modified second permission information. In some embodiments, the electronic device 100 may resend the updated second permission information to other electronic devices in the communication system other than the electronic device associated with the second permission information.

The permission information stored in each electronic device in the embodiment of the present application, such as the above-mentioned first permission information or the second permission information, can be used for authentication when applications in the communication system access resources. When an electronic device in the communication system generates an access request, it can be determined based on the stored permission information whether the electronic device has the permissions required for the access request. If so, the access request is sent to the device where the corresponding resource is located. The device where the resource is located can also determine whether the electronic device has the permissions required for the access request based on the stored permission information, and if so, respond to the access request. If the electronic device that generates the access request and the device where the resource is located are the same device, the process of sending the access request between the above devices can be omitted. Therefore, the electronic device that generates the access request can be authenticated in advance before sending the access request to the device where the corresponding resource is located, which reduces invalid interactions between devices and improves the efficiency of the electronic device in processing access requests. In addition, the application of electronic devices in the communication system must strictly follow the access policy in the permission information to access the resources of the electronic devices in the system, which reduces the risk of the resources of the electronic devices in the system being accessed at will and ensures user privacy and security. . When an application in the communication system accesses resources, the electronic device where the application is located and the device where the resource is located perform bilateral authentication, which can effectively ensure the accuracy of the authentication results and ensure that the application strictly follows the access policy in the permission information. Access rights further protect user privacy from illegal infringement.

The following is a detailed introduction to the implementation of the above application rights management method, system and related devices.

First, a schematic structural diagram of the communication system 10 provided by the embodiment of the present application is introduced.

Referring to Figure 1, Figure 1 shows a communication system 10 provided by an embodiment of the present application. As shown in Figure 1, communication system 10 includes a plurality of electronic devices. An electronic device in the communication system 10 and some or all devices in the communication system 10 have a trust relationship. Electronic devices with a trust relationship allow each other to manage the permissions of applications on their own devices. Exemplarily, FIG. 1 shows a communication system 10 composed of an electronic device 100, a MatePad, a MateBook, a smart watch, Sound X, and a Vision.

The electronic devices in the communication system 10 may be portable electronic devices such as mobile phones, tablet computers, wearable devices, notebook computers, netbooks, and personal digital assistants (personal digital assistants, PDAs). Exemplary embodiments of portable electronic devices include, but are not limited to, portable electronic devices equipped with iOS, Android, Microsoft, or other operating systems. It should also be understood that in other embodiments of the present application, the electronic device may not be a portable electronic device, but may be a smart TV, a smart speaker, a smart screen, a desktop computer, or an electronic billboard, etc. The embodiments of this application do not place any restrictions on device types. In the embodiment of this application, the electronic device is usually an intelligent electronic device that can provide a user interface, interact with the user, and provide business functions for the user.

Each electronic device in the communication system 10 stores a permission information library, and the permission information library may include one or more pieces of permission information. Permission information may include the following items: the identification of the application, the identification of the device where the application is located, the identification of the resource, the identification of the device where the resource is located, and the access policy. This permission information is used to indicate the application's access policy to resources. The above access policy may be an application's access policy to device resources of the same device, or may be an application's access policy to device resources of a different device. For example, the application's access policy to the device resources of the same device may be the access policy of application 1 of the electronic device 100 to the electronic device 100's own camera resources, and the application's access policy to the device resources of a different device may be the application of the electronic device 100 1 Access policy to MatePad’s camera resources.

The electronic device 100 in the communication system 10 may be configured to generate first permission information in response to user operations. Alternatively, in response to the user operation, a user interface indicating the first permission information is displayed. After the electronic device 100 generates the first permission information or displays a user interface indicating the first permission information, the electronic device 100 may be configured to receive a first user operation. The rights management interface is displayed on the display screen. The rights management interface can be used for the user to determine the device 3 where one or more groups of applications are located and the device 4 where the resources are located. The electronic device 100 may generate one or more pieces of second permission information based on the above one or more groups of devices 3 and 4 and the first permission information stored by the electronic device 100 .

In this embodiment of the present application, connections can be established between electronic devices in the communication system 10 based on various wired communication methods, wireless communication methods, or mobile communication methods. The above wired communication method can be coaxial cable communication, universal serial bus (USB) interface communication, RS232 serial port communication, etc. The above-mentioned wireless communication methods may be Bluetooth communication, wireless fidelity (WiFi) communication, ultra wide band (UWB) communication, infrared (infrared) communication, near field communication (NFC), etc. The above-mentioned mobile communication methods can be 2G/3G/4G/5G communication, etc. For example, each electronic device may have a USB communication module, an RS232 serial communication module, and a Bluetooth communication module. One or more communication modules among the block, WiFi communication module, UWB communication module, infrared communication module, NFC communication module, 2G/3G/4G/5G communication module, each electronic device can be based on one of the above or multiple communication modules to establish connections.

In some embodiments, connections between electronic devices can also be established based on a server. For example, each electronic device can log in to the same server and establish a connection through the server.

Electronic devices in the communication system 10 can transmit information based on the established connection. The information transmitted between the devices includes the second permission information generated by the electronic device 100, as well as access requests for cross-device access between devices, and others. some information.

Enable applications to access device resources across devices. In addition, the electronic devices in the communication system 10 can also transmit information based on the established connection to realize the transmission of authority information.

In some embodiments, the electronic devices in the communication system 10 have equal status, and the electronic device 100 can be any electronic device in the communication system 10 .

In other embodiments, communication system 10 includes one or more master devices, and one or more slave devices. The electronic device 100 is a master device in the communication system 10 . The master device and the slave device may be determined by the user, or may be determined by negotiation among all devices in the communication system 10 . In some embodiments, electronic devices of a specific form in the communication system 10 are always set as master devices, and electronic devices of non-specific forms are always set as slave devices. For example, the specific form is a mobile phone form.

The electronic equipment involved in the embodiments of the present application is introduced below.

FIG. 2 shows a schematic structural diagram of the electronic device 100.

The electronic device 100 may include a processor 110, an external memory interface 120, an internal memory 121, a USB interface 130, a charging management module 140, a power management module 141, a battery 142, an antenna 1, an antenna 2, a mobile communication module 150, and a wireless communication module 160. , audio module 170, speaker 170A, receiver 170B, microphone 170C, headphone interface 170D, sensor module 180, button 190, motor 191, indicator 192, camera 193, display screen 194, and subscriber identification module (SIM) Card interface 195, etc. The sensor module 180 may include a pressure sensor 180A, a gyro sensor 180B, an air pressure sensor 180C, a magnetic sensor 180D, an acceleration sensor 180E, a distance sensor 180F, a proximity light sensor 180G, a fingerprint sensor 180H, a temperature sensor 180J, a touch sensor 180K, and ambient light. Sensor 180L, bone conduction sensor 180M, etc.

It can be understood that the structure illustrated in the embodiment of the present application does not constitute a specific limitation on the electronic device 100 . In other embodiments of the present application, the electronic device 100 may include more or fewer components than shown in the figures, or some components may be combined, some components may be separated, or some components may be arranged differently. The components illustrated may be implemented in hardware, software, or a combination of software and hardware.

The processor 110 may include one or more processing units. For example, the processor 110 may include an application processor (application processor, AP), a modem processor, a graphics processing unit (GPU), and an image signal processor. (image signal processor, ISP), controller, memory, video codec, digital signal processor (digital signal processor, DSP), baseband processor, and/or neural-network processing unit (NPU) wait. Among them, different processing units can be independent devices or integrated in one or more processors.

The controller may be the nerve center and command center of the electronic device 100 . The controller can generate operation control signals based on the instruction operation code and timing signals to complete the control of fetching and executing instructions.

The processor 110 may also be provided with a memory for storing instructions and data. In some embodiments, the memory in processor 110 is cache memory. This memory may hold instructions or data that have been recently used or recycled by processor 110 . If the processor 110 needs to use the instructions or data again, it can be called directly from the memory. Repeated access is avoided and the waiting time of the processor 110 is reduced, thus improving the efficiency of the system.

In some embodiments, processor 110 may include one or more interfaces. Interfaces may include integrated circuit (inter-integrated circuit, I2C) interface, integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, pulse code modulation (pulse code modulation, PCM) interface, universal asynchronous receiver and transmitter (universal asynchronous receiver/transmitter (UART) interface, mobile industry processor interface (MIPI), general-purpose input/output (GPIO) interface, subscriber identity module (SIM) interface, and /or USB interface, etc.

The wireless communication function of the electronic device 100 can be implemented through the antenna 1, the antenna 2, the mobile communication module 150, the wireless communication module 160, the modem processor and the baseband processor.

Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals. Each antenna in electronic device 100 may be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization. For example: Antenna 1 can be reused as a diversity antenna for a wireless LAN. In other embodiments, antennas may be used in conjunction with tuning switches.

The mobile communication module 150 can provide solutions for wireless communication including 2G/3G/4G/5G applied on the electronic device 100 . The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (LNA), etc. The mobile communication module 150 can receive electromagnetic waves through the antenna 1, perform filtering, amplification and other processing on the received electromagnetic waves, and transmit them to the modem processor for demodulation. The mobile communication module 150 can also amplify the signal modulated by the modem processor and convert it into electromagnetic waves through the antenna 1 for radiation. In some embodiments, at least part of the functional modules of the mobile communication module 150 may be disposed in the processor 110 . In some embodiments, at least part of the functional modules of the mobile communication module 150 and at least part of the modules of the processor 110 may be provided in the same device.

A modem processor may include a modulator and a demodulator. Among them, the modulator is used to modulate the low-frequency baseband signal to be sent into a medium-high frequency signal. The demodulator is used to demodulate the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then transmits the demodulated low-frequency baseband signal to the baseband processor for processing. After the low-frequency baseband signal is processed by the baseband processor, it is passed to the application processor. The application processor outputs sound signals through audio devices (not limited to speaker 170A, receiver 170B, etc.), or displays images or videos through display screen 194. In some embodiments, the modem processor may be a stand-alone device. In other embodiments, the modem processor may be independent of the processor 110 and may be provided in the same device as the mobile communication module 150 or other functional modules.

The wireless communication module 160 can provide applications on the electronic device 100 including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) network), Bluetooth (bluetooth, BT), and global navigation satellites. System (global navigation satellite system, GNSS), frequency modulation (frequency modulation, FM), near field communication technology (near field communication, NFC), infrared technology (infrared, IR) and other wireless communication solutions. The wireless communication module 160 may be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via the antenna 2 , frequency modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 110 . The wireless communication module 160 can also receive the signal to be sent from the processor 110, frequency modulate it, amplify it, and convert it into electromagnetic waves through the antenna 2 for radiation.

In some embodiments, the antenna 1 of the electronic device 100 is coupled to the mobile communication module 150, and the antenna 2 is coupled to the wireless communication module 160, so that the electronic device 100 can communicate with the network and other devices through wireless communication technology. The wireless communication technology may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (code division multiple access) access, CDMA), wideband code division multiple access (WCDMA), time-division code division multiple access (TD-SCDMA), long term evolution (long term evolution, LTE), BT , GNSS, WLAN, NFC, FM, and/or IR technology, etc. The GNSS may include global positioning system (GPS), global navigation satellite system (GLONASS), Beidou navigation satellite system (BDS), quasi-zenith satellite system (quasi -zenith satellite system (QZSS) and/or satellite based augmentation systems (SBAS).

In this embodiment of the present application, the electronic device 100 can establish a connection with other electronic devices in the communication system 10 through the wired communication module, the wireless communication module 160 or the mobile communication module 150, and realize the transmission of permission information based on the connection.

The electronic device 100 implements display functions through a GPU, a display screen 194, an application processor, and the like. The GPU is an image processing microprocessor and is connected to the display screen 194 and the application processor. GPUs are used to perform mathematical and geometric calculations for graphics rendering. Processor 110 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 194 is used to display images, videos, etc. Display 194 includes a display panel. The display panel can use a liquid crystal display (LCD). The display panel can also use organic light-emitting diode (OLED), active matrix organic light-emitting diode or active matrix organic light-emitting diode (active-matrix organic light emitting diode, AMOLED), flexible light-emitting diode ( Manufacturing of flex light-emitting diodes (FLED), miniled, microled, micro-oled, quantum dot light emitting diodes (QLED), etc. In some embodiments, the electronic device may include 1 or N display screens 194, where N is a positive integer greater than 1.

In the embodiment of the present application, the electronic device 100 can display a rights management interface on the display screen 194. In response to the user determining the operation of device 3 and device 4 on the rights management interface, the processor 110 can, based on the first rights information, and, Device 3 and device 4 generate second permission information. Subsequent embodiments of this application will specifically introduce the rights management interface and the process of the electronic device 100 generating the second rights information, which will not be described again here.

The electronic device 100 can implement the shooting function through an ISP, a camera 193, a video codec, a GPU, a display screen 194, an application processor, and the like.

The external memory interface 120 can be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the electronic device 100. The external memory card communicates with the processor 110 through the external memory interface 120 to implement the data storage function. Such as saving music, videos, etc. files in external memory card.

Internal memory 121 may be used to store computer executable program code, which includes instructions. The processor 110 executes instructions stored in the internal memory 121 to execute various functional applications and data processing of the electronic device 100 . The internal memory 121 may include a program storage area and a data storage area. Among them, the stored program area can store an operating system, at least one application required for a function (such as a sound playback function, an image playback function, etc.). The storage data area may store data created during use of the electronic device 100 (such as audio data, phone book, etc.). In addition, the internal memory 121 may include a high-speed random access memory and may also include a non-volatile memory, for example. Such as at least one disk storage device, flash memory device, universal flash storage (UFS), etc.

In this embodiment of the present application, the electronic device 100 stores a permission information library, and the permission information library includes one or more pieces of permission information. In some embodiments, the permission information database of the electronic device 100 may include all permission information associated with the electronic device 100 . The permission information associated with the electronic device 100 is the identification of the device where the application is located or the identification of the device where the resource is located. The electronic device 100 The permission information of the identification. In some embodiments, the permission information library of the electronic device 100 may include all permission information in the communication system 10 . The electronic device 100 can perform authentication based on the stored permission information database. Specifically, the electronic device 100 may receive a request generated by an application to access device resources. In response to the request, the electronic device 100 may determine whether the application has the permission to access the device resource based on the permission information database.

The electronic device 100 can implement audio functions through the audio module 170, the speaker 170A, the receiver 170B, the microphone 170C, the headphone interface 170D, and the application processor. Such as music playback, recording, etc.

The software system of the electronic device 100 may adopt a layered architecture, an event-driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. The embodiment of this application takes the Android system with a layered architecture as an example to illustrate the software structure of the electronic device 100 .

FIG. 3 is a software structure block diagram of the electronic device 100 provided by the embodiment of the present application.

The layered architecture divides the software into several layers, and each layer has clear roles and division of labor. The layers communicate through software interfaces. In some embodiments, the Android system is divided into four layers, from top to bottom: application layer, application framework layer, Android runtime and system libraries, and kernel layer.

The application layer can include a series of application packages.

As shown in Figure 3, the application package can include permission management applications, pop-up authorization applications, music, short message, gallery, calls, navigation, Bluetooth, video and other applications. in:

Rights management applications can be used to authenticate in response to application-generated requests to access device resources. Authentication by a rights management application is a process in which the rights management application determines whether the application has the permission to access the device resources based on the rights information database. If the permission information in the permission information base indicates that the application has/does not have the permission to access the device resources, the permission management application can authorize/not authorize the application based on the permission information. In some embodiments, the rights management application may be a system application provided by the manufacturer of the electronic device 100 .

The pop-up authorization application can be used to provide a permission management interface, and the permission management interface can be used for the user to determine the device 3 where the application is located and the device 4 where the resource is located. In response to the second user operation on the rights management interface, the electronic device 100 may determine device 3 and device 4 . Afterwards, the electronic device 100 can generate the second permission information based on the first permission information and the above-mentioned device 3 and device 4 . In some embodiments, the rights management application may be a system application provided by the manufacturer of the electronic device 100 .

In some embodiments, the pop-up authorization application and the setting application may be different applications, or they may be the same application.

The application framework layer provides an application programming interface (API) and programming framework for applications in the application layer. The application framework layer includes some predefined functions.

As shown in Figure 3, the application framework layer can include window manager, content provider, view system, phone manager, resource manager, notification manager, etc.

A window manager is used to manage window programs. The window manager can obtain the display size, determine whether there is a status bar, lock the display, capture the display, etc.

Content providers are used to store and retrieve data and make this data accessible to applications. Said data can include videos, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.

The view system includes visual controls, such as controls that display text, controls that display pictures, etc. A view system can be used to build applications. The display interface can be composed of one or more views. For example, a display interface including a text message notification icon may include a view for displaying text and a view for displaying pictures.

The phone manager is used to provide communication functions of the electronic device 100 . For example, call status management (including connected, hung up, etc.).

The resource manager provides various resources to the application, such as localized strings, icons, pictures, layout files, video files, etc.

The notification manager enables applications to display notification information in the status bar and can be used to convey notification-type messages. It will automatically disappear after a short stay without user interaction. For example, the notification manager is used to notify download completion, message reminders, etc. The notification manager can also be notifications that appear in the status bar at the top of the system in the form of charts or scroll bar text, such as notifications for applications running in the background, or notifications that appear on the display in the form of conversation windows. For example, text information is prompted in the status bar, a beep sounds, the electronic device vibrates, the indicator light flashes, etc.

Android Runtime includes core libraries and virtual machines. Android runtime is responsible for the scheduling and management of the Android system.

The core library contains two parts: one is the functional functions that need to be called by the Java language, and the other is the core library of Android.

The application layer and application framework layer run in virtual machines. The virtual machine executes the java files of the application layer and application framework layer into binary files. The virtual machine is used to perform object life cycle management, stack management, thread management, security and exception management, and garbage collection and other functions.

System libraries can include multiple functional modules. For example: surface manager (surface manager), media libraries (Media Libraries), 3D graphics processing libraries (for example: OpenGL ES), 2D graphics engines (for example: SGL), etc.

The surface manager is used to manage the display subsystem and provides the integration of 2D and 3D layers for multiple applications.

The media library supports playback and recording of a variety of commonly used audio and video formats, as well as static image files, etc. The media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc.

The 3D graphics processing library is used to implement 3D graphics drawing, image rendering, composition, and layer processing.

2D Graphics Engine is a drawing engine for 2D drawing.

The kernel layer is the layer between hardware and software. The kernel layer contains at least display driver, camera driver, audio driver, and sensor driver.

The following exemplifies the workflow of the software and hardware of the electronic device 100 in conjunction with capturing the photographing scene.

When the touch sensor 180K receives a touch operation, the corresponding hardware interrupt is sent to the kernel layer. The kernel layer processes touch operations into raw input events (including touch coordinates, timestamps of touch operations, and other information). Raw input events are stored at the kernel level. The application framework layer obtains the original input event from the kernel layer and identifies the control corresponding to the input event. Taking the touch operation as a touch click operation and the control corresponding to the click operation as a camera application icon control as an example, the camera application calls the interface of the application framework layer to start the camera application, and then starts the camera driver by calling the kernel layer. Camera 193 captures still images or video.

The following is an exemplary description of the user interface involved in the application rights management process.

4A to 4C exemplarily illustrate a set of user interfaces involved when an application of the electronic device 100 requests permission to access resources.

The electronic device 100 may display a user interface 210 as shown in FIG. 4A , and the user interface 210 may be used to display installed applications of the electronic device 100 . The user interface 210 may display a status bar, a calendar, a time indicator, a weather indicator, a page indicator, a tray with commonly used application icons, and other application icons. The other application icons may include, for example, an email application icon, a settings application icon, a music application icon, and the application icon 211 of Application 1.

It is not limited to this, more applications can be installed in the electronic device 100, and icons of these applications can be displayed on the display screen. For example, the electronic device 100 may also be installed with shopping applications, ticket booking applications, and so on.

Not limited thereto, the user interface 210 shown in FIG. 4A may also include a navigation bar, a sidebar, and the like. In some embodiments, the user interface 210 illustrated in FIG. 4A may be called a home screen.

In response to the user's input operation (eg, touch operation) on the application icon 211 in FIG. 4A , the electronic device 100 may start the application 1 .

During the process of the electronic device 100 running application 1, the electronic device 100 may display a user interface as shown in Figure 4B 220. In some embodiments, the user interface 220 illustratively shown in FIG. 4B may be called a chat interface. The user interface 220 may include multiple functional controls. The functional controls may be, for example, photo controls, shooting controls 221, video call controls, location controls, red envelope controls, transfer controls, voice input controls, collection controls, etc.

In response to the user's input operation (eg, touch operation) on the shooting control 221 in FIG. 4B , the application 1 of the electronic device 100 may send a request to access the camera resource of the electronic device 100 to the rights management application of the electronic device 100 . In some embodiments, if the application 1 of the electronic device 100 sends a request to access the camera resource of the electronic device 100 to the rights management application of the electronic device 100 for the first time, the electronic device 100 may display on the display screen as shown in Figure 4C The user interface 230 may be provided by a pop-up authorization application of the electronic device 100 . In other embodiments, in response to a request generated by the application 1 of the electronic device 100 to access the camera resource of the electronic device 100, the rights management application of the electronic device 100 may perform authentication. If there is no permission information indicating the access policy of application 1 of the electronic device 100 for the camera resource of the electronic device 100 in the permission information database of the electronic device 100, the electronic device 100 may also display the user interface 230 as shown in FIG. 4C on the display screen. , the user interface 230 may be provided by a pop-up authorization application of the electronic device 100 .

The user interface 230 may include a prompt box 231 including prompt information and a selection control 232 . Among them, the prompt information can be used to prompt the user to select an access policy. Prompt information can be implemented as text, images, animations, etc. In one implementation, the prompt information can be implemented as text "Whether application 1 is allowed to obtain camera permissions". Selection control 232 may be used for the user to select an access policy. The selection control 232 includes a plurality of option buttons, each option button corresponding to a different access policy. By way of example, the selection control 232 includes option button 1 and option button 2. Among them, option button 1 includes the prompt message "Yes", and the access policy indicated by option button 1 is authorization. Option button 2 includes the prompt message "No", and the access policy indicated by option button 2 is not authorized.

In response to the user's input operation (eg, touch operation) on any option button in the selection control 232 in FIG. 4C , the electronic device 100 may generate first permission information and store the first permission information in the permission information database. Exemplarily, in response to the user's input operation (such as a touch operation) on option button 1 in FIG. 4C (including the prompt information "Yes"), the electronic device 100 may generate the first permission information. In the first permission information, the device identifier where the application is located is the identifier of the electronic device 100, the application identifier is the identifier of Application 1, the device identifier where the resource is located is the identifier of the electronic device 100, the resource identifier is the identifier of the camera resource, and the access policy is authorization. The electronic device 100 can store the generated permission information in the permission information database.

FIG. 4D exemplarily illustrates a user interface that triggers the electronic device 100 to display a rights management interface.

Afterwards, the electronic device 100 can display the user interface 240 as shown in FIG. 4D . The user interface 240 includes a prompt box 241 , and the prompt box 241 includes prompt information and a selection control 242 . The prompt information may be used to prompt the user to choose whether to trigger the electronic device 100 to display the rights management interface on the display screen. Prompt information can be implemented as text, images, animations, etc. In an implementation manner, the prompt information can be implemented as text "Whether to synchronize this access policy". The selection control 242 may be used for the user to select whether to trigger the electronic device 100 to display the rights management interface on the display screen. Selection control 242 may include an option button "Yes" and an option button "No." Among them, the option button "Yes" can be used to trigger the electronic device 100 to display the rights management interface.

5A to 5E exemplarily illustrate a user interface of the electronic device 100 for indicating first permission information.

The electronic device 100 may display a user interface 310 as shown in FIG. 5A , and the user interface 310 may include an application icon 311 . The application icon 311 is an application icon corresponding to the setting application. In addition, the description of other contents in the user interface 310 may refer to the foregoing description of the user interface 210 shown in FIG. 4A , and will not be described again here.

In response to the user's input operation (eg, touch operation) on the application icon 311 in FIG. 5A , the electronic device 100 may launch the setting application and display the user interface 320 as shown in FIG. 5B . The user interface 320 may include multiple controls such as airplane mode switch, Wi-Fi switch, Bluetooth switch, personal hotspot control, mobile network control, Do Not Disturb mode space, display and brightness control, and permission management control 321.

In response to the user's input operation (eg, touch operation) on the rights management control 321 in FIG. 5B , the electronic device 100 may display the user interface 330 as shown in FIG. 5C . User interface 330 may be used for the user to select a device on which the application resides. The user interface 330 may include a plurality of device option controls, which may indicate the electronic device 100 , or a trusted device/trusted device group of the electronic device 100 . A trusted device is an electronic device that mutually allows the electronic device 100 to manage the permission information stored by itself. Examples of trusted devices include MatePad and MateBook. A trusted device group is a combination of multiple trusted devices. By way of example, the trusted device group includes a device group with the same account and a device group with different accounts. Among them, the device group with the same account includes multiple trusted devices that are logged in with the same system account as the electronic device 100 . The device group with different accounts includes multiple trusted devices that are logged in with different system accounts as the electronic device 100, or that are not logged in with the system account.

In response to the user's input operation (such as a touch operation) on any device option control in Figure 5C, the electronic device 100 can determine the device identification where the application is located, and display the user interface 340 as shown in Figure 5D. User interface 340 may be used for user selection of applications. The user interface 340 may include multiple application option controls such as Application 1, Application 2, and Application N.

In response to the user's input operation (eg, touch operation) on any application option control in FIG. 5D , the electronic device 100 may determine the application identification and display the user interface 350 as shown in FIG. 5E . The user interface 350 may be used for the user to select device resources and the device where the resources are located. In a possible implementation, the user interface 350 may include multiple device controls, any device control indicating a device where a resource is located (such as this device (electronic device 100), MatePad), and any device control including multiple resource controls. , any resource control indicates a device resource.

In response to the user's input operation (such as a touch operation) on any resource control of the user interface 350 in FIG. 5E , the electronic device 100 may determine the resource identifier and the device identifier where the resource is located. Therefore, in response to operations performed by the user in the user interfaces 330 to 350 shown in FIGS. 5C to 5E , the electronic device 100 can determine the device identification where the application is located, the application identification, the resource identification, and the device identification where the resource is located.

The above-mentioned user interface display sequence in FIGS. 5C to 5E is only an example. In some embodiments, the electronic device 100 may first display Figure 5C for the user to determine the device identification where the application is located, then display Figure 5E for the user to determine the resource identification and the device identification where the resource is located, and then display Figure 5D for the user to determine the application identification. In other embodiments, the electronic device 100 may first display FIG. 5D for the user to determine the application identifier, then display FIG. 5C for the user to determine the device identifier where the application is located, and then display FIG. 5E for the user to determine the resource identifier and the device identifier where the resource is located. . Embodiments of the present application do not limit the display order of the user interface in Figures 5C to 5E, as well as the order in which the electronic device 100 determines the device identifier where the application is located, the application identifier, the resource identifier, and the device identifier where the resource is located.

FIG. 5F exemplarily illustrates another user interface for triggering the electronic device 100 to display a rights management interface.

After the electronic device 100 determines the device identifier, the application identifier, the resource identifier, and the device identifier where the resource is located, the electronic device 100 can display the user interface 360 as shown in Figure 5F. The user interface 360 can be used to indicate the access policy of the permission information, and access policies for users to update permission information. User interface 360 may include access policy controls 361 ~ Access policy control 363, and button 364. Among them, the access policy controls 361 to 363 can respectively correspond to different access policies. For example, the access policy control 361 corresponds to the access policy "allow access". The access policy control 362 corresponds to the access policy "No access allowed". The access policy control 363 corresponds to the access policy "only allow access when the device where the resource is located is in an unlocked state".

The electronic device 100 may display a graphic "√" on the access policy control corresponding to the access policy of the permission information to indicate that the access policy of the permission information is the access policy corresponding to the access policy control. For example, if the access policy of the permission information is allowed, then the electronic device 100 can display the graphic "√" on the policy control 361 corresponding to the access policy "allow access".

In response to the user's input operation (such as a touch operation) on any one of the access policy controls 361 to 363 in FIG. 5F, the electronic device 100 can update the permission information and update the access policy of the permission information to the above-mentioned user input. The access policy corresponding to the access policy control that the operation acts on. Afterwards, the electronic device 100 may send the updated permission information to some or all electronic devices in the communication system 10 .

Button 364 may be used to trigger the electronic device 100 to display the rights management interface on the display screen. The button 364 may include prompt information, and the prompt information may be used to prompt the user. The button 364 may be used to trigger the electronic device 100 to display the rights management interface. The prompt information on the button 364 can be implemented as text, image, animation, etc. For example, the prompt information on button 364 can be implemented as the text "Synchronize Access Policy."

6A to 6E exemplarily illustrate the user interface involved when the electronic device 100 generates the second permission information.

Receive an input operation (such as a touch operation) by the user on the option button 3 in the user interface 240 as shown in FIG. 4D, or receive an input operation (for example, a touch operation) by the user on the button 364 in the user interface 360 as shown in FIG. 5F ( For example, touch operation), the electronic device 100 can start the pop-up authorization application, and display the rights management interface provided by the pop-up authorization application on the display screen. By way of example, the rights management interface can be implemented as user interface 410 as shown in Figure 6A. The user interface 410 is a rights management interface, and the user interface 410 can be used for the user to determine device 3 and device 4 . The electronic device 100 may generate the second permission information based on the multiple groups of devices 3 and 4 determined by the user, as well as the application identification, resource identification and access policy among the previously generated permission information.

The user interface 410 includes a title bar, a return control for triggering the electronic device 100 to return to the previous interface, a device selection control 411 , prompt information 412 and a prompt box 413 . in:

Device selection control 411 may be used for the user to determine Device 3 and Device 4. In one implementation, device selection control 411 may include multiple device/device group icons and add controls. Among them, the multiple device/device group icons may include a native (electronic device 100) icon, a MatePad icon, a MateBook icon, a smart watch icon, a Sound X icon, a Vision icon, a different account device group icon, and a same account device group icon. The add control may be used to trigger the electronic device 100 to add a trusted device/device group. The form of the device selection control 411 can be implemented as a donut chart, with the local device (electronic device 100) icon located in the center of the donut chart, and other device/device group icons and added controls evenly surrounding the donut chart in a circle shape.

This application does not limit the presentation form and layout of the device selection control 411. In other embodiments, the device selection control 411 of the electronic device 100 may also adopt other presentation forms and layouts for the user to determine device 3 and device 4 .

The electronic device 100 can receive the user's selection of any device/device group icon in the device selection control 411, and drag the selected device/device group icon close to other devices/device group icons, so that the two device controls/device group controls When the distance between them is less than the preset distance, the electronic device 100 can determine a group of device 3 and device 4 .

The prompt information 412 may be used to prompt the user for the application identification, resource identification, and access policy of the first permission information. For example, if the application identifier of the first permission information is the identifier of Application 1, the resource identifier is the identifier of the camera resource, and the access policy is to allow access, then the prompt information can be implemented as the text "Application 1->Camera Permission" and Text "Authorization".

The prompt box 413 may be used to prompt the user. The prompt box 413 includes prompt information, and the prompt information may be used to prompt the user to determine the method of device 3 and device 4 in the user interface 410 . Prompt information can be implemented as text, images, animations, etc. For example, the prompt information can be implemented as the text "Start point of drag operation -> End point of drag operation" and text "First click (device where application 1 is located) -> Second click (device where camera resource is located)".

For the process of the electronic device 100 determining device 3 and device 4, for example, the electronic device 100 receives the user's selection of the smart watch icon as shown in FIG. 6B, drags the smart watch icon close to the icon of the machine (electronic device 100), and If the distance between two device controls/device group controls is less than the preset distance, the electronic device 100 can determine the electronic device/device group (smart watch icon) corresponding to the device/device group icon where the starting point of the user's drag operation is. For device 3, the electronic device/device group (electronic device 100) corresponding to the device/device group icon where the end point of the user's drag operation is located is determined as device 4.

In some embodiments, the electronic device 100 may receive two user click operations on any device/device group icon in the device selection control 411. In response to the above user operations, the electronic device 100 may determine device 3 and device 4. . Specifically, the electronic device 100 can determine the electronic device/device group corresponding to the device/device group icon where the first click operation is located as device 3, and determine the electronic device/device group corresponding to the device/device group icon where the second click operation is located. The device group is determined to be device 4.

As shown in FIG. 6C , in some embodiments, after determining a group of devices 3 and 4 , the electronic device 100 may determine whether the group of devices 3 and 4 is an invalid combination. If device 3 does not have the application indicated by the application identifier in the first permission information installed, or device 4 does not have the device resources indicated by the resource identifier in the first permission information, then the electronic device 100 can determine whether the group of devices 3 and Device 4 is an invalid combination. The electronic device 100 may not store the device 3 and device 4, and display a prompt box above the user interface 410. The prompt box may be used to prompt the user that the group of device 3 and device 4 is an invalid combination. For example, when the starting point of the user's drag operation is located at the smart watch icon, if application 1 is not installed in the smart watch, the electronic device 100 may determine that the set of device 3 and device 4 is an invalid combination. The electronic device may not store the group of device 3 and device 4, and display a prompt box on the user interface 410. The prompt box may include prompt information, and the prompt information may be implemented as the text "Application 1 is not installed on the smart watch."

As shown in Figure 6D, after determining the first group of device 3 and device 4, the electronic device 100 may no longer display the prompt box 412 on the user interface 410, but display the combined information control 414 and confirmation at the location of the original prompt box 412. Button 415. Among them, the combined information control 414 can be used to display the identification of device 3 and device 4. The combined information control 414 may include one or more combination columns, and any combination column includes prompt information and a delete control. Among them, as for the prompt information, in one implementation, the prompt information can be implemented as the text "Smart Watch -> Electronic Device 100", indicating that the electronic device 100 has determined a group of device 3 and device 4, and device 3 is a smart watch. Watch, device 4 is an electronic device 100 . The confirmation button 415 may be used to trigger the electronic device 100 to generate the second permission information. The delete control in the combination bar can be used to trigger the electronic device 100 to delete a group of devices 3 and 4 indicated by the combination bar. In response to the user's input operation (such as a touch operation) on the delete control in FIG. 6D , the electronic device 100 may delete the group of devices 3 and 4 indicated by the combination bar, and the electronic device 100 will no longer be on the user interface 410 Display the combo bar.

The electronic device 100 may determine one or more groups of devices 3 and 4 . For example, as shown in Figure 6E, the electronic device 100 can determine the following five groups of devices 3 and 4: 1. smart watch and electronic device 100. 2. electronic device 100 and devices with the same account. 3. MatePad and MatePad. 4. MatePad and electronic devices 100. 5. Smart watches and MatePad.

The process by which the electronic device 100 determines any group of devices 3 and 4 may refer to the foregoing description, and will not be described again here.

Each time the electronic device 100 determines a group of devices 3 and 4 , a combination column will be added to the combination information control 414 of the user interface 410 , and the added combination column can be used to indicate the newly determined group of devices 3 and 4 .

7A to 7F exemplarily illustrate the user interface involved when the electronic device 100 synchronizes permission information.

In response to the user's input operation (eg, touch operation) on the confirmation button 415 in FIG. 6E , the electronic device 100 may generate second permission information based on the device 3 and device 4 determined by the user and the first permission information. The second permission information may include, for example, the following five pieces of permission information:

Permission information 1: "Application 1, smart watch, camera resource, electronic device 100, access allowed".

Permission information 2: "Application 1, electronic device 100, camera resource, device with the same account, access allowed".

Permission information 3: "Application 1, MatePad, camera resources, MatePad, allow access."

Permission information 4: "Application 1, MatePad, camera resource, electronic device 100, access allowed".

Permission information 5: "Application 1, smart watch, camera resources, MatePad, allow access".

Electronic device 100 may display user interface 510 as shown in Figure 7A. User interface 510 may include window 511 . The window 511 may include prompt information, a combined information control 512 and a synchronization button 513. The prompt information may be used to prompt the user for the application identification, resource identification and access policy of the first permission information. Prompt information can be implemented as text, images or animations, etc. For example, the prompt information can be implemented as the text "Application 1->Camera Permission" and the text "Authorization". Combined information control 512 may be used to display identifications of Device 3 and Device 4. The description of the combined information control 512 may refer to the aforementioned description of the combined information control 414 in FIG. 6D , and will not be described again here. The sync button 513 may be used to trigger the electronic device 100 to send the second permission information to the device 4 .

In some embodiments, upon receiving the user's input operation (eg, touch operation) on the synchronization button 513, the electronic device 100 may send the second permission information to the device 4 based on wired communication technology, wireless communication technology, or mobile communication technology. If the electronic device 100 has previously determined multiple groups of devices 3 and 4, causing the electronic device 100 to generate multiple pieces of second permission information, the electronic device 100 can send each second permission information to its corresponding device 4 respectively. Afterwards, the electronic device 100 may display the user interface 520 as shown in FIG. 7B on its display screen. The user interface 520 may include a prompt box 521, the prompt box 521 may include prompt information, and the prompt information may be used to prompt the user that the electronic device 100 is synchronizing the second permission information. The prompt information can be implemented as the text "Permission information generated by synchronization".

After receiving the second permission information sent by the electronic device 100, the device 4 can display a user interface on the display screen to prompt the received second permission information.

Taking MatePad as an example, since the device 4 corresponding to the above permission information 3 and the above permission information 5 is both MatePad, MatePad can receive the above permission information 3 and the above permission information 5, and MatePad can display it on its display as shown in Figure 7C User interface 530. The user interface 530 may include a prompt box 531 , and the prompt box 531 may include a permission information control 532 and a confirmation button 533 . Among them, the permission information control 532 can be used to display prompt information indicating the second permission information, and allow the user to determine whether to allow the electronic device 100 to synchronize the second permission information. For example, the permission information control 532 may include one or more permission information columns, and any permission information column may correspond to a piece of second permission information received by the MatePad. The permission information column may include prompt information 532A and a selection box 532B. The prompt information 532A may be used to prompt the user about the access policy in the second permission information corresponding to the permission information column. For example, since the access policy in permission information 3 is "allow access", then the prompt information 532A in the permission information column corresponding to the above permission information 3 can be implemented as the text "Grant application 1 in MatePad to access MatePad camera resources."Permissions". Selection box 532B is available for Allows users to choose whether to allow MatePad to store this permission information. The state of the selection box 532B includes a selected state and an unselected state. The selected selection box 532B may be used to instruct the user to allow the MatePad to store the permission information. The unchecked selection box 532B may be used to indicate that the user does not allow the MatePad to store the permission information. In some embodiments, the state of selection box 532B defaults to a selected state. Upon receiving the user's input operation (such as a touch operation) on the selection box, MatePad can update the state of the selection box 532B from the selected state to the selected state.

The device 4 may store/refuse to store the received second permission information in response to the user operation.

For example, if the selection box 532B of the permission information column corresponding to permission information 3 is in a selected state and the selection box 532B of the permission information column corresponding to permission information 5 is in an unselected state, MatePad receives the user's action on the confirmation button 533. By touch operation, MatePad can store permission information 3, but refuses to store permission information 5.

For the second permission information that is denied storage, the device 4 can display a user interface on the display screen for the user to modify the second permission information. For example, if the MatePad refuses to store the permission information 5, the MatePad can display the user interface 540 as shown in FIG. 7D on the display screen, and the user interface 540 can be used for the user to modify the permission information 5. The user interface 540 may include a prompt box 541 , and the prompt box 541 may include access policy controls 542A to 542C, and a confirmation button 543 . For the description of the access policy controls 542A to 542C, please refer to the aforementioned description of the access policy controls 361 to 363 in FIG. 5F , which will not be described again here. The confirmation button 543 can be used to trigger MatePad to modify the permission information 5. For example, after receiving the user's input operation (such as a touch operation) on the access policy control 542B and receiving the user's input operation (such as a touch operation) on the confirmation button 543, MatePad can change the access policy of the permission information 5 Change it to "No access allowed".

If the device 4 stores the second permission information, the device 4 can send a notification message to the electronic device 100 to notify the electronic device 100 that the device 4 stores the second permission information. After receiving the above notification message sent by the device 4, the electronic device 100 can display the user interface 550 as shown in Figure 7E on the display screen. The user interface 550 includes a prompt box 551. The prompt box 551 includes prompt information. The prompt information may be implemented as the text "Permission information synchronization successful."

If the device 4 refuses to store the second permission information and modifies the second permission information that is refused to be stored, the device 4 can send a notification message to the electronic device 100 to inform the electronic device 100 that the device 4 refuses to store the second permission information and modifies the second permission information. Second authority information. For example, MatePad can refuse to store the permission information 5, and modify the permission information 5, and modify the access policy of the permission information 5 to "no access allowed". MatePad sends a notification message to the electronic device 100 to inform the electronic device 100 that MatePad refuses to store the permission information 5 and modifies the permission information 5. After receiving the above notification message sent by MatePad, the electronic device 100 can display the user interface 560 as shown in Figure 7F on the display screen. The user interface 560 includes a prompt box 561, which includes prompt information and modification information. Among them, the prompt information can be implemented as the text "Synchronization of permission information failed." The modified information can be implemented as the text "MatePad refused to store and modified the following permission information:", and the text "Grant application 1 in the smart watch permission to access the MatePad camera".

8A to 8J exemplarily illustrate user interfaces involved when the electronic device 100 manages trusted devices/device groups.

The device selection control 411 in the user interface 410 (rights management interface) includes a plurality of device/device group icons. A trusted device is an electronic device that mutually allows the electronic device 100 to manage the permission information stored by itself. A trusted device group is a combination of multiple trusted devices. The electronic device 100 may store identification lists of trusted devices and trusted device groups, and may also manage each trusted device/trusted device group.

The electronic device 100 manages trusted devices/trusted device groups including: the electronic device 100 adds trusted devices/device groups, and, Remove trusted devices/device groups.

The process of adding a trusted device to the electronic device 100: In response to the user's input operation (eg, touch operation) for adding a control of the user interface 410 in FIG. 6A, the electronic device 100 may display the user interface 610 as shown in FIG. 8A. User interface 610 may include window 611 including Add Button 1 and Add Button 2, and a close control. Among them, the add button 1 can be used to trigger the electronic device 100 to add a single trusted device, and the add button 1 can include prompt information "add a single device". Add button 2 may be used to trigger the electronic device 100 to add a trusted device group, and add button 2 may include prompt information “add device group”. The close control may be used to trigger the electronic device 100 not to display window 611.

In response to the user's input operation (eg, touch operation) on the add button 1 in FIG. 8A , the electronic device 100 may search for nearby devices based on wireless communication technology or mobile communication technology. The wireless communication technology may be, for example, Bluetooth communication, WiFi communication, UWB communication, infrared communication, NFC, etc. Mobile communication technology may be, for example, 2G/3G/4G/5G communication, etc. Electronic device 100 may display user interface 620 as shown in Figure 8B. User interface 620 includes window 621 . Window 621 includes nearby device controls 622, a refresh button, and a back button. Among them, the nearby device control 622 can be used to display the nearby devices searched by the electronic device 100 for the user to select. Nearby device controls 622 include multiple nearby device bars. The refresh button may be used to trigger the electronic device 100 to re-search for nearby devices. The return button may be used to trigger the electronic device 100 to return to the previous interface.

In response to the user's input operation (such as a touch operation) on any nearby device bar in the nearby device control 622 in FIG. 8B , the electronic device 100 may send a request message to the nearby device. The request message may be used to request the nearby device to permit the electronic device. 100 manages its permission information base. Upon receiving the request message sent by the electronic device 100, the nearby device may display a user interface for the user to determine whether to allow the electronic device 100 to manage its permission information base. Exemplarily, in response to the user's touch operation on the MobilePhone1 device bar in FIG. 8B , the electronic device 100 may send a request message to MobilePhone1. Upon receiving the request message sent by the electronic device 100, MobilePhone1 may display the user interface 630 as shown in FIG. 8C. The user interface 630 includes a prompt box 631, which may include prompt information and selection controls. The prompt information may be implemented as text "Do you allow the electronic device 100 to manage the permission information of this device?". The selection control can be used for the user to choose whether to allow the electronic device 100 to manage the permission information of the device. The selection control includes an option button "Yes" and an option button "No".

In response to the user's operation on the option button "Yes" or the option button "No" on the user interface 630 in FIG. 8C, the nearby device may send a return message to the electronic device 100, and the return message may be used to indicate whether the nearby device permits the electronic device. 100 manages its permission information base. Exemplarily, in response to the user's touch operation on the option button "Yes" in Figure 8C, MobilePhone1 may send a return message to the electronic device 100, and the return message indicates that MobilePhone1 allows the electronic device 100 to manage its permission information library. In response to the user's touch operation on the option button "No" in FIG. 8C , MobilePhone1 may send a return message to the electronic device 100 , and the return message instructs MobilePhone1 to prohibit the electronic device 100 from managing its permission information base. If a return message sent by a nearby device is received, and the return message indicates that the electronic device 100 is allowed to manage its permission information base, the electronic device 100 can add the identity of the nearby device to the identity list of the trusted device/device group. For example, after receiving the message sent by MobilePhone1 that the electronic device 100 manages its permission information base, the electronic device 100 can add MobilePhone1 to the identification list of trusted devices/device groups, and display the user interface 410 as shown in Figure 8D. The device selection control 411 in the user interface 410 shown in FIG. 8D includes a MobilePhone1 icon.

In some embodiments, the trusted device group of the electronic device 100 includes a same-account device group and a different-account device group. After adding a new trusted device, the electronic device 100 can also determine whether the new trusted device has logged into the same system account as the electronic device 100, and add the new trusted device to the corresponding trusted device group based on the determination result. If the new trusted device and the electronic device 100 log in to the same system account, the electronic device 100 can add the trusted device to the same account device group, Otherwise, add the trusted device to the different account device group. Afterwards, as shown in Figure 8E, the electronic device 100 can display a prompt box on the user interface 410. The prompt box includes prompt information. The prompt information can be used to prompt the user that the electronic device 100 has added a new trusted device to the same account device group or a different account. Device group. For example, if the new trusted device is MobilePhone1, and the electronic device 100 determines that MobilePhone1 has not logged into the same system account as the electronic device 100, the electronic device 100 can add MobilePhone1 to the different account device group, and the prompt information can be implemented as the text " MobilePhone1 has been automatically added to the device with a different account."

For the process of adding a trusted device group to the electronic device 100: in response to the user's input operation (such as a touch operation) on the add button 2 in the user interface 610 in FIG. 8A, the electronic device 100 may display the user interface as shown in FIG. 8F. 640. User interface 640 includes window 641, which includes a text box, a device list control, a confirm button, and a return button. Among them, the text box can be used for users to set the name of the trusted device group. Specifically, after receiving an operation of the user inputting text, the electronic device 100 may determine the user-entered text as the name of the trusted device group. For example, the name of the trusted device group may be "device group 1". The device list control can be used for the user to select multiple devices among all the trusted devices of the electronic device 100, and the electronic device 100 can determine the multiple devices selected by the user as electronic devices included in the newly added trusted device group. For example, the device list control may include multiple trusted device controls, and any trusted device control corresponds to a trusted device of the electronic device 100 . The trusted device control includes the trusted device identification and selection box corresponding to the trusted device control. Upon receiving the user's operation of selecting multiple devices, the electronic device 100 may determine the multiple devices selected by the user as electronic devices included in the newly added trusted device group. Exemplarily, in response to the user's input operation (eg, touch operation) on the plurality of selection boxes in the user interface 640 in FIG. 8F, and then the input operation (eg, touch operation) on the confirmation button, the electronic device 100 may The trusted devices of the electronic device 100 corresponding to the multiple selection boxes are determined as electronic devices included in the newly added trusted device group.

As shown in FIG. 8G , the electronic device 100 may store the name of the newly added trusted device group and the identification of the electronic devices included in the newly added trusted device group. The electronic device 100 may add the device group 1 icon in the device selection control 411 .

For the process of the electronic device 100 deleting a trusted device, in one possible implementation, in response to the user's long press operation on any trusted device control (such as the MatePad control) in the device selection control 411 in FIG. 6A, such as As shown in FIG. 8H , the electronic device 100 can display a delete control in the upper left corner of the trusted device control. The delete control can be used to trigger the electronic device 100 to delete the trusted device and not display the trusted device control in the device selection control 411 . For the process of the electronic device 100 deleting the trusted device group, in one possible implementation, in response to the user's action on any trusted device group control (such as the same account device control) in the device selection control 411 in FIG. 6A According to the operation, as shown in FIG. 8I , the electronic device 100 can display a prompt box on the user interface 410 , and the prompt box can be used to display the identification of all electronic devices included in the trusted device group. In addition, the electronic device 100 may also display setting controls on the user interface 410. In response to the user's input operation (eg, touch operation) on the setting control in FIG. 8I , the electronic device 100 may display the user interface 650 as shown in FIG. 8J . User interface 650 may include an information window 651 that may be used to display information for a trusted device group. Information window 651 may include name controls and device management controls 652. Among them, the name control can be used to display and allow users to change the name of the trusted device group. Device management controls 652 may include multiple device information controls. Any device information control corresponds to an electronic device included in the trusted device group. Device information controls may include an electronic device identification and a delete button. In response to the user's input operation (eg, touch operation) on the delete control in FIG. 8H , the electronic device 100 may delete the trusted device and not display the trusted device control/device group control in the device management control 652 .

FIG. 9 exemplarily shows the user interface involved when the electronic device 100 updates permission information.

The electronic device 100 can update permission information. In some embodiments, electronic device 100 may update permission information when its device resources are accessed by applications. For example, the electronic device 100 stores the following permission information: "Application 1, smart watch, camera resource, electronic device 100, authorization". When the camera resource of the electronic device 100 is being accessed by the application 1 of the smart watch, the electronic device 100 may display the user interface 710 as shown in FIG. 9 . User interface 710 may include prompt boxes. The prompt box may include prompt information, close control, learn more button 711 and ban button 712. The prompt information can be implemented as text "Smart watch application 1 is accessing the camera of this device." The closing control can be used to trigger the electronic device 100 to no longer display the prompt box. The learn more button 711 can be used to trigger the electronic device 100 to display introduction information related to application rights management. The introduction information can be implemented as text, images, animations, etc. The prohibit button 712 may be used to trigger the electronic device 100 to update permission information. Upon receiving the user's input operation (eg, touch operation) on the prohibition button 712, the electronic device 100 updates the second permission information: "Application 1, smart watch, camera resource, electronic device 100, not authorized."

Figure 10 shows a flow chart of the application rights management method provided by the embodiment of the present application.

As shown in Figure 10, the application rights management method provided by this application includes steps S101 to S109. in,

S101. The electronic device 100 generates first permission information, or the electronic device 100 displays a user interface for indicating the first permission information.

Access policies may include, for example: allow access, disallow access, and allow access under specific conditions. The specific conditions may include, for example, that the device where the resource is located is in an unlocked state, the application is running in the foreground, etc.

The first permission information is a piece of permission information in the permission information database stored in the electronic device 100 .

The first permission information may include the following items: the identification of application 1, the identification of device 1, the identification of resource 1, the identification of device 2, and the access policy. The first permission information is used to indicate the access policy of application 1 in device 1 to resource 1 in device 2.

Device 1 and device 2 may be the same device in the communication system 10 , or they may be different devices in the communication system 10 . If device 1 and device 2 are the same device, the above access policy is the access policy applied to the device resources of the same device. If device 1 and device 2 are different devices, the above access policy is the access policy applied to the device resources of the different devices.

The electronic device 100 and the device 1 may be the same device or different devices. If the electronic device 100 and the device 1 are the same device, the above-mentioned access policy is the access policy of the application program of the electronic device 100 itself for each resource in the communication system 10 . If the electronic device 100 and the device 1 are different devices, the above-mentioned access policy is an access policy for each resource in the communication system 10 by the application program on the other device.

For example, the first permission information may be "Application 1, electronic device 100, camera resource, electronic device 100, authorization".

The electronic device 100 may generate first permission information in response to user operations.

In some embodiments, the electronic device 100 may receive a user operation and generate the first permission information when asking the user which access policy is used in response to the resource access request made for the first time by the application. For example, as shown in FIGS. 4A to 4D , when the electronic device 100 is running application 1, it may receive the user's first touch operation on the shooting control 221 in the user interface 220 as shown in FIG. 4B, triggering the electronic device. Application 1 of 100 makes a request for access to camera resources to the rights management application of electronic device 100 for the first time. The rights management application of the electronic device 100 can call the pop-up authorization application to The user interface 230 shown in FIG. 4C is displayed on the display screen to ask the user which access policy to use for the access request. Upon receiving the user's touch operation on option button 1 among the selection controls 232 , the electronic device 100 may generate first permission information.

In some embodiments, the electronic device 100 can also provide a setting interface, and the user can input user operations in the setting interface to trigger the electronic device to generate the first permission information. For example, in response to the user's operation of determining the device identification where the application is located, the application identification, the resource identification, and the device identification where the resource is located, the electronic device 100 may display a corresponding setting interface. The electronic device 100 can receive the user's operation of selecting an access policy in the setting interface, and generate permission information based on the access policy selected by the user, as well as the above-mentioned device identification, application identification, resource identification and resource identification.

If the first permission information has been stored in the electronic device 100, the electronic device 100 may display a user interface indicating the first permission information.

Specifically, after the first permission information is stored in the electronic device 100, the electronic device 100 may display a user interface indicating the first permission information in response to a received user operation. The user operation may be a user operation performed by the user on a setting interface provided by the electronic device. Exemplarily, the user interface used to indicate the first permission information may be user interface 330 to user interface 360 as shown in FIGS. 5C to 5F. Specifically, the user interface 330 shown in FIG. 5C may be used to indicate the device identification where the first permission information is applied. The user interface 340 shown in FIG. 5D may be used to indicate the application identification of the first permission information. The user interface 350 shown in FIG. 5E can be used to indicate the device identification and resource identification of the first permission information where the resource is located. The user interface 360 shown in FIG. 5F may be used to indicate the access policy of the first permission information.

S102. The electronic device 100 receives the first user operation, and in response to the first user operation, the electronic device 100 displays a rights management interface on the display screen.

The first user operation may be used to trigger the electronic device 100 to display the rights management interface. The first user operation may be, for example, an operation performed by the user on an interface provided by the electronic device 100 that asks whether to display the rights management interface, or an operation performed by the user on a setting interface provided by the electronic device. Exemplarily, in response to the user's input operation (such as a touch operation) on the option button 3 in the user interface 240 as shown in FIG. 4D, or in response to the user's operation on the button 364 in the user interface 360 as shown in FIG. 5F. According to the input operation (such as touch operation), the electronic device 100 can display the rights management interface on the display screen.

In response to the first user operation, the electronic device 100 may display a rights management interface on the display screen, and the rights management interface may be provided by a pop-up authorization application.

The rights management interface can be used for users to determine the device 3 where the application is located and the device 4 where the resource is located. The rights management interface includes multiple device controls/device group controls, and the device controls/device group controls correspond to the electronic device 100, or the trusted devices/device groups of the electronic device 100. A trusted device is an electronic device that mutually allows the electronic device 100 to manage the permission information stored by itself. A trusted device group is a combination of multiple trusted devices. For example, the trusted device group of the electronic device 100 may include a same-account device group and a different-account device group. Among them, the device group with the same account includes multiple trusted devices that are logged in with the same system account as the electronic device 100 . The device group with different accounts includes multiple trusted devices that are logged in with different system accounts as the electronic device 100, or that are not logged in with the system account. Device controls/device group controls can be implemented as icons, text, images, etc.

In some embodiments, the rights management interface may also include first prompt information and/or second prompt information. The first prompt information may be used to prompt the user for the identification of the application, the identification of the resource, and the access policy of the first permission information. The second prompt information may be used to prompt the user to select the device where the application is located and the device where the resource is located. The first prompt information and the second prompt information can be implemented in the form of text, image, animation, etc.

By way of example, the rights management interface can be implemented as user interface 410 shown in Figure 6A. The device controls/device group controls in the user interface 410 include: local machine (electronic device 100) icon, MatePad icon, MateBook icon, smart phone icon Watch icon, Sound X icon, Vision icon, different account device group icon, same account device group icon. In addition, when the application identifier in the first permission information is the identifier of application 1, the resource identifier is the identifier of the camera resource, and the access policy is to allow access, the first prompt information in the permission management interface can be implemented as shown in the figure The prompt information 412 in the form of text in the user interface 410 shown in 6A: "Application 1->Camera Permission" and "Authorization". The second prompt information can be implemented as prompt information 413 in the form of text in the user interface 410 as shown in Figure 6A: "Start point of drag operation -> End point of drag operation" and "First click (device where application 1 is located) -> Second click (device where the camera resource is located)".

In some embodiments, before the electronic device 100 displays the rights management interface on the display screen, security verification is also required. Security verification methods can be password verification, fingerprint verification, face verification, etc. Performing security verification can ensure that the owner of the electronic device 100 is performing application permission management at this time, thereby ensuring user privacy security.

S103. The electronic device 100 receives the second user operation on the rights management interface and determines the device 3 where the application is located and the device 4 where the resource is located.

Device 3 and device 4 may be different devices in the communication system 10 , or they may be the same device in the communication system 10 . If device 3 and device 4 are different devices in the communication system 10, then the electronic device 100 subsequently indicates the application's access policy to the device resources of the same device based on the permission information generated by device 3 and device 4. If device 3 and device 4 are the same devices in the communication system 10, then the electronic device 100 subsequently indicates the application's access policy to the device resources of other devices in the communication system 10 based on the permission information generated by device 3 and device 4.

The electronic device 100 and the device 3 may be the same device or different devices. If the electronic device 100 and the device 3 are the same device, the electronic device 100 subsequently indicates the access policy of the electronic device 100's own application to each resource in the communication system 10 based on the permission information generated by the device 3 and the device 4 . If the electronic device 100 and the device 3 are different devices, the electronic device 100 subsequently indicates the access policies of the applications of other devices in the communication system 10 for each resource in the communication system 10 based on the permission information generated by the device 3 and the device 4 .

The second user operation is the user's operation to determine device 3 and device 4 on the rights management interface.

In some embodiments, the second user operation may be that the user selects any device control/device group control and drags the device control/device group control close to any device control/device group control, so that the two device controls/devices The distance between group controls is smaller than the preset distance. At this time, the electronic device 100 can determine the electronic device/device group corresponding to the device control/device group control where the starting point of the user's drag operation is located as device 3, and the device control/device group control corresponding to the end point of the user's drag operation. The electronic device/device group is identified as device 4.

For example, when the rights management interface is implemented as the user interface 410 shown in FIG. 6A, the second user operation may be that the user selects the smart watch icon in the user interface 410 shown in FIG. 6B, and drags the smart watch icon. The watch icon is close to the icon of the local device (electronic device 100), so that the distance between the smart watch icon and the icon of the local device (electronic device 100) is less than a preset distance. At this time, the electronic device 100 may determine the smart watch as device 3 and the electronic device 100 as device 4.

In some embodiments, the second user operation may also be two user click operations on any device control/device group control in the device selection control 411 . At this time, the electronic device 100 can determine the electronic device/device group corresponding to the device control/device group control where the first click operation is located as device 3, and determine the electronic device/device group corresponding to the device control/device group control where the second click operation is located. The device/device group is identified as device 4.

For example, in the case where the rights management interface is implemented as the user interface 410 shown in FIG. 6A , the second user operation may be, for example, the user clicks twice on the MatePad icon in the user interface 410 shown in FIG. 6B . At this time, the electronic device 100 can determine that both device 3 and device 4 are MatePads.

The electronic device 100 may receive one or more second user operations, and perform the operation according to the one or more second user operations. Determine one or more groups of equipment 3 and equipment 4. Exemplarily, the electronic device 100 can determine multiple groups of devices 3 and 4 indicated by the combined information control 512 in FIG. 7A: smart watch and electronic device 100, electronic device 100 and devices with the same account, MatePad and MatePad, MatePad and electronic device. Device 100, smartwatch and MatePad.

In some embodiments, after determining a set of devices 3 and 4, the electronic device 100 may determine whether the set of devices 3 and 4 is an invalid combination. If device 3 does not have the application indicated by the application identifier in the previously generated permission information installed, or device 4 does not have the device resource indicated by the resource identifier in the previously generated permission information, then the electronic device 100 can determine that the group of devices 3 and device 4 are invalid combinations. The electronic device 100 may display a prompt box on the user interface, and the prompt box may be used to prompt the user that the group of devices 3 and 4 is an invalid combination. For example, the prompt box can be implemented as a prompt box located above the user interface 410 as shown in FIG. 6C.

After inputting the second user operation, the user can also adjust the selected device 3 and device 4 according to actual needs. Specifically, the electronic device 100 may delete device 3 and device 4 in response to user operation. The above-mentioned user operation may be, for example, the user's touch operation on the delete control in the combined information control 512 in the user interface 510 as shown in FIG. 7A . As a result, the user can flexibly adjust the selected device 3 and device 4 according to actual needs, thereby preventing the electronic device 100 from generating incorrect permission information due to user errors.

In some embodiments, the second user operation may also include the user's operation of determining resource 2 on the rights management interface. Specifically, if the resource 1 corresponding to the first permission information includes multiple secondary resources, the permission management interface may also include resource controls. The resource control can be used for users to determine resource 2 based on resource 1. The resource control can include multiple options, each option corresponding to resource 1, or a secondary resource of resource 1. Upon receiving the user's operation on the option in the resource control, the electronic device 100 may determine resource 2.

For example, camera resources may include the following sub-resources: front camera and rear camera. When the above resource 1 is a camera resource, the resource control in the permission management interface can include three options, each of which corresponds to: all cameras, front cameras, and rear cameras. Upon receiving the user's operation on the option corresponding to the front-facing camera, the electronic device 100 may determine that the resource 2 is the front-facing camera.

As a result, users can more precisely limit application permissions to access resources, effectively protecting user privacy.

In some embodiments, device 3 is determined by the second user operation, and device 4 is directly determined by the electronic device 100 as all devices in the communication system 10 . The electronic device 100 may display prompt information on the rights management interface to prompt the user that the electronic device 100 has determined that device 4 is all devices in the communication system 10 . The second user operation on the above rights management interface may be an operation in which the user only determines the device 3 on the rights management interface. Upon receiving the second user operation on the rights management interface, the electronic device 100 can determine the device 3 where the application is located. In this case, the second user operation may be an input operation performed by the user on any device control/device group control. The input operation may be a touch operation, a long press operation, etc., for example. The electronic device 100 may determine the device corresponding to the above device control/device group control as device 3.

As a result, the user can grant a certain resource on all devices in the communication system 10 to the application of the selected device, so that the user can more conveniently manage application rights.

S104. The electronic device 100 generates second permission information based on the first permission information and the above-mentioned device 3 and device 4.

The electronic device 100 may generate the second permission information based on the identification of the application, the identification of the resource and the access policy in the first permission information, as well as the above-mentioned device 3 and device 4 . Specifically, the electronic device 100 may determine the application identifier, resource identifier and access policy in the first permission information as the application identifier, resource identifier and access policy in the second permission information respectively. The electronic device 100 may determine the identification of the above-mentioned device 3 as the device where the application in the second permission information is located. The identification of the device 4 is determined as the identification of the device where the resource in the second permission information is located.

For example, the first permission information may be "identity of application 1, electronic device 100, identification of camera resource, electronic device 100, access allowed", and the first permission information indicates that application 1 of electronic device 100 is allowed to access electronic device 100 camera resources. Then, referring to FIG. 7A, the electronic device 100 can generate five pieces of second permission information based on the first permission information and the device 3 and device 4 determined by the electronic device 100. in,

Article 1 of the second permission information is "identification of application 1, smart watch, camera resource identification, electronic device 100, access allowed". This permission information is used to indicate that application 1 of the smart watch is allowed to access the camera resources of the electronic device 100 .

Article 2 The second permission information is "the identification of application 1, the identification of electronic device 100, the identification of camera resources, the identification of the device with the same account, access is allowed." This permission information is used to indicate that application 1 of electronic device 100 is allowed to access. Camera resources of devices with the same account.

The second permission information in Article 3 is "identification of application 1, identification of MatePad, identification of camera resources, identification of MatePad, access allowed." This permission information is used to indicate that application 1 of MatePad is allowed to access the camera resources of MatePad.

Article 4 The second permission information is "the identification of application 1, the identification of MatePad, the identification of the camera resource, the identification of electronic device 100, access is allowed". This permission information is used to indicate that application 1 of MatePad is allowed to access the electronic device 100. Camera resources.

The second permission information in Article 5 is "Identification of application 1, identification of smart watch, identification of camera resources, identification of MatePad, access allowed". This permission information is used to indicate that application 1 of the smart watch is allowed to access the camera resources of MatePad. .

In some embodiments, the electronic device 100 can generate the second permission information based on the first permission information and part of the device 3 and the device 4 . The above-mentioned portion of devices 3 and 4 does not include devices 3 and 4 that are determined to be invalid combinations by the electronic device 100 .

Therefore, if the electronic device 100 does not determine the invalid combination, the electronic device 100 will generate the second authority information based on the first authority information and all the above-mentioned devices 3 and 4 . At this time, the electronic device 100 predetermines the access policy for permission requests that may be encountered in the future. If the subsequent device 3 installs the application indicated by the application identifier in the second permission information, or device 4 has the application ID in the second permission information, According to the device resource indicated by the resource identifier, the electronic device 100 can use the second permission information to control resource access in the communication system 10 .

If the electronic device 100 determines that the combination is invalid, the electronic device 100 will generate second authority information based on the first authority information and part of the above-mentioned device 3 and device 4 . At this time, all the second permission information can be used to control resource access in the communication system 10, and the permission information that cannot be used temporarily will not be generated, effectively simplifying the permission information library of the device and saving the time of the device. storage.

In some embodiments, if it is determined that the electronic device 100 determines multiple groups of devices 3 and 4, the electronic device can batch generate multiple pieces of second permission information based on the first permission information and the above multiple groups of devices 3 and 4. . As a result, the electronic device 100 can generate multiple pieces of permission information in a short period of time, thereby improving the efficiency of user application permission management.

After the electronic device 100 generates the second permission information, in some embodiments, the electronic device 100 may store the generated second permission information. In some embodiments, the electronic device 100 may not store the generated second permission information.

In some embodiments, if the second user operation also includes the user's operation of determining resource 2 on the rights management interface, in this case, the electronic device 100 can separately determine the identification and access policy of the application in the first rights information. The identity and access policy of the application in the second permission information. The identifier of resource 2 is determined as the identifier of the resource in the second permission information. The electronic device 100 may determine the identification of the above-mentioned device 3 as the identification of the device where the application in the second permission information is located, and determine the above-mentioned device 4 as the identification of the device where the resource in the second permission information is located.

S105. The electronic device 100 sends the second permission information to the device 4 where the resource indicated by the second permission information is located.

The electronic device 100 may send the second permission information to the device 4 based on wired communication technology, wireless communication technology or mobile communication technology. The above wired communication technology can be coaxial cable communication, USB interface communication, RS232 serial port communication, etc. The above-mentioned wireless communication technology can be Bluetooth communication, WiFi communication, UWB communication, infrared communication, NFC, etc. The above-mentioned mobile communication methods can be 2G/3G/4G/5G communication, etc.

In some embodiments, the electronic device 100 may also send the second permission information to other devices and/or servers in the communication system 10 . Therefore, other devices and/or servers in the communication system 10 also store the second permission information, and the user can query the above-mentioned second permission information on other devices or servers in the communication system 10 to facilitate the user's access to the communication system. 10 permission information is managed.

In some embodiments, all permission information of the communication system 10 is stored in a server, and all devices in the communication system 10 can establish a connection with the server and obtain permission information based on the connection. In this case, the electronic device 100 may not send the second permission information to the device 4, but directly send the second permission information to the server.

After executing step S105, the communication system 10 may execute step S106, or step S107. in,

S106. The device 4 receives the second permission information sent by the electronic device 100, and the device 4 accepts the second permission information.

In some embodiments, after receiving the second permission information sent by the electronic device 100, the device 4 can directly accept the second permission information.

In some embodiments, after receiving the second permission information sent by the electronic device 100, the device 4 may output prompt information prompting the second permission information. Afterwards, in response to the user's confirmation operation, the electronic device 100 will accept the second permission information. The above-mentioned confirmation operation by the user may be an input operation by the user on the user interface displayed on the device 4 for prompting the second permission information. For example, after receiving the second permission information sent by the electronic device 100, the device 4 can display the user interface 530 as shown in FIG. 7C on the display screen, where the prompt information 532A can be used to prompt the user for the second permission information. In this case, the user's confirmation operation may be the user's touch operation on the confirmation button 533 when the selection box 532B is in the selected state.

In some embodiments, after device 4 accepts the second permission information, device 4 may store the second permission information, and may send a feedback message to electronic device 100. The feedback message may be used to inform electronic device 100 that device 4 has stored the second permission information. Permission information.

In some embodiments, after device 4 sends the above feedback message to electronic device 100, if electronic device 100 does not store the second permission information, then after receiving the feedback message sent by device 4, electronic device 100 can store the second permission information.

S107. The device 4 receives the second permission information sent by the electronic device 100, and the device 4 refuses to accept the second permission information.

After receiving the second permission information sent by the electronic device 100, the device 4 may output prompt information prompting the second permission information. Afterwards, in response to the user's refusal to accept the operation, the device 4 may refuse to accept the second permission information. The above-mentioned operation that the user refuses to accept may be an input operation performed by the user on the user interface displayed on the device 4 to prompt the second permission information. For example, after receiving the second permission information sent by the electronic device 100, the device 4 can display the user interface 530 as shown in FIG. 7C on the display screen, where the prompt information 532A can be used to prompt the user for the second permission information. In this case, the operation that the user refuses to accept may be the user's touch operation on the confirmation button 533 when there is at least one unchecked selection box 532B. After the device 4 refuses to accept the second permission information, the device 4 may send a feedback message to the electronic device 100, and the feedback message may be used to inform the electronic device 100 that the device 4 refuses to accept the second permission information.

After the device 4 sends the feedback message to the electronic device 100, if the electronic device 100 has stored the second permission information, then upon receiving the feedback message sent by the device 4, the electronic device 100 can delete the stored second permission information. If the electronic device 100 does not store the second permission information, then after receiving the feedback message sent by the device 4, the electronic device 100 no longer stores the second permission information.

If all permission information of the communication system 10 is stored in the server, and the electronic device 100 generates the second permission information, then sends the second permission information to the server. Then, the actions performed by the electronic device 100 in the above steps S106 and S107 are all performed by the server. (Optional) S108. The electronic device in the communication system 10 updates the permission information.

Taking the electronic device in the communication system 10 updating the second permission information as an example:

In some embodiments, after the device 4 stores the second permission information, the device 4 where the resource in the second permission information is located may update the second permission information.

In some embodiments, after the device 4 stores the second permission information, in response to the user's operation of modifying the second permission information, the device 4 may update the second permission information to the third permission information. The user's operation of modifying the second permission information may be the user's operation of modifying the access policy of the second permission information in the setting interface.

After device 4 updates the second permission information to the third permission information in response to the above user operation, device 4 may send a notification message to device 3 to inform device 3 that device 4 has updated the second permission information to the third permission information. .

In some embodiments, after the device 4 refuses to store the second permission information, in response to the user's operation of modifying the second permission information, the device 4 may modify the second permission information to the third permission information and store the third permission information. . The user's operation of modifying the second permission information may be an input operation performed by the user on the user interface displayed on the device 4 for the user to modify the second permission information. Exemplarily, after the device 4 refuses to store the second permission information, the device 4 can display the user interface 540 as shown in FIG. 7D on the display screen. The access policy controls 541A to 541C in the user interface 540 can be used to provide The user modifies the access policy of the second permission information. In this case, if the access policy of the second permission information is "allow access", in response to the user's touch operation on the access policy control 541B, the device 4 can modify the second permission information to the third permission information. The access policy for the information is "No access allowed." Afterwards, the device 4 can store the third permission information.

Afterwards, the device 4 may send a notification message to the electronic device 100 to inform the electronic device 100 that the device 4 modifies the second permission information to the third permission information. After the electronic device 100 receives the above notification message sent by the device 4, if the electronic device 100 has previously stored the second permission information, the electronic device 100 can update the second permission information to the third permission information. If the electronic device 100 has not previously stored the second permission information, the electronic device 100 can directly store the third permission information.

In some embodiments, after the electronic device 100 receives the above notification message sent by the device 4, if the electronic device 100 has sent the second permission information to other devices and/or servers in the communication system 10, then the electronic device 100 can A notification message is sent to other devices and/or servers in the communication system 10 to notify other devices and/or servers in the communication system 10 to update the second permission information to the third permission information. If the electronic device 100 has not previously sent the second permission information to other devices and/or servers in the communication system 10, the electronic device 100 may send the third permission information to other devices and/or servers in the communication system 10 at this time.

If all permission information of the communication system 10 is stored in the server, all permission information of the communication system 10 includes the second permission information.

In some embodiments, all electronic devices in the communication system 10 can update the second permission information. Taking the electronic device 100 to update the second permission information as an example, specifically, after receiving the user's operation of modifying the second permission information, the electronic device 100 updates the second permission information. The device 100 may send a notification message to the server to notify the server to update the second permission information to the third permission information. Upon receiving the above notification message, the server can update the second permission information to the third permission information. In some embodiments, updating the second permission information by an electronic device requires permission from some electronic devices in the communication system 10 . The above-mentioned part of the electronic devices may be the main device in the communication system 10 and/or the device where the resources in the second permission information are located. Taking the electronic device 100 updating the second permission information as an example. Specifically, when the server receives a notification message sent by the electronic device 100 that intends to update the second permission information to the third permission information, the server can notify the master device in the communication system 10, And/or, device 4 sends a notification message asking whether to allow the update. The device 5 that receives the above notification message may display prompt information on the display screen to prompt the user that the electronic device 100 intends to update the second permission information to the third permission information. Upon receiving the user permission/disallow update operation, the device 5 may send a return message to the server. If the return message indicates that the user permits the update, the server may update the second permission information to the third permission information. If the return message indicates that the user does not allow the update, the server can deny the update.

In some embodiments, some electronic devices in the communication system 10 can update the second permission information. Some of the electronic devices in the communication system 10 may be master devices in the communication system 10, and/or devices where the resources corresponding to the permission information are located and/or where the applications are located. Take the electronic device 100 updating the second permission information as an example. Specifically, after receiving the user's operation to modify the second permission information, the electronic device 100 can send a notification message to the server to inform the server to modify the second permission information to the third permission information. . Upon receiving the above notification message, the server can update the second permission information to the third permission information.

Therefore, the user can update the permission information in the communication system 10 according to actual needs, thereby ensuring the user's privacy and security.

S109. Each electronic device in the communication system 10 uses the locally stored permission information to control resource access in the communication system 10.

The locally stored permission information may include, for example, the first permission information or the second permission information.

Specifically, the above process may include the following steps 1 to 5:

Step 1. The electronic device 200 generates an access request.

The access request carries the identification of application 1, the identification of electronic device 200, the identification of resource 1, and the identification of electronic device 300. The access request is used to instruct application 1 in electronic device 200 to request access to resource 1 in electronic device 300.

(Optional) Step 2: Electronic device 200 authentication.

Electronic device 200 authentication is a process in which the electronic device 200 determines whether the application 1 in the electronic device 200 has the permission to access the resource 1 in the electronic device 300 based on the permission information database.

Specifically, the electronic device 200 may search the permission information database for permission information indicating the access policy of the application 1 in the electronic device 200 to the resource 1 in the electronic device 300 . If the above permission information does not exist in the permission information database, or the access policy in the permission information is "access not allowed", then the electronic device 200 can determine that the application 1 in the electronic device 200 does not have the ability to access the resources in the electronic device 300 1 permission. If the access policy in the permission information is "allow access" or "allow access under specific conditions", then the electronic device 200 can determine that the application 1 in the electronic device 200 has the permission to access the resource 1 in the electronic device 300.

If the electronic device 200 determines that the application 1 in the electronic device 200 does not have the permission to access the resource 1 in the electronic device 300, the electronic device 200 may terminate the processing of the above access request. If the electronic device 200 determines that the application 1 in the electronic device 200 has the permission to access the resource 1 in the electronic device 300, the electronic device 200 can continue to perform subsequent steps.

In some embodiments, the electronic device 200 may not perform authentication.

Step 3: The electronic device 200 sends an access request to the electronic device 300.

The electronic device 200 may send the above access request to the electronic device 300 based on wired communication technology, wireless communication technology or mobile communication technology. The above wired communication technology can be coaxial cable communication, USB interface communication, RS232 serial port communication, etc. The above-mentioned wireless communication technology can be Bluetooth communication, WiFi communication, UWB communication, infrared communication, NFC, etc. The above-mentioned mobile communication methods can be 2G/3G/4G/5G communication, etc.

Step 4: The electronic device 300 receives the access request, and the electronic device 300 authenticates.

Upon receiving the access request sent by the electronic device 200, the electronic device 300 can perform authentication. Electronic device 300 authentication is a process in which the electronic device 300 determines whether the application 1 in the electronic device 200 has the permission to access the resource 1 in the electronic device 300 based on the permission information database.

For the authentication process of the electronic device 300, reference can be made to the aforementioned authentication process of the electronic device 200, which will not be described again here.

Step 5: The electronic device 300 decides whether to respond to the access request based on the authentication result.

If the electronic device 300 authenticates and determines that the application 1 in the electronic device 200 does not have the permission to access the resource 1 in the electronic device 300, then the electronic device 300 will not respond to the access request. If the electronic device 300 authenticates and determines that application 1 in the electronic device 200 has the permission to access resource 1 in the electronic device 300, then the electronic device 300 will respond to the access request and authorize application 1 in the electronic device 200 to access the electronic device. Resources 1 in 300.

Electronic device 200 and electronic device 300 may be different devices or the same device in communication system 10 . If the electronic device 200 and the electronic device 300 are different devices, then the above access request indicates that the application requests cross-device access to resources. At this time, the electronic device 300 may display a user interface on the display screen to prompt the user that the resources of the electronic device 300 are being accessed across devices by the application of the electronic device 200 . If the electronic device 200 and the electronic device 300 are the same device, then the above access request indicates that the application requests access to the resources of the same device. At this time, the process of sending access requests between the above devices can be omitted.

In some embodiments, if the electronic device 200 and the electronic device 300 are different devices in the communication system 10, the electronic device 300 can also perform permission information in response to user operations when its resources are accessed by the application of the electronic device 200. Modifications. The above-mentioned user operation may be, for example, an operation performed by the user on an interface provided by the electronic device 300 to prompt the user that resources of the electronic device 300 are being accessed across devices by applications of the electronic device 200 . For example, in response to the user's touch operation on the prohibition button 712 in the user interface 710 as shown in FIG. 9 , the electronic device 300 may modify the access policy of the permission information to "do not allow access".

Afterwards, the electronic device 300 can send notification information to the electronic device 200 to notify the electronic device 200 to modify the permission information. In some embodiments, the electronic device 300 can also send the above notification message to electronic devices or servers in other communication systems 10 .

The various user operations mentioned in the embodiments of this application can not only be implemented as the operations illustrated in the foregoing examples, but also can be user operations implemented by the user through voice instructions, preset gestures, etc. The embodiments of this application do not limit the specific forms of various user operations.

An embodiment of the present application also provides a computer program product. When the computer program product is run on an electronic device, it causes the electronic device to execute the method in any of the foregoing embodiments.

Embodiments of the present application also provide a computer-readable storage medium. Computer program code is stored in the computer-readable storage medium. When the electronic device executes the computer program code, the electronic device executes the method in any of the foregoing embodiments. Law.

Among them, the computer program products and computer-readable storage media provided by the embodiments of the present application are all used to execute the application rights management method provided above. Therefore, the beneficial effects it can achieve can be referred to the beneficial effects in the corresponding methods provided above, and will not be described again here.

As mentioned above, the above embodiments are only used to illustrate the technical solution of the present application, but not to limit it. Although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that they can still make the foregoing technical solutions. The technical solutions described in each embodiment may be modified, or some of the technical features may be equivalently replaced; however, these modifications or substitutions do not cause the essence of the corresponding technical solutions to depart from the scope of the technical solutions in each embodiment of the present application.

Claims

An application rights management method, characterized in that the method is applied to a communication system including a first device and a fifth device, and the method includes:

The first device generates the first permission information, or the first device displays a user interface indicating the first permission information, the first permission information indicates the first application of the second device to the third device. A resource access policy;

After receiving the first operation, the first device displays a rights management interface;

After receiving the second operation on the rights management interface, the first device determines a fourth device and a fifth device, and the fourth device and the fifth device are different;

The first device generates second permission information, the second permission information indicates an access policy of the first application of the fourth device to the first resource of the fifth device, and the access policy of the first permission information The access policy is the same as the second permission information;

The first device sends the second permission information to the fifth device.
The method of claim 1, wherein the first device, the second device, and the third device are the same device; before the first device generates the first permission information, the method further includes:

The first device runs the first application;

The first device displays a first user interface provided by the first application, and the first user interface is used by the first application to request access to the first resource;

A third operation is received, the third operation is used to trigger the first device to generate the first permission information.
The method according to claim 1, characterized in that the first device, the second device and the third device are the same device; the first device displays the information indicating the first permission. The user interface is provided by the settings application of the first device.
The method according to any one of claims 1-3, characterized in that,

The rights management interface displays: one or more device controls;

The second operation includes: dragging the first device control so that the distance between the first device control and the second device control is less than a preset value; or, successively acting on the first device control and the second device control respectively. Input operation of the second device control;

Wherein, the fourth device is a device corresponding to the first device control, and the fifth device is a device corresponding to the second device control.
The method according to any one of claims 1 to 4, characterized in that after the first device sends the second permission information to the fifth device, the method further includes:

The first device sends the second permission information to the fourth device;

Alternatively, the first device sends the second permission information to a sixth device, the sixth device is different from the fifth device, and the sixth device is a device trusted by the first device;

Alternatively, the first device sends the second permission information to a server, and the server is used to manage the first device, the second device, the third device, the fourth device, and the fifth device.
The method according to any one of claims 1 to 5, characterized in that after the first device sends the second permission information to the fifth device, the method further includes:

After receiving the second permission information, the fifth device stores the second permission information.
The method according to any one of claims 1 to 5, characterized in that after the first device sends the second permission information to the fifth device, the method further includes:

The fifth device displays a second user interface, and prompt information is displayed in the second user interface. The prompt information is used to ask the user whether to allow setting of the access policy indicated by the first permission information;

The fifth device receives a fourth operation, and the fifth device stores the second permission information;

Alternatively, the fifth device receives the fifth operation, the fifth device refuses to store the second permission information, and sends a notification message to the first device, and the first device deletes the stored second permission information. Permission information.
The method according to claim 7, characterized in that after the fifth device receives the fifth operation, the method further includes:

The fifth device displays a third user interface, where one or more access policies of the first application of the fourth device to the first resource of the fifth device are displayed in the third user interface;

The fifth device receives the sixth operation, generates and stores third permission information, and the third permission information indicates the access policy of the first application of the fourth device to the first resource of the fifth device, so The access policy for the third authority information is different from the access policy for the second authority information;

The fifth device sends the third permission information to the first device;

The first device updates the stored second permission information to the third permission information.
The method according to claim 6, characterized in that:

The fourth device sends an access request to the fifth device, where the access request is used for the first application in the fourth device to request access to the first resource in the fifth device;

The fifth device displays prompt information and a second control, where the prompt information is used to prompt that the first resource in the fifth device is being accessed by the first application in the fourth device;

The fifth device receives a seventh operation acting on the second control;

The fifth device displays a fourth user interface, where one or more access policies of the first application of the fourth device to the first resource of the fifth device are displayed in the fourth user interface;

The fifth device receives the eighth operation, generates and stores fourth permission information, and the fourth permission information indicates the access policy of the first application of the fourth device to the first resource of the fifth device, so The access policy of the fourth authority information is different from the access policy of the second authority information;

The fifth device sends the fourth permission information to the first device;

The first device updates the stored second permission information to the fourth permission information.
The method according to any one of claims 1 to 9, characterized in that the second device, the third device, the fourth device, and the fifth device are all devices trusted by the first device.
The method according to any one of claims 1-10, characterized in that the access policy includes any of the following:

Access is allowed, access is not allowed, access is allowed when the third device is unlocked, and access is allowed when the first application is running in the foreground.
An electronic device, characterized in that the electronic device includes a memory and a processor, the memory is used to store a computer program, and the processor is used to call the computer program so that the electronic device executes any of claims 1-11. The method described in one item.
A computer program product containing instructions, characterized in that when the computer program product is run on an electronic device, it causes the electronic device to execute the method according to any one of claims 1-11.
A computer-readable storage medium includes instructions, characterized in that when the instructions are run on an electronic device, the electronic device causes the electronic device to execute the method described in any one of claims 1-11.