CN104462889A - Application authority management method and device - Google Patents
Application authority management method and device Download PDFInfo
- Publication number
- CN104462889A CN104462889A CN201310413834.0A CN201310413834A CN104462889A CN 104462889 A CN104462889 A CN 104462889A CN 201310413834 A CN201310413834 A CN 201310413834A CN 104462889 A CN104462889 A CN 104462889A
- Authority
- CN
- China
- Prior art keywords
- application
- application permission
- permission
- request
- indicated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
Abstract
An application authority management method includes acquiring application authority calling requests, inquiring whether application authority indicated by the application authority calling requests is a preset authorized application limit or not from an application authority database, if yes, transmitting the application authority calling requests, and if not, rejecting the application authority calling requests. Further, the invention further provides an application authority management device. By the application authority management method and device, users are allowed to customize the installed application authorities under the condition that system safety is considered, and system practicality is improved.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of application rights management method and device.
Background technology
Android system is the mainstream operation system of current intelligent mobile terminal.Based on third party application (hereinafter referred to as " the application ") substantial amounts of android system, when user installs application on mobile terminals, all can relate to and authorize this application permission generation safety problem.
In prior art, android system Android ccf layer achieves the forced symmetric centralization (MAC of application level, Mandatory Access Control), when installing application, whether prompting user authorizes the authority of this application, and user can only select all authorities of agreeing to authorize prompting, otherwise this application is installed in stopping, and authority is fixing after authorization, and user can not change voluntarily.To the mandate of all authorities, security of system is on the hazard, and user can not change authority, the practicality of influential system after application is installed.
Summary of the invention
In view of this, the invention provides a kind of application rights management method and device, under the prerequisite taking into account security of system, the authority of the mounted application of User Defined can be allowed, improve system availability.
The application rights management method that the embodiment of the present invention provides, comprising:
Application permission request is called in acquisition; In application permission database, whether the application permission called described in inquiry indicated by application permission request is preset mandate application permission; If so, then call application permission request described in transparent transmission, if not, then refusal calls described application permission.
The application rights management device that the embodiment of the present invention provides, comprising:
Acquiring unit, calls application permission request for obtaining; Query unit, in application permission database, inquires about whether the application permission called indicated by application permission request described in the acquisition of described acquiring unit is preset mandate application permission; Processing unit, if the application permission called indicated by application permission request is preset mandate application permission described in inquiring for described query unit, then calls application permission request described in transparent transmission; Described processing unit, if also for described in the application permission called indicated by application permission request be not preset mandate application permission, then refusal call described application permission.
The application rights management method that the embodiment of the present invention provides and device, what acquisition application sent calls application permission request, inquire about whether this application permission called indicated by application permission request is preset mandate application permission, if, then transparent transmission this call application permission request, if not, then refusal calls this application permission, like this, because preset mandate application permission can be arranged by user, in free management system, mounted application mandate, enhances the security of system, also enhances the practicality of system simultaneously.
For above and other object of the present invention, feature and advantage can be become apparent, preferred embodiment cited below particularly, and coordinate institute's accompanying drawings, be described in detail below.
Accompanying drawing explanation
Fig. 1 shows a kind of structured flowchart of terminal device;
Fig. 2 is the framework schematic diagram of application rights management system in the embodiment of the present invention;
Fig. 3 is an embodiment schematic diagram of application rights management method in the embodiment of the present invention;
Fig. 4 is the embodiment schematic diagram that in the embodiment of the present invention, application rights management method is another;
Fig. 5 is an embodiment schematic diagram of application rights management device in the embodiment of the present invention;
Fig. 6 is another embodiment schematic diagram of application rights management device in the embodiment of the present invention.
Embodiment
For further setting forth the present invention for the technological means that realizes predetermined goal of the invention and take and effect, below in conjunction with accompanying drawing and preferred embodiment, to according to the specific embodiment of the present invention, structure, feature and effect thereof, be described in detail as follows.
The application rights management method that the embodiment of the present invention provides can be applicable to smart mobile phone, palm PC, panel computer etc., and all possess in the mobile terminal of touch-screen, to improve security and the practicality of system.
Fig. 1 shows a kind of structured flowchart of terminal device.As shown in Figure 1, terminal device 100 comprises storer 102, memory controller 104, one or more (only illustrating one in figure) processor 106, Peripheral Interface 108, radio-frequency module 110, locating module 112, photographing module 114, audio-frequency module 116, Touch Screen 118 and key-press module 120.These assemblies are by one or more communication bus/signal wire 122 communication mutually.
Be appreciated that the structure shown in Fig. 1 is only signal, terminal device 100 also can comprise than assembly more or less shown in Fig. 1, or has the configuration different from shown in Fig. 1.Each assembly shown in Fig. 1 can adopt hardware, software or its combination to realize
Storer 102 can be used for storing software program and module, as applied right management method and programmed instruction/module corresponding to device in the embodiment of the present invention in terminal device, processor 102 is by running the software program and module that are stored in storer 104, thus perform the application of various function and data processing, namely realize the above-mentioned application rights management method improving security of system and practicality in terminal device.
Storer 102 can comprise high speed random access memory, also can comprise nonvolatile memory, as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, storer 102 can comprise the storer relative to the long-range setting of processor 106 further, and these remote memories can be connected to terminal device 100 by network.The example of above-mentioned network includes but not limited to internet, intranet, LAN (Local Area Network), mobile radio communication and combination thereof.Processor 106 and other possible assemblies can carry out the access of storer 102 under the control of memory controller 104.
Various input/output device is coupled to CPU and storer 102 by Peripheral Interface 108.Various softwares in processor 106 run memory 102, instruction are to perform the various function of terminal device 100 and to carry out data processing.
In certain embodiments, Peripheral Interface 108, processor 106 and memory controller 104 can realize in one single chip.In some other example, they can respectively by independently chip realization.
Radio-frequency module 110, for receiving and sending electromagnetic wave, realizes the mutual conversion of electromagnetic wave and electric signal, thus carries out communication with communication network or other equipment.Radio-frequency module 110 can comprise the various existing circuit component for performing these functions, such as, and antenna, radio-frequency (RF) transceiver, digital signal processor, encrypt/decrypt chip, subscriber identity module (SIM) card, storer etc.Radio-frequency module 110 can with various network as internet, intranet, wireless network carry out communication or carry out communication by wireless network and other equipment.Above-mentioned wireless network can comprise cellular telephone networks, WLAN (wireless local area network) or Metropolitan Area Network (MAN).Above-mentioned wireless network can use various communication standard, agreement and technology, include, but are not limited to global system for mobile communications (Global System for MobileCommunication, GSM), enhancement mode mobile communication technology (Enhanced Data GSMEnvironment, EDGE), Wideband CDMA Technology (wideband code division multipleaccess, W-CDMA), CDMA (Code Division Multiple Access) (Code division access, CDMA), tdma (time division multiple access, TDMA), bluetooth, adopting wireless fidelity technology (Wireless, Fidelity, WiFi) (as IEEE-USA standard IEEE 802.11a, IEEE802.11b, IEEE802.11g and/or IEEE802.11n), the networking telephone (Voice over internetprotocal, VoIP), worldwide interoperability for microwave access (Worldwide Interoperability for MicrowaveAccess, Wi-Max), other are for mail, the agreement of instant messaging and short message, and any other suitable communications protocol, even can comprise those current agreements be developed not yet.
Locating module 112 is for obtaining the current location of terminal device 100.The example of locating module 112 includes but not limited to Global Positioning System (GPS) (GPS), location technology based on WLAN (wireless local area network) or mobile radio communication.
Photographing module 114 is for taking pictures or video.Photo or the video of shooting can be stored in storer 102, and send by radio-frequency module 110.
Audio-frequency module 116 provides audio interface to user, and it can comprise one or more microphone, one or more loudspeaker and voicefrequency circuit.Voicefrequency circuit receives voice data from Peripheral Interface 108, voice data is converted to telecommunications breath, and telecommunications breath is transferred to loudspeaker.Telecommunications breath is changed the sound wave can heard into people's ear by loudspeaker.Voicefrequency circuit also from microphone receive telecommunications breath, convert electrical signals to voice data, and by data transmission in network telephony to Peripheral Interface 108 to be further processed.Voice data can obtain from storer 102 or by radio-frequency module 110.In addition, voice data also can be stored in storer 102 or by radio-frequency module 110 and send.In some instances, audio-frequency module 116 also can comprise an earphone and broadcast hole, for providing audio interface to earphone or other equipment.
Touch Screen 118 provides one simultaneously and exports and inputting interface between terminal device 100 and user.Particularly, Touch Screen 118 exports to user's display video, and the content of these video frequency output can comprise word, figure, video and combination in any thereof.Some Output rusults correspond to some user interface object.Touch Screen 118 also receives the input of user, and the gesture operation such as click, slip of such as user, so that response is made in the input of user interface object to these users.The technology detecting user's input can be based on resistance-type, condenser type or other touch control detection technology possible arbitrarily.The instantiation of Touch Screen 118 display unit includes, but are not limited to liquid crystal display or light emitting polymer displays.
Key-press module 120 provides user to carry out the interface inputted to terminal device 100 equally, and user can perform different functions by pressing different buttons to make terminal device 100.
The embodiment of the present invention expanded an application rights management system before the application permission auditing system of existing android system.Android system framework is made up of 4 levels, Linux inner core, hardware abstraction layer, Android ccf layer and application layer respectively from bottom to top layer, in the embodiment of the present invention, application rights management system is across application layer and Android ccf layer, user interface (the UI of the application rights management system interaction of user and expansion is wherein achieved in application layer, User Interface) mutual, can be the authority that user provides editing application authority, and achieve application permission examination & verification, management at Android ccf layer and store.
Refer to Fig. 2, in the embodiment of the present invention, 4 nucleus modules of application rights management system are: application permission detector 201, application rights management device 202, application permission storer 203, actuator 204.
In android system, send application permission call request during application start to target element, the application rights management system in the present embodiment can be forced to trigger before this application permission call request is performed by existing application permission auditing system.Specific implementation can be, arrange after ActivityManagerService class receives application permission call request in system and run relevant environmental variance to this application, as the space size shared by this application operation, and call the authority that application is initiated in its inner checkPermission method inspection request.Application rights management method in the embodiment of the present invention places a guidance function in the most beginning of checkPermission method, it can be specifically Hook Function, also interception function is claimed, during so each systems inspection request application permission, first capital is introduced into application rights management system, by the examination & verification of application rights management system temporarily adapter authority.
Application permission detector 201 is placed on the module of the Hook Function of checkPermission method head for running, can be regarded as the entrance of application rights management system, after application permission call request is initiated in application, the authority whether this application have request call is inquired about to application rights management device 202, determine directly to refuse this application permission call request according to Query Result, or this application permission call request is passed through the existing authentication system of Android, do not do any process by this application permission call request and pass to the existing authentication system of Android.
Application rights management device 202 carries out associative operation with the permissions data in application permission storer 203, application rights management device 202 comprises the fundamental operation such as increase, deletion, amendment to rights database, can the authority inquiry of response application scope check device 201 and interactive interface 205, edit requests.
Application permission storer 203 stores the database relevant to application permission.Particularly, application permission database can adopt SQLite integrated in android system as database support.SQLite is a embedded database, and it supports SQL query, and only takies little internal memory.In rights database, storing the application permission list for recording application permission respectively and recording the installation permissions list applied.
Actuator 204 can the instruction that sends of response application rights manager 202, terminates the current any application run.
In the embodiment of the present invention, application rights management system also comprises interactive interface 205, interactive interface 205 is the application being in application layer based on Android Development of Framework, user can be allowed by UI interface, the authorization privilege of arbitrarily application in system increased, deletes, revise, the operation such as classification.User will be saved in application permission storer 203 by application rights management device 202 in the edited result of interactive interface 205.
Android system existing application permission auditing system 206 is existing independently, the complete application permission auditing systems of android system.In order to ensure the compatibility with existing android system, remain the existing application permission auditing system of android system, the application permission call request that application sends is after auditing by the application permission auditing system in the embodiment of the present invention, this is called authority request and continues going down by application permission detector 201, enters android system existing application permission auditing system and carries out original auditing flow.
Refer to Fig. 3, an embodiment of the application rights management method in the embodiment of the present invention comprises:
301, application permission request is called in acquisition;
What application permission detector acquisition application was initiated calls application permission request.
Particularly, when application runs, target element is sent and call application permission request, arrange after ActivityManagerService class receives authority call request in system and run relevant environmental variance to this application, and call the authority that application is initiated in its inner checkPermission method inspection request.Under the effect of the Hook Function placed in the most beginning of checkPermission method, intercept and capture this by this Hook Function application permission detector and call application permission request.
302, in application permission database, inquire about whether this application permission called indicated by application permission request is preset mandate application permission;
Application permission detector arranges relating environment values according to the application permission request of calling obtained, by application rights management device in application permission database, whether the application permission called described in inquiry indicated by application permission request is the preset application permission of being authorized.In application permission database, the grant column list of application permission can be stored, allow when recording which application permission in this grant column list to call, also can store the refusal grant column list of application permission, in this refusal grant column list, record which application permission do not allow to call.Operate in application some authorities that backstage obtains system, some application permission relates to the privacy of individual, also serious critical information safety, and prerequisite authority when not being this application operation, just can not allow this application call.As, when application of listening to the music runs, the authority obtaining customer position information and read associated person information is called in this application application of listening to the music, and the application of not listening to the music of these two authorities runs necessary, and relate to individual privacy information, acquisition customer position information and these two authority records of reading associated person information can be listened to the music in the banned list of application permission at this.In the grant column list of application permission or the refusal grant column list of application permission, there is corresponding relation in authority and application, that is, specific authority of authorizing or refuse to authorize is for application-specific, and is not suitable for all application.
Preset mandate application permission, can be that user is self-defining by the interactive interface of system, also can be server push.
303, if so, then transparent transmission this call application permission request, if not, then refusal call this application permission.
If inquiring this application permission called indicated by application permission request is preset mandate application permission, then application permission detector transparent transmission this call application permission request, make this call application permission request and continue examination & verification by the existing application permission auditing system of android system.Transparent transmission, does not namely do any process to the data received, and directly forwards these data, and in the present embodiment, application permission detector does not call application permission request do any process to this, but directly sends to the existing application permission auditing system of android system.
If inquiring this application permission called indicated by application permission request is not preset mandate application permission, then application permission detector refusal calls this application permission.Concrete, scope check device is dished out by SecurityException class the exception of the information that denies with examination & verification, and the application that this exception is suggested request receives and trigger erroneous prompt window is shown to user, points out user to apply application and calls authority extremely.As, position application application is called and is obtained current location authority, and to obtain current location authority be not preset mandate application permission, then application permission detector refusal is adjusted and obtained current location authority, dish out and deny the exception of information with examination & verification, and show error message in the window to user.
In the embodiment of the present invention, what acquisition application sent calls application permission request, inquire about whether this application permission called indicated by application permission request is preset mandate application permission, if, then transparent transmission this call application permission request, this calls application permission request to continue examination & verification by the existing application permission auditing system of android system, if not, then refusal calls this application permission, like this, it is audited to applying calling before application permission request is audited of sending at the existing application permission auditing system of android system, because preset mandate application permission can be arranged by user, mounted application mandate in free management system, enhance the security of system, also enhance the practicality of system simultaneously.And keep the compatibility with the existing application permission auditing system of android system.
Describe the application rights management method in the embodiment of the present invention below with another embodiment in detail, refer to Fig. 4, with aforementioned embodiment illustrated in fig. 3 unlike, in application permission database, store the permissions list of application and the permissions list of application permission.
Wherein, in the permissions list of this application, the authority had applied in record, the permissions list of this application can be divided into two classes, the first kind is the list of application of authorizing, the safe class of the application of recording in the list of application of this mandate is highest, all authority request of this application call are directly by examination & verification, and Equations of The Second Kind is the list of application that refusal is authorized, and this authority request breaking off relations the application call recorded in the list of application of mandate can directly be refused.As, in the list of application of authorizing, record instant messaging application, then this instant messaging is applied send all and is called application permission request all by examination & verification.And record in the list of application of authorizing at refusal and pay application, then what this payment application sent allly calls application permission request and is not all rejected by examination & verification and calls.
The permissions list of every application permission of application is recorded in the permissions list of this application permission, in order to save storage space, can the authority of a register reject mandate in the permissions list of this application permission, only otherwise in the permissions list of this application permission, be namely defined as the application permission that can authorize.Understandable, also can record the authority of mandate, the authority of mandate and the authority of refusal mandate can also be recorded, according to the character of the authority recorded in the permissions list of this application permission simultaneously, and make the judgement whether with authorization privilege, do not do concrete restriction herein.
When applying operation, this is applied in some authorities that backstage obtains system, some authority relates to the privacy of individual, also serious critical information safety, so install security classes application, it is necessary for limiting some some authorities of application acquisition, specifically can determine according to actual conditions, many application permissions can be refused.Such as, mobile phone communication authority refers to that application can monitor whether mobile phone is making a phone call, comprise incoming call or remove electricity, so that perform the action of application, if the music that is applied as of current operation is applied, when incoming call having been detected or removed electricity, this music applies then operation suspension, and mobile phone preferentially performs operation of making a phone call.For another example, obtain the authority of customer location, then the GPS (GPS according to mobile phone itself, Global Positioning System) location or the position of architecture user, this function is necessary for navigation type application, so the authority of this acquisition customer location is irrecusable.If refusal, then system throw exception information, display miscue window is to user.
Further, step 302 in application permission database, whether inquire about this application permission called indicated by application permission request be preset mandate application permission also can be:
402, according to the permissions list of the application in application permission database and the permissions list of application permission, inquire about whether this application permission called indicated by application permission request is preset mandate application permission.
Particularly, application permission detector initiates inquiry request to application rights management device, this application rights management device is inquired about this and is called the classification be applied in the permissions list of this application indicated by application permission request in application permission database, and Query Result is fed back to application permission detector, if indicated application belongs to the application of mandate, then application permission detector transparent transmission this call application permission request, if indicated application belongs to the application that refusal is authorized, then application permission detector refusal calls this application permission.If indicated application does not belong to the application of mandate or the application of refusal mandate, then application permission detector by application rights management device inquire about this application permission called indicated by application permission request whether belong in the permissions list of this application permission refuse authorize authority, if, then application permission detector refusal calls this application permission, if not, then application permission detector transparent transmission this call application permission request.
Application rights management method in the embodiment of the present invention also comprises: application rights management device is in response to the sort operation of user to the authority of application, by the name information corresponding record of this application in the permissions list of this different classes of application, this name information can be mark Apply Names information, as this Apply Names English name, identify this Apply Names ID numbering etc.To the sort operation of authority of application, be the operation for application, after an application is classified, under its all authority is all attributed to the classification of division, that is, application is classified as the application of authorizing, then all authorities of this application all belong to the authority of mandate.
Application rights management method in the embodiment of the present invention also comprises: application rights management device is in response to the alter operation of user to application permission, change application permission, and the information of application permission after changing is recorded in the permissions list of the application permission of this application correspondence, increase to application permission, deletion, amendment are comprised to the permission modification operation of application permission.To the alter operation of application permission, be only for the operation of the single authority of application, the change of single authority do not affected to other authorities of the application of its correspondence.
Particularly, interactive interface can be made up of following 3 Activity: the GroupActivity that the ListActivity for installation application all in list display system, the EditActivity for editing application authority, the classification of realization application authorization type are edited.User according to the list of application installed shown by ListActivity, can be edited the authority of the application of having installed.
User is by the sort operation of interactive interface to the authority of application mounted in system for the response of application rights management device, and by the title corresponding record of this application in the permissions list of different classes of application, as, A application class is the application of mandate by interactive interface by user, it is the application that refusal is authorized by B application class, then the title that A applies is recorded in the list of application of mandate by application rights management device, the title that B applies is recorded in the list of application of refusal mandate.
The operation such as increase, deletion, amendment that application rights management device response user is carried out each authority of having installed application in system by interactive interface, and change application permission accordingly, and the information of the application permission after change is saved in application permission storer, be recorded in the permissions list of the application permission of this application correspondence.As, the authority refusing in the application permission list of certain application to authorize has 5, and after user increases by 1 authority, the authority refusing to authorize in this application permission list changes to 6.
Further, application rights management method in the embodiment of the present invention also comprises: the operation of deleting application permission in response to this user, whether the application inquiring about the operation correspondence of this deletion application permission is just in operation, and if so, then terminates the process of the application run.Particularly, when user deletes an application permission at interactive interface, if this authority of this application is used, then cannot realize this deletion action, now, whether the application that the operation correspondence of this deletion application permission inquired about by application rights management device is just in operation, if, then send order to actuator, this actuator terminates the process of the application run according to this order.
In the embodiment of the present invention, in response to the sort operation of user to the authority of application, by the name information corresponding record of this application in the permissions list of different classes of application, in response to user, application permission is changed to the alter operation of application permission, and the information of the application permission after change is recorded in the permissions list of corresponding application permission, like this, user can pass through interactive interface editing application authority voluntarily, mounted application mandate in management system, enhance the security of system, also enhance the practicality of system simultaneously.
Application rights management device in the embodiment of the present invention is described below, refers to Fig. 5, an embodiment of the application rights management device in the embodiment of the present invention comprises:
Acquiring unit 501, calls application permission request for obtaining;
Query unit 502, in application permission database, whether this application permission called indicated by application permission request inquiring about the acquisition of this acquiring unit 501 is preset mandate application permission;
Processing unit 503, if inquiring this application permission called indicated by application permission request for this query unit 502 is preset mandate application permission, then transparent transmission this call application permission request;
Processing unit 503, if also inquiring this application permission called indicated by application permission request for this query unit 502 is not preset mandate application permission, then refusal calls this application permission.
In the embodiment of the present invention application rights management device each functional unit realize the detailed process of respective function, refer to embodiment illustrated in fig. 3 in specific descriptions process, repeat no more herein.
In the embodiment of the present invention, what acquiring unit 501 acquisition application sent calls application permission request, query unit 502 inquires about whether this application permission called indicated by application permission request is preset mandate application permission, if indicated application permission is preset mandate application permission, processing unit 503 transparent transmissions this call application permission request, this calls application permission request to continue examination & verification by the existing application permission auditing system of android system, if indicated application permission is not preset mandate application permission, processing unit 503 refusals call this application permission, like this, it is audited to applying calling before application permission request is audited of sending at the existing application permission auditing system of android system, because preset mandate application permission can be arranged by user, mounted application mandate in free management system, enhance the security of system, also enhance the practicality of system simultaneously.And keep the compatibility with the existing application permission auditing system of android system.
Refer to Fig. 6, an embodiment of the application rights management device in the embodiment of the present invention comprises:
Acquiring unit 601, calls application permission request for obtaining;
Further, acquiring unit 601, calls application permission request for being intercepted and captured this by Hook Function;
Query unit 602, in application permission database, whether this application permission called indicated by application permission request inquiring about the acquisition of this acquiring unit 601 is preset mandate application permission;
Processing unit 603, if inquiring this application permission called indicated by application permission request for this query unit 602 is preset mandate application permission, then transparent transmission this call application permission request;
Processing unit 603, if also inquiring this application permission called indicated by application permission request for this query unit 602 is not preset mandate application permission, then refusal calls this application permission.
The permissions list of application and the permissions list of application permission is stored in this application permission database.
Application rights management device in the embodiment of the present invention can further include: record cell 604, changing unit 605, end unit 606.
Particularly, record cell 604, in response to the sort operation of user to the authority of application, by the authority corresponding record of application in the permissions list of different classes of application.
Changing unit 605, in response to the alter operation of user to application permission, changes application permission;
Record cell 604, also for the information of the application permission after change being recorded in the permissions list of corresponding application permission.
Query unit 602, also call application indicated by application permission request for inquiring about this, classification in the permissions list of this application, if indicated application belongs to the application of mandate, processing unit 603 transparent transmissions this call application permission request, if indicated application belongs to the application that refusal is authorized, processing unit 603 refusals call this application permission;
Query unit 602, if also do not belong to the application of mandate or the application of refusal mandate for indicated application, then inquires about indicated application permission and whether belongs in the permissions list of application permission the authority of refusing to authorize.If so, processing unit 603 refusals call this application permission, if not, processing unit 603 application permission detector transparent transmissions this call application permission request.
Further, query unit 602, also for deleting the operation of application permission in response to user, whether the application inquiring about the operation correspondence of this deletion application permission is just in operation;
End unit 606, if be just in operation for the application that the limiting operation of this deletion application is corresponding, then terminates the process of the application run.
In the embodiment of the present invention application rights management device each functional unit realize the detailed process of respective function, refer to Fig. 3 and embodiment illustrated in fig. 4 in specific descriptions process, repeat no more herein.
In the embodiment of the present invention, record cell 604 is in response to the sort operation of user to the authority of application, by the name information corresponding record of this application in the permissions list of different classes of application, in response to user, application permission is changed to the alter operation of application permission, and the information of the application permission after change is recorded in the permissions list of corresponding application permission, like this, user can pass through interactive interface editing application authority voluntarily, mounted application mandate in management system, enhance the security of system, also enhance the practicality of system simultaneously.
It should be noted that, each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.For device class embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
It should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or device and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or device.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the device comprising described key element and also there is other identical element.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be ROM (read-only memory), disk or CD etc.
The above, it is only preferred embodiment of the present invention, not any pro forma restriction is done to the present invention, although the present invention discloses as above with preferred embodiment, but and be not used to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, make a little change when the technology contents of above-mentioned announcement can be utilized or be modified to the Equivalent embodiments of equivalent variations, in every case be do not depart from technical solution of the present invention content, according to any simple modification that technical spirit of the present invention is done above embodiment, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (14)
1. an application rights management method, is characterized in that, comprising:
Application permission request is called in acquisition;
In application permission database, whether the application permission called described in inquiry indicated by application permission request is preset mandate application permission;
If so, then call application permission request described in transparent transmission, if not, then refusal calls described application permission.
2. method according to claim 1, is characterized in that, described acquisition is called application permission request and comprised:
Application permission request is called described in being intercepted and captured by Hook Function.
3. method according to claim 1, is characterized in that, stores the permissions list of application and the permissions list of application permission in described application permission database.
4. method according to claim 3, is characterized in that, described method also comprises:
In response to the sort operation of user to the authority of application, by the name information corresponding record of described application in the permissions list of different classes of described application.
5. method according to claim 3, is characterized in that, described method also comprises:
In response to the alter operation of described user to application permission, change application permission, and the information of the application permission after change is recorded in the permissions list of corresponding described application permission.
6. method according to claim 3, is characterized in that, described in application permission database, and whether the application permission called described in inquiry indicated by application permission request is that preset mandate application permission comprises:
The classification be applied in the permissions list of described application indicated by application permission request is called described in inquiry;
If indicated application belongs to the application of mandate, then perform the step calling application permission request described in transparent transmission, if indicated application belongs to the application that refusal is authorized, then perform the step that refusal calls described application permission, if the application of described instruction does not belong to the application of described mandate or the application of described refusal mandate, then inquire about indicated application permission and whether belong in the permissions list of described application permission the authority of refusing to authorize, if, then perform the step that refusal calls described application permission, if not, then the step calling application permission request described in transparent transmission is performed.
7. the method according to any one of claim 1 to 6, is characterized in that, described method also comprises:
Delete the operation of application permission in response to described user, whether the application inquiring about the operation correspondence of described deletion application permission is just in operation;
If so, the process of the application run then is terminated.
8. an application rights management device, is characterized in that, comprising:
Acquiring unit, calls application permission request for obtaining;
Query unit, in application permission database, inquires about whether the application permission called indicated by application permission request described in the acquisition of described acquiring unit is preset mandate application permission;
Processing unit, if the application permission called indicated by application permission request is preset mandate application permission described in inquiring for described query unit, then calls application permission request described in transparent transmission;
Described processing unit, if the application permission called indicated by application permission request is not preset mandate application permission described in also inquiring for described query unit, then refusal calls described application permission.
9. device according to claim 8, is characterized in that,
Described acquiring unit, also calls application permission request described in being intercepted and captured by Hook Function.
10. device according to claim 8, is characterized in that,
The permissions list of application and the permissions list of application permission is stored in described application permission database.
11. devices according to claim 9, is characterized in that, described device also comprises:
Record cell, in response to the sort operation of user to the authority of application, by the authority corresponding record of described application in the permissions list of different classes of described application.
12. devices according to claim 10, is characterized in that, described device also comprises:
Changing unit, in response to the alter operation of described user to application permission, changes application permission;
Described record cell, also for the information of the application permission after change being recorded in the permissions list of corresponding described application permission.
13. devices according to claim 11, is characterized in that,
Described query unit, also for calling the classification be applied in the permissions list of described application indicated by application permission request described in inquiring about;
Described query unit, if also do not belong to the application of mandate or the application of refusal mandate for indicated application, then inquires about indicated application permission and whether belongs in the permissions list of described application permission the authority of refusing to authorize.
Device described in 14. any one of according to Claim 8 to 13, is characterized in that,
Described query unit, also for deleting the operation of application permission in response to described user, whether the application inquiring about the operation correspondence of described deletion application permission is just in operation;
Described device also comprises:
End unit, if be just in operation for the application that the limiting operation of described deletion application is corresponding, then terminates the process of the application run.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310413834.0A CN104462889B (en) | 2013-09-12 | 2013-09-12 | A kind of application rights management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310413834.0A CN104462889B (en) | 2013-09-12 | 2013-09-12 | A kind of application rights management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104462889A true CN104462889A (en) | 2015-03-25 |
| CN104462889B CN104462889B (en) | 2019-04-30 |
Family
ID=52908916
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310413834.0A Active CN104462889B (en) | 2013-09-12 | 2013-09-12 | A kind of application rights management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104462889B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105205413A (en) * | 2015-10-26 | 2015-12-30 | 青岛海信移动通信技术股份有限公司 | Data protecting method and device |
| CN105577906A (en) * | 2015-04-08 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Multisystem terminal notification message prompting method and device |
| CN105657550A (en) * | 2016-02-04 | 2016-06-08 | 四川长虹电器股份有限公司 | Audio and video security permission management system in Android television system |
| CN106156605A (en) * | 2016-06-14 | 2016-11-23 | 百度在线网络技术(北京)有限公司 | The processing method and processing device of application permission |
| CN106293391A (en) * | 2016-07-29 | 2017-01-04 | 宇龙计算机通信科技(深圳)有限公司 | Freezing or defreezing method, device and mobile terminal of application |
| CN106527665A (en) * | 2016-11-11 | 2017-03-22 | 深圳天珑无线科技有限公司 | Power consumption control method and apparatus |
| CN107016262A (en) * | 2015-11-13 | 2017-08-04 | 阿里巴巴集团控股有限公司 | Application program right management method and client |
| CN107169350A (en) * | 2017-05-10 | 2017-09-15 | 国网江苏省电力公司电力科学研究院 | A kind of detection and blocking-up method for Mobile solution using abnormal authority |
| CN107967423A (en) * | 2016-10-20 | 2018-04-27 | 腾讯科技(深圳)有限公司 | The method and terminal device of a kind of authority acquiring |
| CN108268798A (en) * | 2017-06-30 | 2018-07-10 | 勤智数码科技股份有限公司 | A kind of data item authority distributing method and system |
| CN108416207A (en) * | 2018-03-07 | 2018-08-17 | 北京元心科技有限公司 | Bluetooth access right discrimination method, device and mobile terminal |
| CN108804938A (en) * | 2018-06-14 | 2018-11-13 | 北京金山安全软件有限公司 | Authority detection method and device, electronic equipment and readable storage medium |
| CN109076126A (en) * | 2017-03-21 | 2018-12-21 | 华为技术有限公司 | Permission update method and terminal device |
| CN109151385A (en) * | 2018-08-22 | 2019-01-04 | 苏宁易购集团股份有限公司 | A kind of Multifunctional camera system and implementation method |
| CN109815679A (en) * | 2018-12-26 | 2019-05-28 | 维沃移动通信有限公司 | Right management method and mobile terminal |
| CN110532764A (en) * | 2019-08-19 | 2019-12-03 | 维沃移动通信有限公司 | A kind of method, mobile terminal and the readable storage medium storing program for executing of permission processing |
| CN111261200A (en) * | 2020-01-23 | 2020-06-09 | 奇安信科技集团股份有限公司 | Burning equipment control method and device based on kernel and electronic equipment |
| CN111274554A (en) * | 2020-02-10 | 2020-06-12 | 广州虎牙科技有限公司 | API calling method, device, equipment and medium of applet |
| CN114818987A (en) * | 2022-06-20 | 2022-07-29 | 中山大学深圳研究院 | Processing method, device and system of scientific and technological service data |
| CN118629053A (en) * | 2024-06-05 | 2024-09-10 | 汉唐信通(北京)科技有限公司 | Image classification and identification system based on multi-cooperative neural network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060407A (en) * | 2007-05-22 | 2007-10-24 | 上海众恒信息产业有限公司 | User access authorization management method and system |
| CN102289633A (en) * | 2011-09-02 | 2011-12-21 | 广东欧珀移动通信有限公司 | Method for managing dynamic permission of application program under Android platform |
| CN102521548A (en) * | 2011-11-24 | 2012-06-27 | 中兴通讯股份有限公司 | Method for managing using rights of function and mobile terminal |
-
2013
- 2013-09-12 CN CN201310413834.0A patent/CN104462889B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060407A (en) * | 2007-05-22 | 2007-10-24 | 上海众恒信息产业有限公司 | User access authorization management method and system |
| CN102289633A (en) * | 2011-09-02 | 2011-12-21 | 广东欧珀移动通信有限公司 | Method for managing dynamic permission of application program under Android platform |
| CN102521548A (en) * | 2011-11-24 | 2012-06-27 | 中兴通讯股份有限公司 | Method for managing using rights of function and mobile terminal |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577906B (en) * | 2015-04-08 | 2019-06-11 | 宇龙计算机通信科技(深圳)有限公司 | A kind of reminding method and device of multisystem terminal notification message |
| CN105577906A (en) * | 2015-04-08 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Multisystem terminal notification message prompting method and device |
| CN105205413B (en) * | 2015-10-26 | 2018-05-18 | 青岛海信移动通信技术股份有限公司 | A kind of guard method of data and device |
| CN105205413A (en) * | 2015-10-26 | 2015-12-30 | 青岛海信移动通信技术股份有限公司 | Data protecting method and device |
| CN107016262A (en) * | 2015-11-13 | 2017-08-04 | 阿里巴巴集团控股有限公司 | Application program right management method and client |
| CN105657550A (en) * | 2016-02-04 | 2016-06-08 | 四川长虹电器股份有限公司 | Audio and video security permission management system in Android television system |
| CN106156605A (en) * | 2016-06-14 | 2016-11-23 | 百度在线网络技术(北京)有限公司 | The processing method and processing device of application permission |
| CN106293391A (en) * | 2016-07-29 | 2017-01-04 | 宇龙计算机通信科技(深圳)有限公司 | Freezing or defreezing method, device and mobile terminal of application |
| CN106293391B (en) * | 2016-07-29 | 2020-04-07 | 宇龙计算机通信科技(深圳)有限公司 | Freezing or unfreezing method and device for application and mobile terminal |
| CN107967423A (en) * | 2016-10-20 | 2018-04-27 | 腾讯科技(深圳)有限公司 | The method and terminal device of a kind of authority acquiring |
| CN107967423B (en) * | 2016-10-20 | 2020-12-04 | 腾讯科技(深圳)有限公司 | Permission obtaining method and terminal equipment |
| CN106527665A (en) * | 2016-11-11 | 2017-03-22 | 深圳天珑无线科技有限公司 | Power consumption control method and apparatus |
| CN109076126B (en) * | 2017-03-21 | 2020-09-18 | 华为技术有限公司 | Permission updating method and terminal equipment |
| CN109076126A (en) * | 2017-03-21 | 2018-12-21 | 华为技术有限公司 | Permission update method and terminal device |
| CN107169350A (en) * | 2017-05-10 | 2017-09-15 | 国网江苏省电力公司电力科学研究院 | A kind of detection and blocking-up method for Mobile solution using abnormal authority |
| CN108268798B (en) * | 2017-06-30 | 2023-09-05 | 勤智数码科技股份有限公司 | Data item authority allocation method and system |
| CN108268798A (en) * | 2017-06-30 | 2018-07-10 | 勤智数码科技股份有限公司 | A kind of data item authority distributing method and system |
| CN108416207A (en) * | 2018-03-07 | 2018-08-17 | 北京元心科技有限公司 | Bluetooth access right discrimination method, device and mobile terminal |
| CN108804938A (en) * | 2018-06-14 | 2018-11-13 | 北京金山安全软件有限公司 | Authority detection method and device, electronic equipment and readable storage medium |
| CN109151385B (en) * | 2018-08-22 | 2021-04-23 | 南京苏宁软件技术有限公司 | Multifunctional camera system and implementation method |
| CN109151385A (en) * | 2018-08-22 | 2019-01-04 | 苏宁易购集团股份有限公司 | A kind of Multifunctional camera system and implementation method |
| CN109815679A (en) * | 2018-12-26 | 2019-05-28 | 维沃移动通信有限公司 | Right management method and mobile terminal |
| CN109815679B (en) * | 2018-12-26 | 2021-03-23 | 维沃移动通信有限公司 | Authority management method and mobile terminal |
| CN110532764A (en) * | 2019-08-19 | 2019-12-03 | 维沃移动通信有限公司 | A kind of method, mobile terminal and the readable storage medium storing program for executing of permission processing |
| CN111261200A (en) * | 2020-01-23 | 2020-06-09 | 奇安信科技集团股份有限公司 | Burning equipment control method and device based on kernel and electronic equipment |
| CN111261200B (en) * | 2020-01-23 | 2021-08-20 | 奇安信科技集团股份有限公司 | Burning equipment control method and device based on kernel and electronic equipment |
| CN111274554A (en) * | 2020-02-10 | 2020-06-12 | 广州虎牙科技有限公司 | API calling method, device, equipment and medium of applet |
| CN114818987A (en) * | 2022-06-20 | 2022-07-29 | 中山大学深圳研究院 | Processing method, device and system of scientific and technological service data |
| CN114818987B (en) * | 2022-06-20 | 2022-11-08 | 中山大学深圳研究院 | Processing method, device and system of scientific and technological service data |
| CN118629053A (en) * | 2024-06-05 | 2024-09-10 | 汉唐信通(北京)科技有限公司 | Image classification and identification system based on multi-cooperative neural network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104462889B (en) | 2019-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104462889A (en) | Application authority management method and device | |
| US8494486B2 (en) | System and method for securely managing data stored on mobile devices, such as enterprise mobility data | |
| US9549329B2 (en) | Remotely configurable mobile wireless access point device | |
| US20190007840A1 (en) | SIM Level Mobile Security | |
| CN113158198B (en) | Access control method, device, terminal equipment and storage medium | |
| US10868877B2 (en) | Single interface for activating IOT devices to network data plans | |
| US20140373184A1 (en) | Mobile device persistent security mechanism | |
| US20150358331A1 (en) | Identity management, authorization and entitlement framework | |
| US20130227664A1 (en) | Central biometric verification service | |
| WO2013008048A1 (en) | Method and apparatus for provisioning network access credentials | |
| CN109416800B (en) | Authentication method of mobile terminal and mobile terminal | |
| CN103108074A (en) | Apparatus and method for securing mobile terminal | |
| US11722895B2 (en) | Radio frequency communications detection for subscriber access control | |
| CN104281950A (en) | Method and device for improving electronic payment safety | |
| US20160314292A1 (en) | Security verification method and apparatus | |
| CN114245381B (en) | Controlling device access to slices in a 5G network | |
| CN110941821A (en) | Data processing method, device and storage medium | |
| CN103548373A (en) | Methods and apparatuses for lawful interception through a subscription manager | |
| US8345829B2 (en) | Authentication of a user to a telephonic communication device | |
| CN105577375A (en) | Identity authentication method and device | |
| US9047470B2 (en) | Secure provisioning of commercial off-the-shelf (COTS) devices | |
| CN104579665A (en) | Authentication method and device | |
| CN109076126B (en) | Permission updating method and terminal equipment | |
| KR20050096114A (en) | System and method for distributed authorization for access to communications device | |
| CN112163192A (en) | root authority acquisition method, root authority acquisition device, root authority acquisition medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |