[go: up one dir, main page]

CN104200159B - Configure the method and device of the authority of application program - Google Patents

Configure the method and device of the authority of application program Download PDF

Info

Publication number
CN104200159B
CN104200159B CN201410453132.XA CN201410453132A CN104200159B CN 104200159 B CN104200159 B CN 104200159B CN 201410453132 A CN201410453132 A CN 201410453132A CN 104200159 B CN104200159 B CN 104200159B
Authority
CN
China
Prior art keywords
application program
authority
installation
information
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410453132.XA
Other languages
Chinese (zh)
Other versions
CN104200159A (en
Inventor
庄庆
宋爽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201410453132.XA priority Critical patent/CN104200159B/en
Publication of CN104200159A publication Critical patent/CN104200159A/en
Application granted granted Critical
Publication of CN104200159B publication Critical patent/CN104200159B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

本发明公开了一种配置应用程序的权限的方法及装置。其中的方法包括:应用程序层通过监听模块,对框架层中安装所述应用程序的行为进行监听通过所述监听确定正在安装或待安装的应用程序,获取到包含所述应用程序的安装类型以及权限信息的安装包信息;通过所述安装类型确定为升级安装或覆盖时,利用所述权限信息对所述应用程序的权限进行配置。本发明能够免除用户升级软件后需重新配置软件权限的困扰。

The invention discloses a method and a device for configuring permissions of application programs. The method includes: the application layer monitors the behavior of installing the application program in the framework layer through the monitoring module, and determines the application program being installed or to be installed through the monitoring module, and obtains the installation type containing the application program and The installation package information of the authority information; when the installation type is determined to be upgrade installation or overwriting, the authority information is used to configure the authority of the application program. The invention can avoid the trouble of reconfiguring the software authority after the user upgrades the software.

Description

配置应用程序的权限的方法及装置Method and device for configuring permissions of application programs

技术领域technical field

本发明涉及移动终端技术领域,具体涉及一种配置应用程序的权限的方法及装置。The invention relates to the technical field of mobile terminals, in particular to a method and device for configuring permissions of application programs.

背景技术Background technique

作为全球最流行的移动操作系统,安卓(Android)已经具有了数以亿计的用户。Android系统中的应用程序(软件)要执行某些关键操作时,都必须申请相应的权限。鉴于很多Android系统的应用程序会申请许多非必要的权限,例如发送短信、读取联系人等重要隐私权限,这有可能给用户带来隐私泄露和财产丢失的风险。所以当今某些Android平台的安全软件提供了应用程序权限管理功能,用户可根据自己的使用需要,自行配置应用程序的权限,避免隐私泄露。As the most popular mobile operating system in the world, Android already has hundreds of millions of users. When the application programs (software) in the Android system want to perform some key operations, they must apply for corresponding permissions. In view of the fact that many Android system applications will apply for many unnecessary permissions, such as important privacy permissions such as sending text messages and reading contacts, this may bring risks of privacy leakage and property loss to users. Therefore, some security software on the Android platform today provides an application permission management function, and users can configure application permissions according to their own needs to avoid privacy leaks.

然而,当用户配置好权限的应用程序升级之后,应用程序的权限将恢复成为默认配置,用户需要重新配置该应用程序的所有权限,这对于用户来说十分麻烦而且不人性化。However, when the application program with permissions configured by the user is upgraded, the application permissions will be restored to the default configuration, and the user needs to reconfigure all permissions of the application program, which is very troublesome and inhumane for the user.

发明内容Contents of the invention

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的配置应用程序的权限的方法及装置。In view of the above problems, the present invention is proposed to provide a method and device for configuring permissions of application programs that overcome the above problems or at least partially solve the above problems.

依据本发明的一个方面,提供一种配置应用程序的权限的方法,包括:应用程序层通过监听模块,对框架层中安装所述应用程序的行为进行监听;通过所述监听确定正在安装或待安装的应用程序,获取到包含所述应用程序的安装类型以及权限信息的安装包信息;通过所述安装类型确定安装行为为升级安装或覆盖安装时,利用所述权限信息对所述应用程序的权限进行配置。According to one aspect of the present invention, a method for configuring application permissions is provided, including: the application layer monitors the behavior of installing the application in the framework layer through a monitoring module; The installed application program obtains the installation package information including the installation type and permission information of the application program; when the installation behavior is determined to be upgrade installation or overlay installation through the installation type, the permission information is used to update the application program Permissions are configured.

优选的,所述应用程序层通过监听模块对框架层中安装所述应用程序的行为进行监听包括:所述应用程序层通过监听模块调用框架层中的API,实现对框架层安装所述应用程序的行为进行监听。Preferably, the application layer monitoring the behavior of installing the application program in the framework layer through the monitoring module includes: the application program layer calls the API in the framework layer through the monitoring module to realize the installation of the application program in the framework layer behavior to monitor.

优选的,所述通过所述监听获取到包含所述应用程序的安装类型以及权限信息的安装包信息包括:通过调用框架层中的API,得到包含安装包信息的APK文件;通过调用框架层中的API消息函数,得到所述应用程序的安装类型;解析所述APK文件,得到操作系统的功能清单文件,从该功能清单文件中获取到所述应用程序的权限信息。Preferably, obtaining the installation package information including the installation type and permission information of the application program through the monitoring includes: obtaining the APK file containing the installation package information by calling the API in the framework layer; The API message function to obtain the installation type of the application program; analyze the APK file to obtain the function list file of the operating system, and obtain the permission information of the application program from the function list file.

优选的,所述权限信息包括:读取短信记录的权限,读取联系人信息的权限、读取通话记录的权限、获取位置信息的权限,和/或,获取设备信息的权限。Preferably, the authority information includes: the authority to read short message records, the authority to read contact information, the authority to read call records, the authority to acquire location information, and/or the authority to acquire device information.

优选的,所述利用所述权限信息对所述应用程序的权限进行配置包括:在确定所述安装行为为升级安装或者覆盖安装时,读取上一次安装保存的权限文件;根据所述权限文件对所述应用程序的权限进行配置。Preferably, using the permission information to configure the permission of the application program includes: when the installation behavior is determined to be an upgrade installation or overwriting installation, reading the permission file saved in the previous installation; according to the permission file Configure the permissions of the application.

优选的,所述利用所述权限信息对所述应用程序的权限进行配置包括:直接利用所述权限信息对所述应用程序的权限进行配置,或者,将所述权限信息展示给用户,使得用户在所述权限信息基础上对权限进行选择配置。Preferably, using the permission information to configure the permission of the application program includes: directly using the permission information to configure the permission of the application program, or displaying the permission information to the user, so that the user Based on the permission information, the permission is selected and configured.

优选的,所述用于对所述应用程序的权限进行配置的权限信息是上次安装所述应用程序之后保存的。Preferably, the authority information used to configure the authority of the application program is saved after the application program was installed last time.

优选的,所述方法还包括:预先设置应用程序列表,所述列表中包括需要执行所述权限配置方案的应用程序名单;根据所述应用程序的标识与所述列表进行匹配,如果匹配成功,则针对所述应用程序执行所述权限配置方案。Preferably, the method further includes: setting an application list in advance, the list includes a list of application programs that need to implement the permission configuration scheme; matching the list according to the identification of the application program, if the matching is successful, Then execute the permission configuration scheme for the application program.

优选的,在安装完所述应用程序之后,还包括:框架层向应用程序层返回安装状态代码;所述应用程序层通过所述安装状态代码,判断此次安装是否成功,如果安装成功,将此次安装的权限配置保存为APK文件,用于下次安装使用。Preferably, after the application program is installed, it also includes: the framework layer returns the installation status code to the application program layer; the application program layer judges whether the installation is successful through the installation status code, and if the installation is successful, it will The permission configuration of this installation is saved as an APK file for use in the next installation.

优选的,所述方法还包括:通过所述应用程序层的监听模块,监听所述框架层是否对所述应用程序进行卸载操作;如果监听到对所述应用程序进行卸载操作,则将保存的与所述应用程序相关的权限信息文件删除。Preferably, the method further includes: monitoring whether the framework layer performs an uninstall operation on the application program through the monitoring module of the application program layer; The permission information file related to the application program is deleted.

依据本发明的另一个方面,提供一种配置应用程序的权限的装置,包括:监听单元,用于利用应用程序层对对框架层中安装所述应用程序的行为进行监听;信息获取单元,用于通过所述监听单元确定正在安装或待安装的应用程序,获取到包含所述应用程序的安装类型以及权限信息的安装包信息;权限配置单元,用于通过所述安装类型确定安装行为为升级安装或覆盖安装时,利用所述权限信息对所述应用程序的权限进行配置。According to another aspect of the present invention, a device for configuring application permissions is provided, including: a monitoring unit, configured to use the application layer to monitor the behavior of installing the application in the framework layer; an information acquisition unit, using Determine the application program being installed or to be installed by the monitoring unit, and obtain the installation package information including the installation type and permission information of the application program; the permission configuration unit is used to determine the installation behavior as an upgrade through the installation type During installation or overlay installation, the permission information of the application is used to configure the permission of the application program.

优选的,所述监听单元具体用于:通过所述应用程序层调用框架层中的API,实现对框架层安装所述应用程序的行为进行监听。Preferably, the monitoring unit is specifically configured to monitor the behavior of installing the application program in the framework layer by calling the API in the framework layer through the application program layer.

优选的,所述信息获取单元具体用于:通过调用框架层中的API,得到包含安装包信息的APK文件;通过调用框架层中的API消息函数,得到所述应用程序的安装类型;并且,解析所述APK文件,得到操作系统的功能清单文件,从该功能清单文件中获取到所述应用程序的权限信息。Preferably, the information obtaining unit is specifically configured to: obtain the APK file containing the installation package information by calling the API in the framework layer; obtain the installation type of the application program by calling the API message function in the framework layer; and, The APK file is parsed to obtain the function list file of the operating system, and the permission information of the application program is obtained from the function list file.

优选的,所述权限信息包括:读取短信记录的权限,读取联系人信息的权限、读取通话记录的权限、获取位置信息的权限,和/或,获取设备信息的权限。Preferably, the authority information includes: the authority to read short message records, the authority to read contact information, the authority to read call records, the authority to acquire location information, and/or the authority to acquire device information.

优选的,所述权限配置单元具体用于:在确定所述安装行为为升级安装或者覆盖安装时,读取上一次安装保存的权限文件;根据所述权限文件对所述应用程序的权限进行配置。Preferably, the permission configuration unit is specifically configured to: read the permission file saved in the previous installation when it is determined that the installation behavior is upgrade installation or overwriting installation; configure the permission of the application program according to the permission file .

优选的,权限配置单元具体用于:直接利用所述权限信息对所述应用程序的权限进行配置,或者,将所述权限信息展示给用户,使得用户在所述权限信息基础上对权限进行选择配置。Preferably, the authority configuration unit is specifically configured to: directly use the authority information to configure the authority of the application program, or display the authority information to the user, so that the user can select the authority based on the authority information configuration.

优选的,所述权限配置单元利用上次安装所述应用程序之后保存的权限信息对本次安装进行权限配置。Preferably, the permission configuration unit uses the permission information saved after the last installation of the application program to configure the permission for this installation.

优选的,所述权限配置单元根据所述应用程序的标识与预先设置的应用程序列表进行匹配,如果匹配成功,则针对所述应用程序执行所述权限配置方案,其中,所述应用程序列表包括需要执行所述权限配置方案的应用程序名单。Preferably, the permission configuration unit matches the application identifier with a preset application list, and if the matching is successful, executes the permission configuration scheme for the application, wherein the application list includes The list of applications that need to implement the permission configuration scheme.

优选的,还包括:安装状态确定单元,用于从框架层获取安装状态代码,所述应用程序层通过所述安装状态代码,判断此次安装是否成功;权限文件保存单元,如果此次安装成功,将此次安装的权限配置保存为APK文件,用于下次安装使用。Preferably, it also includes: an installation state determination unit, used to obtain the installation state code from the framework layer, and the application layer judges whether the installation is successful through the installation state code; a permission file storage unit, if the installation is successful , save the permission configuration of this installation as an APK file for the next installation.

优选的,还包括:卸载监听单元,通过所述应用程序层监听所述框架层是否对所述应用程序进行卸载操作;权限删除单元,如果监听到对所述应用程序进行卸载操作,用于将保存的与所述应用程序相关的权限信息文件删除。Preferably, it also includes: an uninstallation monitoring unit, which monitors whether the framework layer performs an uninstallation operation on the application program through the application program layer; The saved permission information file related to the application program is deleted.

可见,在本发明提供的技术方案中,通过监听安装应用程序的行为,在非首次安装情况下,将获取到的之前安装所保存的权限信息展示给用户,用户不必要对每项权限进行重新勾选,而是可方便地采取上次安装时的配置。It can be seen that in the technical solution provided by the present invention, by monitoring the behavior of installing the application program, in the case of non-first-time installation, the acquired permission information saved in the previous installation is displayed to the user, and the user does not need to reset each permission. Check, but can conveniently adopt the configuration from the last installation.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same parts. In the attached picture:

图1示出了根据本发明一个实施例的配置应用程序的权限的方法流程图;以及FIG. 1 shows a flowchart of a method for configuring permissions of an application program according to an embodiment of the present invention; and

图2示出了根据本发明一个实施例的配置应用程序的权限的方法示意图。Fig. 2 shows a schematic diagram of a method for configuring permissions of an application program according to an embodiment of the present invention.

具体实施方式detailed description

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

本发明公开了一种对应用程序的权限信息进行管理的方法,能够免除用户升级软件后需重新配置软件权限的困扰。The invention discloses a method for managing the authority information of an application program, which can avoid the trouble of reconfiguring the software authority after the user upgrades the software.

参见图1,为本发明一个实施例提供的配置应用程序的权限的方法流程图。Referring to FIG. 1 , it is a flowchart of a method for configuring application permissions provided by an embodiment of the present invention.

该方法包括以下步骤:The method includes the following steps:

S101:应用程序层通过监听模块,对框架层中安装应用程序的行为进行监听;S101: the application layer monitors the behavior of installing the application program in the framework layer through the monitoring module;

S102:通过监听确定正在安装或待安装的应用程序,获取到包含应用程序的安装类型以及权限信息的安装包信息;S102: Determine the application program being installed or to be installed by monitoring, and obtain the installation package information including the installation type and permission information of the application program;

S103:通过安装类型确定安装行为为非首次安装(例如升级安装或覆盖安装)时,利用权限信息对应用程序的权限进行配置。S103: When the installation type is used to determine that the installation behavior is non-first-time installation (for example, upgrade installation or overwrite installation), use the permission information to configure the permission of the application program.

本领域技术人员理解,操作系统包括应用程序层(app层)和系统框架层(framework层)。本发明一种优选实现方式是,对app层和framework层进行改进,从而利用这两层的协同配合实现对应用程序的权限信息进行管理。具体的,可以在app层增加一个监听模块,用于监听framework层安装应用程序的行为,从而可以在安装应用程序时,获取到应用程序的安装包信息以及安装类型,从而在非首次安装(例如升级安装或者覆盖安装)时,利用解析到的权限信息对应用程序的权限进行配置。Those skilled in the art understand that the operating system includes an application program layer (app layer) and a system framework layer (framework layer). A preferred implementation of the present invention is to improve the app layer and the framework layer, so as to utilize the cooperation of the two layers to manage the permission information of the application program. Specifically, a monitoring module can be added at the app layer to monitor the behavior of installing the application at the framework layer, so that when the application is installed, the installation package information and the installation type of the application can be obtained, so that it is not installed for the first time (such as During upgrade installation or overlay installation), use the parsed permission information to configure the permission of the application.

参见图2,为本发明实施例的配置应用程序的权限的方法实施例示意图。App层的监听模块对framework层中安装某一个特定的应用程序的行为进行监听,并将监听到的安装包信息进行解析获得到权限信息,当安装类型为非首次安装时,直接根据权限信息进行应用程序权限的配置。Referring to FIG. 2 , it is a schematic diagram of an embodiment of a method for configuring application permissions according to an embodiment of the present invention. The monitoring module of the App layer monitors the behavior of installing a specific application program in the framework layer, and analyzes the monitored installation package information to obtain the permission information. When the installation type is not the first installation, it is directly based on the permission information. Configuration of application permissions.

可通过操作系统的API,实现对框架层安装应用程序的行为进行监听。API(Application Programming Interface,应用程序编程接口)是操作系统留给应用程序的一个调用接口,应用程序通过调用操作系统的API而使操作系统去执行应用程序的命令(动作)。可采用中断机制实现对API监听。具体的,可采用hook(挂钩或钩子)机制实现对framework层中的用于实现安装应用程序的接口进行监听。本领域技术人员了解,hook机制允许应用程序截获处理操作系统的消息或特定事件。钩子实际上是一个处理消息的程序段,通过系统调用,把它挂入系统。每当特定的消息发出,在没有到达目的窗口前,钩子程序就先捕获该消息,亦即钩子函数先得到控制权。这时钩子函数即可以加工处理(改变)该消息,也可以不作处理而继续传递该消息,还可以强制结束消息的传递。在本发明实施例中,采用hook机制中断安装应用程序的过程,实现在应用程序安装之前获取相关信息。The monitoring of the behavior of installing the application program at the framework layer can be realized through the API of the operating system. API (Application Programming Interface, application programming interface) is a call interface left by the operating system to the application program, and the application program makes the operating system execute the command (action) of the application program by calling the API of the operating system. The interrupt mechanism can be used to monitor the API. Specifically, a hook (hook or hook) mechanism may be used to monitor the interface used to install the application program in the framework layer. Those skilled in the art understand that the hook mechanism allows applications to intercept and process messages or specific events of the operating system. A hook is actually a program segment for processing messages, which is hooked into the system through system calls. Whenever a specific message is sent, before reaching the destination window, the hook program first captures the message, that is, the hook function first obtains control. At this moment, the hook function can process (change) the message, or continue to deliver the message without processing, and can also forcibly end the delivery of the message. In the embodiment of the present invention, a hook mechanism is used to interrupt the process of installing the application program, so as to obtain relevant information before the application program is installed.

下面从应用程序安装时、安装之后以及卸载时三种情况对本发明实施例进行介绍。The following describes the embodiment of the present invention from three situations: when the application program is installed, after the installation and when it is uninstalled.

(1)应用程序安装时权限信息的读取、存储与设置(1) Reading, storage and setting of permission information when the application is installed

新应用程序在安装时需要申请很多权限。应用程序的权限是指应用程序具有行使某个/些操作的权利。比如,某款输入法提供了一个智能通讯录的功能,用户可以在输入联系人拼音的前几个字符或首字母时,输入法就能自动呈现相关联系人的名字,为了实现这个功能,输入法必须声明它需要具有读取手机中联系人的权限。New applications need to apply for many permissions when they are installed. Application permissions mean that the application has the right to perform certain/some operations. For example, a certain input method provides a smart address book function. When the user enters the first few characters or initials of a contact's pinyin, the input method can automatically display the name of the relevant contact. In order to achieve this function, input The method must declare that it needs to have permission to read the contacts in the phone.

本发明实施例会将安装包信息进行解析,将安装包的权限列举出来,配合应用程序的安装监控展示给用户。The embodiment of the present invention will analyze the information of the installation package, list the permissions of the installation package, and display it to the user in cooperation with the installation monitoring of the application program.

例如,在android系统的手机上安装一款软件,通过调用API,可以将APK(安装包)文件进行解析,打开android的功能清单文件AndroidManifest.xml,得到注册的软件功能权限。在将这个权限的id代表的文字含义通过安装前监控的UI展示给用户,用户可以进行允许、禁止等操作。例如,列举出的权限包括:读取短信记录(默认允许),读取联系人信息(默认允许)、读取通话记录(默认允许)、获取位置信息(默认禁止)、获取设备信息(默认禁止)等等,用户可在此基础上进行操作,例如用户直接采取默认设置,或者对部分选项进行变更等。除了这种将权限信息展示给用户,使得用户在权限信息基础上对权限进行选择配置之外,还可以直接利用权限信息对应用程序的权限进行配置。本领域技术人员可以理解,当前安装过程中用于权限配置的权限信息是上次安装应用程序之后保存的,例如本次安装为更新安装,则直接利用上次首次安装之后保存的APK文件进行权限配置。For example, install a piece of software on the mobile phone of the android system, by calling the API, the APK (installation package) file can be parsed, and the android function manifest file AndroidManifest.xml can be opened to obtain the registered software function permissions. The text meaning represented by the id of this permission is displayed to the user through the pre-installation monitoring UI, and the user can perform operations such as allowing and prohibiting. For example, the listed permissions include: read SMS records (allowed by default), read contact information (allowed by default), read call records (allowed by default), obtain location information (disabled by default), obtain device information (disabled by default) ) and so on, the user can operate on this basis, for example, the user directly adopts the default setting, or changes some options, etc. In addition to displaying the permission information to the user so that the user can select and configure the permission based on the permission information, it is also possible to directly use the permission information to configure the permission of the application program. Those skilled in the art can understand that the permission information used for permission configuration in the current installation process is saved after the last installation of the application program. configuration.

另外,在软件安装时,通过调用API得知软件的安装行为,比如、覆盖安装、升级安装等。针对不同的情况,将保存好的权限进行配置保存。In addition, when the software is installed, the installation behavior of the software, such as overwriting installation, upgrade installation, etc., can be obtained by calling the API. According to different situations, configure and save the saved permissions.

具体的,通过调用框架层中的API消息函数,得到应用程序的安装类型。例如,通过API PackageManager.getPackageInfo()来获取当前安装包是否已经安装过。如果已经安装过,则进一步通过该方法获取已经安装软件的版本号等信息。Specifically, the installation type of the application program is obtained by calling the API message function in the framework layer. For example, use API PackageManager.getPackageInfo() to get whether the current installation package has been installed. If it has already been installed, information such as the version number of the installed software is further obtained through this method.

通过版本号等相关信息的验证,来判断当前的行为。如果判断的行为为升级安装或者覆盖安装,那么通过上一次安装保存的权限文件,读取到用户上次安装这个APK保存的权限状态,如发送短信-禁止、获取位置信息-允许等等。读取到权限后,将权限设置展示给用户。The current behavior is judged by the verification of relevant information such as the version number. If the judged behavior is upgrade installation or overwrite installation, then through the permission file saved in the previous installation, the permission status saved in the last installation of the APK by the user can be read, such as sending SMS-prohibited, obtaining location information-allowed, etc. After reading the permissions, display the permission settings to the user.

(2)应用程序安装后的权限保存(2) Permission preservation after application installation

软件安装之后,操作系统是对当前安装的包是否成功返回相关代码(code),得到code后通过反射机制,得到这个code代表的相关信息。如安装成功、安装失败、签名不同、空间不足等等。After the software is installed, the operating system returns a relevant code (code) to determine whether the currently installed package is successful. After obtaining the code, the relevant information represented by the code is obtained through the reflection mechanism. Such as successful installation, failed installation, different signatures, insufficient space, etc.

软件安装失败,是不对当前APK权限进行保存的。If the software installation fails, the current APK permissions are not saved.

软件安装成功后,需要把权限的数据进行保存。以便下次安装时,进行权限数据的设置。After the software is installed successfully, you need to save the permission data. In order to set the permission data during the next installation.

(3)应用程序卸载后的权限处理(3) Permission processing after the application is uninstalled

通过应用程序层的监听模块,监听框架层是否对应用程序进行卸载操作;如果监听到对应用程序进行卸载操作,则将保存的与应用程序相关的权限信息文件删除。例如,软件卸载后,根据API获取到卸载行为,并将保存的权限数据清除。Through the monitoring module of the application layer, it is monitored whether the framework layer performs an uninstallation operation on the application program; if it is detected that the application program is uninstalled, the saved permission information file related to the application program is deleted. For example, after the software is uninstalled, the uninstallation behavior is obtained according to the API, and the saved permission data is cleared.

可见,本发明实施例至少包括两个关键技术点:It can be seen that the embodiment of the present invention includes at least two key technical points:

1、通过API对安装包进行解析,分析出安装包的权限;并通过筛选,匹配用户设置,将最终权限设置展示给用户。1. Analyze the installation package through the API to analyze the permissions of the installation package; and match the user settings through screening, and display the final permission settings to the user.

2、对操作系统的安装行为的接管,通过底层注入,将系统的安装行为,映射到安装前监控中;并对安装状态的code进行接管,以及对code的状态分析;最终将选择正确的结果展示。2. Take over the installation behavior of the operating system, and map the installation behavior of the system to the pre-installation monitoring through bottom-level injection; take over the code of the installation status, and analyze the status of the code; finally, the correct result will be selected exhibit.

本发明提供的技术方案中,通过监听安装应用程序的行为,在非首次安装情况下,将获取到的之前安装所保存的权限信息展示给用户,用户不必要对每项权限进行重新勾选,而是可方便地采取上次安装时的配置。In the technical solution provided by the present invention, by listening to the behavior of installing the application program, in the case of non-first installation, the obtained permission information saved in the previous installation is displayed to the user, and the user does not need to re-check each permission. Instead, it is convenient to adopt the configuration from the previous installation.

需要说明的是,可以在终端中通过预先设定应用程序名单而仅对特定的应用程序实施本发明方案。例如,手机中安装有10个app,通过选择设定用户希望其中5个app可实施本发明提供的权限配置方案,而对于没有选择设定的app则不希望实施本发明的权限配置方案。因此,本发明实施例还可以包括:预先设置应用程序列表,所述列表中包括需要执行所述权限配置方案的应用程序名单;根据所述应用程序的标识与所述列表进行匹配,如果匹配成功,则针对所述应用程序执行所述权限配置方案。It should be noted that the solution of the present invention can only be implemented for specific application programs by presetting the application program list in the terminal. For example, there are 10 apps installed in the mobile phone, and the user hopes that 5 of them can implement the permission configuration scheme provided by the present invention by selecting and setting, and does not want to implement the permission configuration scheme of the present invention for apps that are not selected. Therefore, the embodiment of the present invention may also include: setting an application list in advance, the list includes a list of application programs that need to execute the permission configuration scheme; matching the list according to the identification of the application program, if the matching is successful , then execute the permission configuration scheme for the application program.

与上述方法相对应,本发明还提供一种配置应用程序的权限的装置。该装置可以通过硬件、软件或软硬件结合方式实现。该装置可以是指终端内部的功能模块,也可以是指终端本身,只要终端包括实现该装置的功能即可。其中,终端的操作系统包括框架层和应用程序层。该装置包括:Corresponding to the above method, the present invention also provides a device for configuring permissions of application programs. The device can be realized by hardware, software or a combination of software and hardware. The device may refer to a functional module inside the terminal, or may refer to the terminal itself, as long as the terminal includes the function of realizing the device. Wherein, the operating system of the terminal includes a framework layer and an application program layer. The unit includes:

监听单元,用于利用应用程序层对对框架层中安装所述应用程序的行为进行监听;A monitoring unit, configured to use the application layer to monitor the behavior of installing the application in the framework layer;

信息获取单元,用于通过所述监听单元确定正在安装或待安装的应用程序,获取到包含所述应用程序的安装类型以及权限信息的安装包信息;An information acquisition unit, configured to determine the application program being installed or to be installed through the monitoring unit, and obtain installation package information including the installation type and permission information of the application program;

权限配置单元,用于通过所述安装类型确定为升级安装或覆盖安装时,利用所述权限信息对所述应用程序的权限进行配置。The authority configuration unit is configured to use the authority information to configure the authority of the application program when the installation type is determined to be upgrade installation or overlay installation.

优选的,所述监听单元具体用于:通过所述应用程序层调用框架层中的API,实现对框架层安装所述应用程序的行为进行监听。Preferably, the monitoring unit is specifically configured to monitor the behavior of installing the application program in the framework layer by calling the API in the framework layer through the application program layer.

优选的,所述信息获取单元具体用于:通过调用框架层中的API,得到包含安装包信息的APK文件;并且,通过调用框架层中的API消息函数,得到所述应用程序的安装类型;解析所述APK文件,得到操作系统的功能清单文件,从该功能清单文件中获取到所述应用程序的权限信息。Preferably, the information obtaining unit is specifically configured to: obtain an APK file containing installation package information by calling an API in the framework layer; and obtain the installation type of the application program by calling an API message function in the framework layer; The APK file is parsed to obtain the function list file of the operating system, and the permission information of the application program is obtained from the function list file.

优选的,所述权限信息包括:读取短信记录的权限,读取联系人信息的权限、读取通话记录的权限、获取位置信息的权限,和/或,获取设备信息的权限。Preferably, the authority information includes: the authority to read short message records, the authority to read contact information, the authority to read call records, the authority to acquire location information, and/or the authority to acquire device information.

优选的,所述权限配置单元具体用于:在确定所述安装行为为升级安装或者覆盖安装时,读取上一次安装保存的权限文件;根据所述权限文件对所述应用程序的权限进行配置。Preferably, the permission configuration unit is specifically configured to: read the permission file saved in the previous installation when it is determined that the installation behavior is upgrade installation or overwriting installation; configure the permission of the application program according to the permission file .

优选的,所述权限配置单元具体用于:直接利用所述权限信息对所述应用程序的权限进行配置,或者,将所述权限信息展示给用户,使得用户在所述权限信息基础上对权限进行选择配置。Preferably, the permission configuration unit is specifically configured to: directly use the permission information to configure the permission of the application program, or display the permission information to the user, so that the user can configure the permission based on the permission information Make selection configuration.

优选的,所述权限配置单元利用上次安装所述应用程序之后保存的权限信息对本次安装进行权限配置。Preferably, the permission configuration unit uses the permission information saved after the last installation of the application program to configure the permission for this installation.

优选的,所述权限配置单元根据所述应用程序的标识与预先设置的应用程序列表进行匹配,如果匹配成功,则针对所述应用程序执行所述权限配置方案,其中,所述应用程序列表包括需要执行所述权限配置方案的应用程序名单。Preferably, the permission configuration unit matches the application identifier with a preset application list, and if the matching is successful, executes the permission configuration scheme for the application, wherein the application list includes The list of applications that need to implement the permission configuration scheme.

优选的,所述装置还包括:Preferably, the device also includes:

安装状态确定单元,用于从框架层获取安装状态代码,所述应用程序层通过所述安装状态代码,判断此次安装是否成功;An installation status determination unit, configured to obtain an installation status code from the framework layer, and the application layer judges whether the installation is successful or not through the installation status code;

权限文件保存单元,如果此次安装成功,将此次安装的权限配置保存为APK文件,用于下次安装使用。The permission file saving unit, if the installation is successful, saves the permission configuration of the installation as an APK file for use in the next installation.

优选的,所述装置还包括:Preferably, the device also includes:

卸载监听单元,通过所述应用程序层监听所述框架层是否对所述应用程序进行卸载操作;An uninstallation monitoring unit, which monitors whether the framework layer performs an uninstallation operation on the application through the application layer;

权限删除单元,如果监听到对所述应用程序进行卸载操作,用于将保存的与所述应用程序相关的权限信息文件删除。The permission deletion unit is configured to delete the stored permission information file related to the application program if it detects that the application program is uninstalled.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的配置应用程序的权限的装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) can be used in practice to implement some or all functions of some or all of the components in the device for configuring application permissions according to the embodiment of the present invention . The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

本发明提供以下方案:The present invention provides the following solutions:

A1、一种配置应用程序的权限的方法,包括:A1. A method for configuring permissions of an application program, comprising:

应用程序层通过监听模块,对框架层中安装所述应用程序的行为进行监听;The application layer monitors the behavior of installing the application program in the framework layer through the monitoring module;

通过所述监听确定正在安装或待安装的应用程序,获取到包含所述应用程序的安装类型以及权限信息的安装包信息;Determine the application program being installed or to be installed through the monitoring, and obtain the installation package information including the installation type and permission information of the application program;

通过所述安装类型确定安装行为为升级安装或覆盖安装时,利用所述权限信息对所述应用程序的权限进行配置。When the installation type determines that the installation behavior is upgrade installation or overlay installation, the permission information of the application is used to configure the permission of the application program.

A2、如A1所述的方法,所述应用程序层通过监听模块对框架层中安装所述应用程序的行为进行监听包括:A2. The method as described in A1, wherein the application layer monitors the behavior of installing the application program in the framework layer through the monitoring module, including:

所述应用程序层通过监听模块调用框架层中的API,实现对框架层安装所述应用程序的行为进行监听。The application layer invokes the API in the framework layer through the monitoring module to monitor the behavior of installing the application program in the framework layer.

A3、如A2所述的方法,所述通过所述监听获取到包含所述应用程序的安装类型以及权限信息的安装包信息包括:A3. The method as described in A2, wherein the installation package information including the installation type and permission information of the application obtained through the monitoring includes:

通过调用框架层中的API,得到包含安装包信息的APK文件;Get the APK file containing the installation package information by calling the API in the framework layer;

通过调用框架层中的API消息函数,得到所述应用程序的安装类型;Obtain the installation type of the application program by calling the API message function in the framework layer;

解析所述APK文件,得到操作系统的功能清单文件,从该功能清单文件中获取到所述应用程序的权限信息。The APK file is parsed to obtain the function list file of the operating system, and the permission information of the application program is obtained from the function list file.

A4、如A1所述的方法,所述权限信息包括:读取短信记录的权限,读取联系人信息的权限、读取通话记录的权限、获取位置信息的权限,和/或,获取设备信息的权限。A4. The method as described in A1, the permission information includes: permission to read SMS records, permission to read contact information, permission to read call records, permission to obtain location information, and/or to obtain device information permission.

A5、如A1所述的方法,所述利用所述权限信息对所述应用程序的权限进行配置包括:A5. The method as described in A1, said using said authority information to configure the authority of said application program includes:

在确定所述安装行为为升级安装或者覆盖安装时,读取上一次安装保存的权限文件;When it is determined that the installation behavior is an upgrade installation or an overwrite installation, read the permission file saved in the previous installation;

根据所述权限文件对所述应用程序的权限进行配置。Configure the permissions of the application program according to the permissions file.

A6、如A1所述的方法,所述利用所述权限信息对所述应用程序的权限进行配置包括:A6. In the method described in A1, the configuration of the permission of the application program using the permission information includes:

直接利用所述权限信息对所述应用程序的权限进行配置,或者,将所述权限信息展示给用户,使得用户在所述权限信息基础上对权限进行选择配置。Directly use the permission information to configure the permission of the application program, or display the permission information to the user, so that the user can select and configure the permission based on the permission information.

A7、如A1所述的方法,所述用于对所述应用程序的权限进行配置的权限信息是上次安装所述应用程序之后保存的。A7. The method described in A1, wherein the permission information used to configure the permission of the application program is saved after the application program was installed last time.

A8、如A1所述的方法,所述方法还包括:A8, the method as described in A1, described method also comprises:

预先设置应用程序列表,所述列表中包括需要执行所述权限配置方案的应用程序名单;Presetting an application program list, the list includes a list of application programs that need to execute the permission configuration scheme;

根据所述应用程序的标识与所述列表进行匹配,如果匹配成功,则针对所述应用程序执行所述权限配置方案。Matching is performed with the list according to the identifier of the application program, and if the matching is successful, the permission configuration scheme is executed for the application program.

A9、如A1所述的方法,在安装完所述应用程序之后,还包括:A9. The method described in A1, after installing the application program, further includes:

框架层向应用程序层返回安装状态代码;The framework layer returns the installation status code to the application layer;

所述应用程序层通过所述安装状态代码,判断此次安装是否成功,如果安装成功,将此次安装的权限配置保存为APK文件,用于下次安装使用。The application layer judges whether the installation is successful through the installation status code, and if the installation is successful, saves the permission configuration of the installation as an APK file for use in the next installation.

A10、如A1所述的方法,所述方法还包括:A10, the method as described in A1, described method also comprises:

通过所述应用程序层的监听模块,监听所述框架层是否对所述应用程序进行卸载操作;Monitoring whether the framework layer performs an uninstall operation on the application through the monitoring module of the application layer;

如果监听到对所述应用程序进行卸载操作,则将保存的与所述应用程序相关的权限信息文件删除。If it is detected that the application program is uninstalled, the stored permission information file related to the application program is deleted.

B11、一种配置应用程序的权限的装置,包括:B11. A device for configuring permissions of an application program, comprising:

监听单元,用于利用应用程序层对对框架层中安装所述应用程序的行为进行监听;A monitoring unit, configured to use the application layer to monitor the behavior of installing the application in the framework layer;

信息获取单元,用于通过所述监听单元确定正在安装或待安装的应用程序,获取到包含所述应用程序的安装类型以及权限信息的安装包信息;An information acquisition unit, configured to determine the application program being installed or to be installed through the monitoring unit, and obtain installation package information including the installation type and permission information of the application program;

权限配置单元,用于通过所述安装类型确定安装行为为升级安装或覆盖安装时,利用所述权限信息对所述应用程序的权限进行配置。A permission configuration unit, configured to use the permission information to configure the permission of the application program when the installation behavior is determined to be upgrade installation or overlay installation according to the installation type.

B12、如B11所述的装置,所述监听单元具体用于:通过所述应用程序层调用框架层中的API,实现对框架层安装所述应用程序的行为进行监听。B12. The device described in B11, wherein the monitoring unit is specifically configured to: call the API in the framework layer through the application program layer, so as to monitor the installation of the application program in the framework layer.

B13、如B10所述的装置,所述信息获取单元具体用于:通过调用框架层中的API,得到包含安装包信息的APK文件;通过调用框架层中的API消息函数,得到所述应用程序的安装类型;并且,解析所述APK文件,得到操作系统的功能清单文件,从该功能清单文件中获取到所述应用程序的权限信息。B13, the device as described in B10, the information acquisition unit is specifically used for: by calling the API in the framework layer, obtain the APK file that contains installation package information; By calling the API message function in the framework layer, obtain the application program and the APK file is parsed to obtain a function list file of the operating system, and the permission information of the application program is obtained from the function list file.

B14、如B11所述的装置,所述权限信息包括:读取短信记录的权限,读取联系人信息的权限、读取通话记录的权限、获取位置信息的权限,和/或,获取设备信息的权限。B14, the device as described in B11, the authority information includes: the authority to read SMS records, the authority to read contact information, the authority to read call records, the authority to obtain location information, and/or, to obtain device information permission.

B15、如B11所述的装置,所述权限配置单元具体用于:在确定所述安装行为为升级安装或者覆盖安装时,读取上一次安装保存的权限文件;根据所述权限文件对所述应用程序的权限进行配置。B15. The device as described in B11, the authority configuration unit is specifically used for: when determining that the installation behavior is an upgrade installation or overwriting installation, read the authority file saved in the previous installation; App permissions are configured.

B16、如B11所述的装置,权限配置单元具体用于:直接利用所述权限信息对所述应用程序的权限进行配置,或者,将所述权限信息展示给用户,使得用户在所述权限信息基础上对权限进行选择配置。B16. In the device described in B11, the authority configuration unit is specifically configured to: directly use the authority information to configure the authority of the application program, or display the authority information to the user, so that the user can configure the authority information in the authority information Based on the selection of permissions to configure.

B17、如B11所述的装置,所述权限配置单元利用上次安装所述应用程序之后保存的权限信息对本次安装进行权限配置。B17. The device according to B11, wherein the authority configuration unit uses the authority information saved after the application was installed last time to configure the authority for this installation.

B18、如B11所述的装置,所述权限配置单元根据所述应用程序的标识与预先设置的应用程序列表进行匹配,如果匹配成功,则针对所述应用程序执行所述权限配置方案,其中,所述应用程序列表包括需要执行所述权限配置方案的应用程序名单。B18. The device according to B11, wherein the permission configuration unit matches the application identifier with a preset application list, and if the matching is successful, executes the permission configuration scheme for the application, wherein, The application program list includes a list of application programs that need to execute the permission configuration solution.

B19、如B11所述的装置,还包括:B19. The device as described in B11, further comprising:

安装状态确定单元,用于从框架层获取安装状态代码,所述应用程序层通过所述安装状态代码,判断此次安装是否成功;An installation status determination unit, configured to obtain an installation status code from the framework layer, and the application layer judges whether the installation is successful or not through the installation status code;

权限文件保存单元,如果此次安装成功,将此次安装的权限配置保存为APK文件,用于下次安装使用。The permission file saving unit, if the installation is successful, saves the permission configuration of the installation as an APK file for use in the next installation.

B20、如B11所述的装置,还包括:B20. The device as described in B11, further comprising:

卸载监听单元,通过所述应用程序层监听所述框架层是否对所述应用程序进行卸载操作;An uninstallation monitoring unit, which monitors whether the framework layer performs an uninstallation operation on the application through the application layer;

权限删除单元,如果监听到对所述应用程序进行卸载操作,用于将保存的与所述应用程序相关的权限信息文件删除。The permission deletion unit is configured to delete the stored permission information file related to the application program if it detects that the application program is uninstalled.

Claims (14)

1. a kind of method for the authority for configuring application program, it is characterised in that including:
Application layer interrupts the process that ccf layer installs application program, to ccf layer by monitoring module based on hook mechanism The middle behavior for installing the application program is monitored;
Determine installing or application program to be installed by described monitor, get the installation class comprising the application program The installation package informatin of type and authority information, wherein, the authority information is to install last time to preserve after the application program;
When determining installation behavior by the Setup Type for update or covering installation, installed to the power preserved the last time Limit information shows user so that user is direct to authority on the basis of the authority information to be confirmed or be modified.
2. the method as described in claim 1, it is characterised in that the application layer is by monitoring module to pacifying in ccf layer Filling the behavior progress monitoring of the application program includes:
The application layer is realized by monitoring the API in module invocation framenort layer and installs the application program to ccf layer Behavior monitored.
3. method as claimed in claim 2, it is characterised in that described to be got by the monitoring comprising the application program Setup Type and the installation kit information of authority information include:
By the API in invocation framenort layer, obtain comprising the APK file for installing package informatin;
By the API Message functions in invocation framenort layer, the Setup Type of the application program is obtained;
The APK file is parsed, the function list file of operating system is obtained, described answer is got from the function list file With the authority information of program.
4. the method as described in claim 1, it is characterised in that the authority information includes:The authority of short message reading record, reads Authority, the authority for reading message registration, the authority of acquisition positional information for taking associated person information, and/or, obtain facility information Authority.
5. the method as described in claim 1, it is characterised in that methods described also includes:
The application list is pre-set, the list includes the application name for needing to perform the authority configuration scheme It is single;
Matched according to the mark of the application program with the list, if the match is successful, for the application program Perform the authority configuration scheme.
6. the method as described in claim 1, it is characterised in that after the application program is installed, in addition to:
Ccf layer returns to installment state code to application layer;
The application layer judges this time whether installation succeeds, if installed successfully, by this by the installment state code The authority configuration of secondary installation saves as APK file, is installed and used for next time.
7. the method as described in claim 1, it is characterised in that methods described also includes:
By the monitoring module of the application layer, monitor whether the ccf layer carries out unloading behaviour to the application program Make;
Unloading operation is carried out to the application program if listened to, the authority related to the application program of preservation is believed File is ceased to delete.
8. a kind of device for the authority for configuring application program, it is characterised in that including:
Monitoring unit, for utilizing application layer, interrupts the process that ccf layer installs application program, to frame based on hook mechanism The behavior that the application program is installed in rack-layer is monitored;
Information acquisition unit, for determining installing or application program to be installed by the monitoring unit, gets bag The installation package informatin of Setup Type and authority information containing the application program, wherein, the authority information is to install last time Preserved after the application program;
Authority configuration unit, during for determining installation behavior by the Setup Type for update or covering installation, by institute The authority information for stating last time installation preservation shows user so that user directly confirms on the basis of the authority information to authority Or be modified.
9. device as claimed in claim 8, it is characterised in that the monitoring unit specifically for:Pass through the application program API in layer invocation framenort layer, realizes that the behavior for installing the application program to ccf layer is monitored.
10. device as claimed in claim 8, it is characterised in that described information acquiring unit specifically for:Pass through invocation framenort API in layer, is obtained comprising the APK file for installing package informatin;By the API Message functions in invocation framenort layer, obtain described The Setup Type of application program;Also, the APK file is parsed, the function list file of operating system is obtained, it is clear from the function The authority information of the application program is got in monofile.
11. device as claimed in claim 8, it is characterised in that the authority information includes:The authority of short message reading record, Authority, the authority for reading message registration, the authority of acquisition positional information for reading associated person information, and/or, obtain facility information Authority.
12. device as claimed in claim 8, it is characterised in that the authority configuration unit is according to the mark of the application program Know the application list with pre-setting to be matched, if the match is successful, the power is performed for the application program Allocation plan is limited, wherein, described the application list includes needing to perform the application program list of the authority configuration scheme.
13. device as claimed in claim 8, it is characterised in that also include:
Installment state determining unit, for obtaining installment state code from ccf layer, the application layer is installed by described State code, judges this time whether installation succeeds;
Authority storage unit, if this time installed successfully, saves as APK file by the authority configuration of this installation, is used for Next time installs and uses.
14. device as claimed in claim 8, it is characterised in that also include:
Monitoring unit is unloaded, monitors whether the ccf layer carries out unloading behaviour to the application program by the application layer Make;
Authority deletes unit, and unloading operation is carried out to the application program if listened to, for by preservation and the application The related authority information file of program is deleted.
CN201410453132.XA 2014-09-05 2014-09-05 Configure the method and device of the authority of application program Active CN104200159B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410453132.XA CN104200159B (en) 2014-09-05 2014-09-05 Configure the method and device of the authority of application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410453132.XA CN104200159B (en) 2014-09-05 2014-09-05 Configure the method and device of the authority of application program

Publications (2)

Publication Number Publication Date
CN104200159A CN104200159A (en) 2014-12-10
CN104200159B true CN104200159B (en) 2017-07-28

Family

ID=52085450

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410453132.XA Active CN104200159B (en) 2014-09-05 2014-09-05 Configure the method and device of the authority of application program

Country Status (1)

Country Link
CN (1) CN104200159B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104462961B (en) * 2014-12-24 2018-04-10 北京奇虎科技有限公司 Mobile terminal and its privacy authority optimization method
CN105653904B (en) * 2015-12-24 2019-05-17 北京奇虎科技有限公司 Using the processing method of screen locking, device and mobile terminal
CN107526580B (en) * 2016-07-26 2020-02-07 腾讯科技(深圳)有限公司 Terminal application identification method and device
CN108132818B (en) * 2016-11-30 2021-12-21 阿里巴巴集团控股有限公司 Interface processing method and electronic device for executing same
CN108234414B (en) * 2016-12-16 2021-08-10 北京京东振世信息技术有限公司 Upgrading method and device for APP
CN108628652B (en) * 2018-03-13 2023-02-28 Oppo广东移动通信有限公司 User interface rendering method, device and terminal
CN110781490A (en) * 2018-07-30 2020-02-11 中兴通讯股份有限公司 Information processing method, terminal and computer readable storage medium
CN109711150A (en) * 2018-12-19 2019-05-03 努比亚技术有限公司 Using installation permission grant method for limiting and device, mobile terminal and storage medium
CN109815680B (en) * 2018-12-27 2021-08-31 歌尔股份有限公司 Application authority management method and device, terminal equipment and storage medium
CN111125676B (en) * 2019-12-23 2022-06-03 北京百度网讯科技有限公司 Joint authorization method and device
CN111273962B (en) * 2020-02-14 2022-02-18 腾讯科技(深圳)有限公司 Configuration management method, device, computer readable storage medium and computer equipment
CN112559293B (en) * 2020-12-22 2023-03-07 上海哔哩哔哩科技有限公司 Application package monitoring method and device
CN114510220B (en) * 2021-12-16 2025-08-01 中国科学院软件研究所 HarmonyOS-oriented distributed application development and debugging method and auxiliary tool
CN115586910A (en) * 2022-09-13 2023-01-10 超聚变数字技术有限公司 Application upgrade method and computer equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103345411A (en) * 2013-07-09 2013-10-09 北京奇虎科技有限公司 Method and device for uninstalling application program
CN103577757A (en) * 2013-11-15 2014-02-12 北京奇虎科技有限公司 Virus defending method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697133A (en) * 2009-10-26 2010-04-21 中兴通讯股份有限公司 Software upgrading method, software upgrading system and client
CN102200922B (en) * 2011-04-06 2013-12-11 宇龙计算机通信科技(深圳)有限公司 Application program installation method and terminal
KR101295428B1 (en) * 2011-09-09 2013-08-23 주식회사 팬택 Method and Apparatus
CN103324506A (en) * 2013-06-24 2013-09-25 上海天奕达电子科技有限公司 Method and mobile phone for controlling installation of Android applications
CN103870306A (en) * 2014-02-21 2014-06-18 北京奇虎科技有限公司 Method and device for installing application program on basis of intelligent terminal equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103345411A (en) * 2013-07-09 2013-10-09 北京奇虎科技有限公司 Method and device for uninstalling application program
CN103577757A (en) * 2013-11-15 2014-02-12 北京奇虎科技有限公司 Virus defending method and device

Also Published As

Publication number Publication date
CN104200159A (en) 2014-12-10

Similar Documents

Publication Publication Date Title
CN104200159B (en) Configure the method and device of the authority of application program
CN105045643B (en) Launcher startup method and device in Android system
US10678527B2 (en) Apparatus and method for managing application
EP3109762B1 (en) Electronic device having external memory and method for operating the same
KR102318877B1 (en) Apparatus and method for displaying user interface
US11222118B2 (en) Method for updating selinux security policy and terminal
US8874892B1 (en) Assessing BIOS information prior to reversion
CN103577237B (en) Application program startup control method and device
US20170123783A1 (en) Method for displaying plug-in view elements in host application page and electronic device
US8701195B2 (en) Method for antivirus in a mobile device by using a mobile storage and a system thereof
CN105335184B (en) Application installation method and device
WO2015058574A1 (en) Method and apparatus for implementing push notification of extensive application program
CN104731625A (en) Method, device and mobile terminal for loading plugin
KR20160097511A (en) Permission control method and Electronic device operating the same
US11368360B2 (en) Electronic device, and software setting method based on subscriber identity module in electronic device
KR20170049897A (en) Electronic device and method for setting software in electronic device
US9110678B1 (en) Automated BIOS enhancements and upgrades
CN106557669A (en) A kind of authority control method and device of application program installation process
CN104539467A (en) Terminal equipment management system and method based on cloud server
CN106406944A (en) Control method and system for forbidding self-starting of application
WO2018108051A1 (en) Method and device for system administration, and storage medium
US9513928B2 (en) Method of operating multiple operating systems and the electronic device thereof
CN107656740A (en) A kind of customized version switching method, device and mobile terminal
US10262309B1 (en) Augmenting a BIOS with new programs
CN105550007A (en) Control method and device for mobile terminal and mobile terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220713

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.