Access control method and electronic device

By generating call requests and using security policies to determine access permissions between applications, the problem of user privacy leakage in multi-device distributed systems is solved, and system-level access control and information leakage protection are achieved.

CN115706994BActive Publication Date: 2026-07-07HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
HUAWEI TECH CO LTD
Filing Date
2021-08-05
Publication Date
2026-07-07

Smart Images

  • Figure CN115706994B_ABST
    Figure CN115706994B_ABST
Patent Text Reader

Abstract

The embodiment of the present application provides an access control method and an electronic device. In the technical scheme provided by the embodiment of the present application, a first application is called to generate a calling request, or a calling request sent by a first electronic device through calling a first application is received, the calling request is used for requesting a second application to call a target service; whether the calling request is allowed is judged according to a security policy pre-configured by a user, the target service, the first application and the second application; if it is judged that the calling request is not allowed, the calling request is rejected, and prompt information for prompting that the first application is abnormally operated is generated. The embodiment of the present application enables the current mobile OS to effectively find and block the user privacy leakage problem in a distributed system composed of multiple devices.
Need to check novelty before this filing date? Find Prior Art

Description

[Technical Field]

[0001] This invention relates to the field of remote control technology, and more particularly to an access control method and an electronic device. [Background Technology]

[0002] In traditional mobile operating systems (OS), third-party applications (APPs) can pose a risk of user privacy breaches by accessing multiple sensitive services. For example, they might obtain a user's location through location services and then leak that location information through network services. This malicious behavior can be blocked by managing the service or interface calls of a single APP, such as controlling when an APP calls different sensitive interfaces to prevent a single APP from leaking the user's real-time location. However, in distributed systems composed of multiple devices, APPs can easily bypass these control measures through multi-application collaboration.

[0003] Therefore, current mobile operating systems are unable to effectively detect and prevent user privacy leaks in distributed systems composed of multiple devices. [Summary of the Invention]

[0004] In view of this, embodiments of the present invention provide an access control method and an electronic device, enabling current mobile operating systems to effectively detect and block user privacy leaks in distributed systems composed of multiple devices.

[0005] In a first aspect, embodiments of the present invention provide an access control method, the method comprising:

[0006] A call request is generated by invoking the first application; the call request is used to request the second application to invoke the target service.

[0007] Based on the user's pre-configured security policy, the target service, the first application, and the second application, determine whether to allow the call request;

[0008] If it is determined that the call request is not allowed, the call request is rejected and a reminder message is generated to indicate abnormal operation of the first application.

[0009] In conjunction with the first aspect, in some implementations of the first aspect, determining whether to allow the call request based on the user-preconfigured security policy, the target service, the first application, and the second application specifically includes:

[0010] Determine whether the security policy exists in the first application and the second application, or whether the security policy exists in the target service;

[0011] If it is determined that the security policy exists in the first application and the second application, or that the security policy exists in the target service, then it is determined that the call request is not allowed.

[0012] If it is determined that the security policy does not exist in the first application and the second application, and there is no security policy corresponding to the target service, then the call request is allowed.

[0013] In conjunction with the first aspect, in some implementations of the first aspect, before determining whether to allow the call request based on the user-preconfigured security policy, the target service, the first application, and the second application, the method further includes:

[0014] Intercept the aforementioned call request.

[0015] In conjunction with the first aspect, in some implementations of the first aspect, after determining whether to allow the call request based on the user-preconfigured security policy, the target service, the first application, and the second application, the method further includes:

[0016] If it is determined that the call request is allowed, the target service is invoked by calling the second application.

[0017] Secondly, embodiments of the present invention provide an access control method, the method comprising:

[0018] Receive a call request sent by a first electronic device through calling a first application, the call request being used to request a second application to call a target service;

[0019] Based on the user's pre-configured security policy, the target service, the first application, and the second application, determine whether to allow the call request;

[0020] If it is determined that the call request is not allowed, the call request is rejected and a reminder message is generated to indicate abnormal operation of the first application.

[0021] In conjunction with the second aspect, in some implementations of the second aspect, determining whether to allow the call request based on the user-preconfigured security policy, the target service, the first application, and the second application specifically includes:

[0022] Determine whether the security policy exists in the first application and the second application, or whether the security policy exists in the target service;

[0023] If it is determined that the security policy exists in the first application and the second application, or that the security policy exists in the target service, then it is determined that the call request is not allowed.

[0024] If it is determined that the security policy does not exist in the first application and the second application, and there is no security policy corresponding to the target service, then the call request is allowed.

[0025] In conjunction with the second aspect, in some implementations of the second aspect, before determining whether to allow the call request based on the user-preconfigured security policy, the target service, the first application, and the second application, the method further includes:

[0026] Intercept the aforementioned call request.

[0027] In conjunction with the second aspect, in some implementations of the second aspect, after determining whether to allow the call request based on the user-preconfigured security policy, the target service, the first application, and the second application, the method further includes:

[0028] If it is determined that the call request is allowed, the target service is invoked by calling the second application.

[0029] Thirdly, embodiments of the present invention provide an electronic device, including a processor and a memory, wherein the memory is used to store a computer program, the computer program including program instructions, and when the processor executes the program instructions, the electronic device performs the following steps:

[0030] A call request is generated by invoking the first application; the call request is used to request the second application to invoke the target service.

[0031] Based on the user's pre-configured security policy, the target service, the first application, and the second application, determine whether to allow the call request;

[0032] If it is determined that the call request is not allowed, the call request is rejected and a reminder message is generated to indicate abnormal operation of the first application.

[0033] In conjunction with the third aspect, in certain implementations of the third aspect, when the processor executes the program instructions, the electronic device performs the following steps:

[0034] The step of determining whether to allow the call request based on the user-preconfigured security policy, the target service, the first application, and the second application specifically includes:

[0035] Determine whether the security policy exists in the first application and the second application, or whether the security policy exists in the target service;

[0036] If it is determined that the security policy exists in the first application and the second application, or that the security policy exists in the target service, then it is determined that the call request is not allowed.

[0037] If it is determined that the security policy does not exist in the first application and the second application, and there is no security policy corresponding to the target service, then the call request is allowed.

[0038] In conjunction with the third aspect, in certain implementations of the third aspect, when the processor executes the program instructions, the electronic device performs the following steps:

[0039] Before determining whether to allow the call request based on the user-configured security policy, the target service, the first application, and the second application, the method further includes:

[0040] Intercept the aforementioned call request.

[0041] In conjunction with the third aspect, in certain implementations of the third aspect, when the processor executes the program instructions, the electronic device performs the following steps:

[0042] After determining whether to allow the call request based on the user-configured security policy, the target service, the first application, and the second application, the method further includes:

[0043] If it is determined that the call request is allowed, the target service is invoked by calling the second application.

[0044] Fourthly, embodiments of the present invention provide an electronic device, including a processor and a memory, wherein the memory is used to store a computer program, the computer program including program instructions, and when the processor executes the program instructions, the electronic device performs the following steps:

[0045] Receive a call request sent by a first electronic device through calling a first application, the call request being used to request a second application to call a target service;

[0046] Based on the user's pre-configured security policy, the target service, the first application, and the second application, determine whether to allow the call request;

[0047] If it is determined that the call request is not allowed, the call request is rejected and a reminder message is generated to indicate abnormal operation of the first application.

[0048] In conjunction with the fourth aspect, in some implementations of the fourth aspect, when the processor executes the program instructions, the electronic device performs the following steps:

[0049] The step of determining whether to allow the call request based on the user-preconfigured security policy, the target service, the first application, and the second application specifically includes:

[0050] Determine whether the security policy exists in the first application and the second application, or whether the security policy exists in the target service;

[0051] If it is determined that the security policy exists in the first application and the second application, or that the security policy exists in the target service, then it is determined that the call request is not allowed.

[0052] If it is determined that the security policy does not exist in the first application and the second application, and there is no security policy corresponding to the target service, then the call request is allowed.

[0053] In conjunction with the fourth aspect, in some implementations of the fourth aspect, when the processor executes the program instructions, the electronic device performs the following steps:

[0054] Before determining whether to allow the call request based on the user-configured security policy, the target service, the first application, and the second application, the method further includes:

[0055] Intercept the aforementioned call request.

[0056] In conjunction with the fourth aspect, in some implementations of the fourth aspect, when the processor executes the program instructions, the electronic device performs the following steps:

[0057] After determining whether to allow the call request based on the user-configured security policy, the target service, the first application, and the second application, the method further includes:

[0058] If it is determined that the call request is allowed, the target service is invoked by calling the second application.

[0059] Fifthly, embodiments of the present invention provide a computer-readable storage medium storing a computer program, the computer program including program instructions that, when executed by a computer, cause the computer to perform the method described above.

[0060] In the access control method and electronic device solutions provided in this invention, a call request is generated by invoking a first application, or a call request sent by a first electronic device through invoking the first application is received. The call request is used to request a second application to call a target service. Based on a user-preconfigured security policy, the target service, the first application, and the second application, it is determined whether the call request is allowed. If the call request is determined to be disallowed, it is rejected, and a reminder message is generated to indicate abnormal operation by the first application. This invention enables current mobile operating systems to effectively detect and prevent user privacy leaks in distributed systems composed of multiple devices. [Attached Image Description]

[0061] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0062] Figure 1 This is a schematic diagram of a traditional standalone system;

[0063] Figure 2 This is a schematic diagram of a distributed system;

[0064] Figure 3 This is a schematic diagram illustrating communication between devices in a distributed system.

[0065] Figure 4 This is a diagram illustrating the coordinated malicious actions of multiple applications in a distributed system.

[0066] Figure 5 An architecture diagram of an access control system provided in an embodiment of the present invention;

[0067] Figure 6 An architecture diagram of another access control system provided in an embodiment of the present invention;

[0068] Figure 7 A flowchart of an access control method provided in an embodiment of the present invention;

[0069] Figure 8 A schematic diagram of an access control method provided in an embodiment of the present invention;

[0070] Figure 9 A flowchart of an access control method provided in another embodiment of the present invention;

[0071] Figure 10 A schematic diagram illustrating yet another access control method provided in an embodiment of the present invention;

[0072] Figure 11 This is a schematic diagram of the structure of an electronic device provided in an embodiment of the present invention.

Detailed Implementation Methods

[0073] To better understand the technical solution of the present invention, the embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0074] It should be understood that the described embodiments are merely some, not all, of the embodiments of the present invention. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without inventive effort are within the scope of protection of the present invention.

[0075] The terminology used in the embodiments of this invention is for the purpose of describing particular embodiments only and is not intended to limit the invention. The singular forms “a,” “the,” and “the” as used in the embodiments of this invention and the appended claims are also intended to include the plural forms unless the context clearly indicates otherwise.

[0076] It should be understood that the term "and / or" used in this article is merely a description of the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A existing alone, A and B existing simultaneously, or B existing alone. Additionally, the character " / " in this article generally indicates that the preceding and following related objects have an "or" relationship.

[0077] In traditional standalone systems, such as Figure 1 As shown, applications in a mobile OS exist as independent entities, accessing services to obtain sensitive resources within the system and providing various functions to users, such as those based on Location-Based Services (LBS). In a distributed system composed of multiple devices, such as... Figure 2 As shown, the working mode of the APP has changed significantly. The APP provides a function to the user by accessing services on this device or other devices, making full use of the capabilities of each device to bring a brand-new experience to the user.

[0078] In traditional mobile operating systems, third-party apps can pose a risk of user privacy breaches by accessing multiple services. For example, they might first obtain a user's location through location services and then leak that location information through network services. This malicious behavior can be prevented by controlling the service or API calls made by a single app. For instance, by controlling when an app calls different sensitive APIs, a single app can be prevented from leaking the user's real-time location.

[0079] A distributed system composed of multiple devices, such as the iOS smart home system, such as... Figure 3As shown, the devices primarily establish communication channels through the device connection module. Application interoperability between devices is handled by the distributed service discovery module; individual devices are unaware of the application information of the calling parties.

[0080] Furthermore, in a distributed system composed of multiple devices, an app can easily bypass the aforementioned control measures through multi-application collaboration. For example... Figure 4 As shown, APP1 first obtains the user's location through service A, then calls APP2 on device B to send personal information to APP2, and indirectly leaks the user's real-time location information by calling network services through APP2.

[0081] In summary, current mobile operating systems are unable to effectively detect and block this type of information leakage problem in a distributed system composed of multiple devices.

[0082] To address the aforementioned technical problems, embodiments of the present invention provide an access control method and an electronic device.

[0083] See Figure 5 , Figure 5 This is an architecture diagram of an access control system provided in an embodiment of the present invention. Figure 5 As shown, the access control system includes a first electronic device 100. The first electronic device 100 includes a first system application, a first application, a second application, a first system service, application call chain management, a call information database, service information management, a distributed service discovery module, distributed service access control management, a service access policy module, a security policy database, an anomaly alert service, service call management, a call record database, a first device connection module, and a first underlying communication module.

[0084] Figure 5 In this context, the first system application includes all system applications within the first electronic device 100. Both the first application and the second application are third-party apps within the first electronic device 100, but they differ from each other. The first system service handles system tasks within the first electronic device 100. The first device connection module establishes a connection between the first electronic device 100 and the distributed system; the first underlying communication module handles underlying communication within the first electronic device 100.

[0085] See Figure 6 , Figure 6 This is an architecture diagram of another access control system provided by an embodiment of the present invention. The access control system of this embodiment includes two electronic devices, wherein the two electronic devices may include a first electronic device and a second electronic device, both of which are located in a distributed system. Figure 6As shown, the access control system includes a first electronic device 100 and a second electronic device 200. The first electronic device 100 includes a first system application, a first application, a first system service, application call chain management, a call information database, a first device connection module, and a first underlying communication module. The second electronic device 200 includes a second system application, a second application, a second system service, service information management, a distributed service discovery module, distributed service access control management, a service access policy module, a security policy database, an anomaly alert service, service call management, a call record database, a second device connection module, and a second underlying communication module.

[0086] Figure 6 In this context, the first system application includes all system applications within the first electronic device 100. The first application is a third-party APP within the first electronic device 100. The first system service is used to handle system tasks within the first electronic device 100. The first device connection module is used to establish connections between the first electronic device 100 and the distributed system; the first underlying communication module is used for underlying communication of the first electronic device 100.

[0087] The second system application includes all system applications in the second electronic device 200. The second application is a third-party app within the second electronic device 200. The second system service handles system tasks within the second electronic device 200. The second device connection module is used to establish connections between the second electronic device 200 and the distributed system; the second low-level communication module is used for low-level communication within the second electronic device 200.

[0088] exist Figure 5 and Figure 6In this system, the first application generates a call request and sends it to the application call chain management system; the call request is used to request the second application to call the target service. The application call chain management system queries the second application based on the call request, sends the call request to the second application, and records the call relationship (call chain) in the call information database. The call information database stores the call chains. The second application sends the call request to the service information management system based on the call request. The distributed service discovery module discovers the services provided by each electronic device in the distributed system after the second electronic device 200 establishes a connection with the distributed system through the second device connection module, and synchronizes the service information of all services to the service information management system. The service information management system finds the target service corresponding to the call request. The distributed service access control management system intercepts the call request sent by the second application to the service information management system and determines whether to allow the call request based on the user-configured security policy, the target service, the first application, and the second application; if the call request is not allowed, it is rejected; if the call request is allowed, the second application is permitted to call the target service. The exception alert service generates an alert message to indicate abnormal operation in the first application if the distributed service access control management determines that a call request is not allowed. The service call management module retrieves the call request judgment result from the distributed service access control management and records the result in the call record database. The service access policy module retrieves the user-configured application security policy and records it in the security policy database; the security policy database stores the application's security policies. For example, the first application includes APP1, the target service includes the user's real-time location, and APP1's security policy includes: allowing APP1 to obtain the user's real-time location, but prohibiting APP1 from sending the user's real-time location outwards.

[0089] For example, the warning message includes: "Invoking a first application to invoke a second application and access a target service poses a risk of leaking personal privacy."

[0090] In this embodiment of the invention, the notification method for the reminder information is not limited to pop-up windows, voice reminders, or presentation on a separate page in the settings.

[0091] This invention addresses a distributed system comprised of multiple devices. When an application accesses applications or services on its own device, or accesses applications or services on other devices across devices, it prevents apps from leaking user privacy through collaborative malicious means based on the application's identity, the information of the service called by the application, the identity of the called application, and the service information accessed by the called application. Specifically, when a called app initiates a service access request, the system determines whether to allow the called app to access the current service based on the caller's information, the service accessed by the caller, and the corresponding security policy. This invention supports call-based service access control, i.e., call chain-based control, and also supports controlling collaborative service access among multiple apps based on user- or system-default configured service access security policies, thereby achieving system-level service access call management and preventing the leakage of sensitive user information.

[0092] Based on the above Figure 5 The provided architecture diagram illustrates an access control method applied to a first electronic device 100. Figure 7 This is a flowchart illustrating an access control method according to an embodiment of the present invention. Figure 7 As shown, the method includes:

[0093] Step 102: Generate a call request by calling the first application. The call request is used to request the second application to call the target service.

[0094] Both the first application and the second application are third-party applications and are located on the first electronic device. The first application and the second application should be different.

[0095] In embodiments of the present invention, such as Figure 5 As shown, the first electronic device 100 generates a call request by calling the first application. The application call chain management queries the second application according to the call request and sends the call request to the second application. At the same time, it records the call relationship, i.e. the call chain, in the call information database.

[0096] Step 104: Based on the user's pre-configured security policy, target service, first application, and second application, determine whether the call request is allowed. If yes, proceed to step 106; otherwise, proceed to step 108.

[0097] In embodiments of the present invention, such as Figure 5 As shown, the user configures the application's security policy through the service access policy module of the first electronic device 100, and the service access policy module stores the security policy in the call log database.

[0098] like Figure 5As shown, after the second application receives the call request, the distributed service access control management determines whether to allow the call request based on the user's pre-configured security policy, the target service, the first application, and the second application.

[0099] In this embodiment of the invention, step 104 specifically includes: determining whether there is a security policy corresponding to the first application and the second application, or whether there is a security policy corresponding to the target service. If yes, it is determined that the call request is not allowed, and step 108 is executed; if no, it is determined that the call request is allowed, and step 106 is executed.

[0100] In this embodiment of the invention, before step 104, the method further includes:

[0101] Step 102': Intercept the call request.

[0102] In embodiments of the present invention, such as Figure 5 As shown, before determining whether to allow a call request, the distributed service access control management needs to intercept the call request sent by the second application to the service information management. This is because after receiving the call request, the second application will send a call request to the service information management, which will then locate the target service corresponding to the call request and directly invoke that service. Therefore, to prevent user privacy leaks, the distributed service access control management needs to intercept the call request sent by the second application to the service information management before determining whether to allow the call request.

[0103] Step 106: Call the target service by invoking the second application; process ends.

[0104] In embodiments of the present invention, such as Figure 5 As shown, if the distributed service access control management determines that a call request is allowed, it permits the second application to call the target service. Specifically, the second application sends a call request to the service information management system. The service information management system then locates the target service corresponding to the call request and calls that service. Simultaneously, the service call management system obtains the decision result of the call request from the distributed service access control management system and records the result in the call record database.

[0105] Step 108: Reject the call request and generate a notification message to alert the first application of abnormal operation; process ends.

[0106] In embodiments of the present invention, such as Figure 5 As shown, if the distributed service access control management determines that a call request is not allowed, it will reject the call request, that is, it will prevent the second application from sending a call request to the service information management. Simultaneously, the exception notification service generates a notification message to alert the first application of abnormal operation. At the same time, the service call management obtains the judgment result of the call request from the distributed service access control management and records the judgment result in the call record database.

[0107] For example, the warning message includes: "Invoking a first application to invoke a second application and access a target service poses a risk of leaking personal privacy."

[0108] In this embodiment of the invention, the notification method for the reminder information is not limited to pop-up windows, voice reminders, or presentation on a separate page in the settings.

[0109] This invention addresses a distributed system comprised of multiple devices, where applications access other applications or services on their own devices. It prevents apps from colluding to maliciously leak user privacy based on the application's identity, the information of the service called by the application, the identity of the called application, and the service information accessed by the called application. Specifically, when a called app initiates a service access request, the system determines whether to allow the called app to access the current service based on the caller's information, the service accessed by the caller, and the corresponding security policy. Figure 8 As shown, embodiments of the present invention support service access control based on invocation, i.e., invocation chain, and also support control of service access for multi-APP collaboration based on the security policies of service access configured by users or the system by default, so as to achieve system-level service access invocation control and prevent leakage of sensitive user information.

[0110] In the access control method provided by this invention, a call request is generated by invoking a first application. This call request requests a second application to call a target service. Based on the user's pre-configured security policy, the target service, the first application, and the second application, it is determined whether the call request is allowed. If the call request is determined to be disallowed, the call request is rejected, and a reminder message is generated to indicate abnormal operation by the first application. This invention enables current mobile operating systems in distributed systems composed of multiple devices to effectively detect and prevent user privacy leaks.

[0111] Based on the above Figure 6 The provided architecture diagram illustrates an access control method applied to a second electronic device 200. Figure 9 This is a flowchart illustrating an access control method according to another embodiment of the present invention. Figure 9 As shown, the method includes:

[0112] Step 202: Receive a call request sent by the first electronic device through calling the first application. The call request is used to request the second application to call the target service.

[0113] Both the first application and the second application are third-party applications. The first application is located on the first electronic device, and the second application is located on the second electronic device.

[0114] In embodiments of the present invention, such as Figure 6As shown, the first electronic device 100 generates a call request by calling the first application. The application call chain management queries the electronic device where the second application is located based on the call request. After finding that the electronic device where the second application is located is the second electronic device 200, it sends a call request to the second application of the second electronic device 200 and records this call relationship, i.e. the call chain, in the call information database.

[0115] Step 204: Based on the user's pre-configured security policy, target service, first application, and second application, determine whether the call request is allowed. If yes, proceed to step 206; otherwise, proceed to step 208.

[0116] In embodiments of the present invention, such as Figure 6 As shown, the user configures the application's security policy through the service access policy module of the second electronic device 200, and the service access policy module stores the security policy in the call log database.

[0117] like Figure 6 As shown, after the second application receives the call request, the distributed service access control management determines whether to allow the call request based on the user's pre-configured security policy, the target service, the first application, and the second application.

[0118] In this embodiment of the invention, step 204 specifically includes: determining whether there is a security policy corresponding to the first application and the second application, or whether there is a security policy corresponding to the target service. If yes, it is determined that the call request is not allowed, and step 208 is executed; if no, it is determined that the call request is allowed, and step 206 is executed.

[0119] In this embodiment of the invention, before step 204, the method further includes:

[0120] Step 202': Intercept the call request.

[0121] In embodiments of the present invention, such as Figure 6 As shown, before determining whether to allow a call request, the distributed service access control management needs to intercept the call request sent by the second application to the service information management. This is because after receiving the call request, the second application will send a call request to the service information management, which will then locate the target service corresponding to the call request and directly invoke that service. Therefore, to prevent user privacy leaks, the distributed service access control management needs to intercept the call request sent by the second application to the service information management before determining whether to allow the call request.

[0122] Step 206: Call the target service by invoking the second application; process ends.

[0123] In embodiments of the present invention, such as Figure 6As shown, if the distributed service access control management determines that a call request is allowed, it permits the second application to call the target service. Specifically, the second application sends a call request to the service information management system. The service information management system then locates the target service corresponding to the call request and calls that service. Simultaneously, the service call management system obtains the decision result of the call request from the distributed service access control management system and records the result in the call record database.

[0124] Step 208: Reject the call request and generate a notification message to alert the first application of abnormal operation; process ends.

[0125] In embodiments of the present invention, such as Figure 6 As shown, if the distributed service access control management determines that a call request is not allowed, it will reject the call request, that is, it will prevent the second application from sending a call request to the service information management. Simultaneously, the exception notification service generates a notification message to alert the first application of abnormal operation. At the same time, the service call management obtains the judgment result of the call request from the distributed service access control management and records the judgment result in the call record database.

[0126] For example, the warning message includes: "Invoking a first application to invoke a second application and access a target service poses a risk of leaking personal privacy."

[0127] In this embodiment of the invention, the notification method for the reminder information is not limited to pop-up windows, voice reminders, or presentation on a separate page in the settings.

[0128] This invention addresses a distributed system comprised of multiple devices, where applications access other applications or services on different devices. It prevents apps from colluding to maliciously leak user privacy based on the application's identity, the information of the service called by the application, the identity of the called application, and the service information accessed by the called application. Specifically, when a called app initiates a service access request, the system determines whether to allow the called app to access the current service based on the caller's information, the service accessed by the caller, and the corresponding security policy. Figure 10 As shown, embodiments of the present invention support service access control based on invocation, i.e., invocation chain, and also support control of service access for multi-APP collaboration based on the security policies of service access configured by users or the system by default, so as to achieve system-level service access invocation control and prevent leakage of sensitive user information.

[0129] In the access control method provided by this invention, a call request is received from a first electronic device by invoking a first application. The call request requests a second application to invoke a target service. Based on a user-preconfigured security policy, the target service, the first application, and the second application, it is determined whether the call request is allowed. If the call request is deemed disallowed, it is rejected, and a notification message is generated to alert the first application to abnormal operation. This invention enables current mobile operating systems in distributed systems composed of multiple devices to effectively detect and prevent user privacy leaks.

[0130] The above text combined Figures 1 to 10 The access control method provided by the embodiments of the present invention is described in detail below. Figure 11 The following describes in detail the device embodiments of the present invention. It should be understood that the electronic devices in the embodiments of the present invention can execute the various methods of the foregoing embodiments of the present invention, that is, the specific working processes of the various products below can be referred to the corresponding processes in the foregoing method embodiments.

[0131] This invention provides an electronic device, which can be a terminal device or a circuit device built into the terminal device. This electronic device can be used to perform the functions / steps described in the method embodiments above.

[0132] Figure 11 This is a schematic diagram of the structure of an electronic device 300 provided in an embodiment of the present invention. The electronic device 300 may include a processor 310, an external memory interface 320, an internal memory 321, a universal serial bus (USB) interface 330, a charging management module 340, a power management module 341, a battery 342, antenna 1, antenna 2, a mobile communication module 350, a wireless communication module 360, an audio module 370, a speaker 370A, a receiver 370B, a microphone 370C, a headphone jack 370D, a sensor module 380, buttons 390, a motor 391, an indicator 392, a camera 393, a display screen 394, and a subscriber identification module (SIM) card interface 395, etc. The sensor module 380 may include a pressure sensor 380A, a gyroscope sensor 380B, a barometric pressure sensor 380C, a magnetic sensor 380D, an accelerometer sensor 380E, a distance sensor 380F, a proximity light sensor 380G, a fingerprint sensor 380H, a temperature sensor 380J, a touch sensor 380K, an ambient light sensor 380L, a bone conduction sensor 380M, etc.

[0133] It is understood that the structures illustrated in the embodiments of the present invention do not constitute a specific limitation on the electronic device 300. In other embodiments of the present invention, the electronic device 300 may include more or fewer components than illustrated, or combine some components, or split some components, or have different component arrangements. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

[0134] Processor 310 may include one or more processing units, such as application processor (AP), modem processor, graphics processing unit (GPU), image signal processor (ISP), controller, video codec, digital signal processor (DSP), baseband processor, and / or neural network processing unit (NPU). These different processing units may be independent devices or integrated into one or more processors.

[0135] The controller can generate operation control signals based on the instruction opcode and timing signals to complete the control of instruction fetching and execution.

[0136] The processor 310 may also include a memory for storing instructions and data. In some embodiments, the memory in the processor 310 is a cache memory. This memory can store instructions or data that the processor 310 has just used or that are used repeatedly. If the processor 310 needs to use the instruction or data again, it can retrieve it directly from the memory. This avoids repeated accesses, reduces the waiting time of the processor 310, and thus improves the efficiency of the system.

[0137] In some embodiments, the processor 310 may include one or more interfaces. Interfaces may include an inter-integrated circuit (I2C) interface, an inter-integrated circuit sound (I2S) interface, a pulse code modulation (PCM) interface, a universal asynchronous receiver / transmitter (UART) interface, a mobile industry processor interface (MIPI), a general-purpose input / output (GPIO) interface, a subscriber identity module (SIM) interface, and / or a universal serial bus (USB) interface, etc.

[0138] The I2C interface is a bidirectional synchronous serial bus, including a serial data line (SDA) and a serial clock line (SCL). In some embodiments, the processor 310 may include multiple I2C buses. The processor 310 can couple to the touch sensor 380K, charger, flash, camera 393, etc., through different I2C bus interfaces. For example, the processor 310 can couple to the touch sensor 380K through the I2C interface, enabling the processor 310 and the touch sensor 380K to communicate through the I2C bus interface, thereby realizing the touch function of the electronic device 300.

[0139] The I2S interface can be used for audio communication. In some embodiments, the processor 310 may include multiple I2S buses. The processor 310 can be coupled to the audio module 370 via the I2S bus to enable communication between the processor 310 and the audio module 370. In some embodiments, the audio module 370 can transmit audio signals to the wireless communication module 360 ​​via the I2S interface to enable the function of answering phone calls through a Bluetooth headset.

[0140] The PCM interface can also be used for audio communication, sampling, quantizing, and encoding analog signals. In some embodiments, the audio module 370 and the wireless communication module 360 ​​can be coupled via the PCM bus interface. In some embodiments, the audio module 370 can also transmit audio signals to the wireless communication module 360 ​​via the PCM interface, enabling the function of answering phone calls through a Bluetooth headset. Both the I2S interface and the PCM interface can be used for audio communication.

[0141] The UART interface is a universal serial data bus used for asynchronous communication. This bus can be a bidirectional communication bus. It converts the data to be transmitted between serial and parallel communication. In some embodiments, the UART interface is typically used to connect the processor 310 and the wireless communication module 360. For example, the processor 310 communicates with the Bluetooth module in the wireless communication module 360 ​​via the UART interface to implement Bluetooth functionality. In some embodiments, the audio module 370 can transmit audio signals to the wireless communication module 360 ​​via the UART interface to enable music playback through Bluetooth headphones.

[0142] The MIPI interface can be used to connect the processor 310 to peripheral devices such as the display screen 394 and the camera 393. The MIPI interface includes a camera serial interface (CSI) and a display serial interface (DSI). In some embodiments, the processor 310 and the camera 393 communicate via the CSI interface to enable the electronic device 300 to capture images. The processor 310 and the display screen 394 communicate via the DSI interface to enable the electronic device 300 to display images.

[0143] The GPIO interface can be configured via software. It can be configured as a control signal or a data signal. In some embodiments, the GPIO interface can be used to connect the processor 310 to a camera 393, a display screen 394, a wireless communication module 360, an audio module 370, a sensor module 380, etc. The GPIO interface can also be configured as an I2C interface, an I2S interface, a UART interface, a MIPI interface, etc.

[0144] USB port 330 is a USB standard compliant interface, which can be a Mini USB port, Micro USB port, USB Type-C port, etc. USB port 330 can be used to connect a charger to charge electronic device 300, and can also be used for data transfer between electronic device 300 and peripheral devices. It can also be used to connect headphones for audio playback. This interface can also be used to connect other electronic devices, such as AR devices.

[0145] It is understood that the interface connection relationships between the modules illustrated in the embodiments of the present invention are merely illustrative and do not constitute a structural limitation on the electronic device 300. In other embodiments of the present invention, the electronic device 300 may also employ different interface connection methods or combinations of multiple interface connection methods as described in the above embodiments.

[0146] The charging management module 340 receives charging input from a charger. The charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 340 receives charging input from the wired charger via a USB interface 330. In some wireless charging embodiments, the charging management module 340 receives wireless charging input via the wireless charging coil of the electronic device 300. While charging the battery 342, the charging management module 340 can also supply power to the electronic device via the power management module 341.

[0147] The power management module 341 connects the battery 342, the charging management module 340, and the processor 310. The power management module 341 receives input from the battery 342 and / or the charging management module 340, providing power to the processor 310, internal memory 321, display screen 394, camera 393, and wireless communication module 360. The power management module 341 can also monitor parameters such as battery capacity, battery cycle count, and battery health status (leakage current, impedance). In some other embodiments, the power management module 341 may be located within the processor 310. In other embodiments, the power management module 341 and the charging management module 340 may be housed in the same device.

[0148] The wireless communication function of electronic device 300 can be realized through antenna 1, antenna 2, mobile communication module 350, wireless communication module 360, modem processor and baseband processor, etc.

[0149] Antenna 1 and antenna 2 are used to transmit and receive electromagnetic wave signals. Each antenna in electronic device 300 can be used to cover one or more communication frequency bands. Different antennas can also be multiplexed to improve antenna utilization. For example, antenna 1 can be multiplexed as a diversity antenna for a wireless local area network. In some other embodiments, the antennas can be used in conjunction with a tuning switch.

[0150] The mobile communication module 350 can provide solutions for wireless communication, including 2G / 3G / 4G / 5G, applied to the electronic device 300. The mobile communication module 350 may include at least one filter, switch, power amplifier, low noise amplifier (LNA), etc. The mobile communication module 350 can receive electromagnetic waves via antenna 1, and perform filtering, amplification, and other processing on the received electromagnetic waves before transmitting them to a modem processor for demodulation. The mobile communication module 350 can also amplify the signal modulated by the modem processor and convert it into electromagnetic waves for radiation via antenna 1. In some embodiments, at least some functional modules of the mobile communication module 350 may be housed in the processor 310. In some embodiments, at least some functional modules of the mobile communication module 350 and at least some modules of the processor 310 may be housed in the same device.

[0151] The modem processor may include a modulator and a demodulator. The modulator modulates the low-frequency baseband signal to be transmitted into a mid-to-high frequency signal. The demodulator demodulates the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then transmits the demodulated low-frequency baseband signal to the baseband processor for processing. After processing by the baseband processor, the low-frequency baseband signal is transmitted to the application processor. The application processor outputs sound signals through an audio device (not limited to speaker 370A, receiver 370B, etc.) or displays images or videos through a display screen 394. In some embodiments, the modem processor may be a separate device. In other embodiments, the modem processor may be independent of the processor 310 and may be housed in the same device as the mobile communication module 350 or other functional modules.

[0152] The wireless communication module 360 ​​can provide solutions for wireless communication applications on the electronic device 300, including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) networks), Bluetooth (BT), global navigation satellite system (GNSS), frequency modulation (FM), near field communication (NFC), and infrared (IR) technologies. The wireless communication module 360 ​​can be one or more devices integrating at least one communication processing module. The wireless communication module 360 ​​receives electromagnetic waves via antenna 2, performs frequency modulation and filtering of the electromagnetic wave signal, and sends the processed signal to processor 310. The wireless communication module 360 ​​can also receive signals to be transmitted from processor 310, perform frequency modulation and amplification, and convert them into electromagnetic waves for radiation via antenna 2.

[0153] In some embodiments, antenna 1 of electronic device 300 is coupled to mobile communication module 350, and antenna 2 is coupled to wireless communication module 360, enabling electronic device 300 to communicate with networks and other devices via wireless communication technology. The wireless communication technology may include Global System for Mobile Communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Time Division Code Division Multiple Access (TD-SCDMA), Long Term Evolution (LTE), BT, GNSS, WLAN, NFC, FM, and / or IR technologies, etc. The GNSS may include the Global Positioning System (GPS), the Global Navigation Satellite System (GLONASS), the BeiDou Navigation Satellite System (BDS), the Quasi-Zenith Satellite System (QZSS), and / or satellite-based augmentation systems (SBAS).

[0154] Electronic device 300 implements display functions through a GPU, a display screen 394, and an application processor. The GPU is a microprocessor for image processing, connecting the display screen 394 and the application processor. The GPU is used to perform mathematical and geometric calculations and for graphics rendering. Processor 310 may include one or more GPUs, which execute program instructions to generate or modify display information.

[0155] Display screen 394 is used to display images, videos, etc. Display screen 394 includes a display panel. The display panel may be a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (AMOLED), a flexible light-emitting diode (FLED), a miniature LED, a microLED, a quantum dot light-emitting diode (QLED), etc. In some embodiments, electronic device 300 may include one or N displays 394, where N is a positive integer greater than 1.

[0156] Electronic device 300 can achieve shooting function through ISP, camera 393, video codec, GPU, display 394 and application processor.

[0157] The ISP (Image Signal Processor) is used to process data fed back from the camera 393. For example, when taking a picture, the shutter is opened, and light is transmitted through the lens to the camera's photosensitive element. The light signal is converted into an electrical signal, and the camera's photosensitive element transmits the electrical signal to the ISP for processing, transforming it into an image visible to the naked eye. The ISP can also perform algorithmic optimization of image noise, brightness, and skin tone. The ISP can also optimize parameters such as exposure and color temperature of the shooting scene. In some embodiments, the ISP can be set in the camera 393.

[0158] Camera 393 is used to capture still images or videos. An object is projected onto a photosensitive element by generating an optical image through the lens. The photosensitive element can be a charge-coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The photosensitive element converts the light signal into an electrical signal, which is then passed to an ISP for conversion into a digital image signal. The ISP outputs the digital image signal to a DSP for processing. The DSP converts the digital image signal into image signals in standard RGB, YUV, or other formats. In some embodiments, the electronic device 300 may include one or N cameras 393, where N is a positive integer greater than 1.

[0159] A digital signal processor (DSP) is used to process digital signals. Besides digital image signals, it can also process other digital signals. For example, when the electronic device 300 is selecting a frequency, the DSP is used to perform Fourier transforms on the frequency energy.

[0160] Video codecs are used to compress or decompress digital video. Electronic device 300 may support one or more video codecs. Thus, electronic device 300 can play or record video in various encoding formats, such as Moving Picture Experts Group (MPEG) 1, MPEG2, MPEG3, MPEG4, etc.

[0161] An NPU (Neural Processing Unit) is a computational processor for neural networks (NNs). By borrowing the structure of biological neural networks, such as the transmission patterns between neurons in the human brain, it can rapidly process input information and continuously learn on its own. NPUs can enable intelligent cognitive applications in electronic devices, such as image recognition, facial recognition, speech recognition, and text understanding.

[0162] The external storage interface 320 can be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the electronic device 300. The external memory card communicates with the processor 310 through the external storage interface 320 to perform data storage functions. For example, music, video, and other files can be saved on the external memory card.

[0163] Internal memory 321 can be used to store computer executable program code, which includes instructions. Internal memory 321 may include a program storage area and a data storage area. The program storage area may store the operating system, at least one application program required for a function (such as sound playback, image playback, etc.), etc. The data storage area may store data created during the use of electronic device 300 (such as audio data, phonebook, etc.). Furthermore, internal memory 321 may include high-speed random access memory, and may also include non-volatile memory, such as at least one disk storage device, flash memory device, universal flash storage (UFS), etc. Processor 310 executes various functional applications and data processing of electronic device 300 by running instructions stored in internal memory 321 and / or instructions stored in memory located in the processor.

[0164] Electronic device 300 can implement audio functions such as music playback and recording through audio module 370, speaker 370A, receiver 370B, microphone 370C, headphone jack 370D, and application processor.

[0165] The audio module 370 is used to convert digital audio information into analog audio signal output, and also to convert analog audio input into digital audio signal. The audio module 370 can also be used for encoding and decoding audio signals. In some embodiments, the audio module 370 may be located in the processor 310, or some functional modules of the audio module 370 may be located in the processor 310.

[0166] The speaker 370A, also known as a "loudspeaker," is used to convert audio electrical signals into sound signals. Electronic device 300 can listen to music or make hands-free calls through the speaker 370A.

[0167] The receiver 370B, also known as the "earpiece," is used to convert audio electrical signals into sound signals. When the electronic device 300 answers a telephone call or voice message, the receiver 370B can be brought close to the listener's ear to hear the voice.

[0168] Microphone 370C, also known as a "microphone" or "voice transducer," is used to convert sound signals into electrical signals. When making a phone call or sending a voice message, the user can speak by bringing their mouth close to microphone 370C, inputting the sound signal into microphone 370C. Electronic device 300 may have at least one microphone 370C. In some embodiments, electronic device 300 may have two microphones 370C, which, in addition to collecting sound signals, can also perform noise reduction. In other embodiments, electronic device 300 may have three, four, or more microphones 370C, which can collect sound signals, reduce noise, identify the sound source, and perform directional recording, etc.

[0169] The 370D headphone jack is used to connect wired headphones. The 370D headphone jack can be a USB 330 interface or a 3.5mm Open Mobile Terminal Platform (OMTP) standard interface, a CTIA (Cellular Telecommunications Industry Association of the USA) standard interface.

[0170] The pressure sensor 380A is used to sense pressure signals and can convert the pressure signals into electrical signals. In some embodiments, the pressure sensor 380A may be disposed on the display screen 394.

[0171] There are many types of pressure sensors 380A, such as resistive pressure sensors, inductive pressure sensors, and capacitive pressure sensors. A capacitive pressure sensor may include at least two parallel plates with conductive material. When force is applied to the pressure sensor 380A, the capacitance between the electrodes changes. The electronic device 300 determines the pressure intensity based on the change in capacitance. When a touch operation is applied to the display screen 394, the electronic device 300 detects the intensity of the touch operation based on the pressure sensor 380A. The electronic device 300 can also calculate the touch position based on the detection signal from the pressure sensor 380A. In some embodiments, touch operations applied to the same touch position but with different intensities can correspond to different operation commands. For example, when a touch operation with an intensity less than a first pressure threshold is applied to the SMS application icon, a command to view an SMS message is executed. When a touch operation with an intensity greater than or equal to the first pressure threshold is applied to the SMS application icon, a command to create a new SMS message is executed.

[0172] The gyroscope sensor 380B can be used to determine the motion attitude of the electronic device 300. In some embodiments, the gyroscope sensor 380B can determine the angular velocity of the electronic device 300 around three axes (i.e., the x, y, and z axes). The gyroscope sensor 380B can be used for image stabilization. For example, when the shutter is pressed, the gyroscope sensor 380B detects the angle of the electronic device 300's shake, calculates the distance that the lens module needs to compensate based on the angle, and allows the lens to counteract the shake of the electronic device 300 through reverse movement, thus achieving image stabilization. The gyroscope sensor 380B can also be used in navigation and motion-sensing game scenarios.

[0173] The barometric pressure sensor 380C is used to measure air pressure. In some embodiments, the electronic device 300 calculates altitude using the air pressure value measured by the barometric pressure sensor 380C to assist in positioning and navigation.

[0174] The magnetic sensor 380D includes a Hall sensor. The electronic device 300 can use the magnetic sensor 380D to detect the opening and closing of the flip cover. In some embodiments, when the electronic device 300 is a flip phone, the electronic device 300 can detect the opening and closing of the flip cover using the magnetic sensor 380D. Then, based on the detected opening and closing state of the cover or the flip cover, features such as automatic flip unlocking can be set.

[0175] The accelerometer 380E can detect the magnitude of acceleration of an electronic device 300 in various directions (typically three axes). When the electronic device 300 is stationary, it can detect the magnitude and direction of gravity. It can also be used to identify the posture of the electronic device, and can be applied to applications such as screen orientation switching and pedometers.

[0176] A distance sensor 380F is used to measure distance. Electronic device 300 can measure distance via infrared or laser. In some embodiments, during a shooting scene, electronic device 300 can utilize the distance sensor 380F to measure distance for rapid focusing.

[0177] The proximity sensor 380G may include, for example, a light-emitting diode (LED) and a light detector, such as a photodiode. The LED may be an infrared LED. The electronic device 300 emits infrared light outward through the LED. The electronic device 300 uses the photodiode to detect infrared reflected light from nearby objects. When sufficient reflected light is detected, it can be determined that an object is near the electronic device 300. When insufficient reflected light is detected, the electronic device 300 can determine that no object is near the electronic device 300. The electronic device 300 can use the proximity sensor 380G to detect when a user holds the electronic device 300 close to their ear for a call, so as to automatically turn off the screen to save power. The proximity sensor 380G can also be used in holster mode and pocket mode for automatic unlocking and locking of the screen.

[0178] The ambient light sensor 380L is used to sense the brightness of ambient light. The electronic device 300 can adaptively adjust the brightness of its display screen 394 based on the sensed ambient light level. The ambient light sensor 380L can also be used to automatically adjust the white balance when taking photos. The ambient light sensor 380L can also work in conjunction with the proximity sensor 380G to detect whether the electronic device 300 is in a pocket, preventing accidental touches.

[0179] The fingerprint sensor 380H is used to collect fingerprints. The electronic device 300 can utilize the characteristics of the collected fingerprints to achieve fingerprint unlocking, accessing application locks, taking photos with fingerprints, answering calls with fingerprints, etc.

[0180] Temperature sensor 380J is used to detect temperature. In some embodiments, electronic device 300 uses the temperature detected by temperature sensor 380J to execute a temperature handling strategy. For example, when the temperature reported by temperature sensor 380J exceeds a threshold, electronic device 300 performs thermal protection by reducing the performance of a processor located near temperature sensor 380J to reduce power consumption. In other embodiments, when the temperature is below another threshold, electronic device 300 heats battery 342 to prevent abnormal shutdown of electronic device 300 due to low temperature. In still other embodiments, when the temperature is below yet another threshold, electronic device 300 boosts the output voltage of battery 342 to prevent abnormal shutdown due to low temperature.

[0181] Touch sensor 380K, also known as a "touch device," can be located on display screen 394. The touch sensor 380K and display screen 394 together form a touchscreen, also known as a "touchscreen." Touch sensor 380K detects touch operations applied to or near it. The touch sensor can transmit the detected touch operation to the application processor to determine the type of touch event. Visual output related to the touch operation can be provided through display screen 394. In other embodiments, touch sensor 380K may also be located on the surface of electronic device 300, in a different position than display screen 394.

[0182] The bone conduction sensor 380M can acquire vibration signals. In some embodiments, the bone conduction sensor 380M can acquire vibration signals from the vibrating bone segments of the human vocal cords. The bone conduction sensor 380M can also contact the human pulse to receive blood pressure signals. In some embodiments, the bone conduction sensor 380M can also be incorporated into headphones to form bone conduction headphones. The audio module 370 can parse the voice signals from the vibrating bone segments of the vocal cords acquired by the bone conduction sensor 380M to realize voice functionality. The application processor can parse heart rate information from the blood pressure signals acquired by the bone conduction sensor 380M to realize heart rate detection functionality.

[0183] Buttons 390 include a power button, volume buttons, etc. Buttons 390 can be mechanical buttons or touch-sensitive buttons. Electronic device 300 can receive button input and generate key signal inputs related to user settings and function control of electronic device 300.

[0184] Motor 391 can generate vibration alerts. Motor 391 can be used for incoming call vibration alerts or for touch vibration feedback. For example, different vibration feedback effects can be corresponding to touch operations applied to different applications (such as taking photos, playing audio, etc.). Motor 391 can also correspond to different vibration feedback effects for touch operations applied to different areas of the display screen 394. Different application scenarios (such as time reminders, receiving messages, alarm clocks, games, etc.) can also correspond to different vibration feedback effects. The touch vibration feedback effect can also be customized.

[0185] Indicator 392 can be an indicator light, used to indicate charging status, power changes, or to indicate messages, missed calls, notifications, etc.

[0186] The SIM card interface 395 is used to connect a SIM card. The SIM card can be inserted into or removed from the SIM card interface 395 to make contact with and separate from the electronic device 300. The electronic device 300 can support one or N SIM card interfaces, where N is a positive integer greater than 1. The SIM card interface 395 can support Nano SIM cards, Micro SIM cards, SIM cards, etc. Multiple cards can be inserted into the same SIM card interface 395 simultaneously. The multiple cards can be of the same or different types. The SIM card interface 395 is also compatible with different types of SIM cards. The SIM card interface 395 is also compatible with external memory cards. The electronic device 300 interacts with the network through the SIM card to realize functions such as calls and data communication. In some embodiments, the electronic device 300 uses an eSIM, i.e., an embedded SIM card. The eSIM card can be embedded in the electronic device 300 and cannot be separated from the electronic device 300.

[0187] This invention provides a computer-readable storage medium storing instructions that, when executed on a terminal device, cause the terminal device to perform the functions / steps described in the above method embodiments.

[0188] This invention also provides a computer program product containing instructions that, when run on a computer or any at least one processor, cause the computer to perform the functions / steps described in the above method embodiments.

[0189] In this embodiment of the invention, "at least one" refers to one or more, and "more than one" refers to two or more. "And / or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent the existence of A alone, the simultaneous existence of A and B, or the existence of B alone. A and B can be singular or plural. The character " / " generally indicates that the preceding and following related objects are in an "or" relationship. "At least one of the following" and similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one of a, b, and c can represent: a, b, c, ab, ac, bc, or abc, where a, b, and c can be single or multiple.

[0190] Those skilled in the art will recognize that the units and algorithm steps described in the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of electronic hardware and software. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementations should not be considered beyond the scope of this invention.

[0191] Those skilled in the art will understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

[0192] In several embodiments provided by this invention, any function, if implemented as a software functional unit and sold or used as an independent product, can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this invention, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause an electronic device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0193] The above description is merely a specific embodiment of the present invention. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this invention should be included within the protection scope of this invention. The protection scope of this invention should be determined by the scope of the claims.

Claims

1. An access control method, characterized in that, The method includes: A call request is generated by invoking the first application; the call request is used to request the second application to invoke the target service. Based on the user's pre-configured security policy, the first application, the information of the service called by the first application, the second application, and the target service, determine whether to allow the call request; If it is determined that the call request is not allowed, the call request is rejected and a reminder message is generated to indicate abnormal operation of the first application; The step of determining whether to allow the call request based on the user-preconfigured security policy, the first application, information about the service called by the first application, the second application, and the target service includes: Based on the information of the first application, the services invoked by the first application, and the security policy corresponding to the first application, determine whether to allow the second application to access the target service; If it is determined that the second application is allowed to access the target service, then the call request is allowed. If it is determined that the second application is not allowed to access the target service, then the call request is not allowed.

2. The method according to claim 1, characterized in that, Before determining whether to allow the call request, the method further includes: Intercept the aforementioned call request.

3. The method according to claim 1, characterized in that, After determining whether the call request is allowed, the method further includes: If it is determined that the call request is allowed, the target service is invoked by calling the second application.

4. An access control method, characterized in that, The method includes: Receive a call request sent by a first electronic device through calling a first application, the call request being used to request a second application to call a target service; Based on the user's pre-configured security policy, the first application, the information of the service called by the first application, the second application, and the target service, determine whether to allow the call request; If it is determined that the call request is not allowed, the call request is rejected and a reminder message is generated to indicate abnormal operation of the first application; The step of determining whether to allow the call request based on the user-preconfigured security policy, the first application, information about the service called by the first application, the second application, and the target service includes: Based on the information of the first application, the services invoked by the first application, and the security policy corresponding to the first application, determine whether to allow the second application to access the target service; If it is determined that the second application is allowed to access the target service, then the call request is allowed. If it is determined that the second application is not allowed to access the target service, then the call request is not allowed.

5. The method according to claim 4, characterized in that, Before determining whether to allow the call request, the method further includes: Intercept the aforementioned call request.

6. The method according to claim 4, characterized in that, After determining whether the call request is allowed, the method further includes: If it is determined that the call request is allowed, the target service is invoked by calling the second application.

7. An electronic device, characterized in that, It includes a processor and a memory, wherein the memory is used to store a computer program, the computer program including program instructions, which, when executed by the processor, cause the electronic device to perform the following steps: A call request is generated by invoking the first application; the call request is used to request the second application to invoke the target service. Based on the user's pre-configured security policy, the first application, the information of the service called by the first application, the second application, and the target service, determine whether to allow the call request; If it is determined that the call request is not allowed, the call request is rejected and a reminder message is generated to indicate abnormal operation of the first application; The step of determining whether to allow the call request based on the user-preconfigured security policy, the first application, information about the service called by the first application, the second application, and the target service includes: Based on the information of the first application, the services invoked by the first application, and the security policy corresponding to the first application, determine whether to allow the second application to access the target service; If it is determined that the second application is allowed to access the target service, then the call request is allowed. If it is determined that the second application is not allowed to access the target service, then the call request is not allowed.

8. The device according to claim 7, characterized in that, When the processor executes the program instructions, the electronic device performs the following steps: Before determining whether to allow the call request, the method further includes: Intercept the aforementioned call request.

9. The device according to claim 7, characterized in that, When the processor executes the program instructions, the electronic device performs the following steps: After determining whether the call request is allowed, the method further includes: If it is determined that the call request is allowed, the target service is invoked by calling the second application.

10. An electronic device, characterized in that, It includes a processor and a memory, wherein the memory is used to store a computer program, the computer program including program instructions, which, when executed by the processor, cause the electronic device to perform the following steps: Receive a call request sent by a first electronic device through calling a first application, the call request being used to request a second application to call a target service; Based on the user's pre-configured security policy, the first application, the information of the service called by the first application, the second application, and the target service, determine whether to allow the call request; If it is determined that the call request is not allowed, the call request is rejected and a reminder message is generated to indicate abnormal operation of the first application; The step of determining whether to allow the call request based on the user-preconfigured security policy, the first application, information about the service called by the first application, the second application, and the target service includes: Based on the information of the first application, the services invoked by the first application, and the security policy corresponding to the first application, determine whether to allow the second application to access the target service; If it is determined that the second application is allowed to access the target service, then the call request is allowed. If it is determined that the second application is not allowed to access the target service, then the call request is not allowed.

11. The device according to claim 10, characterized in that, When the processor executes the program instructions, the electronic device performs the following steps: Before determining whether to allow the call request, the method further includes: Intercept the aforementioned call request.

12. The device according to claim 10, characterized in that, When the processor executes the program instructions, the electronic device performs the following steps: After determining whether the call request is allowed, the method further includes: If it is determined that the call request is allowed, the target service is invoked by calling the second application.

13. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program, the computer program including program instructions that, when executed by a computer, cause the computer to perform the method as described in any one of claims 1-3 or 4-6.