Access control method and apparatus
By integrating system resources and implementing access control through services, the problem of configuring access control policies in vehicle operating systems has been solved, thereby improving system processing efficiency and security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- HUAWEI TECH CO LTD
- Filing Date
- 2022-07-29
- Publication Date
- 2026-06-26
AI Technical Summary
Existing in-vehicle operating systems suffer from fragmented and numerous real resources, resulting in a huge number of access control policy entries that are difficult to configure, costly, and inefficient.
By integrating system resources and controlling access to the integrated system resources through services, the permission configuration and authentication process is simplified, and system processing efficiency is improved.
It enables simplified permission configuration and authentication for multiple system resources, improving system processing efficiency and security.
Smart Images

Figure CN119053968B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of computer information technology, and specifically to an access control method and apparatus. Background Technology
[0002] In the field of autonomous driving, blocking attacks from across the internet and ensuring safe driving for end users has become one of the important research topics.
[0003] As the cornerstone of autonomous driving software, the in-vehicle operating system needs to provide robust access control capabilities to cope with various attack scenarios. Mainstream in-vehicle operating systems include, but are not limited to, Linux. Currently, the commonly used access control method is to directly control access to the system's actual resources.
[0004] Since the system's real resources are numerous and scattered, access control methods targeting these real resources require configuring access control policies based on these numerous and scattered resources. This results in a huge number of access control policy entries, leading to configuration difficulties, high usage costs, and low efficiency. Summary of the Invention
[0005] This application provides an access control method and apparatus. In this method, the apparatus can integrate system resources and control access permissions to the integrated system resources through services, thereby reducing the complexity of permission configuration and authentication processes and improving the overall processing efficiency of the system.
[0006] Firstly, embodiments of this application provide an access control method. The method includes: a device acquiring a first file request sent by a first application. The first file request is generated when the first application performs a target file operation on a target resource file. Next, the device detects whether the first application has permission to perform the target file operation based on the first file request and preset permission information. When the first application has permission to perform the target file operation, the device, according to the first file request, calls multiple system resources managed by the target service corresponding to the target resource file. These multiple system resources include hardware and software entities required for the first application's operation. Thus, in this embodiment, the target service presents a resource file to the application. The application can operate on the resource file to enable the target service to provide the application with multiple corresponding system resources, thereby simplifying the application's execution process and reducing the complexity of resource requests. Furthermore, this application integrates system resources and controls permissions on the integrated system resources through a service, enabling the service to authenticate the application, thereby achieving authentication of multiple system resources. In other words, the application can interact with the service to obtain access permissions to multiple system resources, thereby reducing the complexity of permission configuration and authentication processes and improving the overall system processing efficiency.
[0007] For example, the device includes multiple services, each configured based on the requirements of a corresponding application.
[0008] For example, the system resources and / or records managed by multiple services in the device may not have the same usage permissions.
[0009] For example, the preset permission information is the application permission table in the embodiments below. This application uses a table as an example for illustration, but other forms may also be used in other embodiments, and this application does not limit it.
[0010] For example, the device can be the middleware layer in the following embodiments, or it can be an electronic device such as a smart vehicle, mobile phone, or wearable device.
[0011] For example, system resources refer to the actual resources described in the embodiments of this application, and may also be referred to as operating system resources. System resources are resources provided by the kernel in the operating system, and include, but are not limited to, network resources, file resources, etc.
[0012] For example, the device may be an electronic device (such as a smart vehicle, wearable device, etc.) in the embodiments of this application, or a middleware layer as described in the embodiments of this application, or a chip in an electronic device. This application does not limit the device.
[0013] In one possible implementation, a second file request sent by a first application is obtained. This second file request is triggered by the first application accessing a target resource file. Obtaining the first file request sent by the first application includes: when the device determines that the first application has access rights based on the second file request, it obtains the first file request sent by the first application. For example, an application needs access rights to access a file (e.g., the actual resource corresponding to a service) in order to perform other operations on the file. Accordingly, after determining that the application has access rights to the target resource file, the device can further obtain other file requests from the application and further authenticate them.
[0014] In one possible implementation, obtaining the second file request sent by the first application includes: after the first application has been successfully authenticated, the device obtains the second file request sent by the first application. In this way, the device can verify the legitimacy of the application before authenticating it, thereby preventing unauthorized applications from illegally accessing system resources managed by the target service corresponding to the resource file.
[0015] In one possible implementation, the second file request includes the identification information of the target resource file and the identification information of the first application. Authentication is performed based on the identification information of the target resource file and the first application. Thus, the service presents the identification information of the target resource file to the application. The access object on the application side is the object corresponding to the identification information. Compared to existing technologies where applications need to access real resources one by one, the application in this application can directly interact with the service corresponding to the required real resource to obtain the corresponding resource.
[0016] In one possible implementation, the identification information of the target resource file is its file path. This allows applications to access the service as if it were a file, simplifying inter-process interaction and making programming easier.
[0017] In one possible implementation, when the target file operation is a write operation, the first file request includes first target data; the device, according to the first file request, invokes multiple system resources managed by the target service corresponding to the target resource file, including: the device writes the first target data to the multiple system resources managed by the target service corresponding to the target resource file. In this way, after the device authenticates the application, no further authentication is required in subsequent processes, simplifying the access steps.
[0018] In one possible implementation, when the target file operation is a read operation, the device, according to the first file request, invokes multiple system resources managed by the target service corresponding to the target resource file. This includes: the device reading second target data from the multiple system resources managed by the target service corresponding to the target resource file, according to the first file request. The device then returns the second target data to the first application. In this way, after the device authenticates the application, no further authentication is required in subsequent processes, simplifying the access steps.
[0019] In one possible implementation, the target file operations include either read or write operations.
[0020] Secondly, embodiments of this application provide an access control device. This access control device includes a target service, which is configured to acquire a first file request sent by a first application. The first file request is generated when the first application performs a target file operation on a target resource file. The target service is further configured to detect whether the first application has permission to perform the target file operation based on the first file request and preset permission information. The target service is also configured to, when the first application has permission to perform the target file operation, invoke multiple system resources managed by the target service corresponding to the target resource file according to the first file request. The multiple system resources include hardware and software entities required for the first application to run.
[0021] In one possible implementation, the device further includes an identity access management module. This module interacts with the first application via a first communication channel and with the target service via a second communication channel. The identity access management module is used to obtain a second file request sent by the first application via the first communication channel. This second file request is triggered by the first application's access to a target resource file and includes the identification information of the target resource file and the identification information of the first application. The identity access management module is also used to send the second file request to the target service via the second communication channel when the authentication of the first application based on the identification information of the target resource file and the identification information of the first application is successful. The target service is further used to establish a third communication channel with the first application when it determines that the first application has access rights based on the second file request. In this way, legitimate applications can interact with the identity access management module via pre-set communication channels. Illegal applications, however, cannot obtain the corresponding communication channel, and the identity access management module can refuse to interact with them. Furthermore, services can only interact with applications through secure channels, thus ensuring resource security. For applications that access kernel system resources directly without going through a secure channel, the kernel can identify such applications as illegal applications, effectively improving the security of system access.
[0022] In one possible implementation, the target service specifically retrieves a first file request sent by a first application via a third communication channel. The service and application interact through a secure channel, eliminating the need for further authentication and simplifying the access process.
[0023] In one possible implementation, the identification information of the target resource file is the file path of the target resource file.
[0024] In one possible implementation, when the target file operation is a write operation, the first file request includes first target data; and a target service, specifically used to write the first target data to multiple system resources managed by the target service corresponding to the target resource file.
[0025] In one possible implementation, when the target file operation is a read operation, the target service has the function of reading second target data from multiple system resources managed by the target service corresponding to the target resource file according to the first file request; and returning the second target data to the first application.
[0026] In one possible implementation, the target file operations include either read or write operations.
[0027] The second aspect and any implementation thereof correspond to the first aspect and any implementation thereof, respectively. The technical effects of the second aspect and any implementation thereof are similar to those of the first aspect and any implementation thereof, and will not be repeated here.
[0028] Thirdly, embodiments of this application provide a computer storage medium for storing a computer program, the computer program including instructions for performing the method in the first aspect or any possible implementation of the first aspect.
[0029] Fourthly, embodiments of this application provide a computer program including instructions for performing the method in the first aspect or any possible implementation thereof.
[0030] Fifthly, embodiments of this application provide a chip including a processing circuit and transceiver pins. The transceiver pins and the processing circuit communicate with each other via an internal connection path. The processing circuit executes the method in the first aspect or any possible implementation of the first aspect to control the receiving pin to receive signals and to control the transmitting pin to transmit signals. Attached Figure Description
[0031] Figure 1 This is a structural block diagram of an intelligent vehicle provided in an embodiment of this application;
[0032] Figure 2 A software structure block diagram of an intelligent vehicle provided in an embodiment of this application;
[0033] Figure 3 A flowchart illustrating an access control method provided in an embodiment of this application;
[0034] Figure 4 A software structure block diagram of an intelligent vehicle provided in an embodiment of this application;
[0035] Figure 5 A software structure block diagram of an intelligent vehicle provided in an embodiment of this application;
[0036] Figure 6 A software structure block diagram of an intelligent vehicle provided in an embodiment of this application;
[0037] Figure 7 This is a schematic diagram of the access process provided in an embodiment of this application;
[0038] Figure 8 A software structure block diagram of an intelligent vehicle provided in an embodiment of this application;
[0039] Figure 9 This is a schematic diagram of the device structure provided in an embodiment of this application. Detailed Implementation
[0040] The technical solutions in the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments.
[0041] The access control method in this application embodiment can be applied to scenarios such as autonomous driving services, Internet of Things services, and data services. Furthermore, it can be applied to devices or equipment such as mobile phones, laptops, e-readers, smart vehicles, servers, wearable devices, and smart home devices.
[0042] In this embodiment, the device is an intelligent vehicle (or can be understood as an in-vehicle device on an intelligent vehicle) as an example for illustration. Figure 1 This is a structural block diagram of an intelligent vehicle provided in an embodiment of this application. It should be understood that... Figure 1 The intelligent vehicle 100 shown is only one example of the device, and the intelligent vehicle 100 may have more or fewer components than shown in the figure, may combine two or more components, or may have different component configurations. Figure 1 The various components shown can be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and / or application-specific integrated circuits.
[0043] like Figure 1 As shown, the intelligent vehicle 100 may include multiple systems, such as a mobility system 110, a sensing system 120, a control system 130, one or more peripheral devices 140, a power supply 150, a computer system 160, and a user interface 170. Optionally, the intelligent vehicle 100 may also include more or fewer systems, and each system may include multiple components. Furthermore, each subsystem and component of the intelligent vehicle 100 may be interconnected via wired or wireless means.
[0044] The mobility system 110 may include components that provide powered motion to the intelligent vehicle 100. In one embodiment, the mobility system 110 may include an engine 111, an energy source 112, a transmission 113, and wheels / tires 114. The engine 111 may be an internal combustion engine, an electric motor, an air-compressed engine, or other types of engine combinations, such as a hybrid engine consisting of a gasoline engine and an electric motor, or a hybrid engine consisting of an internal combustion engine and an air-compressed engine. The engine 111 converts the energy source 112 into mechanical energy. Examples of energy sources 112 include gasoline, diesel, other petroleum-based fuels, propane, other compressed gas-based fuels, ethanol, solar panels, batteries, and other sources of electricity. The energy source 112 may also provide energy to other systems of the intelligent vehicle 100.
[0045] The transmission 113 can transmit mechanical power from the engine 112 to the wheels 114. The transmission 113 may include a gearbox, a differential, and a drive shaft. In one embodiment, the transmission 113 may also include other components, such as a clutch. The drive shaft may include one or more axles that can be coupled to one or more wheels 114.
[0046] The sensing system 120 may include several sensors for sensing information about the environment surrounding the intelligent vehicle 100. For example, the sensing system 120 may include a positioning system 121 (which may be a GPS system, a BeiDou system, or another positioning system), an inertial measurement unit (IMU) 122, a radar 123, a laser rangefinder 124, and a camera 125. The sensing system 120 may also include sensors for the internal systems of the monitored intelligent vehicle 100 (e.g., an in-vehicle air quality monitor, a fuel gauge, an oil temperature gauge, etc.). Sensor data from one or more of these sensors can be used to detect objects and their corresponding characteristics (position, shape, orientation, speed, etc.). This detection and identification is a key function for the safe operation of the autonomous intelligent vehicle 100.
[0047] The positioning system 121 can be used to estimate the geographical location of the intelligent vehicle 100.
[0048] IMU 122 is used to sense changes in the position and orientation of the smart vehicle 100 based on inertial acceleration. In one embodiment, IMU 122 may be a combination of an accelerometer and a gyroscope. For example, IMU 122 may be used to measure the curvature of the smart vehicle 100.
[0049] Radar 123 can use radio signals to sense objects in the surrounding environment of the intelligent vehicle 100. In some embodiments, in addition to sensing objects, radar 123 can also be used to sense the speed and / or direction of travel of objects.
[0050] The laser rangefinder 124 can use lasers to sense objects in the environment in which the intelligent vehicle 100 is located. In some embodiments, the laser rangefinder 124 may include one or more laser sources, a laser scanner, and one or more detectors, as well as other system components.
[0051] Camera 125 can be used to capture multiple images of the surrounding environment of the intelligent vehicle 100. Camera 125 can be a still camera or a video camera.
[0052] The control system 130 controls the operation of the intelligent vehicle 100 and its components. The control system 130 may include various elements, including a steering system 131, a throttle 132, a braking unit 133, a computer vision system 134, a route control system 135, and an obstacle avoidance system 136.
[0053] The steering system 131 is operable to adjust the forward direction of the intelligent vehicle 100. For example, in one embodiment, it may be a steering wheel system, which can be used to adjust the angle of steering wheel rotation.
[0054] The throttle 132 is used to control the operating speed of the engine 11 and thus the speed of the intelligent vehicle 100.
[0055] Braking unit 133 is used to control the deceleration of intelligent vehicle 100. Braking unit 133 can use friction to slow down wheel 114. In other embodiments, braking unit 133 can convert the kinetic energy of wheel 114 into electric current. Braking unit 133 may also take other forms to slow down the rotational speed of wheel 114 to control the speed of intelligent vehicle 100.
[0056] Computer vision system 134 is operable to process and analyze images captured by camera 125 to identify objects and / or features in the surrounding environment of intelligent vehicle 100. The objects and / or features may include traffic signals, road boundaries, and obstacles. Computer vision system 134 may use object recognition algorithms, structure from motion (SFM) algorithms, video tracking, and other computer vision techniques. In some embodiments, computer vision system 134 may be used to map the environment, track objects, estimate object velocities, and so on.
[0057] The route control system 135 is used to determine the driving route of the intelligent vehicle 100. In some embodiments, the route control system 135 may combine data from the sensor system 1204, GPS 121, and one or more predetermined maps to determine the driving route for the intelligent vehicle 100.
[0058] The obstacle avoidance system 136 is used to identify, assess, and avoid or otherwise traverse potential obstacles in the environment of the intelligent vehicle 100.
[0059] Of course, in one instance, the control system 130 may include additional or alternative components besides those shown and described. Alternatively, some of the components shown above may be reduced.
[0060] The intelligent vehicle 100 interacts with external sensors, other vehicles, other computer systems, or users via peripheral devices 140. Peripheral devices 140 may include a wireless communication system 141, an onboard computer 142, a microphone 143, and / or a speaker 144.
[0061] In some embodiments, peripheral device 140 provides a means for a user of intelligent vehicle 100 to interact with user interface 170. For example, on-board computer 142 may provide information to the user of intelligent vehicle 100. User interface 170 may also operate on-board computer 142 to receive user input. On-board computer 142 may be operated via touchscreen. In other cases, peripheral device 140 may provide a means for intelligent vehicle 100 to communicate with other devices located within the vehicle. For example, microphone 143 may receive audio (e.g., voice commands or other audio input) from the user of intelligent vehicle 100. Similarly, speaker 144 may output audio to the user of intelligent vehicle 100.
[0062] The wireless communication system 141 can communicate wirelessly with one or more devices, either directly or via a communication network.
[0063] Power source 150 can provide power to various components of intelligent vehicle 100. In one embodiment, power source 150 can be a rechargeable lithium-ion or lead-acid battery. One or more such battery packs can be configured to provide power to various components of intelligent vehicle 100. In some embodiments, power source 150 and energy source 112 can be implemented together, as is the case in some fully electric vehicles.
[0064] Some or all of the functions of the intelligent vehicle 100 are controlled by a computer system 160. The computer system 160 may include at least one processor 161 and a memory 162.
[0065] Processor 161 can be any conventional processor, such as a commercially available CPU. Alternatively, the processor can be a special-purpose device such as an ASIC or other hardware-based processor.
[0066] The memory 162 can store the application 1621 and the target real data 1622. The application 1621 includes at least multiple business processes 16211 and an access control architecture 16212.
[0067] Processor 161 executes application program 1621 stored in memory 162. For example, processor 161 is used to call multiple business processes 1621 and access control architecture 1622 in memory 162 to access real resources 1623.
[0068] Understandable Figure 1The functional diagram of the intelligent vehicle 100 in this application is only an exemplary implementation and is not intended to limit the intelligent vehicle 100 in this application.
[0069] The software system of the intelligent vehicle 100 can adopt a layered architecture, event-driven architecture, microkernel architecture, microservice architecture, or cloud architecture. This application embodiment uses a layered Linux system as an example to exemplify the software structure of the intelligent vehicle 100. Of course, this application embodiment can also be applied to other systems, such as Android systems, SELinux systems, etc., and this application is not limited thereto.
[0070] Figure 2 This is a block diagram illustrating the software architecture of an intelligent vehicle 100. Please refer to... Figure 2 Specifically, this includes, but is not limited to, the application layer, middleware layer, and kernel layer. In one possible implementation, the application layer, middleware layer, and kernel layer can be understood as being contained within the Linux system; that is, the application layer, middleware layer, and kernel layer constitute the software architecture of the Linux system. In another possible implementation, in the Linux system, the kernel layer can also be understood as the Linux system itself, while the application layer and middleware layer can be understood as layers above the Linux system architecture. For other systems, such as the Android system, the Android system may include, but is not limited to, the application layer, system framework layer, and kernel layer. The system framework layer can be equivalent to the middleware layer in this application embodiment. That is, the services and authentication modules included in the middleware layer can be set in the Android system's system framework layer. Of course, the positions, numbers, and names of the layers described in this application embodiment are merely illustrative examples; the system may include more or fewer layers, and this application does not limit this.
[0071] For example, the application layer can also be called the business layer, which includes a series of services (also called applications). Services include, but are not limited to: human-computer interaction, over-the-air updates, remote diagnostics, historical records, map updates, remote control, V2X, log synchronization, annotation calibration, etc.
[0072] In the embodiments of this application, different services can provide different functions for intelligent vehicles. For example, the human-machine interaction service can provide a human-machine interface for users, through which users can perform corresponding operations on the intelligent vehicle 100. The human-machine interaction service responds to the received user operation and performs the corresponding operation on the intelligent vehicle. As another example, the over-the-air (OTA) update service can provide the intelligent vehicle with the function of updating applications (i.e., services) over the air. That is, the OTA update service can obtain the latest version of each service from the cloud and upgrade the current service version based on the latest version.
[0073] Optionally, the intelligent vehicle 100 may be pre-installed with an application package corresponding to at least one of the above-mentioned services at the factory and automatically installed upon initial startup.
[0074] Optionally, the intelligent vehicle 100 may also be automatically equipped with at least one of the above services before leaving the factory.
[0075] Optionally, the intelligent vehicle 100 can also download application packages from the cloud (referring to a cluster of one or more servers) and install the corresponding services by running the application packages.
[0076] The middleware layer can be understood as the intersection of the application layer and the kernel layer. It interacts with both the application and kernel layers to manage permissions and integrate resources when the application layer accesses actual resources in the kernel layer, thus providing a simple, easy-to-use, and highly secure access control mechanism. For example, the middleware layer includes, but is not limited to, an Identity Access Management (IAM) module and various services. These services include, but are not limited to, general resource management services, on-chip device management services, and system process management services. Figure 2 The names, types, and quantities of services shown are merely illustrative examples and are not intended to limit the scope of this application.
[0077] like Figure 2 As shown, the real resources in the kernel layer (also referred to as system resources, kernel resources, or real kernel resources, etc., which can be set according to actual needs, and this application does not limit them) include, but are not limited to: network resources, file resources, encryption / decryption resources, device drivers, and other related resources provided by the operating system kernel. In other words, the kernel can provide upper-layer applications with the real resources required by the application. Of course, the kernel may also include other modules or hardware, which will not be elaborated upon in this application.
[0078] It should be noted that the actual resources described in the embodiments of this application can be hardware resources and / or software resources, or software entities and / or hardware entities, and this application does not limit them. For example, the kernel can provide storage resources for upper-layer applications, while the actual storage space on the storage (e.g., hard disk) is not visible to the upper layer (including the services and business logic mentioned in this document). The kernel maps the storage to a file system (which can also be understood as file resources) for various services to access.
[0079] In this embodiment of the application, before the intelligent vehicle 100 leaves the factory, the operator can pre-configure the correspondence between services and kernel real resources based on the business scenario requirements.
[0080] In this embodiment, business scenario requirements may include the types of real resources required during business operation. For example, when the business process corresponding to business A (e.g., a human-computer interaction business) is running (i.e., in a human-computer interaction business scenario), the real resources it requires include real resource A (e.g., file resources), real resource B (e.g., device drivers), and real resource C (e.g., hardware acceleration resources). The intelligent vehicle 100 may then have a service A (e.g., a general resource management service) to manage real resources A, B, and C. Real resources A, B, and C can also be understood as the set of real resources managed by service A. As another example, when the business process corresponding to business B (e.g., a remote diagnostic service) is running, the real resources it requires include real resource A (e.g., file resources) and real resource D (e.g., network resources). Accordingly, the intelligent vehicle 100 may have a service B to manage real resources A and D. It should be noted that the "business process" mentioned in this embodiment may optionally be an instance of the program corresponding to the business that is currently running. This can be understood as follows: before a service runs, it is a computer program; after the computer program of the service runs, the corresponding entity is the service process. In the embodiments below this application, the steps performed by the service can all be understood as being performed by the service process, and will not be repeated below.
[0081] In this embodiment, the business scenario requirements include not only the types of real resources but also the permissions required for those resources. Accordingly, the mapping between services and real resources needs to be set based on the permission requirements for those real resources within the business scenario.
[0082] For example, business A requires real resources A, B, and C, and further requires access (i.e., "open"), read, and write permissions for these resources. Accordingly, service A can be used to manage real resources A, B, and C. Business C also requires real resources A, B, and C, but it may only need (or be understood as only having) access and read permissions for these resources. Accordingly, service C can be used to manage real resources A, B, and C. Service B and service C are different services. Clearly, because the permission requirements of the services for the real resources managed by the services are different, the corresponding services are also different. Of course, in some embodiments, different businesses may have the same requirements for real resources, and correspondingly, the services corresponding to businesses with the same requirements are also the same.
[0083] Optionally, in this embodiment, different services may manage the same types of real resources, but have different permissions. Alternatively, different services may manage different types of real resources. That is, the types of real resources and / or permissions corresponding to different services are not entirely the same.
[0084] In this embodiment, as described above, the correspondence between services and real resources is set based on the business scenario requirements, which include the types and permissions of real resources. In this embodiment, each service (including sub-services) can be used to manage the permissions of a business to multiple real resources (or a set of real resources) corresponding to that service. For example, a service can maintain a business permission table, which can be used to record whether each business has the permission to access the real resources corresponding to that service. Permissions include, but are not limited to, access permissions, read permissions, and write permissions. Based on the business permission table, the service can determine whether it can provide the corresponding real resources to the business. Specific examples will be described in the embodiments below and will not be repeated here.
[0085] In summary, in this embodiment, the operator can pre-integrate the real resources in the kernel of the intelligent vehicle 100 to manage access permissions to these real resources through corresponding services. It should be noted that, for the business, it can only interact with the service to obtain the corresponding real resources. In reality, the system's real resources are invisible to the business, thereby effectively improving the security of the system's real resources.
[0086] It should be noted that in the embodiments of this application, each service may also be referred to as a module or logical unit, etc., and this application does not limit it.
[0087] In the embodiments of this application, a single service can be an independent service, that is, providing one type of service. A single service can also include multiple sub-services to provide multiple types of services.
[0088] It should be noted that the correspondence between business and service, and between service and real resource in the embodiments of this application are only illustrative examples. In other embodiments, they can be set according to actual needs, and this application does not limit them.
[0089] In one possible implementation, the intelligent vehicle 100 can interact with the cloud to detect the existence of new service versions. For example, the intelligent vehicle 100 can periodically send service update requests to the cloud to request the service versions currently stored on the cloud side. If the current service version on the cloud is inconsistent with the current service version of the intelligent vehicle 100, the intelligent vehicle 100 can download the new service version from the cloud. The new service version may optionally be a higher-level version of at least one service in the intelligent vehicle 100, or it may be a service not included in the intelligent vehicle 100. In other words, operators can update at least one service version in the cloud according to the needs of market services or services already installed on the intelligent vehicle 100, and the vehicle can obtain the latest versions of each service from the cloud.
[0090] Please continue to refer to Figure 2 The identity access management module in the middleware layer is used to authenticate the legitimacy of business requests and can determine the corresponding service based on the business requests.
[0091] In this embodiment, before the intelligent vehicle 100 leaves the factory, the operator can configure an authentication channel (also called a trusted channel or verification channel, etc., which is not limited in this application) between the service and identity access management module in the intelligent vehicle 100. For example, this authentication channel can be maintained based on IPC (Inter-Process Communication). The services in the intelligent vehicle 100 can interact with the authentication module through the pre-configured authentication channel.
[0092] For example, the identity access management module can maintain a business information table, which includes business verification information and service information. The business verification information is used to authenticate the legitimacy of a business. For example, the business verification information may include business identification information. The identity access management module can perform legitimacy verification on businesses (or business processes, as described above) that interact with it based on the business verification information to verify whether the business is legitimate. In this embodiment, a legitimate business typically refers to a business obtained through official channels. "Official channels" may optionally include, but are not limited to, the cloud (or an app store or platform provided by the device manufacturer), or services installed before shipment. Businesses downloaded and installed through other channels may be illegitimate and cannot pass the legitimacy verification of the identity access management module.
[0093] For example, the service information in the business information table indicates the target services that can be provided to the business. The identity access management module can specify the corresponding services for the business based on the service information. The specific implementation will be described in detail below.
[0094] It should be noted that the recording methods of various tables described in the embodiments of this application (i.e., the table method) are only illustrative examples. In other embodiments, information can also be recorded in other ways, and this application does not limit it.
[0095] Figure 3 This is a flowchart illustrating an access control method provided in an embodiment of this application. Please refer to... Figure 3 The steps include, but are not limited to:
[0096] S301, the first service sends an access request to the identity access management module.
[0097] For example, in response to a received user operation, the first service sends an access request to the identity access management module. The access request includes, but is not limited to, the service's identification information, a first virtual resource file, and access request information. The access request is used to request the service corresponding to the first virtual resource file to provide it with real resources. As mentioned above, the services in the intelligent vehicle and the correspondence between services and real resources are all set based on the business scenario requirements of the service. Accordingly, after the first service starts running, it needs to open (i.e., access) the real resources that support the operation of the first service. In this embodiment, as mentioned above, after the real resources are integrated, they are managed through corresponding services. Accordingly, the first service needs to interact with the corresponding service to request the service to provide the corresponding real resources to the first service.
[0098] It should be noted that the first service can be any service within the intelligent vehicle.
[0099] It should be further noted that the embodiments of this application are only described using the example of a user triggering the first service to perform related operations. In other embodiments, the triggering condition for the first service to send an access request may also be other. For example, the first service may periodically trigger the access request. This application does not limit this.
[0100] For example, the identification information of a business can be the ID number of a business process (the concept can be referred to above), or other information that can be used to uniquely identify a business. This application does not limit this information.
[0101] For example, access request information is used to request access permissions.
[0102] In this embodiment, each service (including sub-services) is pre-configured with a corresponding virtual resource file. The virtual resource file provides an access interface for the first service, thereby preventing the first service from directly accessing the service and further improving system security. Accordingly, in this embodiment, the first service can interact with the first service corresponding to the first virtual resource by carrying request information containing the first virtual resource.
[0103] For example, the identification information of a virtual resource file can be a file path-style name. In other embodiments, the virtual resource file can also be in other forms, and this application does not impose any special limitations on it.
[0104] It should be noted that the virtual resource file in this embodiment can also be understood as service identification information. The virtual resource file can be used to uniquely identify the corresponding service. For example, in the embodiments below, the identity access management module can find the corresponding service based on the virtual resource file.
[0105] It should be further noted that the virtual resource file in this embodiment can also be understood as abstracting a service into a file path (or other form of identification information). That is, from the business perspective, each service is presented as a file path. Correspondingly, a business can obtain the corresponding real resource by accessing or manipulating a file path.
[0106] Figure 4 This is a schematic diagram illustrating the software structure of an intelligent vehicle 100 as an example. Please refer to... Figure 4 In this example, each service (including sub-services) has a corresponding virtual resource file pre-configured (i.e., set at the factory). The virtual resource file can also be understood as the service's identification information, used to uniquely identify the corresponding service. In this application, the virtual resource file is a file path name. For example, in the field of autonomous driving, virtual resource files include, but are not limited to, Open / read / write / ioctl, pub / sub / service, Get / set / monitor, etc. Among them, the virtual resource file Open / read / write / ioctl corresponds to the general resource management service, pub / sub / service corresponds to the on-chip device management service, and Get / set / monitor corresponds to the system process management service. That is, other modules (such as the identity access management module) can find the corresponding general resource management service through "Open / read / write / ioctl" to interact with the general resource management service. It should be noted that each virtual resource file (i.e., the file path corresponding to the service) is set according to pre-set rules, which can be set according to actual needs; this application does not limit this. Furthermore, each virtual resource file is unique, used to uniquely identify the corresponding service.
[0107] In other words, from the business perspective, after the real resources are integrated, they are managed by the service, and the service presents virtual resource files to the business. In this embodiment, the business can access the virtual resource file to request the corresponding real resources from the service corresponding to the virtual resource file. That is, in this embodiment, the service is virtualized as a file and presented to the business layer. When the business layer interacts with the service, it can be regarded as accessing a file (or virtual file).
[0108] It should be noted that, Figure 4 The names and quantities of virtual resource files and their corresponding relationships with services are merely illustrative examples and can be set according to actual needs; this application does not impose any limitations. The specific operational procedures between virtual resources and services will be described in detail below.
[0109] It should be noted that "accessing" a virtual resource file in this embodiment can also be understood as "opening" a virtual resource file. In other words, before a business function can perform read and / or write operations on a virtual resource file, it must first "open" the virtual resource file before performing subsequent operations on it.
[0110] It should be further noted that, in this embodiment, from the perspective of the business side, the access, read, and write operations performed are all performed on virtual resource files. In reality, the business operates on the real resources managed by the service corresponding to the virtual resource file. The specific implementation will be described in detail below.
[0111] In the embodiments of this application, such as Figure 5 As shown, each service has a pre-configured authentication channel with the identity access management module. Taking the first service as an example, the first service can send an access request to the identity access management module through the authentication channel. It should be noted that the authentication channel in this embodiment is maintained based on IPC communication, and the specific communication method can be a pipe or other feasible methods, which are not limited in this application. Taking the pipe method in IPC communication as an example, the operator pre-configures an authentication channel in the kernel for the identity access management module and the first service. This can also be understood as a pipe that can only be used for communication between the first service and the identity access management module. The so-called pipe is a series of caches in the kernel. The first service can write data (such as the access request mentioned above) from one end of the pipe, and the written data is actually cached in the kernel. The other end (i.e., the identity access management module) reads the data, that is, reads the data from the kernel. Of course, in other embodiments, other services, such as the second service, also have a pre-configured authentication channel with the identity access management module. This authentication channel is only used for data interaction between the second service and the identity access management module.
[0112] In one possible implementation, if an unauthorized service (e.g., an application downloaded from a third-party platform by the in-vehicle device and not certified by the intelligent vehicle platform) needs to access real resources in the kernel, it cannot communicate with the identity access management module because it lacks a pre-configured authentication channel. Consequently, the unauthorized service fails authentication. The kernel in the intelligent vehicle's operating system can provide a forced access mechanism that denies access to the kernel upon detecting that an unauthorized service has failed authentication. Authentication failure scenarios include: failing to interact with the identity access management module through a pre-configured authentication channel, and / or failing to authenticate while interacting with the identity access management module through the authentication channel.
[0113] In another possible implementation, such as Figure 6 As shown, the middleware layer can provide encapsulation interfaces to the application layer. The encapsulation interface can optionally be POSIX (Portable Operating System Interface), but in other embodiments, it can also be other standard interfaces; this application does not limit this. In this embodiment, the POSIX interface can support IPC communication mechanisms (or other communication standards; this application does not limit this). In this example, the first service and the identity access management module in the middleware layer, or the first service and the service in the middleware layer, can interact with each other based on the POSIX interface. Taking the communication between the first service and the identity access management module as an example, during the communication between the first service and the identity access management module based on the POSIX interface, the first service and the identity access management module encapsulate the information to be exchanged (such as access requests sent by the first service, or information fed back by the identity access management module, etc.) to obtain information with a preset format (i.e., conforming to IPC communication), thereby achieving a compatible access interface and realizing a high-performance information transmission mechanism. It should be noted that the communication between the first service and the service is similar to the above, and will not be repeated below.
[0114] S302, the identity access management module determines the first service based on the access request.
[0115] For example, as described above, the identity access management module is pre-configured with authentication channels between different services. The identity access management module can receive access requests sent by the first service based on the authentication channels.
[0116] The identity access management module can decapsulate access requests to obtain the first virtual resource file and other information (such as business identification information and access request information) in the access request.
[0117] As mentioned above, the identity access management module can maintain a business information table, which includes business verification information and service information. Based on the business verification information, the identity access management module can verify the legitimacy of information in access requests (such as business identification information).
[0118] In one example, if verification succeeds, the subsequent steps are executed. In another example, if verification fails, the identity access management module determines that the business is illegitimate and rejects the request, meaning that subsequent steps are not executed for it. Consequently, illegitimate businesses cannot operate on the system's legitimate resources.
[0119] For example, after the identity access management module determines that the verification is successful, the identity access management module can determine the first service that can provide the corresponding service for the first business based on the first virtual resource file carried in the access request and the service information maintained by the identity access management module.
[0120] Please refer to Figure 4 or Figure 5 As mentioned above, each service corresponds to a virtual resource file, which uniquely identifies the service. For example, the virtual resource file for the general resource management service is "Open / read / write / ioctl". Figure 4 (or Figure 5 As shown in the diagram, the kernel pre-configures communication channels between the identity access management module and each service. The service information maintained by the identity access management module may include the correspondence between virtual resource files and communication channels. Accordingly, the identity access management module can, based on the virtual resource file (e.g., "Open / read / write / ioctl"), find the corresponding channel in the service information as the first channel, i.e., the channel with the general resource management service. This confirms that the general resource management service is the first service that needs to provide services for the first business. The communication channel between the identity access management module and the service can also be based on IPC communication (or other communication protocols, which are not limited in this application). The specific implementation is similar to the authentication channel between the business and the identity access management module, and will not be elaborated here.
[0121] For example, after the identity access management module determines the first service based on the first virtual resource file in the access request, it executes S303.
[0122] S303, the identity access management module sends an access request to the first service.
[0123] For example, after identifying the first service, the identity access management module sends (or forwards) an access request to the first service. The access request includes the identification information of the first service and access request information. This access request instructs the first service to provide real resources to the first service. To distinguish it from the access request in S301, the access request in S303 can be referred to as access instruction information.
[0124] For example, as described above, the identity access management module and the first service interact with each other through a pre-set communication channel. The identity access management module can send access instruction information to the first service through the communication channel with the first service.
[0125] For example, the communication channel between the identity access management module and the first service can be based on IPC communication. Accordingly, the identity access management module can repackage the access indication information into a format that conforms to the protocol supported by the communication channel (such as IPC communication) and send it to the first service.
[0126] S304, The first service determines whether the first business has permission to access the first virtual resource file based on the access request.
[0127] For example, the first service can receive access instruction information sent by the identity access management module through a communication channel. The first service decapsulates the access request and obtains the information carried therein. The information includes, but is not limited to, the identification information of the first service and access request information.
[0128] For example, as described above, the first service maintains a business permission table. The business permission table includes at least one entry, which contains the business's identifier information and permission information. The permission information indicates whether the business has permission to access virtual resource files. It should be noted that in this embodiment, the service presents virtual resource files to the business, while the service manages real resources. Accordingly, the service's determination of whether the first business has permission to access the first virtual resource file can also be understood as whether the first business has permission to access the first service, or whether the first business has permission to access the real resources managed by the first service. Of course, the first business cannot directly access real resources; instead, it accesses real resources through the first service.
[0129] For example, after a human-computer interaction (HCI) service starts running, it needs to access the network, which requires the kernel to provide network resources (such as Bluetooth). The access request sent by the HCI service includes a first virtual resource file (e.g., "Open / read / write / ioctl"), the HCI service's identification information, and access request information. After the identity access management module verifies its legitimacy, it determines that the corresponding first service is the general resource management service. Specific details can be found above and will not be repeated here. The identity access management module sends access instruction information to the general resource management service, which includes the HCI service's identification information and access request information. The general resource management service can determine, based on the service permission table, whether the HCI service has permission to access "Open / read / write / ioctl" (i.e., the first virtual resource file). If it has permission to access "Open / read / write / ioctl", the general resource management service can execute S305, which provides the HCI service with kernel network resources, such as opening the file corresponding to the network resource based on the access request information.
[0130] In one possible implementation, if the first service determines, based on the business permission table, that the first business does not have permission to access the first virtual resource file, then the first service denies the first business access to the real resource managed by the first service. Optionally, the first service may send a denial response to the first business to indicate that access to the first virtual resource file is denied; this can also be understood as denying the first business access to the real resource corresponding to the first virtual resource file.
[0131] S305, First Service establishes a secure channel between itself and First Business.
[0132] In this embodiment, after determining that the first service has permission to access the first virtual resource file, the first service can establish a secure channel with the first service. The purpose of establishing a secure channel is to ensure the security of access by allowing the first service to access the first virtual resource file through the secure channel when it has permission. Furthermore, after establishing the secure channel, the first service does not need to perform the authentication process described above when performing operations on the first virtual resource file (e.g., read and / or write operations). In other words, all services that interact with the service based on the secure channel are legitimate services that have been verified.
[0133] In this embodiment, the secure channel can be maintained based on IPC communication. For example, data interaction can be performed through pipe communication in IPC communication, thereby enabling direct message communication between the first service and the first business. The communication method of the secure channel can refer to the authentication channel between the business and the identity access management module, and will not be elaborated here.
[0134] In one possible implementation, if an unauthorized business accesses the service directly by bypassing the identity access management module, the service, upon determining that the unauthorized business did not interact through a secure channel, can use the business permission table to determine that the unauthorized business does not have the necessary access rights and deny the business access to the real resources, thereby ensuring the security of the real resources and preventing attacks from malicious applications.
[0135] It should be noted that all channels involved in this application embodiment (including the authentication channel, the communication channel between the identity access management module and the service, and the secure channel between services) are pre-configured. This means that unauthorized services cannot communicate with the identity access management module or service through the pre-configured channels. For example, operators have pre-configured secure channel establishment policies (such as port information, the specific policy depending on the channel's communication method) for services. When the first service establishes a secure channel with the first service, it can establish the secure channel based on the preset policy.
[0136] For example, after the first service establishes a secure channel with the first business, the first service can send a secure channel establishment success response message to the first business to indicate that the secure channel has been established.
[0137] For example, during the establishment of a secure channel between the first service and the first business, or before or after the establishment of the secure channel—that is, after the first service determines that the first business has permission to access the first virtual resource file—the first service responds to the access request and provides the corresponding real resource to the first business. Optionally, in an access scenario (i.e., the business requests access permission from the service), the first service can access (or open) the file corresponding to the real resource. It should be noted that the kernel may present the real resource as a file to the upper-layer module or business. Accordingly, the service's access, reading, or writing of the real resource in this embodiment can be understood as operating on the file corresponding to the real resource. For example, the first service can send response information to the first business through the secure channel. The response information is used to indicate that the corresponding real resource has been accessed (or opened), or it can also be understood as the virtual resource file requested by the business has been opened. In this embodiment, after the file is opened, subsequent read and / or write operations can be performed.
[0138] Figure 7 For an illustrative diagram of the access process, please refer to... Figure 7 The steps include, but are not limited to:
[0139] S701, the first service sends an operation request to the first service through a secure channel.
[0140] like Figure 8 As illustrated, and exemplarily as described above, a secure channel has been established between the first service and the first business. The first service can directly interact with the first service within the secure channel. For example, the first service can send an operation request to the first service through the secure channel. The operation request includes, but is not limited to, the identification information of the first service, the identification information of the first virtual resource file, and operation request information. The operation request information includes, but is not limited to, read request information and / or write request information, used to request reading and / or writing the real resource corresponding to the first virtual resource file.
[0141] S702, the first service determines whether the first business has operation permissions on the first virtual resource file based on the operation request.
[0142] In this embodiment, the business permission table maintained by the first service also records the operation permissions of the business. Operation permissions include, but are not limited to, read permissions and write permissions. That is, the first service can determine, based on the business permission table, whether the first business has read and / or write permissions to the first virtual resource file.
[0143] The first service can determine whether the first service has the target operation permission (i.e., the permission indicated by the operation request information) on the first virtual resource file based on the operation permission requested by the first service and the service permission table. This can also be understood as whether the service has the target operation permission on the real resource corresponding to the virtual resource file. In other words, in this embodiment, the service has access to the real resource and can open it. If the service needs to operate on the real resource, such as reading or writing, it needs the corresponding permissions to operate on the real resource, thereby ensuring the reliability and security of the real resource and preventing unauthorized services from modifying the real resource.
[0144] In one example, if the first service has permission to operate on the first virtual resource file, then S703 is executed.
[0145] In another example, if the first service does not have permission to operate on the first virtual resource file, the first service returns an operation failure response through a secure channel, indicating that the operation of the first service on the first virtual resource file is denied. This can also be understood as denying the operation of the real resource corresponding to the first service.
[0146] S703, the first service provides real resources to the first business through a secure channel.
[0147] For example, after determining that the first service has operation permissions for the first business, that is, operation permissions for the real resources corresponding to the first virtual resource file, the first service can provide the corresponding real resources to the first business.
[0148] For example, if the access request of the first service includes read request information, it is used to request the reading of data from the real resource corresponding to the first virtual resource file. Optionally, the read request information may also include information such as the location of the data to be read; this application does not impose any limitations. Accordingly, after the first service determines that the first service has permission to read the first virtual resource file, it can send the specified data from the real resource to the first service through a secure channel. After receiving the data, the first service can perform corresponding operations, such as displaying the corresponding data on the screen of the in-vehicle device; this application does not impose any limitations.
[0149] To illustrate further, if the access request of the first service includes write request information, this write request information is used to request the writing of data to the first virtual resource file (i.e., the corresponding real resource). Optionally, the write request information may include the data to be written. Accordingly, after the first service determines that the first service has write permissions corresponding to the first virtual resource file, it can write the data in the write request information to the corresponding real resource.
[0150] In one possible implementation, before or after a service terminates, the service can send a close request to the service via a secure channel. This close request indicates the end of the current access. It can be understood that the close operation corresponds to the access operation; the access operation opens a file, while the close operation closes a file. For example, in response to the received close request, the service terminates the secure channel with the service and closes the file corresponding to the real resource. For example, if the service needs to access the first virtual resource again, i.e., the real resource corresponding to the first service, the service needs to re-execute S301. That is, the service needs to re-execute the legitimacy verification and access permission authentication process, and after completing the above process, re-establish a secure channel with the first service. It should be noted that, as mentioned above, the secure channel between the service and the service is pre-established and unique. For example, the kernel may have a corresponding module (e.g., a channel maintenance module, which is not limited in this application) to maintain corresponding configuration information. This configuration information may include the channel configuration policies for each channel (including authentication channels and secure channels, etc.) mentioned above. The service can re-establish a secure channel with the service based on the configuration policies. This security channel has the same configuration information as the previously established security channel, and can be considered as the same security channel.
[0151] In this embodiment, the operating system kernel provides a mandatory access control mechanism. In this mechanism, if the kernel detects that a service is directly accessing a real resource—that is, accessing it outside the access methods described in this embodiment—the kernel determines that the service is illegal and that the access is unauthorized. The kernel then prohibits the service from accessing the real resource. Optionally, the kernel can directly delete the service. Optionally, the kernel can display a prompt message through the in-vehicle device's interface to indicate that a malicious service is accessing system resources. The user can manually delete the service based on the prompt message. This prevents service processes from bypassing the access control architecture and directly accessing the target real resource, ensuring the security and reliability of access.
[0152] In other words, in this embodiment of the application, if the service does not perform legality verification with the identity access management module, or if the service does not interact with the service within the secure channel and does not have access permissions, or if the service does not operate on the real resource through the secure channel (i.e., directly access the real resource), the module in the system (which may be a service, identity access management control, or kernel) may prohibit the service from accessing the real resource, thereby protecting the security of the real resource.
[0153] In this embodiment of the application, since the number of virtual resource files is limited, based on the above access control method, access control policies only need to be set according to the limited number of virtual resource files. Compared with the prior art, which sets access control policies according to a large number of scattered real resources (i.e., each real resource needs to set access permissions corresponding to each business), the number of access control policy entries is greatly reduced, the configuration difficulty and cost are reduced, and the configuration efficiency is improved.
[0154] In this embodiment, since the access control policy is written based on business and virtual resource files, and since the complexity of the access control policy is positively correlated with the number of business and the number of virtual resource files, and the number of business and the number of virtual resource files are limited in each business scenario, the number of access control policies will not be very large, and the access performance and query performance of the policy can be guaranteed, thereby reducing the configuration difficulty and usage cost and improving the configuration efficiency.
[0155] In this embodiment, since the settings of multiple virtual resource files are determined by reorganizing the target real resources according to the services required by the business scenario, the settings of virtual resource files are closer to the business scenario. Furthermore, since access to real resources is achieved by accessing virtual resource files, and since the settings of virtual resource files are closer to the business scenario, the above access control architecture and access control method are more aligned with the business scenario and offer higher security performance.
[0156] In this embodiment of the application, the access method based on virtual resource files makes it so that when a business accesses a real resource, it is like accessing a regular file. In other words, the real resource is presented to the business as a virtual resource file, which can also be understood as a file path, making programming easier.
[0157] In existing technologies, since access is targeted at specific real resources, the kernel needs to pre-configure and authenticate the corresponding permissions for each of the multiple real resources required by the business when providing real resources to the service. This configuration process is cumbersome, and the authentication method during access is equally complex, leading to reduced access efficiency. In this application, however, since access is targeted at virtual resource files, which can also be understood as targeting the set of real resources corresponding to the service, the service only needs to verify the business's permissions to the virtual resource files corresponding to the required service when providing services to the business, thereby improving access efficiency and reducing access costs.
[0158] In one possible implementation, the first service can also access real resources managed by the second service. The second service is different from the first service. The real resources managed by the second service may be entirely different from, or partially different from, the real resources managed by the first service. Specific implementation details can be found in the embodiments described above and will not be repeated here.
[0159] In another possible implementation, the second service can also access either the first or second service, and the access method is the same as in the embodiments described above. Taking the second service accessing the first service as an example, optionally, the second service may not have permission to access the first virtual resource file. Correspondingly, the first service can refuse the second service's access to the corresponding real resource. That is to say, the same service can be set with the same or different permissions for different services. For example, the service permission table of the first service records that the first service has access permissions, read permissions, and write permissions corresponding to the first virtual resource file, and the service permission table of the second service records that the first service has access permissions and read permissions corresponding to the second virtual resource file, and records that the second service has access permissions and write permissions corresponding to the second virtual resource file. Specific permissions can be preset according to actual needs, and this application does not limit them.
[0160] In another possible implementation, the intelligent vehicle can periodically (or at other times, not limited by this application) send request information to the cloud to request the latest version of the business permission table for each service. That is, operators can set up new business permission tables in the cloud, such as adding, deleting, or modifying entries in the business permission table of a second service. The intelligent vehicle can then obtain the latest version of the business permission table from the cloud and update it. The second service can then manage and control business permissions based on the new business permission table.
[0161] This application also provides an electronic device, such as... Figure 9 As shown, the electronic device 900 includes a processor 901, a transceiver 902, and a communication line 903.
[0162] The processor 901 is used to execute any step in the above method embodiments.
[0163] Furthermore, the electronic device 900 may also include a memory 904. The processor 901, memory 904, and transceiver 902 can be connected via a communication line 903.
[0164] The processor 901 can be a CPU, a network processor (NP), a digital signal processor (DSP), a microprocessor, a microcontroller, a programmable logic device (PLD), or any combination thereof. The processor 901 can also be other devices with processing capabilities, such as circuits, devices, or software modules, without limitation.
[0165] Transceiver 902 is used to communicate with other devices or other communication networks, such as Ethernet, radio access network (RAN), wireless local area network (WLAN), etc. Transceiver 902 can be a module, circuit, transceiver, or any device capable of enabling communication.
[0166] The transceiver 902 is mainly used for transmitting and receiving bit streams. It can include a transmitter and a receiver to send and receive bit streams, respectively. Operations other than bit stream transmission and reception are implemented by the processor, such as information processing and calculation.
[0167] Communication line 903 is used to transmit information between the various components included in electronic device 900.
[0168] In one design, the processor can be viewed as a logic circuit, and the transceiver as an interface circuit.
[0169] Memory 904 is used to store instructions. These instructions can be computer programs.
[0170] The memory 904 can be volatile memory or non-volatile memory, or may include both. The non-volatile memory can be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), or flash memory. The volatile memory can be random access memory (RAM), which is used as an external cache. By way of example, but not limitation, many forms of RAM are available, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous DRAM (SDRAM), double data rate synchronous DRAM (DDR SDRAM), enhanced synchronous DRAM (ESDRAM), synchronous linked DRAM (SLDRAM), and direct rambus RAM (DRRAM). Memory 904 can also be a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compressed discs, laser discs, optical discs, digital universal discs, Blu-ray discs, etc.), magnetic disk storage media, or other magnetic storage devices. It should be noted that the memory in the systems and methods described herein is intended to include, but is not limited to, these and any other suitable types of memory.
[0171] It should be noted that the memory 904 can exist independently of the processor 901, or it can be integrated with the processor 901. The memory 904 can be used to store instructions, program code, or some data, etc. The memory 904 can be located inside or outside the electronic device 900, without limitation. The processor 901 is used to execute the instructions stored in the memory 904 to implement the methods provided in the above embodiments of this application.
[0172] In one example, processor 901 may include one or more CPUs.
[0173] Optionally, the electronic device 900 also includes an output device 905 and an input device 906. The input device 906 is a device such as a keyboard, mouse, microphone, or joystick, and the output device 905 is a device such as a display screen or speaker.
[0174] Electronic device 900 can be a chip system or... Figure 9 Devices with similar structures. The chip system can be composed of chips or include chips and other discrete components. Actions, terminology, etc., involved in the various embodiments of this application can be referenced interchangeably without limitation. The message names or parameter names in the messages used for interaction between devices in the embodiments of this application are merely examples; other names can be used in specific implementations without limitation. Furthermore, Figure 9 The structural composition shown does not constitute a limitation on the electronic device 900, except... Figure 9 In addition to the components shown, the electronic device 900 may include more than Figure 9 This may indicate more or fewer components, or combinations of certain components, or different component arrangements.
[0175] The processor and transceiver described in this application can be implemented on integrated circuits (ICs), analog ICs, radio frequency integrated circuits, mixed-signal ICs, application-specific integrated circuits (ASICs), printed circuit boards (PCBs), electronic devices, etc. The processor and transceiver can also be manufactured using various IC process technologies, such as complementary metal-oxide semiconductors (CMOS), n-metal-oxide-semiconductor (NMOS), positive-channel metal-oxide semiconductors (PMOS), bipolar junction transistors (BJTs), bipolar CMOS (BiCMOS), silicon germanium (SiGe), gallium arsenide (GaAs), etc.
[0176] This embodiment also provides a computer storage medium storing computer instructions. When the computer instructions are executed on an electronic device, the electronic device performs the aforementioned method steps to implement the methods described in the above embodiments.
[0177] This embodiment also provides a computer program product that, when run on a computer, causes the computer to perform the aforementioned steps to implement the methods described in the above embodiments.
[0178] In addition, embodiments of this application also provide an apparatus, which may specifically be a chip, component, or module. The apparatus may include a connected processor and a memory; wherein the memory is used to store computer execution instructions, and when the apparatus is running, the processor may execute the computer execution instructions stored in the memory to cause the chip to execute the methods in the above-described method embodiments.
[0179] In this embodiment, the electronic device, computer storage medium, computer program product or chip are all used to execute the corresponding method provided above. Therefore, the beneficial effects that can be achieved can be referred to the beneficial effects of the corresponding method provided above, and will not be repeated here.
[0180] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
[0181] Those skilled in the art will understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.
[0182] In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or units may be electrical, mechanical, or other forms.
[0183] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0184] In addition, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.
[0185] If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0186] In this article, the term "and / or" is merely a description of the relationship between related objects, indicating that there can be three relationships. For example, A and / or B can represent three situations: A exists alone, A and B exist simultaneously, and B exists alone.
[0187] The terms "first" and "second," etc., used in the specification and claims of this application are used to distinguish different objects, not to describe a specific order of objects. For example, "first target object" and "second target object," etc., are used to distinguish different target objects, not to describe a specific order of target objects.
[0188] In the embodiments of this application, the terms "exemplary" or "for example" are used to indicate that something is an example, illustration, or description. Any embodiment or design that is described as "exemplary" or "for example" in the embodiments of this application should not be construed as being more preferred or advantageous than other embodiments or design. Specifically, the use of the terms "exemplary" or "for example" is intended to present the relevant concepts in a specific manner.
[0189] In the description of the embodiments in this application, unless otherwise stated, "multiple" means two or more. For example, multiple processing units means two or more processing units; multiple systems means two or more systems.
[0190] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. An access control method, characterized in that, The method includes: Obtain the first file request sent by the first application, wherein the first file request is generated when the first application performs target file operations on the target resource file; Based on the first file request and preset permission information, detect whether the first application has the operation permission to operate the target file; When the first application has permission to perform operations on the target file, it calls multiple system resources managed by the target service corresponding to the target resource file according to the first file request. The multiple system resources include the software and hardware entities required for the first application to run. The service is set based on the needs of the corresponding application. The types and / or permissions of the multiple system resources managed by different services are different. The method further includes: The identity access management module obtains a second file request sent by the first application through a first channel. The second file request is generated when the first application accesses the target resource file. When the identity access management module successfully authenticates the first application based on the second file request, it sends the second file request to the target service through a second channel. When the target service determines that the first application has access rights based on the second file request, a third communication channel is established between the target service and the first application, and the first file request sent by the first application is obtained through the third communication channel.
2. The method according to claim 1, characterized in that, The second file request includes the identification information of the target resource file and the identification information of the first application, and the authentication is performed based on the identification information of the target resource file and the identification information of the first application.
3. The method according to claim 2, characterized in that, The identification information of the target resource file is the file path of the target resource file.
4. The method according to any one of claims 1 to 3, characterized in that, When the target file operation is a write operation, the first file request includes the first target data; The step of invoking multiple system resources managed by the target service corresponding to the target resource file according to the first file request includes: The first target data is written into multiple system resources managed by the target service corresponding to the target resource file.
5. The method according to any one of claims 1 to 3, characterized in that, When the target file operation is a read operation, the step of calling multiple system resources managed by the target service corresponding to the target resource file according to the first file request includes: According to the first file request, read the second target data from multiple system resources managed by the target service corresponding to the target resource file; Return the second target data to the first application.
6. The method according to any one of claims 1 to 3, characterized in that, The target file operations include: read operations or write operations.
7. An access control device, characterized in that, The access control device includes the target service. The target service is used to obtain a first file request sent by the first application, wherein the first file request is generated when the first application performs a target file operation on the target resource file; The target service is further configured to detect whether the first application has operation permissions for the target file based on the first file request and preset permission information. The target service is further configured to, when the first application has permission to perform operations on the target file, invoke multiple system resources managed by the target service corresponding to the target resource file according to the first file request. The multiple system resources include the software and hardware entities required for the operation of the first application. The service is set based on the needs of the corresponding application, and the types and / or permissions of the multiple system resources managed by different services are different. The device further includes an identity access management module, which interacts with the first application through a first communication channel and with the target service through a second communication channel. The identity access management module is used to obtain a second file request sent by the first application through the first communication channel. The second file request is generated when the first application accesses the target resource file. The second file request includes the identification information of the target resource file and the identification information of the first application. The identity access management module is further configured to send the second file request to the target service through the second communication channel when the identity verification of the first application is successful based on the identification information of the target resource file and the identification information of the first application. The target service is further configured to establish a third communication channel with the first application when it is determined that the first application has access rights based on the second file request, and to obtain the first file request sent by the first application through the third communication channel.
8. The apparatus according to claim 7, characterized in that, The identification information of the target resource file is the file path of the target resource file.
9. The apparatus according to claim 7 or 8, characterized in that, When the target file operation is a write operation, the first file request includes the first target data; The target service is specifically used to write the first target data into multiple system resources managed by the target service corresponding to the target resource file.
10. The apparatus according to claim 7 or 8, characterized in that, When the target file operation is a read operation The target service is configured to read second target data from multiple system resources managed by the target service corresponding to the target resource file in accordance with the first file request; and return the second target data to the first application.
11. The apparatus according to claim 7 or 8, characterized in that, The target file operations include: read operations or write operations.
12. A computer storage medium, characterized in that, Includes computer instructions that, when executed on an electronic device, cause the electronic device to perform the method as described in any one of claims 1-6.
13. A computer program product, characterized in that, When the computer program product is run on a computer, it causes the computer to perform the method as described in any one of claims 1-6.
14. A chip, characterized in that, The device includes one or more interface circuits and one or more processors; the interface circuits are configured to receive signals from the memory of the electronic device and send the signals to the processors, the signals including computer instructions stored in the memory; when the processor executes the computer instructions, the electronic device performs the method according to any one of claims 1-6.