Capability permission management method and related apparatus
By managing capabilities and permissions on terminal devices, the problem of intelligent agent applications being unable to fully utilize the capabilities of terminal devices is solved, thereby enriching the functionality and improving the performance of intelligent agent applications.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- BOE TECHNOLOGY GROUP CO LTD
- Filing Date
- 2024-12-25
- Publication Date
- 2026-07-02
AI Technical Summary
Because the suppliers of intelligent agent applications are different from those of personal terminal devices, intelligent agent applications cannot fully utilize the tool capabilities of terminal devices, resulting in performance limitations and increased development difficulty.
By obtaining the capability records in the permission management file, the target intelligent agent is provided with an interface corresponding to the target capability type information, thereby enabling capability permission management of applications and hardware modules in the terminal device and ensuring that the intelligent agent application can use the capabilities of the terminal device.
It reduces the difficulty of developing intelligent agent applications, enriches their functions, improves performance, and enhances the user experience.
Smart Images

Figure CN2024142458_02072026_PF_FP_ABST
Abstract
Description
A method and related apparatus for managing capability and access rights Technical Field
[0001] This application relates to the field of electronic technology, and provides a method and related apparatus for managing capability permissions. Background Technology
[0002] With the continuous development of intelligent agent technology, the demand for intelligent agents in personal terminal devices is increasing. Intelligent agent technology includes several components such as memory, planning, action, and tools.
[0003] Because the suppliers of existing intelligent agent applications are not the same as those of personal terminal devices, intelligent agent applications struggle to access the tool capabilities within personal terminal devices. Consequently, their performance is limited, and their development becomes more difficult. Summary of the Invention
[0004] This application provides a capability and permission management method and related apparatus to reduce the difficulty of developing intelligent agent applications and improve the performance of intelligent agent applications.
[0005] In a first aspect, embodiments of this application provide a capability and access control method, which is applied to a smart terminal, and the method includes:
[0006] Obtain a permission management file, wherein the permission management file includes a first capability record corresponding to any application and / or a second capability record corresponding to any hardware module, wherein the first capability record includes the first capability type information of the application and the second capability record includes the second capability type information of the hardware module;
[0007] Based on the capability records in the permission management file, the target intelligent agent is provided with information on the interface corresponding to the target capability type information, so that the target intelligent agent can use the target capability, wherein the target capability type information represents the capability type of the target capability.
[0008] In this embodiment, capability permission management is implemented for the capabilities of applications and hardware modules in the terminal device. Based on the capability permission management, the target intelligent agent application (hereinafter referred to as the target intelligent agent) is provided with the corresponding interface of the capabilities in the terminal device, enabling the target intelligent agent to use the capabilities in the terminal device. This design reduces the functional requirements of the intelligent agent application itself, thereby reducing the difficulty of intelligent agent application development. This design allows the intelligent agent application to use the capabilities in the terminal device, which helps to enrich the functionality of the intelligent agent application, improve its performance, and enhance the user experience.
[0009] Optionally, the application in the terminal device may include user-facing applications, application components, or functional modules (functional models). Functional modules may include neural network models, large language models, etc.
[0010] In one possible design, the capability and permission management method provided in this application embodiment further includes:
[0011] Obtain the first capability type information of any of the applications;
[0012] Based on the first capability type information, add the first capability record of the application to the permission management file.
[0013] In one possible design, the capability permission management method provided in this application embodiment, the step of providing the target intelligent agent with information on the interface corresponding to the target capability type information based on the capability record in the permission management file, includes:
[0014] Based on the permission management file, a target record is determined, wherein the target record includes the target capability type information;
[0015] Based on the target record, information corresponding to the interface of the target type information is provided to the target agent.
[0016] In one possible design, the capability permission management method provided in this application embodiment includes priority information in each capability record within the permission management file;
[0017] The step of determining the target record based on the permission management file includes:
[0018] If there are multiple target capability records, then the interface information corresponding to the target capability record with the highest priority among all target capability records will be used as the interface information corresponding to the target capability type information.
[0019] In one possible design, the capability permission management method provided in this application embodiment includes an agent usage permission field in each capability record within the permission management file.
[0020] In one possible design, the capability permission management method provided in this application embodiment, wherein the target capability type is the capability type queried by the target intelligent agent;
[0021] The information provided to the target agent based on the target record, corresponding to the interface of the target type information, includes:
[0022] If the agent usage permission field in the target record is a first identifier, then the information of the interface corresponding to the target capability type information is provided to the target agent.
[0023] In one possible design, the capability and permission management method provided in this application embodiment further includes:
[0024] If the agent's access permission field in the target record is a second identifier, then the target agent is notified of a first prompt message, which indicates that the target agent does not have access permission to use the target capability.
[0025] In any capability record, the agent's access permission field can be either a first identifier or a second identifier. The first identifier reflects or represents the capability corresponding to the capability type information in the capability record that is permitted to be used. The second identifier reflects or represents the capability corresponding to the capability type information in the capability record that is not permitted to be used. In some application scenarios, the first identifier can be "yes" and the second identifier can be "no".
[0026] In one possible design, the capability and permission management method provided in this application embodiment further includes:
[0027] Display a second prompt message, which prompts the user whether to allow the target intelligent agent to use the target capability;
[0028] In response to the authorization operation, the interface information corresponding to the target capability type is provided to the target agent.
[0029] In some examples, the authorization operation can be a first permission operation, which can be implemented as always allowing the use of the target capability. The method further includes modifying the agent usage permission field in the target record to a first identifier based on the first permission operation.
[0030] In some examples, the authorization operation can be a second permission operation, which can be implemented as allowing the use of the target capability for this instance. In this case, the terminal device can temporarily provide the target capability to the target agent. The terminal device does not need to modify the agent usage permission field in the target record.
[0031] In one possible design, the capability and permission management method provided in this application embodiment further includes:
[0032] During the target agent installation phase, the agent usage permission fields in each capability record are configured according to the preset capability permission management strategy.
[0033] In one possible design, the capability and permission management method provided in this application embodiment further includes:
[0034] Receive the capability type information requested by the target intelligent agent;
[0035] Based on the capability type information requested by the target intelligent agent and the preset capability permission management strategy, configure the intelligent agent usage permission field in each capability record.
[0036] In one possible design, the capability permission management method provided in this application embodiment includes configuring the agent usage permission field in each capability record according to the capability type applied for by the target agent and a preset capability permission management strategy, including:
[0037] Match the capability type information requested by the target intelligent agent with the capability type information in the permission management file;
[0038] Based on the matching results and / or the preset capability permission management strategy, configure the agent usage permission field in each capability record.
[0039] In one possible design, the capability permission management method provided in this application embodiment includes a preset capability permission management strategy that allows the target intelligent agent to use capability type information and / or prohibits the target intelligent agent from using capability type information.
[0040] In one possible design, the capability permission management method provided in this application embodiment determines the capability type information allowed for the target intelligent agent based on the intelligent agent type of the target intelligent agent and / or the trust information of the target intelligent agent.
[0041] In one possible design, the capability permission management method provided in this application embodiment, wherein the target capability type information corresponds to the interface of any application;
[0042] Alternatively, the target capability type information may correspond to an interface of any of the hardware modules.
[0043] In one possible design, the capability permission management method provided in this application embodiment, wherein the target capability type information corresponds to a first system interface, wherein when the first system interface is called, the interface of the calling application is triggered;
[0044] Alternatively, the target capability type information may correspond to an interface of any of the hardware modules.
[0045] In one possible design, the capability and permission management method provided in this application embodiment further includes:
[0046] After the first system interface is invoked, it provides feedback parameters to the target agent, which are used to characterize the execution result corresponding to the target capability type.
[0047] In one possible design, the capability permission management method provided in this application embodiment, wherein obtaining the first capability type information of any application includes:
[0048] During the installation phase of any application, the first capability type information of any application is obtained.
[0049] In one possible design, the capability permission management method provided in this application embodiment, wherein obtaining the first capability type information of any application includes:
[0050] Obtain the installation package of at least one application, the installation package carrying the first capability type information.
[0051] In one possible design, the capability permission management method provided in this application embodiment refers to the target capability as a capability from any of the following units:
[0052] Expert Unit, Tool Unit, Embodied Action Unit.
[0053] In some examples, the capabilities of the expert unit include the capability of a closed model, wherein the closed model is a neural network model or a large language model; the capabilities of the tool unit include the ability to enable the agent application to perceive the environment and make decisions; and the capabilities of the embodied action unit include the capabilities that the agent application can use in the execution phase.
[0054] Secondly, embodiments of this application provide a capability and permission management method, which is applied to an intelligent agent application, and the method includes:
[0055] During the operation of the intelligent agent application, the system queries the information of the interface corresponding to the target capability type information, and the number of the target capability types is one or more;
[0056] Receive information from the interface corresponding to the target capability type information;
[0057] Call the interface corresponding to the target capability type information.
[0058] Thirdly, embodiments of this application provide a capability and permission management method applied to intelligent agent applications, the method comprising:
[0059] During the installation phase of the intelligent agent application, information on the interface corresponding to the target capability type is requested from the system, and the number of the target capability types is one or more.
[0060] Receive information about the interface corresponding to the target capability type information.
[0061] Fourthly, embodiments of this application provide an electronic device, which includes a processor and a memory, wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of the method as described in the first aspect and any possible design thereof.
[0062] Fifthly, embodiments of this application provide an electronic device, which includes a processor and a memory, wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of the method described in the second aspect.
[0063] In a sixth aspect, embodiments of this application provide an electronic device, which includes a processor and a memory, wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of the method described in the third aspect.
[0064] In a seventh aspect, embodiments of this application provide a computer-readable storage medium comprising a computer program that, when executed on an electronic device, causes the electronic device to perform steps of the method as described in the first aspect and any possible design thereof.
[0065] Eighthly, embodiments of this application provide a computer-readable storage medium comprising a computer program that, when executed on an electronic device, causes the electronic device to perform the steps of the method described in the second aspect.
[0066] In a ninth aspect, embodiments of this application provide a computer-readable storage medium comprising a computer program that, when executed on an electronic device, causes the electronic device to perform the steps of the method described in the third aspect.
[0067] In a tenth aspect, this application provides a computer program product that, when run on a computer, causes the computer to perform the method described in the first aspect or any possible design of the first aspect.
[0068] In one aspect, this application provides a computer program product that, when run on a computer, causes the computer to perform the steps of the method described in the second aspect above.
[0069] In a twelfth aspect, this application provides a computer program product that, when run on a computer, causes the computer to perform the steps of the method described in the third aspect above.
[0070] Other features and advantages of this application will be set forth in the following description and will be apparent in part from the description or may be learned by practicing the application. The objectives and other advantages of this application may be realized and obtained by means of the structures particularly pointed out in the written description, claims, and drawings. Attached Figure Description
[0071] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings:
[0072] Figure 1 is a schematic diagram of the structure of a terminal device provided in an embodiment of this application;
[0073] Figure 2 is a schematic diagram of a system architecture provided in an embodiment of this application;
[0074] Figure 3 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0075] Figure 4 is a schematic diagram of a permission management file provided in an embodiment of this application;
[0076] Figure 5 is a schematic diagram of a permission management file provided in an embodiment of this application;
[0077] Figure 6 is a schematic diagram of a permission management file provided in an embodiment of this application;
[0078] Figure 7 is a schematic diagram of a permission management file provided in an embodiment of this application;
[0079] Figure 8 is a schematic diagram of a permission management file provided in an embodiment of this application;
[0080] Figure 9 is a schematic diagram of a permission management file provided in an embodiment of this application;
[0081] Figure 10 is a schematic diagram of a permission management file provided in an embodiment of this application;
[0082] Figure 11 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0083] Figure 12 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0084] Figure 13 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0085] Figure 14 is a schematic diagram of a permission management file according to an exemplary embodiment of this application;
[0086] Figure 15 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0087] Figure 16 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0088] Figure 17 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0089] Figure 18 is a schematic diagram of a permission management table corresponding to an application according to an exemplary embodiment of this application;
[0090] Figure 19 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0091] Figure 20 is a schematic diagram of the functional structure of the system-level intelligent agent provided in the embodiments of this application;
[0092] Figure 21 is a schematic diagram of the functional structure of the system-level intelligent agent provided in the embodiments of this application;
[0093] Figure 22 is a schematic diagram of the system-level intelligent agent service provided in the embodiments of this application;
[0094] Figure 23 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0095] Figure 24 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0096] Figure 25 is a schematic diagram of a capability and permission management method provided in an embodiment of this application;
[0097] Figure 26 is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation
[0098] To make the objectives, technical solutions, and advantages of this application clearer, the technical solutions in the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application. Unless otherwise specified, the embodiments and features in the embodiments of this application can be arbitrarily combined with each other. Furthermore, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than that shown here.
[0099] The terms "first" and "second" in the specification, claims, and accompanying drawings of this application are used to distinguish different objects, not to describe a specific order. Furthermore, the term "comprising" and any variations thereof are intended to cover non-exclusive protection. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or devices. "A plurality" in this application can mean at least two, for example, two, three, or more, and is not limited in the embodiments of this application. "A and / or B" in this application can represent three cases: A, B, or A and B.
[0100] The technical solutions provided in this application are applicable to permission management scenarios, which may include permission management scenarios for intelligent agent applications to use the capabilities of terminal devices. The tool capabilities in the terminal device may include the capabilities of the application and / or the capabilities of hardware modules. Hardware modules may include, but are not limited to, hardware components such as cameras, earpieces, microphones, sensors, and memory.
[0101] Intelligent agent applications, also known as application-level intelligent agents or intelligent agent applications, are applications that utilize intelligent agents. Intelligent agents are sometimes referred to as agents. Intelligent agent applications generally possess the ability to autonomously achieve their goals, are able to perceive their external environment, and exhibit autonomy, responsiveness, initiative, and emotional and social attributes.
[0102] With the continuous development of intelligent agent technology, the demand for intelligent agents in personal terminal devices is increasing. Intelligent agent technology includes several components such as memory, planning, action, and tools.
[0103] The suppliers of existing intelligent agent applications and terminal devices are not the same, and the system supplier and application supplier of the terminal device may also be different. This makes it difficult for intelligent agent applications to obtain specific details about the capabilities within the terminal device. Some capabilities have standardized interfaces, while others may have non-standardized interfaces. Therefore, it is extremely difficult for intelligent agent applications to grasp the specific details of each capability, making it difficult for them to fully utilize the tool capabilities within personal terminal devices. This limits the performance of intelligent agent applications and increases their development complexity.
[0104] In view of this, embodiments of this application provide a capability and permission management method and related apparatus. The capability and permission management method can be executed by the terminal device provided in this application embodiment. In some possible application scenarios, the terminal device can be a mobile phone, tablet computer, personal computer, handwriting tablet, television, monitor, all-in-one computer, tablet computer, personal computer, game console, in-vehicle device, or wearable device. Exemplary embodiments of the terminal device include, but are not limited to, carrying... Or terminal devices using other operating systems.
[0105] Figure 1 exemplarily illustrates a terminal device 600, which includes a display unit 640, a processor 680, and a memory 620. The display unit 640 includes a display panel 641, used to display information input by the user or information provided to the user, as well as various operation interfaces of the terminal device 600. In this embodiment, it is mainly used to display the operation interfaces and shortcut windows of applications installed on the terminal device 600. Optionally, the display panel 641 can be configured using an LCD (Liquid Crystal Display) or OLED (Organic Light-Emitting Diode) display.
[0106] Processor 680 is used to read computer programs and then execute methods defined by the computer programs. For example, processor 680 reads an application and runs the application on the terminal device 600, displaying an operation interface on the display unit 640. Processor 680 may include one or more general-purpose processors for performing related operations to implement the technical solutions provided in the embodiments of this application. Optionally, processor 680 may also include one or more DSPs (Digital Signal Processors). Optionally, processor 680 may also include one or more Central Processing Units (CPUs). Optionally, processor 680 may also include one or more Neural Processing Units (NPUs).
[0107] The memory 620 generally includes main memory and secondary storage. Main memory can be RAM, ROM, and cache, etc. Secondary storage can be a hard disk, optical disk, USB flash drive, floppy disk, or tape drive, etc. The memory 620 is used to store computer programs and other data. The computer programs include application programs, and the other data may include data generated after the operating system or application programs are run, including system data (e.g., operating system configuration parameters) and user data. In this embodiment, program instructions are stored in the memory 620, and the processor 680 executes the program instructions in the memory 620 to implement the technical solutions provided in this embodiment.
[0108] In addition, the terminal device 600 may also include a display unit 640 for receiving input digital information, character information, or contact touch operations / non-contact gestures, and generating signal inputs related to user settings and function control of the terminal device 600. Specifically, in this embodiment, the display unit 640 may include a display panel 641. The display panel 641, for example, is a touch screen, which can collect touch operations performed by the user on or near it (such as operations performed by the user using a finger, stylus, or any suitable object or accessory on or near the display panel 641), and drive the corresponding connection device according to a pre-set program. Optionally, the display panel 641 may include two parts: a touch detection device and a touch controller. The touch detection device detects the user's touch position and the signal generated by the touch operation, and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device, converts it into touch point coordinates, sends it to the processor 680, and can receive and execute commands sent by the processor 680. In this embodiment, if a user selects a control in the operation interface, the touch detection device in the display panel 641 detects the touch operation and sends the signal corresponding to the detected touch operation to the touch controller. The touch controller converts the signal into touch point coordinates and sends them to the processor 680. The processor 680 determines the control selected by the user based on the received touch point coordinates.
[0109] The display panel 641 can be implemented using various methods such as resistive, capacitive, infrared, and surface acoustic wave. In addition to the display unit 640, the terminal device 600 may also include an input unit 630, which may include, but is not limited to, one or more of the following: a physical keyboard, function keys (such as volume control buttons, power buttons, etc.), a trackball, a mouse, and a joystick. Figure 1 illustrates an example where the input unit 630 includes an image input device 631 and other input devices 632.
[0110] In addition to the above, the terminal device 600 may also include a power supply 690 for powering other modules, an audio circuit 660, a near-field communication module 670, and an RF circuit 610. The terminal device 600 may also include one or more sensors 650, such as an accelerometer, a light sensor, a pressure sensor, etc. The audio circuit 660 specifically includes a speaker 661 and a microphone 662, etc. For example, if a user can use voice control, the terminal device 600 can collect the user's voice through the microphone 662, control the device based on the user's voice, and play corresponding prompts through the speaker 661 when necessary.
[0111] In one possible implementation, the terminal device provided in this application embodiment may be equipped with an Android system, an iOS system, a Windows system, a HarmonyOS system, etc. Taking the Android system as an example, Figure 2 illustrates a software architecture diagram.
[0112] In some embodiments, the Android system is divided into four layers, from top to bottom: the application layer, the application framework layer, the Android Runtime and system libraries, and the kernel layer.
[0113] The application layer can include a series of application packages. As shown in Figure 2, application packages can include applications such as camera, gallery, calendar, call, map, navigation, WLAN, Bluetooth, music, video, and SMS.
[0114] The application framework layer provides application programming interfaces (APIs) and a programming framework for applications in the application layer. The application framework layer includes some predefined functions. As shown in Figure 2, the application framework layer may include a window manager, content providers, a view system, a phone manager, a resource manager, a notification manager, etc.
[0115] The window manager manages windowed applications. It can obtain the screen size, determine the presence of a status bar, lock the screen, and capture screenshots. The content provider stores and retrieves data, making this data accessible to applications. This data may include video, images, audio, made and received phone calls, browsing history and bookmarks, phone books, etc. The view system includes visual controls, such as controls for displaying text and controls for displaying images. The view system can be used to build applications. A display interface can consist of one or more views. For example, a display interface including a text notification icon could include a view for displaying text and a view for displaying images.
[0116] The phone manager provides communication functionality for electronic devices, such as managing call status (including connection and disconnection). The resource manager provides applications with various resources, such as localized strings, icons, images, layout files, video files, etc. The notification manager allows applications to display notifications in the status bar, conveying informational messages that disappear automatically after a short pause without user interaction. For example, the notification manager can be used to notify of download completion or message alerts. The notification manager can also display notifications as icons or scrolling text in the system's top status bar, such as notifications from background applications, or as dialog boxes on the screen. Examples include displaying text messages in the status bar, emitting alert sounds, vibrating the communication terminal, and flashing indicator lights.
[0117] The Android Runtime comprises the core libraries and the virtual machine. The Android Runtime is responsible for the scheduling and management of the Android system. The core libraries consist of two parts: one part contains the functionalities that Java calls, and the other part is the core Android library itself. The application layer and application framework layer run in the virtual machine. The virtual machine executes the Java files of the application layer and application framework layer as binary files. The virtual machine is used to perform functions such as object lifecycle management, stack management, thread management, security and exception management, and garbage collection.
[0118] The system library can include multiple functional modules. For example: a surface manager, media libraries, 3D graphics processing libraries (e.g., OpenGL ES), and 2D graphics engines (e.g., SGL). The surface manager manages the display subsystem and provides fusion of 2D and 3D layers for multiple applications. The media libraries support playback and recording of various common audio and video formats, as well as still image files. The media libraries support various audio and video encoding formats, such as MPEG4, H.334, MP3, AAC, AMR, JPG, and PNG. The 3D graphics processing libraries are used to implement 3D graphics drawing, image rendering, compositing, and layer processing.
[0119] A 2D graphics engine is a graphics engine for 2D drawing.
[0120] The kernel layer is the layer between hardware and software. The kernel layer contains at least the display driver, camera driver, audio driver, and sensor driver.
[0121] The capability and permission management method provided in this application embodiment is described below with reference to the accompanying drawings. Figure 3 illustrates an exemplary capability and permission management method, which can be executed by a terminal device and may include the following steps:
[0122] S301, Obtain the permission management file, wherein the permission management file includes a first capability record corresponding to any application and / or a second capability record corresponding to any hardware module, wherein the first capability record includes the first capability type information of the application and the second capability record includes the second capability type information of the hardware module.
[0123] In this application, the application may include a user-facing application. A user-facing application can be understood as an application that a user can use on a terminal device interface, such as a messaging application or a photo gallery application. In some examples, the application may also include application components (or modules) with specific functionalities. The terminal device can invoke the application components to implement their functions. In some examples, the application may also include functional models, such as neural network models or large language models.
[0124] S302, based on the capability record in the permission management file, provide the target intelligent agent with information on the interface corresponding to the target capability type information, so that the target intelligent agent can use the target capability, wherein the target capability type information represents the capability type of the target capability.
[0125] The terminal device can determine the target record based on the permission management file, wherein the target record includes the target capability type information; based on the target record, it provides the target agent with information about the interface corresponding to the target type information. In this application, "interface" may include, but is not limited to, interfaces or functions in the programming field.
[0126] The target intelligent agent can be an intelligent agent application installed on the terminal device. Optionally, the target intelligent agent can be an intelligent agent application pre-installed on the terminal device. Alternatively, the target intelligent agent can be an intelligent agent application installed by the user on the terminal device. This application does not impose excessive limitations on these aspects.
[0127] In some examples, the number of intelligent agent applications in the terminal device can be one. The target intelligent agent is implemented as this intelligent agent application. In other examples, the number of intelligent agent applications in the terminal device can be multiple, and the target intelligent agent can be implemented as any intelligent agent application in the terminal device.
[0128] The terminal device provides the target intelligent agent with information about the interface corresponding to the target capability type information, wherein the number of target capability type information can be one or more.
[0129] In one possible implementation, the capability and permission management method provided in this application embodiment can be executed by a system component of a terminal device. Optionally, the system component of the terminal device may include a system-level intelligent agent, which can execute the capability and permission management method provided in this application embodiment. The following description uses the process of a terminal device executing the capability and permission management method as an example.
[0130] In some examples, the permissions management file can be a pre-configured file. In other examples, the permissions management file can be a dynamically updated file.
[0131] In one possible design, the capability permission management method may further include: obtaining first capability type information of any application; and adding a first capability record of the application to the permission management file based on the first capability type information.
[0132] Terminal devices can obtain the first capability type information of each application and add capability records of each application to the permission management file.
[0133] Optionally, the terminal device may obtain the first capability type information of any application during the installation phase of any application. During the application installation phase, the first capability type information of the application may be provided to the terminal device actively or passively.
[0134] Optionally, the terminal device may obtain an installation package of at least one application, the installation package carrying the first capability type information. The terminal device can obtain the first capability type information of the application from the application's installation package. For example, the first capability type information of the application can be configured in a specified location in the installation package according to a pre-configuration method, so that the terminal device can obtain the first capability type information of the application from a specified location in the application's installation package.
[0135] For example, during the installation process of an application, the terminal device can read the application's configuration file and obtain the application's first capability type information from the configuration file.
[0136] The permission management file may include multiple capability records. These capability records may include a first capability record corresponding to any application, and / or a second capability record corresponding to any hardware module. An application may have one or more first capability records. Referring to Figure 4, application A has multiple first capability records, namely capability record P1 and capability record P2.
[0137] When there are multiple first capability records corresponding to an application, the capability type field in different capability records is different. For example, in the first capability records corresponding to application A, the capability type field in capability record P1 is capability type information 1, and the capability type field in capability record P2 is capability type information 2.
[0138] Each capability record may include a capability type field, and may also include an application or hardware module information field. The capability type information in the capability type field can characterize or reflect the capability type. The application information in the application or hardware module information field can indicate the application's installation package information, or it can indicate the interface information corresponding to the capability type information. Optionally, the hardware module information in the application or hardware module information field can indicate the driver interface information corresponding to the hardware module capability.
[0139] Referring to Figure 5, in the permission management file, the capability record corresponding to application A can include capability record P1 and capability record P2. The capability type information corresponding to the capability type field in capability record P1 is "navigation", and the capability type information corresponding to the capability type field in capability record P2 is "map".
[0140] In one possible design, based on the method provided in any of the foregoing embodiments, each capability record in the permission management file may also include a priority field.
[0141] As shown in Figure 6, the capability record corresponding to application A can include capability record P1 and capability record P2. The capability type information corresponding to the capability type field in capability record P1 is "Navigation," and the capability type information corresponding to the capability type field in capability record P2 is "Map." The capability record corresponding to application B is capability record P3. The capability type information corresponding to the capability type in capability record P3 is "Navigation."
[0142] In ability record P1, the priority field corresponds to "1", and in ability record P3, the priority field corresponds to "2".
[0143] The information corresponding to the priority field in the capability record (referred to as priority information) can be in the form of numbers, or text or characters that can represent order. Typically, the information corresponding to the priority field is represented by numbers. Generally, "1" represents the first priority, "2" represents the second priority, and "N" represents the Nth priority.
[0144] As can be seen, the capability records of different applications may include the same capability type information, reflecting that multiple applications can provide the same capability. That is, application A can provide navigation capability, and application B can also provide navigation capability. In this case, when the terminal device provides the target intelligent agent with the information of the interface corresponding to the navigation capability, it can select one from the information corresponding to the priority field in capability record P1 and capability record P3.
[0145] For example, the priority field in capability record P1 corresponds to "1", while the priority field in capability record P3 corresponds to "2". Of the navigation capabilities of application A and application B, application A's navigation capability has the highest priority. When the terminal device provides information about the interface corresponding to the navigation capability to the target intelligent agent, it can provide the information about the interface corresponding to application A's navigation capability to the target intelligent agent.
[0146] In some examples, referring to Figure 7, each capability record contains only one priority field. For capability records containing the same capability type information, the terminal device can determine the highest priority capability record based on the priority field information and provide the capability corresponding to that record to each intelligent agent application in the terminal device, or to a designated intelligent agent application. Optionally, the designated intelligent agent application can be some of the intelligent agent applications among all the intelligent agents in the terminal device.
[0147] Optionally, the terminal device may designate a highly trusted intelligent agent application as the specified intelligent agent application, granting the specified intelligent agent application permission to use some or all of its capabilities. Conversely, the terminal device may deny all permissions to intelligent agent applications with lower trust levels, effectively prohibiting them from using all capabilities.
[0148] Optionally, the terminal device can determine whether the specified intelligent agent includes the target intelligent agent. If it does, it can provide the target intelligent agent with the interface information corresponding to the target capability type information based on the capability record in the permission management file.
[0149] In some examples, there are multiple priority fields in each capability record. These multiple priority fields correspond one-to-one with multiple agent applications.
[0150] Optionally, the multiple intelligent agent applications can be a subset or all of the intelligent agent applications on the terminal device. Optionally, the terminal device can use intelligent agent applications with higher trust levels as the multiple intelligent agent applications, and manage the access permissions for each intelligent agent application to use its capabilities separately. The terminal device can also deny access to all capabilities to intelligent agent applications with lower trust levels, i.e., prohibit intelligent agent applications with lower trust levels from using all capabilities.
[0151] For example, a priority field in a capability record can include a first priority field and a second priority field. The first priority field corresponds to a first intelligent agent application, and the second priority field corresponds to a second intelligent agent application.
[0152] Referring to Figure 8, assume that application C and application D both provide navigation capabilities. The capability type information in capability record P5 for application C is "Navigation," and the capability type information in capability record P6 for application D is "Navigation." The information corresponding to the first priority field in capability record P5 is "1," and the information corresponding to the second priority field is "2." The information corresponding to the first priority field in capability record P6 is "2," and the information corresponding to the second priority field is "3."
[0153] For the first intelligent agent application, the navigation capabilities of application C and application D have the highest priority. When the terminal device provides information about the interface corresponding to the navigation capability to the first intelligent agent, it can provide the information about the interface corresponding to the navigation capability of application C to the first intelligent agent.
[0154] For the second intelligent agent application, among the navigation capabilities of application C and application D, the navigation capability of application D has the highest priority. When the terminal device provides the second intelligent agent with information about the interface corresponding to the navigation capability, it can provide the second intelligent agent with information about the interface corresponding to the navigation capability of application C.
[0155] The foregoing embodiments use the capability record of an application as an example to illustrate the priority information in the capability record. This is not intended to limit the specific capabilities of an application. Those skilled in the art should be able to recognize that the capability record of a hardware module may also include priority information.
[0156] For example, a terminal device can have multiple camera modules, and the capability type information in the capability record corresponding to each camera module can be image acquisition. Each camera module's capability record can include priority information. The terminal device can select one camera module from the multiple camera modules based on the priority information in the capability records of each camera module, and provide the target intelligent agent with the information of the interface corresponding to the image acquisition capability of the selected camera module.
[0157] In one possible design, based on the method provided in any of the foregoing embodiments, each capability record in the permission management file may also include an agent usage permission field.
[0158] The agent usage permission field in the capability record reflects whether the agent application has the capability corresponding to the capability type information in the capability record. For example, if the agent usage permission field is a first identifier, it indicates that the agent application has the capability corresponding to the capability type information in the capability record. If the agent usage permission field is a second identifier, it indicates that the agent application does not have the capability corresponding to the capability type information in the capability record.
[0159] In some examples, referring to Figure 9, each capability record contains only one agent usage permission field. This field reflects whether each agent application in the terminal device has the capability corresponding to the capability type information in the capability record. Alternatively, this field may reflect whether a specified agent application in the terminal device has the capability corresponding to the capability type information in the capability record. Optionally, the specified agent application may be a subset of all agent applications in the terminal device.
[0160] Optionally, the terminal device may designate a highly trusted intelligent agent application as the specified intelligent agent application, granting the specified intelligent agent application permission to use some or all of its capabilities. Conversely, the terminal device may deny all permissions to intelligent agent applications with lower trust levels, effectively prohibiting them from using all capabilities.
[0161] Optionally, the terminal device can determine whether the specified intelligent agent includes the target intelligent agent. If it does, it can provide the target intelligent agent with the interface information corresponding to the target capability type information based on the capability record in the permission management file.
[0162] In some examples, there are multiple agent usage permission fields in each capability record. These multiple agent usage permission fields correspond one-to-one with multiple agent applications.
[0163] Optionally, the multiple intelligent agent applications can be a subset or all of the intelligent agent applications on the terminal device. Optionally, the terminal device can use intelligent agent applications with higher trust levels as the multiple intelligent agent applications, and manage the access permissions for each intelligent agent application to use its capabilities separately. The terminal device can also deny access to all capabilities to intelligent agent applications with lower trust levels, i.e., prohibit intelligent agent applications with lower trust levels from using all capabilities.
[0164] For example, referring to Figure 10, the agent usage permission field in a capability record can include a first agent usage permission field and a second agent usage permission field. The first agent usage permission field corresponds to the first agent application, and the second agent usage permission field corresponds to the second agent application. In capability record P4, the capability type information corresponding to the capability type field is "navigation". The first agent usage permission field is a first identifier, which reflects that the first agent application can use the "navigation" capability corresponding to capability record P4. The second agent usage permission field is a second identifier, which reflects that the second agent application cannot use the "navigation" capability corresponding to capability record P4.
[0165] The foregoing embodiments use the capability record of an application as an example to illustrate the agent usage permission field in the capability record. This is not intended to limit the specific capabilities of the application's capability record. Those skilled in the art should be able to recognize that the capability record of a hardware module may also include an agent usage permission field.
[0166] Figure 11 illustrates a capability and permission management method according to an exemplary embodiment, which can be executed by a terminal device. The method may include the following steps:
[0167] S1101, Obtain the permission management file.
[0168] The permission management file may include a first capability record corresponding to any application and / or a second capability record corresponding to any hardware module, wherein the capability type in the first capability record is the first capability type information of the application, and the capability type in the second capability record is the second capability type information of the hardware module.
[0169] In this embodiment, the permission management file includes priority information in each capability record. For details on priority information, please refer to the relevant descriptions in the preceding embodiments. Optionally, each capability record may also include agent usage permissions. For details on agent usage permissions, please refer to the relevant descriptions in the preceding embodiments.
[0170] S1102, Based on the permission management file, determine the target record, wherein the target record includes target capability type information.
[0171] Target capability type information can characterize the capability type of a target capability. Terminal devices can find capability records containing target capability type information, i.e., target records, from the permission management file.
[0172] S1103, if there are multiple target records, the interface information corresponding to the target record with the highest priority among all target records shall be used as the information of the interface corresponding to the target capability type information.
[0173] For any given target type of information, if there are multiple target records containing that target type of information, it indicates that multiple applications (or multiple hardware modules) can provide the target capability. Among all target records, the terminal device can determine the interface information corresponding to the target record with the highest priority as the interface information corresponding to the target capability type information.
[0174] S1104, Provide the target agent with the information of the interface corresponding to the target capability type information, so that the target agent can use the target capability.
[0175] Terminal devices can provide the target intelligent agent with the information of the interface corresponding to the target capability type, so that the target intelligent agent can use the target capability.
[0176] In one possible design, the priority information in each capability record in the permission management file can be one.
[0177] Optionally, the priority information in each capability record can be used as the priority information related to agents in a specified set of agents.
[0178] In step S1102, when the terminal device determines the target record according to the permission management file, it can determine whether the specified set of intelligent agents includes the target intelligent agent. If it does, the target record is determined according to the permission management file record. From all target records, the target record with the highest priority information is searched, and the interface information corresponding to the searched target record is determined as the interface information corresponding to the target capability type information.
[0179] In another possible design, the permission management file can contain multiple priority information entries for each capability record. These multiple priority entries correspond one-to-one with multiple intelligent agents.
[0180] In step S1102, when the terminal device determines the target record according to the permission management file, it can determine whether the target intelligent agent is included among the aforementioned multiple intelligent agents. If it is included, it will find the target record with the highest priority information corresponding to the target intelligent agent from all the target records, and determine the interface information corresponding to the found target record as the interface information corresponding to the target capability type information.
[0181] Optionally, if the target intelligent agent is not included among the aforementioned multiple intelligent agents, the terminal device can record the corresponding interface information of any target and determine it as the interface information corresponding to the target capability type information.
[0182] In another possible design, the priority information in each capability record of the permission management file can be multiple. These multiple priority information entries can include default priority information and priority information corresponding to at least one agent.
[0183] In step S1102, when the terminal device determines the target record according to the permission management file, it can determine whether the target intelligent agent is included among the aforementioned at least one intelligent agent. If so, it finds the target record with the highest priority information corresponding to the target intelligent agent from all target records, and determines the interface information corresponding to the target record as the interface information corresponding to the target capability type information.
[0184] Optionally, if the target intelligent agent is not included among the aforementioned at least one intelligent agent, the terminal device can find the target record with the highest default priority information from all target records, and determine the interface information corresponding to the target record as the interface information corresponding to the target capability type information.
[0185] Figure 12 illustrates an exemplary embodiment of a capability and access management method, which can be executed by a terminal device. The method may include the following steps:
[0186] S1201, Receive target capability type information, wherein the target capability type information is the capability type queried by the target intelligent agent.
[0187] S1202, Obtain the permission management file.
[0188] The permission management file may include a first capability record corresponding to any application and / or a second capability record corresponding to any hardware module, wherein the capability type in the first capability record is the first capability type information of the application, and the capability type in the second capability record is the second capability type information of the hardware module.
[0189] In this embodiment, each capability record may further include agent usage permissions. For details regarding agent usage permissions, please refer to the relevant descriptions in the foregoing embodiments. Optionally, the permission management file includes priority information in each capability record. For details regarding priority information, please refer to the relevant descriptions in the foregoing embodiments.
[0190] S1203, Based on the permission management file, determine the target record, wherein the target record includes target capability type information.
[0191] Target capability type information can characterize the capability type of a target capability. Terminal devices can find capability records containing target capability type information, i.e., target records, from the permission management file.
[0192] In this embodiment, the target capability type information is the capability type queried by the target intelligent agent.
[0193] S1204, if the agent usage permission field in the target record is a first identifier, then the information of the interface corresponding to the target capability type information is provided to the target agent.
[0194] The first identifier can characterize the capability corresponding to the capability type information in the target record, and it is usable.
[0195] S1205, Provide the target agent with information about the interface corresponding to the target capability type information, so that the target agent can use the target capability.
[0196] Terminal devices can provide the target intelligent agent with the information of the interface corresponding to the target capability type, so that the target intelligent agent can use the target capability.
[0197] In one possible scenario, after step S1203, if the terminal device determines that the agent's access permission field in the target record is a second identifier, it notifies the target agent of a first prompt message. This first prompt message indicates that the target agent does not have access permission for the target capability type. The second identifier represents the capability corresponding to the capability type information in the target record, and indicates that it is disabled. This reflects that the target agent currently does not have permission to use the capability in the target record.
[0198] The terminal device can notify the target intelligent agent of a first prompt message. This first prompt message indicates that the target intelligent agent does not have permission to use the target capability type, thus informing the target intelligent agent that it lacks the necessary permissions to use the target capability. Optionally, in this scenario, the target intelligent agent can prompt the user that it does not have permission to use the target capability. Alternatively, the terminal device can prompt the user that the target intelligent agent does not have permission to use the target capability.
[0199] In some examples, the terminal device may display a second prompt message to ask the user whether to allow the target agent to use the target capability. In response to the authorization operation, the terminal device may provide the target agent with the interface information corresponding to the target capability type.
[0200] Optionally, the second prompt can take the form of a pop-up window, a floating window, or a voice broadcast. This application does not impose excessive limitations on this aspect.
[0201] Optionally, the second prompt message may include allowing and disallowing controls. Users can trigger the authorization process by allowing controls.
[0202] Optionally, the second prompt message may include options to allow the control this time, always allow the control, and disallow the control. The user can trigger an authorization operation by allowing the control this time or always allowing the control. In some examples, if the terminal device detects that the user has triggered an authorization operation by always allowing the control, the terminal device can modify the permission management file. For example, the terminal device may configure the agent usage permission field in the target record of the permission management file as the first identifier.
[0203] In one possible design, the number of agent usage permission fields in each capability record of the permission management file can be only one. This agent usage permission field can serve as the agent usage permission field corresponding to each agent application.
[0204] In another possible design, the permission management file can contain multiple agent usage permission fields in each capability record. Each of these multiple agent usage permission fields corresponds one-to-one with a specific agent.
[0205] In step S1204, during the operation of the terminal device determining whether the agent usage permission field in the target record is a first identifier, it can be determined whether the agent usage permission field corresponding to the target agent in the target record is a first identifier. If it is a first identifier, the information of the interface corresponding to the target capability type information is provided to the target agent.
[0206] In another possible design, the number of agent usage permission fields in each capability record of the permission management file can be multiple. These multiple agent usage permission fields can include a default agent usage permission field and an agent usage permission field corresponding to at least one agent.
[0207] In step S1204, during the terminal device's operation of determining whether the agent usage permission field in the target record is a first identifier, it can be determined whether the target agent is one of the aforementioned at least one agent. If the target agent is one of the aforementioned at least one agent, then it is determined whether the agent usage permission field corresponding to the target agent in the target record is a first identifier. If it is a first identifier, then the information of the interface corresponding to the target capability type information is provided to the target agent. Optionally, if it is a second identifier, then the target agent is notified of a first prompt message.
[0208] If the target agent is not one of the aforementioned agents, then it is determined whether the default agent usage permission field in the target record is a first identifier. If it is a first identifier, then the information of the interface corresponding to the target capability type information is provided to the target agent. Optionally, if it is a second identifier, then the target agent is notified of the first prompt information.
[0209] Based on the capability and permission management method provided in any of the foregoing embodiments, the permission file includes an agent usage permission field. The configuration method of the agent usage permission field is described below, using a target agent as an example.
[0210] The terminal device may pre-store preset capability and permission management policies. These policies include information on the types of capabilities that the target intelligent agent is allowed to use, and / or information on the types of capabilities that the target intelligent agent is prohibited from using.
[0211] In one possible implementation, the terminal device can configure the intelligent agent usage permission field in each capability record according to a preset capability permission management strategy during the target intelligent agent installation phase.
[0212] The installation phase of the target agent can reflect its potential use. Terminal devices can configure capability usage permissions for the target agent. Based on capability permission management policies, terminal devices can configure the agent usage permission fields corresponding to the target agent in each capability record of the permission management file.
[0213] For example, for a third capability record containing information about any capability type that the target agent is allowed to use, the terminal device configures the agent usage permission field corresponding to the target agent in each third capability record as a first identifier. Optionally, for a fourth capability record, the terminal device configures the agent usage permission field corresponding to the target agent in each fourth capability record as a second identifier, wherein the fourth capability record can be a capability record containing information about any capability type that the target agent is prohibited from using, or the fourth capability record can be any capability record other than the third capability record among all capability records.
[0214] In one possible implementation, the target agent can proactively request a target capability. The terminal device can receive the capability type information requested by the target agent. Based on the capability type information requested by the target agent and a preset capability permission management policy, the agent's usage permission field in each capability record is configured.
[0215] Terminal devices can configure the agent usage permission fields corresponding to the target agent in the capability record by combining the capabilities requested by the target agent and the preset capability permission management strategy.
[0216] In some examples, the terminal device can match the capability type information requested by the target agent with the capability type information in the permission management file. Based on the matching result and / or the preset capability permission management strategy, the terminal device configures the agent usage permission field in each capability record.
[0217] For example, the capability type information requested by the target intelligent agent includes capability type information 1, 2, and 3. The capability type information in the permission management file includes capability type information 2, 3, and 4. The terminal device can match the capability type information requested by the target intelligent agent with the capability type information in the permission management file. The matching result can be capability type information 2 and capability type information 3. The capability type information in the matching result belongs to both the capability type information requested by the target intelligent agent and the capability type information in the permission management file.
[0218] Terminal devices can configure the agent usage permission field in each capability record based solely on the matching results. For example, the agent usage permission field in a capability record containing information about any capability type from the matching results can be configured as the first identifier.
[0219] Terminal devices can configure the agent usage permission fields in each capability record based solely on the capability permission management policy.
[0220] Terminal devices can configure the agent usage permission fields in each capability record based on the matching results and capability permission management policies.
[0221] In the permission file, for the fifth capability record containing any capability type information from the matching results, it is determined whether the capability type information in the fifth capability record is a capability type allowed for use by the target agent under the capability permission management policy. If so, the agent usage permission field corresponding to the target agent in the fifth capability record is configured as the first identifier. Optionally, if not, the agent usage permission field corresponding to the target agent in the fifth capability record is configured as the second identifier.
[0222] In one possible design, the capability and permission management policy may include a static configuration policy. The static configuration policy includes information on capability types that are allowed to be used by each agent by default, and information on capability types that are prohibited from being used by each agent by default. The information on capability types that are allowed to be used by each agent by default can be implemented as the aforementioned information on capability types allowed to be used by the target agent. The information on capability types that are prohibited from being used by each agent by default can be implemented as the information on capability types prohibited from being used by the target agent.
[0223] In one possible design, the capability and access control policy may include a dynamic configuration policy. In the dynamic configuration policy, the capability type information allowed for use by the target agent is determined based on the target agent's agent type and / or the target agent's trust level information.
[0224] In some examples, the capability type information that the target agent is allowed to use is determined based on the agent type of the target agent.
[0225] The type of intelligent agent application is denoted as the intelligent agent type. Intelligent agent types can include, but are not limited to, the following:
[0226] Speech recognition type, text processing type, content generation type, translation type, audio processing type, shopping type.
[0227] The terminal device can obtain the agent type of the target agent and, based on the agent type and capability type information in the permission management file, determine the capabilities that the target agent can use. The capability type information corresponding to the determined capabilities is then used as the capability type information permitted for the target agent. Optionally, the terminal device can find the capability type information corresponding to the target agent's agent type from the capability type information in the permission management file, based on a preset mapping relationship between agent types and capability type information. Alternatively, the terminal device can have analytical or reasoning capabilities. From the capability type information in the permission management file, the terminal device can infer the capability type information corresponding to the target agent's agent type.
[0228] For example, the target agent's agent type could be speech recognition. The permission management file includes capability type information for audio acquisition. The terminal device can determine that the target agent is capable of using audio acquisition capabilities. The terminal device can use the audio acquisition capability type information as the capability type information that the target agent is allowed to use.
[0229] For example, the target intelligent agent's intelligent agent type could be translation. The permission management file includes speech recognition capabilities and audio acquisition capabilities. The terminal device can determine that the target intelligent agent can use audio acquisition capabilities and speech recognition capabilities. The terminal device can use the capability type information for audio acquisition capabilities and speech recognition capabilities as the capability type information allowed for the target intelligent agent.
[0230] In some examples, the type of capabilities allowed for use by the target agent is determined based on the target agent's trust information. Optionally, the agent's trust information can be implemented as the agent's risk level or trust level. Alternatively, the agent's trust information can reflect the agent's risk level or trust level.
[0231] In one possible design, the terminal device can perform a risk assessment on the agent before installation. For example, it could assess the risk of the agent's installation package. The terminal device can detect whether the installation package contains any risky content. By performing this risk assessment, the terminal device can obtain information about the agent's trust level.
[0232] In another possible design, the agent can provide trust information. Optionally, the agent's installation package can carry trust information. Optionally, after the agent's installation package is parsed, the terminal device can obtain the agent's trust information. Alternatively, during the installation process, the agent can report its own trust information.
[0233] Trust information of an agent can reflect its risk level. Risk levels can be divided into multiple levels, ordered from lowest to highest as Level 1, Level 2, Level 3, ..., Level N. Generally, N is a positive integer greater than or equal to 2.
[0234] In some application scenarios, multiple risk levels can be sorted from lowest to highest as follows: extremely low risk, relatively low risk, normal risk, relatively high risk, and extremely high risk. It should be noted that the multiple levels in this example are used to illustrate the different levels of risk and are not intended to limit the specific number of levels. Optionally, multiple levels can be sorted from lowest to highest as follows: relatively low risk, normal risk, and relatively high risk.
[0235] In one possible scenario, the risk level reflected by the trust information of agent M1 is lower than the risk level reflected by the trust information of agent M2. The first total number of capability types that the terminal device determines are allowed to be used by agent M1 can be greater than the second total number of capability types that the terminal device determines are allowed to be used by agent M2.
[0236] In one possible scenario, the terminal device may pre-store a mapping relationship between trust information and capability type information in a permission management file. In this mapping relationship, first trust information may correspond to one or more capability type information. The risk level reflected by the first trust information is lower than the risk level reflected by the second trust information. Second trust information may correspond to one or more capability type information, or it may not have a corresponding capability type information. When second trust information has no corresponding capability type information, it can indicate that the terminal device prohibits agents with the second trust information from using the capabilities within the terminal device.
[0237] For example, the capability type information corresponding to the first level of trust information may include capability type information corresponding to image acquisition capability, audio acquisition capability, call capability, and navigation capability. The capability type information corresponding to the second level of trust information may include capability type information corresponding to navigation capability. Alternatively, the second level of trust information may not have corresponding capability type information.
[0238] In the capability and permission management method provided in any of the above embodiments, the terminal device obtains a permission management file, which includes a first capability record corresponding to any application and / or a second capability record corresponding to any hardware module. The first capability record includes first capability type information of the application, and the second capability record includes second capability type information of the hardware module.
[0239] Based on the capability records in the permission management file, the terminal device provides the target intelligent agent with information on the interface corresponding to the target capability type information, so that the target intelligent agent can use the target capability, wherein the target capability type information represents the capability type of the target capability.
[0240] In some examples, the target capability type information corresponding to the interface can be the interface of any of the applications, or the target capability type information corresponding to the interface can be the interface of any of the hardware modules.
[0241] In this example, the interface corresponding to the target capability type information can be an interface within an application. The terminal device can provide the application's interface to the target agent, allowing the target agent to directly call the application's interface. In this design, the target agent can obtain the application's interfaces, especially the non-standardized interfaces within the application.
[0242] Similarly, the interface corresponding to the target capability type information can be the interface of the hardware module. The terminal device can provide the hardware module's interface to the target intelligent agent, allowing the target intelligent agent to directly call the hardware module's interface. In this design, the target intelligent agent can obtain the hardware module's interface, especially the non-standardized interface of the hardware module.
[0243] In some examples, the target capability type information corresponding to the interface can be an interface of any of the hardware modules. Alternatively, the target capability type information corresponding to the interface is a first system interface, wherein when the first system interface is invoked, it triggers the interface of the calling application.
[0244] For any first capability type information in any application, the terminal device can configure a first system interface for the first capability type information of the application. Through the configured first system interface, the application interface corresponding to the first capability type information can be called.
[0245] The terminal device can provide a first system interface to the target intelligent agent. The target intelligent agent can trigger the application interface corresponding to the target capability type information by calling the first system interface.
[0246] In the capability and permission management method provided in any of the above embodiments, the target capability is a capability from any of the following units:
[0247] Expert Unit, Tool Unit, Embodied Action Unit.
[0248] In some application scenarios, the capabilities of an expert unit are typically those of a closed model. Closed models can include, but are not limited to, neural network models or large language models.
[0249] In some application scenarios, the capabilities in a tool unit are typically those that enable intelligent agent applications to perceive the environment and make decisions.
[0250] In some application scenarios, the capabilities of an embodied action unit are typically those usable during the execution of an intelligent agent's application. Examples include navigation, object manipulation, and object interaction. For instance, the ability to locate a target by moving or to change the state of an object by touching it.
[0251] Optionally, after the first system interface is invoked, it provides feedback parameters to the target agent, the feedback parameters being used to characterize the execution result corresponding to the target capability type.
[0252] In one possible implementation, the first system interface may include a callback parameter, which can be implemented as a feedback parameter. After the target agent calls the first system interface, it can trigger the callback parameter to register with the terminal device's system service via the binder mechanism, and trigger the terminal device system to call the application programming interface to realize the capability call. The terminal device system can feed back the execution result of the capability call to the target agent through the callback parameter, so that the target agent knows whether the execution has been successful.
[0253] In some application scenarios, an expert unit can include one or more models, each of which is typically a closed model. Examples include large language models and intelligent agent applications.
[0254] In some application scenarios, tool units can include, but are not limited to, physical tools and virtual tools. The capabilities within a tool unit can include, but are not limited to, the capabilities of physical tools and virtual tools. Examples include application APIs or plugins.
[0255] In some application scenarios, the capabilities of an embodied action unit may include, but are not limited to, the ability to locate itself in the real environment, perceive surrounding objects, and interact with surrounding objects after receiving a designated task. For example, the ability of an embodied robot's robotic arm to grasp, and the ability of its robotic legs to walk and turn.
[0256] In this example, the terminal device can classify capability type information according to a preset functional unit classification method. Any capability in the terminal device can be assigned to any functional unit.
[0257] In one possible design, the target capability type information corresponding to the interface can be an interface of any of the hardware modules. Alternatively, the target capability type information corresponding to the interface is a first system interface, wherein when the first system interface is invoked, it triggers the interface of the calling application.
[0258] For any first capability type information in any application, the terminal device can configure a first system interface for the first capability type information of the application. Through the configured first system interface, the application interface corresponding to the first capability type information can be called.
[0259] In some examples, the specific form of the first system interface can reflect the unit to which the first capability type belongs, as well as the capability type information.
[0260] Figure 13 illustrates an exemplary capability and permission management method, which can be executed by a terminal device. The method may include the following steps:
[0261] S1301, determine if any application is in the installation phase.
[0262] Applications can include user-facing applications or application components.
[0263] S1302, in the permission management file, add a first capability record for any of the applications, and configure the agent usage permission field corresponding to the target agent in the first capability record.
[0264] The target intelligent agent can be any intelligent agent application on the terminal device. The terminal device can determine whether to grant the application's capabilities to the target intelligent agent. Optionally, the terminal device can make this determination based on the target intelligent agent's intelligent agent type and / or trust information. Alternatively, the terminal device can make this determination based on a preset capability permission management policy.
[0265] If the terminal device determines that it will not allow the target intelligent agent to use the application's capabilities, it will configure the intelligent agent usage permission field corresponding to the target intelligent agent in the first capability record as the second identifier in the permission management file.
[0266] If the terminal device determines that the target intelligent agent has the capability to use the application, it configures the intelligent agent usage permission field corresponding to the target intelligent agent in the first capability record as the first identifier in the permission management file. Optionally, the terminal device may also provide the target intelligent agent with information about the interface corresponding to the application capability.
[0267] In one possible application scenario, Figure 14 exemplifies a permission management file, which may include multiple capability records. Each capability record may include capability type information, information about the interface corresponding to the capability type, a priority field, and an agent usage permission field. There is one priority field and one agent usage permission field. The priority information in the priority field is recorded in numerical form. For any two different values, the smaller the value, the higher the priority.
[0268] Based on the aforementioned permission management file, Figure 15 illustrates an exemplary capability permission management method, which can be executed by a terminal device. This method may include the following steps:
[0269] S1501, Obtain the first capability type information of the application.
[0270] S1502, Determine whether the first capability type information exists in the permission management file. If yes, proceed to step S1503; otherwise, proceed to step S1504.
[0271] S1503, in the permission management file, obtain the maximum value x of the priority information in the capability record that includes the first capability type information.
[0272] S1504, In the permission management file, add a first capability record of the application, wherein the first capability record includes the first capability type information, the information of the interface corresponding to the first capability type information, and priority information, wherein the priority information is configured to 1.
[0273] S1505, In the permission management file, add a first capability record of the application, wherein the first capability record includes the first capability type information, the information of the interface corresponding to the first capability type information, the agent usage permission field corresponding to the target agent, and the priority information, wherein the priority information is configured as x+1.
[0274] S1506, determine whether to provide the capability corresponding to the first capability type information of the application to the target intelligent agent. If yes, proceed to step S1507; otherwise, proceed to step S1508.
[0275] S1507, Configure the agent usage permission field corresponding to the target agent in the first capability record as the first identifier.
[0276] S1508, Configure the agent usage permission field corresponding to the target agent in the first capability record as the second identifier.
[0277] In one possible design, the terminal device can provide a capability and permission management interface. Users can configure priority information and agent usage permission fields in each capability record through this interface.
[0278] Figure 16 illustrates an exemplary capability and access control method, which can be executed by a terminal device. The method may include the following steps:
[0279] S1601, Receive target capability type information queried by the target intelligent agent.
[0280] During the operation of the target intelligent agent, it may need to use a certain capability; let's assume it needs the target capability. Target capability type information can characterize the target intelligent agent's description of the target capability. Alternatively, the target intelligent agent can infer the capability type information of the target capability, and the inference result serves as the target capability type information.
[0281] S1602, Determine whether the permission management file includes the target capability type information. If yes, proceed to step S1603; otherwise, proceed to step S1604.
[0282] The terminal device can match the capability type information in the permission management file with the target capability type information. If the permission management file contains capability type information that matches the target capability type information, it indicates that the permission management file includes that target capability type information. If the permission management file does not contain capability type information that matches the target capability type information, it indicates that the permission management file does not include that target capability type information.
[0283] S1603, determine whether the agent access permission identifier corresponding to the target agent in the capability record including the target capability type information is the first identifier. If yes, proceed to step S1605. If no, proceed to step S1606.
[0284] S1604, Display a prompt message, which indicates that the target intelligent agent cannot use the capability corresponding to the target capability type information.
[0285] S1605, the target capability type information is provided to the target agent via the interface.
[0286] Terminal devices can provide target intelligent agents with target capability type information and interface information, making it easier for target intelligent agents to call target capabilities.
[0287] S1606, Display permission request information, which is used to prompt the user whether to allow the target intelligent agent to use the target capability.
[0288] S1607, determine whether the user operation is an allowed operation. If yes, proceed to step S1605; otherwise, end.
[0289] After the terminal device displays the permission request information, it can detect the user's actions on that information. For example, the permission request information may include allowing controls and disallowing controls. User actions on allowed controls can be considered as permitted actions, and user actions on disallowed controls can be considered as disallowed actions.
[0290] Figure 17 illustrates an exemplary capability and access control method, which can be executed by a terminal device. The method may include the following steps:
[0291] S1701, Receive a request from the target intelligent agent to obtain a list of capability services, wherein the list of capability services includes part or all of the capability type information in the permission management file.
[0292] During or after the installation process, the target intelligent agent can request a list of capability services from the terminal device so that the target intelligent agent can know the capabilities that the terminal device can provide.
[0293] S1702, the list of capability services is provided to the target agent.
[0294] S1703, Receive the target capability type information requested by the target intelligent agent.
[0295] S1704, determine whether to provide the capability corresponding to the target capability type information to the target agent. If yes, proceed to step S1705; otherwise, proceed to step S1706.
[0296] S1705, Configure the agent usage permission field corresponding to the target agent in the target capability record as the first identifier.
[0297] S1706, Configure the agent usage permission field corresponding to the target agent in the target capability record as the second identifier.
[0298] The terminal device can generate a permission management table corresponding to the target intelligent agent based on the permission management file. Referring to Figure 18, the permission management table for the target intelligent agent can contain multiple records, each of which can include capability type information and an intelligent agent usage permission field. If the intelligent agent usage permission field is a first identifier, it reflects that the target intelligent agent can use the capability corresponding to the capability type information in that record; if the intelligent agent usage permission field is a second identifier, it reflects that the target intelligent agent cannot use the capability corresponding to the capability type information in that record. Optionally, the permission management table can also include information about the interface corresponding to the capability type information.
[0299] Figure 19 illustrates an exemplary capability and access control method, which can be executed by a terminal device. The method may include the following steps:
[0300] S1901, Receive a request from the target agent to obtain the permission management table corresponding to the target agent.
[0301] During the operation of the target intelligent agent, it can request the corresponding permission management table from the terminal device so that the target intelligent agent can know the capabilities that are allowed to be used and the capabilities that are prohibited from being used.
[0302] S1902, provide the permission management table corresponding to the target intelligent agent to the target intelligent agent.
[0303] The target agent can invoke the permitted capabilities according to the permission management table corresponding to the target agent.
[0304] Based on the permission management method provided in any of the foregoing embodiments, a system-level intelligent agent may be set in the terminal device.
[0305] In one possible design, as shown in Figure 20, the system-level intelligent agent may include a perception module, a decision-making and planning module, an action module, and a feedback module. The perception module can perceive the external environment through sensors (such as cameras, radar, infrared rangefinders, etc.). The decision-making and planning module acquires data through sensors, understands the sensor data (e.g., inputs it into a large model for inference), and makes decisions and plans. The action module can execute corresponding actions based on the results of the aforementioned decisions and plans. The feedback module can provide the execution results to the decision-making and planning module.
[0306] In another possible design, as shown in Figure 21, the system-level intelligent agent may include a planning module, a memory module, a tools module, and an action module.
[0307] In some examples, the memory module may include both short-term memory and long-term memory modules. The short-term memory module may include the context from the cue word process. Analogous to human perception, this is the input of external information, such as text / images / videos / audio.
[0308] The long-term memory module supports vector library retrieval, analogous to the long-term memory area of the human brain, enabling the retrieval of knowledge from the brain's long-term memory area during task execution. Long-term memory is divided into: explicit declarative memory (objective facts or opinions) and explicit procedural memory (subjectively acquired knowledge).
[0309] In some examples, the planning module can also be called the decision-making planning module. It possesses both planning and decision-making capabilities. The planning module can include chain of thoughts and subgoal decomposition techniques. It can break down complex goals and employ optimal or near-optimal execution paths to achieve them. The planning module can also include reflection and self-criticism techniques. It can incorporate reinforcement learning mechanisms, learning from mistakes through environmental feedback to improve the quality of results. Large Language Models (LLMs) occupy a central position in the planning module.
[0310] In some examples, the action module and tool module can be viewed as a whole, serving as the execution stage for task implementation. This is simply referred to as the execution module. The actions of the execution module can be categorized into three types: text output, tool usage, and embodied action. Text output actions represent the fundamental capabilities of the large language model within the agent. In the tool usage action, the large language model can call external program tools. For example, it can call other models to collaboratively process tasks, or utilize interfaces or plugins in user-facing applications to handle specific tasks. In the embodied action action, the agent can locate its position in the real-world environment, perceive surrounding objects, receive specified tasks, and interact with these objects to achieve the task objective; this can be understood as a robot displaying the world. The embodied action and tool usage actions of the agent application also utilize the capabilities of the terminal device to process tasks.
[0311] The permission management method provided in any of the foregoing embodiments can be executed by a system-level intelligent agent in the terminal device. The system-level intelligent agent itself has a perception module, a memory module, a decision-making and planning module, and an execution module. The system-level intelligent agent can provide the capabilities of the perception module, the memory module, the decision-making and planning module, and the execution module. Referring to Figure 22, intelligent agent applications can use the capabilities of the system-level intelligent agent, such as the capabilities of the perception module, the memory module, the decision-making and planning module, and the execution module, through system-level intelligent agent services.
[0312] The execution module can invoke the capabilities of any application on the terminal device, or the capabilities of the hardware module. The execution module can invoke the capabilities corresponding to the capability type information in the permission management file. The execution module can access the interface information corresponding to each capability type information in the permission management file.
[0313] In one possible implementation, the capability type information in the access control file can be divided into capabilities in four units: Expert Unit, Tool Unit, Embodied Action Unit, and Other Unit. Capability type information that does not belong to the Expert Unit, Tool Unit, or Embodied Action Unit can be classified into the Other Unit. Therefore, different units include different capability type information.
[0314] Intelligent agent applications can invoke capabilities corresponding to any capability type within a unit through the unit's interface. Referring further to Figure 22, intelligent agent applications can invoke capabilities within each unit by utilizing the capabilities of the execution module in the system-level intelligent agent service.
[0315] For example, an intelligent agent application can request capabilities from an expert unit (i.e., capabilities corresponding to capability type information in the expert unit) through the first interface. The first interface is: `Char[]ApplyForExpert(int functionType, infoCallback callback)`. Here, `Expert` represents the expert unit, `ApplyForExpert` represents the requesting expert unit, `functionType` represents any capability type information within the expert unit, and `callback` represents the feedback value of the capability execution result, indicating whether the capability execution result was successful or failed.
[0316] Optionally, the capabilities corresponding to the capability type information in the expert unit may include the ability to apply for paper abstracts, the ability to identify the application environment, or the capabilities in the system's intelligent agent expert unit that the intelligent agent application itself cannot handle.
[0317] For example, an intelligent agent application can request capabilities from a tool unit (i.e., capabilities corresponding to the capability type information in the tool unit) through a second interface. The second interface is: `int ApplyForTools(int functionType, infoCallback callback)`. Here, `Tools` represents the tool unit, `functionType` represents any capability type information within the tool unit, and `callback` represents the feedback value of the capability execution result, indicating whether the capability execution result was successful or failed.
[0318] Optionally, the capabilities corresponding to the capability type information in the tool unit may include the ability to request a calculator, the ability to request settings functions, and the ability to request screen brightness adjustment.
[0319] For example, an intelligent agent application can request capabilities from an embodied action unit (i.e., capabilities corresponding to capability types within the embodied action unit) through a third interface. The third interface is: `int ApplyForMechanical(int functionType, infoCallback callback)`. Here, `Mechanical` represents the embodied action unit, `functionType` represents any capability type within the embodied action unit, and `callback` represents the feedback value of the capability execution result, indicating whether the capability execution was successful or failed.
[0320] Optionally, the capabilities corresponding to the capability type information in the embodied action unit may include the rotation of a robotic arm, the rotation of a motor, etc.
[0321] For example, an intelligent agent application can request capabilities from other units (i.e., capabilities corresponding to the capability types in other units) through the fourth interface. The fourth interface is: `int ApplyForOthers(int functionType, infoCallback callback)`. Here, `Others` represents other units. `functionType` represents any capability type information in other units, and `callback` represents the feedback value of the capability execution result, indicating whether the capability execution result was successful or failed.
[0322] In some examples, after an agent application calls the interface corresponding to any capability type information in any unit, the system-level application can execute the capability corresponding to that capability type information and return the execution result to the agent application via the callback parameter. Optionally, the system-level agent can register the callback parameter with the system-level agent service via the binder mechanism, and then provide the callback parameter to the agent application through the system-level agent service.
[0323] Based on the same inventive concept, this application also provides a capability and permission management method, which can be executed by an intelligent agent application, as shown in Figure 23. The method may include the following steps:
[0324] S2301, during the operation of the intelligent agent application, query the system for information on the interface corresponding to the target capability type information, wherein the number of the target capability types is one or more.
[0325] During the operation of an intelligent agent application, it may require target capabilities. The intelligent agent application can query the system for the interface information of the target capability. The target capability type is the capability type information of the target capability.
[0326] S2302, receive information about the interface corresponding to the target capability type information.
[0327] In some examples, the agent application has permission to use the target capability. The system can provide the agent application with information about the interface corresponding to the target capability type.
[0328] S2303, call the interface corresponding to the target capability type information.
[0329] The intelligent agent application can invoke the target capability by calling the interface corresponding to the target capability type information.
[0330] This application embodiment also provides a capability and permission management method, which can be executed by an intelligent agent application, as shown in Figure 24. The method may include the following steps:
[0331] S2401, during the installation phase of the intelligent agent application, information on the interface corresponding to the target capability type is requested from the system, wherein the number of the target capability types is one or more.
[0332] During the installation phase, intelligent agent applications can request capability type information from the system. For example, an intelligent agent application can request capabilities that it may need during its operation, denoted as target capabilities, and the target capability type information is the capability type information of the target capability.
[0333] S2402, receive information about the interface corresponding to the target capability type information.
[0334] The terminal device's system can provide the intelligent agent application with the target capability type information corresponding to the interface information.
[0335] This application embodiment also provides a capability and permission management method, which can be executed by an intelligent agent application, as shown in Figure 25. The method may include the following steps:
[0336] S2501, request the system for the permission management table corresponding to the intelligent agent application. The permission management table includes the capability type information of the permission management file and the identifier of the intelligent agent usage permission field corresponding to the intelligent agent application.
[0337] S2502, Receive the permission management table corresponding to the intelligent agent application.
[0338] S2503, query the system for information on the interface corresponding to the target capability type information. In the permission management table, the identifier of the agent's usage permission field in the record including the target capability type information is the first identifier.
[0339] Intelligent agent applications can determine which capabilities they are authorized to use through a permission management table. The permission management table includes multiple records, each containing capability type information and an identifier for the intelligent agent's corresponding access permission field. If the identifier for the intelligent agent's access permission field is a first identifier, it indicates that the intelligent agent application has the capability corresponding to the capability type information in that record. If the identifier for the intelligent agent's access permission field is a second identifier, it indicates that the intelligent agent application does not have the capability corresponding to the capability type information in that record.
[0340] Intelligent agent applications can query the system for information on the interfaces of capabilities they are authorized to use.
[0341] S2504, Receive information about the interface corresponding to the target capability type information.
[0342] Based on the same concept, Figure 26 is a schematic diagram of the structure of an electronic device 1800 provided in an embodiment of this application. The electronic device 1800 can be either the first device or the second device mentioned above. As shown in Figure 26, the electronic device 1800 may include: one or more processors 1801; one or more memories 1802; a communication interface 1803; and one or more computer programs 1804. These devices can be connected via one or more communication buses 1805. The one or more computer programs 1804 are stored in the memory 1802 and configured to be executed by the one or more processors 1801. The one or more computer programs 1804 include instructions. For example, the instructions can be used to execute relevant steps performed by the terminal device in the corresponding embodiments above, and / or relevant steps performed by the intelligent agent application. Alternatively, the instructions can be used to execute relevant operations performed by the system-level intelligent agent in the corresponding embodiments above, and / or relevant steps performed by the intelligent agent application.
[0343] The methods provided in the embodiments of this application above are described from the perspective of terminal devices, system-level intelligent agents, or intelligent agent applications as the executing entities. To implement the functions of the methods provided in the embodiments of this application above, electronic devices may include hardware structures and / or software modules, implementing the above functions in the form of hardware structures, software modules, or a combination of hardware structures and software modules. Whether a particular function is executed in the form of hardware structures, software modules, or a combination of hardware structures and software modules depends on the specific application and design constraints of the technical solution.
[0344] In addition, embodiments of this application provide a computer-readable storage medium for storing a computer program that, when run on a computer, causes the computer to perform steps as described in any of the capability and permission management methods above.
[0345] In the above embodiments, the terms "when..." or "after..." can be interpreted, depending on the context, as meaning "if...", "after...", "in response to determining...", or "in response to detecting...". Similarly, the phrases "when..." or "if (the stated condition or event) is detected" can be interpreted, depending on the context, as meaning "if...", "in response to determining...", "when (the stated condition or event) is detected", or "in response to detecting (the stated condition or event)". Furthermore, in the above embodiments, relational terms such as "first" and "second" are used to distinguish one entity from another, without limiting any actual relationship or order between these entities.
[0346] References to "one embodiment" or "some embodiments" as described in this specification mean that one or more embodiments of this application include a specific feature, structure, or characteristic described in connection with that embodiment. Therefore, the phrases "in one embodiment," "in some embodiments," "in other embodiments," "in still other embodiments," etc., appearing in different parts of this specification do not necessarily refer to the same embodiment, but rather mean "one or more, but not all, embodiments," unless otherwise specifically emphasized. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless otherwise specifically emphasized.
[0347] In the above embodiments, implementation can be achieved, in whole or in part, through software, hardware, firmware, or any combination thereof. When implemented in software, it can be implemented, in whole or in part, as a computer program product.
[0348] This application also provides a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of this invention are generated. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that a computer can access or a data storage device such as a server or data center that integrates one or more available media. The available medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid-state disk (SSD)). Where there is no conflict, the solutions of the above embodiments can be combined.
Claims
1. A capability and access control method, wherein, Applied to smart terminals, the method includes: Obtain a permission management file, wherein the permission management file includes a first capability record corresponding to any application and / or a second capability record corresponding to any hardware module, wherein the first capability record includes the first capability type information of the application and the second capability record includes the second capability type information of the hardware module; Based on the capability records in the permission management file, the target intelligent agent is provided with information on the interface corresponding to the target capability type information, so that the target intelligent agent can use the target capability, wherein the target capability type information represents the capability type of the target capability.
2. The method as described in claim 1, wherein, The method further includes: Obtain the first capability type information of any of the applications; Based on the first capability type information, add the first capability record of the application to the permission management file.
3. The method as described in claim 1, wherein, The information provided to the target agent based on the capability records in the permission management file, including the interface corresponding to the target capability type information, includes: Based on the permission management file, a target record is determined, wherein the target record includes the target capability type information; Based on the target record, information corresponding to the interface of the target type information is provided to the target agent.
4. The method of claim 3, wherein, The permission management file also includes priority information in each capability record; The step of determining the target record based on the permission management file includes: If there are multiple target capability records, then the interface information corresponding to the target capability record with the highest priority among all target capability records will be used as the interface information corresponding to the target capability type information.
5. The method as described in any one of claims 3, wherein, The permission management file also includes a field for agent usage permissions in each capability record.
6. The method of claim 5, wherein, The target capability type is the capability type queried by the target intelligent agent; The information provided to the target agent based on the target record, corresponding to the interface of the target type information, includes: If the agent usage permission field in the target record is a first identifier, then the information of the interface corresponding to the target capability type information is provided to the target agent.
7. The method of claim 6, wherein, The method further includes: If the agent's access permission field in the target record is a second identifier, then the target agent is notified of a first prompt message, which indicates that the target agent does not have access permission to use the target capability.
8. The method of claim 7, wherein, The method further includes: Display a second prompt message, which prompts the user whether to allow the target intelligent agent to use the target capability; In response to the authorization operation, the interface information corresponding to the target capability type is provided to the target agent.
9. The method of claim 5, wherein, The method further includes: During the target agent installation phase, the agent usage permission fields in each capability record are configured according to the preset capability permission management strategy.
10. The method of claim 5, wherein, The method further includes: Receive the capability type information requested by the target intelligent agent; Based on the capability type information requested by the target intelligent agent and the preset capability permission management strategy, configure the intelligent agent usage permission field in each capability record.
11. The method of claim 10, wherein, The step of configuring the agent usage permission field in each capability record according to the capability type requested by the target agent and the preset capability permission management strategy includes: Match the capability type information requested by the target intelligent agent with the capability type information in the permission management file; Based on the matching results and / or the preset capability permission management strategy, configure the agent usage permission field in each capability record.
12. The method as described in any one of claims 9-11, wherein, The preset capability permission management policy includes capability type information that the target intelligent agent is allowed to use, and / or capability type information that the target intelligent agent is prohibited from using.
13. The method of claim 12, wherein, The capability type information that the target agent is allowed to use is determined based on the agent type of the target agent and / or the trust information of the target agent.
14. The method as claimed in claim 1 or 2, wherein, The target capability type information corresponds to the interface of any of the applications; Alternatively, the target capability type information may correspond to an interface of any of the hardware modules.
15. The method of claim 1, wherein, The target capability type information corresponds to the first system interface, wherein when the first system interface is invoked, it triggers the interface of the calling application. Alternatively, the target capability type information may correspond to an interface of any of the hardware modules.
16. The method of claim 15, wherein, The method further includes: After the first system interface is invoked, it provides feedback parameters to the target agent, which are used to characterize the execution result corresponding to the target capability type.
17. The method of claim 2, wherein, The step of obtaining the first capability type information of any of the applications includes: During the installation phase of any application, the first capability type information of any application is obtained.
18. The method of claim 2, wherein, The step of obtaining the first capability type information of any of the applications includes: Obtain the installation package of at least one application, the installation package carrying the first capability type information.
19. The method of claim 1, wherein, The target capability is the capability of any of the following units: Expert Unit, Tool Unit, Embodied Action Unit; The capabilities of the expert unit include the capability of closed models, wherein the closed model is a neural network model or a large language model; The capabilities of the tool unit include the ability to enable intelligent agent applications to perceive the environment and make decisions; The capabilities of the embodied action unit include those that can be used in the execution phase of intelligent agent applications.
20. A capability rights management method, wherein, Applied to intelligent agent applications, the method includes: During the operation of the intelligent agent application, the system queries the information of the interface corresponding to the target capability type information, and the number of the target capability types is one or more; Receive information from the interface corresponding to the target capability type information; Call the interface corresponding to the target capability type information.
21. A capability rights management method, wherein, Applied to intelligent agent applications, the method includes: During the installation phase of the intelligent agent application, information on the interface corresponding to the target capability type is requested from the system, and the number of the target capability types is one or more. Receive information about the interface corresponding to the target capability type information.
22. An electronic device, comprising: It includes a processor and a memory, wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of any of the methods described in claims 1 to 21.
23. A computer readable storage medium, wherein, It includes a computer program that, when run on an electronic device, causes the electronic device to perform the steps of any of the methods described in claims 1 to 21.