1. A processing method for an interface call request comprises the following steps:

receiving a call request for a first interface of an operating system from a client application; the first interface is used for acquiring privacy data;

acquiring first scene information, wherein the first scene information is the description information of the use scene of the first interface declared when the client application applies for the calling right of the first interface;

acquiring current scene information of the client application;

and executing the calling request under the condition that the current scene information is matched with the first scene information.

2. The method of claim 1, the first context information comprising a list of pages, a page in the list of pages being selected from pages of the client application; the current scene information comprises a current display page and a last display page of the client application;

the executing the call request under the condition that the current scene information is matched with the first scene information includes:

and executing the calling request under the condition that the current display page and the last display page are contained in the page list.

3. The method of claim 1, wherein the first context information comprises a list of interfaces, wherein an interface in the list of interfaces is selected from among the interfaces that invoke the first interface; the current scene information comprises a current calling interface and a last calling interface of the first interface;

the executing the call request under the condition that the current scene information is matched with the first scene information includes:

and executing the call request under the condition that the current call interface and the last call interface are contained in the interface list.

4. The method of claim 1, further comprising, prior to said receiving from the client application a call request for the first interface of the operating system:

receiving a call permission application for the first interface from the client application; the calling permission application at least comprises a usage scene of the first interface declared by the client application;

and configuring the first scene information according to the usage scene of the first interface declared by the client application.

5. The method of claim 4, the invocation authority application further including identity information of the client application; before the configuring the first scenario information, further comprising:

judging whether the client application has a calling authority aiming at the first interface or not according to the identity information;

the configuring the first scenario information according to the usage scenario of the first interface declared by the client application includes:

and under the condition that the client application has the calling authority, configuring the first scene information according to the use scene of the first interface declared by the client application.

6. A processing apparatus for an interface call request, comprising:

a receiving unit configured to receive a call request for a first interface of an operating system from a client application; the first interface is used for acquiring privacy data;

an obtaining unit, configured to obtain first scenario information, where the first scenario information is description information of a usage scenario of the first interface, which is declared when the client application applies for the call right of the first interface;

the obtaining unit is further configured to obtain current scene information of the client application;

and the execution unit is used for executing the calling request under the condition that the current scene information is matched with the first scene information.

7. The apparatus of claim 6, the first context information comprising a list of pages, a page in the list of pages being selected from pages of the client application; the current scene information comprises a current display page and a last display page of the client application;

the execution unit is specifically configured to:

and executing the calling request under the condition that the current display page and the last display page are contained in the page list.

8. The apparatus of claim 6, wherein the first scenario information comprises an interface list, wherein an interface in the interface list is selected from interfaces invoking the first interface; the current scene information comprises a current calling interface and a last calling interface of the first interface;

the execution unit is specifically configured to:

and executing the call request under the condition that the current call interface and the last call interface are contained in the interface list.

9. The apparatus of claim 6, the apparatus further comprising: a configuration unit;

the receiving unit is further configured to receive, from the client application, a call permission application for the first interface; the calling permission application at least comprises a usage scene of the first interface declared by the client application;

the configuration unit is configured to configure the first context information according to the usage context of the first interface declared by the client application.

10. The apparatus of claim 9, the application for invocation authority further comprising identity information of the client application; the device further comprises: a judgment unit;

the judging unit is used for judging whether the client application has a calling authority aiming at the first interface or not according to the identity information;

the configuration unit is specifically configured to:

and under the condition that the client application has the calling authority, configuring the first scene information according to the use scene of the first interface declared by the client application.

11. A computer-readable storage medium, on which a computer program is stored, wherein the computer program, when executed in a computer, causes the computer to perform the method of any of claims 1-5.

12. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor implements the method of any of claims 1-5.

Background

With the rapid development of internet technology, especially mobile internet technology, users can install various client applications on their mobile terminals, and these client applications can often obtain a large amount of private data from the mobile terminals. For these client applications, after any one of the client applications is attacked, an attacker can steal the private data of the user through the attacked client application (hereinafter referred to as malicious application). Therefore, it is highly desirable to provide a scheme for effectively protecting the private data of the user.

Disclosure of Invention

One or more embodiments of the present specification describe a method and an apparatus for processing an interface call request, which may implement effective protection of user private data.

In a first aspect, a method for processing an interface call request is provided, including:

receiving a call request for a first interface of an operating system from a client application; the first interface is used for acquiring privacy data;

acquiring first scene information, wherein the first scene information is the description information of the use scene of the first interface declared when the client application applies for the calling right of the first interface;

acquiring current scene information of the client application;

and executing the calling request under the condition that the current scene information is matched with the first scene information.

In one embodiment, the first scenario information includes a page list, and a page in the page list is selected from pages of the client application; the current scene information comprises a current display page and a last display page of the client application;

the executing the call request under the condition that the current scene information is matched with the first scene information includes:

and executing the calling request under the condition that the current display page and the last display page are contained in the page list.

In another embodiment, the first scenario information includes an interface list, where an interface in the interface list is selected from interfaces invoking the first interface; the current scene information comprises a current calling interface and a last calling interface of the first interface;

the executing the call request under the condition that the current scene information is matched with the first scene information includes:

and executing the call request under the condition that the current call interface and the last call interface are contained in the interface list.

In yet another embodiment, before the receiving, from the client application, a call request for the first interface of the operating system, the method further comprises:

receiving a call permission application for the first interface from the client application; the calling permission application at least comprises a usage scene of the first interface declared by the client application;

and configuring the first scene information according to the usage scene of the first interface declared by the client application.

In a further embodiment, the application for invoking rights further includes identity information of the client application; before the configuring the first scenario information, further comprising:

judging whether the client application has a calling authority aiming at the first interface or not according to the identity information;

the configuring the first scenario information according to the usage scenario of the first interface declared by the client application includes:

and under the condition that the client application has the calling authority, configuring the first scene information according to the use scene of the first interface declared by the client application.

In a second aspect, there is provided a processing apparatus for an interface call request, including:

a receiving unit configured to receive a call request for a first interface of an operating system from a client application; the first interface is used for acquiring privacy data;

an obtaining unit, configured to obtain first scenario information, where the first scenario information is description information of a usage scenario of the first interface, which is declared when the client application applies for the call right of the first interface;

the obtaining unit is further configured to obtain current scene information of the client application;

and the execution unit is used for executing the calling request under the condition that the current scene information is matched with the first scene information.

In one embodiment, the first scenario information includes a page list, and a page in the page list is selected from pages of the client application; the current scene information comprises a current display page and a last display page of the client application;

the execution unit is specifically configured to:

and executing the calling request under the condition that the current display page and the last display page are contained in the page list.

In another embodiment, the first scenario information includes an interface list, where an interface in the interface list is selected from interfaces invoking the first interface; the current scene information comprises a current calling interface and a last calling interface of the first interface;

the execution unit is specifically configured to:

and executing the call request under the condition that the current call interface and the last call interface are contained in the interface list.

In yet another embodiment, the apparatus further comprises: a configuration unit;

the receiving unit is further configured to receive, from the client application, a call permission application for the first interface; the calling permission application at least comprises a usage scene of the first interface declared by the client application;

the configuration unit is configured to configure the first context information according to the usage context of the first interface declared by the client application.

In a further embodiment, the application for invoking rights further includes identity information of the client application; the device further comprises: a judgment unit;

the judging unit is used for judging whether the client application has a calling authority aiming at the first interface or not according to the identity information;

the configuration unit is specifically configured to:

and under the condition that the client application has the calling authority, configuring the first scene information according to the use scene of the first interface declared by the client application.

In a third aspect, there is provided a computer storage medium having a computer program stored thereon, which, when executed in a computer, causes the computer to perform the method of the first aspect.

In a fourth aspect, there is provided a computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of the first aspect.

According to the processing method and device for the interface call request, the call request for the first interface of the operating system is received from the client application, and the first interface is used for obtaining the privacy data. The method comprises the steps of obtaining first scene information, wherein the first scene information is the description information of the use scene of a first interface, which is declared when a client application applies for the calling right of the first interface. And acquiring current scene information of the client application. And executing the calling request under the condition that the current scene information is matched with the first scene information. That is, in the solution provided in this specification, whether to execute the call request for the interface is determined by determining whether the current scene information matches the description information of the usage scene of the declared interface, so that the call request outside the usage scene of the declared interface can be effectively intercepted, and further, the user privacy data can be effectively protected.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.

FIG. 1 is a schematic diagram illustrating an implementation scenario of an embodiment disclosed herein;

fig. 2 is an interaction diagram of a scene information configuration method disclosed in an embodiment of the present specification;

FIG. 3 is an interaction diagram of a processing method for an interface call request according to an embodiment of the present disclosure;

FIG. 4 is a diagram illustrating a processing method for an interface call request according to an embodiment of the present disclosure;

fig. 5 is a schematic diagram of a processing device for an interface call request according to an embodiment of the present disclosure.

Detailed Description

The scheme provided by the specification is described below with reference to the accompanying drawings.

Before describing the solutions provided in the embodiments of the present specification, the following description will be made on the inventive concept of the present solution.

As described above, when various client applications are installed on a mobile terminal, there may be a problem in that an attacker steals user private data through an attack application. In order to solve the problem, some solutions propose that, in the process of installing the client application, the client application needs to declare a corresponding usage scenario for each privacy interface of the operating system that the client application wants to call (i.e. for obtaining privacy data). The client application then calls the corresponding privacy interface in its declared usage scenario.

However, in practical applications, a malicious application may often invoke the corresponding privacy interface beyond the usage scenario of the privacy interface declared by the malicious application. Therefore, the inventor of the present application proposes that when a client application calls a privacy interface of an operating system, current scene information of the client application is acquired first, and then the calling for the privacy interface is executed only when the current scene information matches description information of a usage scene of a declared privacy interface, so that security of user privacy data can be effectively ensured.

The above is the inventive concept provided by the embodiments of the present specification, and the following describes the solution provided by the present specification with reference to the inventive concept.

Fig. 1 is a schematic view of an implementation scenario of an embodiment disclosed in this specification. In fig. 1, the operating system may include interfaces 1-n, each of which is used to obtain private data. When installing the client application, the client application may apply for a call permission for each interface to the operating system, while declaring a usage scenario for each interface. The operating system can configure corresponding scene information for each interface according to the declared use scene of each interface. The scene information may be, for example, a page list or an interface list.

Thereafter, when the client application runs, it can send a call request to the operating system for any interface i. The operating system may obtain scene information i corresponding to interface i. And acquiring current scene information of the client application. And executing the calling request under the condition that the acquired scene information i is matched with the current scene information, otherwise intercepting the calling request.

It should be understood that, in practical applications, a plurality of different client applications may apply for the call authority for the interface 1-interface n to the operating system, so that the operating system may configure the context information corresponding to each interface for each client application. In other words, a scene information can be uniquely matched based on a client application and an interface.

As described above, the processing method for the interface call request provided in the embodiment of the present specification is executed based on the context information configured in the installation stage of the client application, and therefore, the following description is made first on the configuration method of the context information. Since the method of configuring the context information corresponding to each interface is similar for the client application, the following description will be given by taking the example of configuring the context information corresponding to one interface (hereinafter referred to as a first interface) for the client application.

Fig. 2 is an interaction diagram of a scene information configuration method disclosed in an embodiment of the present specification. As shown in fig. 2, the method may include the steps of:

step 202, the client application sends a call permission application for the first interface to the operating system.

In one example, during client application installation, it may send a call permission application for the first interface to the operating system.

The client application may include any one of the following: applications on mobile phones or Personal Computers (PCs), mobile phone applets, and applications on the internet of Things (IOT), etc. The first interface may be used to obtain private data, also referred to as a privacy interface. The private data may include, but is not limited to, a user's biometric features (e.g., facial features, fingerprints, or sound waves), location, address book, and the like.

The invoking authority application may include: a usage scenario of a first interface declared by a client application. The usage scenario here may be, for example, a face recognition scenario or a two-dimensional code scanning scenario.

In addition, the aforementioned invocation permission application may further include identity information of the client application, so that the operating system determines, based on the identity information, whether the client application has the invocation permission for the first interface. I.e. authenticating the client application.

Step 204, configuring first scenario information according to the usage scenario of the first interface declared by the client application.

It should be understood that, when the aforementioned invocation permission application further includes identity information of the client application, the first scenario information may be configured in a case where it is determined that the client application has the invocation permission for the first interface, or in a case where the client application passes authentication.

The first scenario information may be, for example, a page list, an interface list, or the like.

In a case that the first context information is a page list, configuring the first context information may include: and selecting a plurality of pages from the pages of the client application according to the usage scene of the first interface declared by the client application. A page list is formed based on the number of pages.

In a case that the first context information is an interface list, configuring the first context information may include: and selecting a plurality of interfaces from the interfaces calling the first interface according to the use scene of the first interface declared by the client application. An interface list is formed based on the number of interfaces.

Thus, the first scene information is obtained. Similarly, other context information may also be configured according to usage scenarios of other interfaces declared by the client application. And aiming at other client applications, configuring a plurality of pieces of scene information corresponding to the interfaces according to the calling scenes of the interfaces declared by the other client applications.

It should be understood that, after configuring, for the client application, the scenario information corresponding to each interface, the solution provided in the embodiments of the present specification may be executed.

Fig. 3 is an interaction diagram of a processing method for an interface call request according to an embodiment of the present disclosure. As shown in fig. 3, the method may include the steps of:

in step 302, the client application sends a call request for a first interface of the operating system to the operating system.

The client application here may include any of the following: applications on cell phones or Personal Computers (PCs), cell phone applets, and applications on the internet of things (IOT), etc.

The first interface may be used to obtain private data, also referred to as a privacy interface. The private data may include, but is not limited to, a user's biometric features, location, address book, etc.

Step 304, first scene information is obtained.

The first scenario information is the description information of the usage scenario of the first interface, which is declared when the client application applies for the calling right of the first interface.

As described above, in the installation stage of each client application, corresponding scene information may be configured for each privacy interface for which a call authority is applied. Thus, here, the first context information may be matched out of the pre-configured context information based on the client application currently sending the invocation request and the first interface.

The first scene information may be a page list, an interface list, or the like.

Step 306, current scene information of the client application is obtained.

In the case that the first scene information is a page list, the current scene information may include a current presentation page and a previous presentation page. The currently presented page here may be understood as a page presented to the user when the client application initiates a call request for the first interface.

In one example, each presentation page of the client application may be recorded by setting a buried point in the client application. Specifically, a buried point may be set in the client application in advance for the page show operation. Then, when the page display operation is executed in the client application, the corresponding buried point record display page can be triggered.

It should be understood that the current presentation page and the last presentation page may be obtained based on the recorded presentation pages of the client application.

Taking the first scenario information as an interface list as an example, the current scenario information may include a current call interface and a previous call interface. The current call interface is understood to be the interface that currently calls the first interface.

Similarly to the above-mentioned recording manner of the presentation page, each calling interface of the first interface may also be recorded by setting a buried point. And then obtaining the current calling interface and the last calling interface based on the recorded calling interfaces.

And 308, executing the calling request under the condition that the current scene information is matched with the first scene information.

Specifically, when the first context information is a page list, and the current context information includes a current display page and a previous display page of the client application, and when the current context information is matched with the first context information, the executing the call request includes: and executing the calling request under the condition that the current display page and the last display page are contained in the page list. Otherwise, if any page of the current display page and the last display page is not included in the page list, intercepting the call request.

When the first context information is an interface list, and the current context information includes a current call interface and a previous call interface of the first interface, and when the current context information is matched with the first context information, the executing the call request includes: in the case where the current call interface and the last call interface are included in the interface list, the call request is executed. Otherwise, if any interface of the current calling interface and the last calling interface is not included in the interface list, the calling request is intercepted.

In summary, the processing method for the interface call request provided in the embodiments of the present specification determines whether to execute the call request for the interface by determining whether the current scene information matches the description information of the usage scene of the declared interface, so that call requests outside the usage scene of the declared interface can be effectively intercepted, and further effective protection of user privacy data can be achieved.

The following describes a scheme provided in an embodiment of the present specification with first scene information as a page list.

Fig. 4 is a schematic diagram illustrating a processing method for an interface call request according to an embodiment of the present disclosure. In fig. 4, the operating system receives a call request for the first interface from the client application, and then determines the reasonableness of the call request. The rationality judgment herein may specifically include: the method comprises the steps of obtaining context state information of a client application, and extracting a current display page and a last display page of the client application from the context state information. And judging whether the current display page and the last display page are contained in a page list matched with the current client application and the first interface to obtain a judgment result. Finally, determining whether the calling request is reasonable or not based on the judgment result, and executing the calling request under the reasonable condition; in unreasonable cases, the call request is intercepted.

Corresponding to the processing method for the interface call request, an embodiment of the present specification further provides an apparatus for processing an interface call request, as shown in fig. 5, the apparatus may include:

a receiving unit 502, configured to receive, from a client application, a call request for a first interface of an operating system, where the first interface is used to obtain private data.

An obtaining unit 504, configured to obtain first scenario information, where the first scenario information is description information of a usage scenario of a first interface declared when a client application applies for a call right of the first interface.

The obtaining unit 504 is further configured to obtain current scene information of the client application.

An executing unit 506, configured to execute the call request when the current context information matches the first context information.

In one example, the first context information includes a list of pages, the pages in the list of pages being selected from pages of the client application. The current scene information includes a current presentation page and a last presentation page of the client application.

The execution unit 506 is specifically configured to:

and executing the calling request under the condition that the current display page and the last display page are contained in the page list.

In another example, the first context information includes a list of interfaces, the interfaces in the list of interfaces being selected from the interfaces that invoke the first interface. The current scene information comprises a current calling interface and a last calling interface of the first interface.

The execution unit 506 is specifically configured to:

in the case where the current call interface and the last call interface are included in the interface list, the call request is executed.

Optionally, the apparatus may further include: a configuration unit 508;

a receiving unit 502, configured to receive, from a client application, a call permission application for a first interface, where the call permission application includes at least a usage scenario of the first interface declared by the client application;

a configuration unit 508, configured to configure the first context information according to the usage context of the first interface declared by the client application.

The above-mentioned application for invoking the authority also includes the identity information of the client application, the apparatus may further include: a judgment unit 510;

a determining unit 510, configured to determine whether the client application has a call authority for the first interface according to the identity information;

the configuration unit 508 is specifically configured to:

and under the condition that the client application has the calling authority, configuring first scene information according to the use scene of the first interface declared by the client application.

The functions of each functional module of the device in the above embodiments of the present description may be implemented through each step of the above method embodiments, and therefore, a specific working process of the device provided in one embodiment of the present description is not repeated herein.

According to the processing device for the interface call request, provided by one embodiment of the specification, effective protection of user privacy data can be achieved.

According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2, 3 or 4.

According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory having stored therein executable code, and a processor that, when executing the executable code, implements the method described in conjunction with fig. 2, fig. 3, or fig. 4.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The steps of a method or algorithm described in connection with the disclosure herein may be embodied in hardware or may be embodied in software instructions executed by a processor. The software instructions may consist of corresponding software modules that may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, a hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an ASIC. Additionally, the ASIC may reside in a server. Of course, the processor and the storage medium may reside as discrete components in a server.

Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The above-mentioned embodiments, objects, technical solutions and advantages of the present specification are further described in detail, it should be understood that the above-mentioned embodiments are only specific embodiments of the present specification, and are not intended to limit the scope of the present specification, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present specification should be included in the scope of the present specification.