Managing permission settings applied to applications
First Claim
Patent Images
1. A computer-implemented method comprising:
- identifying a plurality of management policies that apply to an application associated with a first perimeter of a plurality of perimeters on a device, each perimeter being associated with a separate file system on the device, wherein each of the plurality of management policies determines whether a resource on the device can be accessed, the plurality of management policies includes a first management policy and a second management policy and the plurality of management policies are received from one or more sources;
determining, for the application, a priority ranking for each of the plurality of management policies, wherein the priority ranking for at least one of the management policies is determined based on the association of the application with the first perimeter;
applying a permission setting to the application based on the priority rankings for the plurality of management policies, wherein applying the permission setting comprises;
determining that the first management policy conflicts with the second management policy; and
applying the second management policy in response to determining that the second management policy has a higher priority ranking than the first management policy;
determining that a source from which a management policy was received has rescinded the management policy; and
in response to determining that the source has rescinded the management policy, re-calculating a new priority ranking for each of remaining management policies.
8 Assignments
0 Petitions
Accused Products
Abstract
Some aspects of what is described here relate to managing permission settings applied to applications on a mobile device. Multiple management policies that apply to an application associated with a perimeter on a device are identified. A priority ranking for each management policy is determined for the application based on the perimeter with which the application is associated. A permission setting based on the priority rankings is applied to the application.
-
Citations
17 Claims
-
1. A computer-implemented method comprising:
-
identifying a plurality of management policies that apply to an application associated with a first perimeter of a plurality of perimeters on a device, each perimeter being associated with a separate file system on the device, wherein each of the plurality of management policies determines whether a resource on the device can be accessed, the plurality of management policies includes a first management policy and a second management policy and the plurality of management policies are received from one or more sources; determining, for the application, a priority ranking for each of the plurality of management policies, wherein the priority ranking for at least one of the management policies is determined based on the association of the application with the first perimeter; applying a permission setting to the application based on the priority rankings for the plurality of management policies, wherein applying the permission setting comprises; determining that the first management policy conflicts with the second management policy; and applying the second management policy in response to determining that the second management policy has a higher priority ranking than the first management policy; determining that a source from which a management policy was received has rescinded the management policy; and in response to determining that the source has rescinded the management policy, re-calculating a new priority ranking for each of remaining management policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A device comprising:
-
data processing hardware apparatus; and a computer-readable medium storing instructions executable by the data processing hardware apparatus to perform operations comprising; identifying a plurality of management policies that apply to an application associated with a first perimeter of a plurality of perimeters on a device, each perimeter being associated with a separate file system on the device, wherein each of the plurality of management policies determines whether a resource on the device can be accessed, the plurality of management policies includes a first management policy and a second management policy and the plurality of management policies are received from one or more sources; determining, for the application, a priority ranking for each of the plurality of management policies, the priority ranking for at least one of the management policies determined based on the association of the application with the first perimeter; applying a permission setting to the application based on the priority rankings for the plurality of management policies, wherein applying the permission setting comprises; determining that the first management policy conflicts with the second management policy; and applying the second management policy in response to determining that the second management policy has a higher priority ranking than the first management policy; determining that a source from which a management policy was received has rescinded the management policy; and in response to determining that the source has rescinded the management policy, re-calculating a new priority ranking for each of remaining management policies. - View Dependent Claims (11, 12, 13)
-
-
14. A non-transitory computer-readable medium storing instructions executable by data processing hardware apparatus to perform operations comprising:
-
identifying a plurality of management policies that apply to an application associated with a first perimeter of a plurality of perimeters on a device, each perimeter being associated with a separate file system on the device, wherein each of the plurality of management policies determines whether a resource on the device can be accessed, the plurality of management policies includes a first management policy and a second management policy and the plurality of management policies are received from one or more sources; determining, for the application, a priority ranking for each of the plurality of management policies, wherein the priority ranking for at least one of the management policies is determined based on the association of the application with the first perimeter; and applying a permission setting to the application based on the priority rankings for the plurality of management policies, wherein applying the permission setting comprises; determining that the first management policy conflicts with the second management policy; and applying the second management policy in response to determining that the second management policy has a higher priority ranking than the first management policy; determining that a source from which a management policy was received has rescinded the management policy; and in response to determining that the source has rescinded the management policy, re-calculating a new priority ranking for each of remaining management policies. - View Dependent Claims (15, 16, 17)
-
Specification