CN104091132B - Method, device and the routing device of plug-in unit are run on routing device - Google Patents
Method, device and the routing device of plug-in unit are run on routing device Download PDFInfo
- Publication number
- CN104091132B CN104091132B CN201410269810.7A CN201410269810A CN104091132B CN 104091132 B CN104091132 B CN 104091132B CN 201410269810 A CN201410269810 A CN 201410269810A CN 104091132 B CN104091132 B CN 104091132B
- Authority
- CN
- China
- Prior art keywords
- unit
- plug
- catalogue
- starting
- setting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/56—Routing software
Abstract
The disclosure is directed to a kind of method, device and routing device that plug-in unit is run on routing device, this method includes:Obtain the operating instruction for plug-in unit;The plug-in unit is obtained from the first setting catalogue in operating system;Process corresponding with the plug-in unit is created, and it is the described first setting catalogue to limit the addressing space of the process;The plug-in unit is run in the process.Because the addressing space of limiting process is only set under catalogue first, under the catalogue for installing plug-in unit, the catalogue for being commonly installed plug-in unit is not the catalogue of the system file preservation of operating system, therefore process can not access the system file of operating system, process thus can be effectively prevented to destroy the system file of the operating system of routing device, it is ensured that operating system normal work.
Description
Technical field
This disclosure relates to communication technical field, more particularly to a kind of method that plug-in unit is run on routing device, device and
Routing device.
Background technology
With developing rapidly for the communication technology, routing device is more and more intelligent, and intelligentized routing device is similar to one
The operating system of individual opening, can perform the operation such as installation, operation, unloading of plug-in unit.
But, when running plug-in unit on current routing device, usually occur that the system file in operating system is destroyed,
And then cause the problem of operating system is paralysed.Therefore, destruction operation system during plug-in component operation can be prevented by needing one kind badly at present
The plug-in component operation method of system.
The content of the invention
To overcome problem present in correlation technique, the disclosure provide a kind of method that plug-in unit is run on routing device,
Device and routing device.
According to the first aspect of the embodiment of the present disclosure there is provided a kind of method that plug-in unit is run on routing device, including:
Obtain the operating instruction for plug-in unit;
The plug-in unit is obtained from the first setting catalogue of operating system;
Process corresponding with the plug-in unit is created, and it is the described first setting catalogue to limit the addressing space of the process;
The plug-in unit is run in the process.
With reference in a first aspect, in the first possible implementation of first aspect, the acquisition is directed to the fortune of plug-in unit
The step of row instruction, includes:
After startup, the startup script that the plug-in unit is preserved under starting up's catalogue is called, the operating instruction is generated;Or
Person,
After startup, Manage Scripts are started from the second setting catalogue acquisition plug-in unit by the plug-in unit under starting up's catalogue
Configuration file, if the configuration file carry starting up mark, generate the operating instruction;If the configuration file is not
Starting up's mark is carried, then receives the operating instruction that client is sent.
With reference in a first aspect, in second of possible implementation of first aspect, the visit of the limitation process
Ask that the step of the described first setting catalogue is in space includes:
If other catalogues in operating system described in the process requested access in addition to the described first setting catalogue, by institute
Other catalogues are stated to be mounted under the first setting catalogue;
The attribute of other catalogues of the carry under the described first setting catalogue is set to read-only.
Second with reference to the first possible implementation or first aspect of first aspect, first aspect is possible
Implementation, in the third possible implementation of first aspect, methods described also includes:
The identification information of the process is recorded in process list.
With reference in a first aspect, in the 4th kind of possible implementation of first aspect, methods described also includes:
Obtain the installation instruction for the plug-in unit;
The corresponding compressed package of the plug-in unit is obtained, the compressed package includes the plug-in unit, the corresponding dynamic chain of the plug-in unit
Connect storehouse, configuration file and digital certificate;
Certification is decrypted to the compressed package according to the digital certificate and the public key prestored;
If the plug-in unit and the dynamic link library are stored in first setting by the compressed package by decrypted authentication
Under catalogue, the configuration file is stored under the second setting catalogue.
With reference to the 4th kind of possible implementation of first aspect, in the 5th kind of possible implementation of first aspect
In, methods described also includes:
If the configuration file carries starting up's mark, the startup pin of the plug-in unit is added under starting up's catalogue
This.
With reference in a first aspect, in the 6th kind of possible implementation of first aspect, methods described also includes:
Obtain the unloading command for the plug-in unit;
After determining that the plug-in unit is out of service, detect whether to delete opening for the plug-in unit under starting up's catalogue
Dynamic script;
If deleting the startup script of the plug-in unit under starting up's catalogue, the first setting mesh is emptied
Record.
With reference to the 6th kind of possible implementation of first aspect, in the 7th kind of possible implementation of first aspect
In, the step for determining that the plug-in unit is out of service includes:
It whether there is the identification information of process corresponding with the plug-in unit in detection procedure list;
If the identification information of process corresponding with the plug-in unit is not present in the process list, it is determined that the plug-in unit stops
Only run;
If there is the identification information of process corresponding with the plug-in unit in the process list, delete and the plug-in unit pair
The identification information for the process answered.
According to the second aspect of the embodiment of the present disclosure there is provided a kind of device that plug-in unit is run on routing device, including:
First acquisition module, for obtaining the operating instruction for plug-in unit;
Second acquisition module, for obtaining the plug-in unit from the first setting catalogue of operating system;
Module is limited, for creating process corresponding with the plug-in unit, and it is described to limit the addressing space of the process
First setting catalogue;
Module is run, for running the plug-in unit in the process.
With reference to second aspect, in the first possible implementation of second aspect, first acquisition module includes:
Generation unit, after startup, calls the startup script that the plug-in unit is preserved under starting up's catalogue, generation is described
Operating instruction;Or,
Processing unit, after startup, Manage Scripts are started from the second setting mesh by the plug-in unit under starting up's catalogue
Record obtains the configuration file of the plug-in unit, if the configuration file carries starting up's mark, generates the operating instruction, if
The configuration file does not carry starting up's mark, then receives the operating instruction that client is sent.
With reference to second aspect, in second of possible implementation of second aspect, the limitation module includes:
Carry unit, if in operating system described in the process requested access except described first setting catalogue in addition to its
Other catalogues, then be mounted under the first setting catalogue by its catalogue;
Setting unit, the attribute for other catalogues by carry under the described first setting catalogue is set to read-only.
Second with reference to the first possible implementation or second aspect of second aspect, second aspect is possible
Implementation, in the third possible implementation of second aspect, described device also includes:
Logging modle, the identification information for recording the process in process list.
With reference to second aspect, in the 4th kind of possible implementation of second aspect, described device also includes:
3rd acquisition module, for obtaining the installation instruction for the plug-in unit;
4th acquisition module, for obtaining the corresponding compressed package of the plug-in unit, the compressed package includes the plug-in unit, described
The corresponding dynamic link library of plug-in unit, configuration file and digital certificate;
Decrypted authentication module, for being decrypted and recognizing to the compressed package according to the digital certificate and the public key prestored
Card;
Memory module, if for the compressed package by decrypted authentication, by the plug-in unit and the dynamic link library storage
Under the described first setting catalogue, the configuration file is stored under the second setting catalogue.
With reference to the 4th kind of possible implementation of second aspect, in the 5th kind of possible implementation of second aspect
In, described device also includes:
Add module, if carrying starting up's mark for the configuration file, adds described under starting up's catalogue
The startup script of plug-in unit.
With reference to second aspect, in the 6th kind of possible implementation of second aspect, described device also includes:
5th acquisition module, for obtaining the unloading command for the plug-in unit;
Detection module, after determining that the plug-in unit is out of service, detects whether to delete under starting up's catalogue
Except the startup script of the plug-in unit;
Module is emptied, if the startup script for deleting the plug-in unit under starting up's catalogue, empties institute
State the first setting catalogue.
With reference to the 6th kind of possible implementation of second aspect, in the 7th kind of possible implementation of second aspect
In, the detection module includes:
Detection unit, the identification information for whether there is process corresponding with the plug-in unit in detection procedure list;
Determining unit, if the identification information for process corresponding with the plug-in unit to be not present in the process list,
Determine that the plug-in unit is out of service;If there is the identification information of process corresponding with the plug-in unit in the process list, delete
Except the identification information of process corresponding with the plug-in unit.
According to the third aspect of the embodiment of the present disclosure there is provided a kind of routing device, including:
Processor;
Memory for storing processor-executable instruction;
Wherein, the processor is configured as:
Obtain the operating instruction for plug-in unit;
The plug-in unit is obtained from the first setting catalogue of operating system;
Process corresponding with the plug-in unit is created, and it is the described first setting catalogue to limit the addressing space of the process;
The plug-in unit is run in the process.
The technical scheme provided by this disclosed embodiment can include the following benefits:The operation obtained for plug-in unit refers to
Order, plug-in unit is obtained from the first setting catalogue of operating system, creates process corresponding with plug-in unit, and the access of limiting process is empty
Between for first setting catalogue, the plug-in unit is run in process, due to limiting process addressing space only first set mesh
Under record, that is, under the catalogue for installing plug-in unit, the catalogue for being commonly installed plug-in unit is not the catalogue of the system file preservation of operating system, because
This process can not access the system file of operating system, thus can effectively prevent process from destroying the operating system of routing device
System file, it is ensured that operating system normal work.
It should be appreciated that the general description of the above and detailed description hereinafter are only exemplary and explanatory, not
The disclosure can be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the implementation for meeting the present invention
Example, and for explaining principle of the invention together with specification.
Fig. 1 is a kind of flow chart of method that plug-in unit is run on routing device according to an exemplary embodiment.
Fig. 2 is a kind of flow chart that plug-in unit is installed on routing device according to an exemplary embodiment.
Fig. 3 is a kind of flow chart that plug-in unit is unloaded on routing device according to an exemplary embodiment.
Fig. 4 is a kind of flow chart of method that plug-in unit is run on routing device according to an exemplary embodiment.
Fig. 5 is the block diagram that the first according to an exemplary embodiment runs insert arrangement on routing device.
Fig. 6 is a kind of block diagram of limitation module according to an exemplary embodiment.
Fig. 7 is the block diagram of second of operation insert arrangement on routing device according to an exemplary embodiment.
Fig. 8 is the block diagram that the third according to an exemplary embodiment runs insert arrangement on routing device.
Fig. 9 is the block diagram of the 4th kind of operation insert arrangement on routing device according to an exemplary embodiment.
Figure 10 is the block diagram of the 5th kind of operation insert arrangement on routing device according to an exemplary embodiment.
Figure 11 is a kind of block diagram of detection module according to an exemplary embodiment.
Figure 12 is a kind of block diagram of routing device according to an exemplary embodiment.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with as appended
The example of the consistent apparatus and method of some aspects be described in detail in claims, the present invention.
Fig. 1 is a kind of flow chart of method that plug-in unit is run on routing device according to an exemplary embodiment,
As shown in figure 1, this method is used in routing device, comprise the following steps.
In step s 11, the operating instruction for plug-in unit is obtained.
The operating instruction demonstrates the need for running the plug-in unit.
In step s 12, plug-in unit is obtained from the first setting catalogue of operating system.
Plug-in unit is arranged in the first setting catalogue of the operating system of routing device, is referred to when getting the operation for plug-in unit
After order, the plug-in unit can be obtained into the first setting catalogue.
In step s 13, process corresponding with plug-in unit is created, and the addressing space of limiting process is the first setting catalogue.
When operating system is different, the instrument and function that establishment process is used also are differed.Assuming that operating system is linux systems
System, can specially create an instrument, the process corresponding with plug-in unit of fork function creations one is called using the instrument.
Because operation plug-in unit is primary concern is that safety problem, if plug-in unit is deliberated under the root of deletion action system
System file, it will crushing blow is caused to operating system, so needing to limit the addressing space of process corresponding with plug-in unit.
Such as, plug-in unit is arranged under PluginsFolder/ID/, and process corresponding with plug-in unit should can only access the text under the catalogue
Part, it is impossible to access the root that other catalogues, i.e. PluginsFolder/ID/ are exactly the plug-in unit, calls chroot orders will
PluginsFolder/ID/ is used as its root, it is possible to achieve limit the addressing space of the process.
In step S14, plug-in unit is run in process.
Continue to use the example above, exec functions can be called to run plug-in unit in process.
In the program, the operating instruction for plug-in unit is obtained, plug-in unit is obtained from the first setting catalogue of operating system, creates
Process corresponding with plug-in unit is built, and the addressing space of limiting process is the first setting catalogue, and the plug-in unit is run in process, by
Only set in the addressing space of limiting process first under catalogue, that is, under the catalogue for installing plug-in unit, be commonly installed the mesh of plug-in unit
Record is not the catalogue of the system file preservation of operating system, therefore process can not access the system file of operating system, thus
Process can be effectively prevented to destroy the system file of the operating system of routing device, it is ensured that operating system normal work.
The step of acquisition in above-mentioned S11 is directed to the operating instruction of plug-in unit can include following two situations:
The first situation, after startup, calls the startup script that plug-in unit is preserved under starting up's catalogue, generating run instruction.
If operation when the plug-in unit needs starting up is inserted, it is necessary to preserve this under starting up's catalogue when installing plug-in unit
The startup script of part, starting up's catalogue can be/etc/init.d.
After routing device starts, the startup script that plug-in unit is preserved under starting up's catalogue, generating run instruction can be called.
Second of situation, after startup, Manage Scripts are started from the second setting catalogue by the plug-in unit under starting up's catalogue
The configuration file of plug-in unit is obtained, if configuration file carries starting up's mark, generating run instruction, if configuration file is not carried
Starting up identifies, then receives the operating instruction that client is sent.
If the plug-in unit needs to run during starting up, plug-in unit can also be preserved under starting up's catalogue and starts management pin
This.Start after routing device, plug-in unit starts Manage Scripts and goes the second setting catalogue to obtain the configuration file of plug-in unit, and is detecting
Configuration file is carried after starting up's mark, generating run instruction.If the plug-in unit does not need starting up, it can be needed by user
When running the plug-in unit, operating instruction is sent by client.
Wherein, the second setting catalogue can be PluginsFolder/Register, and configuration file can be expressed as
manifest。
The step of addressing space of limiting process in above-mentioned S13 is the first setting catalogue includes:
If other catalogues in process requested access operating system in addition to the first setting catalogue, other catalogues are mounted to
Under first setting catalogue;
The attribute of other catalogues of the carry under the first setting catalogue is set to read-only.
If process corresponding with plug-in unit must access the system text below the system file of operating system, such as/usr/bin
Part, can use carry (mount bind) technology, and general/usr/bin catalogues are mounted in PluginsFolder/ID catalogues, obtained
To PluginsFolder/ID/usr/bin catalogues, then the attribute of PluginsFolder/ID/usr/bin catalogues is set for only
Read, thus can be using the addressing space of limiting process as PluginsFolder/ID/, and due to PluginsFolder/ID/
The attribute of usr/bin catalogues to be read-only, process can not right/usr/bin carry out destruction operation, so as to effectively prevent process from breaking
The system file of bad operating system, it is ensured that operating system normal work.
Can also in process list record the process identification information, consequently facilitating plug-in unit out of service or unloading insert
Part.
Fig. 2 is a kind of flow chart that plug-in unit is installed on routing device according to an exemplary embodiment, such as Fig. 2 institutes
Show, this method is used in routing device, comprises the following steps.
In the step s 21, the installation instruction for plug-in unit is obtained.
For example, it may be receiving the installation instruction for plug-in unit that client is sent.
In step S22, obtain the corresponding compressed package of plug-in unit, compressed package include plug-in unit, the corresponding dynamic link library of plug-in unit,
Configuration file and digital certificate.
For example, from the download of plug-in unit shop or the corresponding compressed package of the plug-in unit can locally be uploaded.
In step S23, certification is decrypted to compressed package according to digital certificate and the public key prestored.
For example, because compressed package is generally all by encrypting, can prestore a public key on routing device, according in compressed package
Digital certificate and the public key that prestores can be carried out decrypted authentication.
In step s 24, if plug-in unit and dynamic link library are stored in the first setting catalogue by compressed package by decrypted authentication
Under, configuration file is stored under the second setting catalogue.
If the file in compressed package is stored under fixed catalogue by compressed package by decrypted authentication, the catalogue is plug-in unit
Unified installation site.Assuming that fixed catalogue is PluginsFolder, each plug-in unit has an identification information (being designated as ID),
The plug-in unit and dynamic link library obtained after decompression can be stored in below PluginsFolder/ID/ this catalogue, i.e., first sets
The configuration file storage for determining to obtain after catalogue, decompression is arrived below PluginsFolder/Register catalogues, i.e., the second setting mesh
Record.
If configuration file carries starting up's mark, the startup script of plug-in unit is added under starting up's catalogue.If configuration
File carries starting up's mark, that is to say, that the plug-in unit needs starting up, then plug-in unit is added under starting up's catalogue
Start script, you can realize starting up's plug-in unit.
Fig. 3 is a kind of flow chart that plug-in unit is unloaded on routing device according to an exemplary embodiment, such as Fig. 3 institutes
Show, this method is used in routing device, comprises the following steps.
In step S31, the unloading command for plug-in unit is obtained.
In step s 32, after determining that plug-in unit is out of service, detection starting up's catalogue under whether the startup pin of memory card
This.
If the startup script of memory card under starting up's catalogue, in step S33, the startup script of plug-in unit is deleted.
In step S34, the first setting catalogue is emptied.
If for example, under starting up's catalogue non-memory card startup script, perform step S34.
Because the plug-in unit is arranged under the first setting catalogue, confirming to delete opening for the plug-in unit under starting up's catalogue
After dynamic script, it can empty under the first setting catalogue, so as to realize the unloading plug-in unit.
Determination plug-in unit in above-mentioned S32 step out of service includes:
It whether there is the identification information of process corresponding with plug-in unit in detection procedure list;
If the identification information of process corresponding with plug-in unit is not present in process list, it is determined that plug-in unit is out of service;
If there is the identification information of process corresponding with plug-in unit in process list, the mark of process corresponding with plug-in unit is deleted
Know information.
So, it can determine to insert by with the presence or absence of the identification information of process corresponding with plug-in unit in detection procedure list
Whether part is out of service.
Fig. 4 is the method flow diagram according to an exemplary embodiment, as shown in figure 4, this method is used for routing device
In, it is assumed that the operating system on routing device is linux system, and this method comprises the following steps.
In step S411, the installation instruction for plug-in unit is obtained.
When user needs to install plug-in unit on routing device, it can be sent by client to routing device and be directed to plug-in unit
Installation instruction.For example, after have selected plug-in unit A in application shop, when the plug-in unit is arranged on router B by selection, service
Device sends plug-in unit A installation kit to router B.Meanwhile, router B receives the installation instruction for plug-in unit.
In step S412, the corresponding compressed package of plug-in unit is obtained, compressed package includes plug-in unit, the corresponding dynamic link of plug-in unit
Storehouse, configuration file and digital certificate.
Plug-in unit is executable file, and the corresponding dynamic link library of plug-in unit is the dynamic link that executable file may be used
Storehouse, configuration file is that, for describing executable file, digital certificate is for decrypted authentication.
In step S413, certification is decrypted to compressed package according to digital certificate and the public key prestored.
Because compressed package is generally all by encryption, the fixed position on routing device can prestore a public key, for pressure
Certification is decrypted in contracting bag.
In step S414, if plug-in unit and dynamic link library are stored in the first setting mesh by compressed package by decrypted authentication
Under record, configuration file is stored under the second setting catalogue.
File in general compressed package is stored under fixed catalogue, and the fixation catalogue is the unified installation site of plug-in unit.It is false
If fixed catalogue is PluginsFolder, each plug-in unit has an ID, then first sets catalogue as PluginsFolder/
The plug-in unit and dynamic link library obtained after ID/, decompression can be stored under the catalogue, second set catalogue as
The configuration file obtained after PluginsFolder/Register, decompression is stored under the catalogue.
In step S415, when configuration file carries starting up's mark, opening for plug-in unit is added under starting up's catalogue
Dynamic script.For example, in linux system, starting up's catalogue is /etc/init.d.
In step S416, the operating instruction for plug-in unit is obtained.
Following two situations can be included in the step:
The first situation, after startup, calls the startup script that plug-in unit is preserved under starting up's catalogue, generating run instruction.
If the plug-in unit needs to run during starting up, can call/etc/init.d preserves the startup script of plug-in unit, raw
Into operating instruction.
Second of situation, after startup, Manage Scripts are started from the second setting catalogue by the plug-in unit under starting up's catalogue
The configuration file of plug-in unit is obtained, if configuration file carries starting up's mark, generating run instruction, if configuration file is not carried
Starting up identifies, then receives the operating instruction that client is sent.
If the plug-in unit needs to run during starting up, plug-in unit can also be preserved under/etc/init.d and starts management pin
This.Start after routing device, plug-in unit starts the configuration file that Manage Scripts go PluginsFolder/Register to obtain plug-in unit,
And after configuration file carrying starting up's mark is detected, generating run instruction.If the plug-in unit does not need starting up, can
During needing to run the plug-in unit by user, operating instruction is sent by client.Configuration file can be expressed as manifest.
In step S417, plug-in unit is obtained from the first setting catalogue of operating system.
The plug-in unit is obtained from PluginsFolder/ID/.
In step S418, process corresponding with plug-in unit is created, and the addressing space of limiting process is the first setting catalogue.
In Linux system, an instrument can be specially created, fork function creations one are called with inserting using the instrument
The corresponding process of part.The addressing space of process is PluginsFolder/ID/, and the catalogue is exactly the root of plug-in unit, is called
Chroot orders regard PluginsFolder/ID/ as its root, it is possible to achieve limit the addressing space of the process.
If process corresponding with plug-in unit must access the system below the system file of linux system, such as/usr/bin
File, can use bind technologies, and general/usr/bin catalogues are mounted in PluginsFolder/ID catalogues, obtained
PluginsFolder/ID/usr/bin catalogues, then set the attribute of PluginsFolder/ID/usr/bin catalogues for only
Read, thus can be using the addressing space of limiting process as PluginsFolder/ID/, and due to PluginsFolder/ID/
The attribute of usr/bin catalogues to be read-only, process can not right/usr/bin carry out destruction operation, so as to effectively prevent process from breaking
The system file of bad operating system, it is ensured that operating system normal work.
In step S419, plug-in unit is run in process, the ID of the process of the plug-in unit is recorded in process list.
For example, exec functions can be called to run plug-in unit in process.
In the step s 420, the unloading command for plug-in unit is obtained.
When user will unload the plug-in unit on routing device, it can be sent by client to routing device for plug-in unit
Unloading command.
In step S421, after determining that plug-in unit is out of service, detection starting up's catalogue under whether the startup of memory card
Script.
For example, can determine to insert by with the presence or absence of the identification information of process corresponding with plug-in unit in detection procedure list
Whether part is out of service, if the identification information of process corresponding with plug-in unit is not present in process list, it is determined that plug-in unit stops fortune
OK;If there is the identification information of process corresponding with plug-in unit in process list, the mark letter of process corresponding with plug-in unit is deleted
Breath, so that it is out of service to also determine plug-in unit.
If the startup script of memory card under starting up's catalogue, in step S422, the startup script of plug-in unit is deleted.
In step S423, the first setting catalogue is emptied.
If the startup script of non-memory card under starting up's catalogue, step S423 is performed.
Because the plug-in unit is arranged under PluginsFolder/ID/, confirming to delete the plug-in unit under/etc/init.d
Startup script after, PluginsFolder/ID/ can be emptied, thus realize unloading the plug-in unit.
Fig. 5 is the device block diagram that the first according to an exemplary embodiment runs plug-in unit on routing device.Ginseng
According to Fig. 5, the device includes the first acquisition module 511, the second acquisition module 512, limitation module 513 and operation module 514.
First acquisition module 511 is configured as, and obtains the operating instruction for plug-in unit.
Second acquisition module 512 is configured as, and plug-in unit is obtained from the first setting catalogue of operating system.
The limitation module 513 is configured as, and creates process corresponding with plug-in unit, and the addressing space of limiting process is first
Set catalogue.
The operation module 514 is configured as, and plug-in unit is run in process.
First acquisition module 511 includes generation unit and processing unit alternative one.
The generation unit is configured as, after startup, calls the startup script that plug-in unit is preserved under starting up's catalogue, generation fortune
Row instruction.
The processing unit is configured as, after startup, and Manage Scripts are started from second by the plug-in unit under starting up's catalogue
The configuration file that catalogue obtains plug-in unit is set, if configuration file carries starting up's mark, generating run instruction, if described match somebody with somebody
Put file and do not carry starting up's mark, then receive the operating instruction that client is sent.
As shown in fig. 6, the limitation module 513 includes carry unit 5131 and setting unit 5132.
The carry unit 5131 is configured as, if other in addition to the first setting catalogue in process requested access operating system
Other catalogues, then be mounted under the first setting catalogue by catalogue.
The setting unit 5132 is configured as, and the attribute of other catalogues of the carry under the first setting catalogue is set to only
Read.
The device of plug-in unit is run on routing device as shown in fig. 7, on the basis of device as shown in Figure 5 second,
Also include logging modle 515.
The logging modle 515 is configured as, the identification information of record the process in process list.
The third runs the device of plug-in unit as shown in figure 8, on the basis of device as shown in Figure 5 on routing device,
Also include the 3rd acquisition module 516, the 4th acquisition module 517, decrypted authentication module 518 and memory module 519.
3rd acquisition module 516 is configured as, and obtains the installation instruction for plug-in unit.
4th acquisition module 517 is configured as, and obtains the corresponding compressed package of plug-in unit, and compressed package includes plug-in unit, plug-in unit pair
Dynamic link library, configuration file and the digital certificate answered.
The decrypted authentication module 518 is configured as, and compressed package is decrypted and recognized according to digital certificate and the public key prestored
Card.
The memory module 519 is configured as, if plug-in unit and dynamic link library are stored in by compressed package by decrypted authentication
Under one setting catalogue, configuration file is stored under the second setting catalogue.
4th kind is run the device of plug-in unit as shown in figure 9, on the basis of device as shown in Figure 8 on routing device,
Also include add module 520.
The add module 520 is configured as, if configuration file carries starting up's mark, is added under starting up's catalogue
The startup script of plug-in unit.
5th kind is run the device of plug-in unit as shown in Figure 10 on routing device, on the basis of device as shown in Figure 5,
Also include the 5th acquisition module 521, detection module 522 and empty module 523.
5th acquisition module 521 is configured to obtain the unloading command for plug-in unit.
The detection module 522 is configured as, after determining that plug-in unit is out of service, detects whether to delete under starting up's catalogue
Except the startup script of plug-in unit.
This empties module 523 and is configured as, if deleting the startup script of plug-in unit under starting up's catalogue, empties the
One setting catalogue.
As shown in figure 11, the detection module 522 includes detection unit 5221 and determining unit 5222.
The detection unit 5221 is configured as, and the mark in detection procedure list with the presence or absence of process corresponding with plug-in unit is believed
Breath.
The determining unit 5222 is configured as, if the identification information of process corresponding with plug-in unit is not present in process list,
Then determine that plug-in unit is out of service;If there is the identification information of process corresponding with plug-in unit in process list, delete and plug-in unit pair
The identification information for the process answered.
On the device in above-described embodiment, wherein modules perform the concrete mode of operation in relevant this method
Embodiment in be described in detail, explanation will be not set forth in detail herein.
Figure 12 is a kind of device 1900 for being used to run plug-in unit on routing device according to an exemplary embodiment
Block diagram.For example, device 1900 may be provided in a routing device.Reference picture 12, device 1900 includes processing assembly 1922,
It further comprises one or more processors, and as the memory resource representated by memory 1932, can be by for storing
The instruction of the execution of processing assembly 1922, such as application program.The application program stored in memory 1932 can include one
Or it is more than one each correspond to the module of one group of instruction.In addition, processing assembly 1922 is configured as execute instruction, to hold
The above-mentioned method that plug-in unit is run on routing device of row.
Device 1900 can also include the power management that a power supply module 1926 is configured as performs device 1900, one
Wired or wireless network interface 1950 is configured as device 1900 being connected to network, and input and output (I/O) interface
1958.Device 1900 can be operated based on the operating system for being stored in memory 1932, such as Windows ServerTM, Mac
OS XTM, UnixTM, LinuxTM, FreeBSDTM or similar.
A kind of routing device is provided in one embodiment, including:
Processor;
Memory for storing processor-executable instruction;
Wherein, the processor is configured as:
Obtain the operating instruction for plug-in unit;
The plug-in unit is obtained from the first setting catalogue of operating system;
Process corresponding with the plug-in unit is created, and it is the described first setting catalogue to limit the addressing space of the process;
The plug-in unit is run in the process.
Optionally, in another embodiment, the step of acquisition is directed to the operating instruction of plug-in unit includes:
After startup, the startup script that the plug-in unit is preserved under starting up's catalogue is called, the operating instruction is generated;Or
Person,
After startup, Manage Scripts are started from the second setting catalogue acquisition plug-in unit by the plug-in unit under starting up's catalogue
Configuration file, if the configuration file carry starting up mark, the operating instruction is generated, if the configuration file is not
Starting up's mark is carried, then receives the operating instruction that client is sent.
Optionally, in another embodiment, the step of addressing space of the process is the described first setting catalogue is limited
Including:
If other catalogues in operating system described in the process requested access in addition to the described first setting catalogue, by institute
Other catalogues are stated to be mounted under the first setting catalogue;
The attribute of other catalogues of the carry under the described first setting catalogue is set to read-only.
Optionally, in another embodiment, the identification information of the process is recorded in process list.
Optionally, in another embodiment, the installation instruction for the plug-in unit is obtained;Obtain the corresponding pressure of the plug-in unit
Contracting bag, the compressed package includes the plug-in unit, the corresponding dynamic link library of the plug-in unit, configuration file and digital certificate;According to
Certification is decrypted to the compressed package in the digital certificate and the public key prestored;, will if the compressed package is by decrypted authentication
The plug-in unit and the dynamic link library are stored under the first setting catalogue, and the configuration file is stored in into the second setting
Under catalogue.
Optionally, in another embodiment, if configuration file carries starting up's mark, added under starting up's catalogue
The startup script of plug-in unit.
Optionally, in another embodiment, the unloading command for plug-in unit is obtained;After determining that plug-in unit is out of service, detection
Whether the startup script of the plug-in unit has been deleted under starting up's catalogue;If opening for plug-in unit is deleted under starting up's catalogue
Dynamic script, then empty the first setting catalogue.
Optionally, in another embodiment, determine that plug-in unit step out of service includes:
It whether there is the identification information of process corresponding with the plug-in unit in detection procedure list;
If the identification information of process corresponding with the plug-in unit is not present in the process list, it is determined that the plug-in unit stops
Only run;
If there is the identification information of process corresponding with the plug-in unit in the process list, delete and the plug-in unit pair
The identification information for the process answered.
The embodiment of the present disclosure provides a kind of non-transitorycomputer readable storage medium, the instruction in the storage medium
By the computing device of routing device when so that routing device be able to carry out it is a kind of on routing device run plug-in unit method,
Methods described includes:
Obtain the operating instruction for plug-in unit;
Plug-in unit is obtained from the first setting catalogue of operating system;
Process corresponding with plug-in unit is created, and the addressing space of limiting process is the first setting catalogue;
Plug-in unit is run in process.
The step of acquisition is directed to the operating instruction of plug-in unit includes:
After startup, the startup script that the plug-in unit is preserved under starting up's catalogue is called, the operating instruction is generated;Or
Person,
After startup, Manage Scripts are started from the second setting catalogue acquisition plug-in unit by the plug-in unit under starting up's catalogue
Configuration file, if the configuration file carry starting up mark, the operating instruction is generated, if the configuration file is not
Starting up's mark is carried, then receives the operating instruction that client is sent.
The step of addressing space of the limitation process is the described first setting catalogue includes:
If other catalogues in operating system described in the process requested access in addition to the described first setting catalogue, by institute
Other catalogues are stated to be mounted under the first setting catalogue;
The attribute of other catalogues of the carry under the described first setting catalogue is set to read-only.
Methods described also includes:
The identification information of the process is recorded in process list.
Methods described also includes:
Obtain the installation instruction for the plug-in unit;
The corresponding compressed package of the plug-in unit is obtained, the compressed package includes the plug-in unit, the corresponding dynamic chain of the plug-in unit
Connect storehouse, configuration file and digital certificate;
Certification is decrypted to the compressed package according to the digital certificate and the public key prestored;
If the plug-in unit and the dynamic link library are stored in first setting by the compressed package by decrypted authentication
Under catalogue, the configuration file is stored under the second setting catalogue.
Methods described also includes:
If the configuration file carries starting up's mark, the startup pin of the plug-in unit is added under starting up's catalogue
This.
Methods described also includes:
Obtain the unloading command for the plug-in unit;
After determining that the plug-in unit is out of service, detect whether to delete opening for the plug-in unit under starting up's catalogue
Dynamic script;
If deleting the startup script of the plug-in unit under starting up's catalogue, the first setting mesh is emptied
Record.
The step for determining that the plug-in unit is out of service includes:
It whether there is the identification information of process corresponding with the plug-in unit in detection procedure list;
If the identification information of process corresponding with the plug-in unit is not present in the process list, it is determined that the plug-in unit stops
Only run;
If there is the identification information of process corresponding with the plug-in unit in the process list, delete and the plug-in unit pair
The identification information for the process answered.
Those skilled in the art will readily occur to its of the present invention after considering specification and putting into practice invention disclosed herein
Its embodiment.The application be intended to the present invention any modification, purposes or adaptations, these modifications, purposes or
Person's adaptations follow the general principle of the present invention and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.Description and embodiments are considered only as exemplary, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be appreciated that the invention is not limited in the precision architecture for being described above and being shown in the drawings, and
And various modifications and changes can be being carried out without departing from the scope.The scope of the present invention is only limited by appended claim.
Claims (15)
1. a kind of method that plug-in unit is run on routing device, it is characterised in that including:
Obtain the operating instruction for plug-in unit;
The plug-in unit is obtained from the first setting catalogue of operating system;
Process corresponding with the plug-in unit is created, and it is the described first setting catalogue to limit the addressing space of the process;
The plug-in unit is run in the process, wherein,
The step of acquisition is directed to the operating instruction of plug-in unit includes:
After startup, the startup script that the plug-in unit is preserved under starting up's catalogue is called, the operating instruction is generated;Or,
After startup, Manage Scripts matching somebody with somebody from the second setting catalogue acquisition plug-in unit is started by the plug-in unit under starting up's catalogue
File is put, if the configuration file carries starting up's mark, the operating instruction is generated, if the configuration file is not carried
Starting up's mark, then receive the operating instruction that client is sent.
2. according to the method described in claim 1, it is characterised in that the addressing space of the limitation process is described first
The step of setting catalogue, includes:
If other catalogues in operating system described in the process requested access in addition to the described first setting catalogue, will it is described its
Its catalogue is mounted under the first setting catalogue;
The attribute of other catalogues of the carry under the described first setting catalogue is set to read-only.
3. method according to claim 1 or 2, it is characterised in that methods described also includes:
The identification information of the process is recorded in process list.
4. the method as described in claim 1, it is characterised in that methods described also includes:
Obtain the installation instruction for the plug-in unit;
Obtain the corresponding compressed package of the plug-in unit, the compressed package include the plug-in unit, the corresponding dynamic link library of the plug-in unit,
Configuration file and digital certificate;
Certification is decrypted to the compressed package according to the digital certificate and the public key prestored;
If the plug-in unit and the dynamic link library are stored in the first setting catalogue by the compressed package by decrypted authentication
Under, the configuration file is stored under the second setting catalogue.
5. method according to claim 4, it is characterised in that methods described also includes:
If the configuration file carries starting up's mark, the startup script of the plug-in unit is added under starting up's catalogue.
6. the method as described in claim 1, it is characterised in that methods described also includes:
Obtain the unloading command for the plug-in unit;
After determining that the plug-in unit is out of service, detect whether to delete the startup pin of the plug-in unit under starting up's catalogue
This;
If deleting the startup script of the plug-in unit under starting up's catalogue, the first setting catalogue is emptied.
7. method according to claim 6, it is characterised in that determination plug-in unit step out of service includes:
It whether there is the identification information of process corresponding with the plug-in unit in detection procedure list;
If the identification information of process corresponding with the plug-in unit is not present in the process list, it is determined that the plug-in unit stops fortune
OK;
If there is the identification information of process corresponding with the plug-in unit in the process list, delete corresponding with the plug-in unit
The identification information of process.
8. a kind of device that plug-in unit is run on routing device, it is characterised in that including:
First acquisition module, for obtaining the operating instruction for plug-in unit;
Second acquisition module, for obtaining the plug-in unit from the first setting catalogue of operating system;
Module is limited, for creating process corresponding with the plug-in unit, and it is described first to limit the addressing space of the process
Set catalogue;
Module is run, for running the plug-in unit in the process, wherein,
First acquisition module includes:
Generation unit, after startup, calls the startup script that the plug-in unit is preserved under starting up's catalogue, generates the operation
Instruction;Or,
Processing unit, after startup, starts Manage Scripts by the plug-in unit under starting up's catalogue and is obtained from the second setting catalogue
The configuration file of the plug-in unit is taken, if the configuration file carries starting up's mark, the operating instruction is generated, if described
Configuration file does not carry starting up's mark, then receives the operating instruction that client is sent.
9. device according to claim 8, it is characterised in that the limitation module includes:
Carry unit, if for other mesh in operating system described in the process requested access in addition to the described first setting catalogue
Other catalogues, then be mounted under the first setting catalogue by record;
Setting unit, the attribute for other catalogues by carry under the described first setting catalogue is set to read-only.
10. device according to claim 8 or claim 9, it is characterised in that described device also includes:
Logging modle, the identification information for recording the process in process list.
11. device as claimed in claim 8, it is characterised in that described device also includes:
3rd acquisition module, for obtaining the installation instruction for the plug-in unit;
4th acquisition module, for obtaining the corresponding compressed package of the plug-in unit, the compressed package includes the plug-in unit, the plug-in unit
Corresponding dynamic link library, configuration file and digital certificate;
Decrypted authentication module, for certification to be decrypted to the compressed package according to the digital certificate and the public key prestored;
Memory module, if the plug-in unit and the dynamic link library are stored in into institute by decrypted authentication for the compressed package
State under the first setting catalogue, the configuration file is stored under the second setting catalogue.
12. device according to claim 11, it is characterised in that described device also includes:
Add module, if carrying starting up's mark for the configuration file, adds the plug-in unit under starting up's catalogue
Startup script.
13. device as claimed in claim 8, it is characterised in that described device also includes:
5th acquisition module, for obtaining the unloading command for the plug-in unit;
Detection module, after determining that the plug-in unit is out of service, detects whether to delete institute under starting up's catalogue
State the startup script of plug-in unit;
Module is emptied, if the startup script for deleting the plug-in unit under starting up's catalogue, described is emptied
One setting catalogue.
14. device according to claim 13, it is characterised in that the detection module includes:
Detection unit, the identification information for whether there is process corresponding with the plug-in unit in detection procedure list;
Determining unit, if the identification information for process corresponding with the plug-in unit to be not present in the process list, it is determined that
The plug-in unit is out of service;If in the process list exist process corresponding with the plug-in unit identification information, delete with
The identification information of the corresponding process of the plug-in unit.
15. a kind of routing device, it is characterised in that including:
Processor;
Memory for storing processor-executable instruction;
Wherein, the processor is configured as:
Obtain the operating instruction for plug-in unit;
The plug-in unit is obtained from the first setting catalogue of operating system;
Process corresponding with the plug-in unit is created, and it is the described first setting catalogue to limit the addressing space of the process;
The plug-in unit is run in the process, wherein,
The step of acquisition is directed to the operating instruction of plug-in unit includes:
After startup, the startup script that the plug-in unit is preserved under starting up's catalogue is called, the operating instruction is generated;Or,
After startup, Manage Scripts matching somebody with somebody from the second setting catalogue acquisition plug-in unit is started by the plug-in unit under starting up's catalogue
File is put, if the configuration file carries starting up's mark, the operating instruction is generated, if the configuration file is not carried
Starting up's mark, then receive the operating instruction that client is sent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410269810.7A CN104091132B (en) | 2014-06-17 | 2014-06-17 | Method, device and the routing device of plug-in unit are run on routing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410269810.7A CN104091132B (en) | 2014-06-17 | 2014-06-17 | Method, device and the routing device of plug-in unit are run on routing device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104091132A CN104091132A (en) | 2014-10-08 |
| CN104091132B true CN104091132B (en) | 2017-07-28 |
Family
ID=51638847
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410269810.7A Active CN104091132B (en) | 2014-06-17 | 2014-06-17 | Method, device and the routing device of plug-in unit are run on routing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104091132B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105653961B (en) * | 2015-12-31 | 2019-07-23 | 北京元心科技有限公司 | A kind of method and apparatus improving mobile terminal application load safety |
| CN114546511A (en) * | 2020-11-11 | 2022-05-27 | 华为技术有限公司 | Plug-in management method, system and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101014034A (en) * | 2006-12-31 | 2007-08-08 | 武汉蓝星科技股份有限公司 | U disk server-based cluster solving method |
| CN101403973A (en) * | 2006-12-05 | 2009-04-08 | 三星电子株式会社 | Application program launching method and system for improving security of embedded Linux kernel |
| CN101515238A (en) * | 2009-03-31 | 2009-08-26 | 山东鲁西化工股份有限公司 | Method for automatically installing or uninstalling application software of computers and a device thereof |
| CN103106091A (en) * | 2013-01-31 | 2013-05-15 | 深圳市开立科技有限公司 | Start-up system and method of operating system based on removable storage media |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5476834B2 (en) * | 2009-07-24 | 2014-04-23 | 株式会社リコー | Information processing apparatus, workflow system, workflow management method, program, and recording medium |
| CN102968321B (en) * | 2012-11-22 | 2016-05-25 | 用友优普信息技术有限公司 | Application program erecting device and application program installation method |
| CN104036183B (en) * | 2013-05-17 | 2015-04-08 | 腾讯科技(深圳)有限公司 | Method and system for installing software in sandbox |
-
2014
- 2014-06-17 CN CN201410269810.7A patent/CN104091132B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101403973A (en) * | 2006-12-05 | 2009-04-08 | 三星电子株式会社 | Application program launching method and system for improving security of embedded Linux kernel |
| CN101014034A (en) * | 2006-12-31 | 2007-08-08 | 武汉蓝星科技股份有限公司 | U disk server-based cluster solving method |
| CN101515238A (en) * | 2009-03-31 | 2009-08-26 | 山东鲁西化工股份有限公司 | Method for automatically installing or uninstalling application software of computers and a device thereof |
| CN103106091A (en) * | 2013-01-31 | 2013-05-15 | 深圳市开立科技有限公司 | Start-up system and method of operating system based on removable storage media |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104091132A (en) | 2014-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112637166B (en) | Data transmission method, device, terminal and storage medium | |
| JP5190800B2 (en) | Program execution control system, execution control method, and computer program for execution control | |
| US8782634B2 (en) | Installation method and apparatus | |
| US8621237B1 (en) | Protecting against cryptographic key exposure in source code | |
| US20160092190A1 (en) | Method, apparatus and system for inspecting safety of an application installation package | |
| WO2016173264A1 (en) | Electronic data protection method and device, and terminal device | |
| JP4945715B2 (en) | Data backup device, data backup method and program thereof | |
| JP4991592B2 (en) | Software alteration detection method, software alteration detection program and device | |
| US20150095653A1 (en) | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package | |
| CN107341003B (en) | Customization system implementing method, computer device and storage medium | |
| US20160275019A1 (en) | Method and apparatus for protecting dynamic libraries | |
| CN108199827B (en) | Client code integrity checking method, storage medium, electronic device and system | |
| CN104680078A (en) | Method and system for taking photos and checking images and terminal | |
| KR20170089352A (en) | Firmware integrity verification for performing the virtualization system | |
| US20100223469A1 (en) | Method, System and Computer Program Product for Certifying Software Origination | |
| CN104091132B (en) | Method, device and the routing device of plug-in unit are run on routing device | |
| JP2013061843A (en) | Computer software analysis system and client computer, and operation control method thereof and operation program thereof | |
| JP6256781B2 (en) | Management device for file security to protect the system | |
| CN105701405A (en) | System and method for antivirus checking of native images of software assemblies | |
| CN106372523B (en) | Modem file security protection method and system | |
| JP5617981B2 (en) | Device, management device, device management system, and program | |
| CN109710290A (en) | A kind of method of embedded type terminal equipment flash disk upgrading | |
| US8146158B2 (en) | Extensible activation exploit scanner | |
| JP2012216222A (en) | Information processor and program | |
| CN113761538A (en) | Security boot file configuration method, boot method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |