CN105653988A - External storage device read-write permission control method and device and terminal device - Google Patents
External storage device read-write permission control method and device and terminal device Download PDFInfo
- Publication number
- CN105653988A CN105653988A CN201511020849.6A CN201511020849A CN105653988A CN 105653988 A CN105653988 A CN 105653988A CN 201511020849 A CN201511020849 A CN 201511020849A CN 105653988 A CN105653988 A CN 105653988A
- Authority
- CN
- China
- Prior art keywords
- exterior storage
- equipment
- monitored
- access limit
- storage equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The embodiment of the invention provides a method and a device for controlling read-write permission of an external storage device and a terminal device, wherein if a monitoring result of an operating system in the terminal device is obtained, if the external storage device is monitored to be in communication connection with the terminal device, the read-write permission matched with the monitored external storage device is determined from a plurality of preset read-write permissions, wherein the plurality of preset read-write permissions are different, and the response of the operating system to a read-write request of the external storage device is controlled according to the determined read-write permission. The method and the device determine the read-write permission matched with the monitored external storage equipment from the preset plurality of read-write permissions, so that each monitored external storage equipment has the read-write permission matched with the monitored external storage equipment, and the control of the external storage equipment is more targeted.
Description
Technical field
The present invention relates to computer utility art field, particularly relate to a kind of exterior storage equipment access limit control method, device and terminating unit.
Background technology
When using on exterior storage equipment connection to terminating unit, malice program, virus and wooden horse can by the exterior storage device radiates such as USB flash disk, portable hard drive to, on terminating unit, causing terminating unit poisoning. Simultaneously; classified papers in terminating unit are likely copied into and cause file to divulge a secret in exterior storage equipment; therefore, in order to the safety of isolated malice program, virus and wooden horse and protection terminating unit files, outside storing device is carried out control and seems particularly important.
At present; the control mode of outside storing device is mainly forbidden; stop the propagation of virus by disable external storing device and stop the classified papers in terminating unit to be copied on exterior storage equipment; thus protect the safety of terminating unit and the safety of classified papers; but this method is a kind of control mode of forbidding only, outside storing device cannot be realized the control of refinement more.
Summary of the invention
The object of the embodiment of the present invention is to provide a kind of exterior storage equipment access limit control method, device and terminating unit, to realize the refinement control to outside storing device. Concrete technical scheme is as follows:
The present invention provides a kind of exterior storage equipment access limit control method, is applied in the terminating unit being provided with operating system, and described method comprises:
Obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determining from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
According to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
Optionally, described determine from default multiple access limits and the access limit of the exterior storage matched monitored, comprising:
Receive user to the clicking operation of an access limit in default multiple access limits, it is determined that the access limit that described clicking operation is clicked is and the access limit of the exterior storage matched monitored.
Optionally, described determine from default multiple access limits with the access limit of the exterior storage matched monitored before, described method also comprises:
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then obtain the equipment information of the exterior storage equipment being connected with described terminal equipment in communication monitored;
Described determine from default multiple access limits and the access limit of the exterior storage matched monitored, comprising:
According to the default corresponding relation of equipment information with the access limit preset, from, default multiple access limits, the access limit corresponding with the equipment information obtained being defined as and the access limit of the exterior storage matched monitored.
Optionally, the equipment information exterior storage equipment of described exterior storage equipment equipment mark or device type at least one.
Optionally, described default multiple access limits comprise forbidding, read-only, browse and in letting pass at least two.
The present invention provides a kind of exterior storage equipment access limit control device, is applied in the terminating unit being provided with operating system, and described device comprises: the first acquisition module, determination module and control module,
Described first acquisition module, for obtaining described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
Described determination module, for when the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, determine from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
Described control module, for controlling operating system to the response of the read-write requests of described exterior storage equipment according to the access limit determined.
Optionally, described determination module, specifically for:
When the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, receive user to the clicking operation of an access limit in default multiple access limits, determine that the access limit that described clicking operation is clicked is and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different.
Optionally, described device also comprises: the 2nd acquisition module,
Described 2nd acquisition module, for described determination module determine from default multiple access limits with the access limit of the exterior storage matched monitored before, when the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, obtain the equipment information of the exterior storage equipment being connected with described terminal equipment in communication monitored;
Described determination module, specifically for:
When the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, according to the default corresponding relation of equipment information with the access limit preset, from default multiple access limits, the access limit corresponding with the equipment information obtained is defined as and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different.
Optionally, the equipment information exterior storage equipment of described exterior storage equipment equipment mark or device type at least one.
Optionally, described default multiple access limits comprise forbidding, read-only, browse and in letting pass at least two.
The present invention provides a kind of terminating unit, is provided with operating system in described terminating unit, and described terminating unit comprises:
Housing, treater, storer, circuit card and power source circuit, wherein, circuit card is placed in the interior volume that housing surrounds, and treater and storer are arranged on circuit boards; Power source circuit, for powering for each circuit of electronics or device; Storer is used for stores executable programs code; The executable program code that treater stores by reading in storer runs the program corresponding with executable program code, for the following step of execution:
Obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determining from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
According to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
For achieving the above object, present invention also offers a kind of storage media, wherein, this storage media is for storing application program, and described application program is used for operationally performing a kind of exterior storage equipment access limit control method of the present invention. Wherein, a kind of exterior storage equipment access limit control method of the present invention, is applied in the terminating unit being provided with operating system, and described method comprises:
Obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determining from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
According to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
In order to achieve the above object, present invention also offers a kind of application program, wherein, this application program is used for operationally performing a kind of exterior storage equipment access limit control method of the present invention. Wherein, a kind of exterior storage equipment access limit control method of the present invention, is applied in the terminating unit being provided with operating system, and described method comprises:
Obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determining from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
According to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
A kind of exterior storage equipment access limit control method that the embodiment of the present invention provides, device and terminating unit, in acquisition terminating unit, whether operating system is to having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication, if monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determine from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different, according to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment. the present invention determines and the access limit of the exterior storage matched monitored from default multiple access limits, thus, the exterior storage equipment monitored for each has the access limit mated with it, therefore, the present invention is more targeted to the control of outside storing device, simultaneously, owing to default multiple access limits are different, therefore, it is not only limited in a kind of access limit, it is achieved that to the read-write refinement control of outside storing device.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, it is briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
The schematic flow sheet of a kind of exterior storage equipment access limit control method that Fig. 1 provides for the embodiment of the present invention;
The schematic flow sheet of another kind of exterior storage equipment access limit control method that Fig. 2 provides for the embodiment of the present invention;
The schematic flow sheet of another kind of exterior storage equipment access limit control method that Fig. 3 provides for the embodiment of the present invention;
The structural representation of a kind of exterior storage equipment access limit control device that Fig. 4 provides for the embodiment of the present invention;
The structural representation of a kind of terminating unit that Fig. 5 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only the present invention's part embodiment, instead of whole embodiments. Based on the embodiment in the present invention, those of ordinary skill in the art, not making other embodiments all obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, a kind of exterior storage equipment access limit control method that the embodiment of the present invention provides, is applied in the terminating unit being provided with operating system, and the method can comprise:
S101: obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication.
Concrete, terminating unit can be the terminating unit that intelligent television, computer, flat board, mobile phone, mobile unit and wearable device etc. can be connected with exterior storage devices communicating.
Utilize that operating system inner nuclear layer provides carry out code expansion after sfilter file system filter framework enumerate the device object of exterior storage equipment, if there is device object, then define exterior storage equipment to be connected with described terminal equipment in communication, wherein, each device object represents an exterior storage equipment.
S102: if monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determine from default multiple access limits and the access limit of the exterior storage matched monitored.
Wherein, described default multiple access limits are different.
If having monitored exterior storage equipment to be connected with described terminal equipment in communication, calling IoAttachDevice function and binding the device object enumerated.
Can realize due to the sfilter file system filter framework after carrying out code expansion being opened by file and the operation such as read-write, so being opened by the file in outside storing device and the operation such as read-write by binding the device object of described exterior storage equipment and can realize.
Any operation to file in an operating system, such as: copy, the operation such as movement or deleted file all needs to open process function by OnSfiltePreCreate file and processes, after the exterior storage equipment that binding is connected with described terminal equipment in communication, open process function by OnSfiltePreCreate file and the access limit of outside storing device is carried out control treatment, determine from default multiple access limits and the access limit of described exterior storage matched.
Concrete, described default multiple access limits comprise forbidding, read-only, browse and in letting pass at least two.
Wherein said access limit comprises reads authority and write authority, and described reading authority comprises to be opened and copy, described in write authority comprise newly-built, paste, heavily name and amendment, described amendment is included in the file opened to copy, paste, shear and deletion etc.
Described " forbidding " access limit be the reading authority of disable external storing device and disable external storing device write authority, file in exterior storage equipment both cannot be opened, heavily name and amendment, also cannot copy on the terminating unit communicating with connection, and the file in terminating unit also cannot paste in exterior storage equipment, cannot in outside storing device new files;
Described " read-only " access limit be disable external storing device write authority, make the file in exterior storage equipment can open but file cannot be carried out heavily name and amendment, file can be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, file in terminating unit cannot paste in exterior storage equipment, cannot in outside storing device new files;
Described " browsing " access limit be the duplication in the reading authority of disable external storing device and disable external storing device write authority, make the file in exterior storage equipment can open but file cannot be carried out heavily name and amendment, file cannot be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, file in terminating unit cannot paste in exterior storage equipment, cannot in outside storing device new files;
Described " clearance " access limit is the reading authority of open exterior storage equipment and writes authority, file in exterior storage equipment can be opened, heavily name and amendment, and file can be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, and the file in terminating unit can also paste in exterior storage equipment, it is possible to new files in outside storing device.
S103: according to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
Call DeviceIoControlFile function by applied layer and send IO (Input/Output, input and output) ask bag to inner nuclear layer, inner nuclear layer resolves the I/O Request bag received, obtain user to the operating function data of described exterior storage equipment, described operating function data comprise is newly-built, amendment, heavily name, delete, at least one in copy and paste.
When the access limit determined is for " forbidding ", return STATUS_ACCESS_DENIED denied access state to described sfilter file system filter framework, control operating system ejects denied access information, now, file in exterior storage equipment both cannot be opened, heavily name and amendment, also cannot copy on the terminating unit communicating with connection, and the file in terminating unit also cannot paste in exterior storage equipment, cannot in outside storing device new files, thus, virus propagates in exterior storage equipment by terminating unit by also having completely cut off in exterior storage device radiates to terminating unit to have completely cut off virus, and protect the safety of terminating unit files.
When the access limit determined is for " read-only ", judge whether described operating function data exist duplication or pastes, if not, return STATUS_ACCESS_DENIED denied access state to described sfilter file system filter framework, the read-write requests of described exterior storage equipment is carried out the response corresponding to " read-only " by control operating system, now the file in exterior storage equipment can be opened but file cannot carry out heavily name and amendment, file can be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, file in terminating unit cannot paste in exterior storage equipment, cannot in outside storing device new files, thus, having completely cut off virus propagates in exterior storage equipment by terminating unit, and protect the safety of terminating unit files.
When the access limit determined is for " browsing ", judge whether described operating function data exist copy and paste, if, return STATUS_ACCESS_DENIED denied access state to described sfilter file system filter framework, the read-write requests of described exterior storage equipment is carried out the response corresponding to " browsing " by control operating system, now the file in exterior storage equipment can be opened but file cannot carry out heavily name and amendment, file cannot be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, file in terminating unit cannot paste in exterior storage equipment, cannot in outside storing device new files, thus, completely cut off virus by exterior storage device radiates in terminating unit, and protect the safety of terminating unit files.
When the access limit determined is for " clearance ", return STATUS_SUCCESS and access successfully state, the normal file reading of Controlling System, now the file in exterior storage equipment can be opened, heavily name and amendment, and file can be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, and the file in terminating unit can also paste in exterior storage equipment, it is possible to new files in outside storing device.
Thus, method described in Fig. 1 provides the control to the refinement more of outside storing device, it is possible to according to practical situation forbidding, read-only, browse or access limit of letting pass freely switches, to the Read-write Catrol hommization more of outside storing device.
Embodiments provide a kind of exterior storage equipment access limit control method, in acquisition terminating unit, whether operating system is to having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication, if monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determine from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different, according to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment. the present invention determines and the access limit of the exterior storage matched monitored from default multiple access limits, thus, the exterior storage equipment monitored for each has the access limit mated with it, therefore, the present invention is more targeted to the control of outside storing device, simultaneously, owing to default multiple access limits are different, therefore, it is not only limited in a kind of access limit, it is achieved that to the read-write refinement control of outside storing device.
As shown in Figure 2, another kind of exterior storage equipment access limit control method provided by the invention, is applied in the terminating unit being provided with operating system, and described method can comprise:
S201: obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication.
S202: if monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then receive user to the clicking operation of an access limit in default multiple access limits, it is determined that the access limit that described clicking operation is clicked is and the access limit of the exterior storage matched monitored.
Wherein, described default multiple access limits are different.
User can according to practical situation, select the control that the exterior storage equipment being connected with described terminal equipment in communication is carried out access limit in described default multiple access limits, after receiving the clicking operation of user, it is determined that the access limit that described clicking operation is clicked is and the access limit of the exterior storage matched monitored.
If the exterior storage equipment being connected with described terminal equipment in communication monitored is more than one, the exterior storage equipment being then connected with described terminal equipment in communication for each: user can according to the practical situation of this exterior storage equipment, the control that this exterior storage equipment is carried out access limit is selected from default multiple access limits, after receiving the clicking operation of user, it is determined that the access limit that described clicking operation is clicked is and the access limit of this exterior storage matched. Thus, it is determined that the access limit of each the exterior storage equipment being connected with described terminal equipment in communication.
Such as: identification information and the multiple access limit option such as icon or title being provided with the exterior storage equipment being connected with terminal equipment in communication in the appliance control interface of the exterior storage equipment of a certain software, user can select the access limit of each exterior storage equipment being connected with terminal equipment in communication in the appliance control interface of the exterior storage equipment of this software.
S203: according to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
Wherein, shown in step S201 and Fig. 1, the step S101 of method is identical, and shown in step S203 and Fig. 1, the step S103 of method is identical, repeats no more.
Like this, when having monitored after exterior storage equipment is connected with described terminal equipment in communication, method shown in Fig. 2 can be determined and the access limit of the exterior storage matched monitored, this access limit determined is the access limit that user selects, so more meeting the requirement of user, user can for the different access limit of each exterior storage equipment choice, therefore according to this access limit, the control of outside storing device is more targeted.
As shown in Figure 3, another kind of exterior storage equipment access limit control method provided by the invention, is applied in the terminating unit being provided with operating system, and described method can comprise:
S301: obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication.
S302: if monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then obtain the equipment information of the exterior storage equipment being connected with described terminal equipment in communication monitored.
Concrete, at least one in the equipment mark of the equipment information exterior storage equipment of described exterior storage equipment or device type.
The corresponding relation preset is there is in described equipment information with the access limit preset, described equipment mark can be the information such as the icon of equipment or title, if in equipment information equipment mark or device type, then often kind of equipment mark can to there being an access limit
Such as: the name of the exterior storage equipment that each employee in a certain enterprise uses is called " name 01 ", then 01 correspondence " clearance " access limit, the exterior storage equipment being all considered as this enterprise staff in each title with the exterior storage equipment of 01, all can be linked in the terminating unit of this enterprise and can be operated accordingly by the file in peripheral equipment.
Or, often kind of device type can to there being an access limit.
Such as: the file in USB flash disk is set and can read, revise, and file can be copied from USB flash disk and paste with USB flash disk communication connection terminating unit in, arrange the file in portable hard drive to read and cannot revise, and file can be copied from portable hard drive and paste with portable hard drive communication connection terminating unit in, the access limit that then USB flash disk is corresponding is " clearance ", and the access limit that portable hard drive is corresponding is " read-only ".
If equipment information equipment mark and device type, then identify the equipment information with device type to there being an access limit by comprising equipment.
Such as: arrange a certain enterprise employee use USB flash disk in file can read, revise, and file can be copied from USB flash disk and paste with USB flash disk communicate to connect terminating unit in, then with USB flash disk correspondence " clearance " access limit of 01 in device name.
S303: according to the default corresponding relation of equipment information with the access limit preset, from, default multiple access limits, the access limit corresponding with the equipment information obtained being defined as and the access limit of the exterior storage matched monitored.
Wherein, described default multiple access limits are different.
Such as: equipment information is device name, equipment information is with 01 corresponding " clearance " access limit in device name with the default corresponding relation of the access limit preset, the device name of the USB flash disk monitored is " Zhang San 01 ", then " clearance " access limit is defined as the access limit mated with this USB flash disk;
Or,
Equipment information is device type, equipment information is the access limit that USB flash disk is corresponding with the default corresponding relation of access limit preset is " clearance ", the access limit that portable hard drive is corresponding is " read-only ", the exterior storage equipment monitored is portable hard drive, then " read-only " access limit is defined as the access limit mated with this portable hard drive
Or,
Equipment information is the combination of equipment mark and device type, equipment information is USB flash disk corresponding " clearance " access limit with 01 in device name with the default corresponding relation of access limit preset, the exterior storage equipment monitored is run after fame and is called the USB flash disk of " Zhang San 01 ", then " clearance " access limit is defined as the access limit being called that with this name the USB flash disk of " Zhang San 01 " mates.
S304: according to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
Wherein, shown in step S301 and Fig. 1, the step S101 of method is identical, and shown in step S304 and Fig. 1, the step S103 of method is identical, repeats no more.
Due to its access limit of exterior storage equipment choice without the need to monitoring for each every time of user, time-consuming and effort, therefore, method shown in Fig. 3 can be determined and the access limit of the exterior storage matched monitored automatically, and automatically control operating system to the response of the read-write requests of described exterior storage equipment, owing to the equipment information of each the exterior storage equipment by monitoring and the default corresponding relation of the access limit preset are determined and the access limit of each the exterior storage matched monitored, and default corresponding relation can revise, therefore, achieve and outside storing device is controlled more targetedly.
The structural representation of a kind of exterior storage equipment access limit control device that Fig. 4 provides for the embodiment of the present invention, corresponding with the method shown in Fig. 1, it is applied in the terminating unit being provided with operating system, Fig. 4 shown device can comprise: the first acquisition module 401, determination module 402 and control module 403
Described first acquisition module 401, for obtaining described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
Utilize that operating system inner nuclear layer provides carry out code expansion after sfilter file system filter framework enumerate the device object of exterior storage equipment, if there is device object, then define exterior storage equipment to be connected with described terminal equipment in communication, wherein, each device object represents an exterior storage equipment.
Described determination module 402, for when the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, determine from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
Concrete, described default multiple access limits comprise forbidding, read-only, browse and in letting pass at least two.
If having monitored exterior storage equipment to be connected with described terminal equipment in communication, calling IoAttachDevice function and binding the device object enumerated.
Can realize due to the sfilter file system filter framework after carrying out code expansion being opened by file and the operation such as read-write, so being opened by the file in outside storing device and the operation such as read-write by binding the device object of described exterior storage equipment and can realize.
After the exterior storage equipment that binding is connected with described terminal equipment in communication, open process function by OnSfiltePreCreate file and the access limit of outside storing device is carried out control treatment, determine from default multiple access limits and the access limit of described exterior storage matched.
Concrete, described determination module 402, it is possible to specifically for:
When the monitoring result of described first acquisition module 401 is connected with described terminal equipment in communication for having monitored exterior storage equipment, receive user to the clicking operation of an access limit in default multiple access limits, determine that the access limit that described clicking operation is clicked is and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different.
User can according to practical situation, select the control that the exterior storage equipment being connected with described terminal equipment in communication is carried out access limit in described default multiple access limits, after receiving the clicking operation of user, it is determined that the access limit that described clicking operation is clicked is and the access limit of the exterior storage matched monitored.
Like this, when having monitored after exterior storage equipment is connected with described terminal equipment in communication, the access limit of the exterior storage matched can determined and monitor, this access limit determined is the access limit that user selects, so more meeting the requirement of user, user can for the different access limit of each exterior storage equipment choice, therefore according to this access limit, the control of outside storing device is more targeted.
Described control module 403, for controlling operating system to the response of the read-write requests of described exterior storage equipment according to the access limit determined.
Call DeviceIoControlFile function by applied layer and send IO (Input/Output, input and output) ask bag to inner nuclear layer, inner nuclear layer resolves the I/O Request bag received, obtain user to the operating function data of described exterior storage equipment, described operating function data comprise is newly-built, amendment, heavily name, delete, at least one in copy and paste.
When the access limit determined is for " forbidding ", return STATUS_ACCESS_DENIED denied access state to described sfilter file system filter framework, control operating system ejects denied access information, now, file in exterior storage equipment both cannot be opened, heavily name and amendment, also cannot copy on the terminating unit communicating with connection, and the file in terminating unit also cannot paste in exterior storage equipment, cannot in outside storing device new files, thus, virus propagates in exterior storage equipment by terminating unit by also having completely cut off in exterior storage device radiates to terminating unit to have completely cut off virus, and protect the safety of terminating unit files.
When the access limit determined is for " read-only ", judge whether described operating function data exist duplication or pastes, if not, return STATUS_ACCESS_DENIED denied access state to described sfilter file system filter framework, the read-write requests of described exterior storage equipment is carried out the response corresponding to " read-only " by control operating system, now the file in exterior storage equipment can be opened but file cannot carry out heavily name and amendment, file can be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, file in terminating unit cannot paste in exterior storage equipment, cannot in outside storing device new files, thus, having completely cut off virus propagates in exterior storage equipment by terminating unit, and protect the safety of terminating unit files.
When the access limit determined is for " browsing ", judge whether described operating function data exist copy and paste, if, return STATUS_ACCESS_DENIED denied access state to described sfilter file system filter framework, the read-write requests of described exterior storage equipment is carried out the response corresponding to " browsing " by control operating system, now the file in exterior storage equipment can be opened but file cannot carry out heavily name and amendment, file cannot be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, file in terminating unit cannot paste in exterior storage equipment, cannot in outside storing device new files, thus, completely cut off virus by exterior storage device radiates in terminating unit, and protect the safety of terminating unit files.
When the access limit determined is for " clearance ", return STATUS_SUCCESS and access successfully state, the normal file reading of Controlling System, now the file in exterior storage equipment can be opened, heavily name and amendment, and file can be copied from exterior storage equipment in the terminating unit being connected with this exterior storage devices communicating, and the file in terminating unit can also paste in exterior storage equipment, it is possible to new files in outside storing device.
Thus, it provides to the control of outside storing device refinement more, it is possible to according to practical situation forbidding, read-only, browse or access limit of letting pass freely switches, to the Read-write Catrol hommization more of outside storing device.
Embodiments provide a kind of exterior storage equipment access limit control device, in acquisition terminating unit, whether operating system is to having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication, if monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determine from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different, according to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment. the present invention determines and the access limit of the exterior storage matched monitored from default multiple access limits, thus, the exterior storage equipment monitored for each has the access limit mated with it, therefore, the present invention is more targeted to the control of outside storing device, simultaneously, owing to default multiple access limits are different, therefore, it is not only limited in a kind of access limit, it is achieved that to the read-write refinement control of outside storing device.
In other embodiments of the invention, Fig. 4 shown device can also comprise: the 2nd acquisition module,
Described 2nd acquisition module, for described determination module 402 determine from default multiple access limits with the access limit of the exterior storage matched monitored before, when the monitoring result of described first acquisition module 401 is connected with described terminal equipment in communication for having monitored exterior storage equipment, obtain the equipment information of the exterior storage equipment being connected with described terminal equipment in communication monitored;
Described determination module 402, it is possible to specifically for:
When the monitoring result of described first acquisition module 401 is connected with described terminal equipment in communication for having monitored exterior storage equipment, according to the default corresponding relation of equipment information with the access limit preset, from default multiple access limits, the access limit corresponding with the equipment information obtained is defined as and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different.
Concrete, at least one in the equipment mark of the equipment information exterior storage equipment of described exterior storage equipment or device type.
The corresponding relation preset is there is in described equipment information with the access limit preset, described equipment mark can be the information such as the icon of equipment or title, if equipment information equipment mark or device type in one, then often kind of equipment mark can to there being an access limit, or, often kind of device type can to there being an access limit; If equipment information equipment mark and device type, then identify the equipment information with device type to there being an access limit by comprising equipment.
Like this, when having monitored after exterior storage equipment is connected with described terminal equipment in communication, the access limit of the exterior storage matched can automatically determined and monitor, and automatically control operating system to the response of the read-write requests of described exterior storage equipment, owing to the equipment information of each the exterior storage equipment by monitoring and the default corresponding relation of the access limit preset are determined and the access limit of each the exterior storage matched monitored, and default corresponding relation can revise, therefore, it is achieved that outside storing device is controlled more targetedly.
Correspondingly, as described in Figure 5, the embodiment of the present invention additionally provides a kind of terminating unit, is provided with operating system in described terminating unit, and described terminating unit comprises:
Housing (not shown), treater 501, storer 502, circuit card 503 and power source circuit 504, wherein, circuit card 503 is placed in the interior volume that housing surrounds, and treater 501 and storer 502 are arranged on circuit card 503; Power source circuit 504, for powering for each circuit of electronics or device; Storer 502 is for stores executable programs code; The executable program code that treater 501 stores by reading in storer 502 runs the program corresponding with executable program code, for the following step of execution:
Obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determining from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
According to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
Correspondingly, the embodiment of the present application additionally provides a kind of storage media, and wherein, this storage media is for storing application program, and described application program is used for operationally performing a kind of exterior storage equipment access limit control method described in the application. Wherein, a kind of exterior storage equipment access limit control method described in the application, is applied in the terminating unit being provided with operating system, and the method can comprise:
Obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determining from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
According to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
Correspondingly, the embodiment of the present application additionally provides a kind of application program, and wherein, this application program is used for operationally performing a kind of exterior storage equipment access limit control method described in the application. Wherein, a kind of exterior storage equipment access limit control method described in the application, is applied in the terminating unit being provided with operating system, and the method can comprise:
Obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determining from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
According to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
It should be noted that, herein, the such as relational terms of first and second grades and so on is only used for separating an entity or operation with another entity or operational zone, and not necessarily requires or imply to there is any this kind of actual relation or sequentially between these entities or operation. And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, so that comprise the process of a series of key element, method, article or equipment not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise the key element intrinsic for this kind of process, method, article or equipment. When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical element.
Each embodiment in this specification sheets all adopts relevant mode to describe, and what between each embodiment, identical similar part illustrated see, each embodiment emphasis mutually is the difference with other embodiments. Especially, for system embodiment, owing to it is substantially similar to embodiment of the method, so what describe is fairly simple, relevant part illustrates see the part of embodiment of the method.
The foregoing is only the better embodiment of the present invention, it is not intended to limit protection scope of the present invention. All do within the spirit and principles in the present invention any amendment, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. an exterior storage equipment access limit control method, it is characterised in that, it is applied in the terminating unit being provided with operating system, described method comprises:
Obtain described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then determining from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
According to the access limit control operating system determined to the response of the read-write requests of described exterior storage equipment.
2. method according to claim 1, it is characterised in that, described determine from default multiple access limits and the access limit of the exterior storage matched monitored, comprising:
Receive user to the clicking operation of an access limit in default multiple access limits, it is determined that the access limit that described clicking operation is clicked is and the access limit of the exterior storage matched monitored.
3. method according to claim 1, it is characterised in that, described determine from default multiple access limits with the access limit of the exterior storage matched monitored before, described method also comprises:
If monitoring result is connected with described terminal equipment in communication for having monitored exterior storage equipment, then obtain the equipment information of the exterior storage equipment being connected with described terminal equipment in communication monitored;
Described determine from default multiple access limits and the access limit of the exterior storage matched monitored, comprising:
According to the default corresponding relation of equipment information with the access limit preset, from, default multiple access limits, the access limit corresponding with the equipment information obtained being defined as and the access limit of the exterior storage matched monitored.
4. method according to claim 3, it is characterised in that, at least one in the equipment of the equipment information exterior storage equipment of described exterior storage equipment mark or device type.
5. method according to claim 1, it is characterised in that, described default multiple access limits comprise forbidding, read-only, browse and in letting pass at least two.
6. an exterior storage equipment access limit control device, it is characterised in that, it is applied in the terminating unit being provided with operating system, described device comprises: the first acquisition module, determination module and control module,
Described first acquisition module, for obtaining described operating system to whether having exterior storage equipment to be connected the monitoring result monitored with described terminal equipment in communication;
Described determination module, for when the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, determine from default multiple access limits and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different;
Described control module, for controlling operating system to the response of the read-write requests of described exterior storage equipment according to the access limit determined.
7. device according to claim 6, it is characterised in that, described determination module, specifically for:
When the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, receive user to the clicking operation of an access limit in default multiple access limits, determine that the access limit that described clicking operation is clicked is and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different.
8. device according to claim 6, it is characterised in that, described device also comprises: the 2nd acquisition module,
Described 2nd acquisition module, for described determination module determine from default multiple access limits with the access limit of the exterior storage matched monitored before, when the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, obtain the equipment information of the exterior storage equipment being connected with described terminal equipment in communication monitored;
Described determination module, specifically for:
When the monitoring result of described first acquisition module is connected with described terminal equipment in communication for having monitored exterior storage equipment, according to the default corresponding relation of equipment information with the access limit preset, from default multiple access limits, the access limit corresponding with the equipment information obtained is defined as and the access limit of the exterior storage matched monitored, wherein, described default multiple access limits are different.
9. device according to claim 8, it is characterised in that, at least one in the equipment of the equipment information exterior storage equipment of described exterior storage equipment mark or device type.
10. device according to claim 6, it is characterised in that, described default multiple access limits comprise forbidding, read-only, browse and in letting pass at least two.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511020849.6A CN105653988A (en) | 2015-12-30 | 2015-12-30 | External storage device read-write permission control method and device and terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511020849.6A CN105653988A (en) | 2015-12-30 | 2015-12-30 | External storage device read-write permission control method and device and terminal device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105653988A true CN105653988A (en) | 2016-06-08 |
Family
ID=56489948
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511020849.6A Pending CN105653988A (en) | 2015-12-30 | 2015-12-30 | External storage device read-write permission control method and device and terminal device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105653988A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109697375A (en) * | 2018-11-23 | 2019-04-30 | 合肥联宝信息技术有限公司 | Firmware, electronic equipment and information processing method |
| CN109743441A (en) * | 2018-12-13 | 2019-05-10 | 北京小米移动软件有限公司 | Access limit setting method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102622311A (en) * | 2011-12-29 | 2012-08-01 | 北京神州绿盟信息安全科技股份有限公司 | USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system |
| CN103020510A (en) * | 2011-09-28 | 2013-04-03 | 奇智软件(北京)有限公司 | Method and device for identifying illegal writing in portable storage equipment |
| CN104102595A (en) * | 2013-04-12 | 2014-10-15 | 张永昌 | High security removable storage device |
-
2015
- 2015-12-30 CN CN201511020849.6A patent/CN105653988A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020510A (en) * | 2011-09-28 | 2013-04-03 | 奇智软件(北京)有限公司 | Method and device for identifying illegal writing in portable storage equipment |
| CN102622311A (en) * | 2011-12-29 | 2012-08-01 | 北京神州绿盟信息安全科技股份有限公司 | USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system |
| CN104102595A (en) * | 2013-04-12 | 2014-10-15 | 张永昌 | High security removable storage device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109697375A (en) * | 2018-11-23 | 2019-04-30 | 合肥联宝信息技术有限公司 | Firmware, electronic equipment and information processing method |
| CN109697375B (en) * | 2018-11-23 | 2022-02-18 | 合肥联宝信息技术有限公司 | Firmware, electronic device and information processing method |
| CN109743441A (en) * | 2018-12-13 | 2019-05-10 | 北京小米移动软件有限公司 | Access limit setting method and device |
| CN109743441B (en) * | 2018-12-13 | 2021-09-07 | 北京小米移动软件有限公司 | Read-write permission setting method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104699423B (en) | The method and apparatus that drive is bound in linux system | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| CN106709034A (en) | File protection method and apparatus, and terminal | |
| CN104102882A (en) | Protection method and device for privacy data of application program | |
| KR20190050993A (en) | Update escalation system and method | |
| CN107463369A (en) | The access device control method and device of a kind of virtual desktop | |
| CN104915306A (en) | Data operation control method and device manager | |
| CN103502933A (en) | Dynamically redirecting boot to another operating system | |
| CN103559055A (en) | Activity starting method and device applied to Android platform | |
| CN104317840A (en) | File cleaning method and device and terminal | |
| CN107391308A (en) | Data processing method and device, terminal and computer-readable recording medium | |
| CN105824678A (en) | Method and device for installing operating system | |
| CN103049708A (en) | Audit configuration method and audit configuration system for database | |
| CN100476851C (en) | Protection system for data security transmission between computer and disc | |
| CN106022101A (en) | Application management method and terminal | |
| CN104462937A (en) | Operating system peripheral access permission control method based on users | |
| CN103593607A (en) | Method and device for file system isolation of host machine and virtual machine | |
| CN102510391B (en) | Application management method and device and smart card | |
| CN105653988A (en) | External storage device read-write permission control method and device and terminal device | |
| CN102222189A (en) | Method for protecting operating system | |
| CN104169938A (en) | Permission management method and permission management device | |
| US20160142910A1 (en) | Storage device with srwc (short-range wireless communication) device tag and method for accessing storage device | |
| CN104765631A (en) | Restoration method and device for application program of mobile terminal | |
| CN106203114A (en) | Application program protection method and device and electronic equipment | |
| WO2020113421A1 (en) | Method for mounting file system, terminal device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181214 Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 100085 East District, Second Floor, 33 Xiaoying West Road, Haidian District, Beijing Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160608 |