Summary of the invention
In view of this, the present invention provides a kind of start safe class system of selection based on SELinux, device and terminal to set
Standby, it is possible to by user, safe class to be selected, increase the motility of security control.
Other characteristics of the present invention and advantage will be apparent from by detailed description below, or partially by the present invention
Practice and acquistion.
According to an aspect of the present invention, it is provided that a kind of start safe class system of selection based on SELinux, including:
When terminal unit is activated, showing safe class display interface, described safe class display interface includes corresponding different peace
The option of congruence level;Receive user's selection to different described safe classes;And according to user to different described safety
The selection of grade, loads preassigned corresponding SELinux strategy file.
According to an embodiment of the present invention, when described terminal unit is activated, said method also includes: use based on
The credible tolerance mechanism of hardware measures the integrity of described terminal unit;And when the integrity measurement of described terminal unit passes through
Time, show described safe class display interface.
According to an embodiment of the present invention, described safe class includes: high safety grade, common safe class and without peace
Congruence level;Wherein under described high safety grade, only allowing high safety applications to be used, described high safety applications includes: pay
Apply and dial code phone;Under described common safe class, based on corresponding described SELinux strategy file, it is allowed to institute
Application is had to be used;Described without safe class under, be not loaded with described SELinux strategy file.
According to an embodiment of the present invention, described credible tolerance mechanism is reliable hardware based on TrustZone technology
Tolerance mechanism.
According to an embodiment of the present invention, described method is implemented on the start guiding journey of described terminal unit operating system
In sequence Systemd.
According to a further aspect in the invention, it is provided that a kind of start safe class based on SELinux selects device, bag
Including: interface display module, for when terminal unit is activated, show safe class display interface, described safe class shows
Interface includes the option of corresponding different safe class;Select receiver module, for receiving user to different described safety etc.
The selection of level;And strategy load-on module, for according to user's selection to different described safe classes, load and preassign
Corresponding SELinux strategy file.
According to an embodiment of the present invention, said apparatus also includes: integrity measurement module, for setting when described terminal
For when being activated, hardware based credible tolerance mechanism is used to measure the integrity of described terminal unit;Described interface display mould
Block is additionally operable to, when the integrity measurement of described terminal unit passes through, show described safe class display interface.
According to an embodiment of the present invention, described safe class includes: high safety grade, common safe class and without peace
Congruence level;Wherein under described high safety grade, only allowing high safety applications to be used, described high safety applications includes: pay
Apply and dial code phone;Under described common safe class, based on corresponding described SELinux strategy file, it is allowed to institute
Application is had to be used;Described without safe class under, be not loaded with described SELinux strategy file.
According to an embodiment of the present invention, described credible tolerance mechanism is reliable hardware based on TrustZone technology
Tolerance mechanism.
According to an embodiment of the present invention, described device is implemented on the start guiding journey of described terminal unit operating system
In sequence Systemd.
In accordance with a further aspect of the present invention, it is provided that a kind of terminal unit, including processor;And memorizer, it is used for depositing
Store up the executable instruction of described processor;Wherein said processor is configured to by performing below described executable instruction performs
Operation: when terminal unit is activated, shows safe class display interface, and described safe class display interface includes corresponding different
The option of safe class;Receive user's selection to different described safe classes;And according to user to described in different
The selection of safe class, loads preassigned corresponding SELinux strategy file.
According to the start safe class system of selection based on SELinux of the present invention, can starting up when by
User selects the different safety class needing to enter, such that it is able to adapt to different security contexts, adds SELinux and forces to visit
Ask the motility of control.
It addition, according to some embodiments, the start safe class system of selection based on SELinux of the present invention, further
Use the integrity of hardware based credible tolerance mechanism tolerance terminal unit, thus ensure that the safety of kernel so that this is opened
Machine safe class system of selection is high safety, even if using super administrator right to carry out the operating system of terminal unit
Amendment, namely the operating system of terminal unit is by root, does not also result in threat.
It should be appreciated that it is only exemplary that above general description and details hereinafter describe, can not be limited this
Invention.
Detailed description of the invention
It is described more fully with example embodiment referring now to accompanying drawing.But, example embodiment can be with multiple shape
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, it is provided that these embodiments make the present invention will more
Fully and completely, and by the design of example embodiment those skilled in the art is conveyed to all sidedly.Accompanying drawing is only the present invention
Schematic illustrations, be not necessarily drawn to scale.Reference identical in figure represents same or similar part, thus
Repetition thereof will be omitted.
Additionally, described feature, structure or characteristic can be combined in one or more enforcement in any suitable manner
In mode.In the following description, it is provided that many details thus be given and embodiments of the present invention fully understood.So
And, it will be appreciated by persons skilled in the art that and can put into practice technical scheme and omit in described specific detail one
Or more, or other method, constituent element, device, step etc. can be used.In other cases, it is not shown in detail or describes
Known features, method, device, realize or operate avoiding that a presumptuous guest usurps the role of the host and each aspect of the present invention is thickened.
Fig. 1 is according to a kind of based on SELinux the start safe class system of selection shown in an illustrative embodiments
Flow chart.As it is shown in figure 1, the method 10 includes:
In step s 102, when terminal unit is activated, shows safe class display interface, select difference for user
Safe class.
This safe class display interface includes the option of corresponding different safe class, and safe class such as can be wrapped
Include: high safety grade, common safe class and without safe class.
In this safe class display interface, can only show the option of different safety class, it is also possible to show not Tongan City
The help information of congruence level.Such as, when user not can determine which kind of safe class of this selection, user such as can be by selecting
Help options, displays for a user the details of different safety class, as under high safety grade, only allows which function/should
With being performed, thus assist user that safe class is selected.
In step S104, receive user's selection to different safety class.
By detection user to the touching of different safety class option or pressing operation, determine and receive user to not Tongan City
The selection of congruence level.
In step s 106, according to user's selection to different safety class, the corresponding SELinux pre-established is loaded
Strategy file.
SELinux is a set of security system based on strategy.In its security strategy, realized main by the setting of label
The body control to object.Wherein main body can be each process run in terminal unit, and object is then all moneys in system
Source, including: file system, catalogue, file, file start designator, port, message interface and network interface etc..Each process
It is owned by the label of oneself, and each object object is also owned by the label of oneself.By the SELinux security strategy write,
Control process label can object object tag be conducted interviews, such as file access, read-write and SOCKET operation etc..Such as,
Configured by strategy, it is allowed to label is that the process of A is written and read operation to the file that label is B;Or, it is allowed to label is C's
Process carries out SOCKET communication etc. to the message interface that label is D.When terminal unit is activated, by SELinux strategy file
Import in kernel, thus realize the forced symmetric centralization of follow-up SELinux.
For different safe classes, different SELinux strategy files, SELinux strategy file example can be prepared in advance
As for binary file.As high safety grade is that user uses when needing the safest state, as answered in payment
With, dial code phone, enter secret unit time, only allow and pay application, dial code phone or entrance secret unit
The use of corresponding function/application, then prohibits the use of for other function/application.Namely under high safety grade, the most fair
Being permitted high safety applications to be used, high safety applications includes: pays application, dial code phone etc..It can be by formulating
SELinux strategy controls.For allowing the function/application used, strategy file is configured to allow entering of these function/application
Journey accesses corresponding object object, arranges the label of coupling the most as mentioned above for process and object object;And for not allowing
Function/the application used, then be configured to not allow the process of these function/application to access corresponding object pair by strategy file
As.
For common safe class, the most do not affect the normal use of user, i.e. for the commonly used function of user/should
With, by the configuration of strategy file, perform corresponding forced symmetric centralization.And without as in high safety grade, positive closing portion
Divide the use of function/application.
For without safe class, then any SELinux strategy file can be not loaded with, hence for any function/should
Demand for system in the access of resource, do not limited by SELinux.
In certain embodiments, in said method can be embodied in Systemd system start-up bootstrap.Systemd
Bootstrap is a kind of Starting mode of (SuSE) Linux OS, and it can accelerate the toggle speed of linux system.
The start safe class system of selection based on SELinux of embodiment of the present invention, can starting up time
Wait the different safety class being selected to need entrance by user, such that it is able to adapt to different security contexts, add SELinux strong
System accesses the motility controlled.
It will be clearly understood that present disclosure describe how to be formed and use particular example, but the principle of the present invention is not limited to
Any details of these examples.On the contrary, teaching based on present disclosure, these principles can be applied to many other
Embodiment.
Fig. 2 is according to start based on the SELinux safe class selecting party of the another kind shown in an illustrative embodiments
The flow chart of method.As in figure 2 it is shown, the method 20 includes:
In step S202, when terminal unit is activated, hardware based credible tolerance mechanism tolerance terminal is used to set
Standby integrity, thus ensure the safety of kernel.
SELinux strategy file needs to be loaded in system kernel and uses, thereby ensure that Kernel security, further increases
The safety of SELinux security mechanism.
Above-mentioned credible tolerance mechanism guides such as can be based on TrustZone technology.TrustZone is that ARM is for electronics
A kind of hardware structure that equipment safety is proposed, this hardware structure is the extension of security system, mesh in whole system design process
Mark is to take precautions against the multiple threat that electronic equipment can suffer from.
TrustZone key problem in technology is introduce credible execution environment and commonly perform environment, and it can be commonly holding
Row is environmentally isolated, and creates the credible execution environment of credible startup (trusted boot).Credible startup commonly performs ring in startup
Credible execution environmental operation system is initialized before the operating system of border.Afterwards, can be by authentication, key and Password Management etc.
Trusted application is arranged in credible execution environment operation.
Terminal unit is reset in security context by the credible startup of TrustZone, by only read the form of internal memory from
Immutable hardware starts, and accesses believable hardware resource (such as hardware unique key, random number generator, counting
Device, timer and credible internal memory etc.).The thorough design of TrustZone technology, empirical tests credible Booting sequence is to ensure that equipment
The basis of integrity.Credible execution environmental operation system can start in advance as a part for credible Booting sequence, then guides
The common os starting performing environment.
In step S204, when integrity measurement passes through, show safe class display interface, select difference for user
Safe class.
Safe class such as may include that high safety grade, common safe class and without safe class.
In step S206, receive user's selection to different safety class.
In step S208, according to user's selection to different safety class, load the corresponding SELinux pre-established
Strategy file.
It should be noted that step S204 in present embodiment~S208 and step S102 in method 10~S106 phase
With, do not repeat them here.
The start safe class system of selection based on SELinux of embodiment of the present invention, uses further based on hardware
The integrity of credible tolerance mechanism tolerance terminal unit, thus ensure that the safety of kernel so that this start safe class is selected
Selection method is high safety, even if using super administrator right to be modified the operating system of terminal unit, namely eventually
The operating system of end equipment, by root, does not results in threat yet.
It will be appreciated by those skilled in the art that all or part of step realizing above-mentioned embodiment is implemented as being held by CPU
The computer program of row.When this computer program is performed by CPU, it is above-mentioned that the said method that performing the present invention provides is limited
Function.Described program can be stored in a kind of computer-readable recording medium, and this storage medium can be read only memory,
Disk or CD etc..
Further, it should be noted that above-mentioned accompanying drawing is only according to included by the method for exemplary embodiment of the invention
Process schematically illustrates rather than limits purpose.It can be readily appreciated that above-mentioned process shown in the drawings is not intended that or limits these
The time sequencing processed.It addition, be also easy to understand, these process can be such as either synchronously or asynchronously to perform in multiple modules
's.
Following for apparatus of the present invention embodiment, may be used for performing the inventive method embodiment.Real for apparatus of the present invention
Execute the details not disclosed in example, refer to the inventive method embodiment.
Fig. 3 is to select device according to a kind of based on SELinux the start safe class shown in an illustrative embodiments
Block diagram.As it is shown on figure 3, this device 30 includes: interface display module 302, selection receiver module 304 and strategy load-on module
306。
Interface display module 302, for when terminal unit is activated, shows safe class display interface, described safety etc.
Level display interface includes the option of corresponding different safe class.
In certain embodiments, described safe class includes: high safety grade, common safe class and without safe class;
Wherein under described high safety grade, only allowing high safety applications to be used, described high safety applications includes: pays application and dials
Play code phone;Under described common safe class, based on corresponding described SELinux strategy file, it is allowed to all application quilts
Use;Described without safe class under, be not loaded with described SELinux strategy file.
Select receiver module 304 for receiving user's selection to different described safe classes.
Strategy load-on module 306 is for according to user's selection to different described safe classes, loading preassigned
Corresponding SELinux strategy file.
In certain embodiments, this device 30 is implemented on the boot of described terminal unit operating system
In Systemd.
The start safe class based on SELinux of embodiment of the present invention selects device, can starting up time
Wait the different safety class being selected to need entrance by user, such that it is able to adapt to different security contexts, add SELinux strong
System accesses the motility controlled.
Fig. 4 is to select dress according to start based on the SELinux safe class of the another kind shown in an illustrative embodiments
The block diagram put.As shown in Figure 4, this device 40 includes: interface display module 402, selection receiver module 404, strategy load-on module
406 and integrity measurement module 408.
Integrity measurement module 408, for when described terminal unit is activated, uses hardware based credible tolerance machine
The integrity of terminal unit described in system amount.
In certain embodiments, described credible tolerance mechanism is reliable hardware based on TrustZone technology tolerance mechanism.
Interface display module 402, for when the integrity measurement of described terminal unit passes through, shows described safe class
Display interface.
Select receiver module 404 for receiving user's selection to different described safe classes.
In certain embodiments, described safe class includes: high safety grade, common safe class and without safe class;
Wherein under described high safety grade, only allowing high safety applications to be used, described high safety applications includes: pays application and dials
Play code phone;Under described common safe class, based on corresponding described SELinux strategy file, it is allowed to all application quilts
Use;Described without safe class under, be not loaded with described SELinux strategy file.
Strategy load-on module 406 is for according to user's selection to different described safe classes, loading preassigned
Corresponding SELinux strategy file.
In certain embodiments, this device 40 is implemented on the boot of described terminal unit operating system
In Systemd.
The start safe class based on SELinux of embodiment of the present invention selects device, uses based on hardware further
The integrity of credible tolerance mechanism tolerance terminal unit, thus ensure that the safety of kernel so that this start safe class is selected
Selection method is high safety, even if using super administrator right to be modified the operating system of terminal unit, namely eventually
The operating system of end equipment, by root, does not results in threat yet.
It should be noted that the block diagram shown in above-mentioned accompanying drawing is functional entity, it is not necessary to must with physically or logically
Independent entity is corresponding.Can use software form to realize these functional entitys, or in one or more hardware modules or
Integrated circuit realizes these functional entitys, or realizes in heterogeneous networks and/or processor device and/or microcontroller device
These functional entitys.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can be realized by software, it is also possible to realizes by the way of software combines necessary hardware.Therefore, according to the present invention
The technical scheme of embodiment can embody with the form of software product, this software product can be stored in one non-volatile
In property storage medium (can be CD-ROM, USB flash disk, portable hard drive etc.) or on network, including some instructions so that a calculating
Equipment (can be personal computer, server, mobile terminal or the network equipment etc.) performs according to embodiment of the present invention
Method.
More than it is particularly shown and described the illustrative embodiments of the present invention.It should be appreciated that the present invention does not limits
In detailed construction described herein, set-up mode or implementation method;It is included in claims on the contrary, it is intended to contain
Spirit and scope in various amendments and equivalence arrange.