CN106096418B - SELinux-based startup security level selection method and device and terminal equipment - Google Patents
SELinux-based startup security level selection method and device and terminal equipment Download PDFInfo
- Publication number
- CN106096418B CN106096418B CN201610389141.6A CN201610389141A CN106096418B CN 106096418 B CN106096418 B CN 106096418B CN 201610389141 A CN201610389141 A CN 201610389141A CN 106096418 B CN106096418 B CN 106096418B
- Authority
- CN
- China
- Prior art keywords
- security level
- terminal device
- selinux
- selection
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010187 selection method Methods 0.000 title claims abstract description 18
- 238000000034 method Methods 0.000 claims description 31
- 230000007246 mechanism Effects 0.000 claims description 23
- 238000005259 measurement Methods 0.000 claims description 15
- 238000005516 engineering process Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 description 13
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a startup security level selection method and device based on SELinux and terminal equipment. The security level selection method comprises the following steps: when the terminal equipment is started, displaying a safety level display interface, wherein the safety level display interface comprises options corresponding to different safety levels; receiving user selection of different security levels; and loading a pre-specified corresponding SELinux policy file according to the selection of the user on different security levels. According to the security level selection method, the user can select the security level, and the flexibility of security control is improved.
Description
Technical field
The present invention relates to terminal device security technology areas, in particular to a kind of booting safety based on SELinux
Hierarchical selection method, apparatus and terminal device.
Background technique
SELinux (Security-Enhanced Linux, enhanced security Linux) is a kind of U.S.National Security Agency
(NSA) implementation method for forced symmetric centralization (MAC) formulated, is secure subsystem new in (SuSE) Linux OS.When
After terminal device is loaded with SELinux secure subsystem, the security level of its operating system can be greatlyd improve.
SELinux as a kind of mandatory Access Control Mechanism, be used for by system resource point level of confidentiality and class carry out pipe
Reason, to guarantee that the resource that is indicated and can be accessed by it can only be accessed in each user.Briefly, in forced symmetric centralization
Under, process (or other main bodys) and file (or other objects) are all marked with fixed security strategy (such as security level, access
Permission etc.), when each access occurs, system detection security strategy with determine a user whether one file of Internet access.
Namely forcing access is controlled by system, user directly cannot perceive or control.This fine-grained protection mechanism can be with
Keep security of system higher.
But in practical application, user may have different needs security level, such as needing very safe make
With under environment, it is desirable to only the certain applications program of terminal device or function be allowed to be used.But current SELinux mechanism can not
Realize the function.
Above- mentioned information are only used for reinforcing the understanding to background of the invention, therefore it disclosed in the background technology part
It may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
It is set in view of this, the present invention provides a kind of booting security level selection method, device and terminal based on SELinux
It is standby, security level can be selected by user, increase the flexibility of security control.
Other characteristics and advantages of the invention will be apparent from by the following detailed description, or partially by the present invention
Practice and acquistion.
According to an aspect of the present invention, a kind of booting security level selection method based on SELinux is provided, comprising:
When terminal device is activated, security level display interface is shown, the security level display interface includes corresponding different peace
The option of congruent grade;Receive selection of the user to the different security levels;And according to user to the different safety
The selection of grade loads preassigned corresponding SELinux strategy file.
According to an embodiment of the present invention, when the terminal device is activated, the above method further include: use and be based on
The credible tolerance mechanism of hardware measures the integrality of the terminal device;And when the integrity measurement of the terminal device passes through
When, show the security level display interface.
According to an embodiment of the present invention, the security level includes: high safety grade, common security level and without peace
Congruent grade;Wherein under the high safety grade, only allow high safety using being used, the high safety application includes: payment
Using and dial code phone;Under the common security level, based on the corresponding SELinux strategy file, allow institute
Have to apply and be used;Under the no security level, it is not loaded with the SELinux strategy file.
According to an embodiment of the present invention, the credible tolerance mechanism is the reliable hardware based on TrustZone technology
Tolerance mechanism.
According to an embodiment of the present invention, the method is implemented on the booting guidance journey of the terminal device operating system
In sequence Systemd.
According to another aspect of the present invention, a kind of booting security level selection device based on SELinux is provided, is wrapped
Include: interface display module, for showing security level display interface when terminal device is activated, the security level is shown
Interface includes the option of corresponding different security level;Receiving module is selected, for receiving user to the different safety etc.
The selection of grade;And tactful loading module, for the selection according to user to the different security levels, load is preassigned
Corresponding SELinux strategy file.
According to an embodiment of the present invention, above-mentioned apparatus further include: integrity measurement module, for being set when the terminal
For when being activated, the integrality of the terminal device is measured using hardware based credible tolerance mechanism;The interface display mould
Block is also used to show the security level display interface when the integrity measurement of the terminal device passes through.
According to an embodiment of the present invention, the security level includes: high safety grade, common security level and without peace
Congruent grade;Wherein under the high safety grade, only allow high safety using being used, the high safety application includes: payment
Using and dial code phone;Under the common security level, based on the corresponding SELinux strategy file, allow institute
Have to apply and be used;Under the no security level, it is not loaded with the SELinux strategy file.
According to an embodiment of the present invention, the credible tolerance mechanism is the reliable hardware based on TrustZone technology
Tolerance mechanism.
According to an embodiment of the present invention, described device is implemented on the booting guidance journey of the terminal device operating system
In sequence Systemd.
In accordance with a further aspect of the present invention, a kind of terminal device is provided, comprising: processor;And memory, for depositing
Store up the executable instruction of the processor;Wherein the processor is configured to following to execute via the executable instruction is executed
Operation: when terminal device is activated, show that security level display interface, the security level display interface include corresponding different
Security level option;Receive selection of the user to the different security levels;And according to user to described in different
The selection of security level loads preassigned corresponding SELinux strategy file.
Booting security level selection method according to the present invention based on SELinux, can when starting up by
User selects the different safety class for needing to enter, and so as to adapt to different security contexts, increases SELinux and forces to visit
Ask the flexibility of control.
In addition, according to some embodiments, the booting security level selection method of the invention based on SELinux, further
Using the integrality of hardware based credible tolerance mechanism measurement terminal device, to ensure that the safety of kernel, so that this is opened
Machine security level selection method is high safety, even if being carried out using operating system of the super keepe permission to terminal device
The operating system of modification namely terminal device will not be threatened by root.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited
Invention.
Detailed description of the invention
Its example embodiment is described in detail by referring to accompanying drawing, above and other target of the invention, feature and advantage will
It becomes more fully apparent.
Fig. 1 is a kind of booting security level selection method based on SELinux shown according to an illustrative embodiments
Flow chart.
Fig. 2 is according to another booting security level selecting party based on SELinux shown in an illustrative embodiments
The flow chart of method.
Fig. 3 is a kind of booting security level selection device based on SELinux shown according to an illustrative embodiments
Block diagram.
Fig. 4 is according to another booting security level selection dress based on SELinux shown in an illustrative embodiments
The block diagram set.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the present invention will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.Attached drawing is only the present invention
Schematic illustrations, be not necessarily drawn to scale.Identical appended drawing reference indicates same or similar part in figure, thus
Repetition thereof will be omitted.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner
In mode.In the following description, many details are provided to provide and fully understand to embodiments of the present invention.So
And it will be appreciated by persons skilled in the art that technical solution of the present invention can be practiced and omit one in the specific detail
Or more, or can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes
Known features, method, apparatus, realization or operation are to avoid a presumptuous guest usurps the role of the host and each aspect of the present invention is made to thicken.
Fig. 1 is a kind of booting security level selection method based on SELinux shown according to an illustrative embodiments
Flow chart.As shown in Figure 1, this method 10 includes:
In step s 102, when terminal device is activated, security level display interface is shown, it is different for selection by the user
Security level.
It include the option of corresponding different security level in the security level display interface, security level for example can wrap
It includes: high safety grade, common security level and without security level.
In the security level display interface, it can only show the option of different safety class, can also show not TongAn
The help information of congruent grade.For example, user can for example pass through selection when user not can determine which kind of security level of the selection
Help options displays for a user the details of different safety class, and such as under high safety grade, which function/answer only allowed
With being performed, so that user be assisted to select security level.
In step S104, selection of the user to different safety class is received.
Touching or pressing operation by detection user to different safety class option determine and receive user to not TongAn
The selection of congruent grade.
In step s 106, the selection according to user to different safety class loads the corresponding SELinux pre-established
Strategy file.
SELinux is a set of security system based on strategy.In its security strategy, master is realized by the setting of label
Control of the body to object.Wherein main body can be each process run in terminal device, and object is then all moneys in system
Source, comprising: file system, catalogue, file, file start indicator, port, message interface and network interface etc..Each process
It is owned by the label of oneself, and each object object is also owned by the label of oneself.By the SELinux security strategy write,
It can access to object object tag to control process label, such as file access, read-write and SOCKET operation.For example,
It is configured by strategy, the file that the process that label is A is B to label is allowed to be written and read;Alternatively, label is allowed to be C's
Process carries out SOCKET communication etc. to the message interface that label is D.When terminal device is activated, by SELinux strategy file
It imported into kernel, to realize the forced symmetric centralization of subsequent SELinux.
For different security levels, different SELinux strategy files, SELinux strategy file example can be prepared in advance
For example binary file.If high safety grade is that user uses when needing very safe state, such as answered in payment
With, dial code phone, into secret unit when, only allow with payment application, dial code phone or enter secret unit
The use of corresponding function/application, and other function/application is then forbidden to use.Namely under high safety grade, only permit
Perhaps for high safety using being used, high safety application includes: to pay application, dial code phone etc..It can pass through formulation
SELinux strategy controls.For allow using function/application, strategy file be configured to allow these function/applications into
Journey accesses corresponding object object, such as matched label is arranged for process and object object as described above;And for not allowing
Function/the application used then configures strategy file to these function/application processes is not allowed to access corresponding object pair
As.
For common security level, then the normal use of user, i.e., function commonly used for user/answer are not influenced
With executing corresponding forced symmetric centralization by the configuration of strategy file.Without in such as high safety grade, positive closing portion
Divide function/application use.
For no security level, then it can be not loaded with any SELinux strategy file, hence for any function/answer
The access of resource, is not limited by SELinux in demand for system.
In some embodiments, it can be implemented in Systemd system Bootloader in the above method.Systemd
Bootstrap is a kind of Starting mode of (SuSE) Linux OS, can accelerate the starting speed of linux system.
The booting security level selection method based on SELinux of embodiment of the present invention, can starting up when
It waits and is selected to need the different safety class entered that it is strong to increase SELinux so as to adapt to different security contexts by user
The flexibility of access control processed.
It will be clearly understood that the present disclosure describe how being formed and using particular example, but the principle of the present invention is not limited to
These exemplary any details.On the contrary, the introduction based on present disclosure, these principles can be applied to many other
Embodiment.
Fig. 2 is according to another booting security level selecting party based on SELinux shown in an illustrative embodiments
The flow chart of method.As shown in Fig. 2, this method 20 includes:
In step S202, when terminal device is activated, set using hardware based credible tolerance mechanism measurement terminal
Standby integrality, to guarantee the safety of kernel.
SELinux strategy file needs are loaded into the system kernel use, therefore guarantee Kernel security, further increase
The safety of SELinux security mechanism.
Above-mentioned credible tolerance mechanism guidance can for example be based on TrustZone technology.TrustZone is ARM for electronics
A kind of hardware structure that equipment safety is proposed, the hardware structure are the extension of security system in whole system design process, mesh
Mark is a variety of threats taking precautions against electronic equipment and can suffer from.
TrustZone key problem in technology is to introduce credible performing environment and common performing environment, can be commonly holding
Row is environmentally isolated, and creates the credible performing environment of credible starting (trusted boot).Credible starting is in the common execution ring of starting
Credible performing environment operating system is initialized before the operating system of border.It later, can be by authentication, key and Password Management etc.
Trusted application configuration is run in credible performing environment.
Terminal device is reset in security context by the credible starting of TrustZone, by way of only reading memory from
Immutable hardware is started, and accesses believable hardware resource (such as hardware unique key, random number generator, counting
Device, timer and credible memory etc.).The thorough design of TrustZone technology, verified credible Booting sequence is to ensure that equipment
The basis of integrality.Then credible performing environment operating system can be guided as a part starting in advance of credible Booting sequence
The os starting of common performing environment.
In step S204, when integrity measurement passes through, security level display interface is shown, it is different for selection by the user
Security level.
Security level for example may include: high safety grade, common security level and without security level.
In step S206, selection of the user to different safety class is received.
In step S208, selection according to user to different safety class loads the corresponding SELinux pre-established
Strategy file.
It should be noted that step S204~S208 in present embodiment and step S102~S106 phase in method 10
Together, details are not described herein.
The booting security level selection method based on SELinux of embodiment of the present invention, further using based on hardware
Credible tolerance mechanism measurement terminal device integrality, to ensure that the safety of kernel, so that the booting security level is selected
Selection method is high safety, even if being modified using operating system of the super keepe permission to terminal device, namely eventually
The operating system of end equipment will not be threatened by root.
It will be appreciated by those skilled in the art that realizing that all or part of the steps of above embodiment is implemented as being held by CPU
Capable computer program.When the computer program is executed by CPU, execute above-mentioned defined by the above method provided by the invention
Function.The program can store in a kind of computer readable storage medium, which can be read-only memory,
Disk or CD etc..
Further, it should be noted that above-mentioned attached drawing is only according to the present invention included by the method for illustrative embodiments
Processing schematically illustrates, rather than limits purpose.It can be readily appreciated that above-mentioned processing shown in the drawings does not indicate or limits these
The time sequencing of processing.In addition, being also easy to understand, these processing, which can be, for example either synchronously or asynchronously to be executed in multiple modules
's.
Following is apparatus of the present invention embodiment, can be used for executing embodiment of the present invention method.For apparatus of the present invention reality
Undisclosed details in example is applied, embodiment of the present invention method is please referred to.
Fig. 3 is a kind of booting security level selection device based on SELinux shown according to an illustrative embodiments
Block diagram.As shown in figure 3, the device 30 includes: interface display module 302, selection receiving module 304 and tactful loading module
306。
Interface display module 302 is used for when terminal device is activated, and shows security level display interface, described safety etc.
Grade display interface includes the option of corresponding different security level.
In some embodiments, the security level includes: high safety grade, common security level and without security level;
Wherein under the high safety grade, only allow high safety using being used, the high safety application includes: payment application and dials
Play code phone;Under the common security level, based on the corresponding SELinux strategy file, allow all application quilts
It uses;Under the no security level, it is not loaded with the SELinux strategy file.
Selection receiving module 304 is for receiving selection of the user to the different security levels.
Tactful loading module 306 loads preassigned for the selection according to user to the different security levels
Corresponding SELinux strategy file.
In some embodiments, which is implemented on the boot of the terminal device operating system
In Systemd.
The booting security level selection device based on SELinux of embodiment of the present invention, can starting up when
It waits and is selected to need the different safety class entered that it is strong to increase SELinux so as to adapt to different security contexts by user
The flexibility of access control processed.
Fig. 4 is according to another booting security level selection dress based on SELinux shown in an illustrative embodiments
The block diagram set.As shown in figure 4, the device 40 includes: interface display module 402, selection receiving module 404, tactful loading module
406 and integrity measurement module 408.
Integrity measurement module 408 is used for when the terminal device is activated, using hardware based credible measurement machine
The integrality of terminal device described in system amount.
In some embodiments, the credible tolerance mechanism is the reliable hardware tolerance mechanism based on TrustZone technology.
Interface display module 402 is used for when the integrity measurement of the terminal device passes through, and shows the security level
Display interface.
Selection receiving module 404 is for receiving selection of the user to the different security levels.
In some embodiments, the security level includes: high safety grade, common security level and without security level;
Wherein under the high safety grade, only allow high safety using being used, the high safety application includes: payment application and dials
Play code phone;Under the common security level, based on the corresponding SELinux strategy file, allow all application quilts
It uses;Under the no security level, it is not loaded with the SELinux strategy file.
Tactful loading module 406 loads preassigned for the selection according to user to the different security levels
Corresponding SELinux strategy file.
In some embodiments, which is implemented on the boot of the terminal device operating system
In Systemd.
The booting security level selection device based on SELinux of embodiment of the present invention, further using based on hardware
Credible tolerance mechanism measurement terminal device integrality, to ensure that the safety of kernel, so that the booting security level is selected
Selection method is high safety, even if being modified using operating system of the super keepe permission to terminal device, namely eventually
The operating system of end equipment will not be threatened by root.
It should be noted that above-mentioned block diagram shown in the drawings is functional entity, not necessarily must with physically or logically
Independent entity is corresponding.Can realize these functional entitys using software form, or in one or more hardware modules or
These functional entitys are realized in integrated circuit, or are realized in heterogeneous networks and/or processor device and/or microcontroller device
These functional entitys.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the present invention
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, mobile terminal or network equipment etc.) executes embodiment according to the present invention
Method.
It is particularly shown and described exemplary embodiments of the present invention above.It should be appreciated that the present invention is unlimited
In detailed construction described herein, set-up mode or implementation method;On the contrary, it is intended to cover included in appended claims
Spirit and scope in various modifications and equivalence setting.
Claims (11)
1. a kind of booting security level selection method based on SELinux characterized by comprising
When terminal device is activated, show that security level display interface, the security level display interface include corresponding different
Security level option;
Receive selection of the user to the different security levels;And
Selection according to user to the different security levels loads preassigned corresponding SELinux strategy file.
2. the method according to claim 1, wherein when the terminal device is activated, further includes:
The integrality of the terminal device is measured using hardware based credible tolerance mechanism;And
When the integrity measurement of the terminal device passes through, the security level display interface is shown.
3. according to the method described in claim 2, it is characterized in that, the security level includes: high safety grade, common safety
Grade and without security level;Wherein under the high safety grade, only allows high safety to apply and used, the high safety application
It include: that code phone is applied and dialed in payment;Under the common security level, based on the corresponding SELinux strategy text
Part allows all applications to be used;Under the no security level, it is not loaded with the SELinux strategy file.
4. according to the method described in claim 2, it is characterized in that, the credible tolerance mechanism is based on TrustZone technology
Reliable hardware tolerance mechanism.
5. method according to claim 1-4, which is characterized in that the method is implemented on the terminal device behaviour
Make in the boot Systemd of system.
6. a kind of booting security level selection device based on SELinux characterized by comprising
Interface display module, for showing security level display interface when terminal device is activated, the security level is shown
Interface includes the option of corresponding different security level;
Receiving module is selected, for receiving selection of the user to the different security levels;And
Tactful loading module loads preassigned corresponding for the selection according to user to the different security levels
SELinux strategy file.
7. device according to claim 6, which is characterized in that further include: integrity measurement module, for working as the terminal
When equipment is activated, the integrality of the terminal device is measured using hardware based credible tolerance mechanism;The interface display
Module is also used to show the security level display interface when the integrity measurement of the terminal device passes through.
8. device according to claim 7, which is characterized in that the security level includes: high safety grade, common safety
Grade and without security level;Wherein under the high safety grade, only allows high safety to apply and used, the high safety application
It include: that code phone is applied and dialed in payment;Under the common security level, based on the corresponding SELinux strategy text
Part allows all applications to be used;Under the no security level, it is not loaded with the SELinux strategy file.
9. device according to claim 7, which is characterized in that the credible tolerance mechanism is based on TrustZone technology
Reliable hardware tolerance mechanism.
10. according to the described in any item devices of claim 6-9, which is characterized in that described device is implemented on the terminal device
In the boot Systemd of operating system.
11. a kind of terminal device characterized by comprising
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein the processor is configured to execute following operation via the executable instruction is executed:
When terminal device is activated, show that security level display interface, the security level display interface include corresponding different
Security level option;
Receive selection of the user to the different security levels;And
Selection according to user to the different security levels loads preassigned corresponding SELinux strategy file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610389141.6A CN106096418B (en) | 2016-06-02 | 2016-06-02 | SELinux-based startup security level selection method and device and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610389141.6A CN106096418B (en) | 2016-06-02 | 2016-06-02 | SELinux-based startup security level selection method and device and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106096418A CN106096418A (en) | 2016-11-09 |
| CN106096418B true CN106096418B (en) | 2019-01-04 |
Family
ID=57447151
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610389141.6A Active CN106096418B (en) | 2016-06-02 | 2016-06-02 | SELinux-based startup security level selection method and device and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106096418B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106534147B (en) * | 2016-11-29 | 2019-08-27 | 北京元心科技有限公司 | Method and device for selecting and applying SELinux security policy in multi-system |
| CN106453413B (en) * | 2016-11-29 | 2019-06-25 | 北京元心科技有限公司 | Method and device for applying SELinux security policy in multi-system |
| CN106845243A (en) * | 2016-12-13 | 2017-06-13 | 北京元心科技有限公司 | Improve the method and system for starting safety |
| CN109522720A (en) * | 2018-11-29 | 2019-03-26 | 北京元心科技有限公司 | Method, apparatus, electronic equipment and the computer readable storage medium of dynamic measurement |
| CN110362983B (en) * | 2019-05-31 | 2022-06-17 | 北京中电飞华通信股份有限公司 | Method and device for ensuring consistency of dual-domain system and electronic equipment |
| CN112463203B (en) * | 2020-10-29 | 2023-05-12 | 苏州浪潮智能科技有限公司 | Management configuration method, system, equipment and medium of SELinux |
| CN117874773A (en) * | 2024-03-12 | 2024-04-12 | 麒麟软件有限公司 | Operating system safe starting method and device based on safety level control strategy |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592092A (en) * | 2012-01-09 | 2012-07-18 | 中标软件有限公司 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
-
2016
- 2016-06-02 CN CN201610389141.6A patent/CN106096418B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592092A (en) * | 2012-01-09 | 2012-07-18 | 中标软件有限公司 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106096418A (en) | 2016-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106096418B (en) | SELinux-based startup security level selection method and device and terminal equipment | |
| Sun et al. | TrustOTP: Transforming smartphones into secure one-time password tokens | |
| US9589139B2 (en) | Method and device for altering a unified extensible firmware interface (UEFI) secure boot process in a computing device | |
| Cooijmans et al. | Analysis of secure key storage solutions on android | |
| EP3044901B1 (en) | Keying infrastructure | |
| CN104995627B (en) | Cipher key revocation in system-on-chip apparatus | |
| EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
| CN107679393B (en) | Android integrity verification method and device based on trusted execution environment | |
| CN106133743B (en) | System and method for optimizing the scanning of pre-installation application program | |
| JP2019512142A (en) | System and method for generating tripwire files | |
| CN104217139B (en) | Processing system | |
| KR102509594B1 (en) | Method for detecting the tampering of application code and electronic device supporting the same | |
| CN107038369A (en) | The method and terminal of a kind of resources accessing control | |
| KR20170046409A (en) | Apparatus and Method for Managing Application | |
| CN107077565A (en) | The collocation method and equipment of a kind of safe configured information | |
| CN104463013A (en) | Mobile terminal and data encryption method thereof | |
| US9563773B2 (en) | Systems and methods for securing BIOS variables | |
| CN105809000A (en) | Information processing method and electronic device | |
| Garriss et al. | Towards trustworthy kiosk computing | |
| US10944578B2 (en) | Identity verification | |
| Cho et al. | Vulnerabilities of android data sharing and malicious application to leaking private information | |
| US9887979B1 (en) | Systems and methods for enabling users to launch applications without entering authentication credentials | |
| CN111656348B (en) | Mask processed key hopping | |
| CN105975860B (en) | A kind of trust file management method, device and equipment | |
| CN108073411A (en) | A kind of kernel loads method and device of patch |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210129 Address after: 101300 room 153, 1 / F, building 17, 16 Caixiang East Road, Nancai Town, Shunyi District, Beijing Patentee after: Yuanxin Information Technology Group Co.,Ltd. Address before: 100176 room 2222, building D, building 33, 99 Kechuang 14th Street, Beijing Economic and Technological Development Zone, Beijing Patentee before: BEIJING YUANXIN SCIENCE & TECHNOLOGY Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20161109 Assignee: Beijing Yuanxin Junsheng Technology Co.,Ltd. Assignor: Yuanxin Information Technology Group Co.,Ltd. Contract record no.: X2021110000018 Denomination of invention: SELinux based power on security level selection method, device and terminal equipment Granted publication date: 20190104 License type: Common License Record date: 20210531 |