Detailed description of the invention
Embodiments of the invention are described below in detail, and the example of described embodiment is shown in the drawings, the most from start to finish
Same or similar label represents same or similar element or has the element of same or like function.Below with reference to attached
The embodiment that figure describes is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative used herein " ", "
Individual ", " described " and " being somebody's turn to do " may also comprise plural form.It is to be further understood that use in the description of the present invention arranges
Diction " including " refers to there is described feature, integer, step, operation, element and/or assembly, but it is not excluded that existence or adds
Other features one or more, integer, step, operation, element, assembly and/or their group.It should be understood that when we claim unit
Part is " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or can also exist
Intermediary element.Additionally, " connection " used herein or " coupling " can include wireless connections or wireless couple.Used herein arrange
Diction "and/or" includes that one or more list the whole of item or any cell being associated combines with whole.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, and all terms used herein (include technology art
Language and scientific terminology), have with the those of ordinary skill in art of the present invention be commonly understood by identical meaning.Also should
Be understood by, those terms defined in such as general dictionary, it should be understood that have with in the context of prior art
The meaning that meaning is consistent, and unless by specific definitions as here, otherwise will not use idealization or the most formal implication
Explain.
Those skilled in the art of the present technique are appreciated that " terminal " used herein above, " terminal unit " had both included wireless communication
The equipment of number receptor, it only possesses the equipment of wireless signal receiver of non-emissive ability, includes again receiving and launching hardware
Equipment, its have on bidirectional communication link, can carry out two-way communication reception and launch hardware equipment.This equipment
May include that honeycomb or other communication equipments, it has single line display or multi-line display or does not has multi-line to show
The honeycomb of device or other communication equipments;PCS (Personal Communications Service, PCS Personal Communications System), it can
Process with combine voice, data, fax and/or its communication ability;PDA (Personal Digital Assistant, individual
Digital assistants), it can include the access of radio frequency receiver, pager, the Internet/intranet, web browser, notepad, day
Go through and/or GPS (Global Positioning System, global positioning system) receptor;Conventional laptop and/or palm
Type computer or other equipment, its have and/or include the conventional laptop of radio frequency receiver and/or palmtop computer or its
His equipment." terminal " used herein above, " terminal unit " can be portable, can transport, be arranged on the vehicles (aviation,
Sea-freight and/or land) in, or be suitable for and/or be configured at local runtime, and/or with distribution form, operate in the earth
And/or any other position operation in space." terminal " used herein above, " terminal unit " can also is that communication terminal, on
Network termination, music/video playback terminal, such as, can be PDA, MID (Mobile Internet Device, mobile Internet
Equipment) and/or there is the mobile phone of music/video playing function, it is also possible to it is the equipment such as intelligent television, Set Top Box.
In the embodiment of the present invention, application layer arranges authority and safety check module;Authority and safety check module connect
After receiving the system call request of application, system call request is carried out scope check;After scope check passes through, by this authority and
The secure ID preset of safety check module is carried in system call request as transmitting side marking and sends to kernel;Kernel
After receiving system call request, however, it is determined that go out the transmitting side marking of the system call request received and the secure ID prestored
Consistent, then carry out corresponding system and call.Visible, in the embodiment of the present invention, to the system call request of application authority inspection
Look in the application layer outside kernel and carry out, and the peace preset of authority and safety check module is set in system call request
Full mark is for kernel identification, and this partial code is not belonging to Open Source Code and will not be disclosed, the safety that the system of greatly strengthen is called
Property.
And, in the embodiment of the present invention, kernel is if it is determined that the transmitting side marking of the system call request received is with pre-
The authority deposited and the secure ID of safety check module are inconsistent, then refusal performs the system call request received.Visible, this
In invention example, the system call request that existing application directly sends to kernel, because not having the peace of inspection module safe to carry
Full mark, all will be performed by kernel rejection;It is prevented from the illegal existing Linux of applications exploiting such as virus, wooden horse, rogue program
Security mechanism invasion, the safety that the system of greatly strengthen is called.
Further, present inventor have further discovered that, in existing system call method, perform the peace of various security mechanism
Full module is built in the kernel of operating system, owing to kernel code amount is huge and the specification of open source community, causes revising safety
The work of module and security mechanism thereof is extremely difficult, causes customizing new security mechanism and becomes extremely difficult.
Based on above-mentioned discovery, in the embodiment of the present invention, can easily the security strategy customized for user be arranged
In application layer so that authority and safety check module can according to the security strategy of customization more flexibly, more personalizedly
The call request of application is carried out scope check, on the basis of ensureing that system calls safety, various user can be met not
Same demand, promotes Consumer's Experience.And, compared with the security module in amendment kernel, code revision amount is substantially reduced, compatible
More preferably, applicable surface is wider for property.
The most specifically introduce the technical scheme of the embodiment of the present invention.
The intelligent terminal of the embodiment of the present invention can be the terminal unit such as smart mobile phone, panel computer.
The application scenarios of the embodiment of the present invention, for operating system based on linux kernel, such as android system,
Tizen system, Ubuntu system and FireFox system etc..
Embodiments provide the system call method of a kind of application, the schematic flow sheet of the method such as Fig. 1 a institute
Show, comprise the steps:
S101: apply and send system call request to authority and safety check module.
In the embodiment of the present invention, the application layer of operating system pre-sets authority and safety check module and peace thereof
Full mark.The secure ID of authority and safety check module includes: authority and the identity information of safety check module and/or address
Information.
Under client-server mode, application can be as a reality as client, authority and safety check module
Body independent operating (being similar to an application) is as server.Under this pattern, fixing UID (User can be preset
IDentification, ID), PID (Process IDentification, the identity information such as process identification (PID) and/or defeated
Go out the address informations such as address, the identity information special as authority and safety check module and/or address information, belong to authority and
The secure ID of safety check module.
Under resident pattern, authority and safety check module with the form in storehouse together with application link, when running application
Automatically authority and safety check module are run.
Specifically, if authority and safety check module are set to static library, then it are compiled into altogether can transport with application
The program of row;When this application runs, automatically authority and safety check module are arranged fixing address space set in advance.
If authority and safety check module are set to dynamic base, then linked in the program run being compiled into application;Should
With when running, obtain authority and safety check module automatically according to link, and fixing address space set in advance is set to.
This fixing address space preset, as the special address information of authority and safety check module, belongs to authority and safety inspection
The secure ID of module.
Apply its system call request, send to authority and safety check module.System call request is permissible in form
It is similar to be absorbed in instruction.The content of system call request can include following at least one: access data base, access input and output
File, access system service etc..
It is appreciated that its system call request system call interfaces in kernel is typically directly sent out by existing application
Send, and the application in the embodiment of the present invention is improved so that apply and call to authority and safety check module transmission system
Request.
After S102: authority and safety check module receive the system call request of application, system call request is carried out
Scope check;If scope check passes through, then perform step S103;If scope check failure, then ignoring that the system of reception calls please
Ask.
After authority and safety check module receive the system call request of application, according to each in default security strategy
Every authority that application is corresponding, carries out scope check to the system call request of application.
Specifically, it is determined that the authority that the authority that the system call request of application relates to has with this application in security strategy
Whether match;The inspection that the most then defines the competence is passed through, and performs step S103;Otherwise define the competence and check unsuccessfully, ignore reception
System call request.
Easy to understand, the Access Options incompatible with its function has been preset in the most a lot of application.Such as one pocket lamp
Application, in addition to the Access Options of default camera, is also provided with (intelligent terminal's) positional information, WLAN (Wireless
Local Area Network, WLAN) and the Access Options of list of application has been installed, it is therefore apparent that pocket lamp is applied
The light compensating lamp of photographic head is modeled to the realization of the torch function in order to illuminate, with positional information, WLAN and installed application row
These information of table are unrelated.Therefore, it can to predefine out authority that application function needs to use and/or with application function not phase
The authority corresponding to Access Options adapted to, recorded in security strategy, filters according to security strategy and fit mutually with application function
The authority corresponding to Access Options answered, reduces the probability revealing user profile.
It is preferred that authority and safety inspection can be arranged according to the demand of user for the security strategy that user is customized
Look in module;Such as, customize security strategy A for company A, customize security strategy B for B company, security strategy A, B are respectively provided with
In the authority of intelligent terminal and safety check module of A, B company.
Authority and safety check module can according to the security strategy of customization more flexibly, more personalizedly to application
Call request carries out scope check, on the basis of ensureing that system calls safety, can meet the demand that various user is different,
Promote Consumer's Experience.And, compared with the security module in amendment kernel, code revision amount is substantially reduced, and compatibility is more preferably, suitable
Wider with face.
S103: the secure ID preset of this authority and safety check module is carried on system as transmitting side marking and adjusts
Send to kernel with in request.
The secure ID of authority and safety check module includes: authority and the identity information of safety check module and/or ground
Location information;Identity information can include following at least one: fixing UID, PID etc.;Address information can include the most at least
One: fixing OPADD, address space etc..
Authority and safety check module, by this authority and the secure ID preset of safety check module, are marked as sender
Know and be carried in system call request, send to kernel.
After S104: kernel receives system call request, determine the transmitting side marking of the system call request received with
The secure ID prestored is the most consistent, if unanimously, then performs step S105;If inconsistent, then perform step S106.
After kernel receives system call request, determine in transmitting side marking and the kernel of the system call request received
The authority prestored and the secure ID of safety check module are the most consistent, if unanimously, then perform step S105;If it is inconsistent,
Then perform step S106.
S105: kernel carries out corresponding system and calls.
The transmitting side marking that kernel determines system call request in above-mentioned steps S104 and the authority prestored and safety
Check module secure ID consistent after, in this step, perform receive system call request, carry out corresponding system tune
With.
S106: kernel refusal performs the system call request received, and returns to the application sending this system call request
Return denied access message.
The transmitting side marking that kernel determines system call request in above-mentioned steps S104 and the authority prestored and safety
After checking that the secure ID of module is inconsistent, in this step, refusal performs the system call request that receives, and should to sending
The application of system call request returns denied access message.
It is preferred that the return path that kernel is called by traditional system, by denied access message to sending this it is directly
The application of system call request returns.Denied access message carries refuses the return value that this system call request is corresponding, this return
Value is typically integer (such as integer 13), meets POSIX (Portable Operating System Interface, transplantation
Operating system interface) standard.
It is appreciated that for still with traditional Linux security mechanism, directly to kernel transmission system call request
Application, these application Virus, trojan horse program or rogue program etc. often are illegal to be applied or without company or relevant
Partly allow the application privately installed by the user of intelligent terminal, refuse the system call request of these application, can be significantly
Reduce intelligent terminal and be broken into, reveal the probability of information, thus force the safety of the information in intelligent terminal.
It is preferred that embodiments provide the system call method of another kind of application, the schematic flow sheet of the method
As shown in Figure 1 b, comprise the steps:
S111: apply and send system call request to authority and safety check module.
The concrete grammar of this step is consistent with the concrete grammar in above-mentioned steps S101, and here is omitted.
After S112: authority and safety check module receive the system call request of application, system call request is carried out
Scope check;If scope check passes through, then perform step S113;If scope check failure, then ignoring that the system of reception calls please
Ask.
The concrete grammar of this step is consistent with the concrete grammar in above-mentioned steps S102, and here is omitted.
S113: the secure ID preset of this authority and safety check module is carried on system as transmitting side marking and adjusts
Send to kernel with in request.
The concrete grammar of this step is consistent with the concrete grammar in above-mentioned steps S103, and here is omitted.
After S114: kernel receives system call request, determine the transmitting side marking of the system call request received with
The secure ID prestored is the most consistent, if unanimously, then performs step S115;If inconsistent, then perform step S117.
After kernel receives system call request, determine in transmitting side marking and the kernel of the system call request received
The authority prestored and the secure ID of safety check module are the most consistent, if unanimously, then perform step S115;If it is inconsistent,
Then perform step S117.
S115: kernel carries out legitimate verification according to secure ID to the relevant information of authority and safety check module;If
The result is legal, then perform step S116;If the result is illegal, then perform step S117.
It is preferred that authority in the embodiment of the present invention and safety check module are provided with its relevant information and numeral is signed
Name.The relevant information of authority and safety check module can be source code (all or part of source of authority and safety check module
Code) or other may indicate that the information of content of authority and safety check module.Can be according to predetermined algorithm, to power
The relevant information of limit and safety check module carries out the summary info of a calculated uniqueness, according to predetermined private key pair
Summary info is encrypted, and obtains digital signature.
Kernel prestores predetermined algorithm and the PKI corresponding with predetermined private key.Kernel according to obtain authority and
The digital signature of safety check module relevant information, authority and safety check module relevant information to obtaining carry out legitimacy and test
Card.
Specifically, kernel, according to authority and the secure ID of safety check module, obtains from authority and safety check module
Take default authority and the relevant information of safety check module and digital signature thereof;Kernel is according to the predetermined algorithm prestored, meter
Calculate authority and the summary info of safety check module relevant information of acquisition;Kernel is according to the PKI prestored, to digital signature
It is decrypted and obtains summary info;Determine that the summary info calculated is the most consistent with the summary info decrypted;The most then
Determine that the result is legal, perform step S116;Otherwise determine that the result is illegal, perform step S117.
Further, in authority and safety check module, corresponding digital signature storage has predetermined algorithm and pre-with above-mentioned
The PKI that fixed private key is corresponding.
And, kernel, according to authority and the secure ID of safety check module, obtains from authority and safety check module
The authority preset and the relevant information of safety check module and digital signature thereof and PKI and algorithm;Kernel is according to acquisition
Algorithm, calculates authority and the summary info of safety check module relevant information of acquisition;Kernel is according to the PKI logarithm obtained
Word signature is decrypted and obtains summary info;Determine that the summary info calculated is the most consistent with the summary info decrypted;
If, it is determined that the result is legal, performs step S116;Otherwise determine that the result is illegal, perform step S117.
Be appreciated that the relevant information to authority and safety check module carries out legitimate verification, be possible to prevent authority and
Safety check module is illegally distorted, and strengthens authority and the safety of safety check module, thus strengthens the most on the whole
The safety of the embodiment of the present invention.
S116: kernel carries out corresponding system and calls.
Kernel determines the legitimate verification knot of the relevant information of authority and safety check module in above-mentioned steps S115
Fruit be legal after, in this step, perform reception system call request, carry out corresponding system and call.
S117: kernel refusal performs the system call request received, and returns to the application sending this system call request
Return denied access message.
The transmitting side marking that kernel determines system call request in above-mentioned steps S114 and the authority prestored and safety
Check the inconsistent relevant letter afterwards or determining authority and safety check module in above-mentioned steps S115 of secure ID of module
The legitimate verification result of breath be illegal after, in this step, refusal performs the system call request that receives, and to transmission
The application of this system call request returns denied access message.
It is preferred that the return path that kernel is called by traditional system, by denied access message to sending this it is directly
The application of system call request returns.Denied access message carries refuses the return value that this system call request is corresponding, this return
Value is typically integer (such as integer 13), meets POSIX standard.
Based on said system call method, additionally providing a kind of system calling device in the embodiment of the present invention, this device sets
Being placed in the intelligent terminal of the embodiment of the present invention, the block schematic illustration of the internal structure of this device is as in figure 2 it is shown, include: authority
And safety check module 201 and system call interface module 202 set.
Wherein, the application layer that authority and safety check module 201 are arranged in the intelligent terminal of the embodiment of the present invention, it is used for
After receiving the system call request of application, system call request is carried out scope check;After scope check passes through, by authority and
The secure ID preset of safety check module 201 is carried in system call request as transmitting side marking and sends to kernel.
System call interface module 202 is arranged at the kernel in the intelligent terminal of the embodiment of the present invention, is used for receiving and is
After system call request, however, it is determined that go out transmitting side marking and the authority prestored and the safety inspection mould of the system call request received
The secure ID of block 201 is consistent, then carry out corresponding system and call.
It is preferred that system call interface module 202 is additionally operable to if it is determined that the sender of the system call request received
Identify inconsistent with the secure ID prestored, then refusal performs the system call request received, and calls to sending this system
The application of request returns denied access message.
Specifically, system call request, for the security strategy according to customization, is carried out by authority and safety check module 201
Scope check.
It is preferred that system call interface module 202 is additionally operable to the sender determining the system call request received
Identify consistent with the secure ID prestored after, according to secure ID, the relevant information of authority and safety check module 201 is entered
Row legitimate verification;If the result is legal, then carries out corresponding system and call;If the result is illegal, then refuse
Perform the system call request received, and return denied access message to the application sending this system call request.
Further, system call interface module 202 is specifically for according to authority and the safety post of safety check module 201
Know, obtain the authority and the relevant information of safety check module 201 and digital signature thereof preset;Calculate authority and the peace of acquisition
The summary info of the relevant information of total inspection module 201, and decrypt the summary info that digital signature is corresponding;Determine and calculate
Summary info is the most consistent with the summary info decrypted;If, it is determined that the result is legal;Otherwise determine checking knot
Fruit is illegal.
Above-mentioned authority and safety check module 201 and the implementation method of system call interface module 202 function, be referred to
The particular content of the process step as shown in figure 1 above, here is omitted.
In the embodiment of the present invention, enter in the scope check of system call request of the application application layer outside kernel
OK, the secure ID preset of authority and safety check module and is set in system call request for kernel identification, this part
Code is not belonging to Open Source Code and will not be disclosed, the safety that the system of greatly strengthen is called.
And, in the embodiment of the present invention, the illegal application of existing application or the existing application that disguises oneself as is directly to kernel
The system call request sent, because not having the secure ID of inspection module safe to carry, all will be performed by kernel rejection;Can prevent
The only security mechanism invasion of the illegal existing Linux of applications exploiting such as virus, wooden horse, rogue program, the system that greatly strengthen is adjusted
Safety.
Further, in the embodiment of the present invention, easily the security strategy customized for user can be arranged application
In Ceng so that authority and safety check module can according to the security strategy of customization more flexibly, more personalizedly to application
Call request carry out scope check, on the basis of ensureing that system calls safety, the need that various user is different can be met
Ask, promote Consumer's Experience.And, compared with the security module in amendment kernel, code revision amount is substantially reduced, and compatibility is more
Good, applicable surface is wider.
Those skilled in the art of the present technique are appreciated that the present invention includes relating to perform in operation described herein
One or more equipment.These equipment can be required purpose and specialized designs and manufacture, or can also include general
Known device in computer.These equipment have storage computer program within it, and these computer programs are optionally
Activate or reconstruct.Such computer program can be stored in equipment (such as, computer) computer-readable recording medium or be stored in
In being suitable to store e-command and be coupled to any kind of medium of bus respectively, described computer-readable medium include but not
Be limited to any kind of dish (including floppy disk, hard disk, CD, CD-ROM and magneto-optic disk), ROM (Read-Only Memory, only
Read memorizer), RAM (Random Access Memory, memorizer immediately), EPROM (Erasable Programmable
Read-Only Memory, Erarable Programmable Read only Memory), EEPROM (Electrically Erasable
Programmable Read-Only Memory, EEPROM), flash memory, magnetic card or light line card
Sheet.It is, computer-readable recording medium includes by equipment (such as, computer) with the form storage that can read or any Jie of transmission information
Matter.
Those skilled in the art of the present technique be appreciated that can with computer program instructions realize these structure charts and/or
The combination of the frame in each frame in block diagram and/or flow graph and these structure charts and/or block diagram and/or flow graph.This technology is led
Field technique personnel be appreciated that these computer program instructions can be supplied to general purpose computer, special purpose computer or other
The processor of programmable data processing method realizes, thus by computer or the process of other programmable data processing methods
Device performs the scheme specified in structure chart disclosed by the invention and/or block diagram and/or the frame of flow graph or multiple frame.
Those skilled in the art of the present technique be appreciated that the various operations discussed in the present invention, method, in flow process
Step, measure, scheme can be replaced, changed, combined or deleted.Further, there is discussed in the present invention each
Other steps in kind operation, method, flow process, measure, scheme can also be replaced, changed, reset, decomposed, combined or deleted.
Further, of the prior art have and the step in the various operations disclosed in the present invention, method, flow process, measure, scheme
Can also be replaced, changed, reset, decomposed, combined or deleted.
The above is only the some embodiments of the present invention, it is noted that for the ordinary skill people of the art
For Yuan, under the premise without departing from the principles of the invention, it is also possible to make some improvements and modifications, these improvements and modifications also should
It is considered as protection scope of the present invention.