CN106778208A - The access processing method and device of application program - Google Patents
The access processing method and device of application program Download PDFInfo
- Publication number
- CN106778208A CN106778208A CN201611093519.4A CN201611093519A CN106778208A CN 106778208 A CN106778208 A CN 106778208A CN 201611093519 A CN201611093519 A CN 201611093519A CN 106778208 A CN106778208 A CN 106778208A
- Authority
- CN
- China
- Prior art keywords
- application program
- access
- interface
- kernel interface
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of access processing method of application program.The access processing method of the application program includes:Detection currently calls access system kernel interface with the presence or absence of application program by system;When there is currently application program and call access system kernel interface by system, judge whether the application program has the authority of the access system kernel interface;When the application program is without the authority for accessing the system kernel interface, intercepts the system and call, to prevent the application program from accessing system kernel interface.The invention also discloses a kind of access process device of application program.The present invention can prevent unauthorized applications from accessing system kernel interface, improve system operation security.
Description
Technical field
The present invention relates to application access safety field, more particularly to application program access processing method and device.
Background technology
With the popularization and application of intelligent terminal, increasing user is using intelligent terminal.On intelligent terminal, use
Family can download various types of application programs with difference in functionality, such as instant messaging class application program, audio-visual class application
Program, office class application program etc..Although the use of these application programs brings many facilities to our life, not
Can guarantee that the absolute safety that application program is accessed.Such as, some application programs can stealthily call core network interface on backstage
Access server, not only results in the loss of user network flow, can also be in the case where being allowed without user automatically system
Interior private data information is sent to remote server, and then invades privacy of user.
In the prior art, security sweep is carried out to application program generally when application program is installed, scanning application program is
It is no to have the despiteful interface interchange of hiding band, but this mode can only carry out once safety when application program is installed and sweep
Retouch, if after the completion of application program installs scanning, further if backstage updates native codes by remotely accessing mode,
Then still there is potential safety hazard.
The content of the invention
Access processing method and device it is a primary object of the present invention to provide a kind of application program, it is intended to solve existing
In technology, application program carries out the technical problem that still there is potential safety hazard after security sweep.
To achieve the above object, the access processing method of a kind of application program that the present invention is provided, the application program
Access processing method includes:
Detection currently calls access system kernel interface with the presence or absence of application program by system;
When there is currently application program by system call access system kernel interface when, whether judge the application program
With the authority for accessing the system kernel interface;
When the application program is without the authority for accessing the system kernel interface, intercepts the system and call, with
Prevent the application program from accessing system kernel interface.
Preferably, it is described when there is currently application program and call access system kernel interface by system, judge described
The authority whether application program has the access system kernel interface includes:
When there is currently application program and call access system kernel interface by system, the body of the application program is obtained
Part information, application program access the permissions mapping table of kernel interface;
According to the identity information, the permissions mapping table, judge whether the application program has and access system kernel
The authority of interface.
Preferably, the access processing method of the application program also includes:
Detect whether there is the instruction of the modification permissions mapping table, if in the presence of generation authority modification early warning.
Preferably, it is described when the application program is without the authority for accessing the system kernel interface, intercept described
System is called, and is included with preventing the application program from accessing system kernel interface:
When the application program is without the authority for accessing the system kernel interface, intercepts the system and call, with
Prevent the application program from accessing system kernel interface, and generate interception early warning.
Preferably, it is described when there is currently application program and call access system kernel interface by system, judge described
Whether application program includes after having the authority for accessing the system kernel interface:
When the application program has the authority for accessing the system kernel interface, according to preset Function Mapping table,
Determine that the system calls corresponding kernel function, the kernel function is performed for calling.
Additionally, to achieve the above object, the present invention also provides a kind of access process device of application program, the application journey
The access process device of sequence includes:
Detection module, currently call access system kernel interface by system with the presence or absence of application program for detecting;
Judge module, for when there is currently application program by system call access system kernel interface when, judge institute
State whether application program has the authority for accessing the system kernel interface;
Processing module, for when the application program is without the authority for accessing the system kernel interface, intercepting institute
The system of stating is called, to prevent the application program from accessing system kernel interface.
Preferably, the judge module includes:
Acquiring unit, for when there is currently application program by system call access system kernel interface when, obtain institute
State the permissions mapping table that the identity information of application program, application program access kernel interface;
Judging unit, for according to the identity information, the permissions mapping table, judging whether the application program has
Access the authority of system kernel interface.
Preferably, the detection module is additionally operable to:
Detect whether there is the instruction of the modification permissions mapping table, if in the presence of generation authority modification early warning.
Preferably, the processing module is specifically additionally operable to:
When the application program is without the authority for accessing the system kernel interface, intercepts the system and call, with
Prevent the application program from accessing system kernel interface, and generate interception early warning.
Preferably, the processing module is additionally operable to:
When the application program has the authority for accessing the system kernel interface, according to preset Function Mapping table,
Determine that the system calls corresponding kernel function, the kernel function is performed for calling.
In the present invention, when generally being run with despiteful application program, it is to realize a certain function or purpose, typically all can
Call to access system kernel interface by system, and then potential safety hazard is caused to user.Therefore, can be by detecting whether exist
Whether application program calls access system kernel interface by system, when it is present, then has access system to the application program
The authority of kernel interface is judged, if the application program intercepts the system that the application program sends without corresponding authority
Call, to prevent the application program unauthorized access system kernel interface.The present invention can carry out the base of security sweep in application program
On plinth, further prevent unauthorized applications from accessing system kernel interface, and then the security that lifting system is run.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the embodiment of access processing method one of application program of the present invention;
Fig. 2 be application program of the present invention access processing method in the embodiment of Android system one space divide schematic diagram;
Fig. 3 is the refinement schematic flow sheet of step S20 in Fig. 1;
Fig. 4 is the high-level schematic functional block diagram of the embodiment of access process device one of application program of the present invention;
Fig. 5 is the refinement high-level schematic functional block diagram of judge module in Fig. 4.
The realization of the object of the invention, functional characteristics and advantage will be described further referring to the drawings in conjunction with the embodiments.
Specific embodiment
It should be appreciated that specific embodiment described herein is only used to explain the present invention, it is not intended to limit the present invention.
Core concept of the invention is:When generally being run with despiteful application program, it is to realize a certain function or mesh
, typically can all call to access system kernel interface by system, and then potential safety hazard is caused to user.Therefore, the present invention
In, specifically when application program calls access kernel by system, complete to intercept, and then fundamentally prevent the non-of application program
Method is accessed, the security of lifting system operation.
Additionally, for ease of the present invention will be described, lower mask body is illustrated with Android system.
The present invention provides a kind of access processing method of application program.
Reference picture 1, Fig. 1 is the schematic flow sheet of the embodiment of access processing method one of application program of the present invention.In this reality
Apply in example, the access processing method of application program includes:
Step S10, detection currently calls access system kernel interface with the presence or absence of application program by system;
Whole virtual address space is generally divided into two parts by Android system:User's space and kernel spacing.And advise
It is fixed, user's space can not direct access kernel space, and kernel spacing can then access user's space.Drawn by such rank
Point, can cause that kernel spacing is more stable, safe.But, if program process needs to access kernel or using in certain
Kernel function, then generally need to call (System Call) to complete by system.In Android system, it is user that system is called
The unique channel of space access kernel spacing.As shown in Figure 2.System call be kernel provide one group of function interface, it is caused
The process run on user's space can be interacted and kernel between.
For example, consumer process calls some resources of access hardware devices or operating system etc. by system.Android system
In all application programs when running, all visiting tall and erect system of paying one's respects can be called by Android system API API generation systems
System kernel, such as network interface, file system interface, CPU frequency modulation interfaces etc..In the present embodiment, for application program by being
System calls the type for accessing system kernel interface not limit, for example, network interface, file system interface, CPU frequency modulation interfaces etc..
Additionally, in the present embodiment, not limited for the mode that the system that detection application program is produced is called, with specific reference to reality
Needs are configured.
Step S20, when there is currently application program by system call access system kernel interface when, judge the application
Whether program has the authority for accessing the system kernel interface;
It is right to avoid the system from calling when the system for detecting the presence of application program generation is called in the present embodiment
The system kernel interface answered performs corresponding kernel function, accordingly, it would be desirable to first determining whether the application program has accesses the system
The authority of kernel interface.In the present embodiment, do not limited for judgment mode, such as, corresponding permissions mapping table can be pre-set and entered
Row judges.
It should be further stated that, as shown in Fig. 2 in the present embodiment, the filtering letter carried especially by system kernel
Several systems to all application programs are called and filtered, and then determine whether the application program has access corresponding system kernel
The authority of interface.
Further, since filter function needs to be carried out under the privilege level pattern of Android system, therefore, to application program
System call filtered before, it is necessary to by system model by user class patten transformation be privilege level pattern.Wherein, use
Family class pattern and privilege level pattern are two kinds of level of security patterns of Android system, and usual all of application program is all run
In user class pattern, and the system function of Android kernel then operates in privilege level pattern.Meanwhile, under privilege level pattern,
Any system that filter function can scan any application program is called.
In the present embodiment, for user class patten transformation for the implementation of privilege level pattern is not limited.Such as, pass through
Trap instruction generation system calls the instruction to trigger processor to interrupt, and then is privilege level mould by user class patten transformation
Formula.
Step S30, when the application program is without the authority for accessing system kernel interface, intercepts the system and adjusts
With to prevent the application program from accessing system kernel interface.
In the present embodiment, when it is determined that current application program is without the authority for accessing system kernel interface, then intercepting should
System produced by application program is called, and then fundamentally prevents have despiteful application program access system kernel interface,
So as to cause potential safety hazard.
In the present embodiment, the mode that the system produced for intercepting application program is called is not limited, such as, in kernel spacing
In, when Android system is under privilege level pattern, the interception function pair unauthorized applications carried by system kernel
System is called and intercepted.
In the present embodiment, when generally being run with despiteful application program, it is to realize a certain function or purpose, typically all
Can call to access system kernel interface by system, and then potential safety hazard is caused to user.Therefore, can be by detecting whether to deposit
Access system kernel interface is called by system in application program, when it is present, is to whether the application program has to access then
The authority of kernel interface of uniting is judged, if the application program does not have corresponding authority, intercept that the application program sends is
System is called, to prevent the application program unauthorized access system kernel interface.The present invention can carry out security sweep in application program
On the basis of, further prevent unauthorized applications from accessing system kernel interface, and then the security that lifting system is run.
Reference picture 3, Fig. 3 is the refinement schematic flow sheet of step S20 in Fig. 1.In the present embodiment, above-mentioned steps S20 enters one
Step includes:
Step S201, when there is currently application program and call access system kernel interface by system, obtain it is described should
The permissions mapping table of kernel interface is accessed with the identity information of program, application program;
In the present embodiment, the identity information of the application program to obtaining is not limited, such as can be process PID, application program
Title, application category, application program confidence level etc..For example, obtain application program identity information can be into
Journey PID:1234, application name:A, application category:File management class, application program confidence level:Rank 3.
In the present embodiment, the permissions mapping table that application program accesses kernel interface can be previously according to the class of application program
Not, the confidence level of application program, secret rank of kernel interface etc. are configured.
For example, the application program that the classification according to application program is set accesses the permissions mapping table of kernel interface, such as the institute of table 1
Show.
Table 1
| Application category | System kernel interface access rights |
| File management | Interface A, B, C |
| Word processing | Total interface |
| Picture presentation | Interface A, B, C, D, E |
For example, the application program that the confidence level according to application program is set accesses the permissions mapping table of kernel interface, such as table 2
It is shown:
Table 2
| Application program confidence level | System kernel interface access rights |
| Rank 1 | Interface A, B, C |
| Rank 2 | Interface A, B, C |
| Rank 3 | Interface A, B, C, D, E |
Step S202, according to the identity information, the permissions mapping table, judges whether the application program has and accesses
The authority of system kernel interface.
In the present embodiment, if exist application program by system call access Android system kernel interface, get as
Application program shown in table 1 and the mapping relations between the access rights of kernel interface, and get the identity letter of application program
Breath, the identity information according to the application program learns that the application program belongs to picture presentation classification, then can determine whether that this should according to table 1
With program without the authority for accessing Android system kernel interface.
Further, in another embodiment of access processing method of application program of the present invention, based on the invention described above application
The embodiment of access processing method one of program, in the present embodiment, includes after step S20:
When the application program has the authority for accessing the system kernel interface, according to preset Function Mapping table,
Determine that the system calls corresponding kernel function, the kernel function is performed for calling.
In the present embodiment, if application program has the authority for accessing system kernel network interface, the application program is just
Access system kernel network interface can only be called by system.
In an alternate embodiment of the present invention, if application program calls access system kernel network interface by system, and
Judge that the application program has the authority for accessing system kernel network interface, then the corresponding kernel letter of calling system call number
Number, to reach the purpose that the application program accesses system kernel network interface.System call number is that application program is adjusted by system
Produced with when accessing system kernel.
In the present embodiment, when there is application program lawful authority to access system kernel interface, application program is by answering
Called using system with DLL, and generation system call number, adjusted with the system by being found out in subsystem call table
With a number corresponding Android system kernel function, so as to call the kernel function in Android system kernel, to realize application program
System to Android system kernel interface is called.
Further, in another embodiment of access processing method of application program of the present invention, based on the invention described above application
The embodiment of access processing method one of program, in the present embodiment, step S30 specifically also includes:
When the application program is without the authority for accessing system kernel interface, intercepts the system and call, and generate
Intercept early warning.
In the present embodiment, when application program accesses system kernel without lawful authority, stop application program and access system
The mode of system kernel is not limited, and can be that the application program is called by the system that API API is produced to intercept,
This program process can also directly be killed.And kernel spacing return user's space is exited, system will produce invasion report
And user, such as application name C are pushed to, in time T, Android system kernel interface is illegally called, prevented ", may be used also
To send voice prompt prompting user.
Further, in another embodiment of access processing method of application program of the present invention, the access process side of application program
Method also includes:
Detect whether there is the instruction of the modification permissions mapping table, if in the presence of generation authority modification early warning.
In the present embodiment, the mapping relations between application program and the access rights of kernel interface can be by preset
Rule is formulated.For example, in an alternate embodiment of the present invention, presetting rule is:The application journey that only intelligent terminal is carried
Sequence has the authority for accessing kernel interface, is accessed so as to the application program for only having its system to carry on the intelligent terminal just has
The authority of kernel interface, other third party softwares on intelligent terminal are without the power for accessing system kernel interface
Limit.
In the present embodiment, the mapping relations between application program and the access rights of kernel interface can also be pre- by user
First formulate, in the present embodiment, the mapping that user is formulated between application program and the access rights of Android system kernel interface is closed
The mode of system is not limited, such as function classification, confidence level of application program of title, application program according to application program etc.
Formulated, the type to Android system kernel interface is not limited, for example network interface, file system interface, CPU frequency modulation interfaces
Be could be arranged to without the authority of calling to Android system kernel interface Deng, application program, it is also possible to be set to that there is one kind
Or various authority is called to Android system kernel interface.
In an alternate embodiment of the present invention, if the application program of user A entitled to formulate with kernel interface
Mapping relations between access rights are:The application program has calls Android system core network interface authority, and this applies journey
Sequence A just have call Android system core network interface authority.
In another alternative embodiment of the invention, if user connects to what the application program of file management classification was formulated with kernel
Mouthful access rights between mapping relations be:The application program of file management classification has calls Android system kernel file system
System interface authority, now, the application program of the All Files management category in Android system is respectively provided with calls Android system kernel
File system interface authority.
In another alternative embodiment of the invention, if user formulates confidence level for the application program of rank 5 and kernel
Mapping relations between the access rights of interface are:Confidence level calls Android system kernel CPU for the application program of rank 5 has
The authority of frequency modulation interface and network interface, now, all confidence levels in Android system are that the application program of rank 5 is respectively provided with tune
With Android system kernel CPU frequency modulation interface and the authority of network interface.
In the present embodiment, the mapping that user is formulated between application program and the access rights of Android system kernel interface is closed
The scene of system is not limited.For example can be when application program is installed, or when application program is run.
In an alternate embodiment of the present invention, when application program is installed, an interface is ejected, should be answered so that user formulates
With the mapping relations between the access rights of program and Android system kernel interface.
Further, in another alternative embodiment of the invention, under user class pattern, when certain application program uses system
When system calls access system kernel, system is privilege level pattern by user class patten transformation by operation trap instruction, and is led to
Cross and detect that the total interface that the application program is carried is called under privilege level pattern, according to the interface that the application program is carried
Call the corresponding kernel interface inquiry user application program whether to have and call one or more kernels in these kernel interfaces
The authority of interface.
Optionally, if user determines the access of the application program and Android system kernel interface when application program is installed
Mapping relations between authority, then store the mapping relations, until user deletes the mapping relations manually for a long time.It is optional
, if user every time using certain application program when all need to determine the application program and Android system kernel interface access rights it
Between mapping relations, can be by the mapping relations interim storage, when user terminates use this time to the application program, closing should
The mapping relations are automatically deleted after the process of application program.
In the present embodiment, after permissions mapping table generation, just the information to the permissions mapping table is monitored.When should
The permissions mapping table is changed with program application, when application program submits to modification authority to ask, such as certain application before deleting
Mapping relations or newly-increased mapping between certain application program and system kernel interface between program and system kernel interface are closed
System, then generate a warning picture, points out user to need to carry out authentication, can be by password authentification, fingerprint authentication, face
The modes such as portion's identification, only can just complete the operation of modification authority mapping table by certification;The permissions mapping table is not believed otherwise
Breath makes modification.
In the present embodiment, by determining that the mapping between application program and the access rights of Android system kernel interface is closed
System so that the peace that can be called in its extent of competence only can be just called with the application program for accessing system kernel interface authority
Tall and erect system kernel interface, on the one hand gives user more preferable use feeling, on the other hand improves the security of Android kernel.
Further, the present invention provides a kind of access process device of application program.
Reference picture 4, Fig. 4 is the high-level schematic functional block diagram of the embodiment of access process device one of application program of the present invention.
In the present embodiment, the access process device of application program includes:
Detection module 10, currently call access system kernel interface by system with the presence or absence of application program for detecting;
Whole virtual address space is generally divided into two parts by Android system:User's space and kernel spacing.And advise
It is fixed, user's space can not direct access kernel space, and kernel spacing can then access user's space.Drawn by such rank
Point, can cause that kernel spacing is more stable, safe.But, if program process needs to access kernel or using in certain
Kernel function, then generally need to call (System Call) to complete by system.In Android system, it is user that system is called
The unique channel of space access kernel spacing.As shown in Figure 2.System call be kernel provide one group of function interface, it is caused
The process run on user's space can be interacted and kernel between.
For example, consumer process calls some resources of access hardware devices or operating system etc. by system.Android system
In all application programs when running, all visiting tall and erect system of paying one's respects can be called by Android system API API generation systems
System kernel, such as network interface, file system interface, CPU frequency modulation interfaces etc..In the present embodiment, for application program by being
System calls the type for accessing system kernel interface not limit, for example, network interface, file system interface, CPU frequency modulation interfaces etc..
Additionally, in the present embodiment, not limited for the mode that the system that detection application program is produced is called, with specific reference to reality
Needs are configured.
Judge module 20, for when there is currently application program by system call access system kernel interface when, judge
Whether the application program has the authority for accessing system kernel interface;
It is right to avoid the system from calling when the system for detecting the presence of application program generation is called in the present embodiment
The system kernel interface answered performs corresponding kernel function, accordingly, it would be desirable to first determining whether the application program has accesses the system
The authority of kernel interface.In the present embodiment, do not limited for judgment mode, such as, corresponding permissions mapping table can be pre-set and entered
Row judges.
It should be further stated that, as shown in Fig. 2 in the present embodiment, the filtering letter carried especially by system kernel
Several systems to all application programs are called and filtered, and then determine whether the application program has access corresponding system kernel
The authority of interface.
Further, since filter function needs to be carried out under the privilege level pattern of Android system, therefore, to application program
System call filtered before, it is necessary to by system model by user class patten transformation be privilege level pattern.Wherein, use
Family class pattern and privilege level pattern are two kinds of level of security patterns of Android system, and usual all of application program is all run
In user class pattern, and the system function of Android kernel then operates in privilege level pattern.Meanwhile, under privilege level pattern,
Any system that filter function can scan any application program is called.
In the present embodiment, for user class patten transformation for the implementation of privilege level pattern is not limited.Such as, pass through
Trap instruction generation system calls the instruction to trigger processor to interrupt, and then is privilege level mould by user class patten transformation
Formula.
Processing module 30, for when the application program is without the authority for accessing system kernel interface, intercepting described
System is called, to prevent the application program from accessing system kernel interface.
In the present embodiment, when it is determined that current application program is without the authority for accessing system kernel interface, then intercepting should
System produced by application program is called, and then fundamentally prevents have despiteful application program access system kernel interface,
So as to cause potential safety hazard.
In the present embodiment, the mode that the system produced for intercepting application program is called is not limited, such as, in kernel spacing
In, when Android system is under privilege level pattern, the interception function pair unauthorized applications carried by system kernel
System is called and intercepted.
In the present embodiment, when generally being run with despiteful application program, it is to realize a certain function or purpose, typically all
Can call to access system kernel interface by system, and then potential safety hazard is caused to user.Therefore, can be by detecting whether to deposit
Access system kernel interface is called by system in application program, when it is present, is to whether the application program has to access then
The authority of kernel interface of uniting is judged, if the application program does not have corresponding authority, intercept that the application program sends is
System is called, to prevent the application program unauthorized access system kernel interface.The present invention can carry out security sweep in application program
On the basis of, further prevent unauthorized applications from accessing system kernel interface, and then the security that lifting system is run.
Reference picture 5, Fig. 5 is the refinement high-level schematic functional block diagram of judge module in Fig. 4, in the present embodiment judge module 20
Including:
Acquiring unit 201, for when there is currently application program by system call access system kernel interface when, obtain
The identity information of the application program, application program access the permissions mapping table of kernel interface;
In the present embodiment, the identity information of the application program to obtaining is not limited, such as can be process PID, application program
Title, application category, application program confidence level etc..For example, obtain application program identity information can be into
Journey PID:1234, application name:A, application category:File management class, application program confidence level:Rank 3.
In the present embodiment, the permissions mapping table that application program accesses kernel interface can be previously according to the class of application program
Not, the confidence level of application program, secret rank of kernel interface etc. are configured.
For example, the application program that the classification according to application program is set accesses the permissions mapping table of kernel interface, such as the institute of table 3
Show.
Table 3
| Application category | System kernel interface access rights |
| File management | Interface A, B, C |
| Word processing | Total interface |
| Picture presentation | Interface A, B, C, D, E |
For example, the application program that the confidence level according to application program is set accesses the permissions mapping table of kernel interface, such as table 4
It is shown:
Table 4
| Application program confidence level | System kernel interface access rights |
| Rank 1 | Interface A, B, C |
| Rank 2 | Interface A, B, C |
| Rank 3 | Interface A, B, C, D, E |
Judging unit 202, for according to the identity information, the permissions mapping table, whether judging the application program
With the authority for accessing system kernel interface.
In the present embodiment, if exist application program by system call access Android system kernel interface, get as
Application program shown in table 3 and the mapping relations between the access rights of kernel interface, and get the identity letter of application program
Breath, the identity information according to the application program learns that the application program belongs to picture presentation classification, then can determine whether that this should according to table 3
With program without the authority for accessing Android system kernel interface.
Further, in another embodiment of access process device of application program of the present invention, based on the invention described above application
The embodiment of access process device one of program, in the present embodiment, processing module 30 is additionally operable to:
When the application program has the authority for accessing the system kernel interface, according to preset Function Mapping table,
Determine that the system calls corresponding kernel function, the kernel function is performed for calling.
In the present embodiment, if application program has the authority for accessing system kernel network interface, the application program is just
Access system kernel network interface can only be called by system.
In an alternate embodiment of the present invention, if application program calls access system kernel network interface by system, and
Judge that the application program has the authority for accessing system kernel network interface, then the corresponding kernel letter of calling system call number
Number, to reach the purpose that the application program accesses system kernel network interface.System call number is that application program is adjusted by system
Produced with when accessing system kernel.
In the present embodiment, when there is application program lawful authority to access system kernel interface, application program is by answering
Called using system with DLL, and generation system call number, adjusted with the system by being found out in subsystem call table
With a number corresponding Android system kernel function, so as to call the kernel function in Android system kernel, to realize application program
System to Android system kernel interface is called.
Further, in another embodiment of access process device of application program of the present invention, based on the invention described above application
The embodiment of access process device one of program, in the present embodiment, processing module 30 is specifically additionally operable to:
When the application program is without the authority for accessing system kernel interface, intercepts the system and call, and generate
Intercept early warning.
In the present embodiment, when application program accesses system kernel without lawful authority, stop application program and access system
The mode of system kernel is not limited, and can be that the application program is called by the system that API API is produced to intercept,
This program process can also directly be killed.And kernel spacing return user's space is exited, system will produce invasion report
And user, such as application name C are pushed to, in time T, Android system kernel interface is illegally called, prevented ", may be used also
To send voice prompt prompting user.
Further, in another embodiment of access process device of application program of the present invention, based on the invention described above application
The embodiment of access process device one of program, in the present embodiment, detection module 10 is additionally operable to:
Detect whether there is the instruction of the modification permissions mapping table, if in the presence of generation authority modification early warning.
In the present embodiment, the mapping relations between application program and the access rights of kernel interface can be by preset
Rule is formulated.For example, in an alternate embodiment of the present invention, presetting rule is:The application journey that only intelligent terminal is carried
Sequence has the authority for accessing kernel interface, is accessed so as to the application program for only having its system to carry on the intelligent terminal just has
The authority of kernel interface, other third party softwares on intelligent terminal are without the power for accessing system kernel interface
Limit.
In the present embodiment, the mapping relations between application program and the access rights of kernel interface can also be pre- by user
First formulate, in the present embodiment, the mapping that user is formulated between application program and the access rights of Android system kernel interface is closed
The mode of system is not limited, such as function classification, confidence level of application program of title, application program according to application program etc.
Formulated, the type to Android system kernel interface is not limited, for example network interface, file system interface, CPU frequency modulation interfaces
Be could be arranged to without the authority of calling to Android system kernel interface Deng, application program, it is also possible to be set to that there is one kind
Or various authority is called to Android system kernel interface.
In an alternate embodiment of the present invention, if the application program of user A entitled to formulate with kernel interface
Mapping relations between access rights are:The application program has calls Android system core network interface authority, and this applies journey
Sequence A just have call Android system core network interface authority.
In another alternative embodiment of the invention, if user connects to what the application program of file management classification was formulated with kernel
Mouthful access rights between mapping relations be:The application program of file management classification has calls Android system kernel file system
System interface authority, now, the application program of the All Files management category in Android system is respectively provided with calls Android system kernel
File system interface authority.
In another alternative embodiment of the invention, if user formulates confidence level for the application program of rank 5 and kernel
Mapping relations between the access rights of interface are:Confidence level calls Android system kernel CPU for the application program of rank 5 has
The authority of frequency modulation interface and network interface, now, all confidence levels in Android system are that the application program of rank 5 is respectively provided with tune
With Android system kernel CPU frequency modulation interface and the authority of network interface.
In the present embodiment, the mapping that user is formulated between application program and the access rights of Android system kernel interface is closed
The scene of system is not limited.For example can be when application program is installed, or when application program is run.
In an alternate embodiment of the present invention, when application program is installed, an interface is ejected, should be answered so that user formulates
With the mapping relations between the access rights of program and Android system kernel interface.
Further, in another alternative embodiment of the invention, under user class pattern, when certain application program uses system
When system calls access system kernel, system is privilege level pattern by user class patten transformation by operation trap instruction, and is led to
Cross and detect that the total interface that the application program is carried is called under privilege level pattern, according to the interface that the application program is carried
Call the corresponding kernel interface inquiry user application program whether to have and call one or more kernels in these kernel interfaces
The authority of interface.
Optionally, if user determines the access of the application program and Android system kernel interface when application program is installed
Mapping relations between authority, then store the mapping relations, until user deletes the mapping relations manually for a long time.It is optional
, if user every time using certain application program when all need to determine the application program and Android system kernel interface access rights it
Between mapping relations, can be by the mapping relations interim storage, when user terminates use this time to the application program, closing should
The mapping relations are automatically deleted after the process of application program.
In the present embodiment, after permissions mapping table generation, just the information to the permissions mapping table is monitored.Answering
When changing the permissions mapping table with program application and submitting to modification authority to ask, such as certain application program and system before deleting
Mapping relations or newly-increased mapping relations between certain application program and system kernel interface between kernel interface, then generate one
Individual warning picture, points out user to need to carry out authentication, can be by the side such as password authentification, fingerprint authentication, face recognition
Formula, only can just complete the operation of modification authority mapping table by certification;Otherwise modification is not made to the permissions mapping table information.
In the present embodiment, by determining that the mapping between application program and the access rights of Android system kernel interface is closed
System so that the peace that can be called in its extent of competence only can be just called with the application program for accessing system kernel interface authority
Tall and erect system kernel interface, on the one hand gives user more preferable use feeling, on the other hand improves the security of Android kernel.
The preferred embodiments of the present invention are these are only, the scope of the claims of the invention is not thereby limited, it is every to utilize this hair
Equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of access processing method of application program, it is characterised in that the access processing method of the application program includes:
Detection currently calls access system kernel interface with the presence or absence of application program by system;
When there is currently application program by system call access system kernel interface when, judge whether the application program has
Access the authority of the system kernel interface;
When the application program is without the authority for accessing the system kernel interface, intercepts the system and call, to prevent
The application program accesses system kernel interface.
2. the access processing method of application program as claimed in claim 1, it is characterised in that described there is currently applies journey
When sequence calls access system kernel interface by system, judge whether the application program has and access the system kernel interface
Authority include:
When there is currently application program and call access system kernel interface by system, the identity letter of the application program is obtained
Breath, application program access the permissions mapping table of kernel interface;
According to the identity information, the permissions mapping table, judge whether the application program has and access system kernel interface
Authority.
3. the access processing method of application program as claimed in claim 2, it is characterised in that at the access of the application program
Reason method also includes:
Detect whether there is the instruction of the modification permissions mapping table, if in the presence of generation authority modification early warning.
4. the access processing method of application program as claimed in claim 1, it is characterised in that it is described when the application program not
During with the authority for accessing the system kernel interface, intercept the system and call, to prevent the application program from accessing system
Kernel interface includes:
When the application program is without the authority for accessing the system kernel interface, intercepts the system and call, to prevent
The application program accesses system kernel interface, and generates interception early warning.
5. the access processing method of the application program as any one of claim 1-4, it is characterised in that described when current
When there is application program and calling access system kernel interface by system, judge whether the application program has the access system
Include after the authority of system kernel interface:
When the application program has the authority for accessing the system kernel interface, according to preset Function Mapping table, it is determined that
The system calls corresponding kernel function, and the kernel function is performed for calling.
6. the access process device of a kind of application program, it is characterised in that the access process device of the application program includes:
Detection module, currently call access system kernel interface by system with the presence or absence of application program for detecting;
Judge module, for when there is currently application program and call access system kernel interface by system, judge it is described should
Whether there is the authority for accessing the system kernel interface with program;
Processing module, for when the application program is without the authority for accessing the system kernel interface, intercepting the system
System is called, to prevent the application program from accessing system kernel interface.
7. the access process device of application program as claimed in claim 6, it is characterised in that the judge module includes:
Acquiring unit, for when there is currently application program and call access system kernel interface by system, obtain it is described should
The permissions mapping table of kernel interface is accessed with the identity information of program, application program;
Judging unit, accesses for according to the identity information, the permissions mapping table, judging whether the application program has
The authority of system kernel interface.
8. the access process device of application program as claimed in claim 7, it is characterised in that the detection module is additionally operable to:
Detect whether there is the instruction of the modification permissions mapping table, if in the presence of generation authority modification early warning.
9. the access process device of application program as claimed in claim 6, it is characterised in that the processing module is specifically also used
In:
When the application program is without the authority for accessing the system kernel interface, intercepts the system and call, to prevent
The application program accesses system kernel interface, and generates interception early warning.
10. the access process device of the application program as any one of claim 6-9, it is characterised in that the treatment
Module is additionally operable to:
When the application program has the authority for accessing the system kernel interface, according to preset Function Mapping table, it is determined that
The system calls corresponding kernel function, and the kernel function is performed for calling.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611093519.4A CN106778208A (en) | 2016-12-01 | 2016-12-01 | The access processing method and device of application program |
| PCT/CN2016/112862 WO2018098881A1 (en) | 2016-12-01 | 2016-12-29 | Access processing method and device for application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611093519.4A CN106778208A (en) | 2016-12-01 | 2016-12-01 | The access processing method and device of application program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106778208A true CN106778208A (en) | 2017-05-31 |
Family
ID=58882696
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611093519.4A Pending CN106778208A (en) | 2016-12-01 | 2016-12-01 | The access processing method and device of application program |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106778208A (en) |
| WO (1) | WO2018098881A1 (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107679412A (en) * | 2017-09-15 | 2018-02-09 | 福建星瑞格软件有限公司 | A kind of data interception storehouse accesses the method and device of data |
| CN110276209A (en) * | 2019-06-28 | 2019-09-24 | 维沃移动通信有限公司 | A kind of alarm method and mobile terminal |
| CN110287694A (en) * | 2019-06-26 | 2019-09-27 | 维沃移动通信有限公司 | Application management method, mobile terminal and storage medium |
| CN111079135A (en) * | 2019-11-27 | 2020-04-28 | 浪潮商用机器有限公司 | Kernel access method, device and medium |
| CN111083541A (en) * | 2019-12-30 | 2020-04-28 | 深圳Tcl数字技术有限公司 | Interface calling method and device, smart television and readable storage medium |
| CN111124506A (en) * | 2019-11-12 | 2020-05-08 | 中国电子科技集团公司第三十研究所 | Operation card driving implementation method based on application layer |
| CN112084490A (en) * | 2020-09-09 | 2020-12-15 | 南京烽火星空通信发展有限公司 | Method and system for realizing protection of software source code based on Linux kernel calling |
| CN112163130A (en) * | 2020-10-28 | 2021-01-01 | 河北时代电子有限公司 | Access processing method for social security data query |
| CN112199662A (en) * | 2020-12-09 | 2021-01-08 | 江苏东大集成电路系统工程技术有限公司 | Permission verification system based on self-adaptive plug-in |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109871287A (en) * | 2018-12-15 | 2019-06-11 | 中国平安人寿保险股份有限公司 | Interface call method, device, computer installation and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102542182A (en) * | 2010-12-15 | 2012-07-04 | 苏州凌霄科技有限公司 | Device and method for controlling mandatory access based on Windows platform |
| CN103268451A (en) * | 2013-06-08 | 2013-08-28 | 上海斐讯数据通信技术有限公司 | Dynamic permission management system based on mobile terminal |
| US8621624B2 (en) * | 2008-06-17 | 2013-12-31 | Electronics And Telecommunications Research Institute | Apparatus and method for preventing anomaly of application program |
| CN103593238A (en) * | 2012-08-16 | 2014-02-19 | 腾讯科技(深圳)有限公司 | Method and device for controlling invocation of application programming interfaces |
| CN104680084A (en) * | 2015-03-20 | 2015-06-03 | 北京瑞星信息技术有限公司 | Method and system for protecting user privacy in computer |
| CN105701415A (en) * | 2016-01-04 | 2016-06-22 | 上海斐讯数据通信技术有限公司 | Kernel authority management system and method of mobile terminal |
-
2016
- 2016-12-01 CN CN201611093519.4A patent/CN106778208A/en active Pending
- 2016-12-29 WO PCT/CN2016/112862 patent/WO2018098881A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8621624B2 (en) * | 2008-06-17 | 2013-12-31 | Electronics And Telecommunications Research Institute | Apparatus and method for preventing anomaly of application program |
| CN102542182A (en) * | 2010-12-15 | 2012-07-04 | 苏州凌霄科技有限公司 | Device and method for controlling mandatory access based on Windows platform |
| CN103593238A (en) * | 2012-08-16 | 2014-02-19 | 腾讯科技(深圳)有限公司 | Method and device for controlling invocation of application programming interfaces |
| CN103268451A (en) * | 2013-06-08 | 2013-08-28 | 上海斐讯数据通信技术有限公司 | Dynamic permission management system based on mobile terminal |
| CN104680084A (en) * | 2015-03-20 | 2015-06-03 | 北京瑞星信息技术有限公司 | Method and system for protecting user privacy in computer |
| CN105701415A (en) * | 2016-01-04 | 2016-06-22 | 上海斐讯数据通信技术有限公司 | Kernel authority management system and method of mobile terminal |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107679412B (en) * | 2017-09-15 | 2021-05-18 | 福建星瑞格软件有限公司 | Method and device for intercepting database access data |
| CN107679412A (en) * | 2017-09-15 | 2018-02-09 | 福建星瑞格软件有限公司 | A kind of data interception storehouse accesses the method and device of data |
| CN110287694A (en) * | 2019-06-26 | 2019-09-27 | 维沃移动通信有限公司 | Application management method, mobile terminal and storage medium |
| CN110287694B (en) * | 2019-06-26 | 2021-08-20 | 维沃移动通信有限公司 | Application program management method, mobile terminal and storage medium |
| CN110276209A (en) * | 2019-06-28 | 2019-09-24 | 维沃移动通信有限公司 | A kind of alarm method and mobile terminal |
| CN110276209B (en) * | 2019-06-28 | 2022-01-28 | 维沃移动通信有限公司 | Alarm method and mobile terminal |
| CN111124506A (en) * | 2019-11-12 | 2020-05-08 | 中国电子科技集团公司第三十研究所 | Operation card driving implementation method based on application layer |
| CN111079135A (en) * | 2019-11-27 | 2020-04-28 | 浪潮商用机器有限公司 | Kernel access method, device and medium |
| CN111083541A (en) * | 2019-12-30 | 2020-04-28 | 深圳Tcl数字技术有限公司 | Interface calling method and device, smart television and readable storage medium |
| CN112084490A (en) * | 2020-09-09 | 2020-12-15 | 南京烽火星空通信发展有限公司 | Method and system for realizing protection of software source code based on Linux kernel calling |
| CN112163130A (en) * | 2020-10-28 | 2021-01-01 | 河北时代电子有限公司 | Access processing method for social security data query |
| CN112199662B (en) * | 2020-12-09 | 2021-02-19 | 江苏东大集成电路系统工程技术有限公司 | Permission verification system based on self-adaptive plug-in |
| CN112199662A (en) * | 2020-12-09 | 2021-01-08 | 江苏东大集成电路系统工程技术有限公司 | Permission verification system based on self-adaptive plug-in |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018098881A1 (en) | 2018-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106778208A (en) | The access processing method and device of application program | |
| CN104462978B (en) | A kind of method and apparatus of application program rights management | |
| EP2562673B1 (en) | Apparatus and method for securing mobile terminal | |
| DE112012001389T5 (en) | Secure execution of an unsecured app on a device | |
| DE112015003902T5 (en) | Enforce service policies in embedded UICC cards | |
| CN104361281B (en) | A kind of solution of Android platform phishing attack | |
| CN110534107A (en) | Sound control method, device, system and the electronic equipment of smart machine | |
| CN104462889A (en) | Application authority management method and device | |
| CN103136472A (en) | Method and mobile device of stopping application program to steal privacy | |
| WO2014012500A1 (en) | Method and device for processing messages | |
| US9455985B2 (en) | Method for secure key injection with biometric sensors | |
| CN106330958A (en) | Secure accessing method and device | |
| CN105847303A (en) | Verification method and system of intelligent access control unit | |
| US9801061B2 (en) | Multi-factor user authentication based on decoy security questions | |
| US9977924B2 (en) | Method and device for providing notification indicating loss of terminal | |
| CN105847451A (en) | Method and system for controlling intelligent access control unit by using mobile terminal | |
| CN105915544A (en) | Intelligent entrance guard management method and intelligent entrance guard system | |
| CN105869255A (en) | Intelligent access control method and system based on mobile terminal | |
| CN107566375B (en) | Access control method and device | |
| CN110766850B (en) | Visitor information management method, access control system, server and storage medium | |
| CN116127485A (en) | Encryption method for database data, storage medium and computer equipment | |
| KR100832804B1 (en) | Database security system and method based on profiling | |
| CN105678137A (en) | Method and device for identity recognition | |
| CN105703909A (en) | Authentication method and electronic equipment | |
| CN108694329A (en) | A kind of mobile intelligent terminal security incident based on software and hardware combining is credible record system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |