CN107643982A - The ability detection method and device of program process - Google Patents
The ability detection method and device of program process Download PDFInfo
- Publication number
- CN107643982A CN107643982A CN201710824217.8A CN201710824217A CN107643982A CN 107643982 A CN107643982 A CN 107643982A CN 201710824217 A CN201710824217 A CN 201710824217A CN 107643982 A CN107643982 A CN 107643982A
- Authority
- CN
- China
- Prior art keywords
- ability
- application program
- detected
- ability value
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
This application discloses the ability detection method and device of program process, wherein methods described includes:Start detected application program and perform application flows;An ability is needed in response to detected application program, triggers the ability value in kernel spacing detection respective capabilities;The ability value detected is collected in kernel spacing and passes to user's space;In response to receiving the ability value in user's space, it is determined that the running status of detected application program;In response to determining that detected application program has logged out operation, the ability value received is added to detected application program;It is added to detected application program in response to the ability value received, restarts detected application program and perform application flows.The inventive method and device need not recompilate the ability that kernel can detect process automatically, improve detection efficient.
Description
Technical field
The application program that the application is related in the terminal of operation linux system is debugged, more particularly to program process
Ability detection method and device.
Background technology
With the rapid development of mobile device, use of the mobile device such as smart mobile phone, tablet personal computer in enterprise is also
It is more and more extensive.In Mobile operating system field, can solve many systems using Linux abilities (capabilities) mechanism
Security challenge.
In linux system, for application program, could normally it be transported if necessary to special ability, it is necessary to add upper ability
OK.In addition, for system safety, the ability of application program needs to be investigated.Concrete ability is only specify that, could connected applications
The function of program is targetedly examined.However, when using Linux capabilities mechanism, the energy of process is detected
Power is one and poorly operates still very the key link.
For the ability of detection application process, prior art generally adds Debugging message in kernel (kernel), again
Kernel is compiled, application program is then manually performed, checks Debugging message.If Debugging message simultaneously is unsatisfactory for requiring, remodify
Debugging message in kernel, kernel is then compiled again, perform application program again manually afterwards.The shortcomings that prior art, exists
In compiling kernel is relatively time-consuming, it has not been convenient to, workload is big;, it is necessary to kernel be recompilated, if code after modification Debugging message
Problematic, the kernel for compiling out can cause Kernel Panic when starting;The process of the ability of detection needs repeatedly to start manually,
Cumbersome and increase labor cost.
The content of the invention
In order to overcome the deficiencies in the prior art, the technical problem to be solved in the present invention is to provide a kind of application program
The ability detection method and device of process, it need not recompilate the ability that kernel can detect process automatically.
In order to solve the above technical problems, a kind of ability detection method of program process of the present invention, including:
Start detected application program and perform application flows;
An ability is needed in response to detected application program, triggers the ability value in kernel spacing detection respective capabilities;
The ability value detected is collected in kernel spacing and passes to user's space;
In response to receiving the ability value in user's space, it is determined that the running status of detected application program;
In response to determining that detected application program has logged out operation, the ability value received is added to detected application
Program;
It is added to detected application program in response to the ability value received, restarts detected application program and perform
Application flows.
As the improvement of the method for the invention, methods described also includes:In response to determining that detected application program still exists
Operation, received ability value is preserved, and continue executing with detected application flows.
Another kind as the method for the invention improves, in the ability value of kernel spacing detection respective capabilities and in kernel
Collect the ability value detected and pass to user's space and performed by the ko modules loaded into kernel spacing in space.
It is described to need an ability in response to detected application program as another improvement of the method for the invention, touch
The ability value sent out in kernel spacing detection respective capabilities includes:Efficiency test mechanism based on kernel spacing efficiency test point it
It is preceding corresponding ability value to be printed so as to detect corresponding ability value.
As another improvement of the method for the invention, the ability value received is added to by setcap instruments to be visited
Survey application program.
In order to solve the above technical problems, the ability detection device of the program process of the present invention, including:
Starting module, for starting detected application program and performing application flows;
Ability detecting module, mutually should be able in kernel spacing detection for needing an ability in response to detected application program
The ability value of power;
Ability collects module, for collecting the ability value from the ability detecting module in kernel spacing and being transmitted to user
The ability receiving module in space;
Ability receiving module, in response to receiving the ability value, detected application program to be determined in user's space
Running status;And in response to determining that detected application program has logged out operation, the ability value received to be added to
Detected application program;
Restart module, for being added to detected application program in response to the ability value received, restarting is detected
Application program simultaneously performs application flows.
As the improvement of device of the present invention, the ability receiving module is additionally in response to determine detected application program still
Running, preserving received ability value, continue executing with detected application flows.
Another kind as device of the present invention improves, the ability detecting module and ability receiving module compiling
Into ko modules and load into kernel spacing.
As another improvement of device of the present invention, the ability detecting module includes printing submodule, for base
In the efficiency test mechanism of kernel spacing, corresponding ability value is printed so as to detect accordingly before efficiency test point
Ability value.
As another improvement of device of the present invention, the ability receiving module will be received using setcap instruments
Ability value be added to detected application program.
In order to solve the above technical problems, the tangible computer computer-readable recording medium of the present invention, including for performing answering for the present invention
With the computer program code of the ability detection method of program process.
In order to solve the above technical problems, the present invention provides a kind of device, including at least one processor;And at least one deposit
Reservoir, containing computer program code, at least one memory and the computer program code are configured to, with institute
Stating at least one processor causes described device to perform at least part of the ability detection method of the program process of the present invention
Step.
According to the present invention, load capability detecting module and ability collect module first in kernel.Pass through process monitoring journey
Sequence, start tested application, and monitor the running status of tested application process.When application process needs ability, adjusted by system
The ability detecting module of kernel can be triggered with mechanism, the ability detected is passed to ability and collects module by ability detecting module.
Then ability collects the ability receiving module that module can be sent to GL information the process monitoring program of user's space.It is logical
Cross process monitoring program and the ability received is added to tested application process, automatic start application again, so circulation.It is tested
Using need to only manually boot once, subsequently triggering ability flow can be detected automatically, be automatically performed all of application process needs
The detection of ability.The present invention need not change system kernel, it is not necessary to frequently debug kernel, substantially increase detection efficient.
After the detailed description of embodiment of the present invention is read in conjunction with the figure, other features and advantage of the invention will become more
Add clear.
Brief description of the drawings
Fig. 1 is the flow chart according to an embodiment of the inventive method.
Fig. 2 is the structural representation according to an embodiment of apparatus of the present invention.
For clarity, these accompanying drawings are figure that is schematic and simplifying, and they are only gived for understanding institute of the present invention
Necessary details, and omit other details.
Embodiment
Embodiments of the present invention and embodiment are described in detail with reference to the accompanying drawings.
By detailed description given below, the scope of application of the invention will be evident.It will be appreciated, however, that detailed
While thin description and specific example show the preferred embodiment of the present invention, they are provided only for illustration purpose.
In linux system, on processing power, each process has three bitmaps relevant with ability:inheritable
(I), permitted (P) and effective (E), corresponds to the cap_ inside process descriptors task_struct structures respectively
Effective, cap_inheritable, cap_permitted, therefore can check/proc/PID/status come check into
The ability of journey.Wherein, cap_effective represents that when a process will carry out some privileged operation operating system can check
Whether cap_effective corresponding position is effective.If for example, a process will set the clock of system, Linux kernel is just
It can check whether cap_effective CAP_SYS_TIME positions (the 25th) are effective.Cap_permitted represents that process can
The ability used, the ability not having in cap_effective can be included in cap_permitted, these abilities are to be entered
Journey oneself temporary adandonment, it may also be said to which cap_effective is cap_permitted a subset.cap_
Inheritable represents the ability that the program that can be performed by current process is inherited.
The mobile terminal such as case for mobile telephone of operation Linux or similar system contains user's space and kernel spacing.
Fig. 1 shows the flow chart of an embodiment of the ability detection method of application according to the present invention program process.
In step S102, in user's space launching process monitoring programme, process monitoring program is responsible for loading detected application
Program, and the running status of the application program is monitored, establish and connect with kernel.
In step S104, start detected application program and perform application flows.
In step S106, it is determined that whether detected application program needs ability.If it is determined that need ability, then application program
Execution can be exited, processing proceeds to step S108;Otherwise, processing proceeds to step S150.
In step S108, system calls the efficiency test mechanism of triggering kernel spacing, is detected so as to trigger in kernel spacing
The detection of the ability value of respective capabilities, i.e. ability is embedded in the flow of efficiency test.In embodiment, based on efficiency test machine
System, corresponding ability value is printed before efficiency test point (that is, before efficiency test point that corresponding ability value is defeated
Go out out), i.e., information is output to by log systems by specified file (can be checked by daily record), it is corresponding so as to detect
Ability value.
In step S110, the ability value detected in kernel spacing collection and by netlink modes or other IPC sides
Formula passes to user's space.In embodiment, step S108 and S110 is performed by the form loaded into the ko modules of kernel spacing.
In step S112, when user's space is received from the ability value that kernel spacing transmits, journey is applied it is determined that being detected
The current running status of sequence.If detected application program has dropped out operation, processing proceeds to step S114;Otherwise, if
Detected application program is still being run, then processing proceeds to step S140.
In step S114, if detected application program has dropped out operation, it is meant that need ability in tested application program
When, tested application program exits because system calls abnormal, now, the ability value received is used into such as setcap or class
It is added to detected application program like instrument.Afterwards, processing proceeds to step S104.
It is added before illustrating to cross respective capabilities value if detected application program is still being run in step S140, then
The ability value received is preserved, then processing proceeds to step S106, the detection of next ability is carried out, until not visiting subsequently
New ability is measured, detection process terminates.
In step S150, the ability detection processing of program process of the invention terminates, and application program normally performs.
The method of the embodiment need not change system kernel, it is not necessary to kernel frequently be debugged, by loading ko modules
Mode detects processing power, and the ability value of detection is then delivered to tested application, by process monitoring program be again started up into
Journey visits flow gauge, improves detection efficient.
Fig. 2 shows the structural representation of an embodiment of the ability detection device of application according to the present invention program process
Figure.The device of the embodiment includes:
Starting module 202, for starting detected application program and performing application flows;
Ability detecting module 204, it is corresponding in kernel spacing detection for needing an ability in response to detected application program
The ability value of ability;
Ability collects module 206, for collecting the ability value from the ability detecting module in kernel spacing and being transmitted to
The ability receiving module of user's space;Wherein described ability detecting module and the ability receiving module are compiled into ko modules and led to
Insmod orders are crossed to load into kernel spacing;
Ability receiving module 208, journey is applied in response to receiving the ability value, determining to be detected in user's space
The running status of sequence;For in response to determining that detected application program has logged out operation, the ability value received to be added to
Detected application program;And in response to determining that detected application program is still being run, preserving received ability value, continuing
Perform detected application flows;
Restart module 210, for being added to detected application program in response to the ability value received, restart and visited
Survey application program and perform application flows.
Multiple different embodiments or its special characteristic described herein, structure or characteristic can be at one or more of the present invention
It is appropriately combined in individual embodiment.In addition, in some cases, if suitably, in flow chart and/or stream treatment description step
Rapid order can be changed, and accurately must not necessarily perform in the described sequence.In addition, multiple different aspects of the present invention can be used
Software, hardware, firmware or its combination and/or the other computer-implemented modules or device progress reality for performing the function
Apply.The software implementation of the present invention may include to be stored in computer-readable medium and be held by what one or more processors performed
Line code.Computer-readable medium may include computer hard disc driver, ROM, RAM, flash memory, pocket computer storage medium such as
CD-ROM, DVD-ROM, flash disc drives and/or other devices for example with USB (USB) interface, and/or appoint
What its appropriate tangible or non-of short duration computer-readable medium or executable code can be preserved thereon and by computing device
Computer storage.The present invention can combine any appropriate operating system and use.
Unless explicitly stated otherwise, singulative as used herein " one ", "the", which include plural reference, (has " at least one "
The meaning).It will be further understood that terminology used herein " having ", " comprising " and/or "comprising" show in the presence of described
Feature, step, operation, element and/or part, but do not preclude the presence or addition of other one or more features, step, behaviour
Work, element, part and/or its combination.Term "and/or" as used in this includes one or more relevant items enumerated
Any and all combination.
Some currently preferred embodiments of the present invention is foregoing described, it should be emphasized, however, that the present invention is not limited to these
Embodiment, but can be realized with the other manner in the range of present subject matter.Those skilled in the art can be in the technology of the present invention
The inspiration of design and do not depart from various changes and modifications are made to the present invention on the basis of present invention, these deformations or modification
Still fall within protection scope of the present invention.
Claims (10)
1. the ability detection method of a kind of program process, it is characterised in that methods described includes:
Start detected application program and perform application flows;
An ability is needed in response to detected application program, triggers the ability value in kernel spacing detection respective capabilities;
The ability value detected is collected in kernel spacing and passes to user's space;
In response to receiving the ability value in user's space, it is determined that the running status of detected application program;
In response to determining that detected application program has logged out operation, the ability value received is added to be detected and applies journey
Sequence;
It is added to detected application program in response to the ability value received, restarts detected application program and perform application
Program circuit.
2. according to the method for claim 1, it is characterised in that methods described also includes:
In response to determining that detected application program is still being run, received ability value is preserved, and continue executing with detected application
Program circuit.
3. method according to claim 1 or 2, it is characterised in that kernel spacing detection respective capabilities ability value and
Collect the ability value detected in kernel spacing and pass to user's space and performed by the ko modules loaded into kernel spacing.
4. method according to claim 1 or 2, it is characterised in that described to need an energy in response to detected application program
Power, the ability value triggered in kernel spacing detection respective capabilities include:Efficiency test mechanism based on kernel spacing is examined in ability
Corresponding ability value is printed so as to detect corresponding ability value before making an inventory of.
5. according to the method for claim 1, it is characterised in that the ability value received by setcap instruments be added to by
Detection application program.
6. the ability detection device of a kind of program process, it is characterised in that described device includes:
Starting module, for starting detected application program and performing application flows;
Ability detecting module, for needing an ability in response to detected application program, in kernel spacing detection respective capabilities
Ability value;
Ability collects module, for collecting the ability value from the ability detecting module in kernel spacing and being transmitted to user's space
Ability receiving module;
Ability receiving module, in response to receiving the ability value, the fortune of detected application program to be determined in user's space
Row state;And in response to determining that detected application program has logged out operation, the ability value received being added to and visited
Survey application program;
Restart module, for being added to detected application program in response to the ability value received, restart detected application
Program simultaneously performs application flows.
7. device according to claim 6, it is characterised in that the ability receiving module is additionally in response to determine detected answer
Still run with program, preserving received ability value, continue executing with detected application flows.
8. the device according to claim 6 or 7, it is characterised in that the ability detecting module and the ability receive mould
Block is compiled into ko modules and loaded into kernel spacing.
9. the device according to claim 6 or 7, it is characterised in that the ability detecting module includes printing submodule, uses
In the efficiency test mechanism based on kernel spacing, corresponding ability value is printed so as to detect before efficiency test point
Corresponding ability value.
10. device according to claim 6, it is characterised in that the ability receiving module uses setcap instruments by institute
The ability value of reception is added to detected application program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710824217.8A CN107643982A (en) | 2017-09-13 | 2017-09-13 | The ability detection method and device of program process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710824217.8A CN107643982A (en) | 2017-09-13 | 2017-09-13 | The ability detection method and device of program process |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107643982A true CN107643982A (en) | 2018-01-30 |
Family
ID=61110326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710824217.8A Pending CN107643982A (en) | 2017-09-13 | 2017-09-13 | The ability detection method and device of program process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107643982A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1854961A (en) * | 2005-04-28 | 2006-11-01 | 中国科学院软件研究所 | Strategy and method for realizing minimum privilege control in safety operating system |
| US20120311571A1 (en) * | 2011-05-31 | 2012-12-06 | Morgan Christopher Edwin | Systems and methods for tracking cloud installation information using cloud-aware kernel of operating system |
| CN106469271A (en) * | 2016-08-22 | 2017-03-01 | 南京南瑞集团公司 | Method to remove Root authority is combined based on forced symmetric centralization with powers and functions |
| CN106557699A (en) * | 2016-11-11 | 2017-04-05 | 大唐高鸿信安(浙江)信息科技有限公司 | Operating system security strengthening system based on powers and functions module |
| CN107085691A (en) * | 2017-03-26 | 2017-08-22 | 安徽继远软件有限公司 | A kind of customization mobile terminal operating system safety method based on Root fractions |
-
2017
- 2017-09-13 CN CN201710824217.8A patent/CN107643982A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1854961A (en) * | 2005-04-28 | 2006-11-01 | 中国科学院软件研究所 | Strategy and method for realizing minimum privilege control in safety operating system |
| US20120311571A1 (en) * | 2011-05-31 | 2012-12-06 | Morgan Christopher Edwin | Systems and methods for tracking cloud installation information using cloud-aware kernel of operating system |
| CN106469271A (en) * | 2016-08-22 | 2017-03-01 | 南京南瑞集团公司 | Method to remove Root authority is combined based on forced symmetric centralization with powers and functions |
| CN106557699A (en) * | 2016-11-11 | 2017-04-05 | 大唐高鸿信安(浙江)信息科技有限公司 | Operating system security strengthening system based on powers and functions module |
| CN107085691A (en) * | 2017-03-26 | 2017-08-22 | 安徽继远软件有限公司 | A kind of customization mobile terminal operating system safety method based on Root fractions |
Non-Patent Citations (1)
| Title |
|---|
| 徐辉等: ""一种增强的Linux系统安全审计机制"", 《计算机应用研究》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105843741B (en) | Information processing method and device for application program | |
| US6959262B2 (en) | Diagnostic monitor for use with an operating system and methods therefor | |
| KR101043299B1 (en) | Method, system and computer readable recording medium for detecting exploit code | |
| CN109189612B (en) | Log processing method and electronic device during Linux kernel exception | |
| CN108508874B (en) | Method and device for monitoring equipment fault | |
| CN109101416B (en) | Kernel fault injection method and electronic equipment | |
| Kim et al. | WakeScope: Runtime WakeLock anomaly management scheme for Android platform | |
| CN109408261B (en) | Application program crash processing method and device, computer equipment and storage medium | |
| CN107301082A (en) | A kind of method and apparatus for realizing operating system integrity protection | |
| CN103440175A (en) | Method and device for handling exception of intelligent card | |
| CA2800271A1 (en) | System test method | |
| WO2016114794A1 (en) | Root cause analysis of non-deterministic tests | |
| CN103268448A (en) | Method and system for dynamically detecting safety of mobile applications | |
| US11055416B2 (en) | Detecting vulnerabilities in applications during execution | |
| CN107491372A (en) | A kind of method and system for linux system RPM bags statistics CPU usage | |
| Tang et al. | Towards dynamically monitoring android applications on non-rooted devices in the wild | |
| CN106529342B (en) | Virtual machine monitor dynamic integrity detection method based on security chip | |
| CN111309622A (en) | Application program testing method and device, terminal equipment and storage medium | |
| CN104991832A (en) | Method for processing shutdown of embedded processor | |
| CN107643982A (en) | The ability detection method and device of program process | |
| US20100153926A1 (en) | Operating system aided code coverage | |
| US20180226136A1 (en) | System management mode test operations | |
| CN115794583A (en) | Kernel analysis method and device | |
| JP2015501046A (en) | Method and apparatus for saving state prior to reset for evaluation after reset | |
| Wang et al. | Detecting data races in interrupt-driven programs based on static analysis and dynamic simulation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180130 |