CN110990874A - Safety protection method and system for Android file - Google Patents
Safety protection method and system for Android file Download PDFInfo
- Publication number
- CN110990874A CN110990874A CN201911229821.1A CN201911229821A CN110990874A CN 110990874 A CN110990874 A CN 110990874A CN 201911229821 A CN201911229821 A CN 201911229821A CN 110990874 A CN110990874 A CN 110990874A
- Authority
- CN
- China
- Prior art keywords
- zygote
- application program
- target file
- authority
- partition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 251
- 230000008569 process Effects 0.000 claims abstract description 224
- 238000005192 partition Methods 0.000 claims abstract description 62
- 238000004590 computer program Methods 0.000 claims description 11
- 230000004913 activation Effects 0.000 claims description 6
- 230000000694 effects Effects 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 21
- 238000010586 diagram Methods 0.000 description 9
- 101100264195 Caenorhabditis elegans app-1 gene Proteins 0.000 description 7
- 238000001994 activation Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 244000035744 Hura crepitans Species 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000012447 hatching Effects 0.000 description 2
- 238000004886 process control Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 239000011230 binding agent Substances 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000011534 incubation Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4418—Suspend and resume; Hibernate and awake
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44594—Unloading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Stored Programmes (AREA)
Abstract
The application discloses a safety protection method and system for Android files. The method comprises the steps that when a Zygote parent process receives a request of an application program, the Zygote parent process obtains a Zygote child process through forking, meanwhile, an authority controller arranged in the Zygote parent process is activated, the authority controller is used for judging the access authority of the application program and formulating an unauthorized target file list, so that an unauthorized partition list is obtained, the process of the application program is suspended, the unauthorized partition list of mount namespace is unloaded, and the process of the application program is recovered. According to the scheme, the target file is mounted in a partition mode independently, and the process without the access authority is unloaded, so that the effect of hiding the target file in the process is enhanced, meanwhile, the authority controller is added into the Zygote parent process, the effect of independently configuring the authority in a single application process can be achieved, and the control granularity is finer.
Description
Technical Field
The application relates to the technical field of computer software security, in particular to a security protection method and system for Android files.
Background
Android itself has been implemented using virtual machine principles for security reasons to minimize the possibility of intrusion. The virtual machine is used to further run application processes. The virtual machine is started by a Zygote (known as an incubator in the industry) module of the system, and the Zygote is loaded by an initialization (init) function realized by a Linux operating system kernel. After Zygote is loaded, the Zygote replicates the Zygote by the fork (fork) of the hatching function of the Zygote, and a new process is formed to realize a series of initialization functions of system services, including initializing the services of a Native layer, initializing the services of a Java layer, and finally entering a Binder communication system to monitor requests to provide various service requests for an application layer and a system. In this process, a series of Java layer services including an Android Manager Service (AMS) and an application management Service (PMS) are sequentially loaded, and a zygate exits the background to continue to monitor whether there is a new hatching request. Once the AMS initiates an incubation request to the zygate for running the application, the zygate will continue to incubate itself and then load the virtual machine with a new zygate process, so that the application runs in the virtual machine.
The Android system is developed based on a Linux kernel, so the Android has a file system authority control mode consistent with the Linux system. In the Android system, a lot of object files or executable programs with special authority functions are usually contained. However, files with special functions or permissions are only open to specific processes, such as system processes or some of them, while for other application processes the existence of these special files needs to be hidden. On the one hand, the function of preventing certain application processes from abusing the files with special rights is realized, and on the other hand, the sensitive information is prevented from being read to reveal the privacy of the user. In addition, the storage position of the executable program with the highest authority, such as the su file, is relatively fixed, and many application processes can judge whether the file exists in a mode of scanning the storage position, and try to acquire the execution authority after confirming that the file exists. Therefore, it is also important to hide the storage location of a particular document.
Disclosure of Invention
The application aims to provide a safety protection method and system for an Android file, so that the risk of finding the fixed storage position of a scanned target file is effectively avoided, and the control granularity of an application program process is finer.
In a first aspect, an embodiment of the present application provides a security protection method for an Android file, where the method includes:
s1: when the system is started, a Zygote parent process is established through an Init process;
s2: when the Zygote parent process receives the request of the application program, the Zygote parent process obtains a Zygote child process through bifurcation and activates an authority controller arranged on the Zygote parent process;
s3: judging the access authority of the application program by using an authority controller, and formulating an unauthorized target file list so as to obtain an unauthorized partition list;
s4: pausing the process of the application program, and associating the process to the mount namespace of the process of the application program through an API in a Linux kernel; and
s5: uninstalling the unauthorized partition list of mount namespace and recovering the process of the application program.
In the method, a permission controller is arranged in a Zygote process, the permission controller is used for judging the access permission of an application program, an unauthorized partition list is obtained, and then a target file in an unauthorized partition is unloaded, so that the aim of hiding the target file for the application program is fulfilled. According to the method, the target file is unloaded from the root in the environment accessed by the application program by utilizing the existing Android file system, so that the target file is effectively hidden, and meanwhile, the control granularity is finer due to the application of the authority monitor.
In some embodiments, the zygate parent process in step S1 is initiated by the Service of the Init process and is independent of the unit namespace of the Init process. The Zygote process is started by the Init initialization process in the form of Service, and in the process, the Zygote process is independent from the unit namespace of the Init process.
In some embodiments, before step S2, the Init process reads a preset rule of the mount partition of the target file, and mounts the target file to the corresponding partition. By means of the preset rules, the target files can be classified quickly, and partition mounting of the target files is accelerated.
In some embodiments, the preset rule is that the configuration of the target file is read through the Init process, and the target file is mounted in a partition manner, so that the zygate parent process containing the target file is obtained. The Init process reads the target file for partition mounting, and the Zygote parent process is started by the Service mode of the Init process, so that the Zygote parent process also contains partition data of all the target files.
In some embodiments, in step S2, the zygate parent process forms a zygate child process that is independent of the zygate parent process and contains the target file through the fork function. The Zygote parent process fork function hatches Zygote sub-processes according to the execution request of the application program, so that the Zygote sub-processes also contain all target file resources and authority controllers in the Zygote parent process.
In some embodiments, the Zygote sub-process creates an execution runtime environment for the application. All application program processes are formed by Zygote sub-processes to run in an independent sandbox.
In some embodiments, the privilege controller is configured to monitor access privileges for execution requested by the application and privilege controls at runtime. The authority controller is used for judging whether the application program process has the access authority to the configured target file before running and monitoring the behavior of the application program process after the access is allowed.
In some embodiments, the run-time permissions control whether readable, writable, or executable. And the independent control authority for the application program is improved, so that the process control granularity of the application program is finer.
In another aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and when executed by a processor, the computer program implements the method of the above embodiments.
In a third aspect, an embodiment of the present application provides a system for security protection of an Android file, where the system includes:
a system start unit: the Zygote parent process is configured and used for establishing a Zygote parent process through an Init process when the system is started;
receiving an activation unit: the Zygote sub-process is configured to branch the Zygote parent process out of the Zygote sub-process when the Zygote parent process receives a request of an application program, and meanwhile, an authority controller arranged in the Zygote parent process is activated;
an access right unit: the Zygote subprocess judges the access authority of the application program and formulates an unauthorized target file list by using an authority controller, so as to obtain an unauthorized partition list;
a pause association unit: configuring a process for suspending an application program, and associating the process to the mount namespace of the application program process through an API in a Linux kernel; and
unloading the operation unit: and configuring an unauthorized partition list for unloading the mount namespace and recovering the process of the application program.
The application provides a safety protection method and system for Android files. The target file in the partition without permission is unloaded by setting the permission controller in the Zygote process and utilizing the permission controller to make a partition list without permission, so that the aim of hiding the target file for the application program is fulfilled. The target file is unloaded from the root in the environment accessed by the application program through the existing Android file system, so that the target file is effectively hidden, and meanwhile, an independent authority controller is configured in a single application program process, so that the Zygote process has finer control granularity on the application program, the target file is effectively protected, and information data leakage is prevented. The method is different from the traditional Linux-based permission control scheme, namely the target file is stored based on a Linux file system partition mounting storage mode, so that the effect that the target file hides the progress of the application program is achieved, the safety of the system is better protected, and the privacy of a user is guaranteed.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
fig. 1 is a flowchart of a security protection method for an Android file according to an embodiment of the present application;
fig. 2 is a process schematic architecture diagram of a security protection method for an Android file according to a specific embodiment of the present application;
fig. 3 is a schematic structural block diagram of a security protection system for Android files according to an embodiment of the present application.
FIG. 4 is a schematic block diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 shows a flowchart of a security protection method for an Android file according to an embodiment of the present application. As shown in fig. 1, the method includes the steps of starting the system, receiving an activation process, accessing rights, suspending the association, and uninstalling the operation.
In step S1: and when the system is started, creating a Zygote parent process through the Init process.
In this step, the zygate process of the Android system is a parent process of all application processes, the zygate process is started by the Init process in a Service (Service) manner, and in this process, the zygate process is independent from a mount partition namespace (mount namespace) of the Init process to form a new namespace.
In step S2: when the Zygote parent process receives the request of the application program, the Zygote parent process obtains a Zygote child process through bifurcation and activates an authority controller arranged on the Zygote parent process.
In this step, the Android application is developed by using Java language, and the Java language must be interpreted and executed by a virtual machine, and using the principle of the virtual machine, when a zygate parent process receives an operation request of the application, the zygate parent process fork comes out and forms a zygate child process of each mount namespace independently, so as to form an execution operation environment of the application. This is why the unit namespace of Init is shared by all other processes. And an authority controller is arranged in the Zygote parent process, and is activated when an operation request of the application program is received, so that the control on the process authority of the application program can be monitored.
In step S3: and judging the access authority of the application program by using the authority controller, and formulating an unauthorized target file list so as to obtain an unauthorized partition list.
In this step, the permission controller is set in the zygate process, the application program processes coming out through the fork function also include the permission controller corresponding to the application program processes, whether each partition resource in the application program corresponding to the permission controller can be accessed by the application program processes is judged through the permission controller, and the permission-free target file list of the application program is specified, so that the permission-free partition list is obtained.
In step S4: and pausing the process of the application program, and associating the process to the mount namespace of the process of the application program through the API in the Linux kernel.
In this step, the Application Program Interface (API) in the Linux kernel is associated with the Application program schedule, when the Application program calls the specified API, the call to the function is intercepted by some technical means, and the call to the function is redirected to a technology in the specified proxy function, so as to execute the next unloading operation of the zygate process on the unauthorized partition list.
In step S5: uninstalling the unauthorized partition list of mount namespace and recovering the process of the application program.
In this step, after the zygate process executes the partition list without permission in the uninstalled application process, the running state of the application process is restored. Because all target file partitions without access authority are unloaded in the application program process, the application program process cannot judge whether the unloaded target file exists in the system in any way, and the application program is prevented from accessing the target file fundamentally, so that the effect of hiding the target file in the application program process without the authority is enhanced, and the safety protection function of the Android file is improved.
In some embodiments, when the Zygote parent process receives an application execution request, the Zygote parent process can quickly copy itself to a Zygote child process for loading the application. In the self-copying process, a Fork function in Linux is called, a Zygote sub-process and a Zygote parent process are completely the same after the Fork function is executed, target file resources and an authority controller are contained, and the only difference is that the two virtual machines are in different process spaces, so that the sandbox isolation of the application program is met.
In some specific embodiments, the object files are configured in a configuration file to be installed in the partition of each object file before executing step S1. Of course, there are many ways of setting up, of which only one is listed in the present application in the form of a configuration file.
In some specific embodiments, the Init process reads the configuration file and mounts each target file into a corresponding partition according to the configuration, so that the mount data of all target files are also in the mount namespace of the Iint process.
In some specific embodiments, after the zygate process is started, the zygate process partition right controller is started at the same time, and the partition right controller is mainly used for determining whether a subsequently started application program process has an access right to the configured target file resource.
In some preferred embodiments, the permission controller is used for monitoring the access permission requested by the application program to execute and the permission control in the runtime. The authority controller is used for judging whether the application program process has the access authority to the configured target file before running and monitoring the behavior of the application program process after the access is allowed.
In a further preferred embodiment, the run-time rights control whether readable, writable, or executable. And the independent control authority for the application program is improved, so that the process control granularity of the application program is finer.
In some specific embodiments, the application process comes out through the zygate process fork, so that the application process inherits the mount namespace of the zygate, and at this time, the application process has already mounted all the target files, and the zygate process firstly judges, through the permission controller, which resources the application process has access permissions, and lists the resource lists without access permissions.
With continued reference to fig. 2, a process schematic architecture diagram of a security protection method for Android files according to a specific embodiment of the present application is shown. The method mainly comprises two steps of partition mounting of a target file and partition data processing of APP process permission special resources.
The first step is as follows: partition mounting of target files
Step (1.1): the Init process is started.
Step (1.2): reading the configuration file by an Init process and respectively mounting each special resource file into a corresponding mounting (mount) partition according to configuration; all partition data for a particular resource is available in mount namespace for the Iint process.
The second step is as follows: partition data processing of APP process permission special resources
Step (2.1): the zygate process is started.
Step (2.2): the partition authority controller in the Zygote process is activated at the same time after the Zygote process is started.
Step (2.3): when receiving App1 and App2 execution requests, the Zygote process fork out of the App1 process and App2 process, respectively.
Step (2.4): and judging the partition access authority of the target process by the Zygote process through a partition authority controller, judging the authority of the current process to each resource partition, listing the target file list without the access authority of the App1 process as/b, listing the target file list without the access authority of the App2 process as/a, and returning the partition list without the access authority.
Step (2.5): the target process is halted and the (umount) partition without access rights is unloaded separately.
Step (2.6): and restoring the target process.
In some specific embodiments, the partition access right of the target process may be determined by a partition right controller in a zygate parent process, or may be determined by partition right controllers in various zygate child processes of fork out App1 process and App2 process.
In a further preferred embodiment, when the partition authority controller in each zygate subprocess of the fork out App1 process and App2 process judges the access authority of the target process partition, in step (2.4), the permission-free target file list listing the App1 process is obtained as/b, the permission-free target file list of App2 process is obtained as/a, and the corresponding permission-free partition list in each corresponding zygate subprocess of the App1 process and App2 process is returned.
In a further preferred embodiment, after the target process is allowed to access by the partition authority controller, the authority of the target process to the target file is whether the target process is readable, writable or executable. And (3) implementing independent control authority on the application program, thereby enabling the control granularity to be finer.
In some specific embodiments, in step (1.2), the configuration of the target file is read by the Init process, and the target file is partition-mounted, so as to obtain the zygate process containing the target file. The Init process reads the target file for partitioning, and the zygate process is started by the Service mode of the Init process, so that the zygate process also contains partition data of all the target files.
In some specific embodiments, in step (2.1), the zygate process is started by the Service of the Init process and is independent of the unit namespace of the Init process. The Zygote process is started by the Init initialization process in the form of Service, and in the process, the Zygote process is independent from the unit namespace of the Init process.
In addition, the application also provides a safety protection system for the Android file. As shown in fig. 3, the method includes: a system starting unit 301, a receiving activation unit 302, an access authority unit 303, a pause association unit 304 and an uninstall execution unit 305. The Zygote parent process is created through the system starting unit 301, when the receiving and activating unit 302 receives the request of the application program executing process, the authority controller is activated, the access authority unit 303 is used for obtaining the partition list without authority, and finally the execution suspension association unit 304 and the uninstallation operation unit 305 are used for completing the hiding of the target file of the application program without authority access, thereby improving the safety performance.
System startup unit 301: the configuration is used for creating a Zygote parent process through an Init process when the system is started.
Receiving activation unit 302: and the Zygote sub-process is configured to branch the Zygote parent process out of the Zygote sub-process when the Zygote parent process receives the request of the application program, and simultaneously activate the authority controller arranged in the Zygote parent process.
Access authority unit 303: the Zygote sub-process is configured to judge the access authority of the application program by utilizing the authority controller and formulate an unauthorized target file list so as to obtain an unauthorized partition list.
The pause association unit 304: and configuring a process for suspending the application program, and associating the process to the mount namespace of the application program process through an API in the Linux kernel.
The unload operation unit 305: and configuring an unauthorized partition list for unloading the mount namespace and recovering the process of the application program.
Referring now to FIG. 4, shown is a block diagram of a computer system 400 suitable for use in implementing the electronic device of an embodiment of the present application. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 4, the computer system 400 includes a Central Processing Unit (CPU)401 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage section 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the system 400 are also stored. The CPU 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
The following components are connected to the I/O interface 405: an input section 406 including a keyboard, a mouse, and the like; an output section 407 including a display such as a Liquid Crystal Display (LCD) and a speaker; a storage section 408 including a hard disk and the like; and a communication section 409 including a network interface card such as a LAN card, a modem, or the like. The communication section 409 performs communication processing via a network such as the internet. Drivers 410 may also be connected to the I/O interface 405 as desired. A removable medium 411 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 410 as necessary, so that a computer program read out therefrom is mounted into the storage section 408 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 409, and/or installed from the removable medium 411. The computer program performs the above-described functions defined in the method of the present application when executed by a Central Processing Unit (CPU) 401.
It should be noted that the computer readable medium of the present application can be a computer readable signal medium or a computer readable medium or any combination of the two. A computer readable medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present application may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a system start unit, a receive activation unit, an access authority unit, a suspend association unit, and an offload execution unit. The names of these modules do not constitute a limitation to the modules themselves in some cases, and for example, the system start unit may also be described as "creating a Zygote parent process by an Init process upon system start".
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: the system comprises a system starting unit, a receiving and activating unit, an access authority unit, a pause association unit and an unloading and running unit. Wherein, the system starting unit: the Zygote parent process is configured and used for establishing a Zygote parent process through an Init process when the system is started; receiving an activation unit: the Zygote sub-process is configured to branch the Zygote parent process out of the Zygote sub-process when the Zygote parent process receives a request of an application program, and meanwhile, an authority controller arranged in the Zygote parent process is activated; an access right unit: the Zygote subprocess judges the access authority of the application program and formulates an unauthorized target file list by using an authority controller, so as to obtain an unauthorized partition list; a pause association unit: configuring a process for suspending an application program, and associating the process to the mount namespace of the application program process through an API in a Linux kernel; and an unloading operation unit: and configuring an unauthorized partition list for unloading the mount namespace and recovering the process of the application program.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (10)
1. A safety protection method for Android files is characterized by comprising the following steps:
s1: when the system is started, a Zygote parent process is established through an Init process;
s2: when the Zygote parent process receives a request of an application program, the Zygote parent process acquires a Zygote child process through bifurcation and activates an authority controller arranged on the Zygote parent process;
s3: judging the access authority of the application program by using the authority controller, and formulating an unauthorized target file list so as to obtain an unauthorized partition list;
s4: pausing the process of the application program, and associating the process of the application program to mount namespace of the process of the application program through an API in a Linux kernel; and
s5: and unloading the unauthorized partition list of the mount namespace, and recovering the process of the application program.
2. The method according to claim 1, wherein the Zygote parent process in the step S1 is started by a Service of an Init process and is independent of a unit namespace of the Init process.
3. The method according to claim 1, wherein before the step S2, the Init process reads a preset rule of a mount partition of the target file, and mounts the target file to the corresponding partition.
4. The method according to claim 3, wherein the preset rule is that the configuration of the target file is read through the Init process, and the target file is mounted in a partition manner, so that the Zygote parent process containing the target file is obtained.
5. The method for safeguarding Android files according to claim 1, wherein in the step S2, the zygate parent process forms the zygate child process independent of the zygate parent process and containing the target file through a fork function.
6. The method for safeguarding the Android file according to claim 5, wherein the Zygote sub-process creates an execution running environment for the application program.
7. The method for safeguarding the Android file according to claim 1, wherein the permission controller is configured to monitor access permission requested to be executed by the application program and permission control during runtime.
8. The method for safeguarding the Android file according to claim 7, wherein the permission of the runtime is controlled to be readable, writable, or executable.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 8.
10. A security protection system for Android files, the system comprising:
a system start unit: the Zygote parent process is configured and used for establishing a Zygote parent process through an Init process when the system is started;
receiving an activation unit: the Zygote parent process is configured to fork the Zygote parent process out of a Zygote child process when receiving a request of an application program, and an authority controller arranged in the Zygote parent process is activated at the same time;
an access right unit: the Zygote subprocess judges the access authority of the application program and formulates an unauthorized target file list by using the authority controller and the Zygote subprocess, thereby obtaining an unauthorized partition list;
a pause association unit: configuring a process for suspending the application program, and associating the process to the mount namespace of the application program process through an API in a Linux kernel; and
unloading the operation unit: and configuring the unauthorized partition list for unloading the mount namespace and recovering the process of the application program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911229821.1A CN110990874A (en) | 2019-12-04 | 2019-12-04 | Safety protection method and system for Android file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911229821.1A CN110990874A (en) | 2019-12-04 | 2019-12-04 | Safety protection method and system for Android file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110990874A true CN110990874A (en) | 2020-04-10 |
Family
ID=70090085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911229821.1A Pending CN110990874A (en) | 2019-12-04 | 2019-12-04 | Safety protection method and system for Android file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110990874A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114489841A (en) * | 2022-01-14 | 2022-05-13 | 湖南小算科技信息有限公司 | Method for rapidly detecting ghost process limitation of android system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101535966A (en) * | 2006-11-02 | 2009-09-16 | 微软公司 | Reverse name mappings in restricted namespace environments |
| CN104572394A (en) * | 2013-10-29 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Process monitoring method and device |
| CA2959574A1 (en) * | 2015-03-25 | 2016-09-29 | Hitachi Solutions, Ltd. | Access control system and access control method |
| CN106681884A (en) * | 2016-06-28 | 2017-05-17 | 腾讯科技(深圳)有限公司 | System call monitoring method and device |
| CN110472381A (en) * | 2019-07-31 | 2019-11-19 | 广州微算互联信息技术有限公司 | Root authority hidden method, system and storage medium based on android system |
-
2019
- 2019-12-04 CN CN201911229821.1A patent/CN110990874A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101535966A (en) * | 2006-11-02 | 2009-09-16 | 微软公司 | Reverse name mappings in restricted namespace environments |
| CN104572394A (en) * | 2013-10-29 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Process monitoring method and device |
| CA2959574A1 (en) * | 2015-03-25 | 2016-09-29 | Hitachi Solutions, Ltd. | Access control system and access control method |
| CN106681884A (en) * | 2016-06-28 | 2017-05-17 | 腾讯科技(深圳)有限公司 | System call monitoring method and device |
| CN110472381A (en) * | 2019-07-31 | 2019-11-19 | 广州微算互联信息技术有限公司 | Root authority hidden method, system and storage medium based on android system |
Non-Patent Citations (1)
| Title |
|---|
| LONGPOXIN: "Magisk隐藏root的实现", 《HTTPS://BBS.PEDIY.COM/THREAD-247408-1.HTM》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114489841A (en) * | 2022-01-14 | 2022-05-13 | 湖南小算科技信息有限公司 | Method for rapidly detecting ghost process limitation of android system |
| CN114489841B (en) * | 2022-01-14 | 2023-07-25 | 湖南小算科技信息有限公司 | Method for rapidly detecting ghost process limitation of android system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230297364A1 (en) | System And Method For Upgrading Kernels In Cloud Computing Environments | |
| US10482267B2 (en) | Linux based android container platform, device equipped with the same and method for apply security system in Linux based android container environment | |
| US9547346B2 (en) | Context agent injection using virtual machine introspection | |
| US8464252B2 (en) | Per process virtual machines | |
| US9202046B2 (en) | Systems and methods for executing arbitrary applications in secure environments | |
| US8893222B2 (en) | Security system and method for the android operating system | |
| JP5861228B2 (en) | System, apparatus, program and method for monitoring a virtual partition | |
| US9195823B1 (en) | System and method for intercepting process creation events | |
| US20150332043A1 (en) | Application analysis system for electronic devices | |
| US20100318997A1 (en) | Annotating virtual application processes | |
| EP4100829A1 (en) | Firmware update patch | |
| KR20140045502A (en) | Trust level activation | |
| US10372908B2 (en) | System and method for detecting malware in a stream of bytes | |
| US20140331228A1 (en) | Live application mobility from one operating system level to an updated operating system level | |
| AU2020233907B2 (en) | Inject interrupts and exceptions into secure virtual machine | |
| US9122633B2 (en) | Case secure computer architecture | |
| EP3308274B1 (en) | Executing services in containers | |
| CN110990874A (en) | Safety protection method and system for Android file | |
| US20200104145A1 (en) | Mobile application management by run-time insertion of a substitute application class loader into a mobile application process | |
| CN115576626A (en) | Method, device and storage medium for safe mounting and dismounting of USB (Universal Serial bus) device | |
| CN114969720A (en) | Installation method and device of android application, storage medium and computer equipment | |
| Yehuda et al. | Arm security alternatives | |
| US20230025126A1 (en) | Virtualization layer assisted upgrading of in-guest agents | |
| Xuan et al. | A Novel Design of Cloud-based Management Solution for Android Containers | |
| US20140282516A1 (en) | Providing execution access to files not installed in a virtualized space |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200410 |
|
| RJ01 | Rejection of invention patent application after publication |