CN114168937A - Resource access method, computing device and readable storage medium - Google Patents

Resource access method, computing device and readable storage medium Download PDF

Info

Publication number
CN114168937A
CN114168937A CN202210123502.8A CN202210123502A CN114168937A CN 114168937 A CN114168937 A CN 114168937A CN 202210123502 A CN202210123502 A CN 202210123502A CN 114168937 A CN114168937 A CN 114168937A
Authority
CN
China
Prior art keywords
plug
target
target plug
computing device
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210123502.8A
Other languages
Chinese (zh)
Inventor
史亚巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Tongxin Software Co ltd
Original Assignee
Guangdong Tongxin Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Tongxin Software Co ltd filed Critical Guangdong Tongxin Software Co ltd
Priority to CN202210123502.8A priority Critical patent/CN114168937A/en
Publication of CN114168937A publication Critical patent/CN114168937A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/54Indexing scheme relating to G06F9/54
    • G06F2209/549Remote execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a resource access method, a computing device and a readable storage medium, wherein the method comprises the following steps: receiving a plug-in calling request from a front end at a plug-in server side, wherein the plug-in calling request is suitable for requesting to call a corresponding interface of a target plug-in; creating a sandbox environment, and starting the target plug-in the sandbox environment; creating a link between the plug-in server and the target plug-in so as to forward the plug-in calling request to a corresponding interface of the target plug-in for execution, so as to acquire resources in the computing equipment; and receiving the resources obtained as the execution result of the corresponding interface of the target plug-in at the plug-in server and forwarding the resources to the front end. According to the invention, an independent sandbox environment is created for each plug-in, so that the plug-ins run in the independent sandbox environment, thereby realizing the safe isolation between the plug-ins and the operating system resources and improving the safety of the local resources.

Description

Resource access method, computing device and readable storage medium
Technical Field
The present invention relates to the field of computers, and in particular, to a resource access method, a computing device, and a readable storage medium.
Background
Since the browser does not support the operation on the local resource, in order to meet the requirements of the business scenario, the browser provides access to the local resource in the form of a plug-in, and the plug-in, such as NPAPI, ActiveX, etc., can access the local resource in the form of a plug-in. However, local resources are accessed through plug-ins such as NPAPI (network platform interface), ActiveX (active virtual machine) and the like, and because local resource isolation is not performed, all permissions of a user can be acquired when the plug-ins are operated, all files in a system can be operated, and potential safety hazards exist.
Therefore, a new resource access method is needed to solve the above problems.
Disclosure of Invention
To this end, the present invention provides a resource access method, a computing device and a readable storage medium in an attempt to solve or at least alleviate the problems presented above.
According to an aspect of the present invention, there is provided a resource access method, adapted to be executed in a computing device to obtain a resource in the computing device, the computing device including a front end adapted to issue a plug-in invocation request and a plug-in server for parsing the plug-in invocation request, the method including the steps of: receiving a plug-in calling request from a front end at a plug-in server side, wherein the plug-in calling request is suitable for requesting to call a corresponding interface of a target plug-in; creating a sandbox environment, and starting the target plug-in the sandbox environment; creating a link between the plug-in server and the target plug-in so as to forward the plug-in calling request to a corresponding interface of the target plug-in for execution, so as to acquire resources in the computing equipment; and receiving the resources obtained as the execution result of the corresponding interface of the target plug-in at the plug-in server and forwarding the resources to the front end.
Optionally, the resource access method provided by the present invention further includes the steps of: before creating a sandbox environment, judging whether a target plug-in is operated at a plug-in server side; if the target plug-in is already running, the plug-in call request is forwarded to the corresponding interface of the target plug-in so as to acquire the resource in the computing device through the corresponding interface of the target plug-in.
The resource access method provided by the invention also comprises the following steps: if the target plug-in is not operated, judging whether the target plug-in exists in the computing equipment or not; if the target plug-in does not exist in the computing equipment, downloading the target plug-in and checking whether the target plug-in is legal or not; if the target plug-in already exists in the computing device, checking whether the target plug-in is legal.
Optionally, the computing device stores a relationship table, any data item of the relationship table corresponds to data of an executed plug-in, and the step of determining whether the target plug-in is executed includes: and traversing the relation table, if the relation table has data items corresponding to the data of the target plug-in, determining that the target plug-in is operated, and if the relation table does not have data items corresponding to the data of the target plug-in, determining that the target plug-in is not operated.
Optionally, the step of launching the target plug-in the sandbox environment comprises: creating a plug-in process in the sandbox environment; starting a plug-in process; loading the target plug-in to a plug-in process; mapping all interfaces of the target plug-in to a plug-in process so as to start the target plug-in a sandbox environment; and storing the data of the started target plug-in as a data item in the relation table.
Optionally, the resource access method provided by the present invention further includes the steps of: and mapping the local directory of the target plug-in into the sandbox environment to be used as the directory of the sandbox environment so as to limit the resource access right of the target plug-in.
Optionally, the step of creating a link between the plug-in server and the target plug-in so as to forward the plug-in call request to the corresponding interface of the target plug-in for execution, so as to obtain the resource in the computing device, includes: establishing a link between a plug-in service end and a target plug-in through a gRPC communication mode so as to enable the plug-in service end to communicate with the target plug-in; forwarding a plug-in calling request to the target plug-in through a link at a plug-in server; accessing a directory of the sandbox environment by calling a corresponding interface of the target plug-in at a target plug-in end to obtain an execution result so as to obtain resources in the computing equipment; and the target plug-in sends the resources acquired as the execution result of the corresponding interface of the target plug-in to the plug-in server through the link.
Optionally, any data item of the relationship table corresponds to a key value pair, the key of the key value pair is a unique identifier composed of an identifier and a version number of the target plug-in, and the key value of the key value pair is information of the target plug-in.
According to yet another aspect of the invention, there is provided a computing device comprising: at least one processor; and a memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the program instructions comprising instructions for performing the method according to the invention.
According to yet another aspect of the present invention, there is provided a readable storage medium storing program instructions which, when read and executed by a computing device, cause the computing device to perform a method according to the present invention.
According to the resource access method, a plug-in calling request from a front end is received at a plug-in server, a sandbox environment is created, a target plug-in is started in the sandbox environment, a link between the plug-in server and the target plug-in is created, so that the plug-in calling request is forwarded to a corresponding interface of the target plug-in to be executed, resources in a computing device are obtained, and resources obtained as an execution result of the corresponding interface of the target plug-in are received at the plug-in server and forwarded to the front end.
According to the invention, an independent sandbox environment is created for each plug-in, so that the plug-ins run in the independent sandbox environment, thereby realizing the safe isolation between the plug-ins and the operating system resources and improving the safety of the local resources. And because the sandbox environments are mutually isolated, the plug-ins operating in the sandbox environments are also mutually isolated, so that the isolation among the plug-ins is realized, and the mutual influence among the plug-ins is avoided.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
FIG. 1 shows a schematic diagram of a host according to one embodiment of the invention;
FIG. 2 illustrates a block diagram of a computing device 200, according to one embodiment of the invention;
FIG. 3 shows a flow diagram of a resource access method according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The sandbox environment is a virtual system program, creates an independent operation environment, allows other programs such as plug-ins and the like to run in the sandbox environment, realizes resource isolation, and enables the programs running in the sandbox not to communicate with external programs.
The operating principle of the sandbox environment is explained by taking a Linux operating system as an example. The isolation of the environment is realized through Namespace (name space) of an operating system, the Namespace is a mode used by a Linux kernel to isolate kernel resources, processes in different Namespace have independent global system resources, the change of the system resources in one Namespace only affects the processes in the current Namespace, and the change of the system resources in other Namespaces does not affect the processes in other Namespaces.
In the invention, an independent sandbox environment is created for each plug-in, so that the plug-ins run in the independent sandbox environment, thereby realizing the isolation of the plug-ins and the operating system resources. That is, the present invention utilizes the function mechanism of sandbox environment isolation resources to achieve the secure isolation between plug-ins and operating system resources and the environment isolation between plug-ins.
It should be noted that, because the sandbox environment can implement isolation between processes, a plug-in the sandbox environment cannot directly communicate with a browser, and therefore, the plug-in server is introduced in the invention, and the communication between the browser and the plug-in the sandbox environment is implemented through the plug-in server.
A schematic diagram of a host performing a resource access method is shown in fig. 1. The host includes a front end (e.g., a web page of a browser) 110 and a plug-in server 120, the front end 110 integrates a web middleware provided by the plug-in server, the communication between the front end 110 and the plug-in server 120 is realized through the web middleware, and the front end 110 and the plug-in server 120 communicate based on a Websocket communication standard.
It should be noted that the plug-in server 120 is installed and run in the host in advance, where the plug-in server 120 is software for creating a plug-in running environment, that is, software for creating a sandbox environment. The plug-in server 120 may be integrated in an operating system running on the host.
It should be further noted that the language of the development plug-in server may be selected according to the actual application scenario, which is not limited in the present invention. For example, the plug-in service may be developed in the go language. Likewise, the language for developing the web middleware may be selected according to the actual application scenario, which is not limited by the present invention. For example, web middleware may be developed by WebAssembly.
At present, the mainstream browsers all support WebAssembly binary format wasm, so that web middleware can be integrated in each mainstream browser, that is, communication between the front end 110 and the plug-in server 120 can be realized. And the plug-in service is developed by a go language, so that the plug-in service end can be deployed as long as the running environment of the go is installed in the operating system. Namely, as long as the browser supports the WebAssembly binary format wasm, the communication between the plug-in server and the browser can be realized without depending on the kernel of the browser. The plug-in can run in any operating system as long as the running environment of the go is installed in the operating system. Thus, cross-operating system, cross-browser resource access is achieved.
The complete working process of resource access is as follows: the front end 110 sends a plug-in call request to the plug-in server 120, and the plug-in server 120 parses the plug-in call request, determines a target plug-in, and obtains the target plug-in 150 from a plug-in repository download or a local resource manager. The plug-in server 120 creates a sandbox environment 130 and launches a process 140 in the sandbox environment in which a target plug-in 150 is launched. Then, the plug-in server 120 creates a link between the plug-in server and the target plug-in 150, forwards the plug-in call request to the target plug-in 150 based on the link, and calls a corresponding interface of the target plug-in 150 in the target plug-in to execute the plug-in call request, so as to obtain an execution result, that is, obtain the resource in the computing device. And sends the resource to the plug-in server 120 through the link, and the plug-in server 120 forwards the execution result to the front end 110, so as to display the execution result in the web page of the browser.
In one implementation, the host may be a computing device, and FIG. 2 illustrates a block diagram of a computing device 200, according to one embodiment of the invention. It should be noted that the computing device 200 shown in fig. 2 is only an example, and in practice, the computing device for implementing the screenshot processing method of the present invention may be any type of device, and the hardware configuration thereof may be the same as that of the computing device 200 shown in fig. 2, or may be different from that of the computing device 200 shown in fig. 2. In practice, the computing device for implementing the screenshot processing method of the present invention may add or delete hardware components of the computing device 200 shown in fig. 2, and the present invention does not limit the specific hardware configuration of the computing device.
As shown in FIG. 2, in a basic configuration 202, a computing device 200 typically includes a system memory 206 and one or more processors 204. A memory bus 208 may be used for communication between the processor 204 and the system memory 206.
Depending on the desired configuration, the processor 204 may be any type of processing, including but not limited to: a microprocessor (μ P), a microcontroller (μ C), a digital information processor (DSP), or any combination thereof. The processor 204 may include one or more levels of cache, such as a level one cache 210 and a level two cache 212, a processor core 214, and registers 216. Example processor cores 214 may include Arithmetic Logic Units (ALUs), Floating Point Units (FPUs), digital signal processing cores (DSP cores), or any combination thereof. The example memory controller 218 may be used with the processor 204, or in some implementations the memory controller 218 may be an internal part of the processor 204.
Depending on the desired configuration, system memory 206 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 206 may include an operating system 220, one or more applications 222, and program data 224. In some implementations, the application 222 can be arranged to operate with program data 224 on an operating system. The application 222 is used to execute the instructions of the method 300.
Computing device 200 also includes storage device 232, storage device 232 including removable storage 236 and non-removable storage 238, each of removable storage 236 and non-removable storage 238 being connected to storage interface bus 234. In the present invention, the data related to each event occurring during the execution of the program and the time information indicating the occurrence of each event may be stored in the storage device 232, and the operating system 220 is adapted to manage the storage device 232. The storage device 232 may be a magnetic disk.
Computing device 200 may also include an interface bus 240 that facilitates communication from various interface devices (e.g., output devices 242, peripheral interfaces 244, and communication devices 246) to the basic configuration 202 via the bus/interface controller 230. The exemplary output device 242 includes an image processing unit 248 and an audio processing unit 250. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 252. Example peripheral interfaces 244 can include a serial interface controller 254 and a parallel interface controller 256, which can be configured to facilitate communications with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 258. An example communication device 246 may include a network controller 260, which may be arranged to facilitate communications with one or more other computing devices 262 over a network communication link via one or more communication ports 264.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
Computing device 200 may be implemented as a server, such as a file server, a database server, an application server, a WEB server, etc., or as part of a small-form factor portable (or mobile) electronic device, such as a cellular telephone, a Personal Digital Assistant (PDA), a personal media player device, a wireless WEB-browsing device, a personal headset device, an application-specific device, or a hybrid device that include any of the above functions. Computing device 200 may also be implemented as a personal computer including both desktop and notebook computer configurations.
FIG. 3 illustrates a flow diagram of a method 300 of resource access, the method 300 adapted to be performed in a computing device (e.g., the computing device 200 shown in FIG. 2) to acquire resources in the computing device, according to one embodiment of the invention. As shown in fig. 3, the method 300 includes steps S301 to S314. The method 300 will be described below in conjunction with fig. 1.
It should be noted that the computing device 200 stores a relationship table, and any data item of the relationship table corresponds to data of one executed plug-in. Further, in order to improve the efficiency of traversing the relationship table and thus improve the resource access efficiency, any data item of the relationship table corresponds to a key value pair of an already-operated plug-in, a key of the key value pair is a unique identifier consisting of an ID and a version number of a target plug-in, a key value of the key value pair is information of the target plug-in, and the information of the target plug-in can be set according to an actual application scenario, which is not limited in the present invention. For example, the information of the target plug-in includes: plug-in ID, version number, instance ID, creation time, etc.
Responding to the operation that the user triggers the front end to call the plug-in interface, generating a plug-in call request which is suitable for requesting to call the corresponding interface of the target plug-in, executing the step S301, and receiving the plug-in call request from the front end at the plug-in server. The plug-in call request includes the ID and version number of the target plug-in.
After the plug-in server receives the plug-in calling request, the plug-in calling request is analyzed, and therefore the target plug-in ID and the version number of the target plug-in are determined. For the target plug-in, there are two cases, one is that the target plug-in is already run in the computing device, and the other is that the target plug-in is not run in the computing device, so to improve the resource access efficiency, step S302 is executed, whether the target plug-in is already run is determined at the plug-in server, if yes, step S303 is executed, and if no, step S310 is executed.
In one embodiment, the step of determining whether the target plug-in is already running comprises: and forming a unique identifier by the ID of the target plug-in and the version number of the target plug-in, traversing the relation table, judging whether a key of a key value pair which is the same as the currently obtained unique identifier is found in the relation table, if so, indicating that the key value pair corresponding to the data of the target plug-in exists in the relation table, determining that the target plug-in is operated, and if not, indicating that the key value pair corresponding to the data of the target plug-in does not exist in the relation table, determining that the target plug-in is not operated.
If the plug-in server determines that the target plug-in is not running, in order to avoid repeatedly downloading the target plug-in, step S303 is executed, it is determined whether the target plug-in is downloaded at the plug-in server, that is, it is determined whether the target plug-in exists locally, if so, the target plug-in is directly obtained from the local resource manager, and step S304 is executed, it is verified whether the target plug-in is legal at the plug-in server, if not, step S305 is executed, the target plug-in is downloaded, and step S304 is continuously executed.
In one embodiment, the target plug-in may be downloaded from a plug-in repository, such as an application store, for example, and the invention is not limited in this respect.
After downloading or obtaining the target plug-in, in one embodiment, the step of verifying whether the target plug-in is legitimate includes: and verifying whether the target plug-in realizes all interfaces in a plug-in interface description document (defined by a plug-in developer), namely performing alignment verification on the target plug-in. If the target plug-in is legal, otherwise, the target plug-in is illegal. An example of the critical code for all interfaces of the target plug-in is as follows:
#ifndef IUBXX_H_
#define IUBXX_H_
#include "ubxruntime.h"
// the plug-in needs to implement the interface part
#ifdef __cplusplus
extern "C" {
#endif
/**
Create object and return pointer to plug-in process.
Parameter (c):
object pointer to returned object
0-success other-failure
* */
// UBXError CreateInstance(const int comId,void *&object, UBXVariant *result);
UBXError CreateInstance(UBXIdentifier &object);
/**
DestroyInstance destroys the object according to its pointer.
Parameter object pointer address of object
0-success other-failure
* */
UBXError DestroyInstance(UBXIdentifier object);
/**
Invoke an executive function
Parameter (c):
funcName FuncName I (II) method name plus function signature
Object-pointer Address
List of parameters
argCount: number of parameters
Result of execution.
* */
UBXError Invoke(const char* funcName, UBXIdentifier object, const UBXVariant *args, const int argCount, UBXVariant *result);
/**
GetVersion Return plug-in version ID
Parameter (c):
and returning an execution result.
*/
UBXError GetVersion(UBXVariant *result);
/**
Returning plug-in ID
Parameter (c):
and returning an execution result.
*/
UBXError GetPluginId(UBXVariant *result);
/**
Returning plug-in name
Parameter (c):
and returning an execution result.
*/
UBXError GetPluginName(UBXVariant *result);
/**
Returning plug-in description
Parameter (c):
and returning an execution result.
*/
UBXError GetPluginDescribe(UBXVariant *result);
}
#ifdef __cplusplus
#endif
#endif
If the target plug-in is legal, executing step S306, creating a sandbox environment, mapping the local directory of the target plug-in to the sandbox environment, otherwise, executing step S307, sending an error result to the front end, and ending the operation.
In one embodiment, a detailed exemplary description of creating a sandboxed environment is given by way of example with the Linux operating system. However, it should be understood that the present invention is not limited to use with the Linux operating system, but may be compatible with other systems such as the Windows operating system. The sandbox environment can be created through Namespace of Linux Kernel, namely, the isolation of the plug-in and the local can be realized through creating the sandbox environment, and the safety of local resources is improved. Because the sandbox environments are mutually isolated, the plug-ins operating in the sandbox environments are also mutually isolated, so that the isolation among the plug-ins is realized, and the mutual influence among the plug-ins is avoided.
After the sandboxed environment is plugged in, S308 is executed to start the target plug-in the sandboxed environment. Specifically, the method comprises the following steps: creating a plug-in process in the sandbox environment, starting the plug-in process, loading the target plug-in to the plug-in process, and mapping all interfaces of the target plug-in to the plug-in process so as to realize the starting of the target plug-in the sandbox environment.
After the target plug-in is started in the sandbox environment, step S309 is executed to create a link between the plug-in server and the target plug-in, so that communication between the plug-in server and the target plug-in can be realized.
In one embodiment, a link between the plug-in server and the target plug-in is created by way of gRPC communication. The gPC interprocess communication is realized based on a protobuf binary protocol, and a binary framing layer is utilized to perform grouping and sub-packaging on a request head and a request body, so that a plurality of request data can be transmitted and received in the same link, and the data transmission efficiency of a plug-in server and a target plug-in is improved.
Establishing a link between a plug-in server and a target plug-in through a gPC communication mode, and specifically comprising the following steps: and sending the registration information of the target plug-in to a plug-in server in the plug-in process, wherein the registration information comprises the port number of the target process, the ID and the version number of the target plug-in. And creating a link between the plug-in server and the plug-in process based on the registration information to realize the creation of the link between the plug-in server and the target plug-in, so that the communication between the plug-in server and the target plug-in is realized through the link.
If the target plug-in is determined to be operated at the plug-in server side, or after the link between the plug-in server side and the target plug-in is created, step S310 is executed, and the plug-in server side forwards the plug-in call request to the corresponding interface of the target plug-in.
Namely, if the target plug-in is operated, the plug-in instance is created directly through the process of the operated target plug-in to acquire resources in the computing equipment, so that the time for creating the sandbox environment is reduced, and the efficiency of accessing local resources by the browser is improved.
Continuing to execute step S311, the target plug-in accesses the directory of the sandbox environment by calling the corresponding interface thereof to obtain an execution result, where the execution result is the resource in the computing device.
After the target plug-in acquires the resource in the computing device, step S312 is executed, and the target plug-in sends the resource acquired as the execution result of the corresponding interface of the target plug-in to the plug-in server through the link.
Receiving the resource in the computing device at the plugin server, executing step S313, forwarding the received resource of the computing device to the front end at the plugin server, and finally executing step S314, parsing the resource of the computing device at the front end, and displaying the resource on a display interface.
At this point, the access of the browser to the local resource is completed. It is noted that, in order to complete the access of the browser to the local resource, in the case where the target plug-in is not run locally, steps S301 to S314 are performed. On the other hand, when the target plug-in is locally executed, steps S301 to S302 and steps S310 to S314 are performed to improve the resource access efficiency.
According to the resource access method, when the target plug-in is not operated locally, an independent sandbox environment is created for each plug-in, so that the plug-ins are operated in the independent sandbox environment. And because the sandbox environments are mutually isolated, the plug-ins operating in the sandbox environments are also mutually isolated, so that the isolation among the plug-ins is realized, and the mutual influence among the plug-ins is avoided.
Secondly, as long as the browser supports the WebAssembly binary format wasm, the communication between the plug-in server and the browser can be realized without depending on the kernel of the browser, and as long as the running environment of go is installed in the operating system, the plug-in can run in any operating system. Thus, cross-operating system, cross-browser resource access is achieved.
In addition, when the target plug-in is locally operated, the plug-in instance is directly created through the process of the operated target plug-in to acquire resources in the computing equipment, so that the time for creating the sandbox environment is reduced, and the efficiency of the browser for accessing the local resources is improved.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to perform the resource access method of the present invention according to instructions in said program code stored in the memory.
By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
It should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense, and the scope of the present invention is defined by the appended claims.

Claims (10)

1. A resource access method adapted to be executed in a computing device to obtain a resource in the computing device, the computing device comprising a front-end adapted to issue a plug-in invocation request and a plug-in server to parse the plug-in invocation request, the method comprising the steps of:
receiving a plug-in calling request from the front end at the plug-in server, wherein the plug-in calling request is suitable for requesting to call a corresponding interface of a target plug-in;
creating a sandbox environment, and starting the target plug-in the sandbox environment;
creating a link between the plug-in server and the target plug-in so as to forward the plug-in calling request to a corresponding interface of the target plug-in for execution, so as to acquire the resource in the computing device; and
and receiving the resources obtained as the execution result of the corresponding interface of the target plug-in at the plug-in server, and forwarding the resources to the front end.
2. The method of claim 1, further comprising the steps of:
before creating a sandbox environment, judging whether the target plug-in is operated at the plug-in server side;
if the target plug-in is operated, forwarding the plug-in calling request to a corresponding interface of the target plug-in so as to acquire the resource in the computing device through the corresponding interface of the target plug-in.
3. The method of claim 2, further comprising the steps of:
if the target plug-in is not operated, judging whether the target plug-in exists in the computing equipment or not;
if the target plug-in does not exist in the computing equipment, downloading the target plug-in and checking whether the target plug-in is legal or not;
if the target plug-in already exists in the computing device, checking whether the target plug-in is legal.
4. The method of claim 2 or 3, wherein the computing device stores a relationship table, any data item of the relationship table corresponds to data of one executed plug-in, and the step of determining whether the target plug-in is executed comprises:
and traversing the relation table, if a data item corresponding to the data of the target plug-in exists in the relation table, determining that the target plug-in is operated, and if the data item does not exist, determining that the target plug-in is not operated.
5. The method of claim 4, wherein the step of launching the target plug-in the sandbox environment comprises:
creating a plug-in process in the sandbox environment;
starting the plug-in process;
loading the target plug-in to the plug-in process;
mapping all interfaces of the target plug-in to the plug-in process so as to start the target plug-in a sandbox environment; and
and storing the data of the target plug-in which is started into the relation table as a data item.
6. The method of any of claims 1 to 3, further comprising the step of:
and mapping the local directory of the target plug-in to the sandbox environment to be used as the directory of the sandbox environment so as to limit the resource access right of the target plug-in.
7. The method of claim 6, wherein creating a link between the plug-in server and the target plug-in to forward the plug-in invocation request to a corresponding interface of the target plug-in for execution to obtain the resource in the computing device comprises:
establishing a link between the plug-in service end and the target plug-in through a gRPC communication mode so as to enable the plug-in service end to communicate with the target plug-in;
forwarding the plug-in calling request to the target plug-in through the link at the plug-in server;
accessing a directory of a sandbox environment by calling a corresponding interface of the target plug-in terminal to obtain an execution result so as to obtain resources in the computing equipment;
and sending the resources acquired as the execution result of the corresponding interface of the target plug-in to the plug-in server side through the link at the target plug-in.
8. The method of claim 4, wherein any data item of the relationship table corresponds to a key-value pair, the key of the key-value pair is a unique identifier consisting of an identifier and a version number of the target plug-in, and the key of the key-value pair is information of the target plug-in.
9. A computing device, comprising:
at least one processor; and
a memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the program instructions comprising instructions for performing the method of any of claims 1-8.
10. A readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to perform the method of any of claims 1-8.
CN202210123502.8A 2022-02-10 2022-02-10 Resource access method, computing device and readable storage medium Pending CN114168937A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210123502.8A CN114168937A (en) 2022-02-10 2022-02-10 Resource access method, computing device and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210123502.8A CN114168937A (en) 2022-02-10 2022-02-10 Resource access method, computing device and readable storage medium

Publications (1)

Publication Number Publication Date
CN114168937A true CN114168937A (en) 2022-03-11

Family

ID=80489593

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210123502.8A Pending CN114168937A (en) 2022-02-10 2022-02-10 Resource access method, computing device and readable storage medium

Country Status (1)

Country Link
CN (1) CN114168937A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117076159A (en) * 2023-10-10 2023-11-17 统信软件技术有限公司 Plug-in calling method and device, electronic equipment and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101571811A (en) * 2009-05-22 2009-11-04 中兴通讯股份有限公司 Information transmission method and device thereof
CN104049986A (en) * 2013-03-14 2014-09-17 腾讯科技(深圳)有限公司 Plugin loading method and device
US20150089512A1 (en) * 2011-12-28 2015-03-26 Beijing Qihoo Technology Company Limited Method and Device for Browsing Webpage
CN113986515A (en) * 2021-12-24 2022-01-28 统信软件技术有限公司 Method and device for creating sandbox environment for plug-in operation and computing equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101571811A (en) * 2009-05-22 2009-11-04 中兴通讯股份有限公司 Information transmission method and device thereof
US20150089512A1 (en) * 2011-12-28 2015-03-26 Beijing Qihoo Technology Company Limited Method and Device for Browsing Webpage
CN104049986A (en) * 2013-03-14 2014-09-17 腾讯科技(深圳)有限公司 Plugin loading method and device
CN113986515A (en) * 2021-12-24 2022-01-28 统信软件技术有限公司 Method and device for creating sandbox environment for plug-in operation and computing equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117076159A (en) * 2023-10-10 2023-11-17 统信软件技术有限公司 Plug-in calling method and device, electronic equipment and computer readable storage medium
CN117076159B (en) * 2023-10-10 2024-01-05 统信软件技术有限公司 Plug-in calling method and device, electronic equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
US10904361B2 (en) Method, apparatus, and system for implementing JAVA application installation by means of cloud compilation
CN107291458B (en) Plug-in construction method and system for Web application and server
US9244702B1 (en) Installer-free applications using native code modules and persistent local storage
CN113434205B (en) Operating system starting method and computing device
CN111563024B (en) Method and device for monitoring container process on host machine and computing equipment
JP2007528064A (en) Running unverified programs in a wireless device operating environment
CN113448756B (en) Inter-process communication system and method and computing device
CN114691240A (en) Drive hardware configuration information loading method, device and system and computing equipment
CN106598662B (en) Android-based application loading method and device
CN111079125A (en) Method and device for calling third-party library dynamic lifting authority by application program
CN113885936A (en) Solution method for software package dependence in customized mirror image
KR20060063642A (en) Enabling inter-subsystem resource sharing
CN110532016B (en) Version management method, version updating method and version management system
CN114168937A (en) Resource access method, computing device and readable storage medium
US20220012050A1 (en) Mini program batch processing method and apparatus, electronic device, and readable storage medium
CN113204385A (en) Plug-in loading method and device, computing equipment and readable storage medium
CN111447178B (en) Access control method, system and computing device
CN106502707B (en) Code generation method and device
CN112416348A (en) Page generation method and system and computing equipment
CN113535275A (en) Hybrid application construction method and device and computing equipment
CN114448929A (en) Data link switching method, device and system and computing equipment
CN114186958A (en) Method, computing device and storage medium for exporting list data as spreadsheet
CN113377563A (en) Webpage monitoring method and computing device
CN116382796B (en) Plug-in management method and device of H5 applet runner and electronic equipment
CN113568879B (en) File attribute adding method, computing device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination