CN114328097A - File monitoring method and device, electronic equipment and storage medium - Google Patents

File monitoring method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114328097A
CN114328097A CN202111586394.XA CN202111586394A CN114328097A CN 114328097 A CN114328097 A CN 114328097A CN 202111586394 A CN202111586394 A CN 202111586394A CN 114328097 A CN114328097 A CN 114328097A
Authority
CN
China
Prior art keywords
file
monitoring
target
identifier
event
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111586394.XA
Other languages
Chinese (zh)
Inventor
李志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zitiao Network Technology Co Ltd
Original Assignee
Beijing Zitiao Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zitiao Network Technology Co Ltd filed Critical Beijing Zitiao Network Technology Co Ltd
Priority to CN202111586394.XA priority Critical patent/CN114328097A/en
Publication of CN114328097A publication Critical patent/CN114328097A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Stored Programmes (AREA)

Abstract

The embodiment of the disclosure discloses a file monitoring method, a file monitoring device, electronic equipment and a storage medium, wherein the method comprises the following steps: determining monitored files and/or folders and monitoring events; starting a preset monitoring program; when the monitoring event occurs in the monitored file and/or folder, acquiring the identifier of the monitored file and/or folder, the monitoring event and the identifier of a target application program through the preset monitoring program, wherein the occurrence of the monitoring event is associated with the target application program. The purpose of determining the identity of the target application associated with the occurrence of the monitoring event is achieved to provide a clue for solving the problem.

Description

File monitoring method and device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of information technologies, and in particular, to a file monitoring method and apparatus, an electronic device, and a storage medium.
Background
In daily work, changes of certain files are required to be known frequently, for example, the following problems are often encountered in the actual development process of an Android mobile phone: sometimes some files are suddenly lost. If the lost file is a file (such as a shot photo) which can be perceived by the user, poor experience is brought to the user, and if the lost file is a key file which affects system starting, faults that the mobile phone cannot be started and the like are caused. Either case is a serious problem. Therefore, it is necessary to monitor the files in the mobile phone, discover changes of the files in time, and take appropriate measures to process the changes, so as to ensure user experience and normal operation of the mobile phone.
Inotify is a fine-grained, powerful and asynchronous file change notification mechanism, and various file operation events such as addition, deletion, modification, movement and the like in a file system can be monitored through Inotify.
However, it is not known which application triggered the file operation event through Inotify, and effective information cannot be provided.
Disclosure of Invention
In order to solve the technical problem or at least partially solve the technical problem, embodiments of the present disclosure provide a file monitoring method, apparatus, electronic device, and storage medium, which achieve the purpose of determining an identity of a target application associated with an occurrence of a monitoring event to provide a clue for solving the problem.
In a first aspect, an embodiment of the present disclosure provides a file monitoring method, where the method includes:
determining monitored files and/or folders and monitoring events;
starting a preset monitoring program;
when the monitoring event occurs in the monitored file and/or folder, acquiring the identifier of the monitored file and/or folder, the monitoring event and the identifier of a target application program through the preset monitoring program, wherein the occurrence of the monitoring event is associated with the target application program.
In a second aspect, an embodiment of the present disclosure further provides a file monitoring apparatus, where the apparatus includes:
the determining module is used for determining monitored files and/or folders and monitoring events;
the starting module is used for starting a preset monitoring program;
and the monitoring module is used for acquiring the identifier of the monitored file and/or the monitored folder, the monitoring event and the identifier of a target application program through the preset monitoring program when the monitoring event occurs to the monitored file and/or the monitored folder, wherein the occurrence of the monitoring event is associated with the target application program.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, where the electronic device includes:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the file monitoring method as described above.
In a fourth aspect, the disclosed embodiments also provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the file monitoring method as described above.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has at least the following advantages:
the file monitoring method provided by the embodiment of the disclosure determines the monitored files and/or folders and monitoring events; starting a preset monitoring program; when the monitoring event occurs in the monitored file and/or folder, acquiring the identifier of the monitored file and/or folder, the monitoring event and the identifier of the target application program through the preset monitoring program, wherein the identifier of the target application program associated with the occurrence of the monitoring event is determined by the technical means associated with the target application program, so as to provide clues for solving problems.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
FIG. 1 is a flow chart of a method of document monitoring in an embodiment of the present disclosure;
FIG. 2 is an overall architecture diagram of one document monitoring scheme in an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a workflow of a document event monitoring service in an embodiment of the present disclosure;
FIG. 4 is a schematic flow chart illustrating a file monitoring method according to an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a document monitoring scheme according to an embodiment of the present disclosure;
FIG. 6 is a schematic structural diagram of a document monitoring apparatus according to an embodiment of the disclosure;
fig. 7 is a schematic structural diagram of an electronic device in an embodiment of the disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
In daily work, it is often necessary to know the changes of some files, and the changes of the files are generally checked through a polling mechanism, but the mode is low in efficiency. Inotify is a fine-grained, powerful and asynchronous file system event monitoring mechanism, and the Linux kernel adds Inotify support from 2.6.13. Inotify is actually an event-driven mechanism that provides a mechanism for an application to monitor file system events in real time in response to the events without having to acquire the events through a polling mechanism such as cron. The mechanisms such as cron cannot achieve real-time performance, and consume a large amount of system resources. In contrast, inotify is based on event driving, can achieve real-time response to event processing, does not have system resource consumption caused by polling, is a relatively natural event notification interface, and also conforms to a natural world event mechanism. Various file operation events such as addition, deletion, modification, movement and the like in the file system can be monitored through Inotify, and by utilizing the kernel interface, the third-party software can monitor various change conditions of files in the file system.
In an Android system, the failure of file loss is generally caused by some abnormal deletion behaviors of an application program, the occurrence probability is low, and it is difficult to determine which software is caused by the abnormal behaviors, so that the reason is difficult to further search. Because files are deleted abnormally once, less information is left in the system, such as when they were deleted, or by which application. Therefore, for the case that a file is abnormally deleted, the current practice is to monitor file deletion events of some key files and/or folders by using an inotify mechanism of Linux, and if it is monitored that a file deletion event occurs, the time and the file name of the deletion event can be acquired. But there is still no way to determine which application has deleted and therefore no key clue is available.
In order to solve the above problem, the present disclosure provides a method, based on the Linux Inotify mechanism, to obtain a package name of an application program that triggers a file operation event, so that it can be determined by which application program the file operation event is triggered, thereby obtaining a key clue for further analysis. Taking the file operation event as an example of deleting a file, the method of the present disclosure can determine which application program the file is deleted by.
The specific design idea is that the implementation of the Linux Inotify mechanism is modified, and in a Linux kernel, the standard Inotify implementation is that when a file operation event occurs, the event name and the file name which occur are transmitted to a user space. The present disclosure adds the identification of the application that generated the event to the original file name information (the application that caused the file operation event is referred to as the target application in the present disclosure). Based on the improved Inotify mechanism, the present disclosure further starts a service program in the user space to set a file and/or a folder to be monitored, sets a file operation event to be monitored (the file operation event to be monitored is referred to as a monitoring event), and then starts the Inotify mechanism, so that when the monitoring event occurs, a target application program causing the monitoring event can be obtained.
Fig. 1 is a flowchart of a file monitoring method in an embodiment of the present disclosure. The method is suitable for file monitoring of the target file system and discovering of monitoring events occurring in the target file system. The document monitoring method may be executed by a document monitoring apparatus, which may be implemented in software and/or hardware, and may be configured in an electronic device, such as a terminal. The terminal specifically includes, but is not limited to, a smart phone, a palm computer, a tablet computer, a portable wearable device, a smart home device (e.g., a desk lamp), and the like.
As shown in fig. 1, the method may specifically include the following steps:
step 110, determining monitored files and/or folders and monitoring events.
The monitored files and/or folders can be set according to actual requirements. Monitored files and/or folders are generally key files and/or folders which influence the normal starting and running of the electronic equipment when the files and/or folders are changed; or files and/or folders that would be directly perceived by the user, such as files storing photos of the user, may be determined as monitored files.
The monitoring event may be a file operation event such as deleting a file, adding a file, modifying a file, and/or moving a file.
And step 120, starting a preset monitoring program.
In some embodiments, the target file system is a SDCARDFS file system. The SDCARDFS file system is a stacked file system, also referred to as a wrapper file system, that passes various command parameters sent by system calls into the underlying file system. The SDCARDFS file system has the main function of managing an Android-provided "/sdcard" directory, which is used by Android as "external" storage, and is software-level isolation with respect to the internal storage of the "/data" partition, and both internal and external storage may actually be stored under the same userdata partition. The external storage is operated most frequently at ordinary times, the external storage is generally a storage folder and possibly an mnt folder, different manufacturers may be different, and the external storage is generally called "/sdcard".
The SDCARDFS file system is an Overlay file system adopted by external storage in Android, a FUSE file system is adopted before the Android 8.0, the SDCARDFS file system is adopted from the Android 8.0 to the Android 10.0, and the FUSE file system is introduced again from the Android 11.
In the SDCARDFS file system, the starting of the preset monitoring program includes:
initializing an improved file monitor handle; sending an enable instruction to the file monitor handle to validate the improved file monitor handle; adding an identification of the monitored files and/or folders and a monitoring event to the improved file monitor handle.
Said sending an enable instruction to said file monitor handle to validate said improved file monitor handle, comprising: setting a preset flag variable in a structure body example corresponding to the file monitoring handle to be 1 according to the enabling instruction; the default value of the preset flag variable is 0.
Specifically, the Inotify mechanism has a corresponding fsnotify _ group structure instance for each file monitor handle initialized by the user space in the kernel. In order to be compatible with the Inotify mechanism of the standard, a preset flag variable user _ flag is added in the structure example, and the default value of the preset flag variable user _ flag is set to be 0. Then define an IOCTL, INOTIFY _ IOC _ SET _ USERFAG, and after the IOCTL is sent to the file monitoring handle by the user space, the preset flag variable user _ flag will be SET to 1. I.e., an enable instruction is sent to the file monitor handle via the IOCTL.
Step 130, when the monitoring event occurs in the monitored file and/or folder, acquiring the identifier of the monitored file and/or folder, the monitoring event, and the identifier of the target application program through the preset monitoring program, wherein the occurrence of the monitoring event is associated with the target application program.
In some embodiments, in the sdccardfs file system, when the monitoring event occurs in the monitored file and/or folder, acquiring, by the preset monitoring program, an identifier of the monitored file and/or folder, the monitoring event, and an identifier of a target application program includes: when the monitored file and/or the monitored folder has the monitoring event, if the value of the preset flag variable is 1, acquiring a target user identifier of the current context through a current user function, and acquiring a target process identifier of the current context through a current process function; assigning the target user identification, the target process identification and the identification of the monitored file and/or the folder to an event variable of an event processing function; and determining the identification of the monitored file and/or folder, the identification of the target user and the identification of the target process based on the event variable of the event processing function, wherein the identification of the target application program comprises the identification of the target user and the identification of the target process.
Specifically, in an event processing function Inotify _ handle _ event of Inotify, when an event variable event- > name is assigned, a value of a user _ flag is judged, and if the value of the user _ flag is 0, an identifier filename of a monitored file and/or folder is assigned to the event variable event- > name; if the value of user _ flag is 1, obtaining a target User Identifier (UID) and a target Process Identifier (PID) of a current context by calling a current user function current _ user () and a current process function current- > PID, then attaching the target User Identifier (UID) and the target Process Identifier (PID) to the back of an identifier filename of a monitored file and/or folder, then assigning the identifier filename-target User Identifier (UID) -target Process Identifier (PID) of the monitored file and/or folder to an event variable event- > name, and reading the event variable event- > name in a user space, thereby achieving the purpose of obtaining the identifier of the monitored file and/or folder, the monitoring event and the identifier of a target application program. Wherein the identification of the target application program is determined based on the target user identification UID or based on the target user identification UID and the target process identification PID.
In an alternative embodiment, the identification of the target application may be the package name of the target application. Illustratively, after acquiring the identifier of the monitored file and/or folder, the monitoring event, the identifier of the target user, and the identifier of the target process, the method further includes: determining a package name of the target application program based on the target user identification; or determining the package name of the target application program based on the target user identification and the target process identification.
The package name is a software package name (code namespace) of the application program and is specified when the application program is developed. For example, a package of the commonly written code import refers to a package name, specifically, "com.
The user identification UID in Android is used to identify an application, which is assigned when the application is installed and does not change during the presence of the application on an electronic device (e.g., a cell phone). Only one user id UID can be provided for one application program, and multiple application programs can share the same user id UID by using shared userid, provided that the signatures of the application programs are the same. For the case where one application has only one user id UID, a unique application can be determined based on the user id UID. For the case that a plurality of application programs share the same user identifier UID, a unique application program needs to be further determined by means of the process identifier PID.
In some embodiment, the determining the package name of the target application based on the target user identifier or the target process identifier includes: determining the package name of the candidate application program corresponding to the target user identifier according to the mapping relation between the preset user identifier and the package name of the preset application program; if the number of the package names of the candidate application programs is multiple, determining the package name of the target application program corresponding to the target process identifier according to a mapping relation between a preset process identifier and the package name of the candidate application program; and if the package name of the candidate application program is one, determining the package name of the candidate application program as the package name of the target application program.
Further, if an application installation event or an application uninstallation event is monitored, the mapping relationship is updated.
After determining the package name of the target application, the method further comprises: acquiring the current system time as a timestamp of the monitoring event; and writing the timestamp, the identification of the monitored file and/or the folder, the monitoring event and the packet name of the target application program into a log file. Therefore, an engineer can determine which application program carries out what file operation event on which file at what time through the log file, and related file problems are solved.
The file monitoring method provided by the embodiment of the disclosure determines the monitored files and/or folders and monitoring events; starting a preset monitoring program; when the monitoring event occurs in the monitored file and/or folder, the identifier of the monitored file and/or folder, the monitoring event and the identifier of the target application program are obtained through the preset monitoring program, wherein the occurrence of the monitoring event and the technical means associated with the target application program achieve the purpose of positioning the target application program causing the monitoring event, and further information clues can be provided for solving the monitoring event.
In summary, referring to the overall architecture diagram of a file monitoring scheme as shown in fig. 2, the file monitoring scheme includes an improved Inotify mechanism 210, a file event monitoring service 220, and an application package name mapping management module 230.
The improved Inotify mechanism 210 is to add information for transmitting the user identifier UID and the process identifier PID to the user space on the basis of the original Inotify mechanism of Linux, to keep the support of the original Linux mechanism, the improved Inotify mechanism is not enabled by default, an IOCTL is newly introduced to enable the improved Inotify mechanism, and after the improved Inotify mechanism is enabled, the information of the user identifier UID and the process identifier PID is attached to the back of the file name. The improved Inotify mechanism is compatible with the original mode in use, and only when the Inotify is initialized, the IOCTL is sent so that the improved Inotify mechanism is enabled.
The file event monitoring service 220 is configured to configure a file and/or a folder to be monitored, initialize the improved Inotify, send an IOCTL, circularly receive file event information transmitted from the kernel, restore file name information attached with a user identifier UID and a process identifier PID, send the user identifier UID and the process identifier PID information to the application package name mapping management module 230 to obtain a package name of a target application program, and store information such as time, an event name, a file name, a package name and the like corresponding to a file event in a log file.
The application package name mapping management module 230 is configured to maintain mapping relationships between user names uid and package names of all applications installed in a current system (e.g., a mobile phone), and when an application is installed and uninstalled, the mapping relationships may be refreshed again.
Specifically, the function of the application package name mapping management module 230 is to provide an interface to other modules or services, and return the package name of the target application according to the input user identifier UID and process identifier PID. Package names of all application programs and corresponding User Identifications (UIDs) are stored in/data/system/packages.list files in an Android system, and when the application programs are installed and uninstalled, the system can update the files/data/system/packages.list. Therefore, the method adopted in the disclosed embodiment is to start a thread to monitor/data/system/packages.list changes, if the change occurs, the content of the file is read to refresh the mapping relation between the user identifier UID and the package name, an interface is provided for other modules or services, and the package name of the target application program is obtained through the user identifier UID.
It should be noted that, in the Android system, there is a case where multiple application programs share the same user identifier UID, and in this case, it is not possible to determine which application program is specific only according to the user identifier UID, and at this time, it is necessary to obtain a packet name of the specific application program by reading a value of a real-time state node/proc/XXXX/cmdline of the system in combination with information of a process identifier PID. For example: reading the real-time state node/proc/10008/cmdlene can obtain the process identifier PID as 10008, and the corresponding packet name is com.
The workflow of the application package name mapping management module 230 is as follows:
and analyzing the application package list packages, establishing a mapping relation between the user identifier UID and the package name, marking the user identifier UID list shared by the multiple applications, and re-executing the analysis process if the applications are installed or uninstalled. When other modules or services send requests for obtaining the package names of the application programs, if the current user identification UID corresponds to a unique package name, the package names are directly returned, if the current user identification UID is shared by multiple application programs, the corresponding/proc/XXX/cmdline nodes are read according to the current process identification PID to obtain the package names of the application programs, and then the package names are returned.
The file monitoring process is described by taking an example that a certain application program deletes one file:
the file event monitoring service is normally started, the monitoring directory is all files under testdir, the monitoring event is a 'deletion event', and the application program package name mapping management module normally works. Assuming that the package name of an application is "com. example. myapp", the corresponding user identification UID is 10228, the application deletes a file "/data/testdir/testfile. txt". A user identifier UID and a process identifier PID are attached to a file name 'testfile.txt' and then are transmitted to a user space through an improved Inotify mechanism, and if the process identifier PID is 1089, the file name attached with the user identifier UID and the process identifier PID is testfile.txt _ PID:1089_ UID: 10228. The file event monitoring service transmits the pid:1089 and the uid:10228 to the application package name mapping management module, and the application package name mapping management module determines that the package name of the target application program corresponding to the pid:1089 and the uid:10228 is "com. After receiving the package name com.example.myapp, the file event monitoring service writes information such as time, an event name, a file name, and a package name into a log file, for example, the information written into the log file is:
20211008_19:19:07_DELETE_/data/testdir/testfile.txt_pid:1089_com.example.myapp。
further, referring to the workflow diagram of the file event monitoring service shown in fig. 3, the method specifically includes the following steps:
step 310, starting up the automatic start service, and obtaining the configured monitored files and/or the folder list, the monitoring event list and other configuration information.
Step 320, initializing a file monitoring handle of Inotify, and creating a log file.
Step 330, sending IOCTL, setting the enable improved Inopportunity mechanism through INOTIFY _ IOC _ SET _ USERFAG.
And 340, adding the monitored files and/or folders and the monitoring events into a file monitoring handle of Inotify, and starting monitoring.
And 350, circularly waiting for the occurrence of the monitoring event, and executing the step 360 if any monitoring event occurs.
And step 360, reading the file name, the current user identifier UID, the current process identifier PID and the monitoring event information transmitted by the kernel.
Step 370, sending the current user identifier UID and the current process identifier PID to the application package name mapping management module, so that the application package name mapping management module determines the package name of the target application program according to the current user identifier UID and the current process identifier PID.
And 380, receiving the package name of the target application program returned by the application program package name mapping management module.
Step 390, writing the information of the file name, the timestamp, the package name of the target application program, the monitoring event and the like into the log file.
On the basis of the embodiments, for the file monitoring of the internal storage area in the Android system, the file monitoring method can better record the package name of the target application program which generates the monitoring event application.
However, in the Android system, there are two file systems for the external storage area, one is sdcdfs, and the other is FUSEs. The file monitoring method described above may also be better able to determine the packet name of the target application that generated the monitoring event if the external storage area is the sdccardfs file system. However, in the case of the FUSE file system, since the FUSE file system has a process in the user space to proxy all file operations, all file operations are initiated by the proxy process from the viewpoint of the kernel, and thus the application program which actually generates the file operations cannot be obtained.
For the above situation of the FUSE file system, because in the file proxy process of the user space of the FUSE file system, the user identifier UID and the process identifier PID of the application program that actually initiates the file operation can be obtained through the generated file operation request, and each file operation in the FUSE file system has a corresponding callback function. The processing method of the embodiment of the disclosure is that a function call can be added in a file operation function corresponding to an operation, and a user identifier UID, a process identifier PID and a file operation event are sent to a file event monitoring service, for example, in a callback function of file deletion, a file deletion event, a user identifier UID and a process identifier PID are sent. And sending a file creation event, a user identifier UID and a process identifier PID in a callback function of file creation. This is equivalent to the information from the improved Inotify mechanism described above. Thus, in conjunction with the foregoing methods, all cases of internal storage and external storage may be covered.
Specifically, referring to a flowchart of a file monitoring method shown in fig. 4, the file monitoring method is suitable for monitoring files in a FUSE file system.
As shown in fig. 4, the file monitoring method includes the following steps:
step 410, determine monitored files and/or folders and monitor events.
Step 420, starting a preset callback function, where the preset callback function is set in the file operation function matched with the monitoring event, and is used to return the identifier of the monitored file and/or folder, the monitoring event, the identifier of the target user, and the identifier of the target process when the file operation function executes the monitoring event.
Wherein the identification of the target application program comprises the identification of the target user and the identification of the target process. For example, a preset callback function is set in the file deletion function, and the preset callback function is used for returning the identifier of the deleted file and/or folder, the deletion event, the target user identifier and the target process identifier of the application program triggering the file deletion operation when the file deletion function executes the file deletion operation. And setting a preset callback function in the file creating function, wherein the preset callback function is used for returning the identification of the created file and/or folder, a creating event, the target user identification and the target process identification of the application program triggering the file creating operation when the file creating function executes the file creating operation.
Step 430, when the monitoring event occurs in the monitored file and/or folder, acquiring the identifier of the monitored file and/or folder, the monitoring event, and the identifier of the target application program through the preset monitoring program, wherein the occurrence of the monitoring event is associated with the target application program.
Step 440, determining the package name of the target application program based on the target user identification; or determining the package name of the target application program based on the target user identification and the target process identification.
Step 450, acquiring the current system time as the timestamp of the monitoring event; and writing the timestamp, the identification of the monitored file and/or the folder, the monitoring event and the packet name of the target application program into a log file.
Illustratively, referring to the schematic architecture diagram of a file monitoring scheme as shown in fig. 5, an application 510 performs a file operation through a daemon 520 in a FUSE file system, sets a callback function in each file operation function in the daemon, sends a file name, an event name, a user identifier UID, and a process identifier PID to a file event monitoring service 530 when a specific file operation event is executed, and the file event monitoring service 530 sends the user identifier UID and the process identifier PID to a package name mapping management module 540 of the application, obtains a package name fed back by the package name mapping management module 540 of the application, and further writes the current time, the file name, the event name, and the package name into a file log 550.
The file monitoring method of the embodiment is suitable for monitoring files in the FUSE file system.
In summary, the embodiments of the present disclosure provide a file monitoring method applicable to various file systems, which can effectively record information such as creation, deletion, and movement of a file, and a package name of a target application program causing a file operation event, and provide effective information for determining a reason of a file abnormality. The file monitoring method is low in cost, can be started when a user normally uses the electronic equipment, and can accurately determine the target application program triggering the file operation event according to the log file when the file operation event occurs so as to quickly solve the problem of file abnormity.
Fig. 6 is a schematic structural diagram of a document monitoring apparatus in an embodiment of the disclosure. As shown in fig. 6, the file monitoring apparatus specifically includes: a determination module 610, an initiation module 620, and a monitoring module 630.
The determining module 610 is configured to determine monitored files and/or folders and monitoring events; a starting module 620, configured to start a preset monitoring program; a monitoring module 630, configured to, when the monitoring event occurs in the monitored file and/or folder, obtain, by using the preset monitoring program, an identifier of the monitored file and/or folder, the monitoring event, and an identifier of a target application program, where the occurrence of the monitoring event is associated with the target application program.
Optionally, the target file system includes a sdccardfs file system; the start module 620 includes: the initialization unit is used for initializing the improved file monitoring handle; a sending unit, configured to send an enable instruction to the file monitor handle to enable the improved file monitor handle to take effect; an adding unit, configured to add the identifier of the monitored file and/or folder and the monitoring event to the improved file monitoring handle.
Optionally, the sending unit includes: the setting subunit is configured to set, according to the enabling instruction, a preset flag variable in the structure instance corresponding to the file monitoring handle to 1; the default value of the preset flag variable is 0.
Optionally, the monitoring module 630 includes: an obtaining unit, configured to, when the monitored file and/or the folder has/has the monitoring event, if the value of the preset flag variable is 1, obtain a target user identifier of a current context through a current user function, and obtain a target process identifier of the current context through a current process function; the assignment unit is used for assigning the target user identifier, the target process identifier and the identifier of the monitored file and/or the folder to an event variable of an event processing function; a determining unit, configured to determine, based on the event variable of the event processing function, an identifier of the monitored file and/or folder, the target user identifier, and the target process identifier, where the identifier of the target application includes the target user identifier and the target process identifier.
Optionally, the target file system includes a FUSE file system; the starting module 620 is specifically configured to: starting a preset callback function, wherein the preset callback function is arranged in a file operation function matched with the monitoring event and is used for returning the identifier of the monitored file and/or the monitored folder, the monitoring event, the target user identifier and the target process identifier when the file operation function executes the monitoring event; wherein the identification of the target application program comprises the identification of the target user and the identification of the target process.
Optionally, the apparatus further comprises: the determining module is used for determining the package name of the target application program based on the target user identifier after acquiring the identifier of the monitored file and/or the monitored folder, the monitoring event, the target user identifier and the target process identifier; or determining the package name of the target application program based on the target user identification and the target process identification.
Optionally, the determining module includes: the first determining unit is used for determining the package name of the candidate application program corresponding to the target user identifier according to the mapping relation between the preset user identifier and the package name of the preset application program; a second determining unit, configured to determine, if multiple package names of the candidate application programs exist, a package name of the target application program corresponding to the target process identifier according to a mapping relationship between a preset process identifier and the package name of the candidate application program; and if the package name of the candidate application program is one, determining the package name of the candidate application program as the package name of the target application program.
Optionally, the apparatus further comprises: and the updating module is used for updating the mapping relation if an application program installation event or an application program uninstalled event is monitored.
Optionally, the apparatus further comprises: the acquisition module is used for acquiring the current system time as the timestamp of the monitoring event after the package name of the target application program is determined; and the writing module is used for writing the timestamp, the identifier of the monitored file and/or the folder, the monitoring event and the packet name of the target application program into a log file.
The file monitoring device provided by the embodiment of the disclosure can effectively record information such as creation, deletion and movement of files and package names of target application programs causing file operation events, and provide effective information for determining reasons of file abnormity.
The file monitoring device provided in the embodiment of the present disclosure may perform the steps in the file monitoring method provided in the embodiment of the present disclosure, and the steps and the beneficial effects are not repeated here.
Fig. 7 is a schematic structural diagram of an electronic device in an embodiment of the disclosure. Referring now specifically to fig. 7, a schematic diagram of an electronic device 700 suitable for use in implementing embodiments of the present disclosure is shown. The electronic device 700 in the disclosed embodiment may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), a wearable electronic device, and the like, and a stationary terminal such as a digital TV, a desktop computer, a smart home device, and the like. The electronic device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 7, electronic device 700 may include a processing means (e.g., central processing unit, graphics processor, etc.) 701 that may perform various appropriate actions and processes to implement the methods of embodiments as described in this disclosure in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from storage 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the electronic apparatus 700 are also stored. The processing device 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
Generally, the following devices may be connected to the I/O interface 705: input devices 706 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 707 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 708 including, for example, magnetic tape, hard disk, etc.; and a communication device 709. The communication means 709 may allow the electronic device 700 to communicate wirelessly or by wire with other devices to exchange data. While fig. 7 illustrates an electronic device 700 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart, thereby implementing the method as described above. In such embodiments, the computer program may be downloaded and installed from a network via the communication means 709, or may be installed from the storage means 708, or may be installed from the ROM 702. The computer program, when executed by the processing device 701, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to:
determining monitored files and/or folders and monitoring events; starting a preset monitoring program; when the monitoring event occurs in the monitored file and/or folder, acquiring the identifier of the monitored file and/or folder, the monitoring event and the identifier of a target application program through the preset monitoring program, wherein the occurrence of the monitoring event is associated with the target application program.
Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
According to one or more embodiments of the present disclosure, there is provided a file monitoring method including: determining monitored files and/or folders and monitoring events; starting a preset monitoring program; when the monitoring event occurs in the monitored file and/or folder, acquiring the identifier of the monitored file and/or folder, the monitoring event and the identifier of a target application program through the preset monitoring program, wherein the occurrence of the monitoring event is associated with the target application program.
According to one or more embodiments of the present disclosure, in the file monitoring method provided by the present disclosure, optionally, the target file system includes a sdcdfs file system; the starting of the preset monitoring program comprises the following steps: initializing an improved file monitor handle; sending an enable instruction to the file monitor handle to validate the improved file monitor handle; adding an identification of the monitored files and/or folders and a monitoring event to the improved file monitor handle.
According to one or more embodiments of the present disclosure, in the file monitoring method provided by the present disclosure, optionally, the sending an enabling instruction to the file monitor handle to validate the improved file monitor handle includes: setting a preset flag variable in a structure body example corresponding to the file monitoring handle to be 1 according to the enabling instruction; the default value of the preset flag variable is 0.
According to one or more embodiments of the present disclosure, in the file monitoring method provided by the present disclosure, optionally, when the monitored file and/or folder has the monitoring event, acquiring, by the preset monitoring program, the identifier of the monitored file and/or folder, the monitoring event, and the identifier of the target application program, includes: when the monitored file and/or the monitored folder has the monitoring event, if the value of the preset flag variable is 1, acquiring a target user identifier of the current context through a current user function, and acquiring a target process identifier of the current context through a current process function; assigning the target user identification, the target process identification and the identification of the monitored file and/or the folder to an event variable of an event processing function; and determining the identification of the monitored file and/or folder, the identification of the target user and the identification of the target process based on the event variable of the event processing function, wherein the identification of the target application program comprises the identification of the target user and the identification of the target process.
According to one or more embodiments of the present disclosure, in the file monitoring method provided by the present disclosure, optionally, the target file system includes a FUSE file system; the starting of the preset monitoring program comprises the following steps: starting a preset callback function, wherein the preset callback function is arranged in a file operation function matched with the monitoring event and is used for returning the identifier of the monitored file and/or the monitored folder, the monitoring event, the target user identifier and the target process identifier when the file operation function executes the monitoring event; wherein the identification of the target application program comprises the identification of the target user and the identification of the target process.
According to one or more embodiments of the present disclosure, in the file monitoring method provided by the present disclosure, optionally, after obtaining the identifier of the monitored file and/or folder, the monitoring event, the target user identifier, and the target process identifier, the method further includes: determining a package name of the target application program based on the target user identification; or determining the package name of the target application program based on the target user identification and the target process identification.
According to one or more embodiments of the present disclosure, in the file monitoring method provided by the present disclosure, optionally, the determining a package name of the target application based on the target user identifier, or determining a package name of the target application based on the target user identifier and the target process identifier includes: determining the package name of the candidate application program corresponding to the target user identifier according to the mapping relation between the preset user identifier and the package name of the preset application program; if the number of the package names of the candidate application programs is multiple, determining the package name of the target application program corresponding to the target process identifier according to a mapping relation between a preset process identifier and the package name of the candidate application program; and if the package name of the candidate application program is one, determining the package name of the candidate application program as the package name of the target application program.
According to one or more embodiments of the present disclosure, in the document monitoring method provided by the present disclosure, optionally, the method further includes: and if the application program installation event or the application program uninstalled event is monitored, updating the mapping relation.
According to one or more embodiments of the present disclosure, in the file monitoring method provided by the present disclosure, optionally, after determining the package name of the target application, the method further includes: acquiring the current system time as a timestamp of the monitoring event; and writing the timestamp, the identification of the monitored file and/or the folder, the monitoring event and the packet name of the target application program into a log file.
In accordance with one or more embodiments of the present disclosure, there is provided a document monitoring apparatus including: the determining module is used for determining monitored files and/or folders and monitoring events; the starting module is used for starting a preset monitoring program; and the monitoring module is used for acquiring the identifier of the monitored file and/or the monitored folder, the monitoring event and the identifier of a target application program through the preset monitoring program when the monitoring event occurs to the monitored file and/or the monitored folder, wherein the occurrence of the monitoring event is associated with the target application program.
In accordance with one or more embodiments of the present disclosure, in the file monitoring apparatus provided in the present disclosure, optionally, the target file system includes a sdardfs file system; the starting module comprises: the initialization unit is used for initializing the improved file monitoring handle; a sending unit, configured to send an enable instruction to the file monitor handle to enable the improved file monitor handle to take effect; an adding unit, configured to add the identifier of the monitored file and/or folder and the monitoring event to the improved file monitoring handle.
According to one or more embodiments of the present disclosure, in the document monitoring apparatus provided by the present disclosure, optionally, the sending unit includes: the setting subunit is configured to set, according to the enabling instruction, a preset flag variable in the structure instance corresponding to the file monitoring handle to 1; the default value of the preset flag variable is 0.
According to one or more embodiments of the present disclosure, in the document monitoring apparatus provided by the present disclosure, optionally, the monitoring module includes: an obtaining unit, configured to, when the monitored file and/or the folder has/has the monitoring event, if the value of the preset flag variable is 1, obtain a target user identifier of a current context through a current user function, and obtain a target process identifier of the current context through a current process function; the assignment unit is used for assigning the target user identifier, the target process identifier and the identifier of the monitored file and/or the folder to an event variable of an event processing function; a determining unit, configured to determine, based on the event variable of the event processing function, an identifier of the monitored file and/or folder, the target user identifier, and the target process identifier, where the identifier of the target application includes the target user identifier and the target process identifier.
In accordance with one or more embodiments of the present disclosure, in the file monitoring apparatus provided by the present disclosure, optionally, the target file system includes a FUSE file system; the starting module is specifically configured to: starting a preset callback function, wherein the preset callback function is arranged in a file operation function matched with the monitoring event and is used for returning the identifier of the monitored file and/or the monitored folder, the monitoring event, the target user identifier and the target process identifier when the file operation function executes the monitoring event; wherein the identification of the target application program comprises the identification of the target user and the identification of the target process.
According to one or more embodiments of the present disclosure, in the document monitoring apparatus provided by the present disclosure, optionally, the apparatus further includes: the determining module is used for determining the package name of the target application program based on the target user identifier after acquiring the identifier of the monitored file and/or the monitored folder, the monitoring event, the target user identifier and the target process identifier; or determining the package name of the target application program based on the target user identification and the target process identification.
In accordance with one or more embodiments of the present disclosure, in the document monitoring apparatus provided by the present disclosure, optionally, the determining module includes: the first determining unit is used for determining the package name of the candidate application program corresponding to the target user identifier according to the mapping relation between the preset user identifier and the package name of the preset application program; a second determining unit, configured to determine, if multiple package names of the candidate application programs exist, a package name of the target application program corresponding to the target process identifier according to a mapping relationship between a preset process identifier and the package name of the candidate application program; and if the package name of the candidate application program is one, determining the package name of the candidate application program as the package name of the target application program.
According to one or more embodiments of the present disclosure, in the document monitoring apparatus provided by the present disclosure, optionally, the apparatus further includes: and the updating module is used for updating the mapping relation if an application program installation event or an application program uninstalled event is monitored. .
According to one or more embodiments of the present disclosure, in the document monitoring apparatus provided by the present disclosure, optionally, the apparatus further includes: the acquisition module is used for acquiring the current system time as the timestamp of the monitoring event after the package name of the target application program is determined; and the writing module is used for writing the timestamp, the identifier of the monitored file and/or the folder, the monitoring event and the packet name of the target application program into a log file.
In accordance with one or more embodiments of the present disclosure, there is provided an electronic device including:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement any of the file monitoring methods provided by the present disclosure.
According to one or more embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a document monitoring method as any one of the methods provided by the present disclosure.
Embodiments of the present disclosure also provide a computer program product comprising a computer program or instructions which, when executed by a processor, implement the document monitoring method as described above.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents does not depart from the spirit of the disclosure. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (12)

1. A file monitoring method is applied to a target file system, and the method comprises the following steps:
determining monitored files and/or folders and monitoring events;
starting a preset monitoring program;
when the monitoring event occurs in the monitored file and/or folder, acquiring the identifier of the monitored file and/or folder, the monitoring event and the identifier of a target application program through the preset monitoring program, wherein the occurrence of the monitoring event is associated with the target application program.
2. The method of claim 1, wherein the target file system comprises a SDCARDFS file system;
the starting of the preset monitoring program comprises the following steps:
initializing an improved file monitor handle;
sending an enable instruction to the file monitor handle to validate the improved file monitor handle;
adding an identification of the monitored files and/or folders and a monitoring event to the improved file monitor handle.
3. The method of claim 2, wherein sending an enable instruction to the file monitor handle to validate the improved file monitor handle comprises:
setting a preset flag variable in a structure body example corresponding to the file monitoring handle to be 1 according to the enabling instruction;
the default value of the preset flag variable is 0.
4. The method according to claim 3, wherein the obtaining, by the preset monitoring program, the identifier of the monitored file and/or folder, the identifier of the monitoring event and the identifier of the target application when the monitoring event occurs to the monitored file and/or folder comprises:
when the monitored file and/or the monitored folder has the monitoring event, if the value of the preset flag variable is 1, acquiring a target user identifier of the current context through a current user function, and acquiring a target process identifier of the current context through a current process function;
assigning the target user identification, the target process identification and the identification of the monitored file and/or the folder to an event variable of an event processing function;
and determining the identification of the monitored file and/or folder, the identification of the target user and the identification of the target process based on the event variable of the event processing function, wherein the identification of the target application program comprises the identification of the target user and the identification of the target process.
5. The method of claim 1, wherein the target file system comprises a FUSE file system;
the starting of the preset monitoring program comprises the following steps:
starting a preset callback function, wherein the preset callback function is arranged in a file operation function matched with the monitoring event and is used for returning the identifier of the monitored file and/or the monitored folder, the monitoring event, the target user identifier and the target process identifier when the file operation function executes the monitoring event;
wherein the identification of the target application program comprises the identification of the target user and the identification of the target process.
6. The method according to claim 4 or 5, wherein after acquiring the identifier of the monitored file and/or folder, the monitoring event, the identifier of the target user, and the identifier of the target process, the method further comprises:
determining a package name of the target application program based on the target user identification;
or determining the package name of the target application program based on the target user identification and the target process identification.
7. The method of claim 6, wherein determining the package name of the target application based on the target user identifier or the target process identifier comprises:
determining the package name of the candidate application program corresponding to the target user identifier according to the mapping relation between the preset user identifier and the package name of the preset application program;
if the number of the package names of the candidate application programs is multiple, determining the package name of the target application program corresponding to the target process identifier according to a mapping relation between a preset process identifier and the package name of the candidate application program;
and if the package name of the candidate application program is one, determining the package name of the candidate application program as the package name of the target application program.
8. The method of claim 7, further comprising: and if the application program installation event or the application program uninstalled event is monitored, updating the mapping relation.
9. The method of claim 6, wherein after determining the package name of the target application, the method further comprises:
acquiring the current system time as a timestamp of the monitoring event;
and writing the timestamp, the identification of the monitored file and/or the folder, the monitoring event and the packet name of the target application program into a log file.
10. A document monitoring apparatus, the apparatus comprising:
the determining module is used for determining monitored files and/or folders and monitoring events;
the starting module is used for starting a preset monitoring program;
and the monitoring module is used for acquiring the identifier of the monitored file and/or the monitored folder, the monitoring event and the identifier of a target application program through the preset monitoring program when the monitoring event occurs to the monitored file and/or the monitored folder, wherein the occurrence of the monitoring event is associated with the target application program.
11. An electronic device, characterized in that the electronic device comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-9.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-9.
CN202111586394.XA 2021-12-23 2021-12-23 File monitoring method and device, electronic equipment and storage medium Pending CN114328097A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111586394.XA CN114328097A (en) 2021-12-23 2021-12-23 File monitoring method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111586394.XA CN114328097A (en) 2021-12-23 2021-12-23 File monitoring method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114328097A true CN114328097A (en) 2022-04-12

Family

ID=81054099

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111586394.XA Pending CN114328097A (en) 2021-12-23 2021-12-23 File monitoring method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114328097A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115840938A (en) * 2023-02-21 2023-03-24 山东捷讯通信技术有限公司 File monitoring method and device
CN117149476A (en) * 2023-01-13 2023-12-01 荣耀终端有限公司 Fault reporting method and related device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117149476A (en) * 2023-01-13 2023-12-01 荣耀终端有限公司 Fault reporting method and related device
CN115840938A (en) * 2023-02-21 2023-03-24 山东捷讯通信技术有限公司 File monitoring method and device

Similar Documents

Publication Publication Date Title
US11159411B2 (en) Distributed testing service
CN107729041B (en) Application program hot updating method, device, terminal and storage medium
CN107832100B (en) APK plug-in loading method and terminal thereof
CN110365724B (en) Task processing method and device and electronic equipment
CN110580305B (en) Method, apparatus, system and medium for generating identifier
CN110968331B (en) Method and device for running application program
CN111597065B (en) Method and device for collecting equipment information
CN114328097A (en) File monitoring method and device, electronic equipment and storage medium
CN110851204B (en) Application starting method and device and application packaging method and device
CN111625422B (en) Thread monitoring method, thread monitoring device, electronic equipment and computer readable storage medium
CN111694639A (en) Method and device for updating address of process container and electronic equipment
CN111338829B (en) Calling method and device for remote procedure call service
CN111309366B (en) Method, device, medium and electronic equipment for managing registration core
CN112748962A (en) Application loading method and device, electronic equipment and computer readable medium
CN112714042A (en) Pressure testing method and device, electronic equipment and storage medium
CN113765983A (en) Site service deployment method and device
CN111309367A (en) Method, device, medium and electronic equipment for managing service discovery
CN112114871A (en) Code sharing method, device, server, terminal and medium
CN111367590A (en) Interrupt event processing method and device
CN114297157B (en) File processing method, device, equipment and medium
CN111324888B (en) Verification method and device for application program starting, electronic equipment and storage medium
CN117369952B (en) Cluster processing method, device, equipment and storage medium
CN113761548B (en) Data transmission method and device for Shuffle process
US11687547B1 (en) System and methods for an automated core dump to a Java heap dump conversion
CN111767093B (en) Data processing method, apparatus and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination