CN102938037B - A kind of plug-in unit call method for browser and plugin manager - Google Patents
A kind of plug-in unit call method for browser and plugin manager Download PDFInfo
- Publication number
- CN102938037B CN102938037B CN201210487687.7A CN201210487687A CN102938037B CN 102938037 B CN102938037 B CN 102938037B CN 201210487687 A CN201210487687 A CN 201210487687A CN 102938037 B CN102938037 B CN 102938037B
- Authority
- CN
- China
- Prior art keywords
- input
- plug
- unit
- output operations
- output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims abstract description 14
- 230000008569 process Effects 0.000 claims description 11
- 230000006870 function Effects 0.000 description 33
- 238000010586 diagram Methods 0.000 description 4
- 230000008676 import Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Abstract
The invention discloses a kind of plug-in unit call method for browser and plugin manager.Wherein plugin manager includes input/output device, it includes the first input/output operations module, described first input/output operations module is suitable to the operating right list safeguarded according to described input/output device, it is determined that whether described plug-in unit has the authority performing described input/output operations;If it is determined that go out described plug-in unit there is the authority performing described input/output operations, then perform described input/output operations;If it is determined that go out described plug-in unit not there is the authority performing described input/output operations, forbid performing described input/output operations;Described plugin manager intercepts the behavior relating to input/output operations in the plug-in unit called, and described behavior is imported in described input/output device.The present invention is prevented from the potential safety hazard that plug-in unit brings, and, also without influence on the speed of service of other function of plug-in unit, improve the execution efficiency of plug-in unit.
Description
Technical field
The present invention relates to technical field of the computer network, be specifically related to a kind of plug-in unit call method for browser and plugin manager.
Background technology
Plug-in unit is the program that a kind of application programming interfaces following certain specification are write out.A lot of softwares have plug-in unit, and plug-in unit has countless versions.Such as in IE browser, after installing relevant plug-in unit, browser can directly invoke plug-in card program, is used for processing certain types of file.Plug-in unit is the program that automatically can perform along with the startup of IE browser.The common plug-in unit of IE browser has: Flash plug-in unit, RealPlayer plug-in unit, MMS plug-in unit, MIDI staff plug-in unit, ActiveX plug-in unit etc..The DFX of Winamp for another example, is also plug-in unit.
Fig. 1 illustrates the schematic diagram of a kind of browser and plug-in unit interworking in prior art.As it is shown in figure 1, browser comprises plugin manager, this plugin manager for providing various interface between mastery routine and plug-in unit so that is able to interworking between plug-in unit and browser.And then, plug-in unit can call local resource according to the demand of self, for instance carries out operation of the read/write of file, the uploading/download of file, configuration file etc..In this technical scheme, local resource is directly operated by plug-in unit, thus can bring unsafe hidden danger.Specifically, some plug-in unit can help that user is more convenient to be browsed the Internet or call online miscellaneous function, and this kind of plug-in unit belongs to normal procedure;But also having part plug-in unit is ad ware (Adware) or spyware (Spyware) by person, this kind of plug-in unit is malicious plugins, it monitors the internet behavior of user, and recorded data is reported to the founder of plug-in unit, to reach to throw in advertisement, steal the illegal objectives such as game or account No. password.Because plug-in unit is by different publisher's distribution, its technical merit is also very different, and plug-in card program is likely to clash with other active program, thus causing such as various page faults, running timing error etc. phenomenon, blocking normal browsing.On the other hand, read/write, to upload/download the execution speed of file relatively slow, thread can be made card, the phenomenon such as slow occur, reduce whole plug-in component operation speed and efficiency.
Summary of the invention
In view of the above problems, it is proposed that the present invention is to provide a kind of plug-in unit call method for browser and corresponding plugin manager, browser overcoming the problems referred to above or solving the problems referred to above at least in part.
According to an aspect of the invention, it is provided a kind of plug-in unit call method for browser, including:
Steps for importing, when browser calls plug-in unit, intercepts the behavior relating to input/output operations in plug-in unit, described behavior is imported in input/output device, and described input/output device safeguards there is operating right list;
First input/output operations step, described input/output device is according to described operating right list, it is determined that whether described plug-in unit has the authority performing described input/output operations;If it is determined that go out described plug-in unit there is the authority performing described input/output operations, then performed described input/output operations by described input/output device;If it is determined that go out described plug-in unit not there is the authority performing described input/output operations, forbid performing described input/output operations.
According to a further aspect in the invention, it is provided that a kind of plugin manager, be suitable to call plug-in unit, and the behavior relating to input/output operations is imported in input/output device;And
Described plugin manager includes input/output device, described input/output device includes the first input/output operations module, described first input/output operations module is suitable to the operating right list safeguarded according to described input/output device, it is determined that whether described plug-in unit has the authority performing described input/output operations;If it is determined that go out described plug-in unit there is the authority performing described input/output operations, then perform described input/output operations;If it is determined that go out described plug-in unit not there is the authority performing described input/output operations, forbid performing described input/output operations;
Described plugin manager intercepts the behavior relating to input/output operations in the plug-in unit called, and described behavior is imported in described input/output device.
According to technical scheme provided by the invention, when browser calls plug-in unit, the behavior of the I/O operation in plug-in unit is imported in independent I/O device, the operating right list according to its maintenance of the I/O device, judge whether plug-in unit has the authority performing this I/O operation, performed I/O operation when having this authority by I/O device, otherwise forbid performing this I/O operation.The present invention utilizes I/O device that the I/O operation of local resource is controlled by plug-in unit, it is prevented that the potential safety hazard that plug-in unit brings.And, the present invention is performed independent from other thread for slow I/O operation by I/O device, without influence on the speed of service of other function of plug-in unit, improves the execution efficiency of plug-in unit.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, and can be practiced according to the content of description, and in order to above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit those of ordinary skill in the art be will be clear from understanding.Accompanying drawing is only for illustrating the purpose of preferred implementation, and is not considered as limitation of the present invention.And in whole accompanying drawing, it is denoted by the same reference numerals identical parts.In the accompanying drawings:
Fig. 1 illustrates the schematic diagram of a kind of browser and plug-in unit interworking in prior art;
Fig. 2 illustrates the schematic diagram of another kind of browser and plug-in unit interworking;
Fig. 3 illustrates the flow chart of plug-in unit call method for browser according to an embodiment of the invention;
Fig. 4 illustrates the flow chart of plug-in unit call method for browser in accordance with another embodiment of the present invention;
Fig. 5 illustrates the structural representation of plugin manager according to an embodiment of the invention;
Fig. 6 illustrates the structural representation of browser according to an embodiment of the invention.
Detailed description of the invention
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although accompanying drawing showing the exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure and should do not limited by embodiments set forth here.On the contrary, it is provided that these embodiments are able to be best understood from the disclosure, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Fig. 2 illustrates the schematic diagram of another kind of browser and plug-in unit interworking.As in figure 2 it is shown, plug-in unit to be divided into trusted plug-in unit and trustless plug-in unit.Specifically, trusted plug-in unit is the plug-in unit through secure browser certification, for instance the plug-in unit of browser manufacturer oneself exploitation;And trustless plug-in unit is the plug-in unit without secure browser certification, for instance the plug-in unit etc. of third party's exploitation.Both plug-in units can be managed by plugin manager respectively, and different types of plug-in unit runs in different threads.Specifically, trusted plug-in unit runs in main thread, and trustless plug-in unit performs in sub-line journey.In this technical scheme, the safety for plug-in unit has been distinguished, but still can not take precautions against the potential safety hazard of trustless plug-in unit and owing to read/write, the speed of uploading/download file cause the slow-footed problem of plug-in component operation slowly.
Fig. 3 illustrates the flow chart of plug-in unit call method 100 for browser according to an embodiment of the invention.As shown in Figure 3, method 100 starts from step S101, and this step S101 is steps for importing, wherein when browser calls plug-in unit, by plug-in unit relates to input/output (hereinafter referred to as: I/O) behavior operated imports in I/O device, this I/O device safeguard have operating right list.In the method, the plugin manager of browser provides the interface for plug-in unit, and when browser calls plug-in unit, the behavior relating to I/O operation in plug-in unit is imported in I/O device and is uniformly processed by plugin manager.I/O device is an independent functional module in plugin manager, and the operation of local resource is controlled by it by plug-in unit, it is prevented that the potential safety hazard that plug-in unit brings.Alternatively, the behavior relating to I/O operation in plug-in unit is intercepted by plugin manager, will import to the behavior in I/O device and process.Safeguarding there is operating right list in I/O device, alternatively, the operating right list records dangerous function corresponding relation with the plug-in unit that can call this dangerous function, wherein dangerous function is the function relevant with I/O operation.
Subsequently, method 100 enters step S102, and wherein I/O device is according to operating right list, it is determined that whether plug-in unit has the authority performing I/O operation, if so, performs step S103;Otherwise perform step S104.I/O device obtains the dangerous function relevant with the I/O operation imported, query manipulation permissions list, it is thus achieved that the plug-in unit of this dangerous function can be called, I/O device judges whether plug-in unit belongs to the scope of the plug-in unit that can call this dangerous function, if belonging to, it was shown that plug-in unit has the authority performing I/O operation;If being not belonging to, it was shown that plug-in unit does not have the authority performing I/O operation.Should be understood that, the operating right list of the present invention is not limited only to the corresponding relation of record dangerous function and the plug-in unit that can call this dangerous function, it can also be the operating right recording other form, such as directly record plug-in unit and the I/O operation allowed performed by this plug-in unit, or the corresponding relation of the plug-in unit of record dangerous function and non-adjustable this dangerous function of use.Corresponding, the concrete executive mode of step S102 also adjusts therewith, and the present invention is without limitation.
In step s 103, I/O device performs I/O operation.I/O device judges that plug-in unit has the authority performing I/O operation, I/O device carry out the read/write operation to local resource or upload/down operation.
In step S104, I/O device is forbidden performing I/O operation.I/O device judges that plug-in unit does not have the authority performing I/O operation, forbids performing I/O operation.
In this article, above-mentioned steps S102, step S103 and step S104 are referred to as the first I/O operation step.
According to the plug-in unit call method for browser that the present embodiment provides, when browser calls plug-in unit, the behavior of the I/O operation in plug-in unit is imported in independent I/O device, the operating right list according to its maintenance of the I/O device, judge whether plug-in unit has the authority performing this I/O operation, performed I/O operation when having this authority by I/O device, otherwise forbid performing this I/O operation.This method utilizes I/O device that the I/O operation of local resource is controlled by plug-in unit, it is prevented that the potential safety hazard that plug-in unit brings.And, this method is performed independent from other thread for slow I/O operation by I/O device, without influence on the speed of service of other function of plug-in unit, improves the execution efficiency of plug-in unit.
Fig. 4 illustrates the flow chart of plug-in unit call method 200 for browser in accordance with another embodiment of the present invention.Plug-in unit is divided into by method 200 trusted plug-in unit and trustless plug-in unit do different process.As shown in Figure 4, method 200 starts from step S201, and this step S201 is determination step, and wherein the plugin manager of browser judges that plug-in unit is whether as trustless plug-in unit, if so, performs step S203;Otherwise, step S202 is performed.In the method, the plugin manager of browser provides the interface for trusted plug-in unit and trustless plug-in unit, safeguards have the list of trusted plug-in unit and/or the list of trustless plug-in unit in this plugin manager.When browser calls plug-in unit, according to the list of trusted plug-in unit and/or the list of trustless plug-in unit, plugin manager judges that plug-in unit is trusted plug-in unit or trustless plug-in unit, if trusted plug-in unit, then performs step S202;If trustless plug-in unit, then perform step S203.
In step S202, main thread runs trusted plug-in unit.
In step S203, sub-line journey is run trustless plug-in unit.
In the execution process of step S202 and step S203, method 200 enters step S204, and wherein the behavior relating to I/O operation of trusted plug-in unit and/or trustless plug-in unit is imported in I/O device by plugin manager.I/O device is an independent functional module in plugin manager, and specifically, I/O device runs in independent I/O thread.Alternatively, the behavior relating to I/O operation in trusted plug-in unit and/or trustless plug-in unit is intercepted by plugin manager, will import to the behavior in I/O device and process.
Alternatively, I/O device provides unified I/O interface to the I/O operation of all plug-in units.When developing plug-in unit, developer is with regard to it is noted that I/O operation that plug-in unit to carry out must be called this and be unified I/O interface.If plug-in unit never call intercepted by I/O device, this unifies I/O interface and the I/O operation that carries out, then forbid performing I/O operation, and the concrete process that performs is referring to step S205.It should be appreciated that step S205 is optional step, when the I/O operation not requiring plug-in unit must call unified I/O interface, this method does not include step S205.
After step s 204, whether what method 200 entered that step S205, I/O device judges that the I/O operation of plug-in unit calls is unified I/O interface, if so, performs step S206, otherwise, performs step S208.
In step S206, the plug-in unit that I/O device query plugin manager carries out judging to obtain is trusted plug-in unit or the result of trustless plug-in unit, if plug-in unit is trustless plug-in unit, performs step S207;If plug-in unit is trusted plug-in unit, perform step S209.
In step S207, I/O device is according to operating right list, it is determined that whether trustless plug-in unit has the authority performing I/O operation, if so, performs step 209;Otherwise perform step 208.Safeguarding there is operating right list in I/O device, this operating right list can be that the form with data file is copied under the installation directory specified when browser is installed.Such as, operating right list can be .dat form, is distributed to browser after encryption.
Alternatively, the operating right list records dangerous function corresponding relation with the plug-in unit that can call this dangerous function, wherein dangerous function is the function relevant with I/O operation.Table 1 illustrates a kind of example of operating right list.
Table 1. operating right list
Dangerous function listed by table 1 is all the system-level function of operating system.Wherein, RegOpenKey, RegOpenKeyEx, RegCreateKey and RegCreateKeyEx is that registration table creates handling function;RegSetValue and RegSetKeyValue is Registry Modifications handling function;CreateFile creates file manipulation function;DeleteFile deletes file manipulation function;MoveFile is mobile file manipulation function.
As it can be seen from table 1 Flash.ocx allows all of safety operation;Unity.ocx only allows registry operations;Reader.ocx allows to carry out file operation;Music.ocx allows to carry out file operation.
If certain trustless plug-in unit A.ocx wants the registry entry that amendment browser configuration is relevant, I/O device query manipulation permissions list (table 1), it is Flash.ocx and Unity.ocx that acquisition can call the plug-in unit of Registry Modifications handling function, I/O device judges that A.ocx is not wherein, it was shown that A.ocx does not have this amendment authority.
If trustless plug-in unit music.ocx wants establishment file under browser directory, I/O device query manipulation permissions list (table 1), it is Flash.ocx, reader.ocx and music.ocx that acquisition can call the plug-in unit creating file manipulation function, I/O device judges that music.ocx is wherein, it was shown that music.ocx has the authority creating file.
It should be appreciated that the operating right list shown in table 1 is only a specific example of the present invention, the present invention is not limited only to this.
In step S208, I/O device is forbidden performing I/O operation.I/O device judges that trustless plug-in unit does not have the authority performing I/O operation, or, what the I/O operation of plug-in unit was called is not unified I/O interface, forbids performing I/O operation.
In step S209, I/O device performs I/O operation.I/O device judges that trustless plug-in unit has the authority performing I/O operation, or, it is trusted plug-in unit that I/O device inquires plug-in unit, I/O device carry out the read/write operation to local resource or upload/down operation.
Plug-in unit is divided into trusted plug-in unit and trustless plug-in unit by the method 200 that the present embodiment provides, and for trusted plug-in unit, I/O device directly performs its I/O operation;For trustless plug-in unit, according to operating right list, I/O device judges whether it has the authority performing I/O operation, performed I/O operation when having this authority by I/O device, otherwise forbid performing this I/O operation.Compared with method 100, in method 200, the execution efficiency of plug-in unit is promoted further.
Fig. 5 illustrates the structural representation of plugin manager 300 according to an embodiment of the invention.As it is shown in figure 5, plugin manager 300 includes I/O device 310, plugin manager 300 is suitable to call plug-in unit, the behavior relating to I/O operation is imported in I/O device 310.Alternatively, plugin manager 300 intercepts the behavior relating to I/O operation in the plug-in unit called, and will import to the behavior in I/O device 310.
I/O device 310 includes the first I/O operation module 311, and the first I/O operation module 311 is suitable to the operating right list safeguarded according to I/O device, it is determined that whether plug-in unit has the authority performing I/O operation;If it is determined that go out plug-in unit there is the authority performing I/O operation, then perform I/O operation;If it is determined that go out plug-in unit not there is the authority performing I/O operation, forbid performing I/O operation.
Further, plugin manager 300 is further adapted for judging that plug-in unit is trusted plug-in unit or trustless plug-in unit.First I/O operation module 311 is particularly adapted to process the I/O operation of trustless plug-in unit.I/O device 310 also includes the second I/O operation module 312, and the second I/O operation module 312 is suitable to process the I/O operation of trusted plug-in unit, specifically, is suitable to directly perform the I/O operation of trusted plug-in unit.
Alternatively, I/O device 310 provides unified I/O interface to the I/O operation of all plug-in units.I/O device 310 also includes: judge module 313 and the 3rd I/O operation module 314.
Judge module 313 is suitable to judge that the I/O operation of plug-in unit calls and is whether unified I/O interface;
3rd I/O operation module 314 is suitable to, when judge module 313 judges that what the I/O operation of plug-in unit called is unified I/O interface, trigger the first I/O operation module 311 or the second I/O operation module 312 works;When judge module 313 judges that what the I/O operation of plug-in unit called is not unified I/O interface, forbid performing I/O operation.
Above-mentioned trusted plug-in unit runs in main thread, and trustless plug-in unit runs in sub-line journey, and I/O device runs in independent I/O thread.
The operating right list records that I/O device 310 the is safeguarded dangerous function corresponding relation with the plug-in unit that can call this dangerous function, dangerous function is the function relevant with I/O operation.
Fig. 6 illustrates the structural representation of browser 400 according to an embodiment of the invention.As shown in Figure 6, browser 400 includes above-mentioned plugin manager 300 and plug-in unit (trusted plug-in unit and trustless plug-in unit), and wherein plug-in unit outside browser, can also be not limited to shown in Fig. 6.
The present invention rearranges for the I/O structure in plug-in extension framework, plugin manager is arranged independent I/O device, when calling plug-in unit, the behavior of the I/O operation in plug-in unit is imported in I/O device, the operating right list according to its maintenance of the I/O device, judge whether plug-in unit has the authority performing this I/O operation, performed I/O operation when having this authority by I/O device, otherwise forbid performing this I/O operation.The present invention utilizes I/O device that the I/O operation of local resource is controlled by plug-in unit, it is prevented that the potential safety hazard that plug-in unit brings.And, the present invention is performed independent from other thread for slow I/O operation by I/O device, without influence on the speed of service of other function of plug-in unit, improves the execution efficiency of plug-in unit.
Not intrinsic to any certain computer, virtual system or miscellaneous equipment relevant in algorithm and the display of this offer.Various general-purpose systems can also with use based on together with this teaching.As described above, the structure constructed required by this kind of system is apparent from.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to utilize various programming language to realize the content of invention described herein, and the description above language-specific done is the preferred forms in order to disclose the present invention.
In description mentioned herein, describe a large amount of detail.It is to be appreciated, however, that embodiments of the invention can be put into practice when not having these details.In some instances, known method, structure and technology it are not shown specifically, in order to do not obscure the understanding of this description.
Similarly, it is to be understood that, one or more in order to what simplify that the disclosure helping understands in each inventive aspect, herein above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or descriptions thereof sometimes.But, the method for the disclosure should be construed to and reflect an intention that namely the present invention for required protection requires feature more more than the feature being expressly recited in each claim.More precisely, as the following claims reflect, inventive aspect is in that all features less than single embodiment disclosed above.Therefore, it then follows claims of detailed description of the invention are thus expressly incorporated in this detailed description of the invention, wherein each claim itself as the independent embodiment of the present invention.
Those skilled in the art are appreciated that, it is possible to carry out the module in the equipment in embodiment adaptively changing and they being arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit excludes each other, it is possible to adopt any combination that all processes or the unit of all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment are combined.Unless expressly stated otherwise, each feature disclosed in this specification (including adjoint claim, summary and accompanying drawing) can be replaced by the alternative features providing purpose identical, equivalent or similar.
In addition, those skilled in the art it will be appreciated that, although embodiments more described herein include some feature included in other embodiments rather than further feature, but the combination of the feature of different embodiment means to be within the scope of the present invention and form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can mode use in any combination.
The all parts embodiment of the present invention can realize with hardware, or realizes with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize the some or all parts in plugin manager according to embodiments of the present invention.The present invention is also implemented as part or all the equipment for performing method as described herein or device program (such as, computer program and computer program).The program of such present invention of realization can store on a computer-readable medium, or can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described rather than limits the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment without departing from the scope of the appended claims.In the claims, any reference marks that should not will be located between bracket is configured to limitations on claims.Word " comprises " and does not exclude the presence of the element or step not arranged in the claims.Word "a" or "an" before being positioned at element does not exclude the presence of multiple such element.The present invention by means of including the hardware of some different elements and can realize by means of properly programmed computer.In the claim listing some devices, several in these devices can be through same hardware branch and specifically embody.Word first, second and third use do not indicate that any order.Can be title by these word explanations.
Claims (8)
1. for a plug-in unit call method for browser, including:
Steps for importing, when browser calls plug-in unit, the plugin manager of the interface for providing plug-in unit of described browser intercepts the behavior relating to input/output operations in plug-in unit, described behavior is imported in input/output device, described input/output device is an independent functional module in described plugin manager, described input/output device attended operation permissions list;
First input/output operations step, described input/output device is according to described operating right list, it is determined that whether described plug-in unit has the authority performing described input/output operations;If it is determined that go out described plug-in unit there is the authority performing described input/output operations, then performed described input/output operations by described input/output device;If it is determined that go out described plug-in unit not there is the authority performing described input/output operations, forbid performing described input/output operations;
Described input/output device provides unified input/output interface to the input/output operations of all plug-in units, if the input/output operations that input/output device is intercepted input/output interface unified described in plug-in unit never call and carried out, then forbid performing described input/output operations.
2. method according to claim 1, also included: determination step before described steps for importing, and described browser judges that described plug-in unit is trusted plug-in unit or trustless plug-in unit;
If described browser judges that described plug-in unit is trustless plug-in unit, described method performs described steps for importing and the first input/output operations step;
If described browser judges that described plug-in unit is as trusted plug-in unit, described method performs described steps for importing and the second input/output operations step, and described second input/output operations step is particularly as follows: described input/output device directly performs described input/output operations.
3. method according to claim 2, described trusted plug-in unit runs in main thread, and described trustless plug-in unit runs in sub-line journey, and described input/output device runs in independent input/output thread.
4. the method according to any one of claims 1 to 3, the described operating right list records dangerous function corresponding relation with the plug-in unit that can call this dangerous function, described dangerous function is the function relevant with input/output operations.
5. it is arranged in browser for providing a plugin manager for the interface of plug-in unit, is suitable to call plug-in unit, and the behavior relating to input/output operations is imported in input/output device;And
Described plugin manager includes input/output device, described input/output device is an independent functional module in described plugin manager, described input/output device includes the first input/output operations module, described first input/output operations module is suitable to the operating right list safeguarded according to described input/output device, it is determined that whether described plug-in unit has the authority performing described input/output operations;If it is determined that go out described plug-in unit there is the authority performing described input/output operations, then perform described input/output operations;If it is determined that go out described plug-in unit not there is the authority performing described input/output operations, forbid performing described input/output operations;
Described plugin manager intercepts the behavior relating to input/output operations in the plug-in unit called, and described behavior is imported in described input/output device;
Described input/output device provides unified input/output interface to the input/output operations of all plug-in units, and described input/output device also includes:
Whether judge module, being suitable to judge that the input/output operations of described plug-in unit calls is described unified input/output interface;
3rd input/output operations module, be suitable to when described judge module judge that the input/output operations of described plug-in unit calls be described unified input/output interface, trigger described first input/output operations module work;When described judge module judge that the input/output operations of described plug-in unit calls be not described unified input/output interface, forbid performing described input/output operations.
6. plugin manager according to claim 5, described plugin manager is further adapted for judging that described plug-in unit is trusted plug-in unit or trustless plug-in unit;
Described first input/output operations module is particularly adapted to process the input/output operations of trustless plug-in unit;
Described input/output device also includes the second input/output operations module, and described second input/output operations module is suitable to process the input/output operations of trusted plug-in unit;Described second input/output operations module is particularly adapted to directly perform the input/output operations of described trusted plug-in unit.
7. plugin manager according to claim 6, described trusted plug-in unit runs in main thread, and described trustless plug-in unit runs in sub-line journey, and described input/output device runs in independent input/output thread.
8. the plugin manager according to any one of claim 5 to 7, the described operating right list records dangerous function corresponding relation with the plug-in unit that can call this dangerous function, described dangerous function is the function relevant with input/output operations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210487687.7A CN102938037B (en) | 2012-11-26 | 2012-11-26 | A kind of plug-in unit call method for browser and plugin manager |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210487687.7A CN102938037B (en) | 2012-11-26 | 2012-11-26 | A kind of plug-in unit call method for browser and plugin manager |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102938037A CN102938037A (en) | 2013-02-20 |
| CN102938037B true CN102938037B (en) | 2016-06-29 |
Family
ID=47696933
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210487687.7A Active CN102938037B (en) | 2012-11-26 | 2012-11-26 | A kind of plug-in unit call method for browser and plugin manager |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102938037B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999611B (en) * | 2012-11-26 | 2016-08-03 | 北京奇虎科技有限公司 | Browser calls method and plugin manager, the browser of plug-in unit |
| CN104038536B (en) * | 2014-05-23 | 2018-07-27 | 小米科技有限责任公司 | Plug-in unit communication means and device |
| CN106919832A (en) * | 2015-12-24 | 2017-07-04 | 北京奇虎科技有限公司 | A kind of browser side extension element management method and device |
| CN106919829A (en) * | 2015-12-24 | 2017-07-04 | 北京奇虎科技有限公司 | The means of defence and device of a kind of browser |
| CN107872439B (en) * | 2016-09-28 | 2021-02-05 | 腾讯科技(深圳)有限公司 | Identity recognition method, device and system |
| CN107066872B (en) * | 2016-12-21 | 2020-07-31 | 阿里巴巴集团控股有限公司 | Plug-in right control method and device and plug-in system |
| CN106934272B (en) * | 2017-02-09 | 2021-09-07 | 北京奇虎科技有限公司 | Application information verification method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101604371A (en) * | 2009-07-22 | 2009-12-16 | 阿里巴巴集团控股有限公司 | The control method of authority of plug-in unit and system |
| CN102081709A (en) * | 2009-12-01 | 2011-06-01 | 联想(北京)有限公司 | Method and device for disabling browser plug-in and terminal |
| CN102253840A (en) * | 2011-08-04 | 2011-11-23 | 深圳芯智汇科技有限公司 | Plugin management method and plugin manager |
-
2012
- 2012-11-26 CN CN201210487687.7A patent/CN102938037B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101604371A (en) * | 2009-07-22 | 2009-12-16 | 阿里巴巴集团控股有限公司 | The control method of authority of plug-in unit and system |
| CN102081709A (en) * | 2009-12-01 | 2011-06-01 | 联想(北京)有限公司 | Method and device for disabling browser plug-in and terminal |
| CN102253840A (en) * | 2011-08-04 | 2011-11-23 | 深圳芯智汇科技有限公司 | Plugin management method and plugin manager |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102938037A (en) | 2013-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102938037B (en) | A kind of plug-in unit call method for browser and plugin manager | |
| EP3085050B1 (en) | Privileged static hosted web applications | |
| JP5985631B2 (en) | Activate trust level | |
| Zhao et al. | “TrustDroid™”: Preventing the use of SmartPhones for information leaking in corporate networks through the used of static analysis taint tracking | |
| US9135445B2 (en) | Providing information about a web application or extension offered by website based on information about the application or extension gathered from a trusted site | |
| CN102929656B (en) | Use method and the client of ActiveX plug-in in browser | |
| Bagheri et al. | Detection of design flaws in the android permission protocol through bounded verification | |
| Do et al. | Enhancing user privacy on android mobile devices via permissions removal | |
| CN103164650B (en) | The implementation method of browser side safe control and browser | |
| CN111522595A (en) | Transient applications | |
| US20140351889A1 (en) | Sandbox technology based webpage browsing method and device | |
| EP3552098A1 (en) | Operating system update management for enrolled devices | |
| US9871800B2 (en) | System and method for providing application security in a cloud computing environment | |
| CN104036019A (en) | Method and device for opening webpage links | |
| CN105630518A (en) | Method and device for updating resources of Android application software | |
| CN103023976A (en) | Device and method for extending browser application plug-ins | |
| CN105205413A (en) | Data protecting method and device | |
| Georgiev et al. | Rethinking security of web-based system applications | |
| WO2016201853A1 (en) | Method, device and server for realizing encryption/decryption function | |
| CN104537310A (en) | Method for managing portable storage device and client terminal | |
| CN101950339B (en) | Security protection method and system of computer | |
| CN102999611B (en) | Browser calls method and plugin manager, the browser of plug-in unit | |
| CN102902908B (en) | Exempt from ActiveX plug-in security pick-up unit and method are installed | |
| Xiao et al. | Preventing client side XSS with rewrite based dynamic information flow | |
| CN102902912B (en) | Exempt from ActiveX plug-in security pick-up unit and method are installed |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220728 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |