CN104134036B - Method and device for obtaining Root permission - Google Patents
Method and device for obtaining Root permission Download PDFInfo
- Publication number
- CN104134036B CN104134036B CN201410361668.9A CN201410361668A CN104134036B CN 104134036 B CN104134036 B CN 104134036B CN 201410361668 A CN201410361668 A CN 201410361668A CN 104134036 B CN104134036 B CN 104134036B
- Authority
- CN
- China
- Prior art keywords
- terminal
- user
- jar bags
- mentioned
- jni
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the invention discloses a method for obtaining a Root permission. The method comprises the following steps that: a terminal opens a native process by using the identity of an SU (Switch User), and a JNI (Java Native Interface) module is started in the native process; the user identity of the native process is set as the ID (Identity) of the SU by the terminal via the JIN module, the operation permission of the SU is obtained, and the security environment variable of a system is cleared; the terminal starts a sub process through the JNI module, and a Jar packet is loaded in the sub process through the operation permission of the SU; and the terminal starts a resident service process of the Jar packet, and the Root permission is obtained through the resident service process. The embodiment of the invention also discloses a device for obtaining the Root permission. After the adoption, the method and the device disclosed by the invention have the advantages that the consumption of resources for obtaining the Root permission can be concretely reduced; the success rate of obtaining the Root permission is improved; the applicability is high; and the experience of a user obtaining the Root permission is enhanced.
Description
Technical field
The present invention relates to electronic technology field, more particularly to a kind of method and device for obtaining Root authority.
Background technology
With mobile phone etc. using the research and development technology of the equipment of android system growing ripe and mobile phone increasingly,
The species of application program of mobile phone is also increasingly various.In order that cellphone subscriber obtains more preferable Consumer's Experience, many mobile phone applications
Program is needed to system application Root authority, and more functions are realized under Root authority.Currently, the Android such as part mobile phone
Device systems can provide Root authority, and mobile phone needs to obtain Root authority from system, could realize under Root authority corresponding
Function.
In prior art, when application program obtains Root authority, the application programming interface of Java is mainly first passed through
(Application Programming Interface, API) is started with switching user (Switch User, SU) user identity
Oneself resident process (also referred to as consumer process) service, and above-mentioned action is performed with service processes every time.Specifically, should
When applying for Root authority every time with program, service processes by android system /system/bin/app_process
Instruction starts consumer process service by Java API with the identity of SU user.Performed by service processes in prior art and obtained
Take the operation of Root authority, although Root authority can be got, but when system version is higher than Android4.0, the peace of system
After full monitoring property is higher, the method described in prior art cannot then avoid the safety monitoring of system, and application program cannot
Start consumer process by app_process using Java API, and then Root authority cannot be obtained.I.e. in prior art only
Using Java API, applicability is low by way of app_process is to start consumer process, mortality is high;Additionally, existing skill
Application program applies for that every time Root authority is required for service routine to perform the operation for obtaining Root authority in art, increased acquisition
The resource overhead of Root authority.
The content of the invention
The embodiment of the present invention provides a kind of method and device for obtaining Root authority.System can be removed by JNI modules
Security context variable, by the ID of local process the ID of SU user is set to, and then starts subprocess by JNI modules,
With the resident service process in the operating right of SU user loading Jar bags in above-mentioned subprocess, by Jar bags in resident clothes
Business process obtains Root authority, reduces the resource consumption for obtaining Root authority, improves the success rate for obtaining Root authority, fits
It is high with property, enhance the Consumer's Experience for obtaining Root authority.
Embodiment of the present invention first aspect provides a kind of method of acquisition Root authority, and it may include:
Terminal opens local process with the identity for switching user SU user, Java is started in the local process and is locally adjusted
Use JNI modules;
The ID of the local process is set to the terminal ID of the SU user by the JNI modules,
The operating right of the SU user is obtained, and the security context variable of system is removed;
The terminal starts subprocess by the JNI modules, with the operating rights of the SU user in the subprocess
Limit loading Java archive file Jar bags;
The terminal starts the resident service process of the Jar bags, and by the resident service process Root authority is obtained.
Wherein, the terminal opens local process with the identity for switching user SU user, starts in the local process
Java locally calls JNI modules, including:
The terminal is opened one and is locally entered by application programming interface API of Java with the identity of the SU user
Journey;
The terminal starts the JNI modules in the local process to the standard inlet flow write of the local process
The order of executable file, starts the JNI modules.
Wherein, the ID of the local process includes:ID UID, validated user mark EUID, globally unique
Identifier GUID, effective GUID EGUID.
Wherein, the ID of the local process is set to the SU user by the terminal by the JNI modules
ID, including:
The terminal is arranged UID, EUID, the GUID in the local process, and EGUID by the JNI modules
The ID of the SU user, to obtain the operating right of the SU user;
Wherein, the SU user is power user.
Wherein, the security context variable is the variable that the system carries out monitoring during safety monitoring, if the system is entered
The security context variable is monitored during row safety monitoring, the terminal will be prevented to obtain the Root authority;
The security context variable by system is removed, including:
The terminal is instructed the security context by the JNI modules using the unsetenv in the JNI modules
Variable is emptied, to avoid the safety monitoring of the system.
Wherein, it is described that Java archive file Jar bags, bag are loaded with the operating right of the SU user in the subprocess
Include:
The terminal in the subprocess, according to start-up parameter preset in the JNI modules with the SU user's
Operating right loads the Jar bags.
Wherein, the start-up parameter is the load path information of the Jar bags, and the load path of the Jar bags is believed
Cease the ID corresponding to the SU user;
When it is the ID of the SU user to load the ID of the terminal of the Jar bags, the system allows institute
State terminal and the Jar bags are loaded according to the load path information;
When it is not the ID of the SU user to load the ID of the terminal of the Jar bags, the system does not permit
Perhaps Jar bags described in described terminal loads.
Wherein, the resident service process is the executable program write of user's Java language of the terminal, the Jar
Wrap the file bag obtained for resident service process compiling;
The terminal starts the resident service process of the Jar bags, and by the resident service process Root authority is obtained,
Including:
The terminal starts the resident service process of the Jar bags by the app_process in the system, by institute
State resident service process and obtain the Root authority.
Wherein, the terminal is the one kind in mobile phone, the panel computer using android system.
Wherein, the terminal includes that the needs Root authority is realized specifying the application program of function;
The application program includes:At least one in setting, managerial expert, precious application, application installation, data backup.
Embodiment of the present invention second aspect provides a kind of device of acquisition Root authority, and it may include:
Starting module, for opening local process with the identity for switching user SU user, starts in the local process
Java locally calls JNI modules;
Processing module, for the ID of the local process to be set to into the SU user by the JNI modules
ID, obtain the operating right of the SU user, and the security context variable of system is removed;
Load-on module, for starting subprocess by the JNI modules, with the behaviour of the SU user in the subprocess
Make authority loading Java archive file Jar bags;
Acquisition module, for starting the resident service process of the Jar bags, by the resident service process Root is obtained
Authority.
Wherein, the starting module, including:
First start unit, for being opened with the identity of the SU user by application programming interface API of Java
One local process;
Second start unit, for the local process that starts in first start unit to the local process
The write of standard inlet flow starts the order of the JNI modules executable file, starts the JNI modules.
Wherein, the ID of the local process includes:ID UID, validated user mark EUID, globally unique
Identifier GUID, effective GUID EGUID.
Wherein, the processing module, specifically for:
By the JNI modules UID, EUID, the GUID in the local process, and EGUID are arranged the SU and used
The ID at family, to obtain the operating right of the SU user;
Wherein, the SU user is power user.
Wherein, the security context variable is the variable that the system carries out monitoring during safety monitoring, if the system is entered
The security context variable is monitored during row safety monitoring, end application will be prevented to obtain the Root authority;
The processing module, also particularly useful for:
It is using the unsetenv instructions in the JNI modules that the security context variable is clear by the JNI modules
Sky, to avoid the safety monitoring of the system.
Wherein, the load-on module, specifically for:
Subprocess is started by the JNI modules, in the subprocess, according to startup preset in the JNI modules
Parameter loads the Jar bags with the operating right of the SU user.
Wherein, the start-up parameter is the load path information of the Jar bags, and the load path of the Jar bags is believed
Cease the ID corresponding to the SU user;
When it is the ID of the SU user to load the ID of the terminal of the Jar bags, the system allows institute
State terminal and the Jar bags are loaded according to the load path information;
When it is not the ID of the SU user to load the ID of the terminal of the Jar bags, the system does not permit
Perhaps Jar bags described in described terminal loads.
Wherein, the resident service process is the executable program write of user's Java language of the terminal, the Jar
Wrap the file bag obtained for resident service process compiling;
The acquisition module, specifically for:
The resident service process of the Jar bags is started by the app_process in the system, by the resident clothes
Business process obtains the Root authority.
Wherein, described device is the one kind in mobile phone, the panel computer using android system.
Wherein, described device includes that the needs Root authority is realized specifying the application program of function;
Application program includes:At least one in setting, managerial expert, precious application, application installation, data backup.
The embodiment of the present invention third aspect provides a kind of terminal, and it may include:Embodiments of the present invention second aspect
A kind of any one of device of acquisition Root authority for providing.
In the embodiment of the present invention is implemented, terminal can start local process with the identity of SU user, locally enter above-mentioned
Start JNI modules in journey, the user equipment of current process is set to by above-mentioned JNI modules for the ID of SU user, obtain SU and use
The operating right at family, and the security context variable of system is emptied, and then subprocess is started by above-mentioned JNI modules, above-mentioned
With the resident service process in the operating right loading Jar bags of SU user in subprocess, obtained by above-mentioned resident service process
Root authority.That is, the embodiment of the present invention loads the resident service process in Jar bags with the operating right of SU user, by above-mentioned
Resident service process obtains Root authority, is switched on a local process without the need for acquisition Root authority every time and goes to perform acquisition Root
The instruction of authority, reduces the resource consumption for obtaining Root authority, also improves the success rate for obtaining Root authority, applicability
Height, enhances the Consumer's Experience for obtaining Root authority.
Description of the drawings
Technical scheme in order to be illustrated more clearly that the embodiment of the present invention, below will be to making needed for embodiment description
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, on the premise of not paying creative work, can be obtaining other according to these accompanying drawings
Accompanying drawing.
Fig. 1 is the embodiment schematic flow sheet of the method for acquisition Root authority provided in an embodiment of the present invention;
Fig. 2 is the example structure schematic diagram of the device of acquisition Root authority provided in an embodiment of the present invention;
Fig. 3 is the structural representation of the starting module of the device of acquisition Root authority provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
In implementing, the terminal described in the embodiment of the present invention is the acquisition Root provided in the embodiment of the present invention
The device of authority, in embodiments of the present invention, above-mentioned terminal may include:Mobile phone, panel computer etc. can use android system
Equipment.Above-mentioned terminal is only citing, and non exhaustive, including but not limited to above-mentioned terminal.Below will be by taking mobile phone as an example, to the present invention
The method and device of the acquisition Root authority described in embodiment is specifically described.
It is the embodiment schematic flow sheet of the method for acquisition Root authority provided in an embodiment of the present invention referring to Fig. 1.This reality
The method for applying the acquisition Root authority described in example, including step:
S101, terminal opens local process with the identity for switching user SU user, and in the local process Java is started
Locally call JNI modules.
In some feasible embodiments, the SU user described in the embodiment of the present invention is power user.It is concrete real
In existing, the additional function that some application program of mobile phone can pass through in the application program provides more preferable user's body for cellphone subscriber
Test, but above-mentioned additional function needs to be realized in the environment of Root authority is obtained, therefore above-mentioned application program of mobile phone can
Root authority is obtained to system application, to realize above-mentioned additional function.Specifically, the application program of above-mentioned mobile phone may include:If
Put, managerial expert (such as mobile phone house keeper), application precious, application installations, data backup etc., wherein, above-mentioned application program is only to lift
Example, and it is non exhaustive, including but not limited to above-mentioned application program.For example, the application of mobile phone is installed and is capable of achieving static installation Android
The function of application program, and above-mentioned application installs the function needs for realizing static installation Android application programs in Root power
In the environment of limit, therefore above-mentioned mobile phone application is installed and can obtain Root authority to cell phone system application.Specifically, of the invention real
In applying example, the embodiment of the present invention will be using equipment such as mobile phones as executive agent, to above-mentioned mobile phone using application programs such as installations
The process that implements for obtaining Root authority to system application is illustrated.
In some feasible embodiments, when mobile phone is to system application acquisition Root authority, can first with the body of SU user
Part opens a local process (i.e. native process), Java is started in above-mentioned local process and locally calls (Java
Native Interface, JNI) module.Specifically, mobile phone can open a sheet by the API of Java with the identity of SU user
Ground process.Mobile phone starts the executable file of JNI modules in above-mentioned local process to the mark inlet flow write of local process
Order, JNI modules get after above-mentioned startup order, then can bring into operation, i.e. mobile phone can be by writing in local process
The order for entering to start the executable file of JNI starts JNI modules.
The ID of the local process is set to the SU user by S102, the terminal by the JNI modules
ID, obtain the operating right of the SU user, and the security context variable of system is removed.
In some feasible embodiments, after the above-mentioned JNI modules of handset starting, then can be by above-mentioned JNI modules
Distinctive some API come realize obtain Root authority function.In implementing, after the above-mentioned JNI modules of handset starting, then may be used
The ID of current process (i.e. local process) is set to by above-mentioned JNI modules for the ID of above-mentioned SU user, to obtain more
High operating right, i.e. JNI modules are set to above-mentioned ID after the ID of SU user, then can obtain and above-mentioned SU user
Operating right identical operating right.When system receives the application of the acquisition Root authority of mobile phone initiation, if judging to obtain
Above-mentioned ID is the ID of SU user, then can determine whether that the user for obtaining above-mentioned initiation application has the operating right of SU user,
And then SU Client-initiated applications are treated as in above-mentioned application.Wherein, the ID of above-mentioned current process may include:ID
(User Identity, UID), validated user mark (Effective User Identity, EUID), GUID
(Globally Unique Identifier, GUID), effective GUID (Effective Globally
Unique Identifier, EGUID) etc..That is, mobile phone can be arranged the ID such as above-mentioned UID, EUID, GUID and EGUID
For the ID of above-mentioned SU user, to obtain the operating right of the SU user.Above-mentioned each ID is set to SU and is used by mobile phone
After the ID at family, after mobile phone detects the ID that the ID such as above-mentioned UID, EUID, GUID and EGUID are above-mentioned SU user,
The corresponding user of above-mentioned ID and above-mentioned SU user's identical operating right can be then authorized, and then can be sent to above-mentioned
The data is activation of the user of operating right gives above-mentioned user.
In some feasible embodiments, ID is set to mobile phone the ID of SU user by above-mentioned JNI modules
Afterwards, can also pass through JNI modules to remove the security context variable of system.Above-mentioned security context variable carries out safe prison for system
The variable monitored during survey, such as LD_PRELOAD etc., if system carries out monitoring above-mentioned security context variable during safety monitoring,
The equipment such as mobile phone will be then prevented to obtain Root authority.The embodiment of the present invention in order to avoid the safety monitoring of system, smoothly to obtain
To Root authority, mobile phone can be by JNI modules, using the unsetenv instructions in above-mentioned JNI modules by the security context of system
Variable is removed, and then can avoid the safety monitoring of system.
S103, the terminal starts subprocess by the JNI modules, with the behaviour of the SU user in the subprocess
Make authority loading Java archive file Jar bags.
S104, the terminal starts the resident service process of the Jar bags, and by the resident service process Root is obtained
Authority.
In some feasible embodiments, the ID of local process is set to SU and is used by mobile phone by JNI modules
The ID at family and after the security context variable of system is emptied, then can start a subprocess by JNI modules, enter in above-mentioned son
Jar bags are loaded with the operating right of SU user in journey.Specifically, mobile phone can be in above-mentioned subprocess, according to preset in JNI modules
Start-up parameter Jar bags are loaded with the operating right of SU user, wherein, start-up parameter is the load path information of above-mentioned Jar bags,
Corresponding to the ID of above-mentioned SU user, i.e., the corresponding users of ID of only above-mentioned SU user are just for the load path information of above-mentioned Jar bags
Have permission the above-mentioned Jar bags of loading.When system monitoring to the ID of the mobile phone of loading Jar bags is not the ID of SU user, then
Allow above-mentioned mobile phone to load above-mentioned Jar bags according to above-mentioned load path information, otherwise, then do not allow mobile phone to load above-mentioned Jar bags.
Specifically, JNI modules can call corresponding function to obtain above-mentioned start-up parameter in above-mentioned subprocess, and for example, JNI modules can lead to
Cross and call real_execve () function to call start-up parameter, and then above-mentioned Jar bags are loaded by above-mentioned load path information.
In some feasible embodiments, mobile phone is got after above-mentioned Jar bags, then can pass through the app_ in system
Process starts after the above-mentioned resident service process initiation of resident service process in above-mentioned Jar bags, then can be by above-mentioned resident
Service processes obtain Root authority, and after getting above-mentioned Root authority, application program of mobile phone then can be in the environment of Root authority
Under realize more functions.Wherein, above-mentioned resident service process is the executable program that cellphone subscriber's Java language is write, above-mentioned
Jar bags are the file bag that above-mentioned resident service process compiling is obtained.
In embodiments of the present invention, mobile phone can start local process with the identity of SU user, in above-mentioned local process
Start JNI modules, the user equipment of local process is set to by above-mentioned JNI modules for the ID of SU user, obtain SU user's
Operating right, and the security context variable of system is emptied, and then subprocess is started by above-mentioned JNI modules, enter in above-mentioned son
With the resident service process in the operating right loading Jar bags of SU user in journey, Root is obtained by above-mentioned resident service process
Authority.That is, the embodiment of the present invention is resided with the resident service process in the operating right loading Jar bags of SU user by above-mentioned
Service processes obtain Root authority, are switched on a local process without the need for acquisition Root authority every time and go to perform acquisition Root authority
Instruction, reduce the resource consumption for obtaining Root authority, also improve the success rate for obtaining Root authority, applicability is high, increases
The strong Consumer's Experience for obtaining Root authority.
It is the example structure schematic diagram of the device of acquisition Root authority provided in an embodiment of the present invention referring to Fig. 2.This reality
The device described in example is applied, including:
Starting module 10, for opening local process with the identity for switching user SU user, opens in the local process
Dynamic Java locally calls JNI modules.
Processing module 20, uses for the ID of the local process to be set to into the SU by the JNI modules
The ID at family, obtains the operating right of the SU user, and the security context variable of system is removed.
Load-on module 30, for starting subprocess by the JNI modules, with the SU user's in the subprocess
Operating right loads Java archive file Jar bags.
Acquisition module 40, for starting the resident service process of the Jar bags, is obtained by the resident service process
Root authority.
In some feasible embodiments, above-mentioned starting module 10, including:
First start unit 11, for being opened with the identity of the SU user by application programming interface API of Java
Open a local process.
Second start unit 12, for the local process that starts in first start unit to the local process
The write of standard inlet flow start the order of the JNI modules executable file, start the JNI modules.
In some feasible embodiments, above-mentioned processing module 20, specifically for:
By the JNI modules UID, EUID, the GUID in the local process, and EGUID are arranged the SU and used
The ID at family, to obtain the operating right of the SU user.
In some feasible embodiments, the security context variable is that the system carries out monitoring during safety monitoring
Variable, if the system carries out monitoring the security context variable during safety monitoring, will prevent end application from obtaining institute
State Root authority;
Above-mentioned processing module 20, also particularly useful for:
It is using the unsetenv instructions in the JNI modules that the security context variable is clear by the JNI modules
Sky, to avoid the safety monitoring of the system.
In some feasible embodiments, above-mentioned load-on module 30, specifically for:
Subprocess is started by the JNI modules, in the subprocess, according to startup preset in the JNI modules
Parameter loads the Jar bags with the operating right of the SU user.
In some feasible embodiments, above-mentioned acquisition module 40, specifically for:
The resident service process of the Jar bags is started by the app_process in the system, by the resident clothes
Business process obtains the Root authority.
In some feasible embodiments, the SU user described in the embodiment of the present invention is power user.It is concrete real
In existing, the additional function that some application program of mobile phone can pass through in the application program provides more preferable user's body for cellphone subscriber
Test, but above-mentioned additional function needs to be realized in the environment of Root authority is obtained, therefore above-mentioned application program of mobile phone can
Root authority is obtained to system application, to realize above-mentioned additional function.Specifically, the application program of above-mentioned mobile phone may include:If
Put, managerial expert (such as mobile phone house keeper), application precious, application installations, data backup etc., wherein, above-mentioned application program is only to lift
Example, and it is non exhaustive, including but not limited to above-mentioned application program.For example, the application of mobile phone is installed and is capable of achieving static installation Android
The function of application program, and above-mentioned application installs the function needs for realizing static installation Android application programs in Root power
In the environment of limit, therefore above-mentioned mobile phone application is installed and can obtain Root authority to cell phone system application.Specifically, of the invention real
In applying example, the embodiment of the present invention will be using equipment such as mobile phones as executive agent, to above-mentioned mobile phone using application programs such as installations
The process that implements for obtaining Root authority to system application is illustrated.
In some feasible embodiments, mobile phone to system application obtain Root authority when, starting module 10 can first with
The identity of SU user opens a local process (i.e. native process), Java is started in above-mentioned local process and is locally adjusted
With (Java Native Interface, JNI) module.Specifically, starting module 10 can pass through the Java API in JNI modules,
One local process is opened with the identity of SU user.Starting module 10 can be to local process in above-mentioned local process mark it is defeated
The write that becomes a mandarin starts the order of the executable file of JNI modules, and JNI modules get after above-mentioned startup order, then can start
Operation, i.e. the order of the executable file that starting module 10 can start JNI by the write in local process starts JNI modules.
In implementing, above-mentioned starting module opens local process and the startup JNI moulds in above-mentioned local process with the identity of SU user
Step in the embodiment for implementing the method that process can be found in acquisition Root authority provided in an embodiment of the present invention of block
S101, will not be described here.
In some feasible embodiments, mobile phone is started after above-mentioned JNI modules by starting module 10, then can be passed through
In above-mentioned JNI modules distinctive some API come realize obtain Root authority function.In implementing, starting module 10 starts
After above-mentioned JNI modules, processing module 20 then can be by above-mentioned JNI modules by the ID of current process (i.e. local process)
The ID of above-mentioned SU user is set to, to obtain higher operating right, i.e. processing module 20 is marked above-mentioned user by JNI modules
Knowledge is set to after the ID of SU user, then can obtain the operating right identical operating right with above-mentioned SU user.System is received
During the application of the acquisition Root authority initiated to mobile phone, if judging to obtain ID of the above-mentioned ID as SU user, can determine whether
The user for obtaining above-mentioned initiation application has the operating right of SU user, and then above-mentioned application is treated as into SU Client-initiateds Shen
Please.Wherein, the ID of above-mentioned current process may include:ID (User Identity, UID), validated user mark
(Effective User Identity, EUID), GUID (Globally Unique Identifier,
GUID), effective GUID (Effective Globally Unique Identifier, EGUID) etc..That is, locate
The ID such as above-mentioned UID, EUID, GUID and EGUID can be set to reason module 20 ID of above-mentioned SU user, described to obtain
The operating right of SU user.Processing module 20 is set to above-mentioned each ID after the ID of SU user, when mobile phone detection
To after the ID that the ID such as above-mentioned UID, EUID, GUID and EGUID are above-mentioned SU user, then above-mentioned ID pair can be authorized
The user for answering and above-mentioned SU user's identical operating right, and then the data of the user with aforesaid operations authority can be sent to
Give above-mentioned user.
In some feasible embodiments, ID is set to SU and is used by processing module 20 by above-mentioned JNI modules
After the ID at family, can also pass through JNI modules and remove the security context variable of system.Above-mentioned security context variable is carried out for system
The variable monitored during safety monitoring, such as LD_PRELOAD etc., if system carries out monitoring above-mentioned safety collar during safety monitoring
Border variable, then will prevent the equipment such as mobile phone from obtaining Root authority.The embodiment of the present invention in order to avoid the safety monitoring of system, with suitable
Profit gets Root authority, and mobile phone can be instructed the peace of system by JNI modules using the unsetenv in above-mentioned JNI modules
Full ambient engine variable is removed, and then can avoid the safety monitoring of system.In implementing, above-mentioned processing module is by the use of local flow process
The process that implements that family mark is set to the ID of SU user and removes the security context variable of system can be found in the present invention in fact
Step S102 in the embodiment of the method for applying the acquisition Root authority of example offer, will not be described here.
In some feasible embodiments, processing module 20 is arranged the ID of local process by JNI modules
ID for SU user and after the security context variable of system is emptied, load-on module 30 then can start one by JNI modules
Subprocess, Jar bags are loaded in above-mentioned subprocess with the operating right of SU user.Specifically, load-on module 30 can be in above-mentioned son
In process, Jar bags are loaded with the operating right of SU user according to start-up parameter preset in JNI modules, wherein, start-up parameter is
The load path information of above-mentioned Jar bags, the load path information of above-mentioned Jar bags corresponding to the ID of above-mentioned SU user, that is, only have on
The corresponding users of ID for stating SU user just have permission the above-mentioned Jar bags of loading.When system monitoring is to the user of the mobile phone of loading Jar bags
When mark is not the ID of SU user, it is allowed to which above-mentioned mobile phone loads above-mentioned Jar bags according to above-mentioned load path information, otherwise, does not permit
Perhaps mobile phone loads above-mentioned Jar bags.Specifically, load-on module 30 can call corresponding letter by JNI modules in above-mentioned subprocess
Number obtains above-mentioned start-up parameter, and for example, JNI modules can be entered by calling real_execve () function to call start-up parameter
And above-mentioned Jar bags are loaded by above-mentioned load path information.
In some feasible embodiments, load-on module 30 is got after above-mentioned Jar bags, and acquisition module 40 then can lead to
The app_process crossed in system starts the resident service process in above-mentioned Jar bags.Acquisition module 40 starts above-mentioned resident service
After process, then Root authority can be obtained by above-mentioned resident service process.Acquisition module 40 get above-mentioned Root authority it
Afterwards, application program of mobile phone then can realize more functions in the environment of Root authority.Wherein, above-mentioned resident service process is hand
The executable program that machine user is write with Java language, above-mentioned Jar bags are the file bag that above-mentioned resident service process compiling is obtained.
In implementing, above-mentioned load-on module loads Jar bags, and acquisition module obtains Root power according to the Jar that load-on module is loaded
Step in the embodiment for implementing the method that process can be found in acquisition Root authority provided in an embodiment of the present invention of limit
S103-S104, will not be described here.
In embodiments of the present invention, mobile phone can start local process with the identity of SU user, in above-mentioned local process
Start JNI modules, the user equipment of local process is set to by above-mentioned JNI modules for the ID of SU user, obtain SU user's
Operating right, and the security context variable of system is emptied, and then subprocess is started by above-mentioned JNI modules, enter in above-mentioned son
With the resident service process in the operating right loading Jar bags of SU user in journey, Root is obtained by above-mentioned resident service process
Authority.That is, the embodiment of the present invention is resided with the resident service process in the operating right loading Jar bags of SU user by above-mentioned
Service processes obtain Root authority, are switched on a local process without the need for acquisition Root authority every time and go to perform acquisition Root authority
Instruction, reduce the resource consumption for obtaining Root authority, also improve the success rate for obtaining Root authority, applicability is high, increases
The strong Consumer's Experience for obtaining Root authority.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means to combine specific features, structure, material or spy that the embodiment or example are described
Point is contained at least one embodiment of the present invention or example.In this manual, to the schematic representation of above-mentioned term not
Identical embodiment or example must be directed to.And, the specific features of description, structure, material or feature can be with office
Combine in an appropriate manner in one or more embodiments or example.Additionally, in the case of not conflicting, the skill of this area
Art personnel can be tied the feature of the different embodiments or example described in this specification and different embodiments or example
Close and combine.
Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that indicating or implying relative importance
Or the implicit quantity for indicating indicated technical characteristic.Thus, define " first ", the feature of " second " can express or
Implicitly include at least one this feature.In describing the invention, " multiple " are meant that at least two, such as two, three
It is individual etc., unless otherwise expressly limited specifically.
In flow chart or here any process described otherwise above or method description are construed as, expression includes
It is one or more for realizing specific logical function or process the step of the module of code of executable instruction, fragment or portion
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussion suitable
Sequence, including according to involved function by it is basic simultaneously in the way of or in the opposite order, carry out perform function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
In flow charts expression or here logic described otherwise above and/or step, for example, are considered use
In the order list of the executable instruction for realizing logic function, in may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (as computer based system, the system including processor or other can hold from instruction
The system of row system, device or equipment instruction fetch and execute instruction) use, or with reference to these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium " can any can be included, store, communicate, propagate or pass
The dress that defeated program is used for instruction execution system, device or equipment or with reference to these instruction execution systems, device or equipment
Put.The more specifically example (non-exhaustive list) of computer-readable medium includes following:With the electricity that one or more are connected up
Connecting portion (electronic installation), portable computer diskette box (magnetic device), random access memory (RAM), read-only storage
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device, and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can thereon print described program or other are suitable
Medium, because for example by carrying out optical scanner to paper or other media edlin, interpretation can then be entered or if necessary with it
His suitable method is processed to electronically obtain described program, in being then stored in computer storage.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned
In embodiment, the software that multiple steps or method can in memory and by suitable instruction execution system be performed with storage
Or firmware is realizing.For example, if realized with hardware, and in another embodiment, can be with well known in the art
Any one of row technology or their combination are realizing:With for realizing the logic gates of logic function to data-signal
Discrete logic, the special IC with suitable combinational logic gate circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that to realize all or part of step that above-described embodiment method is carried
Suddenly the hardware that can be by program to instruct correlation is completed, and described program can be stored in a kind of computer-readable storage medium
In matter, the program upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the invention can be integrated in a processing module, it is also possible to
It is that unit is individually physically present, it is also possible to which two or more units are integrated in a module.Above-mentioned integrated mould
Block both can be realized in the form of hardware, it would however also be possible to employ the form of software function module is realized.The integrated module is such as
Fruit is realized and as independent production marketing or when using using in the form of software function module, it is also possible to be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only storage, disk or CD etc..Although having shown that above and retouching
Embodiments of the invention are stated, it is to be understood that above-described embodiment is exemplary, it is impossible to be interpreted as the limit to the present invention
System, one of ordinary skill in the art can be changed to above-described embodiment, change, replace and become within the scope of the invention
Type.
One of ordinary skill in the art will appreciate that realizing all or part of flow process in above-described embodiment method, can be
Related hardware is instructed to complete by computer program, described program can be stored in computer read/write memory medium
In, the program is upon execution, it may include such as the flow process of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
Above disclosed is only present pre-ferred embodiments, can not limit the right model of the present invention with this certainly
Enclose, therefore the equivalent variations made according to the claims in the present invention, still belong to the scope that the present invention is covered.
Claims (21)
1. it is a kind of obtain Root authority method, it is characterised in that include:
Terminal opens local process with the identity for switching user SU, Java is started in the local process and locally calls JNI moulds
Block;
The ID of the local process is set to the terminal ID of the SU by the JNI modules, obtains described
The operating right of SU, and the security context variable of system is removed;
The terminal starts subprocess by the JNI modules, is loaded with the operating right of the SU in the subprocess
Java archive file Jar bags;
The terminal starts the resident service process of the Jar bags, and by the resident service process Root authority is obtained.
2. the method for claim 1, it is characterised in that the terminal opens locally to enter with the identity for switching user SU
Journey, starts Java and locally calls JNI modules in the local process, including:
The terminal opens a local process by application programming interface API of Java with the identity of the SU;
The terminal starts the JNI modules in the local process to the standard inlet flow write of the local process can be held
The order of style of writing part, starts the JNI modules.
3. method as claimed in claim 2, it is characterised in that the ID of the local process includes:ID
UID, validated user mark EUID, GUID GUID, effective GUID EGUID.
4. method as claimed in claim 3, it is characterised in that the terminal is by the JNI modules by the local process
ID be set to the ID of the SU, including:
UID, EUID, GUID in the local process, and EGUID are arranged described by the terminal by the JNI modules
The ID of SU, obtains the operating right of the SU;
Wherein, the SU is power user.
5. method as claimed in claim 4, it is characterised in that the security context variable carries out safety monitoring for the system
When the variable monitored, if the system carries out monitoring the security context variable during safety monitoring, the terminal will be prevented from obtaining
Take the Root authority;
The security context variable by system is removed, including:
The terminal is instructed the security context variable by the JNI modules using the unsetenv in the JNI modules
Empty, to avoid the safety monitoring of the system.
6. method as claimed in claim 5, it is characterised in that described to be added with the operating right of the SU in the subprocess
Java archive file Jar bags are carried, including:
The terminal in the subprocess, according to start-up parameter preset in the JNI modules with the operating right of the SU
Load the Jar bags.
7. method as claimed in claim 6, it is characterised in that the start-up parameter is the load path information of the Jar bags,
ID of the load path information of the Jar bags corresponding to the SU;
When it is the ID of the SU to load the ID of the terminal of the Jar bags, the system allows the terminal root
The Jar bags are loaded according to the load path information;
When it is not the ID of the SU to load the ID of the terminal of the Jar bags, the system does not allow the end
The end loading Jar bags.
8. method as claimed in claim 7, it is characterised in that the resident service process is that the user of the terminal uses Java
The executable program that language is write, the Jar bags are the file bag that resident service process compiling is obtained;
The terminal starts the resident service process of the Jar bags, and by the resident service process Root authority, bag are obtained
Include:
The terminal starts the resident service process of the Jar bags by the app_process in the system, by described normal
The Root authority of acquisition in service processes.
9. the method as described in claim 1-8 any one, it is characterised in that the terminal is using android system
One kind in mobile phone, panel computer.
10. method as claimed in claim 9, it is characterised in that the terminal includes that the needs Root authority is realized referring to
Determine the application program of function;
The application program includes:At least one in setting, managerial expert, precious application, application installation, data backup.
11. a kind of devices for obtaining Root authority, it is characterised in that include:
Starting module, for opening local process with the identity for switching user SU, starts Java local in the local process
Call JNI modules;
Processing module, for the ID of the local process to be set to the ID of the SU by the JNI modules, is obtained
The operating right of the SU, and the security context variable of system is removed;
Load-on module, for starting subprocess by the JNI modules, is added in the subprocess with the operating right of the SU
Carry Java archive file Jar bags;
Acquisition module, for starting the resident service process of the Jar bags, by the resident service process Root power is obtained
Limit.
12. devices as claimed in claim 11, it is characterised in that the starting module, including:
First start unit, for opening one locally with the identity of the SU by application programming interface API of Java
Process;
Second start unit, for standard from the local process that starts in first start unit to the local process
Inlet flow write starts the order of the JNI modules executable file, starts the JNI modules.
13. devices as claimed in claim 12, it is characterised in that the ID of the local process includes:ID
UID, validated user mark EUID, GUID GUID, effective GUID EGUID.
14. devices as claimed in claim 13, it is characterised in that the processing module, specifically for:
UID, EUID, GUID in the local process, and EGUID are arranged by the ID of the SU by the JNI modules, with
Obtain the operating right of the SU;
Wherein, the SU is power user.
15. devices as claimed in claim 14, it is characterised in that the security context variable carries out safe prison for the system
The variable monitored during survey, if the system carries out monitoring the security context variable during safety monitoring, will prevent terminal applies
Program obtains the Root authority;
The processing module, also particularly useful for:
By the JNI modules, the security context variable is emptied using the unsetenv instructions in the JNI modules, with
Avoid the safety monitoring of the system.
16. devices as claimed in claim 15, it is characterised in that the load-on module, specifically for:
Subprocess is started by the JNI modules, in the subprocess, according to start-up parameter preset in the JNI modules
The Jar bags are loaded with the operating right of the SU.
17. devices as claimed in claim 16, it is characterised in that the start-up parameter is the load path letter of the Jar bags
Breath, the load path information of the Jar bags corresponds to the ID of the SU;
When it is the ID of the SU to load the ID of the terminal of the Jar bags, the system allows the terminal root
The Jar bags are loaded according to the load path information;
When it is not the ID of the SU to load the ID of the terminal of the Jar bags, the system does not allow the end
The end loading Jar bags.
18. devices as claimed in claim 17, it is characterised in that the resident service process is that the user of the terminal uses
The executable program that Java language is write, the Jar bags are the file bag that resident service process compiling is obtained;
The acquisition module, specifically for:
The resident service process of the Jar bags is started by the app_process in the system, is entered by the resident service
Journey obtains the Root authority.
19. devices as described in claim 11-18 any one, it is characterised in that described device is to use android system
Mobile phone, panel computer in one kind.
20. devices as claimed in claim 19, it is characterised in that described device includes that the needs Root authority is realized referring to
Determine the application program of function;
Application program includes:At least one in setting, managerial expert, precious application, application installation, data backup.
21. a kind of communication terminals, it is characterised in that the communication terminal includes:As described in any one in claim 11-20
Device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410361668.9A CN104134036B (en) | 2014-07-26 | 2014-07-26 | Method and device for obtaining Root permission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410361668.9A CN104134036B (en) | 2014-07-26 | 2014-07-26 | Method and device for obtaining Root permission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104134036A CN104134036A (en) | 2014-11-05 |
| CN104134036B true CN104134036B (en) | 2017-05-10 |
Family
ID=51806711
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410361668.9A Active CN104134036B (en) | 2014-07-26 | 2014-07-26 | Method and device for obtaining Root permission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104134036B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104778075B (en) * | 2015-04-03 | 2018-09-04 | 北京奇虎科技有限公司 | The method and apparatus of Java layers of API of native layers of calling in android system |
| CN106919812B (en) * | 2015-12-26 | 2020-06-16 | 腾讯科技(深圳)有限公司 | Application process authority management method and device |
| CN106557684B (en) * | 2016-10-14 | 2019-09-27 | 北京金山安全软件有限公司 | File scanning method and device and terminal equipment |
| CN106503570B (en) * | 2016-11-17 | 2020-01-14 | 深圳Tcl数字技术有限公司 | Method and device for protecting Root authority |
| CN107068150A (en) * | 2017-05-03 | 2017-08-18 | 安利军 | A kind of Android intelligent sounds control method and system |
| CN107194238B (en) * | 2017-05-22 | 2020-01-10 | 苏州浪潮智能科技有限公司 | Method and device for managing access authority and computer readable storage medium |
| CN110472381B (en) * | 2019-07-31 | 2021-05-25 | 广州微算互联信息技术有限公司 | Root permission hiding method and system based on android system and storage medium |
| CN112651012B (en) * | 2020-12-28 | 2023-03-24 | 五八同城信息技术有限公司 | Information processing method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8271785B1 (en) * | 2004-12-20 | 2012-09-18 | Novell, Inc. | Synthesized root privileges |
| CN102981835A (en) * | 2012-11-02 | 2013-03-20 | 福州博远无线网络科技有限公司 | Android application program permanent Root permission acquiring method |
| CN103198265A (en) * | 2013-03-28 | 2013-07-10 | 上海斐讯数据通信技术有限公司 | Method for starting root permission of mobile device |
| CN103473502A (en) * | 2013-09-16 | 2013-12-25 | 惠州Tcl移动通信有限公司 | Method and system for acquiring Root rights of android-based mobile terminal |
| CN103530534A (en) * | 2013-09-23 | 2014-01-22 | 北京理工大学 | Android program ROOT authorization method based on signature verification |
-
2014
- 2014-07-26 CN CN201410361668.9A patent/CN104134036B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8271785B1 (en) * | 2004-12-20 | 2012-09-18 | Novell, Inc. | Synthesized root privileges |
| CN102981835A (en) * | 2012-11-02 | 2013-03-20 | 福州博远无线网络科技有限公司 | Android application program permanent Root permission acquiring method |
| CN103198265A (en) * | 2013-03-28 | 2013-07-10 | 上海斐讯数据通信技术有限公司 | Method for starting root permission of mobile device |
| CN103473502A (en) * | 2013-09-16 | 2013-12-25 | 惠州Tcl移动通信有限公司 | Method and system for acquiring Root rights of android-based mobile terminal |
| CN103530534A (en) * | 2013-09-23 | 2014-01-22 | 北京理工大学 | Android program ROOT authorization method based on signature verification |
Non-Patent Citations (1)
| Title |
|---|
| Android系统 Root权限获取与检测;邢晓燕等;《软件》;20140228;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104134036A (en) | 2014-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104134036B (en) | Method and device for obtaining Root permission | |
| CN104793995B (en) | The method and device for controlling GPS to call | |
| US9953161B2 (en) | Method, device and system for processing notification bar message | |
| CN105427096B (en) | Payment security sandbox implementation method and system and application program monitoring method and system | |
| CN102779255B (en) | Method and device for judging malicious program | |
| CN104536737B (en) | A kind of program developing apparatus component-based | |
| CN105046146B (en) | A kind of resource access method of Android system | |
| DE112012001389T5 (en) | Secure execution of an unsecured app on a device | |
| CN106534277A (en) | Data sharing method and device | |
| CN109104412A (en) | Account right management method, management system and computer readable storage medium | |
| CN105843653A (en) | TA (trusted application) configuration method and device | |
| CN103632107B (en) | A kind of information of mobile terminal security protection system and method | |
| CN106227585A (en) | Application program starting method, device and equipment | |
| CN104217163B (en) | Method and device for detecting structured exception handling (SEH) attacks | |
| CN106169042A (en) | The method and device of administration authority | |
| CN102509054A (en) | Mobile terminal and application program control method for mobile terminal | |
| CN106292999A (en) | Method, device and the terminal that a kind of terminal is energy-conservation | |
| CN106060899A (en) | Flow control method and device | |
| CN108334404A (en) | The operation method and device of application program | |
| CN104915594B (en) | Application program operation method and device | |
| CN106503570A (en) | The method and device of protection Root authority | |
| CN104102498A (en) | Mobile terminal and booting method thereof | |
| CN105447384B (en) | A kind of anti-method monitored, system and mobile terminal | |
| CN107368738A (en) | A kind of anti-Root method and devices of smart machine | |
| CN107315947A (en) | Pay class application management method, device and mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181203 Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Patentee after: Zhuhai Seal Interest Technology Co., Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Patentee before: Zhuhai Juntian Electronic Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |