The content of the invention
It is an object of the invention to provide a kind of more efficient authority request response method of operational efficiency and its accordingly
Device.
To realize the purpose of the present invention, the present invention adopts the following technical scheme that:
A kind of authority request response method provided by the invention, comprises the following steps:
Start the communication interface for belonging to system level, outside authority request is monitored by the communication interface;
The signature identification of requesting party is obtained according to the authority request, this feature mark is retrieved in preset authentication list is
It is no in the state being allowed to;
It is the authority request to system application authority when this feature, which is identified as, is allowed to state.
Preferably, the communication interface of the system level, the communication for referring to the Binder mechanism based on Android and establishing
Service processes, for the applications process communication with initiating authority request.
Preferably, described signature identification, refers to that the UID in android system, each UID correspond to an application.
According to disclosed in an embodiment of the present invention, the preset authentication list, some signature identifications, feature are stored with
The presence in authentication list is identified, this feature is characterized and is identified as the state of being allowed to.
According to disclosed in another embodiment of the present invention, the preset authentication list, some signature identifications and right are stored with
The state recognition field for answering each signature identification to set, when the corresponding state recognition field of some signature identification is arranged to table
When levying the symbol being allowed to, the state of being allowed to is identified as with the symbolic representation this feature.
Further, when the signature identification for it is non-be allowed to state when, refuse described authority request.
Preferably, this method includes another step:Common authentication table data is obtained from remote interface and is updated local
The authentication list.
Further, after successfully Root authority is obtained using the authority request, the user that the authority request is initiated in binding enters
The communication of journey and service processes, service processes are used to respond the instruction for performing and asking execution by consumer process.
Preferably, in the local authentication list, it is provided with for characterizing the user corresponding with the signature identification
The type identification of the authority action period of program, prescribes a time limit to system applying right, the corresponding type identification application different type
Authority.
A kind of authority request responding device provided by the invention, it includes:
Communication interface, started otherwise with system-level, for monitoring outside authority request;
Retrieval unit, for obtaining the signature identification of requesting party according to the authority request, examined in preset authentication list
Rope this feature is identified whether in the state being allowed to;
Processing unit, when this feature, which is identified as, is allowed to state, for being the authority request to system application authority.
Specifically, the communication interface, the logical of system level is placed in for what the Binder mechanism based on Android was established
Telecommunications services process, by obtaining the authority request with applications process communication.
Preferably, described signature identification, refers to that the UID in android system, each UID correspond to an application.
It is disclosed according to an embodiment of the present, the preset authentication list, for storing some signature identifications,
Presence of the signature identification in authentication list, characterize this feature and be identified as the state of being allowed to.
It is disclosed according to another embodiment of the present invention, the preset authentication list, for being stored with some feature marks
The state recognition field that each signature identification is set is known and corresponds to, when the corresponding state recognition field of some signature identification is set
When being set to the symbol for characterizing and being allowed to, the state of being allowed to is identified as with the symbolic representation this feature.
Further, the processing unit, when the signature identification for it is non-be allowed to state when, for refusing described authority
Request.
Preferentially, the present invention includes maintenance unit, for obtaining common authentication table data from remote interface and updating this
The authentication list on ground.
Further, the device also includes service processes, after successfully Root authority is obtained using the authority request, with initiation
The consumer process BOUND communication of the authority request, the service processes are used to respond the instruction for performing and asking execution by consumer process.
Preferably, in the local authentication list, it is provided with for characterizing the user corresponding with the signature identification
The type identification of the authority action period of program, prescribes a time limit to system applying right, the corresponding type identification application different type
Authority.
Compared to prior art, the present invention at least has the following advantages that:It is of the invention to be using the communication interface of system level
Basis, the rights management mechanism of the authority request based on applications is established, have the advantages that communication is quick, success rate is high, enter
One step, by establishing preset authentication list, it is possible to achieve to managing independently for the authority requests of applications, from technical standpoint
From the point of view of, this authentication list possesses the effect similar to fire wall, have the advantages that in data set, operation it is efficient, safe and reliable.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one
It is individual ", " described " and "the" may also comprise plural form.It is to be further understood that what is used in the specification of the present invention arranges
Diction " comprising " refer to the feature, integer, step, operation, element and/or component be present, but it is not excluded that in the presence of or addition
One or more other features, integer, step, operation, element, component and/or their groups.It should be understood that when we claim member
Part is " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " can include wireless connection or wireless coupling.It is used herein to arrange
Taking leave "and/or" includes whole or any cell and all combinations of one or more associated list items.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology), there is the general understanding identical meaning with the those of ordinary skill in art of the present invention.Should also
Understand, those terms defined in such as general dictionary, it should be understood that have with the context of prior art
The consistent meaning of meaning, and unless by specific definitions as here, idealization or the implication of overly formal otherwise will not be used
To explain.
Those skilled in the art of the present technique are appreciated that " terminal " used herein above, " terminal device " both include wireless communication
The equipment of number receiver, it only possesses the equipment of the wireless signal receiver of non-emissive ability, includes receiving again and transmitting hardware
Equipment, its have on bidirectional communication link, can perform two-way communication reception and launch hardware equipment.This equipment
It can include:Honeycomb or other communication equipments, it has single line display or multi-line display or shown without multi-line
The honeycomb of device or other communication equipments;PCS (Personal Communications Service, PCS Personal Communications System), it can
With combine voice, data processing, fax and/or its communication ability;PDA (Personal Digital Assistant, it is personal
Digital assistants), it can include radio frequency receiver, pager, the Internet/intranet access, web browser, notepad, day
Go through and/or GPS (Global Positioning System, global positioning system) receiver;Conventional laptop and/or palm
Type computer or other equipment, its have and/or the conventional laptop including radio frequency receiver and/or palmtop computer or its
His equipment." terminal " used herein above, " terminal device " they can be portable, can transport, installed in the vehicles (aviation,
Sea-freight and/or land) in, or be suitable for and/or be configured in local runtime, and/or with distribution form, operate in the earth
And/or any other position operation in space." terminal " used herein above, " terminal device " can also be communication terminal, on
Network termination, music/video playback terminal, such as can be PDA, MID (Mobile Internet Device, mobile Internet
Equipment) and/or mobile phone or the equipment such as intelligent television, set top box with music/video playing function.
Those skilled in the art of the present technique are appreciated that server used herein above, high in the clouds, remote network devices etc. are general
Read, there is effects equivalent, it includes but is not limited to computer, network host, single network server, multiple webserver collection
Or the cloud that multiple servers are formed.Here, cloud is taken by a large amount of computers or network based on cloud computing (Cloud Computing)
Business device is formed, wherein, cloud computing is one kind of Distributed Calculation, and one be made up of the computer collection of a group loose couplings is super
Virtual machine., can be by any logical between remote network devices, terminal device and WNS servers in embodiments of the invention
Letter mode realizes communication, includes but is not limited to, mobile communication based on 3GPP, LTE, WIMAX, based on TCP/IP, udp protocol
Computer network communication and the low coverage wireless transmission method based on bluetooth, Infrared Transmission standard.
It will be appreciated by those skilled in the art that " application ", " application program ", " application software " and class alleged by the present invention
It is the same concept well known to those skilled in the art like the concept of statement, refers to be instructed by series of computation machine and related data
The computer software for being suitable to electronics operation of the organic construction of resource.Unless specified, this name is not in itself by programming language
Species, rank, the operating system of operation of also not rely by it or platform are limited.In the nature of things, this genus also not by appoint
The terminal of what form is limited.
A kind of application scenarios of authority request response method of the present invention, the operating system environment based on based on Unix systems
Middle realization.In order to realize this method, it is necessary to which this method example is melted into application program, Root authority is obtained, installs and runs
In relevant operation system.
It is well known that Root authority refers to system manager's power of Unix type operating systems (including Linux, Android)
Limit, similar to Administrator (keeper) authority in Windows (form) system;Root authority can be accessed and repaiied
Use almost all of file (android system file and user file, not including ROM) in the mobile device at family instead.But by
It is strict in management of the current mobile terminal system for Root authority, most applications or program be not under normal circumstances
Possess Root authority, therefore can not just be performed for some operations for needing to have Root authority, such as installation or unloading application
Deng operation;Meanwhile such operation calls process is required for system application Root authority when performing corresponding operating every time, but if
Now other application process is used Root authority and carries out associative operation, then the Root authority application of this calling process just can not
Success;What is more, if user is provided with the operation of disabling Root authority in systems, related calling process just can not be carried out
Associative operation.Based on this, the present invention proposes only to need to send a Root authority acquisition request to system, can specifically pass through calling
SU (Super User, power user) orders built in system obtain Root authority, or by obtaining with Root authority
Shell obtains Root authority and the launching process in shell, then after the Root authority mandate of the system is obtained, you can
Without repeating application Root authority when making other follow-up calling process to perform associative operation;Specific Root authority acquisition process can
With reference to the Root authority call function of prior art, the present invention will not be repeated here.Based on above-mentioned guide's knowledge, below in conjunction with
Fig. 1 discloses the authority request response method of the present invention in detail.This method comprises the following steps:
S11, startup belong to the communication interface of system level, and outside authority request is monitored by the communication interface:
Communication interface alleged by the present embodiment, refer to run on internal memory by the program module realized with this method
In, realized by the corresponding host process in internal memory after proposing power operation as previously described, to one communication service process of system registry.
By taking Android as an example, Binder mechanism that the communication service process is provided based on android system, to System
Manager registers itself, by Android provide intrinsic Binder mechanism, communication service process and its monitor outside
The line of communication of C/S frameworks is established between portion's application process.Specifically, after the Root authority for the system that gets, in order to just
In subsequently realizing monitoring and associative operation function to outside application process, the present invention, which starts to have first, has obtained Root
The host process for being able to run and being formed after being instantiated by this method of authority, insert the communication clothes in systems by host process
Business process, such as insertion operation can be realized by system call function ServiceManager.addService, it is achieved in
Successful operation to the instantiation procedure of this method, not only make the host process memory-resident of this method, and by the logical of its foundation
Telecommunications services process also turns into the communication interface of system level.It should be noted that the communication service process is matched somebody with somebody by above-mentioned
Put, have become the service processes rank of system level, its authority is obviously higher than other applications processes even master and entered
These call the authority of its process for journey and other processes etc., therefore the communication service process can be used as communication infrastructure, be it
He calls its process to provide communication support, completion system and other call communication connection between its process.Thus also may be used
Further to deduce, the client of the communication specification of other any communication interfaces for observing the present invention, it can pass through Binder machines
Make and communicated with the communication interface of the present invention, obtain corresponding authority.
Therefore, described communication interface, shows as described communication service process in the present embodiment, and its function is used for real
Existing Binder between host process and applications process communicates, and this communication mode has the characteristics of fast and stable.For this
For the care important point of method, the communication service process is mainly used in monitoring the authority request that applications process is initiated,
This authority request typically refers to it is expected that obtaining Root authority realizes that access the deep layer of system resource proposes power request.For
For this method, in addition to the communication service process can be used for establishing communication interface, it is of course also possible to by other processes come real
Existing other different functions, and these other processes can be carried out by described communication service process and applications process
Communication, so as to which other special operational instructions are completed in the combination of inner and outside.For example, these other processes can perform following one or more
Operation, and not by limitation herein:Unloading, the installation for performing application program or the unloading of preset application are performed, performs and applies number
According to backup or reduction, perform application program and enable or disable.
Described communication interface, after turning into interprocess communication basis, the monitoring to outside application process can be realized, when outer
When portion's application process needs to obtain Root authority, the authority request for obtaining Root authority will be sent to system, communication service is entered
Journey just can preferentially obtain because its residing rank is higher and handle this user request.Communication service process obtains the authority please
After asking, host process of the present invention can be submitted to, is handled by host process is further.
S12, the signature identification according to authority request acquisition requesting party, retrieve this feature mark in preset authentication list
Whether know in the state being allowed to:
It is well known that the definition in android system to UID (User Identifier, user's mark), is to be every
One specific distinguished symbol of concrete application institute, has unique features, therefore, UID is the uniqueness of each concrete application
Signature identification.In the present embodiment, host process that this method is realized, entering for external application is derived from from communication interface forwarding
In the authority request of journey, the signature identification of the external application process can be obtained, can be further according to this feature mark
Corresponding application program is identified, and decides whether to be opened authority request response.
In this step, by for realizing that the host process of this step is also responsible for the maintenance of an authentication list.The certification arranges
Table can take various forms realization, and various forms of differences are mainly reflected in its internal maps relation, are exemplified below two kinds
Form supplies reference:
A, the UID that each acquiescence allows to obtain the application program of Root authority can be only stored, thus, into the certification
Application program corresponding to the signature identification of list, just it is considered as it is expected the request for obtaining Root authority, in the shape being allowed to
State, it will be met.
B, a status indicator field can be increased in the authentication list of A schemes, be each signature identification correspondence mappings
One status indicator character, for example, when the status indicator character of the record where some UID is " Y ", it is right to characterize UID institutes
The authority request answered is to be allowed to state;When for " N " when, characterize authority request corresponding to the UID and be allowed to state to be non-.
In addition to above two ways realizes the authentication list, for the ease of process scheduling, can further increase into
Journey identifies PID, in the life cycle of host process, and when external application carries out sending permission request first, therefrom
PID corresponding to acquisition, is stored in authentication list, and for the applications process, when initiating authority request next time, control makes
With being allowed to state with what PID and UID together decided on authority request.In this way, further authority request management can be refine to
The subprocess of external application.
When the host process realized with this method receive communication interface forwarding authority request after, extract UID therein (with
And PID, similarly hereinafter), then go in the authentication list to retrieve with the UID, for mode A, when the UID in authentication list being present
When, you can confirm that the authority request corresponding to the UID should be allowed to, if without corresponding UID, table in authentication list
The UID is levied to be not allowed to;For mode B, when the UID and the status identifier of its status indicator field in authentication list being present
For " Y " when, characterizing the authority request corresponding to the UID should be allowed to, conversely, when status identifier is " N ", characterize the UID
Corresponding authority request is not allowed to.
As can be seen that using the authentication list of the present invention, there is Root authority by startup after obtaining system Root authority
Service processes and into system insert communication service process, you can perform the applications process of calling communication service process
Without repeating application Root authority during corresponding operating, and corresponding operating can be performed by the host process of startup, be effectively prevented from
Because Root authority be used or it is disabled caused by operation failure, and then substantially increase the efficiency of data communication.
The acquisition of initial data in described authentication list, can be during the history use of this method, according to user
Use habit and generate.For example, user is directed to the request of some external application process first, giving one allows its acquisition
The subjective instruction of Root authority, i.e., be added in the authentication list by the host process of the present invention, corresponding labeled as acquisition is allowed to
The state of authority, it can subsequently exempt from pop-up inquiry.Described authentication list can also pass through described host process by remote maintenance
Remote communication interface, timing or authentication list data sporadically newest from high in the clouds download are called, with the local certification of renewal
List, it is possible thereby to play big data advantage, the data in authentication list are made to have more security.
The above situation is adapted to, a common authentication list is safeguarded in high in the clouds, by being provided with program with the inventive method
Host process upload user allows authority whether data obtained for what each program UID was made, then according to statistical method pair
Each UID is counted, and when most users such as 60% allow some UID to obtain Root authority, marks the UID corresponding
Status indicator word be " Y ", otherwise, labeled as " N ".Local host process is downloaded in the common authentication list by remote interface,
It is compared with the authentication list of local, on the basis of the subjective instruction of user is respected, adds newly-increased in common authentication list
It recorded in local authentication list.Certainly, for the sake of security, can be directed in two tables, UID is identical and note that state is different
Record carries out pop-up inquiry, sees whether user uses the data of common authentication list, if user's selection is to arrange common authentication
The record related UID of table replaces the respective record of local authentication list, if it is not, then abandoning subsequent operation.It can see
Go out, the Dynamic Maintenance to authentication list can be realized in this way, the angle that authentication list is realized in technology is sent out significantly
Its safety effect is waved.
It is appreciated that the form for the common authentication list that high in the clouds is safeguarded should be not limited to described UID, PID field information,
It further can be generalized to and call the program of the communication service process or the signing messages of service etc. for its addition so that communication
Service processes further can initiate the program of authority request or the signing messages of service to determine whether to open for it by verifying
Root authority is put, strengthens its security protection effect.
It is pointed out that the storage form of described authentication list, it both can be chained list in internal memory or deposited
The form of local database or text is stored in, can flexibly be realized by those skilled in the art.
S13, when this feature be identified as be allowed to state when, be the authority request to system application authority.
By the implementation of previous step, it can judge that an authority request is whether corresponding signature identification is to be allowed to
State, if it is, can be let pass by the host process that the present invention is realized for the authority request, for the Root of the authority request system
Authority, Root authority is opened from system to corresponding external application process.And if the result that previous step obtains is phase
The signature identification answered is allowed to state to be non-, then, host process can refuse the authority request, by its communication interface to outside
Application process returns to dummy message so that the authority request that applications process is provided is come back after a vain attempt;Or also can directly it return
The unsuccessful reply of authority request.
By the present invention above with respect to its authority request response method, it is possible to achieve run more efficient rights management machine
System, not only ensures that the communication between each process is more fast and effective, and on technological layer, by the effect of authentication list,
Also it can make it that rights management is safer.
Accordingly, the present invention can provide a kind of authority request responding device according to foregoing method, by the device
The modules realized, each step of this method is realized respectively, can also realize corresponding function.The device can handled
Realization is concentrated on device in a manner of logic function.Referring to Fig. 2, specifically, authority request responding device provided by the invention,
Including communication interface 11, retrieval unit 12 and processing unit 13.
Described communication interface 11, built by a communication service process run in internal memory, by corresponding in internal memory
After host process realizes that the power of carrying as previously described operates, realized to one communication service process of system registry.Using Android as
Example, the Binder mechanism that the communication service process is provided based on android system, itself is registered to System Manager,
The intrinsic Binder mechanism provided by Android, builds between communication service process and its applications process monitored
The line of communication of vertical C/S frameworks, communication service process just form described communication interface 11.Specifically, it is when getting
After the Root authority of system, for the ease of subsequently realizing monitoring and the associative operation function to outside application process, the present invention is led to
Cross a host process and insert the communication service process in systems, such as system call function can be passed through
ServiceManager.addService realizes insertion operation, thus, can not only make the host process memory-resident, Er Qieyou
Its communication service process established also turns into the communication interface 11 of system level.It should be noted that the communication service process
By above-mentioned configuration, have become the service processes rank of system level, its authority is obviously higher than other applications processes
Even the host process and other processes etc. these call the authority of its process, therefore the communication service process can be used as it is logical
Letter basis, call its process to provide communication support for other, completion system and other call communication link between its process
Connect.
Therefore, described communication interface 11, shows as described communication service process in the present embodiment, and its function is used for
Realize that the Binder between host process and applications process communicates, this communication mode has the characteristics of fast and stable.For
For the care important point of the present apparatus, the communication service process is mainly used in the authority that monitoring applications process is initiated please
Ask, this authority request typically refers to it is expected that obtaining Root authority realizes that access the deep layer of system resource proposes power request.
For the present apparatus, except the communication service process can be used for establish communication interface 11 in addition to, it is of course also possible to by it is other enter
Journey realizes other different functions, and these other processes can be entered by described communication service process with applications
Cheng Jinhang communicates, so as to which other special operational instructions are completed in the combination of inner and outside.For example, these other processes can perform following one kind
Or a variety of operations, and not by limitation herein:Perform the unloading of preset application, perform the installation or unloading, execution of application program
The backup or reduction of application data, perform enabling or disabling for application program etc., perform internal memory clearing function etc..
Described communication interface 11, after turning into interprocess communication basis, the monitoring to outside application process can be realized, when
When applications process needs to obtain Root authority, the authority request for obtaining Root authority, communication service will be sent to system
Process just can preferentially obtain because its residing rank is higher and handle this user request.Communication service process obtains the authority
After request, host process of the present invention can be submitted to, is handled by host process is further.
Described retrieval unit 12, for obtaining the signature identification of requesting party according to the authority request, in preset certification
This feature is retrieved in list to identify whether in the state being allowed to.
It is well known that the definition in android system to UID (User Identifier, user's mark), is to be every
One specific distinguished symbol of concrete application institute, has unique features, therefore, UID is the uniqueness of each concrete application
Signature identification.In the present embodiment, host process that the present apparatus is realized, external application is derived from from what communication interface 11 forwarded
In the authority request of process, the signature identification of the external application process can be obtained, can enter one according to this feature mark
Step identifies corresponding application program, and decides whether to be opened authority request response.
In this retrieval unit 12, by for realizing that the host process of this retrieval unit 12 is also responsible for the dimension of an authentication list
Shield, a maintenance unit (not shown) is built based on this, for safeguarding described authentication list.In logic, the maintenance unit can
, also can be separate to be combined into one with this retrieval unit 12.The authentication list can take various forms realization, various forms
Difference be mainly reflected in its internal maps relation, be exemplified below two kinds of forms and supply reference:
A, the UID that each acquiescence allows to obtain the application program of Root authority can be only stored, thus, into the certification
Application program corresponding to the signature identification of list, just it is considered as it is expected the request for obtaining Root authority, in the shape being allowed to
State, it will be met.
B, a status indicator field can be increased in the authentication list of A schemes, be each signature identification correspondence mappings
One status indicator character, for example, when the status indicator character of the record where some UID is " Y ", it is right to characterize UID institutes
The authority request answered is to be allowed to state;When for " N " when, characterize authority request corresponding to the UID and be allowed to state to be non-.
In addition to above two ways realizes the authentication list, for the ease of process scheduling, can further increase into
Journey identifies PID, in the life cycle of host process, and when external application carries out sending permission request first, therefrom
PID corresponding to acquisition, is stored in authentication list, and for the applications process, when initiating authority request next time, control makes
With being allowed to state with what PID and UID together decided on authority request.In this way, further authority request management can be refine to
The subprocess of external application.
After the host process realized with the present apparatus receives the authority request of the forwarding of communication interface 11, UID therein is extracted
(and PID, similarly hereinafter), then go in the authentication list to retrieve with the UID, should when existing in authentication list for mode A
During UID, you can confirm that the authority request corresponding to the UID should be allowed to, if no corresponding UID in authentication list,
The UID is then characterized to be not allowed to;For mode B, when the UID and the state mark of its status indicator field in authentication list being present
When knowledge symbol is " Y ", characterizing the authority request corresponding to the UID should be allowed to, conversely, when status identifier is " N ", characterizing should
Authority request corresponding to UID is not allowed to.
As can be seen that using the authentication list of the present invention, there is Root authority by startup after obtaining system Root authority
Service processes and into system insert communication service process, you can perform the applications process of calling communication service process
Without repeating application Root authority during corresponding operating, and corresponding operating can be performed by the host process of startup, be effectively prevented from
Because Root authority be used or it is disabled caused by operation failure, and then substantially increase the efficiency of data communication.
The maintenance of the authentication list, realized by the maintenance unit, include how to make authentication list basis of formation data
How therein data are updated.
The acquisition of initial data in described authentication list, can be during the history use of the present apparatus, according to user
Use habit and generate.For example, user is directed to the request of some external application process first, giving one allows its acquisition
The subjective instruction of Root authority, i.e., be added in the authentication list by the host process of the present invention, corresponding labeled as acquisition is allowed to
The state of authority, it can subsequently exempt from pop-up inquiry.Described authentication list can also combine high in the clouds and carry out remote maintenance, pass through institute
The host process stated calls remote communication interface 11, timing or authentication list data sporadically newest from high in the clouds download, with more
New local authentication list, it is possible thereby to play big data advantage, makes the data in authentication list have more security.
The above situation is adapted to, a common authentication list is safeguarded in high in the clouds, is used by being provided with to upload with the host process of the present invention
Family allows authority whether data obtained for what each program UID was made, and then each UID is united according to statistical method
Meter, when most users such as 60% allow some UID to obtain Root authority, mark status indicator word corresponding to the UID
For " Y ", otherwise, labeled as " N ".Local host process is downloaded in the common authentication list by remote interface, the certification with local
List is compared, and on the basis of the subjective instruction of user is respected, newly-increased recorded added in common authentication list is locally recognized
Demonstrate,prove in list.Certainly, for the sake of security, can be directed in two tables, UID is identical and record that state is different carries out pop-up inquiry
Ask, see whether user uses the data of common authentication list, if user's selection is, by the UID phases of common authentication list
The record of pass replaces the respective record of local authentication list, if it is not, then abandoning subsequent operation.Obviously, local side these
Operation, should be realized by the authentication list dynamic update module in described maintenance unit, so more meet logical partitioning.Safeguard
Unit can further include a program upgraded module, the dynamic renewal for the program realized for the present invention that follows up.Can be with
Find out, the Dynamic Maintenance to authentication list can be realized in this way, make the angle that authentication list is realized in technology significantly
Its safety effect is played.
It is pointed out that the storage form of described authentication list, it both can be chained list in internal memory or deposited
The form of local database or text is stored in, can flexibly be realized by those skilled in the art.
Described processing unit 13, when this feature, which is identified as, is allowed to state, for being the authority request to system Shen
Please authority;When this feature, which is identified as, is not allowed to state, for refusing the authority request.
By the processing of retrieval unit 12, it can judge that an authority request is whether corresponding signature identification is to be permitted
Perhaps state, if it is, can be let pass by the host process that the present invention is realized for the authority request, for the authority request system
Root authority, Root authority is opened from system to corresponding external application process.And if the knot that retrieval unit 12 obtains
Fruit is that corresponding signature identification is allowed to state to be non-, then, host process can refuse the authority request, pass through its communication interface
11 return to dummy message to outside application process so that the authority request that applications process is provided is come back after a vain attempt;Or also may be used
Directly return to the unsuccessful reply of authority request.
It should be noted that the acquisition modes of Root authority, from the point of view of the life cycle of authority effect, including permanent Root
Authority and temporary Root authority, as its name suggests, in the case of permanent Root authority, application program authorizes once Root, later may not be used
Root must be carried out again proposes power operation;And in the case of temporary Root authority, the life cycle of authority effect is the one of operating system
The secondary process from start to shutdown, start next time still need to carry out Root.The realization of the present invention is not limited by this classification, but
Optional program can be done according to both different modes to realize.For example, can provide user interface for user it is selected whether
Carry out permanent Root or interim Root, with reference to be in the local authentication list each UID it is additional whether permanent Root or interim
Root type identification, different authority requests then is done to the user program/process for initiating request according to different marks and opened
Put processing.
As it was previously stated, the present invention can realize that the subsequent instructions after authority request perform by service processes.Service into
Journey can be independent, for the convenience illustrated, be called command service process.When the present invention realizes the related service of rights management
Process is that user right is asked after successfully obtaining system Root authority, you can binds the service processes with initiating the use of authority request
Direct communication between the process of family, then, send and instruct from consumer process to the service processes, such as:Perform preset application
Unloading, the installation for performing application program or unloading, the backup for performing application data or reduction, perform enabling or prohibiting for application program
With grade, perform internal memory or cache cleaner function etc..The service processes are configured with the function for performing these functions, and service processes pass through
The instruction of consumer process is parsed, function corresponding with ownership goal function is called, corresponding function is realized, so as to solve user's
Demand.
To sum up, by the above embodiments as can be seen that the authority request management function realized of the present invention, has logical
The characteristics of letter is rapidly and efficiently, technical security is reliable.
Described above is only some embodiments of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.