Specific embodiment
Clear, complete description is carried out to technical solution of the present invention below with reference to attached drawing, it is clear that described implementation
Example is only a part of the embodiments of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, this field is general
Logical technical staff obtained all other embodiment without making creative work belongs to the present invention and is protected
The range of shield.
The present inventor in the intelligent terminals such as mobile phone, mainly by main system, is strictly controlled it is considered that in practical application
Root (root) permission of intelligent terminal processed and network interface etc.;Main system can be the master operating system based on kernel, such as base
In the master operating system of linux kernel;The main system system high as security level required, can manage opening for containment system
Dynamic, monitoring, communication etc., but forbid user installation application program.And containment system is the slave operating system based on container, compared to
The security level required of main system, containment system is low, allows user installation application program, and carry out to internal application program
Management, for example unload.
For ease of description, in the embodiment of the present invention, special protection, answering of preventing from being altered will be needed in intelligent terminal
It is known as destination application with program.
Therefore, the present inventor considers, can be pre- in main system for the destination application in intelligent terminal
Its backup installation file is first stored, and according to the calculated cryptographic Hash of backup installation file;In this way, subsequent can be real-time
Ground periodically monitors the destination application state being installed in containment system, is monitoring destination application state
When changing, by the current cryptographic Hash of destination application be pre-stored in the cryptographic Hash of the destination application in main system into
Row compares, if inconsistent, backup installation file is replaced to the installation file of the destination application in containment system, and holding
Destination application is reinstalled in device system, effective monitoring and management to destination application are realized with this, successfully managed
Change of the user to the destination application in containment system, makes destination application be restored to normal condition.
The technical solution that the invention will now be described in detail with reference to the accompanying drawings.
The present invention provides a kind of intelligent terminals, as shown in Figure 1, comprising: main system and at least one containment system.
Wherein, main system is the master operating system based on kernel, controls root authority and network interface, and forbid user
Application program is installed;Containment system is the slave operating system be isolated by container in intelligent terminal, i.e., based on container from
Operating system allows user installation application program.
In the embodiment of the present invention, main system is used to monitor the destination application state being installed in containment system and occurs
When variation, cryptographic Hash is calculated according to the installation file of the destination application in containment system;Determine calculated cryptographic Hash with
Whether the cryptographic Hash for being pre-stored in the destination application in main system is consistent;If inconsistent: the mesh that will be stored in main system
The backup installation file of mark application program is sent to containment system.
Then, containment system is used in the backup installation file replacement containment system by the received destination application be somebody's turn to do
The installation file of destination application;And start replaced installation file, reinstall destination application.
In technical solution of the present invention, the method flow of management is monitored to application program in containment system, such as Fig. 2 institute
Show, may include steps of:
S201: when monitoring the destination application state being installed in containment system and changing, according to containment system
In the destination application installation file calculate cryptographic Hash.
In practical application, it is contemplated that user can be modified the application program in containment system by containment system,
And the change of application program will eventually be embodied in the upper change of the installation file of application program.
Therefore, in the embodiment of the present invention, main system can monitor the shape for the destination application being installed in containment system
State, for example, the installation file when destination application starting being installed in containment system can be monitored.
When installation file when monitoring the destination application being installed in containment system starting changes, principal series
System can calculate the destination application at this according to the installation file of the destination application in the file system of containment system
Cryptographic Hash in containment system.Wherein, mounted target application in containment system is stored in the file system of containment system
The installation file of program.
Calculation method about cryptographic Hash can use technical means commonly used by such a person skilled in the art, herein no longer in detail
It states.
Further, process when main system can also monitor the destination application operation being installed in containment system is transported
Row state.
In the embodiment of the present invention, before being monitored to the destination application in containment system, main system is for appearance
To be installed or mounted destination application in device system, can destination application be mounted on containment system it
Afterwards, running state of process of the preparatory monitoring objective application program when operating normally, and store.
In this way, main system monitoring be installed in containment system destination application operation when running state of process it
Afterwards, can based on the destination application of storage operate normally when running state of process, determine it is the currently monitored to be installed on
Whether the running state of process of the destination application in containment system changes.
And the running state of process that main system monitors when the destination application being installed in containment system is run occurs
When variation, which can be calculated according to the installation file of the destination application in the file system of containment system
Cryptographic Hash of the sequence in the containment system.
For example, GPS (Global Positioning System, global positioning system) position in destination application
Information record the process should be in normally open, and main system monitors that there is no should in the process list of destination application
There is abnormal end in process, i.e. process, then when can determine that the destination application for monitoring and being installed in containment system is run
Running state of process changed.
It further,, can be in containment system in containment system when installation targets application program in the embodiment of the present invention
The interior installation directory that the destination application is set.In this way, can by the installation file of the destination application, access limit,
The status informations such as size, access time are added in the installation directory of the destination application.Wherein, it is arranged in containment system
The installation file of destination application in installation directory is synchronous with the installation file holding in the file system of containment system.
Specifically, before being monitored to the destination application in containment system, main system is in containment system
The normal installation directory of the destination application can be set, at this in be installed or mounted destination application
Installation file, reading when may include: destination application normal operation in the normal installation directory of destination application
The information such as write permission, size.
It, can be in this way, main system is after the installation directory for monitoring the destination application being installed in containment system
The normal installation directory of the destination application based on storage judges the installation mesh of the currently monitored destination application arrived
Whether record changes.
And when the installation directory for monitoring the destination application being installed in containment system changes, main system can
With the installation file of the destination application in the file system according to containment system, the destination application is calculated in the container
Cryptographic Hash in system.
Alternatively, can also be according to the installation file in the installation directory of the destination application in containment system, calculating should
Cryptographic Hash of the destination application in the containment system.
S202: if it is determined that calculated cryptographic Hash and the cryptographic Hash for being pre-stored in the destination application in main system are different
It causes, then by the destination application in the backup installation file replacement containment system of the destination application stored in main system
Installation file.
In the embodiment of the present invention, before being monitored to the destination application in containment system, main system can be with needle
To destination application to be installed or mounted in containment system, by the normal installation text of the destination application
Part is stored, and the backup installation file as the destination application.
Further, for the comparison of subsequent installation file, can according to the backup installation file of the destination application,
Cryptographic Hash is calculated, and is stored calculated cryptographic Hash as the target cryptographic Hash of the destination application.
In this way, for the mesh in the installation file and main system of the destination application in the file system by containment system
The normal installation file (i.e. backup installation file) of mark application program is compared, it is possible to determine that step S201 is according to container system
The calculated cryptographic Hash of the installation file of the destination application in system, with the mesh for being pre-stored in the destination application in main system
Whether consistent mark cryptographic Hash.If consistent, show in containment system the destination application and unchanged, container can be maintained
The destination application state in system.
If it is determined that according to the calculated cryptographic Hash of installation file of the destination application in containment system and being pre-stored in master
The cryptographic Hash of the destination application is inconsistent in system, then shows in the file system in containment system, the target application journey
The installation file of sequence may be altered.
Therefore, in order to make destination application be restored to normal condition, can installation file to destination application into
Row replacement, i.e. main system can replace the backup installation file of the pre-stored destination application should in containment system
The installation file of destination application.
S203: start replaced installation file in containment system, reinstall destination application.
Specifically, the backup installation file of the destination application stored in main system is being replaced by step S202
In containment system after the installation file of the destination application, replaced installation file can be started in containment system,
Reinstall destination application.
This way it is possible to realize effective monitoring and management to destination application, successfully manage user to containment system
The change of interior destination application, makes destination application be restored to normal condition.
Based on the above-mentioned method for being monitored management to application program in containment system, as shown in figure 3, provided by the invention
Main system in intelligent terminal may include: condition monitoring unit 301, Hash comparing unit 302.
Wherein, condition monitoring unit 301 is used to monitor the destination application state being installed in containment system and occurs
When variation, abnormal notice is sent.
Specifically, condition monitoring unit 301 is opened specifically for monitoring the destination application being installed in containment system
When installation file when dynamic changes, abnormal notice is sent.
Further, condition monitoring unit 301 monitors when the destination application being installed in containment system is run
When running state of process changes, abnormal notice is sent.
Condition monitoring unit 302 is specifically used for monitoring the installation directory for the destination application being installed in containment system
When changing, abnormal notice is sent.
After Hash comparing unit 302 is used to receive the abnormal notice of the transmission of condition monitoring unit 301, according to containment system
In the destination application installation file calculate cryptographic Hash;Determine calculated cryptographic Hash and is pre-stored in the target in main system
When the cryptographic Hash of application program is inconsistent, the backup installation file of the destination application stored in main system is sent to appearance
Device system.
In the embodiment of the present invention, the concrete function of each unit is realized in main system, is referred to answer in said vesse system
With the specific steps of the monitoring method of program, this will not be detailed here.
In technical solution of the present invention, for the destination application in intelligent terminal, it can be deposited in advance in main system
Its backup installation file is stored up, and according to the calculated cryptographic Hash of backup installation file;In this way, it is subsequent can in real time or
The destination application state being installed in containment system is periodically monitored, is become monitoring destination application state
When change, the current cryptographic Hash of destination application is compared with the cryptographic Hash for being pre-stored in the destination application in main system
It is right, if inconsistent, backup installation file is replaced to the installation file of the destination application in containment system, and in container system
Destination application is reinstalled in system, and effective monitoring and management to destination application are realized with this, successfully manage user
Change to the destination application in containment system, makes destination application be restored to normal condition.
The terms such as " module " used in this application, " system " be intended to include with computer-related entity, such as it is but unlimited
In hardware, firmware, combination thereof, software or software in execution.For example, module can be, and it is not limited to: processing
Process, processor, object, executable program, the thread of execution, program and/or the computer run on device.For example, it counts
Calculating the application program run in equipment and this calculating equipment can be module.One or more modules can be located in execution
In one process and/or thread, a module can also be located on a computer and/or be distributed in two or more calculating
Between machine.
Those skilled in the art of the present technique are appreciated that the present invention includes being related to for executing in operation described herein
One or more equipment.These equipment can specially design and manufacture for required purpose, or also may include general
Known device in computer.These equipment have the computer program being stored in it, these computer programs are selectively
Activation or reconstruct.Such computer program can be stored in equipment (for example, computer) readable medium or be stored in
It e-command and is coupled in any kind of medium of bus respectively suitable for storage, the computer-readable medium includes but not
Be limited to any kind of disk (including floppy disk, hard disk, CD, CD-ROM and magneto-optic disk), ROM (Read-Only Memory, only
Read memory), RAM (Random Access Memory, immediately memory), EPROM (Erasable Programmable
Read-Only Memory, Erarable Programmable Read only Memory), EEPROM (Electrically Erasable
Programmable Read-Only Memory, Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or light card
Piece.It is, readable medium includes by equipment (for example, computer) with any Jie for the form storage or transmission information that can be read
Matter.
Those skilled in the art of the present technique be appreciated that can be realized with computer program instructions these structure charts and/or
The combination of each frame and these structure charts and/or the frame in block diagram and/or flow graph in block diagram and/or flow graph.This technology neck
Field technique personnel be appreciated that these computer program instructions can be supplied to general purpose computer, special purpose computer or other
The processor of programmable data processing method is realized, to pass through the processing of computer or other programmable data processing methods
The scheme specified in frame or multiple frames of the device to execute structure chart and/or block diagram and/or flow graph disclosed by the invention.
Those skilled in the art of the present technique have been appreciated that in the present invention the various operations crossed by discussion, method, in process
Steps, measures, and schemes can be replaced, changed, combined or be deleted.Further, each with having been crossed by discussion in the present invention
Kind of operation, method, other steps, measures, and schemes in process may also be alternated, changed, rearranged, decomposed, combined or deleted.
Further, in the prior art to have and the step in various operations, method disclosed in the present invention, process, measure, scheme
It may also be alternated, changed, rearranged, decomposed, combined or deleted.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the principle of the present invention, it can also make several improvements and retouch, these improvements and modifications are also answered
It is considered as protection scope of the present invention.