CN105809026A - Permission configuration method and apparatus for process - Google Patents
Permission configuration method and apparatus for process Download PDFInfo
- Publication number
- CN105809026A CN105809026A CN201410838120.9A CN201410838120A CN105809026A CN 105809026 A CN105809026 A CN 105809026A CN 201410838120 A CN201410838120 A CN 201410838120A CN 105809026 A CN105809026 A CN 105809026A
- Authority
- CN
- China
- Prior art keywords
- authority
- application
- explorer
- parent
- subprocess
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
Abstract
The invention discloses a permission configuration method and apparatus for a process, relates to the technical field of information, and avoids security threats to an intelligent terminal used by a user after a newly created child process inherits a high permission of a parent process, which is caused by the case that a child process inherits the high permission of the parent process, so as to ensure security of the intelligent terminal. The method comprises the steps of: firstly, when a child process needs to be created, determining whether an application of which a permission is lower than that of a parent process exists in currently running application processes; if yes, acquiring the permission of the application process; and finally, in the process of creating the child process by the parent process, configuring a permission of the child process as the permission of the application process. The permission configuration method and apparatus for the process are applicable to configuration of the permission of the process.
Description
Technical field
The present invention relates to areas of information technology, particularly relate to authority configuring method and the device of a kind of process.
Background technology
Along with the development of information technology, the function of intelligent terminal is also from strength to strength.In order to ensure the safety of intelligent terminal, the authority of operating system application processes has strict requirement, and the authority of third-party application process especially needs strict control.
At present, when carrying out the establishment of subprocess according to existing process creation mode, typically directly call window application interface function (WindowsApplicationProgrammingInterface, WindowsAPI) carrying out the establishment of subprocess, the subprocess of establishment can inherit the process authority adjusting parent process.But when parent process has higher-rights, newly created subprocess also can have high authority, during for process that newly created subprocess is uncontrollable third party application, due to the permission inheritance high authority of parent process of the process of third party application, thus can cause that the intelligent terminal that user uses exists potential safety hazard.
Summary of the invention
In view of this, the present invention provides authority configuring method and the device of a kind of process, and main purpose is in that to avoid newly created subprocess to inherit the high authority of parent process, thus ensureing the safety of intelligent terminal that user uses.
According to one aspect of the invention, it is provided that the authority configuring method of a kind of process, including:
When needs create subprocess, it is judged that whether currently running application process exists the authority application lower than parent process;
If existing, then obtain the authority of described application process;
Create in the process of described subprocess in described parent process, the authority of described subprocess is configured to the authority of described application process.
According to another aspect of the present invention, additionally provide the authority configuration device of a kind of process, including:
Judging unit, for when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process;
Acquiring unit, if for there is the authority application lower than parent process, then obtaining the authority of described application process;
Dispensing unit, for, in the process of the described parent process described subprocess of establishment, being configured to the authority of described application process by the authority of described subprocess.
By technique scheme, the technical scheme that the embodiment of the present invention provides at least has the advantage that
The embodiment of the present invention provides authority configuring method and the device of a kind of process, first when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process;If existing, then obtain the authority of described application process;Last in the process of the described parent process described subprocess of establishment, the authority of described subprocess is configured to the authority of described application process.With directly invoke at present WindowsAPI function carry out process authority configuration compared with, the embodiment of the present invention by being configured to the authority of subprocess by the application process authority lower than parent process obtained, avoid after subprocess inherits the high authority that the newly created subprocess that the high authority of parent process causes inherits parent process, the intelligent terminal that user is used causes security threat, thus ensureing the safety of operating system.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, and can be practiced according to the content of description, and in order to above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit those of ordinary skill in the art be will be clear from understanding.Accompanying drawing is only for illustrating the purpose of preferred implementation, and is not considered as limitation of the present invention.And in whole accompanying drawing, it is denoted by the same reference numerals identical parts.In the accompanying drawings:
Fig. 1 illustrates the authority configuring method of a kind of process that the embodiment of the present invention provides;
Fig. 2 illustrates the authority configuring method of the another kind of process that the embodiment of the present invention provides;
Fig. 3 illustrates the authority configuration device of a kind of process that the embodiment of the present invention provides;
Fig. 4 illustrates the authority configuration device of the another kind of process that the embodiment of the present invention provides.
Detailed description of the invention
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although accompanying drawing showing the exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure and should do not limited by embodiments set forth here.On the contrary, it is provided that these embodiments are able to be best understood from the disclosure, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
The embodiment of the present invention provides the authority configuring method of a kind of process, as it is shown in figure 1, described method includes:
101, when needs create subprocess, it is judged that whether currently running application process exists the authority application lower than parent process.
Wherein, the authority of application process can be typically divided between high authority, middle authority and low rights.High authority is administration authority, and file can be installed to " program file (ProgramFiles) " file by the process with high authority, and writes sensitive registration table region;Middle authority is user right, and the process with middle authority can create and amendment file at " document " file of user, and writes the registration table region that user specifies;Low rights is not trusted authority.Such as, the authority of parent process is high authority, then judge that whether there is authority in currently running application process is middle authority or the application for low rights.
If 102 exist, then obtain the authority of described application process.
Such as, the authority of parent process is high authority, then obtaining authority in currently running application is middle authority or the application process for low rights.
103, create in described parent process in the process of described subprocess, the authority of described subprocess is configured to the authority of described application process.
For the embodiment of the present invention, by the authority of described subprocess being configured to the authority of the application process that Permission Levels are limit lower than patriarchy, rather than directly continue to use the authority of parent process, the newly created subprocess that the high authority that subprocess inherits parent process causes can be avoided to inherit the high authority of parent process after, the intelligent terminal that user is used causes security threat, thus ensure that the safety of intelligent terminal.
The authority configuring method of a kind of process that the embodiment of the present invention provides, first when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process;If existing, then obtain the authority of described application process;Last in the process of the described parent process described subprocess of establishment, the authority of described subprocess is configured to the authority of described application process.With directly invoke at present WindowsAPI function carry out process authority configuration compared with, the embodiment of the present invention by being configured to the authority of subprocess by the application process authority lower than parent process obtained, avoid after subprocess inherits the high authority that the newly created subprocess that the high authority of parent process causes inherits parent process, the intelligent terminal that user is used causes security threat, thus ensureing the safety of intelligent terminal.
Further, the embodiment of the present invention provides the authority configuring method of another kind of process, as in figure 2 it is shown, described method includes:
201, judge whether the operating system environment currently carrying out subprocess establishment meets prerequisite.
Wherein, the operating system environment meeting prerequisite can for the operating system of version after Microsoft's WindowsVista operating system, such as Windows7, Windows8 operating system etc., the operating system of these versions is stricter to the operating system of version before the management of process and the control relatively WindowsVista of process authority, and carried out clearly dividing to the Permission Levels of process, thus ensure that the feasibility of the authority configuring method of process that the embodiment of the present invention provides.
If 202 operating system environments currently carrying out subprocess establishment meet prerequisite, when needs create subprocess, it is judged that whether currently running application process exists the authority application lower than parent process.
Wherein, the authority of application process can be typically divided between high authority, middle authority and low rights.High authority is administration authority, and file can be installed to " program file (ProgramFiles) " file by the process with high authority, and writes sensitive registration table region;Middle authority is user right, and the process with middle authority can create and amendment file at " document " file of user, and writes the registration table region that user specifies;Low rights is not trusted authority.Such as, the authority of parent process is high authority, then judge that whether there is authority in currently running application process is middle authority or the application for low rights.
For the embodiment of the present invention, step 202 specifically may include that when needs create subprocess, it is judged that whether the authority of explorer process is lower than the authority of described parent process.Owing to the authority of parent process is generally high authority, and explorer is the application of real time execution, therefore directly judges that the authority of explorer process is whether lower than the authority of described parent process, it is possible to improve the authority allocative efficiency of process further.
If 203 exist, then obtain the authority of described application process.
For the embodiment of the present invention, if step 203 specifically may include that existence, then obtaining the process Token information of described application, then the process Token information according to described application, obtains the authority of described application process.Wherein, process Token information is used for the had privilege of identification process, and the privilege being had by process can reflect the authority of this process.
Further, if existing, then the process Token information obtaining described application is specifically as follows: if lower than the authority of described parent process, then obtaining the process Token information of described explorer;Process Token information according to described application, the authority obtaining described application process is specifically as follows: the process Token information according to described explorer, obtains the authority of described explorer process.
For the embodiment of the present invention, if the authority lower than described parent process, the process Token information then obtaining described explorer is specifically as follows: if lower than the authority of described parent process, then obtaining the process Token information of described explorer by calling the first preset interface function.Wherein, the first preset interface function can be replicate explorer token DuplicateExplorerToken function.Process Token information according to described explorer, the authority obtaining described explorer process is specifically as follows: the process Token information according to described explorer, obtains the authority of described explorer process by calling the second preset interface function.Wherein, the second preset interface function can be obtain the complete rank GetTokenIntegrityLevel function of token.
nullWherein,Described DuplicateExplorerToken function and described GetTokenIntegrityLevel function are the function LowCreateProcess that the embodiment of the present invention the creates subfunction comprised,It is consistent with the parameter format of standard WindowsAPI function CreateProcess by the parameter format of function LowCreateProcess is set to,So that the parameter format requirement of the subfunction DuplicateExplorerToken of function LowCreateProcess and described GetTokenIntegrityLevel conformance with standard WindowsAPI function,So,Only CreateProcess need to directly change to LowCreateProcess when necessary can solve the authority allocation problem of subprocess,Thereby may be ensured that the authority configuring method of the process that the embodiment of the present invention provides and existing operating system have good compatibility and realizability.
204, create in described parent process in the process of described subprocess, the authority of described subprocess is configured to the authority of described application process.
For the embodiment of the present invention, by the authority of described subprocess being configured to the authority of the application process that Permission Levels are limit lower than patriarchy, rather than directly continue to use the authority of parent process, the newly created subprocess that the high authority that subprocess inherits parent process causes can be avoided to inherit the high authority of parent process after, the intelligent terminal that user is used causes security threat, thus ensure that the safety of intelligent terminal.
The authority configuring method of the another kind of process that the embodiment of the present invention provides, first when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process;If existing, then obtain the authority of described application process;Last in the process of the described parent process described subprocess of establishment, the authority of described subprocess is configured to the authority of described application process.With directly invoke at present WindowsAPI function carry out process authority configuration compared with, the embodiment of the present invention by being configured to the authority of subprocess by the application process authority lower than parent process obtained, avoid after subprocess inherits the high authority that the newly created subprocess that the high authority of parent process causes inherits parent process, the intelligent terminal that user is used causes security threat, thus ensureing the safety of intelligent terminal.
As implementing of method shown in embodiment of the present invention Fig. 1, the embodiment of the present invention provides the authority configuration device of a kind of process, as it is shown on figure 3, described device may include that judging unit 31, acquiring unit 32, dispensing unit 33.
Judging unit 31, for when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process.
Acquiring unit 32, if for there is the authority application lower than parent process, then obtaining the authority of described application process.
Dispensing unit 33, for, in the process of the described parent process described subprocess of establishment, being configured to the authority of the application process that described acquiring unit 32 obtains by the authority of described subprocess.
It should be noted that other of each functional unit involved by the authority configuration device of a kind of process of embodiment of the present invention offer describe accordingly, it is possible to reference to the corresponding description in method shown in Fig. 1, do not repeat them here.
The authority configuration device of a kind of process that the embodiment of the present invention provides, first when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process;If existing, then obtain the authority of described application process;Last in the process of the described parent process described subprocess of establishment, the authority of described subprocess is configured to the authority of described application process.With directly invoke at present WindowsAPI function carry out process authority configuration compared with, the embodiment of the present invention by being configured to the authority of subprocess by the application process authority lower than parent process obtained, avoid after subprocess inherits the high authority that the newly created subprocess that the high authority of parent process causes inherits parent process, the intelligent terminal that user is used causes security threat, thus ensureing the safety of intelligent terminal.
Further, as implementing of method shown in embodiment of the present invention Fig. 2, the embodiment of the present invention provides the authority configuration device of another kind of process, and as shown in Figure 4, described device may include that judging unit 41, acquiring unit 42, dispensing unit 43.
Judging unit 41, for when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process.
Acquiring unit 42, if for there is the authority application lower than parent process, then obtaining the authority of described application process.
Dispensing unit 43, for, in the process of the described parent process described subprocess of establishment, being configured to the authority of the application process that described acquiring unit 42 obtains by the authority of described subprocess.
Described acquiring unit 42 includes:
First acquisition module 4201, if for there is the authority application lower than parent process, then obtaining the process Token information of described application;
Second acquisition module 4202, the process Token information of the application for obtaining according to described first acquisition module 4201, obtain the authority of described application process.
Described judging unit 41, specifically for when needs establishment process, it is judged that whether the authority of explorer process is lower than the authority of described parent process.
Described first acquisition module 4201, if specifically for the authority lower than described parent process, then obtaining the process Token information of described explorer.
Described second acquisition module 4202, the process Token information of the explorer specifically for obtaining according to described first acquisition module 4201, obtain the authority of described explorer process.
Described first acquisition module 4201, is specifically additionally operable to obtain the process Token information of described explorer by calling the first preset interface function;
Described second acquisition module 4202, is specifically additionally operable to the process Token information of the explorer obtained according to described first acquisition module 4201, obtains the authority of described explorer process by calling the second preset interface function.
For the embodiment of the present invention, described first preset interface function is identical with the parameter format in interface function WindowsAPI with the parameter format of described second preset interface function.
Described judging unit 41, is additionally operable to judge whether the operating system environment currently carrying out subprocess establishment meets prerequisite.
It should be noted that other of each functional unit involved by the authority configuration device of the another kind of process of embodiment of the present invention offer describe accordingly, it is possible to reference to the corresponding description in method shown in Fig. 2, do not repeat them here.
The authority configuration device of a kind of process that the embodiment of the present invention provides, first when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process;If existing, then obtain the authority of described application process;Last in the process of the described parent process described subprocess of establishment, the authority of described subprocess is configured to the authority of described application process.With directly invoke at present WindowsAPI function carry out process authority configuration compared with, the embodiment of the present invention by being configured to the authority of subprocess by the application process authority lower than parent process obtained, avoid after subprocess inherits the high authority that the newly created subprocess that the high authority of parent process causes inherits parent process, the intelligent terminal that user is used causes security threat, thus ensureing the safety of intelligent terminal.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, certain embodiment there is no the part described in detail, it is possible to referring to the associated description of other embodiments.
It is understood that the correlated characteristic in said method and device can reference mutually.It addition, " first ", " second " in above-described embodiment etc. is for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art is it can be understood that arrive, for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, it is possible to reference to the corresponding process in preceding method embodiment, do not repeat them here.
Not intrinsic to any certain computer, virtual system or miscellaneous equipment relevant in algorithm and the display of this offer.Various general-purpose systems can also with use based on together with this teaching.As described above, the structure constructed required by this kind of system is apparent from.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to utilize various programming language to realize the content of invention described herein, and the description above language-specific done is the preferred forms in order to disclose the present invention.
In description mentioned herein, describe a large amount of detail.It is to be appreciated, however, that embodiments of the invention can be put into practice when not having these details.In some instances, known method, structure and technology it are not shown specifically, in order to do not obscure the understanding of this description.
Similarly, it is to be understood that, one or more in order to what simplify that the disclosure helping understands in each inventive aspect, herein above in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or descriptions thereof sometimes.But, the method for the disclosure should be construed to and reflect an intention that namely the present invention for required protection requires feature more more than the feature being expressly recited in each claim.More precisely, as the following claims reflect, inventive aspect is in that all features less than single embodiment disclosed above.Therefore, it then follows claims of detailed description of the invention are thus expressly incorporated in this detailed description of the invention, wherein each claim itself as the independent embodiment of the present invention.
Those skilled in the art are appreciated that, it is possible to carry out the module in the equipment in embodiment adaptively changing and they being arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit excludes each other, it is possible to adopt any combination that all processes or the unit of all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment are combined.Unless expressly stated otherwise, each feature disclosed in this specification (including adjoint claim, summary and accompanying drawing) can be replaced by the alternative features providing purpose identical, equivalent or similar.
In addition, those skilled in the art it will be appreciated that, although embodiments more described herein include some feature included in other embodiments rather than further feature, but the combination of the feature of different embodiment means to be within the scope of the present invention and form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can mode use in any combination.
The all parts embodiment of the present invention can realize with hardware, or realizes with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions of some or all parts in the authority configuring method of the process that microprocessor or digital signal processor (DSP) can be used in practice to realize according to embodiments of the present invention and device.The present invention is also implemented as part or all the equipment for performing method as described herein or device program (such as, computer program and computer program).The program of such present invention of realization can store on a computer-readable medium, or can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described rather than limits the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment without departing from the scope of the appended claims.In the claims, any reference marks that should not will be located between bracket is configured to limitations on claims.Word " comprises " and does not exclude the presence of the element or step not arranged in the claims.Word "a" or "an" before being positioned at element does not exclude the presence of multiple such element.The present invention by means of including the hardware of some different elements and can realize by means of properly programmed computer.In the unit claim listing some devices, several in these devices can be through same hardware branch and specifically embody.Word first, second and third use do not indicate that any order.Can be title by these word explanations.
The invention discloses the authority configuring method of A1, a kind of process, including:
When needs create subprocess, it is judged that whether currently running application process exists the authority application lower than parent process;
If existing, then obtain the authority of described application process;
Create in the process of described subprocess in described parent process, the authority of described subprocess is configured to the authority of described application process.
A2, process authority configuring method as described in A1, exist if described, then the authority obtaining described application process includes:
If existing, then obtain the process Token information of described application;
Process Token information according to described application, obtains the authority of described application process.
A3, process as described in A1 or A2 authority configuring method, when needs create subprocess, it is judged that whether currently running application process exists authority and includes lower than the application of described parent process:
When needs create subprocess, it is judged that whether the authority of explorer process is lower than the authority of described parent process;
If exist described, then the authority obtaining described application process includes:
If lower than the authority of described parent process, then obtaining the process Token information of described explorer;
Process Token information according to described explorer, obtains the authority of described explorer process.
A4, process as described in A3 authority configuring method, if the described authority lower than described parent process, then the process Token information obtaining described explorer includes:
If lower than the authority of described parent process, then obtaining the process Token information of described explorer by calling the first preset interface function;
The described process Token information according to described explorer, the authority obtaining described explorer process includes:
Process Token information according to described explorer, obtains the authority of described explorer process by calling the second preset interface function.
A5, process as described in A4 authority configuring method, the first preset interface function is identical with the parameter format in interface function WindowsAPI with the parameter format of described second preset interface function.
A6, process as described in any one of A1-A5 authority configuring method, described when needs create subprocess, it is judged that before whether currently running application process exists the authority application lower than described parent process, also to include:
Judge whether the operating system environment currently carrying out subprocess establishment meets prerequisite.
The invention discloses the authority configuration device of B7, a kind of process, including:
Judging unit, for when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process;
Acquiring unit, if for there is the authority application lower than parent process, then obtaining the authority of described application process;
Dispensing unit, for, in the process of the described parent process described subprocess of establishment, being configured to the authority of described application process by the authority of described subprocess.
B8, process as described in B7 authority configuration device, described acquiring unit, including:
First acquisition module, if for there is the authority application lower than parent process, then obtaining the process Token information of described application;
Second acquisition module, for the process Token information according to described application, obtains the authority of described application process.
B9, process as described in B7 or B8 authority configuration device,
Described judging unit, specifically for when needs establishment process, it is judged that whether the authority of explorer process is lower than the authority of described parent process;
Described first acquisition module, if specifically for the authority lower than described parent process, then obtaining the process Token information of described explorer;
Described second acquisition module, specifically for the process Token information according to described explorer, obtains the authority of described explorer process.
B10, process as described in B9 authority configuration device,
Described first acquisition module, if being specifically additionally operable to the authority lower than described parent process, then obtains the process Token information of described explorer by calling the first preset interface function;
Described second acquisition module, is specifically additionally operable to the process Token information according to described explorer, obtains the authority of described explorer process by calling the second preset interface function.
B11, process as described in B10 authority configuring method, described first preset interface function is identical with the parameter format in interface function WindowsAPI with the parameter format of described second preset interface function.
B12, process as described in any one of B7-B11 authority configuration device, described judging unit, be additionally operable to judge whether the operating system environment currently carrying out subprocess establishment meets prerequisite.
Claims (10)
1. the authority configuring method of a process, it is characterised in that including:
When needs create subprocess, it is judged that whether currently running application process exists the authority application lower than parent process;
If existing, then obtain the authority of described application process;
Create in the process of described subprocess in described parent process, the authority of described subprocess is configured to the authority of described application process.
2. process authority configuring method according to claim 1, it is characterised in that exist if described, then the authority obtaining described application process includes:
If existing, then obtain the process Token information of described application;
Process Token information according to described application, obtains the authority of described application process.
3. the authority configuring method of process according to claim 1 and 2, it is characterised in that when needs create subprocess, it is judged that whether there is authority in currently running application process and include lower than the application of described parent process:
When needs create subprocess, it is judged that whether the authority of explorer process is lower than the authority of described parent process;
If exist described, then the authority obtaining described application process includes:
If lower than the authority of described parent process, then obtaining the process Token information of described explorer;
Process Token information according to described explorer, obtains the authority of described explorer process.
4. the authority configuring method of process according to claim 3, it is characterised in that if the described authority lower than described parent process, then the process Token information obtaining described explorer includes:
If lower than the authority of described parent process, then obtaining the process Token information of described explorer by calling the first preset interface function;
The described process Token information according to described explorer, the authority obtaining described explorer process includes:
Process Token information according to described explorer, obtains the authority of described explorer process by calling the second preset interface function.
5. the authority configuring method of process according to claim 4, it is characterised in that the first preset interface function is identical with the parameter format in interface function WindowsAPI with the parameter format of described second preset interface function.
6. the authority configuration device of a process, it is characterised in that including:
Judging unit, for when needs create subprocess, it is judged that whether there is the authority application lower than parent process in currently running application process;
Acquiring unit, if for there is the authority application lower than parent process, then obtaining the authority of described application process;
Dispensing unit, for, in the process of the described parent process described subprocess of establishment, being configured to the authority of described application process by the authority of described subprocess.
7. the authority configuration device of process according to claim 6, it is characterised in that described acquiring unit, including:
First acquisition module, if for there is the authority application lower than parent process, then obtaining the process Token information of described application;
Second acquisition module, for the process Token information according to described application, obtains the authority of described application process.
8. the authority configuration device of the process according to claim 6 or 7, it is characterised in that
Described judging unit, specifically for when needs establishment process, it is judged that whether the authority of explorer process is lower than the authority of described parent process;
Described first acquisition module, if specifically for the authority lower than described parent process, then obtaining the process Token information of described explorer;
Described second acquisition module, specifically for the process Token information according to described explorer, obtains the authority of described explorer process.
9. the authority configuration device of process according to claim 8, it is characterised in that
Described first acquisition module, if being specifically additionally operable to the authority lower than described parent process, then obtains the process Token information of described explorer by calling the first preset interface function;
Described second acquisition module, is specifically additionally operable to the process Token information according to described explorer, obtains the authority of described explorer process by calling the second preset interface function.
10. the authority configuring method of process according to claim 9, it is characterised in that described first preset interface function is identical with the parameter format in interface function WindowsAPI with the parameter format of described second preset interface function.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811619949.4A CN109684824B (en) | 2014-12-29 | 2014-12-29 | Process permission configuration method and device |
| CN201410838120.9A CN105809026B (en) | 2014-12-29 | 2014-12-29 | The authority configuring method and device of process |
| PCT/CN2015/095709 WO2016107348A1 (en) | 2014-12-29 | 2015-11-26 | Process right configuration method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410838120.9A CN105809026B (en) | 2014-12-29 | 2014-12-29 | The authority configuring method and device of process |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811619949.4A Division CN109684824B (en) | 2014-12-29 | 2014-12-29 | Process permission configuration method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105809026A true CN105809026A (en) | 2016-07-27 |
| CN105809026B CN105809026B (en) | 2019-02-01 |
Family
ID=56284186
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811619949.4A Active CN109684824B (en) | 2014-12-29 | 2014-12-29 | Process permission configuration method and device |
| CN201410838120.9A Active CN105809026B (en) | 2014-12-29 | 2014-12-29 | The authority configuring method and device of process |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811619949.4A Active CN109684824B (en) | 2014-12-29 | 2014-12-29 | Process permission configuration method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (2) | CN109684824B (en) |
| WO (1) | WO2016107348A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112395611B (en) * | 2019-08-15 | 2024-01-30 | 奇安信安全技术(珠海)有限公司 | Process chain processing method, device and equipment |
| CN113407940A (en) * | 2021-06-21 | 2021-09-17 | 成都欧珀通信科技有限公司 | Script detection method and device, storage medium and computer equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120110337A1 (en) * | 2010-10-29 | 2012-05-03 | Code Systems Corporation | Method and system for restricting execution of virtual applications to a managed process environment |
| CN102663318A (en) * | 2012-03-22 | 2012-09-12 | 百度在线网络技术(北京)有限公司 | Browser and client |
| CN103544447A (en) * | 2013-05-30 | 2014-01-29 | Tcl集团股份有限公司 | Method and terminal for preventing leakage of confidential information according to Android system |
| CN103605920A (en) * | 2013-11-10 | 2014-02-26 | 电子科技大学 | Method and system for dynamic application program safety management based on SEAndroid platform |
| CN103886249A (en) * | 2012-12-20 | 2014-06-25 | 腾讯科技(深圳)有限公司 | Method and device for executing processes under superuser right in system |
| CN104156662A (en) * | 2014-08-28 | 2014-11-19 | 北京奇虎科技有限公司 | Process monitoring method and device and intelligent terminal |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7490072B1 (en) * | 2005-02-16 | 2009-02-10 | Novell, Inc. | Providing access controls |
| CN101751287B (en) * | 2008-12-03 | 2013-01-09 | 北京天融信科技有限公司 | Method for executing operation under Windows without limitation of user right |
| JP5562143B2 (en) * | 2010-06-28 | 2014-07-30 | キヤノン株式会社 | Authority delegation system, authority delegation method, information processing apparatus, and program |
| KR101242127B1 (en) * | 2011-04-28 | 2013-03-12 | 주식회사 파수닷컴 | Computing device having a function of DLL injection and method for DLL injection |
| CN103955468B (en) * | 2012-03-06 | 2017-12-19 | 北京奇虎科技有限公司 | Document display method and device based on browser |
| CN102663321B (en) * | 2012-04-24 | 2016-01-13 | 百度在线网络技术(北京)有限公司 | For security enhancement system and the method for software |
| CN102722559B (en) * | 2012-05-31 | 2015-09-16 | 北京奇虎科技有限公司 | A kind of course control method of the abnormal page, device and system |
| CN103530547A (en) * | 2012-07-02 | 2014-01-22 | 爱思爱(天津)高科技有限公司 | Method for logging into third-party application program through integrated authentication function based on Windows operating system |
| CN103020512B (en) * | 2012-11-26 | 2015-03-04 | 清华大学 | Realization method and control system for safe control flow of system |
| CN104199711B (en) * | 2014-09-29 | 2018-02-13 | 北京奇虎科技有限公司 | The method and apparatus for establishing root authority |
-
2014
- 2014-12-29 CN CN201811619949.4A patent/CN109684824B/en active Active
- 2014-12-29 CN CN201410838120.9A patent/CN105809026B/en active Active
-
2015
- 2015-11-26 WO PCT/CN2015/095709 patent/WO2016107348A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120110337A1 (en) * | 2010-10-29 | 2012-05-03 | Code Systems Corporation | Method and system for restricting execution of virtual applications to a managed process environment |
| CN102663318A (en) * | 2012-03-22 | 2012-09-12 | 百度在线网络技术(北京)有限公司 | Browser and client |
| CN103886249A (en) * | 2012-12-20 | 2014-06-25 | 腾讯科技(深圳)有限公司 | Method and device for executing processes under superuser right in system |
| CN103544447A (en) * | 2013-05-30 | 2014-01-29 | Tcl集团股份有限公司 | Method and terminal for preventing leakage of confidential information according to Android system |
| CN103605920A (en) * | 2013-11-10 | 2014-02-26 | 电子科技大学 | Method and system for dynamic application program safety management based on SEAndroid platform |
| CN104156662A (en) * | 2014-08-28 | 2014-11-19 | 北京奇虎科技有限公司 | Process monitoring method and device and intelligent terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109684824A (en) | 2019-04-26 |
| WO2016107348A1 (en) | 2016-07-07 |
| CN109684824B (en) | 2021-09-03 |
| CN105809026B (en) | 2019-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104731625B (en) | A kind of method, apparatus and mobile terminal loading plug-in unit | |
| CN104375861B (en) | Application program based on Android platform exempts from method, device and the terminal of installation and operation | |
| US8479188B2 (en) | Binary code change vulnerability prioritization | |
| CN103595547A (en) | Broadcast intercept method and device of intelligent equipment | |
| CN102880456B (en) | Plug-in loading method and system | |
| US8799874B2 (en) | Static analysis of computer software applications | |
| CN107092824B (en) | Application program running method and device | |
| CN104102880A (en) | Application rewriting method and system for detecting Android privilege elevation attack | |
| CN105630585A (en) | Periodic task processing method and apparatus | |
| CN103577196A (en) | Method and device for hiding application program | |
| CN106209853A (en) | The login method of a kind of application program and terminal | |
| CN105653943A (en) | Log auditing method and system for android applications | |
| CN107430659B (en) | Method and device for processing and transmitting data in a functionally secure electrical, electronic and/or programmable electronic system | |
| CN105809026A (en) | Permission configuration method and apparatus for process | |
| JP2021508880A (en) | Terminal application management method, application server and terminal | |
| EP3021252A1 (en) | Method and apparatus for preventing injection-type attack in web-based operating system | |
| CN105471810A (en) | Verification method and verification system for software authorization information | |
| CN106991320B (en) | Based on the weight discriminating method for customizing Android system | |
| CN106411899A (en) | Security detection method and device for data files | |
| CN105657551A (en) | Method and apparatus used by smart television to respond to analog key | |
| EP3188071B1 (en) | Application accessing control method and device | |
| CN104346568A (en) | Method and device for identifying malicious application program and mobile device | |
| CN108460254B (en) | Firmware protection method and device | |
| CN106897326A (en) | Account relating method and device | |
| CN102984229B (en) | For configuring the method and system of trust machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220714 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |