CN105975333A - Method and device for running control of application programs - Google Patents

Method and device for running control of application programs Download PDF

Info

Publication number
CN105975333A
CN105975333A CN201510993178.5A CN201510993178A CN105975333A CN 105975333 A CN105975333 A CN 105975333A CN 201510993178 A CN201510993178 A CN 201510993178A CN 105975333 A CN105975333 A CN 105975333A
Authority
CN
China
Prior art keywords
application
resource
program
destination application
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510993178.5A
Other languages
Chinese (zh)
Other versions
CN105975333B (en
Inventor
刘刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510993178.5A priority Critical patent/CN105975333B/en
Publication of CN105975333A publication Critical patent/CN105975333A/en
Application granted granted Critical
Publication of CN105975333B publication Critical patent/CN105975333B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/48Indexing scheme relating to G06F9/48
    • G06F2209/482Application

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a method for running control of application programs. The method comprises the steps that an installation package which has the same package name with a host application program and is taken as an attached resource of the host application program is reflected and called, and a target application program implemented by the installation package is loaded, wherein resources required by the target application program have a one-to-one correspondence relationship with resources required by a native application program; a hook function is used to monitor activity processes of the target application program; and when the hook function monitors a calling instruction towards the activity processes of the target application program, the resources which are required by the native application program and have a one-to-one correspondence relationship with the resources required by the target application program can be called. The invention also provides a device for the running control of the application programs. By execution of the relevant resources of the target application program, an execution result which is completely the same with an execution result obtained by execution of the relevant resources of the native application program can be obtained; and the target application program is operated in a sandbox which is established by the host application program, so that installation and running activities are not sensed by a system.

Description

Application program runs the method and device controlled
Technical field
The present invention relates to field of computer technology, specifically, the present invention relates to a kind of application program and run the method controlled, and a kind of application program runs the device controlled.
Background technology
Along with the development in epoch, various terminal units have become requisite instrument in people's life, and various powerful terminal operating systems and end application continue to bring out, and bring for user and experience more easily.In prior art, application program only can be installed with unique form and run in the system environments of terminal unit, i.e. for a kind of instant messaging class application program, only can install and run this instant messaging class application program in a station terminal equipment, user only can be logged in by unique account and it is performed associative operation.But, along with popularizing of instant messaging class application program, increasing user wishes to log in a kind of instant messaging class application program to realize managing the differentiation of different friend informations and exchanging by multiple accounts in a station terminal equipment.In prior art, be there is the solution realizing being logged in by multiple accounts in a station terminal equipment a kind of instant messaging class application program by the switching between different operating system of multiple territories account.But, the program needs the authority of the highest system level and based on multiple operating system just it is achieved that do not have universality.
In prior art, sandbox is a kind of execution environment according to security strategy limiting program behavior, is the most extensively practically applicable in various operating system.As a example by Android, some application programs, for the purpose realized outside application program inherent function needs, particularly commercial object, random application system authority, obtain privacy of user data, execution network access, holding device activity, send note behavior etc..Light then privacy of user leaking data may be caused, or occupying system resources, heavy then may be deducted fees by malice, product placement, consumption rate, swindle trick etc., make user suffer a loss.Therefore; the execution environment provided by sandbox technology; by sandbox, resource, the authority of system are managed; application program is allowed to run in this sandbox; the access of application program is first examined by security strategy through sandbox; thus, form a kind of isolation operational effect relative to system itself, can effectively protect the safety of system.For security strategy used in sandbox, adapting to various different operating system has different details to consider, the ABC that these relevant technology realize, and is the most grasped by those skilled in the art, pardons and does not repeats.
The solution that performance objective application program runs is carried out by sandbox technology so that run on destination application in sandbox and can realize repertoire and the respective service of native applications program accordingly, it would be desirable to a kind of.
Summary of the invention
For overcoming above-mentioned technical problem or solving above-mentioned technical problem at least in part, the special techniques below scheme that proposes:
Embodiments of the invention propose a kind of application program and run the method controlled, including:
Reflection is called has the installation kit as the subsidiary resource of host application of identical bag name with host application, to load the destination application that this installation kit is realized, wherein, the resource requirement of described destination application and the affiliated resource one_to_one corresponding of native applications program;
By Hook Function, the active process of described destination application is monitored;
When being monitored the call instruction of the active process of destination application by Hook Function, call the affiliated resource of affiliated resource the most described native applications program with described destination application.
Preferably, load the step of the destination application that this installation kit is realized, including:
By described host application, set up the one-to-one relationship of the resource requirement of described destination application and the resource requirement of native applications program.
Preferably, set up the one-to-one relationship of the resource requirement of described destination application and the resource requirement of native applications program, specifically include:
Resolve described installation kit to determine the resource name of the affiliated resource of destination application;
The resource name of the affiliated resource according to destination application, loads the resource requirement resource one to one with native applications program.
Preferably, described destination application includes reserved extension, matches for the extended resources with described native applications program.
Preferably, the method also includes: the renewal service of described native applications program detected, and reserved extension based on described destination application updates the resource requirement of described destination application.
Wherein, resource file and/or the dynamic library file of described host application are identical with the corresponding document in described installation kit.
Preferably, the method also includes:
By performing the resource requirement of described destination application, to realize the execution result identical with the affiliated resource of the described native applications program of execution.
Wherein, the affiliated resource of described destination application, including following at least any one:
ActivityManagerService resource;
PackageManagerService resource;
Activity assembly;
Service assembly;
Broadcast Receiver assembly;
Content Provider assembly.
Another embodiment of the present invention proposes a kind of application program and runs the device controlled, including:
Load-on module, call for reflection, with host application, there is the installation kit as the subsidiary resource of host application of identical bag name, to load the destination application that this installation kit is realized, wherein, the resource requirement of described destination application and the resource requirement one_to_one corresponding of native applications program;
Monitoring module, for being monitored the active process of described destination application by Hook Function;
Calling module, for when being monitored the call instruction of the active process of destination application by Hook Function, calls the resource requirement of the most described native applications program with the resource requirement of described destination application.
Preferably, described load-on module includes:
Set up unit, for by described host application, set up the one-to-one relationship of the resource requirement of described destination application and the resource requirement of native applications program.
Preferably, described unit of setting up specifically includes:
Resolve subelement, for resolving described installation kit to determine the resource name of the resource requirement of destination application;
Add subelements, for the resource name of the resource requirement according to destination application, load the resource requirement resource one to one with native applications program.
Preferably, described destination application includes reserved extension, matches for the extended resources with described native applications program.
Preferably, this device also includes:
More new module, for the renewal service of described native applications program being detected, reserved extension based on described destination application updates the resource requirement of described destination application.
Wherein, resource file and/or the dynamic library file of described host application are identical with the corresponding document in described installation kit.
Preferably, also include:
Realize module, for the resource requirement by performing described destination application, to realize the execution result identical with the resource requirement of the described native applications program of execution.
Wherein, the resource requirement of described destination application, including following at least any one:
ActivityManagerService resource;
PackageManagerService resource;
Activity assembly;
Service assembly;
Broadcast Receiver assembly;
Content Provider assembly.
In embodiments of the invention, loading and host application is gone to have the destination application of identical bag name by reflection call-by mechanism, owing to there is identical bag name with host application, in android system, moving component and serviced component can be made to set up the proper communication with ActivityManagerService, moving component, serviced component and broadcast component etc. can be made again, identified by PackageManagerService smoothly, reduce the error rate about shell adding application program operation exception in prior art;Owing to host application and destination application employ identical bag name, it is not necessarily each assembly (Activity of the destination application called by reflection, Service, Broadcast Receiver and Content Provider) individually construct principal function entrance (ActivityThread.main), also need not consider the program implementation complexity problem of the PackageManagerService verification brought because of bag name, thus be greatly improved program operational efficiency;By host application is set up the communication between the destination application of former installation kit and sandbox running environment, the active procedure making destination application can be monitored by sandbox running environment further, thus to its applicable security strategy, and by setting up the resource requirement of destination application and the resource requirement one_to_one corresponding of native applications program in host application, can be by the corresponding resource needed for Hook Function invocation target application program in host application, guarantee that destination application can be by host application normal load and keep safe operation, and achieve destination application and be totally independent of native applications program.
In the present invention, by the related resource of performance objective application program, it is possible to realize and perform the related resource identical execution result of native applications program;And destination application operates in the sandbox built by host application, it is installed and operation activity is not the most by the perception of system institute, such that it is able in solution prior art, for a kind of instant messaging class application program, in a station terminal equipment, only can install and run this instant messaging class application program, meanwhile, user only can be logged in by unique account and it is performed the bottleneck of associative operation.Achieve user to wish to log in a kind of instant messaging class application program to realize different friend informations are distinguished management and the actual application purpose of exchange by multiple accounts in a station terminal equipment.
Aspect and advantage that the present invention adds will part be given in the following description, and these will become apparent from the description below, or is recognized by the practice of the present invention.
Accompanying drawing explanation
The present invention above-mentioned and/or that add aspect and advantage will be apparent from easy to understand, wherein from the following description of the accompanying drawings of embodiments:
Fig. 1 is the flow chart of the method for the application program operation control of an embodiment in the present invention;
Fig. 2 is the structural representation of the device of the application program operation control of another embodiment in the present invention.
Detailed description of the invention
Embodiments of the invention are described below in detail, and the example of described embodiment is shown in the drawings, and the most same or similar label represents same or similar element or has the element of same or like function.The embodiment described below with reference to accompanying drawing is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, and singulative used herein " ", " one ", " described " and " being somebody's turn to do " may also comprise plural form.Should be further understood that, the wording used in the description of the present invention " includes " referring to there is described feature, integer, step, operation, element and/or assembly, but it is not excluded that existence or adds other features one or more, integer, step, operation, element, assembly and/or their group.It should be understood that when we claim element to be " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or can also there is intermediary element.Additionally, " connection " used herein or " coupling " can include wireless connections or wireless couple.Wording "and/or" used herein includes that one or more list the whole of item or any cell being associated combines with whole.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, and all terms used herein (include technical term and scientific terminology), have with the those of ordinary skill in art of the present invention be commonly understood by identical meaning.It should also be understood that, those terms defined in such as general dictionary, should be understood that there is the meaning consistent with the meaning in the context of prior art, and unless by specific definitions as here, otherwise will not explain by idealization or the most formal implication.
The application scenarios that a kind of application program progress control method that will describe below the present invention and device are implemented, the running environment based on Android operation system being mounted on mobile terminal.
Those skilled in the art it is to be understood that the present invention puies forward power and proposes based on exempting from Root, but, propose the rights management that power operation simply android system implemented and control, the present invention carries the Android operation system of power be applicable to Root the most of course.
The present invention proposes based on sandbox principle, so, those skilled in the art are combined known sandbox and are realized principle to understand the enforcement of the present invention.The effect of sandbox is the running environment providing relative closure for destination application, makes application program access the resource of system, by the application of sandbox security strategy, and is limited within the scope of regulation.Thus, a kind of sandbox example of offer being provided, realizes in terms of two, first aspect is to provide the solution of structure destination application, and second aspect is to provide corresponding with the former runs control program.The two aspect can be integrated into a sandbox and realize in software, utilizes the realization of its first aspect to be processed destination application, and then utilizes the realization of its second aspect, provides the sandbox running environment of safety for destination application.
In view of this, the application program of the present invention runs the method controlled, the first aspect of major embodiment sandbox example, adapts to the destination application of corresponding sandbox running environment for processing.
Fig. 1 is the flow chart of the method for the application program operation control of an embodiment in the present invention.
Wherein, in inventive embodiment, destination application is the application program that the present invention needs to realize, it is achieved destination application need the repertoire with native applications program, using the teaching of the invention it is possible to provide service identical with native applications program.Host application is to realize the shell adding application program of destination application, is completed installation and the operation of destination application by host application.
Step S110: reflection is called has the installation kit as the subsidiary resource of host application of identical bag name with host application, to load the destination application that this installation kit is realized, wherein, the resource requirement of destination application and the resource requirement one_to_one corresponding of native applications program;Step S120: the active process of destination application is monitored by Hook Function;Step S130: when being monitored the call instruction of the active process of destination application by Hook Function, calls the resource requirement of the native applications program one to one of the resource requirement with destination application.
In embodiments of the invention, loading and host application is gone to have the destination application of identical bag name by reflection call-by mechanism, owing to there is identical bag name with host application, in android system, moving component and serviced component can be made to set up the proper communication with ActivityManagerService, moving component, serviced component and broadcast component etc. can be made again, identified by PackageManagerService smoothly, reduce the error rate about shell adding application program operation exception in prior art;Owing to host application and destination application employ identical bag name, it is not necessarily each assembly (Activity of the destination application called by reflection, Service, BroadcastReceiver and Content Provider) individually construct principal function entrance (ActivityThread.main), also need not consider the program implementation complexity problem of the PackageManagerService verification brought because of bag name, thus be greatly improved program operational efficiency;By host application is set up the communication between the destination application of former installation kit and sandbox running environment, the active procedure making destination application can be monitored by sandbox running environment further, thus to its applicable security strategy, and by setting up the resource requirement of destination application and the resource requirement one_to_one corresponding of native applications program in host application, can be by the corresponding resource needed for Hook Function invocation target application program in host application, guarantee that destination application can be by host application normal load and keep safe operation, and achieve destination application and be totally independent of native applications program.
In the present invention, by the related resource of performance objective application program, it is possible to realize and perform the related resource identical execution result of native applications program;And destination application operates in the sandbox built by host application, it is installed and operation activity is not the most by the perception of system institute, such that it is able in solution prior art, for a kind of instant messaging class application program, in a station terminal equipment, only can install and run this instant messaging class application program, meanwhile, user only can be logged in by unique account and it is performed the bottleneck of associative operation.Achieve user to wish to log in a kind of instant messaging class application program to realize different friend informations are distinguished management and the actual application purpose of exchange by multiple accounts in a station terminal equipment.
Step S110: reflection is called has the installation kit as the subsidiary resource of host application of identical bag name with host application, to load the destination application that this installation kit is realized, wherein, the resource requirement of destination application and the resource requirement one_to_one corresponding of native applications program.
Wherein, the resource requirement of destination application, include but not limited to:
ActivityManagerService resource;
PackageManagerService resource;
Activity assembly;
Service assembly;
Broadcast Receiver assembly;
Content Provider assembly.
Wherein, resource file and/or the dynamic library file of host application are identical with the corresponding document in installation kit.
Specifically, called by reflex mechanism, with host application, there is the installation kit as the subsidiary resource of host application of identical bag name, load the destination application that this installation kit is realized subsequently, and by resource one_to_one corresponding whole needed for resources whole needed for destination application and native applications program.
Android operation system has it to be different from the principle of other operating systems, and Android provides four big assemblies for developer, refers specifically to the assemblies such as Activity, Service, Broadcast Receiver and Content Provider.Android application program is supplied to user with the form of APK installation kit and installs, in APK installation kit, have for encapsulation realize each assembly program code classes.dex code file and for the Androidmanifest.xml configuration file of the contents such as the log-on message of each assembly used by Expression and Application program and authority application information.Owing to the installation process of application program is exactly the process that PackageManagerService (PMS) resolves Androidmanifest.xml file, and application program installation kit is not installed on this locality in the present invention, the correlation attribute information of the program that therefore cannot be applied, but when only obtaining such as information such as Activity assembly, Service assembly, Broadcast Receiver assembly, ContentProvider assemblies, ActivityManagerService (AMS) properly functioning application program could be passed through.
The reflex mechanism that the present embodiment is used can be Java reflex mechanism, and Java reflex mechanism is in running status, for any one class, can know all properties and the method for this class;For any one object, its any one method can be called;The function of the method for this dynamic acquisition information and dynamic call object is the reflex mechanism of JAVA language.
By reflex mechanism, call the addAssetPath method in AssetManager, host application is installed the resource in file and is loaded in Resource, by Resource object reference host application, the resource in file is installed.Before obtaining host application installation file resource, first have to be loaded host application installation kit by the newly-built DexClassLoader of host program, the most newly-built AssetManager loads host application and installs the resource of file, reads host application finally by Resource object and installs the resource of file.
Preferably, the step loading the destination application that this installation kit is realized includes step S111 (not shown).Step S111 (not shown): by host application, set up the one-to-one relationship of the resource requirement of destination application and the resource requirement of native applications program.
Such as, the operating system of terminal unit is android system, and destination application is App1 ', the repertoire of this destination application native applications to be realized program App1 and respective service;nullIn the host application of terminal unit," App1 ' .apk " is the installation kit of the subsidiary resource of host application,Installation kit " App1 ' .apk " is called by Java reflex mechanism,Load the destination application App1 ' that " App1 ' .apk " is realized subsequently,Host application loads " App1 ' .apk " during,Create required whole resources such as ActivityManagerService resource of destination application App1 '、PackageManagerService resource、Activity assembly、Service assembly、Broadcast Receiver assembly and Content Provider assembly,Wherein,Required whole resources such as ActivityManagerService resource of destination application App1 '、PackageManagerService resource、Activity assembly、Service assembly、Broadcast Receiver assembly and Content Provider assembly one_to_one corresponding and whole resource such as ActivityManagerService resources needed for being same as the App1 that native applications program is i.e. run in terminal unit Android operation system、PackageManagerService resource、Activity assembly、Service assembly、Broadcast Receiver assembly and Content Provider assembly.
Preferably, the step of the one-to-one relationship setting up the resource requirement of destination application and the resource requirement of native applications program specifically includes step S112 (not shown) and step S113 (not shown).Step S112: resolve installation kit to determine the resource name of the resource requirement of destination application;Step S113: according to the resource name of the resource requirement of destination application, load the resource requirement resource one to one with native applications program.
Resolve the means of the former installation kit of application program, be well known to those skilled in the art.Installation kit APK file is substantially to utilize ZIP compress technique to combine the compressed package that signature technology realizes, therefore, on the one hand can discharge its internal file by decompression technique, on the other hand the tool software also by Apktool etc obtains its internal file (its code file can be reversed .smali file in this case).Those skilled in the art all can utilize these known technologies to process former installation kit in a given catalogue consummately, thus obtains internal file therein by the way of internal memory operation (non-file operation).
Android application program, during running, is to be referred to as AssetsManager explorer by one to read the resource file being packaged in inside APK file.Each Activity assembly of application program associates a ContextImpl object, and this ContextImpl object is just used to the operation context environmental of description Activity assembly.The member function init calling this ContextImpl object performs to initialize the work of Activity assembly operating context environmental, the most just includes creating the Resources object for access application resource and the work of AssetsManager object.Wherein, ContextImpl.init function is just defined in file f rameworks/base/core/java/android/app/ContextImpl.java.What parameter packageInfo in ContextImpl.init function was pointed to is a loadedApk object, and this loadedApk object factory is currently to start the Apk belonging to assembly.For access application resource Resources to as if by being that the member function getResources of a loadedApk object creates pointed by call parameters packageInfo.It follows that Resources object can be created, to extract or access application resource.
nullSuch as,Parsing installation kit " App1 ' .apk " to determine the resource name of required whole resources of destination application App1 ',Such as ActivityManagerService、PackageManagerService、 Activity、Service、Broadcast Receiver and Content Provider,Whole resource resource one to one such as ActivityManagerService resources needed for creating native applications program App1 in host application subsequently、PackageManagerService resource、Activity assembly、Service assembly、Broadcast Receiver assembly and Content Provider assembly.
Preferably, destination application includes reserved extension, matches for the extended resources with native applications program.
The reserved extension of specifically, loaded targets application A pp1 in host application ' during, loaded targets application A pp1 simultaneously ', matches for the extended resources with native applications program App1.
Such as, loaded targets application A pp1 in host application ' during, loaded targets application A pp1 simultaneously ' reserved extension, when native applications program App1 occurs to update, as added the XML file " layout.xml " of user interface layout, the XML file " layout.xml " of the user interface layout of correspondence can be created in the reserved extension of destination application App1 '.
Step S120: the active process of destination application is monitored by Hook Function.
Need exist for supplementing: term " hook " covers for by intercepting the technology that function call, message or the event transmitted between component software changes or increase the behavior of operating system, application program or other component softwares.And the code processing this intercepted function call, event or message is thus referred to as hook hook function.Hook is generally used for various target, including debugging function and being extended function.Its example can be included in keyboard or mouse event be delivered to application program before intercept them, or hooking system service call (system call) or system function behavior, function execution result etc., with supervision or the function revising application program or other assemblies etc..The present embodiment can use hook hook function to take over installation self checking operation required when described application program runs.
As a sandbox example, destination application is made to run in sandbox running environment, the active process of monitoring objective application program is the core implementor of sandbox running environment, the responsible function realized: by the access to resource of the monitoring objective application program, makes destination application process be capable of the normal call to corresponding resource.Such as, above-mentioned about calling that the resource of the installation kit of destination application App1 ' is carried out, can specifically be called the concrete call instruction of resource by monitoring, utilize Hook technology to realize.Service processes can be registered as, with Hook Function associated objects application A pp1 by the way of the active process of destination application being monitored by Hook Function ' call instruction of active process to be to realize the activity monitoring to destination application App1 '.
Step S130: when being monitored the call instruction of the active process of destination application by Hook Function, calls the resource requirement of the native applications program one to one of the resource requirement with destination application.
Such as, utilize Hook Function that the entrance of relevant call instruction is monitored, intercept and capture this call instruction, and obtain the title of the resource that destination application App1 ' accesses, it is ActivityManagerService as Hook Function gets the resource that destination application App1 ' accesses, it is subsequently diverted to perform corresponding Hook Function, this Hook Function calls the ActivityManagerService resource corresponding with native applications program.
In a preferred embodiment, the method also includes step S140 (not shown).Step S140: the renewal service of native applications program, the resource requirement of reserved extension more new target application based on destination application detected.
Such as, when host application detects the renewal service of native applications program App1, the XML file " layout.xml " of user interface layout is included adding as updated service, the XML file " layout.xml " of the user interface layout of correspondence is created, it is achieved the corresponding renewal to destination application App1 ' in the reserved extension of destination application App1 '.
In a preferred embodiment, the method also includes S150 (not shown).Step S150: by the resource requirement of performance objective application program, to realize the execution result identical with the resource requirement of execution native applications program.
Such as, startup native applications program App1 can be activated by the ActivityManagerService resource of terminal unit android system needed for performing native applications program App1, in host application, by performance objective application A pp1 ' needed for host application in ActivityManagerService resource can activate startup destination application App1 '.
In the preferred embodiment, by the related resource of performance objective application program, it is possible to realize and perform the related resource identical execution result of native applications program;And destination application operates in the sandbox built by host application, it is installed and operation activity is not the most by the perception of system institute, such that it is able in solution prior art, for a kind of instant messaging class application program, in a station terminal equipment, only can install and run this instant messaging class application program, meanwhile, user only can be logged in by unique account and it is performed the bottleneck of associative operation.Achieve user to wish to log in a kind of instant messaging class application program to realize different friend informations are distinguished management and the actual application purpose of exchange by multiple accounts in a station terminal equipment.
Fig. 2 is the structural representation of the device of the application program operation control of another embodiment in the present invention.
Wherein, in inventive embodiment, destination application is the application program that the present invention needs to realize, it is achieved destination application need the repertoire with native applications program, using the teaching of the invention it is possible to provide service identical with native applications program.Host application is to realize the shell adding application program of destination application, is completed installation and the operation of destination application by host application.
Load-on module 210 reflection is called has the installation kit as the subsidiary resource of host application of identical bag name with host application, to load the destination application that this installation kit is realized, wherein, the resource requirement of destination application and the resource requirement one_to_one corresponding of native applications program;The active process of destination application is monitored by monitoring module 220 by Hook Function;Calling module 230, when being monitored the call instruction of the active process of destination application by Hook Function, calls the resource requirement of the native applications program one to one of the resource requirement with destination application.
Load-on module 210 reflection is called has the installation kit as the subsidiary resource of host application of identical bag name with host application, to load the destination application that this installation kit is realized, wherein, the resource requirement of destination application and the resource requirement one_to_one corresponding of native applications program.
Wherein, the resource requirement of destination application, include but not limited to:
ActivityManagerService resource;
PackageManagerService resource;
Activity assembly;
Service assembly;
Broadcast Receiver assembly;
Content Provider assembly.
Wherein, resource file and/or the dynamic library file of host application are identical with the corresponding document in installation kit.
Specifically, called by reflex mechanism, with host application, there is the installation kit as the subsidiary resource of host application of identical bag name, load the destination application that this installation kit is realized subsequently, and by resource one_to_one corresponding whole needed for resources whole needed for destination application and native applications program.
Android operation system has it to be different from the principle of other operating systems, and Android provides four big assemblies for developer, refers specifically to the assemblies such as Activity, Service, Broadcast Receiver and Content Provider.Android application program is supplied to user with the form of APK installation kit and installs, in APK installation kit, have for encapsulation realize each assembly program code classes.dex code file and for the Androidmanifest.xml configuration file of the contents such as the log-on message of each assembly used by Expression and Application program and authority application information.Owing to the installation process of application program is exactly the process that PackageManagerService (PMS) resolves Androidmanifest.xml file, and application program installation kit is not installed on this locality in the present invention, the correlation attribute information of the program that therefore cannot be applied, but when only obtaining such as information such as Activity assembly, Service assembly, Broadcast Receiver assembly, ContentProvider assemblies, ActivityManagerService (AMS) properly functioning application program could be passed through.
The reflex mechanism that the present embodiment is used can be Java reflex mechanism, and Java reflex mechanism is in running status, for any one class, can know all properties and the method for this class;For any one object, its any one method can be called;The function of the method for this dynamic acquisition information and dynamic call object is the reflex mechanism of JAVA language.
By reflex mechanism, call the addAssetPath method in AssetManager, host application is installed the resource in file and is loaded in Resource, by Resource object reference host application, the resource in file is installed.Before obtaining host application installation file resource, first have to be loaded host application installation kit by the newly-built DexClassLoader of host program, the most newly-built AssetManager loads host application and installs the resource of file, reads host application finally by Resource object and installs the resource of file.
Preferably, load-on module 210 includes setting up unit (not shown);Set up unit by described host application, set up the one-to-one relationship of the resource requirement of described destination application and the resource requirement of native applications program.
Such as, the operating system of terminal unit is android system, and destination application is App1 ', the repertoire of this destination application native applications to be realized program App1 and respective service;nullIn the host application of terminal unit," App1 ' .apk " is the installation kit of the subsidiary resource of host application,Installation kit " App1 ' .apk " is called by Java reflex mechanism,Load the destination application App1 ' that " App1 ' .apk " is realized subsequently,Host application loads " App1 ' .apk " during,Create required whole resources such as ActivityManagerService resource of destination application App1 '、PackageManagerService resource、Activity assembly、Service assembly、Broadcast Receiver assembly and Content Provider assembly,Wherein,Required whole resources such as ActivityManagerService resource of destination application App1 '、PackageManagerService resource、Activity assembly、Service assembly、Broadcast Receiver assembly and Content Provider assembly one_to_one corresponding and whole resource such as ActivityManagerService resources needed for being same as the App1 that native applications program is i.e. run in terminal unit Android operation system、PackageManagerService resource、Activity assembly、Service assembly、Broadcast Receiver assembly and Content Provider assembly.
Preferably, set up unit specifically include parsing subelement (not shown) and add subelements (not shown).Resolve subelement: resolve installation kit to determine the resource name of the resource requirement of destination application;Add subelements: according to the resource name of the resource requirement of destination application, load the resource requirement resource one to one with native applications program.
Resolve the means of the former installation kit of application program, be well known to those skilled in the art.Installation kit APK file is substantially to utilize ZIP compress technique to combine the compressed package that signature technology realizes, therefore, on the one hand can discharge its internal file by decompression technique, on the other hand the tool software also by Apktool etc obtains its internal file (its code file can be reversed .smali file in this case).Those skilled in the art all can utilize these known technologies to process former installation kit in a given catalogue consummately, thus obtains internal file therein by the way of internal memory operation (non-file operation).
Android application program, during running, is to be referred to as AssetsManager explorer by one to read the resource file being packaged in inside APK file.Each Activity assembly of application program associates a ContextImpl object, and this ContextImpl object is just used to the operation context environmental of description Activity assembly.The member function init calling this ContextImpl object performs to initialize the work of Activity assembly operating context environmental, the most just includes creating the Resources object for access application resource and the work of AssetsManager object.Wherein, ContextImpl.init function is just defined in file f rameworks/base/core/java/android/app/ContextImpl.java.What parameter packageInfo in ContextImpl.init function was pointed to is a loadedApk object, and this loadedApk object factory is currently to start the Apk belonging to assembly.For access application resource Resources to as if by being that the member function getResources of a loadedApk object creates pointed by call parameters packageInfo.It follows that Resources object can be created, to extract or access application resource.
nullSuch as,Parsing installation kit " App1 ' .apk " to determine the resource name of required whole resources of destination application App1 ',Such as ActivityManagerService、PackageManagerService、Activity、Service、Broadcast Receiver and Content Provider,Whole resource resource one to one such as ActivityManagerService resources needed for creating native applications program App1 in host application subsequently、PackageManagerService resource、Activity assembly、Service assembly、Broadcast Receiver assembly and Content Provider assembly.
Preferably, destination application includes reserved extension, matches for the extended resources with native applications program.
The reserved extension of specifically, loaded targets application A pp1 in host application ' during, loaded targets application A pp1 simultaneously ', matches for the extended resources with native applications program App1.
Such as, loaded targets application A pp1 in host application ' during, loaded targets application A pp1 simultaneously ' reserved extension, when native applications program App1 occurs to update, as added the XML file " layout.xml " of user interface layout, the XML file " layout.xml " of the user interface layout of correspondence can be created in the reserved extension of destination application App1 '.
The active process of destination application is monitored by monitoring module 220 by Hook Function.
Need exist for supplementing: term " hook " covers for by intercepting the technology that function call, message or the event transmitted between component software changes or increase the behavior of operating system, application program or other component softwares.And the code processing this intercepted function call, event or message is thus referred to as hook hook function.Hook is generally used for various target, including debugging function and being extended function.Its example can be included in keyboard or mouse event be delivered to application program before intercept them, or hooking system service call (system call) or system function behavior, function execution result etc., with supervision or the function revising application program or other assemblies etc..The present embodiment can use hook hook function to take over installation self checking operation required when described application program runs.
As a sandbox example, destination application is made to run in sandbox running environment, the active process of monitoring objective application program is the core implementor of sandbox running environment, the responsible function realized: by the access to resource of the monitoring objective application program, makes destination application process be capable of the normal call to corresponding resource.Such as, above-mentioned about calling that the resource of the installation kit of destination application App1 ' is carried out, can specifically be called the concrete call instruction of resource by monitoring, utilize Hook technology to realize.Service processes can be registered as, with Hook Function associated objects application A pp1 by the way of the active process of destination application being monitored by Hook Function ' call instruction of active process to be to realize the activity monitoring to destination application App1 '.
Calling module 230, when being monitored the call instruction of the active process of destination application by Hook Function, calls the resource requirement of the native applications program one to one of the resource requirement with destination application.
Such as, utilize Hook Function that the entrance of relevant call instruction is monitored, intercept and capture this call instruction, and obtain the title of the resource that destination application App1 ' accesses, it is ActivityManagerService as Hook Function gets the resource that destination application App1 ' accesses, it is subsequently diverted to perform corresponding Hook Function, this Hook Function calls the ActivityManagerService resource corresponding with native applications program.
In a preferred embodiment, this device also includes more new module (not shown).More new module detects the renewal service of native applications program, the resource requirement of reserved extension more new target application based on destination application.
Such as, when host application detects the renewal service of native applications program App1, the XML file " layout.xml " of user interface layout is included adding as updated service, the XML file " layout.xml " of the user interface layout of correspondence is created, it is achieved the corresponding renewal to destination application App1 ' in the reserved extension of destination application App1 '.
In a preferred embodiment, this device also includes realizing module (not shown).Realize the module resource requirement by performance objective application program, to realize the execution result identical with the resource requirement of execution native applications program.
Such as, startup native applications program App1 can be activated by the ActivityManagerService resource of terminal unit android system needed for performing native applications program App1, in host application, by performance objective application A pp1 ' needed for host application in ActivityManagerService resource can activate startup destination application App1 '.
In the preferred embodiment, by the related resource of performance objective application program, it is possible to realize and perform the related resource identical execution result of native applications program;And destination application operates in the sandbox built by host application, it is installed and operation activity is not the most by the perception of system institute, such that it is able in solution prior art, for a kind of instant messaging class application program, in a station terminal equipment, only can install and run this instant messaging class application program, meanwhile, user only can be logged in by unique account and it is performed the bottleneck of associative operation.Achieve user to wish to log in a kind of instant messaging class application program to realize different friend informations are distinguished management and the actual application purpose of exchange by multiple accounts in a station terminal equipment.
Those skilled in the art of the present technique are appreciated that the present invention includes the one or more equipment relating to perform in operation described herein.These equipment can be required purpose and specialized designs and manufacture, or can also include the known device in general purpose computer.These equipment have storage computer program within it, and these computer programs optionally activate or reconstruct.nullSuch computer program can be stored in equipment (such as,Computer) in computer-readable recording medium or be stored in and be suitable to store e-command and be coupled to any kind of medium of bus respectively,Described computer-readable medium includes but not limited to that any kind of dish (includes floppy disk、Hard disk、CD、CD-ROM、And magneto-optic disk)、ROM(Read-Only Memory,Read only memory)、RAM(Random Access Memory,Memorizer immediately)、EPROM(Erasable Programmable Read-Only Memory,Erarable Programmable Read only Memory)、EEPROM(Electrically Erasable Programmable Read-Only Memory,EEPROM)、Flash memory、Magnetic card or light card.It is, computer-readable recording medium includes by equipment (such as, computer) with the form storage that can read or any medium of transmission information.
Those skilled in the art of the present technique are appreciated that the combination of the frame in each frame and these structure charts and/or block diagram and/or flow graph that can realize in these structure charts and/or block diagram and/or flow graph with computer program instructions.Those skilled in the art of the present technique are appreciated that, the processor that these computer program instructions can be supplied to general purpose computer, special purpose computer or other programmable data processing methods realizes, thus is performed the scheme specified in structure chart disclosed by the invention and/or block diagram and/or the frame of flow graph or multiple frame by the processor of computer or other programmable data processing methods.
Those skilled in the art of the present technique are appreciated that the step in the various operations discussed in the present invention, method, flow process, measure, scheme can be replaced, change, combine or delete.Further, have the various operations discussed in the present invention, method, other steps in flow process, measure, scheme can also be replaced, changed, reset, decomposed, combined or deleted.Further, of the prior art have can also be replaced with the step in the various operations disclosed in the present invention, method, flow process, measure, scheme, changed, reset, decomposed, combined or deleted.
The above is only the some embodiments of the present invention; it should be pointed out that, for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be regarded as protection scope of the present invention.

Claims (10)

1. an application program runs the method controlled, it is characterised in that including:
Reflection is called has incidentally providing as host application of identical bag name with host application The installation kit in source, to load the destination application that this installation kit is realized, wherein, described target should Affiliated resource one_to_one corresponding with the resource requirement of program Yu native applications program;
By Hook Function, the active process of described destination application is monitored;
When being monitored the call instruction of the active process of destination application by Hook Function, adjust With with the affiliated resource the most described native applications program of described destination application belonging to Resource.
The most according to claim 1, application program runs the method controlled, and wherein, loads this peace The step of the destination application that dress bag is realized, including:
By described host application, set up the resource requirement of described destination application with primary The one-to-one relationship of the resource requirement of application program.
Application program the most according to claim 2 runs the method controlled, and wherein, sets up institute State the one-to-one relationship of the resource requirement of destination application and the resource requirement of native applications program, Specifically include:
Resolve described installation kit to determine the resource name of the affiliated resource of destination application;
The resource name of the affiliated resource according to destination application, loading is required with native applications program Resource resource one to one.
Application program the most according to claim 1 runs the method controlled, described intended application Program includes reserved extension, matches for the extended resources with described native applications program.
Application program the most according to claim 4 runs the method controlled, and the method also includes:
The renewal service of described native applications program detected, based on described destination application reserved Extension updates the resource requirement of described destination application.
6. an application program runs the device controlled, it is characterised in that including:
Load-on module, calls for reflection and has answering as host of identical bag name with host application With the installation kit of the subsidiary resource of program, to load the destination application that this installation kit is realized, wherein, The resource requirement of described destination application and the resource requirement one_to_one corresponding of native applications program;
Monitoring module, for supervising the active process of described destination application by Hook Function Control;
Calling module, for when monitoring the active process to destination application by Hook Function During call instruction, call with the resource requirement of described destination application the most described primary should With the resource requirement of program.
The most according to claim 6, application program runs the device controlled, wherein, described loading Module includes:
Set up unit, for by described host application, set up described destination application The one-to-one relationship of the resource requirement of resource requirement and native applications program.
Application program the most according to claim 7 run control device, wherein, described in build Vertical unit specifically includes:
Resolve subelement, for resolving described installation kit to determine the resource requirement of destination application Resource name;
Add subelements, for the resource name of the resource requirement according to destination application, load with former The resource requirement resource one to one of raw application program.
Application program the most according to claim 6 runs the device controlled, described intended application Program includes reserved extension, matches for the extended resources with described native applications program.
Application program the most according to claim 9 runs the device controlled, and this device also includes:
More new module, for detecting the renewal service of described native applications program, based on described target The reserved extension of application program updates the resource requirement of described destination application.
CN201510993178.5A 2015-12-24 2015-12-24 The method and device of application program operation control Active CN105975333B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510993178.5A CN105975333B (en) 2015-12-24 2015-12-24 The method and device of application program operation control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510993178.5A CN105975333B (en) 2015-12-24 2015-12-24 The method and device of application program operation control

Publications (2)

Publication Number Publication Date
CN105975333A true CN105975333A (en) 2016-09-28
CN105975333B CN105975333B (en) 2019-05-31

Family

ID=56988302

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510993178.5A Active CN105975333B (en) 2015-12-24 2015-12-24 The method and device of application program operation control

Country Status (1)

Country Link
CN (1) CN105975333B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106708580A (en) * 2016-12-27 2017-05-24 北京奇虎科技有限公司 Free-installation application program operating method, system and intelligent terminal
CN108121561A (en) * 2016-11-28 2018-06-05 百度在线网络技术(北京)有限公司 application program repairing method, device and system
CN111324386A (en) * 2018-12-13 2020-06-23 北京奇虎科技有限公司 Method and device for starting personal application program, electronic equipment and storage medium
CN111324888A (en) * 2018-12-13 2020-06-23 北京奇虎科技有限公司 Verification method and device during application program starting, electronic equipment and storage medium
CN112513846A (en) * 2018-05-22 2021-03-16 诺顿卫复客公司 System and method for controlling application startup based on security policy

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8196213B2 (en) * 2008-07-11 2012-06-05 Microsoft Corporation Verification of un-trusted code for consumption on an insecure device
US20130212484A1 (en) * 2012-02-15 2013-08-15 Mobilespan Inc. Presenting execution of a remote application in a mobile device native format
CN103885763A (en) * 2012-12-21 2014-06-25 腾讯科技(深圳)有限公司 Operating system resource access method and system
CN104376255A (en) * 2014-11-28 2015-02-25 北京奇虎科技有限公司 Application program running control method and device
CN104462879A (en) * 2014-11-28 2015-03-25 北京奇虎科技有限公司 Root-free running control method and device of application program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8196213B2 (en) * 2008-07-11 2012-06-05 Microsoft Corporation Verification of un-trusted code for consumption on an insecure device
US20130212484A1 (en) * 2012-02-15 2013-08-15 Mobilespan Inc. Presenting execution of a remote application in a mobile device native format
CN103885763A (en) * 2012-12-21 2014-06-25 腾讯科技(深圳)有限公司 Operating system resource access method and system
CN104376255A (en) * 2014-11-28 2015-02-25 北京奇虎科技有限公司 Application program running control method and device
CN104462879A (en) * 2014-11-28 2015-03-25 北京奇虎科技有限公司 Root-free running control method and device of application program

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108121561A (en) * 2016-11-28 2018-06-05 百度在线网络技术(北京)有限公司 application program repairing method, device and system
CN106708580A (en) * 2016-12-27 2017-05-24 北京奇虎科技有限公司 Free-installation application program operating method, system and intelligent terminal
CN112513846A (en) * 2018-05-22 2021-03-16 诺顿卫复客公司 System and method for controlling application startup based on security policy
CN111324386A (en) * 2018-12-13 2020-06-23 北京奇虎科技有限公司 Method and device for starting personal application program, electronic equipment and storage medium
CN111324888A (en) * 2018-12-13 2020-06-23 北京奇虎科技有限公司 Verification method and device during application program starting, electronic equipment and storage medium
CN111324888B (en) * 2018-12-13 2024-05-10 北京奇虎科技有限公司 Verification method and device for application program starting, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN105975333B (en) 2019-05-31

Similar Documents

Publication Publication Date Title
CN105975333A (en) Method and device for running control of application programs
CN105955782B (en) Application program operation control method and device
CN108932429B (en) Application program analysis method, terminal and storage medium
US20170315820A1 (en) Method and system for containerized internet of things (iot) devices
CN105094797A (en) Application analysis system for electronic devices
TW368635B (en) Method and apparatus for controlling software access to system resources
US20210004696A1 (en) System and method for automatic secure delivery of model
CN106066803B (en) application program operation control method and device
CN102279765A (en) Pre-compiling hosted managed code
US20170286644A1 (en) Protection Method and Device for Application Data
CN105550584A (en) RBAC based malicious program interception and processing method in Android platform
CN111880987A (en) Dynamic monitoring method and device of application program, storage medium and electronic device
CN108563472B (en) Service plug-in loading method and device based on multi-open application
CN106557687A (en) A kind of authority control method and device of application program installation process
US7805734B2 (en) Platform management of high-availability computer systems
CN106293821B (en) Method and device for acquiring and transmitting application program data and running application program
CN112199151B (en) Application program running method and device
CN105760164B (en) Method for realizing ACL authority in user space file system
Bousquet et al. Mandatory access control for the android dalvik virtual machine
Prehofer From the internet of things to trusted apps for things
CN111090442A (en) Application updating method and device and storage medium
CN115994004A (en) Application program interface calling method and device
CN109460243A (en) A kind of online class replacement method of production environment based on Agentmain
CN112231231A (en) Method, system and device for debugging cloud service
CN114816445A (en) System platform architecture, function publishing method and device, platform and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220729

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right