Summary of the invention
The disclosure be designed to provide a kind of application program launching control method, application program launching control device and
Using the mobile terminal of the application program launching control method and device, and then overcome at least to a certain extent due to related skill
One or more problem caused by the limitation and defect of art.
Other characteristics and advantages of the disclosure will be apparent from by the following detailed description, or partially by this public affairs
The practice opened and acquistion.
According to the first aspect of the embodiments of the present disclosure, a kind of application program launching control method is provided, it is strong applied to having
The operating system of access control function kernel processed;The application program launching control method includes:
S1. base control strategy file is loaded by booting boot process to start the operating system and be loaded into booting circle
Face;
S2. the option for selecting bootable application program is presented by the starting-up interface, and according to the option
Input obtain selection start application program;
S3. it is loaded into each control strategy file that can start application program of selection;
S4. the starting of the application program according to the control strategy document control of loading.
In a kind of exemplary embodiment of the disclosure, the step S2 includes:
Application program to be set is obtained by application records list;
Application program to be set is divided into multiple groups according to pre-defined rule;
The option for selecting can to start whole group application program is presented by the starting-up interface.
In a kind of exemplary embodiment of the disclosure, the step S2 includes:
Application program to be set is obtained by application records list;
The application list to be set is generated according to the application program to be set;
The application list to be set for selecting can to start application program is presented by the starting-up interface.
In a kind of exemplary embodiment of the disclosure, the step S3 includes:
The parsing application program to be set generates corresponding control strategy file and saves;
Being loaded into each of selection described can start that application program is corresponding to have saved control strategy file.
In a kind of exemplary embodiment of the disclosure, the step S4 includes:
Before starting any one application program, judge whether the control strategy file of the loaded application program:
If being not loaded with the control strategy file of the application program, refuse to start the application program;
If the control strategy file of the loaded application program, start the application program and according to the control strategy text
Part configures the permission of the application program.
In a kind of exemplary embodiment of the disclosure, the kernel of the forced symmetric centralization function includes in SELinux
Core, Smack kernel and AppArmor kernel.
According to the second aspect of an embodiment of the present disclosure, application program launching control device is provided, forces to visit applied to having
Ask the operating system of control function kernel;The application program launching control device includes:
Be switched on guiding module, for loading base control strategy file by booting boot process to start the operation side
Method is simultaneously loaded into starting-up interface;
Option provides module, for the option for selecting bootable application program to be presented by the starting-up interface,
And start application program according to what the input of the option obtained selection;
Strategy insmods, for being loaded into each control strategy file that can start application program of selection;
Start judgment module, for judging whether the control of the loaded application program before starting any application program
Strategy file is refused to start the application program if being not loaded with the control strategy file of the application program.
In a kind of exemplary embodiment of the disclosure, the option provides module and includes:
Application acquisition unit, for obtaining application program to be set by application records list;
Application packet unit, for application program to be set to be divided into multiple groups according to pre-defined rule;
Option provides unit, for by starting-up interface presentation for selecting can to start the choosing of whole group application program
?.
In a kind of exemplary embodiment of the disclosure, the option provides module and includes:
Application acquisition unit, for obtaining application program to be set by application records list;
List generation unit, for generating the application list to be set according to the application program to be set;
Option provides unit, for being presented by the starting-up interface for selecting that answering wait set for application program can be started
Use program listing.
In a kind of exemplary embodiment of the disclosure, the strategy, which insmods, includes:
Policy storage unit, for parsing the corresponding control strategy file of the application program generation to be set and saving;
Strategy is loaded into unit, described can start that application program is corresponding to have saved control strategy text for being loaded into each of selection
Part.
In a kind of exemplary embodiment of the disclosure, started judgment module includes:
It is loaded into judging unit, for judging whether the loaded application program before starting any one application program
Control strategy file;
Start control unit, for refusal starting application when judgement is not loaded with the control strategy file of the application program
Program, and, in the control strategy file of the loaded application program, start the application program and according to the control strategy
The permission of application program described in file configuration.
In a kind of exemplary embodiment of the disclosure, the kernel of the forced symmetric centralization function includes in SELinux
Core, Smack kernel and AppArmor kernel.
According to the third aspect of an embodiment of the present disclosure, a kind of mobile terminal is provided, comprising:
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein the processor is configured to execute following operation via the executable instruction is executed:
S1. base control strategy file is loaded by booting boot process to start the operating system and be loaded into booting circle
Face;
S2. the option for selecting bootable application program is presented by the starting-up interface, and according to the option
Input obtain selection start application program;
S3. it is loaded into each control strategy file that can start application program of selection;
S4. the starting of the application program according to the control strategy document control of loading.
In technical solution in a kind of embodiment of the disclosure, by obtaining the application program that starts of user's selection, and
And the control strategy file for starting application program of user's selection is only loaded in addition to base control strategy file, so that only
The application program that the application program being easily selected by a user can star, and not be easily selected by a user will be unable to start, thus on the one hand can
To prevent the starting of wooden horse, virus, malicious application for agreeing to without user etc., the effective safety for promoting mobile terminal is protected
Demonstrate,prove the interests of user;On the other hand, middle by the way of self contained navigation compared with the prior art, using pressure in the disclosure
The mode of access control can make the application program not being easily selected by a user can only be in the feelings for restarting and being easily selected by a user
It can be just activated under shape, so that safety is further promoted;Another aspect is actively selected using user in the disclosure
The mode for being started application program is selected, for the mode of selection No starting application program, the selection of ordinary user is more
Add convenient and reduces the probability falsely dropped and selected;Another further aspect, it is possible to reduce need not application program to be started system resource
It occupies, the experience of lifting system entirety.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The disclosure can be limited.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will more
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.Described feature, knot
Structure or characteristic can be incorporated in any suitable manner in one or more embodiments.In the following description, it provides perhaps
More details fully understand embodiment of the present disclosure to provide.It will be appreciated, however, by one skilled in the art that can
It is omitted with technical solution of the disclosure one or more in the specific detail, or others side can be used
Method, constituent element, device, step etc..In other cases, be not shown in detail or describe known solution to avoid a presumptuous guest usurps the role of the host and
So that all aspects of this disclosure thicken.
In addition, attached drawing is only the schematic illustrations of the disclosure, it is not necessarily drawn to scale.Identical attached drawing mark in figure
Note indicates same or similar part, thus will omit repetition thereof.Some block diagrams shown in the drawings are function
Energy entity, not necessarily must be corresponding with physically or logically independent entity.These function can be realized using software form
Energy entity, or these functional entitys are realized in one or more hardware modules or integrated circuit, or at heterogeneous networks and/or place
These functional entitys are realized in reason device device and/or microcontroller device.
A kind of application program launching control method is provided firstly in this example embodiment, can be applied to have pressure
The operating system of access control (MAC, Mandatory Access Control) functional kernel.In this example embodiment, with
For mobile terminal operating system, the mobile terminal can be for example mobile phone, tablet computer and PDA etc..The pressure is visited
Asking control function kernel for example may include SELinux kernel, Smack kernel and AppArmor kernel etc..This example is implemented
In mode, it will be illustrated by taking SELinux kernel as an example;SELinux (Security-Enhanced Linux) is American National
Security bureau (NSA, The National Security Agency) and SCC (Secure Computing Corporation, peace
Full Computer Corp.) exploitation Linux an expansion forced symmetric centralization security module, can provide than traditional UNIX permission
Better access control.
With reference to shown in Fig. 1, in this example embodiment, the application program launching control method may include following step
It is rapid:
Step S1. loads base control strategy file by booting boot process to start the operating system and be loaded into and open
Machine interface.
By taking SELinux as an example, the Socket of Zygote process creation can be obtained first in booting;Then class is called
The static function zygoteInit () of RuntimeInit starts system process, loads base control plan by system process
Slightly file is to start the operating system and be loaded into starting-up interface.The concrete form of the starting-up interface can by service provider according to
Designed, designed is needed, does not do particular determination to this in the present exemplary embodiment.In this example embodiment, the base control plan
Slightly file includes at least the corresponding control strategy file of necessary application program that is switched on, for example, talk application process control plan
Slightly file, clock application controls file etc., these application programs may include the visible application program in front end, can also
To include the application program of running background;But it should be recognized that in addition to this, the base control strategy file also can wrap
The other applications selected by service provider are included, do not do particular determination to this in the present exemplary embodiment.
The option for selecting bootable application program is presented by the starting-up interface by step S2., and according to described
What the input of option obtained selection starts application program.In this example embodiment, the step S2 may include:
Step S21. obtains application program to be set by application records list.Each application program is being installed
When, parameter information of the application program, such as name information, version information etc. will be recorded in application records list;
Application records list saves under particular category in the terminal.In this example embodiment, journey is applied by reading
Sequence record list, the information such as title of available application program to be set.
Application program to be set is divided into multiple groups according to pre-defined rule by step S22..Such as with reference to shown in Fig. 2, this example
Application program can be divided into, such as there will be financial process function by multiple groups according to the difference of function of application in embodiment
The application program of energy is classified to financial group, and the application program for realizing educational function is classified to education group, will realize image beautification
Or the application program of other processing functions is classified to image group etc.;For another example can also according to the difference of required security level,
The application program of high safety grade demand is classified to one group, the application program of lower security level requirements is classified to one group etc..
The option for selecting can to start whole group application program is presented by the starting-up interface by step S23., and according to institute
What the input for stating option obtained selection starts application program.With continued reference to shown in Fig. 2, user can pass through touch-control input etc.
Mode is inputted, to be chosen in the option position.After user's selection is finished and submitted, system can obtain use
Family selection starts application program.
In other exemplary embodiments of the disclosure, the step S22 may be: according to the application to be set
Program Generating the application list to be set.For example, setting can be treated according to pre-defined rule using journey with reference to shown in Fig. 3
Sequence generates the application list to be set after being ranked up.Correspondingly, will be presented by the starting-up interface in the step S23
For selecting can to start the application list to be set of application program.Therefore, the step S2 can also be by other means
It realizes, it is not limited to cited mode in this example embodiment.
Step S3. is loaded into each control strategy file that can start application program of selection.
In this example embodiment, each application program is previously stored in the mobile terminal, and (usually front end is visible
Application program) corresponding control strategy file.The control strategy file, which can be, solves application program by service provider
After analysis compiling, the control strategy file of application program is write by developer's exploitation and is stored in the specific of the mobile terminal
Catalogue;The control strategy file is also possible to carry out parsing compiling to the application program by specific program by mobile terminal
Afterwards, it automatically analyzes the permission of the application program and generates corresponding control strategy file;In this example embodiment not to this
Do particular determination.After user selects bootable application program, then it can pass through the booting boot process (such as system
Process etc.) it is loaded into each of user's selection and described can start that application program is corresponding to have saved control strategy file.
The starting of step S4. application program according to the control strategy document control of loading.
In the kernel for having forced symmetric centralization function, any process carries out any activity in kernel, it is necessary to first
Corresponding permission has first been endowed in control strategy file;All permissions not being endowed in control strategy file, into
Journey is just without the permission.
Therefore, before starting any one application program, can with it is first determined whether the loaded application program control
Strategy file can star the application program and according to the control if the control strategy file of the loaded application program
Strategy file processed configures the permission of the application program.If being not loaded with the control strategy file of the application program, the application
Program will be unable to be activated.If user needs to start the application program, it can only be switched on again after shut down, and on booting circle
Select the application program for application program can be started in face, then the application program will can star.
In application program launching control method in this example embodiment, application is started by acquisition user's selection
Program, and the control strategy file for starting application program of user's selection is only loaded in addition to base control strategy file,
So that the application program that the application program being only easily selected by a user can star, and not be easily selected by a user will be unable to start, thus
On the one hand the starting of wooden horse, virus, malicious application for agreeing to without user etc., the effective peace for promoting mobile terminal can be prevented
Quan Xing guarantees the interests of user;On the other hand, it is possible to reduce need not application program to be started system resource occupy, promoted
The experience of system entirety.
Further, a kind of application program launching control device is additionally provided in this example embodiment, can be applied to
The operating system for having forced symmetric centralization functional kernel.With reference to shown in Fig. 4, the application program launching control device 1 can
To include that booting guiding module 10, option provide module 20, strategy and insmod 30 and starting judgment module 40.Wherein:
Booting guiding module 10 can be used for loading base control strategy file by booting boot process described to start
Operating method is simultaneously loaded into starting-up interface.
Option, which provides module 20, can be used for presenting by the starting-up interface for selecting bootable application program
Option, and start application program according to what the input of the option obtained selection.
Strategy insmods the 30 each control strategy files that can start application program that can be used for being loaded into selection.
Starting judgment module 40 can be used for before starting any application program, judge whether the loaded application program
Control strategy file is refused to start the application program if being not loaded with the control strategy file of the application program.
In the present exemplary embodiment, it may include application acquisition unit, application packet unit that the option, which provides module 20,
And option provides unit.Wherein:
Application acquisition unit can be used for obtaining application program to be set by application records list;
Application packet unit can be used for that application program to be set is divided into multiple groups according to pre-defined rule;
Option, which provides unit, can be used for presenting by the starting-up interface for selecting that whole group application program can be started
Option.
In the present exemplary embodiment, it may include application acquisition unit, list generation unit that the option, which provides module 20,
And option provides unit.Wherein:
Application acquisition unit can be used for obtaining application program to be set by application records list;
List generation unit can be used for generating the application list to be set according to the application program to be set;
Option provide unit can be used for presenting by the starting-up interface for select can to start application program wait set
Determine the application list.
In the present exemplary embodiment, the strategy insmod 30 may include Policy storage unit and strategy be loaded into it is single
Member.Wherein:
Policy storage unit can be used for parsing the application program to be set and generate corresponding control strategy file and protect
It deposits;
Strategy, which is loaded into unit and can be used for being loaded into each of selection, described can start that application program is corresponding to have saved control plan
Slightly file.
In the present exemplary embodiment, started judgment module 40 may include being loaded into judging unit and starting control list
Member.Wherein:
Being loaded into judging unit can be used for before starting any one application program, judge whether the loaded application program
Control strategy file;
Starting control unit can be used for the refusal starting when judgement is not loaded with the control strategy file of the application program and be somebody's turn to do
Application program, and, in the control strategy file of the loaded application program, start the application program and according to the control
Strategy file configures the permission of the application program.
In the present exemplary embodiment, the forced symmetric centralization kernel may include SELinux kernel, Smack kernel with
And AppArmor kernel.
The detail of each module/unit is opened in corresponding application program in above-mentioned application program launching control device
It is described in detail in flowing control method, therefore details are not described herein again.
It should be noted that although being referred to several modules or list for acting the equipment executed in the above detailed description
Member, but this division is not enforceable.In fact, according to embodiment of the present disclosure, it is above-described two or more
Module or the feature and function of unit can embody in a module or unit.Conversely, an above-described mould
The feature and function of block or unit can be to be embodied by multiple modules or unit with further division.
In addition, although describing each step of method in the disclosure in the accompanying drawings with particular order, this does not really want
These steps must be executed in this particular order by asking or implying, or having to carry out step shown in whole could realize
Desired result.Additional or alternative, it is convenient to omit multiple steps are merged into a step and executed by certain steps, and/
Or a step is decomposed into execution of multiple steps etc..
Referring to Fig. 5, the mobile terminal 300 using above procedure starting control program may include following one or more groups
Part: processing component 302, memory 304, power supply module 306, multimedia component 308, audio component 310, input/output (I/O)
Interface 312, sensor module 314 and communication component 316.
The integrated operation of the usually control mobile terminal 300 of processing component 302, such as with display, call, data are logical
Letter, camera operation and record operate associated operation.Processing component 302 may include one or more processors 320 to hold
Row instruction, to perform all or part of the steps of the methods described above.In addition, processing component 302 may include one or more moulds
Block, convenient for the interaction between processing component 302 and other assemblies.For example, processing component 302 may include multi-media module, with
Facilitate the interaction between multimedia component 304 and processing component 302.
Memory 304 is configured as storing various types of data to support the operation in equipment 300.These data are shown
Example includes the instruction of any application or method for operating on mobile terminal 300, contact data, telephone directory number
According to, message, picture, video etc..Memory 304 can by any kind of volatibility or non-volatile memory device or they
Combination realize, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM) is erasable
Programmable read only memory (EPROM), programmable read only memory (PROM), read-only memory (ROM), magnetic memory, quick flashing
Memory, disk or CD.
Power supply module 306 provides electric power for the various assemblies of mobile terminal 300.Power supply module 306 may include power supply pipe
Reason system, one or more power supplys and other with for mobile terminal 300 generate, manage, and distribute the associated component of electric power.
Multimedia component 308 includes the screen of one output interface of offer between the mobile terminal 300 and user.
In some embodiments, screen may include liquid crystal display (LCD) and touch panel (TP).If screen includes touch surface
Plate, screen may be implemented as touch screen, to receive input signal from the user.Touch panel includes one or more touches
Sensor is to sense the gesture on touch, slide, and touch panel.The touch sensor can not only sense touch or sliding
The boundary of movement, but also detect duration and pressure associated with the touch or slide operation.In some embodiments,
Multimedia component 308 includes a front camera and/or rear camera.When equipment 300 is in operation mode, as shot mould
When formula or video mode, front camera and/or rear camera can receive external multi-medium data.Each preposition camera shooting
Head and rear camera can be a fixed optical lens system or have focusing and optical zoom capabilities.
Audio component 310 is configured as output and/or input audio signal.For example, audio component 310 includes a Mike
Wind (MIC), when mobile terminal 300 is in operation mode, when such as call mode, recording mode, and voice recognition mode, microphone
It is configured as receiving external audio signal.The received audio signal can be further stored in memory 304 or via logical
Believe that component 316 is sent.In some embodiments, audio component 310 further includes a loudspeaker, is used for output audio signal.
I/O interface 312 provides interface between processing component 302 and peripheral interface module, and above-mentioned peripheral interface module can
To be keyboard, click wheel, button etc..These buttons may include, but are not limited to: home button, volume button, start button and lock
Determine button.
Sensor module 314 includes one or more sensors, for providing the state of various aspects for mobile terminal 300
Assessment.For example, sensor module 314 can detecte the state that opens/closes of equipment 300, the relative positioning of component, such as institute
The display and keypad that component is mobile terminal 300 are stated, sensor module 314 can also detect mobile terminal 300 or mobile
The position change of 300 1 components of terminal, the existence or non-existence that user contacts with mobile terminal 300,300 orientation of mobile terminal
Or the temperature change of acceleration/deceleration and mobile terminal 300.Sensor module 314 may include proximity sensor, be configured to
It detects the presence of nearby objects without any physical contact.Sensor module 314 can also include optical sensor, such as
CMOS or ccd image sensor, for being used in imaging applications.In some embodiments, which can be with
Including acceleration transducer, gyro sensor, Magnetic Sensor, pressure sensor or temperature sensor.
Communication component 316 is configured to facilitate the communication of wired or wireless way between mobile terminal 300 and other equipment.
Mobile terminal 300 can access the wireless network based on communication standard, such as WiFi, 2G or 3G or their combination.Show at one
In example property embodiment, communication component 316 receives broadcast singal or broadcast from external broadcasting management system via broadcast channel
Relevant information.In one exemplary embodiment, the communication component 316 further includes near-field communication (NFC) module, short to promote
Cheng Tongxin.For example, radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra wide band can be based in NFC module
(UWB) technology, bluetooth (BT) technology and other technologies are realized.
In the exemplary embodiment, mobile terminal 300 can be by one or more application specific integrated circuit (ASIC), number
Word signal processor (DSP), digital signal processing appts (DSPD), programmable logic device (PLD), field programmable gate array
(FPGA), controller, microcontroller, microprocessor or other electronic components are realized, for executing the above method.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instruction, example are additionally provided
It such as include the memory 304 of instruction, above-metioned instruction can be executed by the processor 320 of mobile terminal 300 to complete the implementation of this example
Above-mentioned technical proposal in mode.For example, the non-transitorycomputer readable storage medium can be ROM, arbitrary access is deposited
Reservoir (RAM), CD-ROM, tape, floppy disk and optical data storage devices etc..
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by appended
Claim is pointed out.