CN106471464B - Method and device for preventing android device from being super-user (Root) and terminal - Google Patents

Method and device for preventing android device from being super-user (Root) and terminal Download PDF

Info

Publication number
CN106471464B
CN106471464B CN201580004158.9A CN201580004158A CN106471464B CN 106471464 B CN106471464 B CN 106471464B CN 201580004158 A CN201580004158 A CN 201580004158A CN 106471464 B CN106471464 B CN 106471464B
Authority
CN
China
Prior art keywords
read
command
emmc
mode
write
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201580004158.9A
Other languages
Chinese (zh)
Other versions
CN106471464A (en
Inventor
李志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN106471464A publication Critical patent/CN106471464A/en
Application granted granted Critical
Publication of CN106471464B publication Critical patent/CN106471464B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a method, a device and a terminal for preventing android equipment from being Root, which are used for preventing the android equipment from being Root. The method provided by the embodiment of the invention comprises the following steps: receiving a non-read-only command to an EMMC driving layer of an embedded multimedia card; if the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode, starting a pre-configured write filtering function; and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not through the write filtering function, if so, filtering the non-read-only command through the write filtering function, and if not, issuing the non-read-only command.

Description

Method and device for preventing android device from being super-user (Root) and terminal
Technical Field
The invention relates to the field of data processing, in particular to a method, a device and a terminal for preventing android equipment from being Root.
Background
The Root of the mobile phone is the meaning of obtaining the highest authority of the operating system of the mobile phone, and is an unlocking process of the android mobile phone. The Root of the mobile phone has the advantages that a user can delete programs of the mobile phone according to own preference and needs, and can perform more operations, and a plurality of Root tools are available on the network at present, so that the Root is very simple to obtain by the mobile phone. After the mobile phone acquires the Root authority, the mobile phone can access some restricted things, and parts of the system can be deleted and modified. The greatest attraction of the Root authority to the mobile phone players is to perform flashing at will, and as long as the Root authority is obtained, the user can delete some programs carried by the system or can flash different operating systems and the like. Just after the Root, the user can do anything at will, and various faults of the mobile phone occur due to the fact that the user carelessly deletes the system file, and a large amount of maintenance resources are occupied, so that urgent needs are brought to prevention of the Root of the mobile phone.
At present, a System (System) partition read-only protection scheme is generally adopted, which filters a write command of the System partition at a block device layer to prevent illegal writing to the System partition and achieve the purpose of preventing Root.
The System partition read-only protection scheme can effectively prevent common one-key Root tools from being cracked. But because it is implemented at the block device level, Root cannot be completely protected by replacing the image.
Disclosure of Invention
The embodiment of the invention provides a method, a device and a terminal for preventing android equipment from being Root, which can prevent the android equipment from being Root.
In view of this, a first aspect of the present invention provides a method for preventing Root of an android device, which may include:
receiving a non-read-only command to an EMMC driving layer of an embedded multimedia card;
if the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode, starting a pre-configured write filtering function;
and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not through the write filtering function, if so, filtering the non-read-only command through the write filtering function, and if not, issuing the non-read-only command.
With reference to the first aspect of the present invention, the first embodiment of the first aspect of the present invention may include:
and determining that the working mode of the operating system where the EMMC driving layer is located is a normal starting mode or a normal engineering Recovery mode according to a processing function triggered in the initialization init process corresponding to the non-read-only command.
With reference to the first aspect of the present invention, in a second embodiment of the first aspect of the present invention, the method may include:
acquiring an address acted by the non-read-only command through the write filtering function;
and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not according to the address.
With reference to the first aspect of the present invention, the first embodiment of the first aspect of the present invention, the second embodiment of the first aspect of the present invention, and the third embodiment of the first aspect of the present invention may include:
constructing a structure function;
and configuring the write filtering function in the structure function.
With reference to the first aspect of the present invention, the first embodiment of the first aspect of the present invention, the second embodiment of the first aspect of the present invention, and the fourth embodiment of the first aspect of the present invention may include:
and canceling the write filtering function in a restarting mode.
With reference to the first aspect of the present invention, the first embodiment of the first aspect of the present invention, the second embodiment of the first aspect of the present invention, and the fifth embodiment of the first aspect of the present invention may include:
and if the unlocking code of the android device is acquired, issuing the non-read-only command.
In view of this, a second aspect of the present invention provides an apparatus for preventing Root of an android device, which may include:
the receiving unit is used for receiving a non-read-only command of an embedded multimedia card EMMC driving layer;
the determining unit is used for determining that the working mode of the operating system where the EMMC driving layer is located is a normal starting mode or a normal engineering Recovrey mode;
a start unit for starting a preconfigured write filter function;
the judging unit is used for judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer through the write filtering function;
and the execution unit is used for filtering the non-read-only command through the write filtering function when the judging unit judges that the non-read-only command acts on the data of the read-only partition in the EMMC driving layer, and issuing the non-read-only command when the judging unit judges that the non-read-only command does not act on the data of the read-only partition in the EMMC driving layer.
In combination with the second aspect of the present invention, the first embodiment of the second aspect of the present invention may include:
and the determining subunit is configured to determine, according to a processing function triggered in the initialization init process corresponding to the non-read-only command, that the operating mode of the operating system in which the EMMC drive layer is located is a normal start mode or a normal engineering Recovery mode.
In combination with the second aspect of the present invention, the second embodiment of the second aspect of the present invention may include:
the obtaining unit is used for obtaining the address acted by the non-read-only command through the write filtering function;
the judging unit includes:
and the judging subunit is used for judging whether the non-read-only command acts on the data of the read-only partition in the EMMC according to the address.
With reference to the second aspect of the present invention, the first embodiment of the second aspect of the present invention, the second embodiment of the second aspect of the present invention, and the third embodiment of the second aspect of the present invention may include:
a construction unit for constructing a structure function;
and the configuration unit is used for configuring the write filtering function in the structure function.
With reference to the second aspect of the present invention, the first embodiment of the second aspect of the present invention, the second embodiment of the second aspect of the present invention, and the fourth embodiment of the second aspect of the present invention may include:
and the first processing unit is used for canceling the write filtering function in a restarting mode.
With reference to the second aspect of the present invention, the first embodiment of the second aspect of the present invention, the second embodiment of the second aspect of the present invention, and the fifth embodiment of the second aspect of the present invention may include:
and the second processing unit is used for issuing the non-read-only command if the unlocking code of the android device is acquired.
In view of the above, a third aspect of the present invention provides a terminal, which may include:
one or more processors; a memory; and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for:
receiving a non-read-only command to an EMMC driving layer of an embedded multimedia card;
if the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode, starting a pre-configured write filtering function;
and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not through the write filtering function, if so, filtering the non-read-only command through the write filtering function, and if not, issuing the non-read-only command.
With reference to the third aspect of the present invention, the first embodiment of the third aspect of the present invention may include:
and determining that the working mode of the operating system where the EMMC driving layer is located is a normal starting mode or a normal engineering Recovery mode according to a processing function triggered in the initialization init process corresponding to the non-read-only command.
With reference to the third aspect of the present invention, the second embodiment of the third aspect of the present invention may include:
acquiring an address acted by the non-read-only command through the write filtering function;
and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not according to the address.
With reference to the third aspect of the present invention, the first embodiment of the third aspect of the present invention, the second embodiment of the third aspect of the present invention, and the third embodiment of the third aspect of the present invention may include:
constructing a structure function;
and configuring the write filtering function in the structure function.
With reference to the third aspect of the present invention, the first embodiment of the third aspect of the present invention, the second embodiment of the third aspect of the present invention, and the fourth embodiment of the third aspect of the present invention may include:
and canceling the write filtering function in a restarting mode.
With reference to the third aspect of the present invention, the first embodiment of the third aspect of the present invention, the second embodiment of the third aspect of the present invention, and the fifth embodiment of the third aspect of the present invention may include:
and if the unlocking code of the android device is acquired, issuing the non-read-only command.
With reference to the third aspect of the present invention, a sixth embodiment of the third aspect of the present invention may include:
the memory is a readable storage medium, the instructions when executed by the terminal cause the terminal to perform the instructions of:
receiving a non-read-only command to an EMMC driving layer of an embedded multimedia card;
if the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode, starting a pre-configured write filtering function;
and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not through the write filtering function, if so, filtering the non-read-only command through the write filtering function, and if not, issuing the non-read-only command.
With reference to the third aspect of the present invention, the first embodiment of the third aspect of the present invention may include:
and determining that the working mode of the operating system where the EMMC driving layer is located is a normal starting mode or a normal engineering Recovery mode according to a processing function triggered in the initialization init process corresponding to the non-read-only command.
With reference to the third aspect of the present invention, the second embodiment of the third aspect of the present invention may include:
acquiring an address acted by the non-read-only command through the write filtering function;
and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not according to the address.
With reference to the third aspect of the present invention, the first embodiment of the third aspect of the present invention, the second embodiment of the third aspect of the present invention, and the third embodiment of the third aspect of the present invention may include:
constructing a structure function;
and configuring the write filtering function in the structure function.
With reference to the third aspect of the present invention, the first embodiment of the third aspect of the present invention, the second embodiment of the third aspect of the present invention, and the fourth embodiment of the third aspect of the present invention may include:
and canceling the write filtering function in a restarting mode.
With reference to the third aspect of the present invention, the first embodiment of the third aspect of the present invention, the second embodiment of the third aspect of the present invention, and the fifth embodiment of the third aspect of the present invention may include:
and if the unlocking code of the android device is acquired, issuing the non-read-only command.
According to the technical scheme, the embodiment of the invention has the following advantages: through write filtering function of pre-configuration, judge whether non read-only command is acted on the data of the read-only subregion in the EMMC drive layer, when judging for yes, filter this non read-only command, because EMMC can abstract out only one EMMC equipment at the EMMC drive layer, through restricting the read-only subregion that EMMC equipment points to, just also reached the purpose that the data of preventing the read-only subregion was tampered, so can prevent that android equipment from being Root.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a diagram of an embodiment of a method for preventing an android device from Root in an embodiment of the present invention;
FIG. 2 is a diagram of another embodiment of a method for preventing Root of an android device in the embodiment of the present invention;
FIG. 3 is a schematic diagram of an embodiment of an apparatus for preventing an android device from Root in the embodiment of the present invention;
FIG. 4 is a schematic diagram of another embodiment of an apparatus for preventing an android device from Root in the embodiment of the present invention;
fig. 5 is a schematic diagram of an embodiment of a terminal device according to the embodiment of the present invention;
fig. 6 is a schematic diagram of an embodiment of the present invention, in which a terminal is taken as a mobile phone.
Detailed Description
The embodiment of the invention provides a method, a device and a terminal for preventing android equipment from being Root, which can prevent the android equipment from being Root.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding the embodiment of the present invention, a principle of preventing Root of the android device in the embodiment of the present invention is described below.
The System partition read-only protection scheme can effectively prevent common one-key Root tools from being cracked. However, since the Embedded multimedia Card (EMMC) is implemented in the block device layer, and multiple block devices are abstracted from the Embedded multimedia Card (EMMC) in the block device layer, the block devices point to each partition on the whole EMMC (where a block device points to the System partition on the EMMC), only access to the System partition can be limited in the block device layer, but hacking can not be completely prevented from performing Root by replacing a mirror image by accessing other partitions to illegally write. Because only one EMMC device can be abstracted from the EMMC driving layer, the aim of preventing the data of the read-only partition from being distorted can be achieved by limiting the read-only partition pointed by the EMMC device (the invention filters the non-read-only command of the data acting on the read-only partition by configuring the write filtering function and by the write filtering function), the Root can be completely prevented from being carried out by replacing the mirror image, and meanwhile, the cracking of a common one-key Root tool can be effectively prevented.
On the basis of the above principle, Root of a device such as a mobile phone or a tablet is described by the following embodiments:
referring to fig. 1, an embodiment of a method for preventing an android device from Root in an embodiment of the present invention includes:
101. receiving a non-read-only command to an EMMC driving layer of an embedded multimedia card;
in this embodiment, non-read-only commands to the EMMC driver layer of the embedded multimedia card are received, where the non-read-only commands include a single block write (CMD24), a multi-block write (CMD25), and an erase command (CMD38), and other types of non-read-only commands, which are not limited herein.
102. If the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode, starting a pre-configured write filtering function;
after receiving a non-read-only command for an EMMC driving layer of an embedded multimedia card, if the working mode of an operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovrey mode, starting a pre-configured write filtering function, wherein the Recovrey mode is a mode capable of modifying data or a system in an android, and is called a recovery mode and a flash mode.
It should be noted that the write filter function is used to block an illegal write operation, and may be configured by constructing a structure function, and the write filter function mainly includes three functions: determining whether the received command is a non-read-only command, determining whether the non-read-only command acts on data of the read-only partition, and filtering the non-read-only command.
It should be noted that the normal start mode herein may be understood as a mode with a complete interface, and the Recovery mode herein may be understood as a mode with a simple interface and used for mobile phone maintenance.
Further, the operating system may be an operating system of a mobile phone, and may also be an operating system of a tablet. Root is carried out on the android device in the invention, which can be understood as Root carried out on the device with the android operating system.
103. And judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not through the write filtering function, if so, filtering the non-read-only command through the write filtering function, and if not, issuing the non-read-only command.
And judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not through the write filtering function, if so, stopping issuing the non-read-only command, returning to the end, and optionally setting an error mark, otherwise, issuing the non-read-only command.
The stopping of issuing the non-read-only command is a method for filtering the non-read-only command, and other methods may also be adopted to filter the non-read-only command, which is not described herein again.
In this embodiment, whether the non-read-only command is applied to the data of the read-only partition in the EMMC drive layer is determined through the write filter function configured in advance, and when the determination is yes, the non-read-only command is filtered.
For convenience of understanding, the following describes in detail a method for preventing Root from occurring on an android device in an embodiment of the present invention, and with reference to fig. 2, another embodiment of the method for preventing Root from occurring on an android device in an embodiment of the present invention includes:
201. receiving a non-read-only command to an EMMC drive layer;
in this embodiment, non-read-only commands of the upper layer application to the EMMC driver layer are received, where the non-read-only commands include a single block write (CMD24) and a multi-block write (CMD25) and an erase command (CMD38), and other types of non-read-only commands are also included, which is not limited herein.
It should be noted that the non-read-only command may be issued by a block device request (BIO), converted into a Multimedia Card (MMC) request structure at the EMMC driver layer, and queued for processing in a queue of the MMC.
202. If the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode according to the processing function triggered in the initialization init process corresponding to the non-read-only command, starting a pre-configured write filtering function;
after receiving a non-read-only command for an EMMC drive layer, determining that the working mode of an operating system where the EMMC drive layer is located is a normal starting mode or a normal engineering Recovrey mode according to a processing function triggered in an initialization init process corresponding to the non-read-only command, and starting a pre-configured write filtering function, wherein the Recovrey mode is a mode capable of modifying data or systems inside an android, and is called a recovery mode and a flash mode.
It should be noted that the processing function may be a processing function in sys _ wp _ init _ Action, which is an operation of a standard Action (Action) in the android architecture, may be understood as a function executed during the boot process, and may also be another type of processing function, which is not limited herein.
It should be noted that, by constructing a structure function, the write filter function is configured in the structure function, and the write filter function mainly includes three functions: determining whether the received command is a non-read-only command, determining whether the non-read-only command acts on data of the read-only partition, and filtering the non-read-only command.
It should be noted that the normal start mode herein may be understood as a mode with a complete interface, and the Recovery mode herein may be understood as a mode with a simple interface and used for mobile phone maintenance.
Further, the operating system may be an operating system of a mobile phone, and may also be an operating system of a tablet. Root is carried out on the android device in the invention, which can be understood as Root carried out on the device with the android operating system.
And when the working mode of the operating system where the EMMC driving layer is positioned is determined not to be a normal starting mode or a normal engineering Recovrey mode according to the processing function triggered in the initialization init process corresponding to the non-read-only command, canceling the write filtering function in a restarting mode.
203. Acquiring an address acted by the non-read-only command through the write filtering function;
and acquiring the address mapped by the non-read-only command through the write filtering function, wherein the write filtering function is indicated to be configured with a function of acquiring the address in advance.
204. Judging whether the non-read-only command acts on the data of the read-only partition in the EMMC according to the address, if so, executing a step 205, and if not, executing a step 206;
because some partitions corresponding to the addresses are read-only and some partitions corresponding to the addresses are not read-only, whether the non-read-only command acts on the data of the read-only partition in the EMMC is judged according to the addresses, if yes, step 205 is executed, and if not, step 206 is executed.
205. Filtering the non-read-only commands by the write filtering function;
and after judging that the non-read-only command acts on the data of the read-only partition in the EMMC driving layer according to the address, stopping issuing the non-read-only command through the write filtering function, returning to the end, and optionally setting an error mark.
206. The non-read-only command is issued.
And issuing the non-read-only command after judging that the non-read-only command does not act on the data of the read-only partition in the EMMC driving layer according to the address.
It should be noted that, if the unlock code is received, the non-read-only command is issued. That is, as long as there is an unlock code, a legal Root can be performed.
Further, Root by unlock code is one of a plurality of special cases, and legal Root can be performed under the following conditions:
the method comprises a mirror image loading link, a mirror image upgrading link of a user, a product development and debugging stage and the first starting of an operating system.
Before Root is performed by adopting the method, whether the condition is met or not can be judged, and if yes, Root is allowed.
In this embodiment, whether the non-read-only command is applied to the data of the read-only partition in the EMMC drive layer is determined through the write filter function configured in advance, and when the determination is yes, the non-read-only command is filtered.
Secondly, the judgment of the normal starting mode and the normal Recovery mode is detailed, and whether the non-read-only command acts on the data of the read-only partition in the EMMC is judged through the address, so that the embodiment has higher openness.
For convenience of understanding, the method for preventing Root of an android device in the embodiment of the present invention is described in an actual application scenario as follows:
the mobile phone is provided with a write filtering function in advance, after the hacker A finishes downloading the mirror image, the hacker A starts to flush the mirror image, in the flushing process, the mobile phone receives a non-read-only command to the EMMC driving layer, judges that the non-read-only command is a normal Recovery mode non-read-only command according to a processing function triggered in an init process corresponding to the non-read-only command, starts the write filtering function, acquires an address acted by the non-read-only command, determines data acted by the non-read-only command on a read-only partition in the EMMC driving layer through the address, stops issuing the non-read-only command through the write filtering function, returns to the end, and sets an error mark.
Referring to fig. 3, the apparatus for preventing Root from occurring to an android device in the embodiment of the present invention is described below, where an embodiment of the apparatus for preventing Root from occurring to an android device in the embodiment of the present invention includes:
a receiving unit 301, configured to receive a non-read-only command for an EMMC driver layer of an embedded multimedia card;
a determining unit 302, configured to determine that a working mode of an operating system where the EMMC driving layer is located is a normal start mode or a normal engineering recodrey mode;
a start unit 303, configured to start a preconfigured write filter function;
a determining unit 304, configured to determine whether the non-read-only command acts on data of a read-only partition in the EMMC driving layer through the write filtering function;
an execution unit 305, configured to filter the non-read-only command through the write filtering function when the determining unit 304 determines that the non-read-only command acts on the data of the read-only partition in the EMMC driving layer through the write filtering function, and issue the non-read-only command when the determining unit 304 determines that the non-read-only command does not act on the data of the read-only partition in the EMMC driving layer through the write filtering function.
In this embodiment, whether the non-read-only command is applied to the data of the read-only partition in the EMMC drive layer is determined through the write filter function configured in advance, and when the determination is yes, the non-read-only command is filtered.
For convenience of understanding, the following describes in detail an apparatus for preventing Root from being performed on an android device in an embodiment of the present invention, and with reference to fig. 4, another embodiment of the apparatus for preventing Root from being performed on an android device in an embodiment of the present invention includes:
a receiving unit 401, configured to receive a non-read-only command for an EMMC driver layer of an embedded multimedia card;
a determining unit 402, configured to determine that a working mode of an operating system where the EMMC driving layer is located is a normal start mode or a normal engineering recodrey mode;
a start unit 403 for starting a preconfigured write filter function;
a determining unit 404, configured to determine whether the non-read-only command acts on data of a read-only partition in the EMMC driving layer through the write filtering function;
an execution unit 405, configured to filter the non-read-only command through the write filtering function when the determining unit 404 determines that the non-read-only command acts on the data of the read-only partition in the EMMC driving layer through the write filtering function, and issue the non-read-only command when the determining unit 404 determines that the non-read-only command does not act on the data of the read-only partition in the EMMC driving layer through the write filtering function.
This embodiment still includes:
an obtaining unit 406, configured to obtain, by the write filter function, an address to which the non-read-only command acts;
a construction unit 407 for constructing a structure function;
a configuration unit 408 configured to configure the write filter function in the structure function;
a first processing unit 409, configured to cancel the write filtering function by way of an emergency restart;
the second processing unit 410 is configured to issue the non-read-only command if the unlock code of the android device is obtained.
The determining unit 402 in this embodiment includes:
a determining subunit 4021, configured to determine, according to a processing function triggered in the initialization init process corresponding to the non-read-only command, that a working mode of an operating system in which the EMMC driving layer is located is a normal start mode or a normal engineering Recovery mode;
the determining unit 404 in this embodiment includes:
a determining subunit 4041, configured to determine whether the non-read-only command acts on data of the read-only partition in the EMMC according to the address.
In this embodiment, whether the non-read-only command is applied to the data of the read-only partition in the EMMC drive layer is determined through the write filter function configured in advance, and when the determination is yes, the non-read-only command is filtered.
Secondly, the judgment of the normal starting mode and the normal Recovery mode is detailed, and whether the non-read-only command acts on the data of the read-only partition in the EMMC is judged through the address, so that the embodiment has higher openness.
For easy understanding, the following describes, in an actual application scenario, interactions among units of the apparatus for preventing Root of the android device in this embodiment:
the receiving unit 401 receives non-read-only commands of an upper layer application to the EMMC driving layer, wherein the non-read-only commands include a single block write (CMD24) and a multi-block write (CMD25) and an erase command (CMD38), and also include other types of non-read-only commands, which are not limited herein; it should be noted that the non-read-only command may be issued by a block device request (BIO), converted into an MMC request structure at the EMMC driver layer BIO, and queued for processing in an MMC queue. After receiving a non-read-only command for an EMMC drive layer, a determining subunit 4021 in the determining unit 402 determines, according to a processing function triggered in an initialization init process corresponding to the non-read-only command, that a working mode of an operating system in which the EMMC drive layer is located is a normal start mode or a normal engineering Recovrey mode, and then the starting unit 403 starts a preconfigured write filter function, where the Recovrey mode is a mode that can modify data or a system inside an android, and the recoveriy mode is also called a Recovery mode or a flush mode; it should be noted that the processing function may be a processing function in sys _ wp _ init _ Action, and the processing function is an operation of a standard Action (Action) in the android architecture, and may be understood as a function executed during the boot process. Other types of processing functions are also possible and are not specifically limited herein. It should be noted that, a structure function is constructed by the construction unit 407, and the write filter function is configured by the configuration unit 408 in the structure function, and the write filter function mainly includes three functions: determining whether the received command is a non-read-only command, determining whether the non-read-only command acts on data of the read-only partition, and filtering the non-read-only command. The normal starting mode can be understood as a mode with a complete interface, and the Recovery mode can be understood as a mode with a simple interface and used for mobile phone maintenance. Further, the operating system may be an operating system of a mobile phone, and may also be an operating system of a tablet. Root is carried out on the android device in the invention, which can be understood as Root carried out on the device with the android operating system. When determining that the operating mode of the operating system in which the EMMC driver layer is located is not the normal start mode or the normal engineering recorvrey mode according to the processing function triggered in the initialization init process corresponding to the non-read-only command, the first processing unit 409 cancels the write filtering function in a restart manner. The obtaining unit 406 obtains the address mapped by the non-read-only command through the write filter function. Since some of the partitions corresponding to the addresses are read-only and some of the partitions corresponding to the addresses are not read-only, the determination subunit 4041 in the determination unit 404 determines whether the non-read-only command acts on the data of the read-only partition in the EMMC according to the addresses. When it is determined that the non-read-only command acts on the data of the read-only partition in the EMMC driving layer according to the address, the execution unit 405 stops issuing the non-read-only command through the write filter function, returns to the end, and may select to set an error flag. When it is determined that the non-read-only command does not act on the data of the read-only partition in the EMMC driving layer according to the address, the execution unit 405 issues the non-read-only command. If the unlocking code of the android device is acquired, the second processing unit 410 issues the non-read-only command.
An embodiment of the present invention further provides a terminal, as shown in fig. 5, including: a receiver 501, a processor 502;
the processor 502 is configured to control and execute: receiving a non-read-only command to an EMMC driving layer of an embedded multimedia card; if the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode, starting a pre-configured write filtering function; and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not through the write filtering function, if so, filtering the non-read-only command through the write filtering function, and if not, issuing the non-read-only command.
In this embodiment, whether the non-read-only command is applied to the data of the read-only partition in the EMMC drive layer is determined through the write filter function configured in advance, and when the determination is yes, the non-read-only command is filtered.
The embodiment of the invention also provides a specific implementation scheme for determining the working mode, which comprises the following steps: the processor 502 is specifically configured to control and execute: and if the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode according to the processing function triggered in the initialization init process corresponding to the non-read-only command, starting a pre-configured write filtering function, otherwise, canceling the write filtering function in a restarting mode.
The Recovrey mode is a mode which can modify data or a system inside the android. The processing function may be a processing function in sys _ wp _ init _ Action, which is a standard Action (Action) operation in the android architecture, may be understood as a function executed during the boot process, and may also be another type of processing function, which is not limited herein.
In this embodiment of the present invention, since some partitions corresponding to addresses are read-only and some partitions corresponding to addresses are not read-only, the processor 502 is further configured to control execution of: and acquiring an address acted by the non-read-only command through the write filtering function, judging whether the non-read-only command acts on data of a read-only partition in the EMMC driving layer or not according to the address, if so, filtering the non-read-only command through the write filtering function, and if not, issuing the non-read-only command.
Referring to fig. 6, another embodiment of the terminal according to the embodiment of the present invention includes:
for convenience of explanation, only the parts related to the embodiments of the present invention are shown, and details of the specific techniques are not disclosed. The terminal may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal digital assistant), a POS (Point of Sales), a vehicle-mounted computer, etc., taking the terminal as the mobile phone as an example:
fig. 6 is a block diagram illustrating a partial structure of a mobile phone related to a terminal provided in an embodiment of the present invention. Referring to fig. 6, the handset includes: radio Frequency (RF) circuit 610, memory 620, input unit 630, display unit 640, sensor 650, audio circuit 660, wireless fidelity (WiFi) module 670, processor 680, and power supply 690. Those skilled in the art will appreciate that the handset configuration shown in fig. 6 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following describes each component of the mobile phone in detail with reference to fig. 6:
the RF circuit 610 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, receives downlink information of a base station and then processes the received downlink information to the processor 680; in addition, the data for designing uplink is transmitted to the base station. In general, the RF circuit 610 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, the RF circuitry 610 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to global system for Mobile communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Messaging Service (SMS), and the like.
The memory 620 may be used to store software programs and modules, and the processor 680 may execute various functional applications and data processing of the mobile phone by operating the software programs and modules stored in the memory 620. The memory 620 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 620 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 630 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the cellular phone. Specifically, the input unit 630 may include a touch panel 631 and other input devices 632. The touch panel 631, also referred to as a touch screen, may collect touch operations of a user (e.g., operations of the user on the touch panel 631 or near the touch panel 631 by using any suitable object or accessory such as a finger or a stylus) thereon or nearby, and drive the corresponding connection device according to a preset program. Alternatively, the touch panel 631 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 680, and can receive and execute commands sent by the processor 680. In addition, the touch panel 631 may be implemented using various types, such as resistive, capacitive, infrared, and surface acoustic wave. The input unit 630 may include other input devices 632 in addition to the touch panel 631. In particular, other input devices 632 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 640 may be used to display information input by the user or information provided to the user and various menus of the mobile phone. The display unit 640 may include a display panel 641, and optionally, the display panel 641 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 631 can cover the display panel 641, and when the touch panel 631 detects a touch operation thereon or nearby, the touch panel is transmitted to the processor 680 to determine the type of the touch event, and then the processor 680 provides a corresponding visual output on the display panel 641 according to the type of the touch event. Although in fig. 6, the touch panel 631 and the display panel 641 are two independent components to implement the input and output functions of the mobile phone, in some embodiments, the touch panel 631 and the display panel 641 may be integrated to implement the input and output functions of the mobile phone.
The handset may also include at least one sensor 650, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that adjusts the brightness of the display panel 641 according to the brightness of ambient light, and a proximity sensor that turns off the display panel 641 and/or the backlight when the mobile phone is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.
Audio circuit 660, speaker 661, and microphone 662 can provide an audio interface between a user and a cell phone. The audio circuit 660 may transmit the electrical signal converted from the received audio data to the speaker 661, and convert the electrical signal into an audio signal through the speaker 661 for output; on the other hand, the microphone 662 converts the collected sound signals into electrical signals, which are received by the audio circuit 660 and converted into audio data, which are processed by the audio data output processor 680 and then transmitted via the RF circuit 610 to, for example, another cellular phone, or output to the memory 620 for further processing.
WiFi belongs to short-distance wireless transmission technology, and the mobile phone can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 670, and provides wireless broadband Internet access for the user. Although fig. 6 shows the WiFi module 670, it is understood that it does not belong to the essential constitution of the handset, and can be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 680 is a control center of the mobile phone, and connects various parts of the entire mobile phone by using various interfaces and lines, and performs various functions of the mobile phone and processes data by operating or executing software programs and/or modules stored in the memory 620 and calling data stored in the memory 620, thereby performing overall monitoring of the mobile phone. Optionally, processor 680 may include one or more processing units; preferably, the processor 680 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 680.
The handset also includes a power supply 690 (e.g., a battery) for powering the various components, which may preferably be logically connected to the processor 680 via a power management system, such that the power management system may be used to manage charging, discharging, and power consumption.
Although not shown, the mobile phone may further include a camera, a bluetooth module, etc., which are not described herein.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (12)

1. A method for preventing an android device from being Root, the method comprising:
receiving a non-read-only command to an EMMC driving layer of an embedded multimedia card;
if the working mode of the operating system where the EMMC driving layer is located is determined to be a normal starting mode or a normal engineering Recovery mode, starting a pre-configured write filtering function;
judging whether the non-read-only command acts on data of a read-only partition in the EMMC driving layer or not through the write filtering function, if so, filtering the non-read-only command through the write filtering function, and if not, issuing the non-read-only command;
the determining that the working mode of the operating system where the EMMC driving layer is located is a normal starting mode or a normal engineering Recovery mode includes:
and determining that the working mode of the operating system where the EMMC driving layer is located is a normal starting mode or a normal engineering Recovery mode according to a processing function triggered in the initialization init process corresponding to the non-read-only command.
2. The method of claim 1, wherein prior to determining whether the non-read-only command acted on data of the read-only partition in the EMMC drive layer by the write filter function, the method further comprises:
acquiring an address acted by the non-read-only command through the write filtering function;
the data for judging whether the non-read-only command acts on the read-only partition in the EMMC driving layer through the write filtering function comprises the following steps:
and judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer or not according to the address.
3. The method according to any one of claims 1 to 2, further comprising:
constructing a structure function;
and configuring the write filtering function in the structure function.
4. The method of any of claims 1-2, wherein if it is determined that the operating mode of the operating system in which the EMMC driver layer is located is not a normal boot mode or a normal engineering Recovrey mode, the method further comprises:
and canceling the write filtering function in a restarting mode.
5. The method according to any one of claims 1 to 2, further comprising:
and if the unlocking code of the android device is acquired, issuing the non-read-only command.
6. An apparatus for preventing android device from Root, comprising:
the receiving unit is used for receiving a non-read-only command of an embedded multimedia card EMMC driving layer;
the determining unit is used for determining that the working mode of the operating system where the EMMC driving layer is located is a normal starting mode or a normal engineering Recovrey mode;
a start unit for starting a preconfigured write filter function;
the judging unit is used for judging whether the non-read-only command acts on the data of the read-only partition in the EMMC driving layer through the write filtering function;
the execution unit is used for filtering the non-read-only command through the write filtering function when the judging unit judges that the non-read-only command acts on the data of the read-only partition in the EMMC driving layer, and issuing the non-read-only command when the judging unit judges that the non-read-only command does not act on the data of the read-only partition in the EMMC driving layer;
the determination unit includes:
and the determining subunit is configured to determine, according to a processing function triggered in the initialization init process corresponding to the non-read-only command, that the operating mode of the operating system in which the EMMC drive layer is located is a normal start mode or a normal engineering Recovery mode.
7. The apparatus of claim 6, further comprising:
the obtaining unit is used for obtaining the address acted by the non-read-only command through the write filtering function;
the judging unit includes:
and the judging subunit is used for judging whether the non-read-only command acts on the data of the read-only partition in the EMMC according to the address.
8. The apparatus of any one of claims 6 to 7, further comprising:
a construction unit for constructing a structure function;
and the configuration unit is used for configuring the write filtering function in the structure function.
9. The apparatus of any of claims 6-7, wherein if it is determined that the operating mode of the operating system in which the EMMC driver layer is located is not a normal boot mode or a normal engineering Recovrey mode, the apparatus further comprises:
and the first processing unit is used for canceling the write filtering function in a restarting mode.
10. The apparatus of any one of claims 6 to 7, further comprising:
and the second processing unit is used for issuing the non-read-only command if the unlocking code of the android device is acquired.
11. A terminal, comprising:
one or more processors; a memory; and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing the method of any of claims 1-5.
12. The terminal of claim 11, wherein the memory is a readable storage medium, and wherein the instructions, when executed by the terminal, cause the terminal to perform the instructions of the method of any of claims 1 to 5.
CN201580004158.9A 2015-05-26 2015-05-26 Method and device for preventing android device from being super-user (Root) and terminal Active CN106471464B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/079812 WO2016187806A1 (en) 2015-05-26 2015-05-26 Method, device and terminal for preventing android device from being rooted

Publications (2)

Publication Number Publication Date
CN106471464A CN106471464A (en) 2017-03-01
CN106471464B true CN106471464B (en) 2020-01-10

Family

ID=57393633

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580004158.9A Active CN106471464B (en) 2015-05-26 2015-05-26 Method and device for preventing android device from being super-user (Root) and terminal

Country Status (2)

Country Link
CN (1) CN106471464B (en)
WO (1) WO2016187806A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111651177B (en) * 2020-05-27 2024-03-12 上海龙旗科技股份有限公司 Number writing method, device and computer readable medium based on android platform

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101464841A (en) * 2008-12-31 2009-06-24 杭州华三通信技术有限公司 Method and system for implementing write protection of block memory stack
CN103473502A (en) * 2013-09-16 2013-12-25 惠州Tcl移动通信有限公司 Method and system for acquiring Root rights of android-based mobile terminal
CN103646208A (en) * 2013-12-04 2014-03-19 华为终端有限公司 Monitoring method and device of eMMC
CN104268462A (en) * 2014-09-25 2015-01-07 福建联迪商用设备有限公司 Sub-zone protecting method and device of Android system
CN104517060A (en) * 2015-01-08 2015-04-15 南京创和信息技术有限公司 System and method for intercepting file access instruction based on Android platform

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103019775B (en) * 2012-11-28 2016-04-13 小米科技有限责任公司 A kind of method of terminal device brush machine, device and equipment
US20140259004A1 (en) * 2013-03-07 2014-09-11 Go Daddy Operating Company, LLC System for trusted application deployment
CN104239096A (en) * 2014-09-02 2014-12-24 艾体威尔电子技术(北京)有限公司 Method and unit for realizing security data partitions in Android system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101464841A (en) * 2008-12-31 2009-06-24 杭州华三通信技术有限公司 Method and system for implementing write protection of block memory stack
CN103473502A (en) * 2013-09-16 2013-12-25 惠州Tcl移动通信有限公司 Method and system for acquiring Root rights of android-based mobile terminal
CN103646208A (en) * 2013-12-04 2014-03-19 华为终端有限公司 Monitoring method and device of eMMC
CN104268462A (en) * 2014-09-25 2015-01-07 福建联迪商用设备有限公司 Sub-zone protecting method and device of Android system
CN104517060A (en) * 2015-01-08 2015-04-15 南京创和信息技术有限公司 System and method for intercepting file access instruction based on Android platform

Also Published As

Publication number Publication date
WO2016187806A1 (en) 2016-12-01
CN106471464A (en) 2017-03-01

Similar Documents

Publication Publication Date Title
CN104135500B (en) The method and system that prompting application upgrades
CN106250223B (en) Background process management method and terminal equipment
CN112560001B (en) Method for managing application program use time offline and terminal equipment
CN108255683B (en) Method for prompting message in terminal and terminal
CN108834132B (en) Data transmission method and equipment and related medium product
CN103544033A (en) Method, device and associated equipment for rolling back application program
CN105760203A (en) Software upgrading method and terminal equipment
CN107329778B (en) System updating method and related product
CN107656754B (en) Method for restoring set parameters and user equipment thereof
CN105653220B (en) Screen data display method and device in remote control
CN106331370A (en) Data transmission method and terminal device
CN103294442B (en) A kind of method of playing alert tones, device and terminal device
CN103491525A (en) Method for achieving card-free mobile phone, mobile phone and server
CN106507482A (en) A kind of network locating method and terminal device
CN106569910A (en) Data backup and transmission method, and mobile terminal
CN106534324A (en) Data sharing method and cloud server
CN106658354A (en) Data transmission method and equipment
CN106445743A (en) Data backup transmission method and mobile terminal
CN115668123A (en) Audio resource allocation method and device and electronic equipment
CN107357651B (en) Application acceleration method and device and terminal
CN106484563B (en) Data migration method and terminal equipment
CN103561155B (en) Send the method for note, device and terminal
CN103312783B (en) Method, device and system for switching function modes
CN106656978A (en) Account login method and server
CN106844057B (en) Data processing method and device and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210419

Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040

Patentee after: Honor Device Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.