CN106682501A - Set-top-box application program management method and system - Google Patents

Set-top-box application program management method and system Download PDF

Info

Publication number
CN106682501A
CN106682501A CN201611183326.8A CN201611183326A CN106682501A CN 106682501 A CN106682501 A CN 106682501A CN 201611183326 A CN201611183326 A CN 201611183326A CN 106682501 A CN106682501 A CN 106682501A
Authority
CN
China
Prior art keywords
application program
sandbox
application
top box
independent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611183326.8A
Other languages
Chinese (zh)
Inventor
陈永佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Jiuzhou Electric Appliance Co Ltd
Original Assignee
Shenzhen Jiuzhou Electric Appliance Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Jiuzhou Electric Appliance Co Ltd filed Critical Shenzhen Jiuzhou Electric Appliance Co Ltd
Priority to CN201611183326.8A priority Critical patent/CN106682501A/en
Publication of CN106682501A publication Critical patent/CN106682501A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a set-top-box application program management method and system. Independent sandboxes are established for application programs respectively, all the application programs are put into corresponding sand boxes of all the application programs and operate, and the application programs are managed with the sandbox technology; the sandboxes are isolated, all the application programs can only access resources in the sandboxes of the application programs, resources of other application programs are not accessed, system resources cannot be directly accessed through all the application programs, the stability and the safety of a set-top-box system can be guaranteed accordingly, normal working of a set top box is guaranteed, and inconvenience of using of a user is avoided.

Description

Set-top box application procedure management method and system
Technical field
The present invention relates to digital TV field, more particularly to a kind of set-top box application procedure management method and system.
Background technology
With the development of technology, Set Top Box is more and more intelligent, and user also improves constantly to the demand of Intelligent set top box, many Tasking operating system is widely used on Intelligent set top box.
But, current multiple task operating system is increased income, such as linux system, there are many potential safety hazards, using journey The authority and ability of sequence can significantly affect the stability of set-top-box system operation and safety, strong influence Set Top Box Normal work, to user using bringing very big inconvenience.
The content of the invention
In view of this, it is necessary to can largely affect set-top-box system to transport for the authority and ability of above-mentioned application program Row stability and safety, affect Set Top Box normal work problem, there is provided a kind of set-top box application procedure management method and System.
The present invention provides a kind of set-top box application procedure management method, comprises the steps:
An independent sandbox is created for each application program;
Each application program is put in each self-corresponding sandbox and is run, led to using IPC between each application program Letter, and each application program is controlled with the operation of non-privileged identity.
In one of which embodiment, it is described the step of create an independent sandbox for each application program also Including:
According to the demand of each application program, the resource of correspondence sandbox is limited;According to the demand of each application program, limit The system capability of correspondence sandbox.
In one of which embodiment, the resource for limiting correspondence sandbox is specially:Limit the file letter of sandbox Breath, progress information, user profile, the network equipment and memory size.
In one of which embodiment, it is described the step of create an independent sandbox for each application program also Including:
The usage frequency of each application program is counted, is application program one independence of establishment that usage frequency exceedes setting value Sandbox;
The system resource that each application program takes is counted, is the application program wound that occupying system resources exceed setting ratio Build an independent sandbox.
The present invention also provides a kind of set-top box application system for managing program, including:
Sandbox creation module, is that each application program creates an independent sandbox;
Application management module, each application program is put in each self-corresponding sandbox and is run, each application program Between communicated using IPC, and control each application program with non-privileged identity operation.
In one of which embodiment, the sandbox creation module is according to the demand of each application program, and it is right to limit Answer the resource of sandbox;According to the demand of each application program, the system capability of correspondence sandbox is limited.
In one of which embodiment, the sandbox creation module limits the resource of correspondence sandbox and is specially:Limit The fileinfo of sandbox, progress information, user profile, the network equipment and memory size.
In one of which embodiment, the sandbox creation module counts the usage frequency of each application program, is Usage frequency exceedes the application program of setting value and creates an independent sandbox;
The system resource that each application program takes is counted, is the application program wound that occupying system resources exceed setting ratio Build an independent sandbox.
Set-top box application procedure management method of the present invention and system, are that application program each creates an independent sandbox, Each application program is put in each self-corresponding sandbox and is run, by being managed to application program using Sandboxing, By the isolation of sandbox so that each application program can only access the resource in itself sandbox, access less than other application program Resource, and each application program cannot direct access system resources such that it is able to ensure the stability of set-top-box system And safety, ensure the normal work of Set Top Box, it is to avoid to user using making troubles.
Description of the drawings
Fig. 1 is the flow chart of the set-top box application procedure management method in one embodiment;
Fig. 2 is the structure chart of the set-top box application system for managing program in one embodiment.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, it is right below in conjunction with drawings and Examples The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, not For limiting the present invention.
Fig. 1 is the flow chart of the set-top box application procedure management method in one embodiment, as shown in figure 1, the method bag Include following steps:
S10:An independent sandbox is created for each application program.
Sandboxing, is a virtual system program, it is allowed to which application program runs in sandbox environment, with independent fortune Row environment, by the isolation of sandbox so that each application program can only access the resource in itself sandbox, accessing should less than other With the resource of program, and each application program cannot direct access system resources such that it is able to ensure set-top-box system Stability and safety, therefore the inventive method is managed using Sandboxing to application program.In this embodiment, for Each application program, creates an independent sandbox so that each application program has one's own freestanding environment.
In further mode, the step also includes:According to the demand of each application program, the money of correspondence sandbox is limited Source;According to the demand of each application program, the system capability of correspondence sandbox is limited.Further, the resource of correspondence sandbox is limited Specially:Limit fileinfo, progress information, user profile, the network equipment and the memory size of sandbox.
Meanwhile, it is the quantity for reducing sandbox, the step also includes:The usage frequency of each application program is counted, is to use Frequency exceedes the application program of setting value and creates an independent sandbox;
The system resource that each application program takes is counted, is the application program wound that occupying system resources exceed setting ratio Build an independent sandbox.
S20:Each application program is put in each self-corresponding sandbox and is run, (entered using IPC between each application program Communicate between journey) communicated, and each application program is controlled with non-privileged identity (non-root user) operation.
It is the normal of safeguards system after corresponding sandbox is created for each application program, each application program is put into In each self-corresponding sandbox so that each application program independent operating in respective sandbox.To ensure between application program Communication, is communicated between each application program using IPC.Meanwhile, be further ensure set-top-box system stability and Safety, control each application program can only be run with non-privileged identity, thus further ensure set-top-box system Stability and safety.
The set-top box application procedure management method, is that application program each creates an independent sandbox, and each is applied Program is put in each self-corresponding sandbox and runs, by being managed to application program using Sandboxing, by sandbox Isolation so that each application program can only access the resource in itself sandbox, accesses the resource less than other application program, and Each application program cannot direct access system resources such that it is able to ensure stability and the safety of set-top-box system, protect The normal work of barrier Set Top Box, it is to avoid to user using making troubles.
Meanwhile, the present invention also provides a kind of set-top box application system for managing program, as shown in Fig. 2 the system includes:
Sandbox creation module 100, is that each application program creates an independent sandbox.
Sandboxing, is a virtual system program, it is allowed to which application program runs in sandbox environment, with independent fortune Row environment, by the isolation of sandbox so that each application program can only access the resource in itself sandbox, accessing should less than other With the resource of program, and each application program cannot direct access system resources such that it is able to ensure set-top-box system Stability and safety, therefore present system is managed using Sandboxing to application program.In this embodiment, sandbox Creation module 100 is directed to each application program, creates an independent sandbox so that each application program has and belongs to The freestanding environment of oneself.
In further mode, sandbox creation module 100 limits correspondence sandbox according to the demand of each application program Resource;According to the demand of each application program, the system capability of correspondence sandbox is limited.Further, sandbox creation module 100 is limited The resource of system correspondence sandbox is specially:Fileinfo, progress information, user profile, the network equipment and the internal memory for limiting sandbox is big It is little.
Meanwhile, it is the quantity for reducing sandbox, sandbox creation module 100 counts the usage frequency of each application program, to make The application program for exceeding setting value with frequency creates an independent sandbox;
Sandbox creation module 100 counts the system resource that each application program takes, and is that occupying system resources exceed setting The application program of ratio creates an independent sandbox.
Application management module 200, each application program is put in each self-corresponding sandbox and is run, and each applies journey Communicated using IPC (interprocess communication) between sequence, and (non-root is used with non-privileged identity to control each application program Family) operation.
It is the normal of safeguards system after corresponding sandbox is created for each application program, application management module 200 Each application program is put in each self-corresponding sandbox so that each application program independent operating in respective sandbox.For Ensure the communication between application program, application management module 200 controls to be led to using IPC between each application program Letter.Meanwhile, it is stability and the safety for further ensureing set-top-box system, application management module 200 controls each Application program can only be run with non-privileged identity, thus further ensure stability and the safety of set-top-box system.
The set-top box application system for managing program, sandbox creation module 100 be application program each create one it is independent Each application program is put in each self-corresponding sandbox and is run by sandbox, application management module 200, by using sandbox skill Art being managed to application program, by the isolation of sandbox so that each application program can only access the money in itself sandbox Source, accesses the resource less than other application program, and each application program cannot direct access system resources such that it is able to Ensure stability and the safety of set-top-box system, ensure the normal work of Set Top Box, it is to avoid to user using making troubles.
The present invention provide set-top box application procedure management method and system, be application program each create one it is independent Sandbox, each application program is put in each self-corresponding sandbox and is run, by being carried out to application program using Sandboxing Management, by the isolation of sandbox so that each application program can only access the resource in itself sandbox, accesses less than other application The resource of program, and each application program cannot direct access system resources such that it is able to ensure the steady of set-top-box system Qualitative and safety, ensures the normal work of Set Top Box, it is to avoid to user using making troubles.
These are only presently preferred embodiments of the present invention, not to limit the present invention, all spirit in the present invention and Any modification, equivalent and improvement for being made within principle etc., should be included within the scope of the present invention.

Claims (8)

1. a kind of set-top box application procedure management method, it is characterised in that comprise the steps:
An independent sandbox is created for each application program;
Each application program is put in each self-corresponding sandbox and is run, communicated using IPC between each application program, and Each application program is controlled with the operation of non-privileged identity.
2. set-top box application procedure management method according to claim 1, it is characterised in that described for each application program The step of creating an independent sandbox also includes:
According to the demand of each application program, the resource of correspondence sandbox is limited;According to the demand of each application program, correspondence is limited The system capability of sandbox.
3. set-top box application procedure management method according to claim 2, it is characterised in that the restriction correspondence sandbox Resource is specially:Limit fileinfo, progress information, user profile, the network equipment and the memory size of sandbox.
4. set-top box application procedure management method according to claim 1, it is characterised in that described for each application program The step of creating an independent sandbox also includes:
The usage frequency of each application program is counted, is the application program one independent sand of establishment that usage frequency exceedes setting value Box;
The system resource that each application program takes is counted, is the application program establishment one that occupying system resources exceed setting ratio Individual independent sandbox.
5. a kind of set-top box application system for managing program, it is characterised in that include:
Sandbox creation module, is that each application program creates an independent sandbox;
Application management module, each application program is put in each self-corresponding sandbox and is run, between each application program Communicated using IPC, and controlled each application program with the operation of non-privileged identity.
6. set-top box application system for managing program according to claim 5, it is characterised in that the sandbox creation module root According to the demand of each application program, the resource of correspondence sandbox is limited;According to the demand of each application program, correspondence sandbox is limited System capability.
7. set-top box application system for managing program according to claim 6, it is characterised in that the sandbox creation module limit The resource of system correspondence sandbox is specially:Fileinfo, progress information, user profile, the network equipment and the internal memory for limiting sandbox is big It is little.
8. set-top box application system for managing program according to claim 5, it is characterised in that the sandbox creation module system The usage frequency of each application program is counted, is application program one independent sandbox of establishment that usage frequency exceedes setting value;
The system resource that each application program takes is counted, is the application program establishment one that occupying system resources exceed setting ratio Individual independent sandbox.
CN201611183326.8A 2016-12-20 2016-12-20 Set-top-box application program management method and system Pending CN106682501A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611183326.8A CN106682501A (en) 2016-12-20 2016-12-20 Set-top-box application program management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611183326.8A CN106682501A (en) 2016-12-20 2016-12-20 Set-top-box application program management method and system

Publications (1)

Publication Number Publication Date
CN106682501A true CN106682501A (en) 2017-05-17

Family

ID=58869768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611183326.8A Pending CN106682501A (en) 2016-12-20 2016-12-20 Set-top-box application program management method and system

Country Status (1)

Country Link
CN (1) CN106682501A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108958570A (en) * 2017-05-22 2018-12-07 中兴通讯股份有限公司 Method, apparatus, computer equipment and the computer-readable medium of screen management

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102184356A (en) * 2011-04-21 2011-09-14 奇智软件(北京)有限公司 Method, device and safety browser by utilizing sandbox technology to defend
US20130139264A1 (en) * 2011-11-28 2013-05-30 Matthew D. Brinkley Application sandboxing using a dynamic optimization framework
CN103514401A (en) * 2011-04-21 2014-01-15 北京奇虎科技有限公司 Method and device for defense by utilization of sandbox technology and security browser
CN103902380A (en) * 2012-12-26 2014-07-02 北京百度网讯科技有限公司 Method, device and equipment for determining resource distribution through sand box
CN103970574A (en) * 2014-05-22 2014-08-06 北京奇虎科技有限公司 Office program running method and device and computer system
CN105138905A (en) * 2015-08-25 2015-12-09 中国科学院信息工程研究所 Isolation operation method for Linux application program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102184356A (en) * 2011-04-21 2011-09-14 奇智软件(北京)有限公司 Method, device and safety browser by utilizing sandbox technology to defend
CN103514401A (en) * 2011-04-21 2014-01-15 北京奇虎科技有限公司 Method and device for defense by utilization of sandbox technology and security browser
US20130139264A1 (en) * 2011-11-28 2013-05-30 Matthew D. Brinkley Application sandboxing using a dynamic optimization framework
CN103902380A (en) * 2012-12-26 2014-07-02 北京百度网讯科技有限公司 Method, device and equipment for determining resource distribution through sand box
CN103970574A (en) * 2014-05-22 2014-08-06 北京奇虎科技有限公司 Office program running method and device and computer system
CN105138905A (en) * 2015-08-25 2015-12-09 中国科学院信息工程研究所 Isolation operation method for Linux application program

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108958570A (en) * 2017-05-22 2018-12-07 中兴通讯股份有限公司 Method, apparatus, computer equipment and the computer-readable medium of screen management
CN108958570B (en) * 2017-05-22 2023-09-26 中兴通讯股份有限公司 Screen management method, device, computer equipment and computer readable medium

Similar Documents

Publication Publication Date Title
CN111935131B (en) SaaS resource access control method based on resource authority tree
CN105872078B (en) Mixed cloud desktop system and management method
CN109067827B (en) Kubernetes and OpenStack container cloud platform-based multi-tenant construction method, medium and equipment
DE112013000395B4 (en) DEVICE, METHOD AND COMPUTER READABLE STORAGE FOR POLICY ENFORCEMENT IN A COMPUTING ENVIRONMENT
CN103984600B (en) A kind of financial data processing method based on cloud computing
CN110472388B (en) Equipment management and control system and user permission control method thereof
CN107104931A (en) A kind of access control method and platform
CN108092945B (en) Method and device for determining access authority and terminal
US9122889B2 (en) Managing access to class objects in a system utilizing a role-based access control framework
CN106941516A (en) Isomery field apparatus Control management system based on industry internet operating system
CN109040180B (en) Network access control method based on Neutron and GBP, storage medium and electronic equipment
CN102571815B (en) A kind of method of e-procurement privately owned cloud integrating ERP authenticating user identification
CN103139159A (en) Safety communication among virtual machines in cloud computing framework
CN108984160A (en) Information-based Quick Development Framework and method based on modularization
CN105550590A (en) Role-based access control mechanism
CN111352737A (en) Container cloud computing service platform based on resource pool
CN108021400A (en) Data processing method and device, computer-readable storage medium and equipment
CN107360103A (en) A kind of Operation & Maintenance System and resource regulating method
CN104217146A (en) Access control method based on ABAC (Attribute Based Access Control) and RBAC (Role Based Access Control)
CN107562521A (en) A kind of method for managing resource and device
CN106599718B (en) The control method and device of information access rights
DE102022132069A1 (en) SERVER SUPPORTING SECURITY ACCESS OF A USER'S TERMINAL AND CONTROL METHOD THEREOF
CN105653962B (en) A kind of user role access authorization for resource model management method of object-oriented
CN105049409A (en) Security access control framework under distributed cloud environment and access method thereof
CN106682501A (en) Set-top-box application program management method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170517