CN106682501A - Set-top-box application program management method and system - Google Patents
Set-top-box application program management method and system Download PDFInfo
- Publication number
- CN106682501A CN106682501A CN201611183326.8A CN201611183326A CN106682501A CN 106682501 A CN106682501 A CN 106682501A CN 201611183326 A CN201611183326 A CN 201611183326A CN 106682501 A CN106682501 A CN 106682501A
- Authority
- CN
- China
- Prior art keywords
- application program
- sandbox
- application
- top box
- independent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a set-top-box application program management method and system. Independent sandboxes are established for application programs respectively, all the application programs are put into corresponding sand boxes of all the application programs and operate, and the application programs are managed with the sandbox technology; the sandboxes are isolated, all the application programs can only access resources in the sandboxes of the application programs, resources of other application programs are not accessed, system resources cannot be directly accessed through all the application programs, the stability and the safety of a set-top-box system can be guaranteed accordingly, normal working of a set top box is guaranteed, and inconvenience of using of a user is avoided.
Description
Technical field
The present invention relates to digital TV field, more particularly to a kind of set-top box application procedure management method and system.
Background technology
With the development of technology, Set Top Box is more and more intelligent, and user also improves constantly to the demand of Intelligent set top box, many
Tasking operating system is widely used on Intelligent set top box.
But, current multiple task operating system is increased income, such as linux system, there are many potential safety hazards, using journey
The authority and ability of sequence can significantly affect the stability of set-top-box system operation and safety, strong influence Set Top Box
Normal work, to user using bringing very big inconvenience.
The content of the invention
In view of this, it is necessary to can largely affect set-top-box system to transport for the authority and ability of above-mentioned application program
Row stability and safety, affect Set Top Box normal work problem, there is provided a kind of set-top box application procedure management method and
System.
The present invention provides a kind of set-top box application procedure management method, comprises the steps:
An independent sandbox is created for each application program;
Each application program is put in each self-corresponding sandbox and is run, led to using IPC between each application program
Letter, and each application program is controlled with the operation of non-privileged identity.
In one of which embodiment, it is described the step of create an independent sandbox for each application program also
Including:
According to the demand of each application program, the resource of correspondence sandbox is limited;According to the demand of each application program, limit
The system capability of correspondence sandbox.
In one of which embodiment, the resource for limiting correspondence sandbox is specially:Limit the file letter of sandbox
Breath, progress information, user profile, the network equipment and memory size.
In one of which embodiment, it is described the step of create an independent sandbox for each application program also
Including:
The usage frequency of each application program is counted, is application program one independence of establishment that usage frequency exceedes setting value
Sandbox;
The system resource that each application program takes is counted, is the application program wound that occupying system resources exceed setting ratio
Build an independent sandbox.
The present invention also provides a kind of set-top box application system for managing program, including:
Sandbox creation module, is that each application program creates an independent sandbox;
Application management module, each application program is put in each self-corresponding sandbox and is run, each application program
Between communicated using IPC, and control each application program with non-privileged identity operation.
In one of which embodiment, the sandbox creation module is according to the demand of each application program, and it is right to limit
Answer the resource of sandbox;According to the demand of each application program, the system capability of correspondence sandbox is limited.
In one of which embodiment, the sandbox creation module limits the resource of correspondence sandbox and is specially:Limit
The fileinfo of sandbox, progress information, user profile, the network equipment and memory size.
In one of which embodiment, the sandbox creation module counts the usage frequency of each application program, is
Usage frequency exceedes the application program of setting value and creates an independent sandbox;
The system resource that each application program takes is counted, is the application program wound that occupying system resources exceed setting ratio
Build an independent sandbox.
Set-top box application procedure management method of the present invention and system, are that application program each creates an independent sandbox,
Each application program is put in each self-corresponding sandbox and is run, by being managed to application program using Sandboxing,
By the isolation of sandbox so that each application program can only access the resource in itself sandbox, access less than other application program
Resource, and each application program cannot direct access system resources such that it is able to ensure the stability of set-top-box system
And safety, ensure the normal work of Set Top Box, it is to avoid to user using making troubles.
Description of the drawings
Fig. 1 is the flow chart of the set-top box application procedure management method in one embodiment;
Fig. 2 is the structure chart of the set-top box application system for managing program in one embodiment.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, not
For limiting the present invention.
Fig. 1 is the flow chart of the set-top box application procedure management method in one embodiment, as shown in figure 1, the method bag
Include following steps:
S10:An independent sandbox is created for each application program.
Sandboxing, is a virtual system program, it is allowed to which application program runs in sandbox environment, with independent fortune
Row environment, by the isolation of sandbox so that each application program can only access the resource in itself sandbox, accessing should less than other
With the resource of program, and each application program cannot direct access system resources such that it is able to ensure set-top-box system
Stability and safety, therefore the inventive method is managed using Sandboxing to application program.In this embodiment, for
Each application program, creates an independent sandbox so that each application program has one's own freestanding environment.
In further mode, the step also includes:According to the demand of each application program, the money of correspondence sandbox is limited
Source;According to the demand of each application program, the system capability of correspondence sandbox is limited.Further, the resource of correspondence sandbox is limited
Specially:Limit fileinfo, progress information, user profile, the network equipment and the memory size of sandbox.
Meanwhile, it is the quantity for reducing sandbox, the step also includes:The usage frequency of each application program is counted, is to use
Frequency exceedes the application program of setting value and creates an independent sandbox;
The system resource that each application program takes is counted, is the application program wound that occupying system resources exceed setting ratio
Build an independent sandbox.
S20:Each application program is put in each self-corresponding sandbox and is run, (entered using IPC between each application program
Communicate between journey) communicated, and each application program is controlled with non-privileged identity (non-root user) operation.
It is the normal of safeguards system after corresponding sandbox is created for each application program, each application program is put into
In each self-corresponding sandbox so that each application program independent operating in respective sandbox.To ensure between application program
Communication, is communicated between each application program using IPC.Meanwhile, be further ensure set-top-box system stability and
Safety, control each application program can only be run with non-privileged identity, thus further ensure set-top-box system
Stability and safety.
The set-top box application procedure management method, is that application program each creates an independent sandbox, and each is applied
Program is put in each self-corresponding sandbox and runs, by being managed to application program using Sandboxing, by sandbox
Isolation so that each application program can only access the resource in itself sandbox, accesses the resource less than other application program, and
Each application program cannot direct access system resources such that it is able to ensure stability and the safety of set-top-box system, protect
The normal work of barrier Set Top Box, it is to avoid to user using making troubles.
Meanwhile, the present invention also provides a kind of set-top box application system for managing program, as shown in Fig. 2 the system includes:
Sandbox creation module 100, is that each application program creates an independent sandbox.
Sandboxing, is a virtual system program, it is allowed to which application program runs in sandbox environment, with independent fortune
Row environment, by the isolation of sandbox so that each application program can only access the resource in itself sandbox, accessing should less than other
With the resource of program, and each application program cannot direct access system resources such that it is able to ensure set-top-box system
Stability and safety, therefore present system is managed using Sandboxing to application program.In this embodiment, sandbox
Creation module 100 is directed to each application program, creates an independent sandbox so that each application program has and belongs to
The freestanding environment of oneself.
In further mode, sandbox creation module 100 limits correspondence sandbox according to the demand of each application program
Resource;According to the demand of each application program, the system capability of correspondence sandbox is limited.Further, sandbox creation module 100 is limited
The resource of system correspondence sandbox is specially:Fileinfo, progress information, user profile, the network equipment and the internal memory for limiting sandbox is big
It is little.
Meanwhile, it is the quantity for reducing sandbox, sandbox creation module 100 counts the usage frequency of each application program, to make
The application program for exceeding setting value with frequency creates an independent sandbox;
Sandbox creation module 100 counts the system resource that each application program takes, and is that occupying system resources exceed setting
The application program of ratio creates an independent sandbox.
Application management module 200, each application program is put in each self-corresponding sandbox and is run, and each applies journey
Communicated using IPC (interprocess communication) between sequence, and (non-root is used with non-privileged identity to control each application program
Family) operation.
It is the normal of safeguards system after corresponding sandbox is created for each application program, application management module 200
Each application program is put in each self-corresponding sandbox so that each application program independent operating in respective sandbox.For
Ensure the communication between application program, application management module 200 controls to be led to using IPC between each application program
Letter.Meanwhile, it is stability and the safety for further ensureing set-top-box system, application management module 200 controls each
Application program can only be run with non-privileged identity, thus further ensure stability and the safety of set-top-box system.
The set-top box application system for managing program, sandbox creation module 100 be application program each create one it is independent
Each application program is put in each self-corresponding sandbox and is run by sandbox, application management module 200, by using sandbox skill
Art being managed to application program, by the isolation of sandbox so that each application program can only access the money in itself sandbox
Source, accesses the resource less than other application program, and each application program cannot direct access system resources such that it is able to
Ensure stability and the safety of set-top-box system, ensure the normal work of Set Top Box, it is to avoid to user using making troubles.
The present invention provide set-top box application procedure management method and system, be application program each create one it is independent
Sandbox, each application program is put in each self-corresponding sandbox and is run, by being carried out to application program using Sandboxing
Management, by the isolation of sandbox so that each application program can only access the resource in itself sandbox, accesses less than other application
The resource of program, and each application program cannot direct access system resources such that it is able to ensure the steady of set-top-box system
Qualitative and safety, ensures the normal work of Set Top Box, it is to avoid to user using making troubles.
These are only presently preferred embodiments of the present invention, not to limit the present invention, all spirit in the present invention and
Any modification, equivalent and improvement for being made within principle etc., should be included within the scope of the present invention.
Claims (8)
1. a kind of set-top box application procedure management method, it is characterised in that comprise the steps:
An independent sandbox is created for each application program;
Each application program is put in each self-corresponding sandbox and is run, communicated using IPC between each application program, and
Each application program is controlled with the operation of non-privileged identity.
2. set-top box application procedure management method according to claim 1, it is characterised in that described for each application program
The step of creating an independent sandbox also includes:
According to the demand of each application program, the resource of correspondence sandbox is limited;According to the demand of each application program, correspondence is limited
The system capability of sandbox.
3. set-top box application procedure management method according to claim 2, it is characterised in that the restriction correspondence sandbox
Resource is specially:Limit fileinfo, progress information, user profile, the network equipment and the memory size of sandbox.
4. set-top box application procedure management method according to claim 1, it is characterised in that described for each application program
The step of creating an independent sandbox also includes:
The usage frequency of each application program is counted, is the application program one independent sand of establishment that usage frequency exceedes setting value
Box;
The system resource that each application program takes is counted, is the application program establishment one that occupying system resources exceed setting ratio
Individual independent sandbox.
5. a kind of set-top box application system for managing program, it is characterised in that include:
Sandbox creation module, is that each application program creates an independent sandbox;
Application management module, each application program is put in each self-corresponding sandbox and is run, between each application program
Communicated using IPC, and controlled each application program with the operation of non-privileged identity.
6. set-top box application system for managing program according to claim 5, it is characterised in that the sandbox creation module root
According to the demand of each application program, the resource of correspondence sandbox is limited;According to the demand of each application program, correspondence sandbox is limited
System capability.
7. set-top box application system for managing program according to claim 6, it is characterised in that the sandbox creation module limit
The resource of system correspondence sandbox is specially:Fileinfo, progress information, user profile, the network equipment and the internal memory for limiting sandbox is big
It is little.
8. set-top box application system for managing program according to claim 5, it is characterised in that the sandbox creation module system
The usage frequency of each application program is counted, is application program one independent sandbox of establishment that usage frequency exceedes setting value;
The system resource that each application program takes is counted, is the application program establishment one that occupying system resources exceed setting ratio
Individual independent sandbox.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611183326.8A CN106682501A (en) | 2016-12-20 | 2016-12-20 | Set-top-box application program management method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611183326.8A CN106682501A (en) | 2016-12-20 | 2016-12-20 | Set-top-box application program management method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106682501A true CN106682501A (en) | 2017-05-17 |
Family
ID=58869768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611183326.8A Pending CN106682501A (en) | 2016-12-20 | 2016-12-20 | Set-top-box application program management method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106682501A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108958570A (en) * | 2017-05-22 | 2018-12-07 | 中兴通讯股份有限公司 | Method, apparatus, computer equipment and the computer-readable medium of screen management |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102184356A (en) * | 2011-04-21 | 2011-09-14 | 奇智软件(北京)有限公司 | Method, device and safety browser by utilizing sandbox technology to defend |
US20130139264A1 (en) * | 2011-11-28 | 2013-05-30 | Matthew D. Brinkley | Application sandboxing using a dynamic optimization framework |
CN103514401A (en) * | 2011-04-21 | 2014-01-15 | 北京奇虎科技有限公司 | Method and device for defense by utilization of sandbox technology and security browser |
CN103902380A (en) * | 2012-12-26 | 2014-07-02 | 北京百度网讯科技有限公司 | Method, device and equipment for determining resource distribution through sand box |
CN103970574A (en) * | 2014-05-22 | 2014-08-06 | 北京奇虎科技有限公司 | Office program running method and device and computer system |
CN105138905A (en) * | 2015-08-25 | 2015-12-09 | 中国科学院信息工程研究所 | Isolation operation method for Linux application program |
-
2016
- 2016-12-20 CN CN201611183326.8A patent/CN106682501A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102184356A (en) * | 2011-04-21 | 2011-09-14 | 奇智软件(北京)有限公司 | Method, device and safety browser by utilizing sandbox technology to defend |
CN103514401A (en) * | 2011-04-21 | 2014-01-15 | 北京奇虎科技有限公司 | Method and device for defense by utilization of sandbox technology and security browser |
US20130139264A1 (en) * | 2011-11-28 | 2013-05-30 | Matthew D. Brinkley | Application sandboxing using a dynamic optimization framework |
CN103902380A (en) * | 2012-12-26 | 2014-07-02 | 北京百度网讯科技有限公司 | Method, device and equipment for determining resource distribution through sand box |
CN103970574A (en) * | 2014-05-22 | 2014-08-06 | 北京奇虎科技有限公司 | Office program running method and device and computer system |
CN105138905A (en) * | 2015-08-25 | 2015-12-09 | 中国科学院信息工程研究所 | Isolation operation method for Linux application program |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108958570A (en) * | 2017-05-22 | 2018-12-07 | 中兴通讯股份有限公司 | Method, apparatus, computer equipment and the computer-readable medium of screen management |
CN108958570B (en) * | 2017-05-22 | 2023-09-26 | 中兴通讯股份有限公司 | Screen management method, device, computer equipment and computer readable medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111935131B (en) | SaaS resource access control method based on resource authority tree | |
CN105872078B (en) | Mixed cloud desktop system and management method | |
CN109067827B (en) | Kubernetes and OpenStack container cloud platform-based multi-tenant construction method, medium and equipment | |
DE112013000395B4 (en) | DEVICE, METHOD AND COMPUTER READABLE STORAGE FOR POLICY ENFORCEMENT IN A COMPUTING ENVIRONMENT | |
CN103984600B (en) | A kind of financial data processing method based on cloud computing | |
CN110472388B (en) | Equipment management and control system and user permission control method thereof | |
CN107104931A (en) | A kind of access control method and platform | |
CN108092945B (en) | Method and device for determining access authority and terminal | |
US9122889B2 (en) | Managing access to class objects in a system utilizing a role-based access control framework | |
CN106941516A (en) | Isomery field apparatus Control management system based on industry internet operating system | |
CN109040180B (en) | Network access control method based on Neutron and GBP, storage medium and electronic equipment | |
CN102571815B (en) | A kind of method of e-procurement privately owned cloud integrating ERP authenticating user identification | |
CN103139159A (en) | Safety communication among virtual machines in cloud computing framework | |
CN108984160A (en) | Information-based Quick Development Framework and method based on modularization | |
CN105550590A (en) | Role-based access control mechanism | |
CN111352737A (en) | Container cloud computing service platform based on resource pool | |
CN108021400A (en) | Data processing method and device, computer-readable storage medium and equipment | |
CN107360103A (en) | A kind of Operation & Maintenance System and resource regulating method | |
CN104217146A (en) | Access control method based on ABAC (Attribute Based Access Control) and RBAC (Role Based Access Control) | |
CN107562521A (en) | A kind of method for managing resource and device | |
CN106599718B (en) | The control method and device of information access rights | |
DE102022132069A1 (en) | SERVER SUPPORTING SECURITY ACCESS OF A USER'S TERMINAL AND CONTROL METHOD THEREOF | |
CN105653962B (en) | A kind of user role access authorization for resource model management method of object-oriented | |
CN105049409A (en) | Security access control framework under distributed cloud environment and access method thereof | |
CN106682501A (en) | Set-top-box application program management method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170517 |