CN107194254B - Television terminal, Java reflection control method and computer-readable storage medium - Google Patents
Television terminal, Java reflection control method and computer-readable storage medium Download PDFInfo
- Publication number
- CN107194254B CN107194254B CN201710381694.1A CN201710381694A CN107194254B CN 107194254 B CN107194254 B CN 107194254B CN 201710381694 A CN201710381694 A CN 201710381694A CN 107194254 B CN107194254 B CN 107194254B
- Authority
- CN
- China
- Prior art keywords
- reflection
- java reflection
- java
- class
- attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
- G06F8/24—Object-oriented
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a Java reflection control method, which comprises the following steps: when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request; determining the attribute of the Java reflection self-defined static method allowReclect; when the attribute is the allowable reflection, executing the Java reflection; and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error. The invention also discloses a television terminal and a computer readable storage medium. The invention avoids the private data from being accessed, and improves the safety of the user data.
Description
Technical Field
The invention relates to the technical field of electronic equipment, in particular to a television terminal, a Java reflection control method and a computer readable storage medium.
Background
With the increasing of Android products, friendly operation interfaces, abundant expansion applications and open source properties of the Android products are reasons that the Android system is far away from other systems in the market occupancy rate of the intelligent equipment at present.
Various apks (Android application programs) are developed endlessly, and the ecological circle is prosperous and prosperous. Since the Android system is open source, application manufacturers understand the Android source code more deeply, and a lot of apks use java reflection technology. The Java reflection means that in a Java runtime environment, for any class, it can know what properties and methods exist in the class, and for any object, it can call any method of the class. The function of this method of dynamically acquiring information of classes and dynamically calling objects comes from the Reflection (Reflection) mechanism of the Java language.
Java reflection provides programmers with a lot of convenience, increasing the flexibility of the program, such as abstract factory patterns, Spring framework. But also destroys the encapsulation of Java, and the reflective system api destroys the security of the Android system, reads and modifies the private data of the system, and the like, so that the data security is poor.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a television terminal, a Java reflection control method and a computer readable storage medium, and aims to solve the technical problems that the packaging performance of Java is damaged by Java reflection, the safety of an Android system is damaged by a reflection system api, private data of the system is read and modified, and the data safety is poor.
In order to achieve the above object, the present invention provides a Java reflection control method, including the steps of:
when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request;
determining the attribute of the Java reflection self-defined static method allowReclect;
when the attribute is the allowable reflection, executing the Java reflection;
and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
Preferably, after the step of determining the attribute of the Java reflection custom static method allowRelect, the method further includes:
when the attribute is rejection reflection, determining a class required to be reflected by the Java reflection;
judging whether the class required to be reflected by the Java reflection is in a class list forbidden to be reflected or not;
if yes, rejecting the Java reflection and reporting an error;
and if not, executing the Java reflection.
Preferably, the method further comprises:
setting a custom static method allowRelect in the reflected entry class, and setting a forbidden class list disableClasNameList;
and adding a self-defined static method allowRelectFlag and judgment of a forbidden reflection Class list disableClasName into a forName method of a Class module.
Preferably, before the step of adding the self-defined static method allowrectflag and the judgment of the forbidden reflection Class list disableclassname to the forName method of the Class module, the method further includes:
determining a class corresponding to hidden data in a system;
the determined class is constructed as a list of reflection-forbidden classes disableClasNameList.
Preferably, after the step of determining whether the class required to be reflected by the Java reflection is in the list of classes prohibited from reflecting, the method further includes:
when the class required to be reflected by the Java reflection is not in the class list for prohibiting reflection, judging whether the access application corresponding to the Java reflection sets the authority or not;
and if the access application does not set the authority, executing the Java reflection.
In addition, to achieve the above object, the present invention also provides a television terminal, including: a memory, a processor, and a Java reflection control program stored on the memory and executable on the processor, the Java reflection control program when executed by the processor implementing the steps of:
when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request;
determining the attribute of the Java reflection self-defined static method allowReclect;
when the attribute is the allowable reflection, executing the Java reflection;
and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
Preferably, after the step of determining the attribute of the Java reflection custom static method allowRelect, the Java reflection control program when executed by the processor implements the following steps:
when the attribute is rejection reflection, determining a class required to be reflected by the Java reflection;
judging whether the class required to be reflected by the Java reflection is in a class list forbidden to be reflected or not;
if yes, rejecting the Java reflection and reporting an error;
and if not, executing the Java reflection.
Preferably, the Java reflection control program when executed by the processor implements the steps of:
setting a custom static method allowRelect in the reflected entry class, and setting a forbidden class list disableClasNameList;
and adding a self-defined static method allowRelectFlag and judgment of a forbidden reflection Class list disableClasName into a forName method of a Class module.
Preferably, before the step of adding the self-defined static method allowrectflag and the step of judging the forbidden reflection Class list in the forName method of the Class module, the following steps are implemented when the Java reflection control program is executed by the processor:
determining a class corresponding to hidden data in a system;
the determined class is constructed as a list of reflection-forbidden classes disableClasNameList.
Preferably, after the step of determining whether the class to be reflected by the Java reflection is in the list of classes in which reflection is prohibited, the Java reflection control program when executed by the processor implements the steps of:
when the class required to be reflected by the Java reflection is not in the class list for prohibiting reflection, judging whether the access application corresponding to the Java reflection sets the authority or not;
and if the access application does not set the authority, executing the Java reflection.
Further, to achieve the above object, the present invention also provides a computer readable storage medium having stored thereon a Java reflection control program which, when executed by a processor, implements the steps of the Java reflection control method as described above.
According to the method, the static method is added to the reflected entry class to judge Java reflection, part of Java reflection related to accessing private data is prevented according to the set judgment, and the technical problems that the current Java reflection damages the encapsulation of Java, the reflection system api damages the safety of an Android system, the private data of the system is read and modified, and the data safety is poor are solved. Private data is prevented from being accessed, and the safety of user data is improved.
Drawings
FIG. 1 is a schematic diagram of a terminal \ device structure of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a Java reflection control method according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating another embodiment of a Java reflection control method according to the present invention;
FIG. 4 is a flowchart illustrating a Java reflection control method according to another embodiment of the present invention;
fig. 5 is a flowchart illustrating Java reflection according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request; determining the attribute of the Java reflection self-defined static method allowReclect; when the attribute is the allowable reflection, executing the Java reflection; and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
The invention provides a solution, which is characterized in that a static method is added through a reflective entry class to judge Java reflection, partial Java reflection related to accessing private data is prevented according to set judgment, and the technical problems that the current Java reflection damages the encapsulation of Java, the reflective system api damages the security of an Android system, the private data of the system is read and modified and the data security is poor are solved. Private data is prevented from being accessed, and the safety of user data is improved.
As shown in fig. 1, fig. 1 is a schematic terminal structure diagram of a hardware operating environment according to an embodiment of the present invention.
The television terminal in the embodiment of the invention realizes the security of the private data in the system and ensures the security of the user data.
As shown in fig. 1, the television terminal may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Optionally, the television terminal may further include a camera, a Radio Frequency (RF) circuit, a sensor, an audio circuit, a WiFi module, and the like. Such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display screen according to the brightness of ambient light, and a proximity sensor that may turn off the display screen and/or the backlight when the mobile terminal is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), detect the magnitude and direction of gravity when the mobile terminal is stationary, and can be used for applications (such as horizontal and vertical screen switching, related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer and tapping) and the like for recognizing the attitude of the mobile terminal; of course, the mobile terminal may also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, a temperature sensor, and a holman sensor, which are not described herein again.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a Java reflection control application.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to invoke a Java reflection control application stored in the memory 1005 and perform the following operations:
when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request;
determining the attribute of the Java reflection self-defined static method allowReclect;
when the attribute is the allowable reflection, executing the Java reflection;
and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
Further, after the step of determining the property of the Java reflection custom static method allowRelect, the processor 1001 may call a Java reflection control application stored in the memory 1005, and further perform the following operations:
when the attribute is rejection reflection, determining a class required to be reflected by the Java reflection;
judging whether the class required to be reflected by the Java reflection is in a class list forbidden to be reflected or not;
if yes, rejecting the Java reflection and reporting an error;
and if not, executing the Java reflection.
Further, the processor 1001 may call the Java reflection control application stored in the memory 1005, and also perform the following operations:
setting a custom static method allowRelect in the reflected entry class, and setting a forbidden class list disableClasNameList;
and adding a self-defined static method allowRelectFlag and judgment of a forbidden reflection Class list disableClasName into a forName method of a Class module.
Further, before the step of adding the self-defined static method allowrectflag and the judgment of the reflection prohibited Class list disable classname to the forName method of the Class module, the processor 1001 may call the Java reflection control application stored in the memory 1005, and further perform the following operations:
determining a class corresponding to hidden data in a system;
the determined class is constructed as a list of reflection-forbidden classes disableClasNameList.
Further, after the step of determining whether the class required to be reflected by the Java reflection is in the list of classes prohibited from reflecting, the processor 1001 may call the Java reflection control application stored in the memory 1005, and further perform the following operations:
when the class required to be reflected by the Java reflection is not in the class list for prohibiting reflection, judging whether the access application corresponding to the Java reflection sets the authority or not;
and if the access application does not set the authority, executing the Java reflection.
Referring to fig. 2, a first embodiment of the present invention provides a Java reflection control method, including:
step S10, when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request;
in an embodiment of the present invention, when an application needs to be updated or an APK needs to be updated, a system automatically sends an instruction or a user clicks a virtual button to initiate an update instruction, when an update is performed, a Java reflection mechanism is required to find corresponding interface access data, and a corresponding Java reflection request is sent out, and when a television terminal or its system receives the Java reflection request, a Java reflection corresponding to the Java reflection request is determined, for example, a system interface to which the Java reflection points is determined. The Java reflection request may also be issued by an application.
Step S20, determining the attribute of the Java reflection custom static method allowReclect;
setting a static variable in an entry class of reflection in advance, wherein the attribute of the static variable indicates whether the Java reflection is allowed, and when the attribute of allowReclect, namely allowReclectFlag is false, the attribute indicates that the Java reflection is not allowed; when allowRelectFlag is greater than tube, it indicates that Java reflection is allowed. The class set not to allow Java reflection relates to access to private data, and is thus set to have a false attribute value. The method can also be freely set according to the requirements of users, and partial Java reflection is prevented through setting, so that not all the reflections can be successfully executed.
Step S30, when the attribute is allowable reflection, executing the Java reflection;
and step S40, if the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
When the attribute is an allowed reflection, namely when a variable is true, executing the Java reflection; when the variable is false, the Java reflection is rejected and an error is reported, and the Java reflection cannot be executed.
Specifically, the process of executing Java reflection control through the attribute of allowRelect includes:
adding a static variable into a reflected entrance class, namely libcore/libart/src/main/java/java/lang/class.java; a prave static Boolean refleflectflag is false; entering a static method public static void allowReflect (boroean flag) { allowReflectFlag ═ flag; }; allowReflectFlag is set by the allowReflect method, the default value is false, and the user can set the value as required, for example, change to true.
In this embodiment, a static method is added to the reflected entry class to determine Java reflection, and part of Java reflection related to accessing private data is prevented according to the set determination, so that the technical problems that at present, Java encapsulation is damaged by Java reflection, security of an Android system is damaged by a reflection system api, private data of the system is read and modified, and data security is poor are solved. Private data is prevented from being accessed, and the safety of user data is improved.
Further, referring to fig. 3, a second embodiment of the present invention provides a Java reflection control method, where after the step of determining an attribute of the Java reflection custom static method allowRelect, the method further includes:
step S50, when the attribute is rejection reflection, determining the class required by the Java reflection;
step S60, judging whether the class required to be reflected by the Java reflection is in a class list for prohibiting reflection;
step S70, if yes, rejecting the Java reflection and reporting an error;
and step S80, if not, executing the Java reflection.
In this embodiment, a list of reflection-prohibited classes is added through an entry class of a reflection class, that is, a list of reflection-prohibited classes is set again on the basis of setting an attribute of allowRelect, so as to prevent Java reflection of some classes. Adding a list of reflection-prohibited classes (extensible), the Java class list construction comprising: setting a forbidden ClasNameList of the forbidden reflection, and determining a class corresponding to the hidden data in the system; the determined class is constructed as a list of reflection-forbidden classes disableClasNameList. The class list may include a class name as a main component, or may include other information related to the class, for example, information such as a class identifier and a class type, and reflection prohibition is performed according to the class type.
Android
stringdisableclassnameList [ ] { "android. app. activityManager" }; in connection with the embodiment in fig. 2, the following judgment is added to the forName method in Class to prevent reflections:
if(allowReflectFlag=false){
for(string disableclassName:disableclassNameList){
if(className!=null&&className.equals(disableclassName)){
throw new NosuchMethodException(“The reflection of this class is disabled”);}
}
}
and when the attribute of the allowRelect is in the future, continuing to judge the Java class list, and when the Java reflection is in the Java class list, preventing the Java reflection, and when the Java reflection is not in the Java reflection class list, executing the Java reflection.
In the embodiment, a list of the Class prohibited from reflection is added to the entry Class of reflection by a forName method of Class, and Java reflection is controlled by combining the attribute of allowRelect, so that the accuracy of Java reflection control is further improved, and the security of user data is further improved by controlling multiple layers of Java reflection.
Further, referring to fig. 4, a third embodiment of the present invention provides a Java reflection control method, where after the step of determining whether a class that needs to be reflected by Java reflection is in a list of classes that are prohibited from being reflected, the method further includes:
step S90, when the class required to be reflected by the Java reflection is not in the list of the class forbidden to be reflected, judging whether the access application corresponding to the Java reflection sets the authority or not;
step S100, if the access application does not set the authority, executing the Java reflection.
In this embodiment, in some scenarios, in order to set an allowReflect attribute and a class that is not in a class list for prohibiting reflection, a user may also need to prohibit reflection, and an authority may be set for the user, and when the user is not in the class list for prohibiting reflection, whether an access application corresponding to the Java reflection sets an authority is determined; if the access application does not set the authority, executing the Java reflection; if the authority is set, the Java reflection is prohibited and an error is reported. The setting authority can be setting identification or classifying and the like. By setting the authority, data which some users do not want others to see is prevented from being accessed, and the safety of user data and the reasonability of Java reflection are further improved.
For better describing the embodiment of the present invention, the process of Java reflection includes:
s101, an application program; s102, reflecting by using a Class forName method; s103, whether allowReflectFlag equals true? If yes, executing S104, otherwise, executing S105; s104, successfully reflecting; s105, whether the class name of the reflection is allowed? If yes, S104 is executed, if not, S106 and S106 are executed, reflection is forbidden, and abnormality is thrown out. allowReflectFlag is set by allowReflect method, and default value is false. The system will intercept classes defined in disableClassNameList by default. The application cannot reflect classes predefined in the list. Applications customized by Android system vendors may bypass this limitation through the allowReflect (true) method.
In an embodiment, the present invention further provides a television terminal, including: a memory, a processor, and a Java reflection control program stored on the memory and executable on the processor, the Java reflection control program when executed by the processor implementing the steps of:
when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request;
in an embodiment of the present invention, when an application needs to be updated or an APK needs to be updated, a system automatically sends an instruction or a user clicks a virtual button to initiate an update instruction, when an update is performed, a Java reflection mechanism is required to find corresponding interface access data, and a corresponding Java reflection request is sent out, and when a television terminal or its system receives the Java reflection request, a Java reflection corresponding to the Java reflection request is determined, for example, a system interface to which the Java reflection points is determined. The Java reflection request may also be issued by an application.
Determining the attribute of the Java reflection self-defined static method allowReclect;
setting a static variable in an entry class of reflection in advance, wherein the attribute of the static variable indicates whether the Java reflection is allowed, and when the attribute of allowReclect, namely allowReclectFlag is false, the attribute indicates that the Java reflection is not allowed; when allowRelectFlag is greater than tube, it indicates that Java reflection is allowed. The class set not to allow Java reflection relates to access to private data, and is thus set to have a false attribute value. The method can also be freely set according to the requirements of users, and partial Java reflection is prevented through setting, so that not all the reflections can be successfully executed.
When the attribute is the allowable reflection, executing the Java reflection;
and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
When the attribute is an allowed reflection, namely when a variable is true, executing the Java reflection; when the variable is false, the Java reflection is rejected and an error is reported, and the Java reflection cannot be executed.
Specifically, the process of executing Java reflection control through the attribute of allowRelect includes:
adding a static variable into a reflected entrance class, namely libcore/libart/src/main/java/java/lang/class.java; a prave static Boolean refleflectflag is false; entering a static method public static void allowReflect (boroean flag) { allowReflectFlag ═ flag; }; allowReflectFlag is set by the allowReflect method, the default value is false, and the user can set the value as required, for example, change to true.
In this embodiment, a static method is added to the reflected entry class to determine Java reflection, and part of Java reflection related to accessing private data is prevented according to the set determination, so that the technical problems that at present, Java encapsulation is damaged by Java reflection, security of an Android system is damaged by a reflection system api, private data of the system is read and modified, and data security is poor are solved. Private data is prevented from being accessed, and the safety of user data is improved.
Further, after the step of determining the attribute of the Java reflection custom static method allowRelect, when executed by the processor, the Java reflection control program implements the following steps:
when the attribute is rejection reflection, determining a class required to be reflected by the Java reflection;
judging whether the class required to be reflected by the Java reflection is in a class list forbidden to be reflected or not;
if yes, rejecting the Java reflection and reporting an error;
and if not, executing the Java reflection.
In this embodiment, a list of reflection-prohibited classes is added through an entry class of a reflection class, that is, a list of reflection-prohibited classes is set again on the basis of setting an attribute of allowRelect, so as to prevent Java reflection of some classes. Adding a list of reflection-prohibited classes (extensible), the Java class list construction comprising: setting a forbidden ClasNameList of the forbidden reflection, and determining a class corresponding to the hidden data in the system; the determined class is constructed as a list of reflection-forbidden classes disableClasNameList. The class list may include a class name as a main component, or may include other information related to the class, for example, information such as a class identifier and a class type, and reflection prohibition is performed according to the class type.
Android
stringdisableclassnameList [ ] { "android. app. activityManager" }; in connection with the embodiment in fig. 2, the following judgment is added to the forName method in Class to prevent reflections:
if(allowReflectFlag=false){
for(string disableclassName:disableclassNameList){
if(className!=null&&className.equals(disableclassName)){
throw new NosuchMethodException(“The reflection of this class is disabled”);}
}
}
and when the attribute of the allowRelect is in the future, continuing to judge the Java class list, and when the Java reflection is in the Java class list, preventing the Java reflection, and when the Java reflection is not in the Java reflection class list, executing the Java reflection.
In the embodiment, a list of the Class prohibited from reflection is added to the entry Class of reflection by a forName method of Class, and Java reflection is controlled by combining the attribute of allowRelect, so that the accuracy of Java reflection control is further improved, and the security of user data is further improved by controlling multiple layers of Java reflection.
Further, after the step of determining whether the class to be reflected by the Java reflection is in the list of classes in which reflection is prohibited, the Java reflection control program when executed by the processor implements the steps of:
when the class required to be reflected by the Java reflection is not in the class list for prohibiting reflection, judging whether the access application corresponding to the Java reflection sets the authority or not;
and if the access application does not set the authority, executing the Java reflection.
In this embodiment, in some scenarios, in order to set an allowReflect attribute and a class that is not in a class list for prohibiting reflection, a user may also need to prohibit reflection, and an authority may be set for the user, and when the user is not in the class list for prohibiting reflection, whether an access application corresponding to the Java reflection sets an authority is determined; if the access application does not set the authority, executing the Java reflection; if the authority is set, the Java reflection is prohibited and an error is reported. The setting authority can be setting identification or classifying and the like. By setting the authority, data which some users do not want others to see is prevented from being accessed, and the safety of user data and the reasonability of Java reflection are further improved.
Furthermore, an embodiment of the present invention further provides a computer-readable storage medium, where a Java reflection control program is stored on the computer-readable storage medium, and when executed by a processor, the Java reflection control program implements the following operations:
when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request;
determining the attribute of the Java reflection self-defined static method allowReclect;
when the attribute is the allowable reflection, executing the Java reflection;
and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
Further, after the step of determining the attribute of the Java reflection custom static method allowRelect, when executed by a processor, the Java reflection control program implements the following operations:
when the attribute is rejection reflection, determining a class required to be reflected by the Java reflection;
judging whether the class required to be reflected by the Java reflection is in a class list forbidden to be reflected or not;
if yes, rejecting the Java reflection and reporting an error;
and if not, executing the Java reflection.
Further, the Java reflection control program, when executed by the processor, implements the following operations:
setting a custom static method allowRelect in the reflected entry class, and setting a forbidden class list disableClasNameList;
and adding a self-defined static method allowRelectFlag and judgment of a forbidden reflection Class list disableClasName into a forName method of a Class module.
Further, before the step of adding the self-defined static method allowRelectFlag and the judgment of the forbidden reflection Class list disableClasName to the forName method of the Class module, the Java reflection control program is executed by the processor to implement the following operations:
determining a class corresponding to hidden data in a system;
the determined class is constructed as a list of reflection-forbidden classes disableClasNameList.
Further, after the step of determining whether the class required to be reflected by the Java reflection is in the list of classes prohibited from reflecting, the Java reflection control program when executed by the processor implements the following operations:
when the class required to be reflected by the Java reflection is not in the class list for prohibiting reflection, judging whether the access application corresponding to the Java reflection sets the authority or not;
and if the access application does not set the authority, executing the Java reflection.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, a television, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (11)
1. A Java reflection control method is characterized by comprising the following steps:
when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request;
determining the attribute of the Java reflection custom static method allowRelect, wherein the attribute of the custom static method allowRelect indicates whether the Java reflection is allowed or not, wherein,
when the property allowRelectFlag of the allowRelect is false, it indicates that Java reflection is not allowed; when allowRelectFlag is true, it indicates that Java reflection is allowed;
when the attribute is the allowable reflection, executing the Java reflection;
and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
2. The Java reflection control method of claim 1, wherein the step of determining the attributes of the Java reflection custom static method allowRelect is followed by further comprising:
when the attribute is rejection reflection, determining a class required to be reflected by the Java reflection;
judging whether the class required to be reflected by the Java reflection is in a class list forbidden to be reflected or not;
if yes, rejecting the Java reflection and reporting an error;
and if not, executing the Java reflection.
3. The Java reflection control method as recited in claim 2, further comprising:
setting a custom static method allowRelect in the reflected entry class, and setting a forbidden class list disableClasNameList;
and adding a self-defined static method allowRelectFlag and judgment of a forbidden reflection Class list disableClasName into a forName method of a Class module.
4. The Java reflection control method according to claim 3, wherein before the step of adding the self-defined static method allowrectflag and the judgment of the reflection prohibited Class list disableclassname to the forName method of the Class module, the method further comprises:
determining a class corresponding to hidden data in a system;
the determined class is constructed as a list of reflection-forbidden classes disableClasNameList.
5. The Java reflection control method according to claim 2, wherein said step of determining whether the class to which reflection is required for the Java reflection is in the list of reflection-prohibited classes further comprises:
when the class required to be reflected by the Java reflection is not in the class list for prohibiting reflection, judging whether the access application corresponding to the Java reflection sets the authority or not;
and if the access application does not set the authority, executing the Java reflection.
6. A television terminal, characterized in that the television terminal comprises: a memory, a processor, and a Java reflection control program stored on the memory and executable on the processor, the Java reflection control program when executed by the processor implementing the steps of:
when a Java reflection request is received, determining a Java reflection corresponding to the Java reflection request;
determining the attribute of the Java reflection custom static method allowRelect, wherein the attribute of the custom static method allowRelect indicates whether the Java reflection is allowed or not, wherein,
when the property allowRelectFlag of the allowRelect is false, it indicates that Java reflection is not allowed; when allowRelectFlag is true, it indicates that Java reflection is allowed;
when the attribute is the allowable reflection, executing the Java reflection;
and when the attribute is rejection reflection, rejecting the Java reflection and reporting an error.
7. The television terminal of claim 6, wherein after the step of determining the attributes of the Java reflection custom static method allowRelect, the Java reflection control program when executed by the processor performs the steps of:
when the attribute is rejection reflection, determining a class required to be reflected by the Java reflection;
judging whether the class required to be reflected by the Java reflection is in a class list forbidden to be reflected or not;
if yes, rejecting the Java reflection and reporting an error;
and if not, executing the Java reflection.
8. The television terminal of claim 7, wherein the Java reflection control program when executed by the processor performs the steps of:
setting a custom static method allowRelect in the reflected entry class, and setting a forbidden class list disableClasNameList;
and adding a self-defined static method allowRelectFlag and judgment of a forbidden reflection Class list disableClasName into a forName method of a Class module.
9. The television terminal according to claim 8, wherein before the step of adding the judgment of the custom static method allowrectflag and the forbidden Class list disableclassname in the forName method of the Class module, the Java reflection control program when executed by the processor implements the steps of:
determining a class corresponding to hidden data in a system;
the determined class is constructed as a list of reflection-forbidden classes disableClasNameList.
10. The television terminal according to claim 7, wherein said step of determining whether the class of the reflection required for the Java reflection is in the list of reflection-prohibited classes is followed by the step of the Java reflection control program when executed by the processor implementing the steps of:
when the class required to be reflected by the Java reflection is not in the class list for prohibiting reflection, judging whether the access application corresponding to the Java reflection sets the authority or not;
and if the access application does not set the authority, executing the Java reflection.
11. A computer-readable storage medium, having a Java reflection control program stored thereon, which when executed by a processor implements the steps of a Java reflection control method as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710381694.1A CN107194254B (en) | 2017-05-25 | 2017-05-25 | Television terminal, Java reflection control method and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710381694.1A CN107194254B (en) | 2017-05-25 | 2017-05-25 | Television terminal, Java reflection control method and computer-readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107194254A CN107194254A (en) | 2017-09-22 |
| CN107194254B true CN107194254B (en) | 2021-06-15 |
Family
ID=59875169
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710381694.1A Active CN107194254B (en) | 2017-05-25 | 2017-05-25 | Television terminal, Java reflection control method and computer-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107194254B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230103992A1 (en) * | 2021-10-06 | 2023-04-06 | Cisco Technology, Inc. | Reflection runtime protection and auditing system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103544016A (en) * | 2013-10-28 | 2014-01-29 | 珠海许继芝电网自动化有限公司 | Service registering configuration method and system based on JAVA reflection technology |
| CN106547564A (en) * | 2016-11-15 | 2017-03-29 | 武汉斗鱼网络科技有限公司 | A kind of Android applications automatic update method and system based on reflex mechanism |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8661264B1 (en) * | 2012-08-17 | 2014-02-25 | International Business Machines Corporation | Security model for actor-based languages and apparatus, methods, and computer programming products using same |
-
2017
- 2017-05-25 CN CN201710381694.1A patent/CN107194254B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103544016A (en) * | 2013-10-28 | 2014-01-29 | 珠海许继芝电网自动化有限公司 | Service registering configuration method and system based on JAVA reflection technology |
| CN106547564A (en) * | 2016-11-15 | 2017-03-29 | 武汉斗鱼网络科技有限公司 | A kind of Android applications automatic update method and system based on reflex mechanism |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107194254A (en) | 2017-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220308941A1 (en) | Sharing extension points to allow an application to share content via a sharing extension | |
| US10354077B2 (en) | Permission control method and electronic device operating the same | |
| KR101560448B1 (en) | Method for invoking application in Screen Lock environment | |
| CN109543400B (en) | Method and equipment for dynamically managing kernel nodes | |
| CN110532764B (en) | Authority processing method, mobile terminal and readable storage medium | |
| KR20180106231A (en) | Electronic device for controlling audio output and operating mehtod thereof | |
| JP2015531500A (en) | Secure firmware update | |
| KR102351203B1 (en) | Method and apparatus for managing access to hardware resources in an electronic device | |
| WO2015183456A1 (en) | Consistent extension points to allow an extension to extend functionality of an application to another application | |
| WO2019095861A1 (en) | Data processing method and apparatus, terminal device and server | |
| KR20180020401A (en) | Method for controlling communication network connection, storage medium and electronic device therefor | |
| US9888070B2 (en) | Brokered advanced pairing | |
| CN107194254B (en) | Television terminal, Java reflection control method and computer-readable storage medium | |
| EP3007470B1 (en) | Performance improvement method in instance hosting environment and service system therefor | |
| CN110502263B (en) | Upgrade package manufacturing method, system and computer readable storage medium | |
| EP3662399B1 (en) | Electronic device and control method thereof | |
| US20060143715A1 (en) | Method and apparatus for providing security policy enforcement | |
| US20230259343A1 (en) | Software library for cloud-based computing environments | |
| CN111552537B (en) | Theme switching method and device, computer equipment and storage medium | |
| CN111026542B (en) | Method and device for displaying overlay icons of application program | |
| KR20090047152A (en) | Mobile terminal based on wireless internet platform for preventing event crash and method for processing event using the same | |
| CN113138763A (en) | Page construction method, device, equipment and computer readable storage medium | |
| CN113918499B (en) | Open interface generation method, network device and computer readable storage medium | |
| CN114595103A (en) | File reading method and device, electronic equipment and readable storage medium | |
| CN117390617A (en) | Authority control method, authority control device, electronic equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |