CN110941812B - Privileged function calling method and system - Google Patents
Privileged function calling method and system Download PDFInfo
- Publication number
- CN110941812B CN110941812B CN201911013623.1A CN201911013623A CN110941812B CN 110941812 B CN110941812 B CN 110941812B CN 201911013623 A CN201911013623 A CN 201911013623A CN 110941812 B CN110941812 B CN 110941812B
- Authority
- CN
- China
- Prior art keywords
- agentservice
- service
- client application
- application
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a privilege function calling method and system. The method comprises the following steps: the client application acquires AgentService service during running; sending a privilege function calling request to the AgentService service; the AgentService service transfers the privilege function calling request to a SettingProvider; the SettingsProvider performs the privileged function. The invention realizes the calling of the privilege function by the common application, reduces the possibility of the failure of the application function, and can flexibly authorize and manage the authority of the calling of the privilege function in the application running stage.
Description
Technical Field
The invention relates to the technical field of android software development, in particular to a privileged function calling method and system.
Background
The Android (Android) system is an operating system widely applied to devices such as mobile phones, televisions and set top boxes. In the android system, application software usually determines whether a privileged function can be called at the time of compilation, a privileged application having a calling privileged function has "shareduserld" system "and can modify a setting item of the system, install other applications without an interface, and the like, and a general application does not have" shareduserld "system" and cannot perform these privileged function calling operations. Therefore, the privileged function call authority of the application software can only be set during compiling and cannot be adjusted according to the actual situation in the software using process. Moreover, when a pre-installed application with shareduserld is running, the uid of the process will be 1000, and other processes with shareduserld will also be 1000, that is, there will be multiple application processes with uid 1000, however, some functions such as AudioConfig will use the value of uid as a key, and thus the function cannot correspond to a specific App, resulting in application running failure.
Disclosure of Invention
The invention aims to provide a privileged function calling scheme, realizes the calling of the privileged function of the application by AgentService and at least solves one of the technical problems in the prior art or the related technology.
To this end, according to a first aspect of the present invention, there is provided a privileged function call method comprising:
the client application acquires AgentService service during running;
sending a privilege function calling request to the AgentService service;
the AgentService service transfers the privilege function calling request to a SettingProvider;
the SettingsProvider performs the privileged function.
Further, the AgentService service is started in the starting process of the Android system and is registered as the system service.
Further, the client application acquires the AgentService service through a servicemanager.
Further, the client application sends a privileged function call request to the AgentService service through an AIDL interface.
Further, the transferring the privileged function call request from the AgentService service to the settingprovider includes:
and the AgentService service checks the authority of the client application, and if the client application passes the check, the AgentService service sends the calling request to the SettingProvider.
Further, the SettingsProvider completing the privileged function includes:
and the SettingProvider checks the authority of the AgentService service, and if the check is passed, the privileged function is executed.
Further, the AgentService service checking the authority of the client application includes:
checking whether the client application is a pre-installed application and/or whether a Permission attribute of the client application is satisfied.
According to a second aspect of the present invention, there is provided a privileged function call system comprising:
the system comprises a first unit, a second unit and a third unit, wherein the first unit is used for providing client application, acquiring AgentService service during operation and sending a privileged function call request to the AgentService service;
the second unit is used for providing AgentService service and transferring the privilege function calling request to the settingSerrovider;
and the third unit is used for providing a SettingProvider to execute the privileged function.
Further, the AgentService service is started in the starting process of the Android system and is registered as the system service.
Further, the second unit is further configured to check the authority of the client application, and if the check is passed, send the invocation request to the settingprovider; and/or
The third unit is further configured to check the authorization of the AgentService service, and if the authorization passes, execute the privileged function.
According to the invention, the AgentService system service is set in the Android system, and the calling of the privilege function is transferred when the client application runs, so that the calling of the privilege function by the common application is realized; the application does not need to use shared UserId, and can be allocated with an independent uid, so that the application function is prevented from being in fault; the authority for acquiring the authority by the AgentService service can be flexibly authorized and managed in the application running stage.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flow diagram of a privileged function call method according to the present invention;
FIG. 2 is a framework diagram of a privileged function call system according to the present invention;
FIG. 3 is a diagram illustrating a privileged function call flow according to one embodiment of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Fig. 1 shows a flow of a privileged function call method according to the present invention, comprising the following steps:
s11, the client application acquires AgentService service during operation.
The client application is an application in an Android system and can be compiled into a common application or a privileged application. The AgentService service is started in the starting process of the Android system and is registered as a system service.
Specifically, the client application acquires the AgentService service through servicemanager.
And S12, sending a privileged function calling request to the AgentService service.
And the client application sends a privileged function call request to the AgentService service through an AIDL interface.
And S13, transferring the privilege function calling request to the SettingProvider by the AgentService service.
Specifically, the AgentService service checks the authority of a client application, for example, whether the client application is a pre-installed application; and/or whether the Permission attribute of the client application is satisfied, if the check is passed, sending a call request to the settingprovider.
S14, the SettingProvider executes the privileged function.
Specifically, the SettingsProvider checks the authority of the AgentService service, and if the check is passed, the privileged function is executed.
According to the method, the privilege function can be called by common application, and Android application does not need to use shared UserId and can be allocated with independent uid, so that the application function is prevented from being in fault; the authority of the application does not need to be determined in the compiling period, and the authority of the privileged function calling can be flexibly authorized and managed in the running stage of the application.
Fig. 2 shows an architecture of a privileged function call system 20 according to the present invention, where the system 20 is disposed in an Android system and includes a first unit 21, a second unit 22 and a third unit 23.
The first unit 21 is used for providing a client application, which may be any App used by a user on a terminal installed with an Android system, such as WeChat, Taobao, a browser, and the like. When the client application runs, it acquires the AgentService service in the second unit 22 and sends a privileged function call request to the AgentService service.
The second unit 22 is used to provide an AgentService service, which is optionally started during Android system boot and registered as a system service, with a "shareduserld". When the AgentService service in the second unit 22 receives the privileged function call request of the client application, the AgentService service transfers the privileged function call request to the SettingsProvider in the third unit 23. Optionally, before the transit, the AgentService service in the second unit 22 further checks the authority of the client application, for example, whether the client application is a pre-installed application and/or whether the Permission attribute of the client application is satisfied, and if the check is passed, sends the invocation request to the settingprovider.
The third unit 23 is configured to provide a settingprovider, which is a specific executor of the privileged function, and is configured to receive the privileged function call request and execute the corresponding privileged function. Optionally, before executing the privileged function, the SettingsProvider in the third unit 23 further checks the authority of the AgentService service, and if the check is passed, the privileged function is executed.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described system may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
To further illustrate the present invention, fig. 3 shows a privileged function call flow according to a specific embodiment of the present invention, including:
s31, starting AgentService instantiation: and starting an AgentService service in the Android system starting process, wherein the AgentService service has sharedUserID ═ system'.
And S32, registering AgentService as a system service through ServiceManageradd ('agent', agent Service).
S33, application (App1) instantiation. This step may be performed in parallel with steps S31, S32.
S34, acquiring AgentService: the process of the client application, when executed, obtains the AgentService service through servicemanager.
S35, App1 initiates a privilege call: the client application issues privileged function call requests through the AIDL interface, such as: setting a system setting item, such as setting screen mode: mmainapp. mlsysteservice. title ('screen _ mode', 1), the example code from the signal source application sets a system setting item named 'screen _ mode', with a new value of 1 representing a full screen and a value of 0 representing a small screen.
S36, AgentService service checking authority: after receiving the call request, the AgentService service checks whether the Permission attribute of the client application App1 is satisfied, if so, the check is passed, and the step S37 is entered, and if not, the check is failed, and the privilege function call failure is fed back to the client application.
S37, the AgentService service executes the privilege function call: the AgentService service sends a call request to the SettingProvider.
S38, the SettingProvider checks whether AgentService has the privilege function call authority: since the AgentService service has sharedUserID ═ system', and meets the authority requirement, the process proceeds to step S39; if the check fails, the privileged function call fails.
S39, SettingProvider executes privilege function, such as completing setting system setting item. Optionally, the system setting items further include android, SETTINGS, input _ METHOD _ SETTINGS, android, SETTINGS, hard _ keybackexpected _ SETTINGS, bluetooth _ discovery _ timeout, and the like.
Therefore, the AgentService system service is set when the Android system is started, if the privilege function needs to be called when the client application runs, the AgentService service sends a privilege function calling request to the AgentService service, the AgentService service transfers the request, the calling of the privilege function by the common application is realized, the client application can be distributed with an independent uid, the application function is prevented from being in fault, and the privilege function calling authority can be flexibly authorized and managed in the application running stage through the setting of the AgentService service, for example, the privilege function calling authority of the application is opened or closed through the change of the Permission of the specific application.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (3)
1. A privileged function call method comprising:
the method comprises the steps that a client application obtains AgentService service during running, wherein the client application is an application in an Android system;
sending a privilege function calling request to the AgentService service;
the AgentService service transfers the privilege function calling request to a SettingProvider;
said SettingsProvider performs said privileged function;
starting the AgentService service in the starting process of the Android system, and registering the AgentService service as system service;
the client application sends a privileged function call request to the AgentService service through an AIDL interface;
wherein the transferring the privileged function call request from the AgentService to the SettingProvider by the AgentService service comprises:
the AgentService service checks the authority of the client application, and if the client application passes the check, the AgentService service sends the calling request to the SettingProvider;
the AgentService service checking the authority of the client application comprises the following steps:
checking whether the client application is a pre-installed application and/or a Permission attribute of the client application is satisfied;
the SettingsProvider completing the privileged function comprises:
and the SettingProvider checks the authority of the AgentService service, and if the check is passed, the privileged function is executed.
2. The method of claim 1, wherein the AgentService service is obtained by the client application through a ServiceManagergetService.
3. A privileged function call system, comprising:
the system comprises a first unit, a second unit and a third unit, wherein the first unit is used for providing client application, acquiring AgentService service during operation and sending a privilege function calling request to the AgentService service, and the client application is an application in an Android system;
the second unit is used for providing AgentService service and transferring the privilege function calling request to the settingSerrovider;
a third unit, configured to provide a settingprovider, and execute the privileged function;
starting the AgentService service in the starting process of the Android system, and registering the AgentService service as system service;
the client application sends a privileged function call request to the AgentService service through an AIDL interface;
the second unit is further configured to check the authority of the client application, and if the check is passed, send the invocation request to the settingprovider; the checking the right of the client application includes:
checking whether the client application is a pre-installed application and/or a Permission attribute of the client application is satisfied;
the third unit is further configured to check the authorization of the AgentService service, and if the authorization passes, execute the privileged function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911013623.1A CN110941812B (en) | 2019-10-23 | 2019-10-23 | Privileged function calling method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911013623.1A CN110941812B (en) | 2019-10-23 | 2019-10-23 | Privileged function calling method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110941812A CN110941812A (en) | 2020-03-31 |
| CN110941812B true CN110941812B (en) | 2022-07-12 |
Family
ID=69906160
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911013623.1A Active CN110941812B (en) | 2019-10-23 | 2019-10-23 | Privileged function calling method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110941812B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103617380A (en) * | 2013-11-28 | 2014-03-05 | 北京邮电大学 | Application program authority dynamic control method and system |
| CN105426754A (en) * | 2015-11-13 | 2016-03-23 | 上海斐讯数据通信技术有限公司 | Permission management method and permission management system |
| CN105956424A (en) * | 2016-04-25 | 2016-09-21 | 中山市天启智能科技有限公司 | APK installation right control method |
| CN108182121A (en) * | 2017-12-29 | 2018-06-19 | 广州小鹏汽车科技有限公司 | In a kind of Android control large-size screen monitors system module between communication means and system |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7092986B2 (en) * | 2002-02-07 | 2006-08-15 | Institute For Information Industry | Transparent mobile IPv6 agent |
| US8473753B2 (en) * | 2010-09-15 | 2013-06-25 | International Business Machines Corporation | Real-time secure self-acquiring root authority |
| CN106528056A (en) * | 2015-09-09 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Control method and device for system function |
| CN105718809A (en) * | 2016-01-15 | 2016-06-29 | 珠海格力电器股份有限公司 | Mobile communication terminal, data security monitoring method and device thereof |
| CN106503577A (en) * | 2016-09-28 | 2017-03-15 | 乐视控股(北京)有限公司 | A kind of System right management method, device and corresponding equipment |
| CN107153792B (en) * | 2017-04-06 | 2020-07-24 | 北京安云世纪科技有限公司 | Data security processing method and device and mobile terminal |
| CN109033802B (en) * | 2018-08-10 | 2020-08-28 | 武汉普利商用机器有限公司 | Method and device for achieving system permission acquisition of unauthorized android application |
-
2019
- 2019-10-23 CN CN201911013623.1A patent/CN110941812B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103617380A (en) * | 2013-11-28 | 2014-03-05 | 北京邮电大学 | Application program authority dynamic control method and system |
| CN105426754A (en) * | 2015-11-13 | 2016-03-23 | 上海斐讯数据通信技术有限公司 | Permission management method and permission management system |
| CN105956424A (en) * | 2016-04-25 | 2016-09-21 | 中山市天启智能科技有限公司 | APK installation right control method |
| CN108182121A (en) * | 2017-12-29 | 2018-06-19 | 广州小鹏汽车科技有限公司 | In a kind of Android control large-size screen monitors system module between communication means and system |
Non-Patent Citations (1)
| Title |
|---|
| 路晔绵 等.Android Settings机制应用安全性分析与评估.《计算机研究与发展》.2016,第53卷(第10期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110941812A (en) | 2020-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2001244194B2 (en) | Mobile code and method for resource management for mobile code | |
| US7379918B2 (en) | Method and system for single reactivation of software product licenses | |
| CN101196974B (en) | Method and system for auto-configuratoin of software application program | |
| US20040127190A1 (en) | Security access manager in middleware | |
| US20060200814A1 (en) | Software distribution with activation control | |
| US20050050315A1 (en) | Selectively authorizing software functionality after installation of the software | |
| JP2001522115A (en) | Method and apparatus for implementing an extensible authentication mechanism in a web application server | |
| WO2018052914A1 (en) | Deployment of applications conforming to application data sharing and decision service platform schema | |
| CN103617380A (en) | Application program authority dynamic control method and system | |
| CN105159788A (en) | Method and system for dynamic resource sharing between Android applications | |
| IL157959A (en) | Dynamically downloading and executing system services on a wireless device | |
| CN102955915B (en) | A kind of Java application safety access control method and device thereof | |
| EP3584732B1 (en) | Application management method for terminal, application server and terminal | |
| CN111526111A (en) | Control method, device and equipment for logging in light application and computer storage medium | |
| WO2020024989A1 (en) | Widget screen loading method, apparatus, terminal, and computer readable storage medium | |
| US20230061228A1 (en) | Managing shared applications at the edge of a content delivery network | |
| CN101963913B (en) | Method for online evolution of component based on transactions | |
| CN110941812B (en) | Privileged function calling method and system | |
| US8086843B2 (en) | Performing cryptographic provider failover | |
| CN111367684A (en) | Method and device for filtering remote procedure call | |
| CN109992298B (en) | Examination and approval platform expansion method and device, examination and approval platform and readable storage medium | |
| EP3396541A1 (en) | Method for managing execution of an operating system in a device | |
| US10698703B2 (en) | Mobile application management by run-time insertion of a substitute application class loader into a mobile application process | |
| WO2023168913A1 (en) | Method and apparatus for compatibility of sdk with access application, device and medium | |
| KR20220023963A (en) | Remote management of user devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |