CN112446023A - Application program right-lifting method, device, equipment and computer readable storage medium - Google Patents
Application program right-lifting method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN112446023A CN112446023A CN202011271478.XA CN202011271478A CN112446023A CN 112446023 A CN112446023 A CN 112446023A CN 202011271478 A CN202011271478 A CN 202011271478A CN 112446023 A CN112446023 A CN 112446023A
- Authority
- CN
- China
- Prior art keywords
- application program
- target application
- matching
- configuration table
- privilege
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an application program right-lifting method, an application program right-lifting device, application program right-lifting equipment and a computer readable storage medium, wherein the method comprises the following steps: after a target application program in the system is started, matching the packet name of the target application program with each packet name in a preset privilege configuration table; if the matching is not successful, performing weight reduction processing on the target application program; and if the matching is successful, maintaining root user permission for the target application program. The method and the device solve the defect that whether the system improves the root right-lifting or not can be detected by the third-party application program through the SU file.
Description
Technical Field
The present invention relates to the field of system security technologies, and in particular, to a method, an apparatus, a device, and a computer-readable storage medium for providing an application program with rights.
Background
The existing privilege escalation method is implemented by an executable file called SU (Switch user). The whole implementation is divided into two parts, namely a server and a client. The server is a root (super user) process, and SU is started through init.rc (boot script) when the computer is booted; the client is a common user (application program), and the SU is started to be connected with the server through Socket communication, so that a root user of the server provides services for the common user of the client. The existing Root privilege escalation method has the following defects: because the right-lifting must have the SU file, the third-party application program can easily judge whether the system provides the Root right-lifting or not by executing or detecting the SU file, and if the SU file is detected, the third-party application program may possibly refuse to provide some core services due to potential safety hazards.
Disclosure of Invention
The invention mainly aims to provide an application program right-lifting method, an application program right-lifting device, application program right-lifting equipment and a computer-readable storage medium, and aims to solve the technical problem that when an SU file needs to exist in the existing right-lifting method, a third-party application program can refuse to provide certain core services due to potential safety hazards when the SU file is detected.
In order to achieve the above object, the present invention provides an application right-granting method, comprising the steps of:
after a target application program in the system is started, matching the packet name of the target application program with each packet name in a preset privilege configuration table;
if the matching is not successful, performing weight reduction processing on the target application program;
and if the matching is successful, maintaining root user permission for the target application program.
Optionally, after the target application in the system is started, the step of matching the packet name of the target application with each packet name in a preset privilege configuration table includes:
after a target application program in the system is started, calling a configuration table plug-in service to match the packet name of the target application program with each packet name in the preset privilege-offering configuration table;
and acquiring a matching result returned by the configuration plug-in service.
Optionally, after the target application in the system is started, before the step of matching the packet name of the target application with each packet name in a preset privilege configuration table, the method further includes:
and before the target application program is started, writing the package name of the target application program into the preset privilege-raising configuration table through a preset private path.
Optionally, the step of performing, if the matching is not successful, a power down process on the target application includes:
if the matching is not successful, calling a setup user identifier setup function to reduce the target application program from root user authority to common user authority.
Optionally, the method further comprises:
detecting whether a switching user SU file exists in a system;
and if so, deleting the SU file.
Optionally, after the target application is started, before the step of matching the packet name of the target application with each packet name in a preset privilege configuration table, the method further includes:
after receiving the request message for starting the target application program, the activity management service (ASM) in the system initiates a process creation request to the zygate process of the incubator, and the target application program process is derived by the zygate process to start the target application program.
Optionally, the method further comprises:
when a deleting instruction is detected, acquiring an application program package name carried in the deleting instruction;
and deleting the application program package name from the preset privilege-offering configuration table.
In order to achieve the above object, the present invention further provides an application right-granting device, including:
the matching module is used for matching the packet names of the target application programs with the packet names in a preset privilege-offering configuration table after the target application programs in the system are started;
the right reducing module is used for carrying out right reducing processing on the target application program if the matching is not successful;
and the maintaining module is used for maintaining the root user authority for the target application program if the matching is successful.
In order to achieve the above object, the present invention further provides an application right granting device, including: the system comprises a memory, a processor and an application program right-giving program which is stored on the memory and can run on the processor, wherein the application program right-giving program realizes the steps of the application program right-giving method when being executed by the processor.
In addition, to achieve the above object, the present invention further provides a computer readable storage medium, on which an application program right granting program is stored, which when executed by a processor implements the steps of the application program right granting method as described above.
In the invention, after the target application program in the system is started, the packet name of the target application program is matched with the packet name in the preset extraction configuration table, if the matching is not successful, the right reduction processing is carried out on the target application program, and if the matching is successful, the root user right is maintained on the target application program, so that the right improvement on the target application program is realized. Compared with the prior art that the application program uses the root user right through the SU file, the invention increases the right-lifting configuration table, when the package name of the application program can be successfully matched in the right-lifting configuration table, the application program is lifted, and the target application program can use the root user right to realize the corresponding function after the right lifting, so that the root user right is not required to be applied through the SU file, the root right lifting of the application program by the system can be realized without configuring the SU file in the system, and the defect that a third-party application program detects whether the system improves the root right lifting or not through the SU file is overcome.
Drawings
FIG. 1 is a schematic diagram of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for providing application program rights according to a first embodiment of the present invention;
FIG. 3 is a flow chart illustrating an application privilege escalation process according to various embodiments of the present invention;
FIG. 4 is a functional block diagram of an application privilege providing apparatus according to a preferred embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The existing system privilege escalation method is to start a Root process as a client and provide Root service for a user in a Socket mode. Because the right-lifting must have the SU file, the third-party application program can easily judge whether the system provides the Root right-lifting or not by executing or detecting the SU file, and if the SU file is detected, the third-party application program may possibly refuse to provide some core services due to potential safety hazards.
In order to solve the above problems, the present invention provides a solution, in which after a target application program in a system is started, a packet name of the target application program is matched with a packet name in a preset extraction configuration table, if the matching is not successful, the target application program is subjected to a power down process, and if the matching is successful, a root user right is maintained for the target application program, so as to realize the power up of the target application program. Compared with the prior art that the application program uses the root user right through the SU file, the invention increases the right-lifting configuration table, when the package name of the application program can be successfully matched in the right-lifting configuration table, the application program is lifted, and the target application program can use the root user right to realize the corresponding function after the right lifting, so that the root user right is not required to be applied through the SU file, the root right lifting of the application program by the system can be realized without configuring the SU file in the system, and the defect that a third-party application program detects whether the system improves the root right lifting or not through the SU file is overcome.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
As shown in fig. 1, fig. 1 is a schematic device structure diagram of a hardware operating environment according to an embodiment of the present invention.
It should be noted that the application program right-granting device according to the embodiment of the present invention may include devices such as a mobile phone, a tablet computer, a notebook computer, a palm computer, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a navigation device, a wearable device, a smart band, and a pedometer. And is not particularly limited herein.
As shown in fig. 1, the application program right granting device may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be used for storing software programs and various data, and the memory 1005 may be a computer storage medium, and the memory 1005 stores the application program authorization program of the present invention. The memory 1005 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 1005 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 1001 is a control center of the application right granting apparatus, connects various parts of the entire mobile terminal using various interfaces and lines, and performs various functions of the mobile terminal and processes data by running or executing software programs and/or modules stored in the memory 1005 and calling data stored in the memory 1005, thereby performing overall monitoring of the mobile terminal. For example, the processor 1001 executes the application right granting program in the memory 1005 to implement the steps of the embodiments of the application right granting method of the present invention.
Those skilled in the art will appreciate that the device architecture shown in fig. 1 does not constitute a limitation on application-specific devices, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and an application program privilege program. An operating system is a program that manages and controls the hardware and software resources of a device, supporting the execution of application programs, privilege programs, and other software or programs. In the device shown in fig. 1, the user interface 1003 is mainly used for data communication with a client; the network interface 1004 is mainly used for establishing communication connection with a server; and the processor 1001 may be configured to call an application-right-granting program stored in the memory 1005 and perform the following operations:
after a target application program in the system is started, matching the packet name of the target application program with each packet name in a preset privilege configuration table;
if the matching is not successful, performing weight reduction processing on the target application program;
and if the matching is successful, maintaining root user permission for the target application program.
Further, after the target application program in the system is started, the step of matching the packet name of the target application program with each packet name in a preset authorization configuration table includes:
after a target application program in the system is started, calling a configuration table plug-in service to match the packet name of the target application program with each packet name in the preset privilege-offering configuration table;
and acquiring a matching result returned by the configuration plug-in service.
Further, after the target application program in the system is started, before the step of matching the packet name of the target application program with each packet name in a preset authorization configuration table, the method further includes:
and before the target application program is started, writing the package name of the target application program into the preset privilege-raising configuration table through a preset private path.
Further, if the matching is not successful, the step of performing a power reduction process on the target application program includes:
if the matching is not successful, calling a setup user identifier setup function to reduce the target application program from root user authority to common user authority.
Further, the method further comprises:
detecting whether a switching user SU file exists in a system;
and if so, deleting the SU file.
Further, after the target application program is started, before the step of matching the packet name of the target application program with each packet name in a preset authorization configuration table, the method further includes:
after receiving the request message for starting the target application program, the activity management service (ASM) in the system initiates a process creation request to the zygate process of the incubator, and the target application program process is derived by the zygate process to start the target application program.
Further, the method further comprises:
when a deleting instruction is detected, acquiring an application program package name carried in the deleting instruction;
and deleting the application program package name from the preset privilege-offering configuration table.
Based on the above structure, various embodiments of the application program right-granting method are provided.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for providing application program authorization according to a first embodiment of the present invention.
While embodiments of the present invention provide embodiments of an application privilege method, it should be noted that although a logical order is shown in the flow chart, in some cases, the steps shown or described may be performed in an order different than here. The execution subject of each embodiment of the application program right-granting method of the present invention may be a device such as a smart phone, a personal computer, and a server, and for convenience of description, the system is taken as the execution subject in the following embodiments for explanation. In this embodiment, the method for granting the right to the application includes:
step S10, after the target application program in the system is started, matching the package name of the target application program with the package name in a preset privilege configuration table;
after the target application program in the system is started, the system can match the package name of the target application program with the package name in the preset privilege configuration table. The preset privilege-granting configuration table is a data table preset in the system, and is used for storing the package name of the application program that the system allows to grant the root user privilege (that is, allows to grant the privilege), so that the package name of the application program that needs to grant the privilege can be written into the privilege-granting configuration table in advance. The root user authority is a super user authority, and after the application program obtains the root authority, the application program means that the highest authority of the system is obtained, and all operations of adding, deleting, modifying and checking can be executed on any file in the system. The preset privilege escalation configuration table can be placed under a hidden folder of the system, so that a third-party application program cannot find the configuration table. It should be noted that the package name of the application program has uniqueness, and in other embodiments, other identifiers having uniqueness may be used instead of the package name.
Step S20, if the matching is not successful, the right of the target application program is reduced;
if the system does not find the package name which is the same as the package name of the target application program in the right-lifting configuration table, the system determines that the matching is not successful, namely the target application program is not in a list which allows the root user right to be granted, and at the moment, the system can carry out right-reducing processing on the target application program. It should be noted that the target application program is derived from a system process, the system process itself has a root user right, and the derived target application program has the root user right, so that when it is determined that the root user right of the target application program is not allowed to be granted, the root user right is reduced, so that the target application program is restored to a normal user right or other rights.
And step S30, if the matching is successful, maintaining root user authority for the target application program.
If the system finds the package name which is the same as the package name of the target application program in the right-lifting configuration table, the matching is determined to be successful, namely the target application program is in a list which allows the grant of the root user right, at the moment, the system can maintain the root user right for the target application program, specifically, the right reduction processing can not be carried out on the root user right, namely, the root user right is kept, and therefore the purpose of lifting the right of the target application program is achieved.
In this embodiment, after a target application program in the system is started, a packet name of the target application program is matched with a packet name in a preset extraction configuration table, if the matching is not successful, the target application program is subjected to power down processing, and if the matching is successful, root user permission is maintained for the target application program, so that the right of the target application program is lifted. Compared with the prior art that the application program uses the root user right through the SU file, in the embodiment, the right-lifting configuration table is added, when the package name of the application program can be successfully matched in the right-lifting configuration table, the application program is lifted, and the target application program can use the root user right to realize the corresponding function after the right lifting, so that the root user right does not need to be applied through the SU file, the root right lifting of the application program can be realized by the system without configuring the SU file in the system, and the defect that whether the root right lifting is improved by the system or not is detected by a third-party application program through the SU file is overcome.
Further, based on the first embodiment described above, a second embodiment of the application right granting method of the present invention is proposed, in this embodiment, the step S10 includes:
step S101, after a target application program in the system is started, calling a configuration table plug-in service to match the packet name of the target application program with each packet name in the preset privilege-offering configuration table;
and step S102, obtaining the matching result returned by the configuration plug-in service.
In this embodiment, a configuration table plug-in service is added to the system for querying the right-lifting configuration table. After a target application program in the system is started, a configuration table plug-in service can be called to inquire the package name in the authorization configuration table so as to determine whether the package name in the table is the same as that of the target application program. And after the configuration table plug-in service queries the right-lifting configuration table, returning a matching result, wherein the matching result represents that the matching is successful or not. And the system acquires the matching result returned by the configuration table plug-in service, and can determine whether to carry out right reduction processing on the target application program according to the matching result.
Further, before the step S10, the method further includes:
step S40, before the target application program is started, writing the package name of the target application program into the preset privilege provision table through a preset private path.
Before the target application program is started, the target application program can write the packet name of the target application program into a preset privilege configuration table through a preset private path. The preset private path may be a preset private path that is not disclosed to the outside. The private path may be a hidden folder in the system, or a configuration table writing service that is not disclosed to the outside in the system, and since the configuration table is not disclosed to the outside, the third-party application cannot find the right-lifting configuration table in the system. The application program needing to be authorized can apply for the private path, thereby realizing the system authorization. It should be noted that, after the packet name is written once before the target application starts, the target application does not need to write again subsequently. Further, the target application may write the package name to the pre-set authorization configuration table at installation time, or at some other time prior to startup.
Further, the step S20 includes:
step S201, if the matching is not successful, a setup user identifier setup function is called to reduce the target application program from root user authority to common user authority.
If the system determines that the mismatch is successful, the setup function may be invoked to reduce the target application from root user permission to normal user permission. The setup function may be used to set a user ID of the application program process, for example, if the user ID is 0, which indicates that the application program process is root user right, and if the user ID is not 0, which indicates that the application program process is normal user right or other user rights, the user ID of the target application program is initially 0, and the system calls the setup function to modify the user ID of the target application program to 1, so as to reduce the target application program to normal user right.
Further, before the step S10, the method further includes:
step S50, after receiving the request message for starting the target application program, the activity management service ASM in the system initiates a process creation request to the incubator zygate process, and the target application program process is derived by the zygate process to start the target application program.
The system will after start-up fork (derive) a zygate process, the following processes all being derived by the zygate process fork. The Zygote process first fork out of the SystemServer process, which creates an ActivityManagerService (ASM). When the target application program is started, a request message is sent to the ASM, the ASM initiates a process creation request to the Zygote process, and the Zygote process fork exits the target application program process, so that the target application program is started.
In one embodiment, the application may be referred to according to the flow shown in FIG. 3. Specifically, when an app (application program) needs to acquire root rights, the package name of the app itself is written into the rights-offering configuration table through a private path. The application program is issued by a zygate process fork, since the zygate process is a root user, the application program issued by fork is the root user, then in the starting process, a plug-in service is loaded, the package name information in the configuration table is obtained, the package name information is compared with the created app, if the package names are matched, the right reduction processing is not carried out, the right of the root user is kept, and if the package names are not matched, the right is reduced to be a common user.
Further, based on the first and/or second embodiments, a third embodiment of the method for granting right to an application program of the present invention is provided, and in this embodiment, the method further includes:
step S60, detecting whether the system has the SU file of the switching user;
and step S70, if the SU file exists, deleting the SU file.
The system provides a method for carrying out right-lifting through a right-lifting configuration table, so that the application program right-lifting is realized without configuring SU files, but some malicious software may install the SU files in the system in order to obtain root authority, so that a third-party application program can refuse to provide core services by detecting whether the SU files exist in the system. Therefore, in this embodiment, the system can detect whether the SU file exists in the system at regular time, and if so, the SU file is deleted.
In this embodiment, when the system detects that an SU file exists, the SU file is deleted, so that the situation that a third-party application rejects the core service by detecting whether the SU file exists is further avoided.
Further, in an embodiment, the method further comprises:
step S80, when a deleting instruction is detected, acquiring the name of the application program package carried in the deleting instruction;
the application program may write the package name into a preset privilege configuration table through an irregular way, or the application program needs root user privilege when being started for the first time, and no root user privilege is needed when being started subsequently, or the application program cannot be granted root user privilege any more due to other reasons, so that the system can trigger a deletion instruction carrying the package name of the application program when detecting that the event occurs.
And step S90, deleting the application program package name from the preset privilege configuration table.
According to the deleting instruction, the system deletes the application program package name carried in the deleting instruction from the preset privilege-offering configuration table, so that when the application program is started next time, the system cannot find the package name of the application program in the preset privilege-offering configuration table, and further performs privilege reducing processing on the application program.
In addition, an embodiment of the present invention further provides an application right granting apparatus, and referring to fig. 4, the apparatus includes:
the matching module 10 is configured to match a packet name of a target application program with each packet name in a preset privilege provision configuration table after the target application program in the system is started;
the right reducing module 20 is configured to perform right reducing processing on the target application program if the matching is not successful;
and the maintaining module 30 is configured to maintain the root user right for the target application program if the matching is successful.
Further, the matching module 10 includes:
the calling unit is used for calling a configuration table plug-in service to match the packet names of the target application programs with the packet names in the preset privilege-raising configuration table after the target application programs in the system are started;
and the acquisition unit is used for acquiring the matching result returned by the configuration plug-in service.
Further, the apparatus further comprises:
and the writing module is used for writing the packet name of the target application program into the preset privilege-raising configuration table through a preset private path before the target application program is started.
Further, the right drop module 20 is further configured to:
if the matching is not successful, calling a setup user identifier setup function to reduce the target application program from root user authority to common user authority.
Further, the apparatus further comprises:
the detection module is used for detecting whether the system has the SU file of the switching user;
and the first deleting module is used for deleting the SU file if the SU file exists.
Further, the apparatus further comprises:
and the starting module is used for initiating a process creation request to a zygate process of an incubator after an activity management service (ASM) in the system receives a request message for starting the target application program, and deriving the target application program process by the zygate process so as to start the target application program.
Further, the apparatus further comprises:
the acquisition module is used for acquiring the application program package name carried in the deleting instruction when the deleting instruction is detected;
and the second deleting module is used for deleting the application program package name from the preset privilege-giving configuration table.
The specific implementation of the application program privilege escalating device of the present invention is basically the same as the embodiments of the application program privilege escalating method, and is not described herein again.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where an application right-granting program is stored on the storage medium, and when executed by a processor, the application right-granting program implements the steps of the application right-granting method described below.
The embodiments of the application program authorization apparatus and the computer-readable storage medium of the present invention can refer to the embodiments of the application program authorization method of the present invention, and are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. An application privilege elevation method, the method comprising:
after a target application program in the system is started, matching the packet name of the target application program with each packet name in a preset privilege configuration table;
if the matching is not successful, performing weight reduction processing on the target application program;
and if the matching is successful, maintaining root user permission for the target application program.
2. The method for granting an authority to an application program according to claim 1, wherein the step of matching the packet name of the target application program with each packet name in a preset authorization configuration table after the target application program in the system is started comprises:
after a target application program in the system is started, calling a configuration table plug-in service to match the packet name of the target application program with each packet name in the preset privilege-offering configuration table;
and acquiring a matching result returned by the configuration plug-in service.
3. The method for granting an authority to an application program according to claim 1, wherein before the step of matching the packet name of the target application program with each packet name in a preset authorization configuration table after the target application program in the system is started, the method further comprises:
and before the target application program is started, writing the package name of the target application program into the preset privilege-raising configuration table through a preset private path.
4. The method for right-lifting an application program according to claim 1, wherein the step of performing a right-lowering process on the target application program if the matching is not successful comprises:
if the matching is not successful, calling a setup user identifier setup function to reduce the target application program from root user authority to common user authority.
5. The application privilege elevation method of claim 1, wherein the method further comprises:
detecting whether a switching user SU file exists in a system;
and if so, deleting the SU file.
6. The method for granting an authority to an application according to claim 1, wherein after the target application is started, before the step of matching the packet name of the target application with each packet name in a preset authorization configuration table, the method further comprises:
after receiving the request message for starting the target application program, the activity management service (ASM) in the system initiates a process creation request to the zygate process of the incubator, and the target application program process is derived by the zygate process to start the target application program.
7. The application privilege elevation method of any one of claims 1 through 6, wherein the method further comprises:
when a deleting instruction is detected, acquiring an application program package name carried in the deleting instruction;
and deleting the application program package name from the preset privilege-offering configuration table.
8. An application privilege apparatus, the apparatus comprising:
the matching module is used for matching the packet names of the target application programs with the packet names in a preset privilege-offering configuration table after the target application programs in the system are started;
the right reducing module is used for carrying out right reducing processing on the target application program if the matching is not successful;
and the maintaining module is used for maintaining the root user authority for the target application program if the matching is successful.
9. An application right granting device, characterized in that the application right granting device comprises: memory, processor and an application right-giving program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the application right-giving method according to any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that an application program right-lifting program is stored on the computer-readable storage medium, which when executed by a processor implements the steps of the application program right-lifting method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011271478.XA CN112446023B (en) | 2020-11-13 | 2020-11-13 | Application program right-lifting method, device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011271478.XA CN112446023B (en) | 2020-11-13 | 2020-11-13 | Application program right-lifting method, device, equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112446023A true CN112446023A (en) | 2021-03-05 |
| CN112446023B CN112446023B (en) | 2022-06-21 |
Family
ID=74738286
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011271478.XA Active CN112446023B (en) | 2020-11-13 | 2020-11-13 | Application program right-lifting method, device, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112446023B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030014466A1 (en) * | 2001-06-29 | 2003-01-16 | Joubert Berger | System and method for management of compartments in a trusted operating system |
| CN105045625A (en) * | 2015-07-17 | 2015-11-11 | 上海斐讯数据通信技术有限公司 | Method for root authority management and control in Android platform |
| US9268917B1 (en) * | 2013-08-30 | 2016-02-23 | Ca, Inc. | Method and system for managing identity changes to shared accounts |
| CN108595214A (en) * | 2018-04-11 | 2018-09-28 | 北京海杭通讯科技有限公司 | Android user versions obtain the method and system of root privileges under SELinux compulsory modes |
-
2020
- 2020-11-13 CN CN202011271478.XA patent/CN112446023B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030014466A1 (en) * | 2001-06-29 | 2003-01-16 | Joubert Berger | System and method for management of compartments in a trusted operating system |
| US9268917B1 (en) * | 2013-08-30 | 2016-02-23 | Ca, Inc. | Method and system for managing identity changes to shared accounts |
| CN105045625A (en) * | 2015-07-17 | 2015-11-11 | 上海斐讯数据通信技术有限公司 | Method for root authority management and control in Android platform |
| CN108595214A (en) * | 2018-04-11 | 2018-09-28 | 北京海杭通讯科技有限公司 | Android user versions obtain the method and system of root privileges under SELinux compulsory modes |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112446023B (en) | 2022-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108027741B (en) | File processing method, device, terminal and storage medium based on patch upgrade | |
| US6970697B2 (en) | Platform-independent scanning subsystem API for use in a mobile communication framework | |
| CN107832100B (en) | APK plug-in loading method and terminal thereof | |
| EP3032418A1 (en) | Permission control method and device | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| EP2639736B1 (en) | Apparatus and method of controlling permission to applications in a portable terminal | |
| EP3116266B1 (en) | Method and apparatus for network entry when roaming | |
| US8064947B2 (en) | Portable device and information management method | |
| EP3119133B1 (en) | Roaming network access method and apparatus | |
| CN109587233B (en) | Multi-cloud container management method, device and computer-readable storage medium | |
| KR20140097531A (en) | Methods and apparatus to facilitate single sign-on services | |
| US9268939B2 (en) | Method and apparatus for determining virus-infected files | |
| CN109451020B (en) | Timeout management method, timeout management device, and computer-readable storage medium | |
| CN108090345B (en) | Linux system external command execution method and device | |
| CN108494749B (en) | Method, device and equipment for disabling IP address and computer readable storage medium | |
| CN110619221A (en) | Virtual authorization method, device, terminal equipment and storage medium | |
| CN112446023B (en) | Application program right-lifting method, device, equipment and computer readable storage medium | |
| CN109992298B (en) | Examination and approval platform expansion method and device, examination and approval platform and readable storage medium | |
| CN110673970B (en) | Cross-process calling system and method based on web application | |
| CN111783082A (en) | Process tracing method, device, terminal and computer readable storage medium | |
| CN105787359A (en) | Course guarding method and device | |
| CN106778297B (en) | Application program running method and device and mobile terminal | |
| CN108664805B (en) | Application program safety verification method and system | |
| CN115576626A (en) | Method, device and storage medium for safe mounting and dismounting of USB (Universal Serial bus) device | |
| CN106203087B (en) | Injection protection method, system, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |