CN114816707A - Method and device for creating sandbox environment for plug-in operation and computing equipment - Google Patents
Method and device for creating sandbox environment for plug-in operation and computing equipment Download PDFInfo
- Publication number
- CN114816707A CN114816707A CN202210487737.5A CN202210487737A CN114816707A CN 114816707 A CN114816707 A CN 114816707A CN 202210487737 A CN202210487737 A CN 202210487737A CN 114816707 A CN114816707 A CN 114816707A
- Authority
- CN
- China
- Prior art keywords
- plug
- sandbox
- creating
- environment
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 195
- 244000035744 Hura crepitans Species 0.000 title claims abstract description 135
- 230000008569 process Effects 0.000 claims abstract description 146
- 238000013507 mapping Methods 0.000 claims abstract description 13
- 238000004891 communication Methods 0.000 claims description 36
- 238000012545 processing Methods 0.000 claims description 9
- 238000007726 management method Methods 0.000 description 43
- 238000002955 isolation Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 9
- 238000013461 design Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000010367 cloning Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 230000007723 transport mechanism Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000000149 penetrating effect Effects 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/31—Programming languages or programming paradigms
- G06F8/315—Object-oriented languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method and a device for creating a sandbox environment for plug-in operation and computing equipment. The invention discloses a method for creating a sandbox environment for plug-in operation, which comprises the following steps: creating a sandbox environment, mapping a local directory for each plug-in to the sandbox environment, and mapping a device management directory of a host to the sandbox environment; adding different resource limits to different sandbox environments; loading plug-in process management; receiving a message transmitted by a front end, wherein the message comprises an ID (identity) of a plug-in and a version of the plug-in, and transmitting the message to the plug-in process management; and managing and loading corresponding plug-ins through the plug-in process, wherein only one master plug-in and slave plug-ins depended by the master plug-in are loaded in one sandbox environment. The scheme of the invention realizes the modularized control of the plug-in process resources, can realize complete control in the whole life cycle of the sandbox, can dynamically access hardware resources, and limits the read-write speed of a disk and the uplink and downlink speed of a network.
Description
This application is a divisional application of the invention patent application 2021115938518 filed on 24/12/2021.
Technical Field
The invention relates to the technical field of computer browser plug-in operation, in particular to a method and a device for creating a sandbox environment for plug-in operation, a computing device and a readable storage medium.
Background
In current practice, there is a need to ensure the security and resource isolation of plug-in process management and plug-ins. The existing technical solution is to isolate plug-in processes through a Docker. Docker has originated from Linux Container (LXC) technology and is currently the mainstream virtualized Container solution. It provides a standardized set of container solutions, the design of which is shown in figure 1. As shown in FIG. 1, a host may manage plug-ins, and docker provides an interface to manage plug-ins. The local resource manager is responsible for managing the relationship between the local resources and the docker container. The plug-in management and plug-in service calling parts are all run in the Docker container. In an actual development project, a back-end plug-in server, plug-in process management and plug-ins are directly deployed in a Docker container after being compiled and packaged, relevant service interfaces are exposed, and the front end performs connection communication through the service interfaces.
Because all plug-ins and plug-in services are run in the Docker container, the plug-ins can only affect the container and do not affect the operating system. However, the above Docker scheme brings about three problems:
1, the project is used as a universal browser plug-in solution, resources, permissions and environments required by different plug-in manufacturers and plug-in developers are different, but a container environment created by a Docker cannot be modified after the container is created, so that the Docker solution is not flexible in the background.
2, the plug-in process management and all the loaded plug-ins run in a container environment, and complete environment isolation between each plug-in is not realized although environment isolation is performed with a host.
And 3, hot plug-in of hardware cannot be realized, and hardware resources are dynamically read (taking a bank client as an example, a plug-in system can have a requirement on hot plug-in of the U shield).
Disclosure of Invention
To this end, the present invention provides a method and apparatus, a computing device and a readable storage medium for creating a sandbox environment for plug-in execution in an effort to solve or at least alleviate at least one of the problems identified above.
According to one aspect of the invention, a method for creating a sandbox environment for plug-in operation is provided, which comprises the following steps: creating a sandbox environment, mapping a local directory for each plug-in into the sandbox environment, mapping a device management directory for a host into the sandbox environment; adding different resource limits to different sandbox environments; loading plug-in process management; receiving a message transmitted by a front end, wherein the message comprises an ID (identity) of a plug-in and a version of the plug-in, and transmitting the message to the plug-in process management; and managing and loading corresponding plug-ins through the plug-in process, wherein only one master plug-in and slave plug-ins depended by the master plug-in are loaded in one sandbox environment.
According to another aspect of the present invention, there is provided an apparatus for creating a sandbox environment for plug-in operation, comprising: the system comprises a creating module, a storage module and a processing module, wherein the creating module is used for creating a sandbox environment, mapping a local directory aiming at each plug-in to the sandbox environment and mapping a device management directory of a host to the sandbox environment; the resource limiting module is used for increasing different resource limits to different sandbox environments; the loading module is used for loading the plug-in process management; the receiving module is used for receiving a message transmitted by a front end, wherein the message comprises the ID of the plug-in and the version of the plug-in and is transmitted to the plug-in process management; and the plug-in loading module is used for managing and loading corresponding plug-ins through the plug-in process, wherein only one master plug-in and slave plug-ins depended by the master plug-in are loaded in one sandbox environment.
According to another aspect of the present invention, there is provided a computing device comprising: at least one processor and a memory storing program instructions; the program instructions, when read and executed by the processor, cause the computing device to perform the above-described method of creating a sandboxed environment for plug-in operation.
According to yet another aspect of the present invention, there is provided a readable storage medium storing program instructions which, when read and executed by a computing device, cause the computing device to perform the above-described method of creating a sandboxed environment for plug-in operation.
According to the technical scheme of the invention, the modularized management and control of the plug-in process resources are realized, the complete management and control can be realized in the whole life cycle of the sandbox, the hardware resources can be dynamically accessed, and the read-write speed of the disk and the uplink and downlink speed of the network are limited.
According to the technical scheme of the invention, the sandbox mechanism does not need to be as complex as a docker, and only needs to emphasize the realization of the interior of the sandbox, so that the operation of the plug-in units does not influence a host machine, and the environmental isolation among the plug-in units is realized.
In addition, different from the method that the docker initializes a new process each time to set the sandbox environment, according to the technical scheme of the invention, the plug-in is managed and loaded by the plug-in process in the sandbox environment, so that the method can obtain a benefit: each plug-in unit runs in a sandbox environment, and when the external plug-in unit service needs to communicate with the plug-in unit, the communication can be realized by penetrating the sandbox environment through the reserved port under the condition that the network and the file system are isolated.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
FIG. 1 shows a design diagram of isolating a plug-in process by Docker.
FIG. 2 shows a schematic diagram of a computing device 100, according to one embodiment of the invention.
FIG. 3 shows an overall design of a sandbox creation scheme according to an embodiment of the present invention.
FIG. 4 illustrates a flow diagram of a method 400 for creating a sandboxed environment for plug-in operation in accordance with one embodiment of the present invention.
FIG. 5 shows a schematic flow diagram of a concurrent dual thread of a method according to an embodiment of the invention.
Fig. 6 shows a schematic block diagram of an apparatus for creating a sandbox according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Aiming at the problems that the existing plug-in process management technology cannot be customized, the plug-ins cannot be isolated and the like, so that the modularized control cannot be realized, the flexibility cannot be realized and the like, the method for creating the sandbox environment for the plug-in operation can realize the modularized control of the plug-in process resources, can realize the complete control in the whole life cycle of the sandbox, can dynamically access the hardware resources, and limits the read-write speed of a disk and the uplink and downlink speed of a network.
The method of the present invention for creating a sandboxed environment for plug-in operation is performed in a computing device. The computing device may be any device with storage and computing capabilities, and may be implemented as, for example, a server, a workstation, or the like, or may be implemented as a personal computer such as a desktop computer or a notebook computer, or may be implemented as a terminal device such as a mobile phone, a tablet computer, a smart wearable device, or an internet of things device, but is not limited thereto.
FIG. 2 shows a schematic diagram of a computing device 100, according to one embodiment of the invention. It should be noted that the computing device 100 shown in fig. 2 is only an example, and in practice, the computing device for implementing the method for creating a sandbox environment for plug-in operation according to the present invention may be any type of device, and the hardware configuration thereof may be the same as the computing device 100 shown in fig. 2 or different from the computing device 100 shown in fig. 2. The computing device that is practically used to implement the method of creating a sandbox environment for plug-in operation according to the present invention may add or delete hardware components of the computing device 100 shown in fig. 2, and the present invention does not limit the specific hardware configuration of the computing device.
As shown in FIG. 2, in a basic configuration 102, a computing device 100 typically includes a system memory 106 and one or more processors 104. A memory bus 108 may be used for communication between the processor 104 and the system memory 106.
Depending on the desired configuration, the processor 104 may be any type of processing, including but not limited to: a microprocessor (μ P), a microcontroller (μ C), a Digital Signal Processor (DSP), or any combination thereof. The processor 104 may include one or more levels of cache, such as a level one cache 110 and a level two cache 112, a processor core 114, and registers 116. The example processor core 114 may include an Arithmetic Logic Unit (ALU), a Floating Point Unit (FPU), a digital signal processing core (DSP core), or any combination thereof. The example memory controller 118 may be used with the processor 104, or in some implementations the memory controller 118 may be an internal part of the processor 104.
Depending on the desired configuration, system memory 106 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. The physical memory in the computing device is usually referred to as a volatile memory RAM, and data in the disk needs to be loaded into the physical memory to be read by the processor 104. System memory 106 may include an operating system 120, one or more applications 122, and program data 124. In some implementations, the application 122 can be arranged to execute instructions on an operating system with program data 124 by one or more processors 104. Operating system 120 may be, for example, Linux, Windows, etc., which includes program instructions for handling basic system services and performing hardware dependent tasks. The application 122 includes program instructions for implementing various user-desired functions, and the application 122 may be, for example, but not limited to, a browser, instant messenger, a software development tool (e.g., an integrated development environment IDE, a compiler, etc.), and the like. When the application 122 is installed into the computing device 100, a driver module may be added to the operating system 120.
When the computing device 100 is started, the processor 104 reads program instructions of the operating system 120 from the memory 106 and executes them. The application 122 runs on top of the operating system 120, utilizing the operating system 120 and interfaces provided by the underlying hardware to implement various user-desired functions. When the user starts the application 122, the application 122 is loaded into the memory 106, and the processor 104 reads the program instructions of the application 122 from the memory 106 and executes the program instructions.
The computing device 100 also includes a storage device 132, the storage device 132 including removable storage 136 and non-removable storage 138, the removable storage 136 and the non-removable storage 138 each connected to the storage interface bus 134.
Computing device 100 may also include an interface bus 140 that facilitates communication from various interface devices (e.g., output devices 142, peripheral interfaces 144, and communication devices 146) to the basic configuration 102 via the bus/interface controller 130. The example output device 142 includes a graphics processing unit 148 and an audio processing unit 150. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 152. Example peripheral interfaces 144 may include a serial interface controller 154 and a parallel interface controller 156, which may be configured to facilitate communication with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 158. An example communication device 146 may include a network controller 160, which may be arranged to facilitate communications with one or more other computing devices 162 over a network communication link via one or more communication ports 164.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
In a computing device 100 according to the present invention, the application 122 includes instructions for performing the method 400 of creating a sandbox environment for plug-in execution of the present invention, which may instruct the processor 104 to perform the method 400 of creating a sandbox environment for plug-in execution of the present invention. Before describing the method 400, the general design considerations for a sandbox creation scheme in accordance with an embodiment of the present invention will be discussed with reference to FIG. 3.
When the plug-in runs on the client machine, it needs to be ensured that the plug-in does not affect the client machine, such as operating the client's sensitive files. A sandbox environment is designed to isolate the operation of the plug-ins. The docker mentioned in the background section is a generic design and cannot be customized. And a sandbox solution implemented in accordance with the present invention can solve this problem.
As shown in FIG. 3, at system boot, the plug-in service itself clones the sandbox, which may be said to boot the sandbox process. Later, each time a plug-in (exemplified by an SO) is called, the SO is placed in a sandbox process to achieve isolation of the plug-in from the host environment and isolation between the plug-ins.
The detailed description is given by taking the Linux operating system as an example. However, it should be understood that the present invention is not limited to use with the Linux operating system, but may be compatible with other systems such as the Windows operating system. The isolation of the environment can be realized through the Namespace of the Linux kernel. The Namespaces is a mode used by the Linux kernel to isolate kernel resources. The process in different Namespace has independent global system resource, and changing the system resource in one Namespace only affects the process in the current Namespace and has no effect on the processes in other Namespaces.
The sandbox scheme utilizes a Linux kernel and utilizes Namesspace and Cgrops function mechanisms at a process level to realize the safety isolation between the plug-in services and a system, so that the plug-in service processes of different Namesspaces have independent global system resources, and different plug-in services have different resource limitations.
Before the plug-in service calls the plug-in process, each plug-in process is subjected to encapsulation isolation of global system resources, and the PID (program process tree), interprocess communication, mount points, networks and users of each plug-in process are isolated, so that the configuration of environment isolation is completed, and the initialization of the foundation is completed. Each file in the Linux system can be hung on the system, and if the files are isolated through Namespace, the mounting points can be isolated. For example, for the A folder, after the mount point is isolated by Namespace, the mount point cannot be seen on the host machine, and the mount point can only be seen when the A folder enters the virtual environment. The step of isolating the mount point is matched with Changeroot (the Changeroot is a root directory position referred by the program during execution), and the host directory of the plug-in is mapped to the home directory in the sandbox by firstly mounting a directory and then pointing the directory to the home directory through the Changeroot.
As shown in FIG. 3 and described above, a separate sandbox environment is created for each host plugin and its slave plugin files so that the operation of the plugins does not affect the host and also environmental isolation of plugins from each other is achieved.
FIG. 4 illustrates a flow diagram of a method 400 for creating a sandboxed environment for plug-in operation in accordance with one embodiment of the present invention. Method 400 is performed in a computing device (e.g., computing device 100 described above) for templated management of resources for plug-in processes. As shown in fig. 4, the method 400 begins at step S410. The method 400 is described in detail below with reference to fig. 4.
Step S410, creating a sandbox environment, mapping the local directory of each plug-in to the sandbox environment, and mapping the device management directory of the host to the sandbox environment.
Step S410 depicts the first step of initialization, i.e., cloning an environment isolated process. The essence is that an environment-isolated plug-in service process (sandbox process) is cloned through the calling of different Namespace functions.
The detailed description is given by taking the Linux operating system as an example. However, it should be understood that the present invention is not limited to use with the Linux operating system, but may be compatible with other systems such as the Windows operating system. Under a Linux operating system, if the back ends of the plug-in interface platform schemes are all written by using the GO language, the sandbox can be developed by using the GO language, namely, the sandbox environment is realized by using the GO language. It should be understood, however, that the sandboxed environment may be written in other languages, such as C, C + +, as the invention is not limited thereto. The adopted technical means can be the isolation of the environment through Namespace of Linux Kernel. The Namespaces is a mode used by the Linux kernel to isolate kernel resources. The process in different Namespace has independent global system resource, and changing the system resource in one Namespace only affects the process in the current Namespace and has no effect on the processes in other Namespaces.
In an alternative example, before a sandbox process is cloned, a plug-in service may be cloned, and subsequent sandbox cloning, plug-in loading, etc. processes may be run by the cloned plug-in service. Therefore, initial configuration information such as environment variables and mirror image information of the original plug-in service exists in the sandbox environment, and the process can be emptied. In this embodiment, the configuration information may be nulled using an execute system function of the kernel. Calling this system function runs the specified plug-in process, replacing the original initialization (init) process (there will be one because the plug-in service process is replicated).
In addition, the corresponding local directory also needs to be mapped into the sandbox environment for each plug-in. This is because a working directory needs to be provided for the operation of the plug-in, because the plug-in needs to be cached or read a file during the operation of the plug-in. However, it is desirable to provide a working catalog for plug-ins in a sandbox environment. A directory is established on a host computer aiming at each plug-in, and in the process of initializing the sandbox, the corresponding change root can be set according to a file path rule (the name of the plug-in is the name of the directory), so that the directory on the host computer is mapped to the home directory in the virtual environment. The plugin service will create a corresponding directory map from the plugin ID and version. Wherein the plugin ID and version information comes from a message sent by a front end (such as a browser) to the plugin service. In the following steps, the corresponding plug-in is also loaded according to the message.
In addition, in order to enable the hardware to support hot plug, the "/dev" device management directory of the host machine can be mapped into the sandbox through a Mount Namespace mechanism, so that the sandbox has complete access right to the hardware. The "/dev" directory is a management directory of all hardware in the Linux system, for example, a usb disk is inserted, and information of the usb disk is mounted in the dev directory.
And S420, adding different resource limits to different sandbox environments.
After the isolation of the sandbox environment is completed, different resource restrictions need to be added to different sandbox environments. The resource limitation refers to the management and control of computer resources occupied by each plug-in process, such as the management and control are performed so that the running memory of the plug-in process a does not exceed 100M, the plug-in process B does not occupy 5% of the CPU, and the like. Therefore, the resource requirement of the plug-in operation can be met, for example, if the number of the plug-ins is large, the resource utilization rate of each plug-in is required, for example, the memory occupancy rate of any plug-in is not allowed to exceed 20% of the whole system, and the like. In addition, if the platform is made, limitation is also required to different types of plug-ins.
Here, the Cgroups technique of Linux can be employed to resource limit and control the plug-in process and the resulting sub-process. The Cgroups technique is described below.
Cgroup, subsystem and hierarchy are contained in Cgroup, and mutually assist in completing resource limitation of a process. The cgroup component is a mechanism for managing documents in process groups, and a cgroup comprises a group of processes and can be associated through various parameter configurations of a subsystem. The subsystem is a group of resource control modules, and comprises access control on input and output of block equipment, scheduling policy setting of a cpu and the like. hierarchy functions to string a group of cgroups into a tree structure, and the inheritance of resource restriction is completed through the tree structure.
In practical business application, various parameter configurations of Linux subsystems are added to cgroup, system parameters of a group of processes and a group of subsystems are managed, and therefore different cgroup templates are made for different plug-ins. subsystem acts on a cgroup node on hierarchy to control the resource occupation of the process in the node. Therefore, when resource limitation setting is performed, corresponding templates, such as a memory limitation template, a hard disk read-write limitation template and the like, can be specified according to resource use conditions (a large number of IO reads and writes of a disk, long-time high memory occupation and the like) of different plug-ins.
Since hierarchy strings cgroup through a tree structure, it is exposed to the user by means of a virtual file system. Therefore, when the resource limit of each sandbox is configured, the corresponding file can be read and written only. For example, a memory restriction template is implemented, after an absolute path of a cgroup in a file system is obtained, a corresponding file is created in a memory in the cgroup, memory restriction can be implemented by configuring a memory.
And S430, loading plug-in process management.
The plug-in process management can be a functional module written in advance, and after a sandbox environment is cloned by the plug-in service, the plug-in process management can be loaded into the cloned sandbox process.
S440, receiving a message transmitted by the front end, wherein the message comprises the ID of the plug-in and the version of the plug-in, and transmitting the message to the plug-in process management.
After initialization, an empty sandbox environment is obtained, and the plugin service further needs to transmit a specified message to plugin process management, where the message includes information such as the ID and version of the plugin, so that the plugin process management loads the corresponding plugin according to the message.
The plug-in service receives the message from the front end, which may be a browser or the like. The message may contain a message ID to distinguish the individual messages from each other and a message content so that when the receiver returns a reply, the sender knows for which message the reply is intended.
S450, managing and loading corresponding plug-ins through the plug-in process, wherein only one master plug-in and slave plug-ins depended by the master plug-in are loaded in one sandbox environment.
After the sandbox process is created, the sandbox process loads the plug-in process management function module, and the plug-in process manages and reloads the plug-in (such as an SO file), SO that a sandbox environment of the plug-in process is formed.
The significance of establishing the sandbox environment is as follows: when operating different programs, each program is a process, and if operating in the same environment, the processes will affect each other, for example, local files can be operated. The sandbox is established, namely a similar new operating system environment is simulated in the operating system, and the process is run under the new operating system environment. The process running in the sandbox environment and the process running outside in the host are isolated from each other and cannot influence each other. In the embodiment of the invention, the plug-in process is put into the sandbox environment to operate, so that the operation of other programs on the host machine is not influenced.
In the aspect of ensuring the safety of hardware, the access of sandbox hardware can be limited, and the specific implementation means can be that a device management program is developed in a host computer and is limited by communication with the sandbox in a grpc mode.
Optionally, the method 400 may further include: and establishing a communication port communicated with the plug-in process management, receiving registration of the loaded plug-in through the plug-in process management, and acquiring an instance link of the corresponding plug-in.
After the plug-in process management successfully loads the plug-in, the plug-in can actively register to the plug-in service through the plug-in process management in a communication mode such as a grpc (the plug-in process management sends instance information to the plug-in service), and the plug-in service acquires a corresponding plug-in instance link to perform communication. Wherein, the plug-in instance link refers to: when the plug-in process is run, an address is registered in the plug-in service, and the method and some functions can be operated by calling the address so as to perform subsequent business communication, for example, if the plug-in is used for reading pictures, a picture reading message can be sent to perform corresponding processing, and the like.
After the plug-in process management is successfully invoked in the sandbox environment, the plug-in service may also obtain the Process ID (PID) of the sandbox process for management, such as controlling the sandbox lifecycle, e.g., survival status, exiting the plug-in, etc. PID means that each time a plug-in process is run, a sandbox process is created, and the system gives the sandbox process an ID (PID).
FIG. 5 illustrates a concurrent dual-thread schematic flow diagram of a method according to an embodiment of the present invention, wherein a host service that creates a sandbox process is shown in parallel with a plug-in process. As can be seen from fig. 5, the flow on the left is the main service executed by the plug-in service, and the flow on the right is the plug-in process of running the plug-in after the plug-in is loaded.
Wherein "create sandbox" refers to the creation of a sandbox module in the plug-in service, and the following "create sandbox process" is a step in the operation of the module, indicating that the left column is the process of creating sandbox. The left-hand sandbox creation process includes the optional step "blanking process" in which the operation of the replace init process is specifically shown. Mounting the file system means mapping the device directory/dev into a sandbox environment, configuring namespace environment isolation, that is, the sandbox performs global system resource encapsulation isolation on each plug-in process through a system call function of a Linux kernel, isolates a PID (root process tree), interprocess communication, a mounting point, a network and a USER (USER equipment) of each plug-in process, and completes basic initialization. The loading of the policy template refers to loading of the "memory restriction template, the hard disk read-write restriction template" and the like as described above.
The right column is a plug-in process for running the plug-in execution after the plug-in is loaded. Where the plug-in service establishes a grpc communication port and the client (i.e., "plug-in process management" in fig. 2) is ready to communicate. Then, the client sends plug-in instance information (containing port number and plug-in information) to the plug-in service, so that the plug-in service can call plug-in service functions later.
The protobuf is a tool library provided by Google and having an efficient protocol data exchange format, and besides the protobuf, communication protocols such as http can be adopted, which is not limited herein.
The sandbox process is a process executed by the plug-in service, and after the sandbox process is actually operated, the whole process is a process of bidirectional interaction between the plug-in service and the plug-in process management.
Through the method implementation way, a sandbox process can be cloned when the plug-in system starts the back-end service each time, and the plug-in can be loaded in the sandbox process to realize the isolation of the plug-in when the front-end calls the plug-in service. Based on project requirements, a sandbox mechanism does not need to be as complex as a docker, only the realization of the interior of the sandbox needs to be emphasized, and the isolation of environment resources between plug-ins and the controllability of authority can be met.
In addition, different from the method that the docker initializes a new process each time to set the sandbox environment, according to the technical scheme of the embodiment, a plug-in process is managed to load the plug-in the sandbox environment, so that a benefit can be obtained: each plug-in unit runs in a sandbox environment, and when the external plug-in unit service needs to communicate with the plug-in unit, the sandbox environment can be penetrated through a reserved port to achieve communication under the condition that a network and a file system are isolated.
A schematic block diagram of an apparatus for creating a sandbox according to an embodiment of the present invention is described below with reference to fig. 6. As shown in fig. 6, the apparatus includes:
a creating module 610, configured to create a sandbox environment, map a local directory for each plug-in to the sandbox environment, and map a device management directory of a host to the sandbox environment.
Alternatively, the apparatus of fig. 6 may comprise: and the plug-in service creation module is used for creating a plug-in service, and the created plug-in service calls the other modules in the device to execute processes of sandbox cloning, plug-in loading and the like. The apparatus may further comprise: and the emptying module is used for performing emptying processing on the initial configuration information of the plug-in service created in the sandbox environment. This is because, after the plug-in service is created, some environment variables and mirror information of the original plug-in service exist in the sandbox environment, and therefore, the process needs to be cleared. The nulling module may employ an execute system function of the kernel to null the configuration information. Calling this system function runs the specified plug-in process, replacing the original initialization (init) process (there will be one because the plug-in service process is replicated).
As shown in FIG. 6, the apparatus includes a resource restriction module 620 for adding different resource restrictions to different sandbox environments. The module can adopt the Cgrops technology of Linux to limit and control the resources of the plug-in process and the generated subprocess.
As shown in fig. 6, the apparatus further includes a loading module 630 for loading the plug-in process management. The plug-in process management can be a functional module written in advance, and after a sandbox environment is cloned by the plug-in service, the plug-in process management can be loaded into the cloned sandbox process.
As shown in fig. 6, the apparatus further includes a receiving module 640, configured to receive a message transmitted by the front end, where the message includes an ID of the plug-in, a version of the plug-in, and is passed to the plug-in process management. The device further comprises a plug-in loading module 650 for managing and loading the corresponding plug-in through the plug-in process, wherein only one master plug-in and slave plug-ins depended by the master plug-in are loaded in one sandbox environment.
In an optional example, the apparatus of fig. 6 further includes a communication module, configured to establish a communication port in communication with the plug-in process management, receive registration of a loaded plug-in through the plug-in process management, and obtain an instance link of the corresponding plug-in. The communication module may also obtain a process id (pid) of the sandboxed process for management. PID means that each time a plug-in process is run, a sandbox process is created, and the system gives an ID (PID) to the sandbox process.
For the parts of the embodiment of the apparatus not described in detail, please refer to the description of the above method embodiment, which is not described in detail herein.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to perform the method of the present invention for creating a sandbox environment for plug-in operation according to instructions in the program code stored in the memory.
By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose preferred embodiments of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed to reflect the intent: that the invention as claimed requires more features than are expressly recited in each claim. It will be appreciated by those skilled in the art that the modules or units or components of the apparatus in the examples disclosed herein may be arranged in an apparatus as described in this embodiment or alternatively may be located in one or more different apparatus than that in the examples. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device of an embodiment may be adaptively changed and provided in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than others, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. Furthermore, some of the described implementations are described herein as methods or combinations of method elements that can be performed by a processor of a computer system or by other means for performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Furthermore, the elements of the device embodiments described herein are examples of devices as follows: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter.
Claims (6)
1. A method of creating a sandboxed environment for plug-in execution in a computing device comprising:
creating a plug-in service for performing the steps of:
creating a sandbox environment, mapping a local directory for each plug-in to the sandbox environment, and mapping a device management directory of a host to the sandbox environment;
adding different resource limits to different sandbox environments;
loading plug-in process management;
receiving a message transmitted by a front end, wherein the message comprises an ID (identity) of a plug-in and a version of the plug-in, and transmitting the message to the plug-in process management;
managing and loading corresponding plug-ins through the plug-in process, wherein only one master plug-in and slave plug-ins depended by the master plug-in are loaded in one sandbox environment;
performing emptying processing on the sandbox environment to empty the initial configuration information of the plug-in service stored in the sandbox environment; and
and establishing a communication port communicated with the plug-in process management, receiving registration of the loaded plug-in through the plug-in process management, and acquiring an instance link of the corresponding plug-in.
2. The method of creating a sandboxed environment for plug-in execution as recited in claim 1, further comprising:
after loading the plug-in process management, the ID of the sandbox process is received for management, wherein the ID of one sandbox process is generated each time one plug-in process is run.
3. An apparatus for creating a sandboxed environment for plug-in operation in a computing device, comprising:
the system comprises a creating module, a storage module and a processing module, wherein the creating module is used for creating a sandbox environment, mapping a local directory aiming at each plug-in to the sandbox environment and mapping a device management directory of a host to the sandbox environment;
the resource limiting module is used for increasing different resource limits to different sandbox environments;
the loading module is used for loading the plug-in process management;
the receiving module is used for receiving a message transmitted by a front end, wherein the message comprises the ID of the plug-in and the version of the plug-in and is transmitted to the plug-in process management;
the plug-in loading module is used for managing and loading corresponding plug-ins through the plug-in process, wherein only one master plug-in and slave plug-ins depended by the master plug-in are loaded in one sandbox environment;
the plug-in service creating module is used for creating plug-in services, and the created plug-in services call the creating module, the resource limiting module, the loading module, the receiving module and the plug-in loading module;
the emptying module is used for emptying the sandbox environment so as to empty the initial configuration information stored in the sandbox environment by the plug-in service;
and the communication module is used for establishing a communication port for communicating with the plug-in process management, receiving registration of the loaded plug-in through the plug-in process management and acquiring an instance link of the corresponding plug-in.
4. The apparatus for creating a sandboxed environment for plugin operation as recited in claim 3, wherein the communications module receives an ID of a sandbox process for management, wherein the ID of a sandbox process is generated each time a plugin process is run.
5. A computing device, comprising:
at least one processor and a memory storing program instructions;
the program instructions, when read and executed by the processor, cause the computing device to perform the method of creating a sandbox environment for plugin operation as claimed in claim 1 or 2.
6. A readable storage medium storing program instructions which, when read and executed by a computing device, cause the computing device to perform the method of creating a sandboxed environment for plug-in operation as claimed in claim 1 or 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210487737.5A CN114816707A (en) | 2021-12-24 | 2021-12-24 | Method and device for creating sandbox environment for plug-in operation and computing equipment |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210487737.5A CN114816707A (en) | 2021-12-24 | 2021-12-24 | Method and device for creating sandbox environment for plug-in operation and computing equipment |
| CN202111593851.8A CN113986515B (en) | 2021-12-24 | 2021-12-24 | Method and device for creating sandbox environment for plug-in operation and computing equipment |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111593851.8A Division CN113986515B (en) | 2021-12-24 | 2021-12-24 | Method and device for creating sandbox environment for plug-in operation and computing equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114816707A true CN114816707A (en) | 2022-07-29 |
Family
ID=79734225
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111593851.8A Active CN113986515B (en) | 2021-12-24 | 2021-12-24 | Method and device for creating sandbox environment for plug-in operation and computing equipment |
| CN202210487737.5A Pending CN114816707A (en) | 2021-12-24 | 2021-12-24 | Method and device for creating sandbox environment for plug-in operation and computing equipment |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111593851.8A Active CN113986515B (en) | 2021-12-24 | 2021-12-24 | Method and device for creating sandbox environment for plug-in operation and computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN113986515B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116991563A (en) * | 2023-09-28 | 2023-11-03 | 之江实验室 | Queue generating method and device supporting rapid sandbox construction |
| CN117076159A (en) * | 2023-10-10 | 2023-11-17 | 统信软件技术有限公司 | Plug-in calling method and device, electronic equipment and computer readable storage medium |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114168937A (en) * | 2022-02-10 | 2022-03-11 | 广东统信软件有限公司 | Resource access method, computing device and readable storage medium |
| CN114816582A (en) * | 2022-05-24 | 2022-07-29 | 中移(杭州)信息技术有限公司 | Lightweight embedded middleware and system thereof |
| CN116049896A (en) * | 2023-03-29 | 2023-05-02 | 中孚安全技术有限公司 | Method, system, equipment and medium for realizing data isolation under linux system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104216741A (en) * | 2014-08-25 | 2014-12-17 | 华中科技大学 | Android plug-in implementation method and device based on APK (Android Package) dynamic loading and interaction method |
| CN107480524A (en) * | 2017-08-18 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of security sandbox and its construction method |
| CN109388512A (en) * | 2018-10-30 | 2019-02-26 | 江苏物联网研究发展中心 | For the assessment and analysis system of large-scale computer cluster intensity of anomaly |
| US11321101B2 (en) * | 2019-07-10 | 2022-05-03 | Vmware, Inc. | Deployment and isolation of plugins in a virtualized computing environment |
-
2021
- 2021-12-24 CN CN202111593851.8A patent/CN113986515B/en active Active
- 2021-12-24 CN CN202210487737.5A patent/CN114816707A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116991563A (en) * | 2023-09-28 | 2023-11-03 | 之江实验室 | Queue generating method and device supporting rapid sandbox construction |
| CN116991563B (en) * | 2023-09-28 | 2023-12-22 | 之江实验室 | Queue generating method and device supporting rapid sandbox construction |
| CN117076159A (en) * | 2023-10-10 | 2023-11-17 | 统信软件技术有限公司 | Plug-in calling method and device, electronic equipment and computer readable storage medium |
| CN117076159B (en) * | 2023-10-10 | 2024-01-05 | 统信软件技术有限公司 | Plug-in calling method and device, electronic equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113986515A (en) | 2022-01-28 |
| CN113986515B (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113986515B (en) | Method and device for creating sandbox environment for plug-in operation and computing equipment | |
| US20230024083A1 (en) | Method and System for Executing Applications Using Native Code Modules | |
| CN109155782B (en) | Inter-process communication between containers | |
| Chen et al. | Enabling FPGAs in the cloud | |
| US9122509B2 (en) | Co-location of virtual machines with nested virtualization | |
| US9582319B2 (en) | Migrating virtual machines across network separated data centers | |
| US10824453B2 (en) | Hypervisor-based just-in-time compilation | |
| US20110314466A1 (en) | Creating instances of cloud computing environments | |
| US8505029B1 (en) | Virtual machine communication | |
| JP2006318441A (en) | Partition bus | |
| US11595299B2 (en) | System and method of suppressing inbound payload to an integration flow of an orchestration based application integration | |
| WO2016176005A1 (en) | Translating operating system processes | |
| US9047134B2 (en) | System and method for increasing the capabilities of a mobile device | |
| US11403154B1 (en) | Systems, methods and apparatuses for running multiple machine learning models on an edge device | |
| US11467835B1 (en) | Framework integration for instance-attachable accelerator | |
| Fischer et al. | RPC based framework for partitioning IoT security software for trusted execution environments | |
| US11509730B1 (en) | Analyzing web service frontends to extract security-relevant behavior information | |
| CN113791873B (en) | Virtual machine creating method, computing device and storage medium | |
| US11704408B1 (en) | Threat scanning transplanted containers | |
| US11429412B2 (en) | Guest protection from application code execution in kernel mode | |
| CN108804236B (en) | AIDL file sharing method and system | |
| CN116107764B (en) | Data processing method and system | |
| US11275631B1 (en) | Systems, methods, and apparatuses for using shared memory for data between processes | |
| US11689621B2 (en) | Computing device and storage card | |
| KR102381185B1 (en) | Method to set up a core for low-latency services in Kubernetes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |