CN115562732A - Starting method, electronic equipment and computer storage medium - Google Patents
Starting method, electronic equipment and computer storage medium Download PDFInfo
- Publication number
- CN115562732A CN115562732A CN202210360658.8A CN202210360658A CN115562732A CN 115562732 A CN115562732 A CN 115562732A CN 202210360658 A CN202210360658 A CN 202210360658A CN 115562732 A CN115562732 A CN 115562732A
- Authority
- CN
- China
- Prior art keywords
- installation package
- application
- signature
- electronic device
- electronic equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 167
- 238000003860 storage Methods 0.000 title claims abstract description 18
- 238000009434 installation Methods 0.000 claims abstract description 429
- 230000008569 process Effects 0.000 claims abstract description 102
- 238000004590 computer program Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 5
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 238000007726 management method Methods 0.000 description 44
- 238000012545 processing Methods 0.000 description 41
- 239000010410 layer Substances 0.000 description 25
- 238000013461 design Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 16
- 238000004891 communication Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 8
- 230000001413 cellular effect Effects 0.000 description 5
- 230000012447 hatching Effects 0.000 description 4
- 238000011084 recovery Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000036541 health Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000003672 processing method Methods 0.000 description 3
- 238000009877 rendering Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011534 incubation Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 239000012792 core layer Substances 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 238000004080 punching Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the application provides a starting method, electronic equipment and a computer storage medium, relates to the technical field of terminals, and can ensure that the electronic equipment can be normally started on the basis of avoiding the electronic equipment from being provided with unsafe application programs. The method comprises the following steps: in the process of starting up the electronic equipment, the electronic equipment starts to scan a first installation package, wherein the first installation package is an installation package of a first application with high authority. Scanning the first installation package includes: and judging whether the first signature of the first application is the same as the system signature of the electronic equipment or not. If the first signature is different from the system signature, the electronic device stops scanning the first installation package and does not load the information analyzed by scanning the first installation package into the operating memory. The electronic device begins scanning for a second installation package for a second application. And the information loaded into the running memory is used for installing the corresponding application. After the electronic equipment is started, the second application is installed on the electronic equipment, but the first application is not installed on the electronic equipment.
Description
Technical Field
The present application relates to the field of terminal technologies, and in particular, to a booting method, an electronic device, and a computer storage medium.
Background
In the starting process of electronic equipment such as a mobile phone and a tablet, the installation packages of the application programs in the electronic equipment are scanned in sequence, and the installation of the application programs is completed. Taking an Android (Android) mobile phone as an example, the installation package of the application program may be an Android Application Package (APK). Therefore, after the electronic equipment is successfully started, the user can save the installation step and directly use the installed application program. In order to ensure the security of the electronic device, when a target installation package of a target application program with high authority (for example, a system authority of the electronic device needs to be acquired by default) is scanned, whether an application signature in the target installation package is the same as a system signature of the electronic device is detected, and when the application signature is the same as the system signature, the target application program can be confirmed to be secure.
However, the inventors found in the course of carrying out the embodiments of the present application that: in the existing boot scheme, if it is detected that an application signature and a system signature in any target installation package are different, it is considered that security threat exists, and at this time, scanning of all subsequent installation packages is interrupted. The interruption of the scanning may cause the subsequent boot-up process to not continue normally. Further, the power-on failure is caused, and the use of the electronic device is affected.
Disclosure of Invention
The embodiment of the application provides a starting method, electronic equipment and a computer storage medium, which can ensure that the electronic equipment can be started normally on the basis of avoiding the electronic equipment from being provided with unsafe application programs.
In a first aspect, an embodiment of the present application provides a power-on method, which is applied to power on electronic devices such as a mobile phone, a tablet, and a watch. The electronic device includes a plurality of installation packages, each installation package being usable to install a corresponding application. Wherein the plurality of installation packages includes a first installation package and a second installation package. The first installation package is an installation package of a first application, and the second installation package is an installation package of a second application. The first application is a high privilege application, such as a system application. And, the first installation package includes a first signature of the first application. Typically, the publisher of a high-rights application will sign the application using the system signature of the electronic device. Then the application signature of the first application, i.e. the first signature, should be the same as the system signature of the electronic device. And, the installation package of the high-authority application is usually stored in a specific directory of the electronic device, such as the first directory, and then the first installation package may also be stored in the first directory.
Specifically, in the process of starting up the electronic device, the electronic device may generally scan the plurality of installation packages, and complete installation of the plurality of applications corresponding to the plurality of installation packages according to the scanning result, so that the plurality of applications can be directly used without manual installation by a user after the electronic device is started up. And for the first installation package, the process of scanning the first installation package by the electronic equipment comprises the following steps: the electronic equipment starts to scan the first installation package, and a first signature is obtained from the first installation package; then, the electronic device determines whether the first signature is the same as a system signature of the electronic device.
If the first signature is different from the system signature, it indicates that the first application may have been tampered with, which may pose a security threat to the electronic device. At this time, the electronic device stops scanning the first installation package, and does not load any information analyzed by scanning the first installation package into the operating memory, such as the package name and the first signature of the first installation package. However, the electronic device may continue scanning other installation packages, such as beginning to scan the second installation package. And the information loaded into the running memory is used for installing the corresponding application. It should be appreciated that since the information parsed by scanning the first installation package is not loaded into the run-time memory, the information parsed by scanning the first installation package cannot be used to subsequently install the first application. And finally, after the electronic equipment is started, the second application is installed on the electronic equipment, but the first application is not installed on the electronic equipment.
In summary, with the method of the embodiment of the present application, even if the signature of the first application with high permission is different from the system signature of the electronic device, the electronic device only stops scanning the first installation package, and does not load the information analyzed by the electronic device scanning the first installation package into the operating memory, but continues scanning other installation packages. So that the scanning process may continue and subsequently the installation of other applications, such as the second application, may be completed during the boot process. And finally, successfully starting the computer. Therefore, on the premise that unsafe applications exist, the unsafe applications cannot influence the normal execution of the whole starting process, so that the electronic equipment can be started successfully, and the use of the electronic equipment cannot be influenced.
In a possible design manner, the first directory is used for storing an installation package of a preset application, and the preset application is an application with high authority. Illustratively, the preset application is a system application of the electronic device. Further, for example, the preset application is an enterprise application issued by the enterprise server to the electronic device, and the enterprise applications have a high authority, and the user can only use the applications passively, but cannot actively perform operations such as uninstalling and updating on the applications. The enterprise server is used for managing and controlling the application in the electronic equipment.
That is to say, with the method of this embodiment, the electronic device may store all installation packages of the high-privilege applications in the first directory, which is convenient for the electronic device to manage the high-privilege applications.
In another possible embodiment, the electronic device includes at least one second directory, and the at least one second directory is used for storing the installation packages. Then, the first directory for storing the first installation package naturally also belongs to the second directory. In the process of starting up the electronic equipment, the electronic equipment sequentially scans each directory in the at least one second directory, and when the electronic equipment scans one directory, the electronic equipment sequentially scans each installation package in the directory. The second installation package is the next installation package to be scanned after the first installation package is scanned.
That is to say, by using the method of this embodiment, the electronic device can scan the installation packages in the electronic device in order, thereby avoiding confusion of scanning.
In another possible design, the information parsed by the electronic device scanning installation package includes at least one of the following: the package name of the installation package, the version number of the application, the signature of the application and the authority of the application. For example, scanning the first installation package may resolve to at least one of a package name of the first installation package, an application version of the first application, a signature of the first application (i.e., the first signature), and application permissions of the first application.
That is, with the method of the present embodiment, the electronic device can scan the installation package to obtain data for installation of the application, rights management, and the like.
In another possible design, if the first signature is the same as the system signature, indicating that the first application is secure, the electronic device may continue to scan the first installation package. And in response to completion of scanning the first installation package, the electronic device may load information analyzed by scanning the first installation package into the operating memory, and start scanning the second installation package. Then, after the scanning is completed, the electronic device may also complete the installation of the first application according to the information in the running memory. Therefore, after the electronic equipment is started, the first application and the second application are installed on the electronic equipment.
That is to say, with the method of this embodiment, if the first application is secure, the electronic device may complete the installation of the first application during the boot process, so that the electronic device may directly provide the first application for the user to use after booting.
In another possible design manner, if the first signature is different from the system signature, the electronic device may further record an error log, where the error log includes a preset error type and an identifier of the first installation package, and the preset error type indicates that the application signature is different from the system signature.
That is to say, with the method of the embodiment, the electronic device can record the error log to facilitate subsequent error correction when detecting an unsafe application.
In another possible design manner, in an enterprise management scenario, the first application is an enterprise application issued by an enterprise server to the electronic device, and the enterprise server is used for managing and controlling applications in the electronic device. After the electronic device records the error log, the electronic device may send the error log to the enterprise server. And the electronic equipment receives a third installation package issued by the enterprise server, wherein the third installation package is an installation package of the first application, the third installation package comprises a second signature of the first application, and the second signature is the same as the system signature. The electronic device may then store the third installation package under the first directory. In the process that the electronic device is powered on again, the electronic device can complete scanning of the third installation package and then successfully install the first application.
That is, with the method of this embodiment, the enterprise server may re-sign the first application according to the error log and obtain a new installation package, that is, the third installation package. Thereby resolving errors indicated by the error log. And then in the process of starting up again, the first application can be successfully installed.
In another possible embodiment, the second installation package is also located under the first directory, i.e. the second application is also a high-privilege application. The second installation package includes a third signature of the second application. Then, during the scanning process for the second installation package, it is also necessary to determine whether the third signature is the same as the system signature. And, the second application can be installed successfully only if the third signature is the same as the system signature, i.e. if the second application is a secure application. After the electronic equipment is started, the second application is installed on the electronic equipment.
That is to say, with the method of this embodiment, the electronic device needs to detect the security of any high-privilege application before the electronic device can be installed. Therefore, the safety of the electronic equipment can be improved.
In another possible design, in the electronic device of the Android system, the scanning action of the installation package is performed by a package management service PKMS in the electronic device. Thus, the electronic device beginning to scan the first installation package may be: the PKMS in the electronic device begins scanning for the first installation package. The stopping of the electronic device from scanning the first installation package may be: the PKMS stops scanning the first installation package. The electronic device beginning to scan the second installation package may be: the PKMS starts scanning for the second installation package.
In a second aspect, an embodiment of the present application further provides an electronic device, where the electronic device includes a first installation package and a second installation package, the first installation package is an installation package of a first application, the second installation package is an installation package of a second application, the first installation package is located under a first directory, the first installation package includes a first signature of the first application, and the electronic device further includes: a memory and one or more processors, the memory coupled with the processors; wherein the memory has stored therein computer program code comprising computer instructions which, when executed by the processor, cause the electronic device to perform the steps of:
in the process of starting up the electronic equipment, the electronic equipment starts to scan the first installation package; wherein the scanning the first installation package comprises: and judging whether the first signature is the same as the system signature of the electronic equipment or not. If the first signature is different from the system signature, the electronic device stops scanning the first installation package, and the electronic device starts scanning the second installation package; the electronic equipment does not load the information analyzed by scanning the first installation package into the running memory, and the information loaded into the running memory is used for installing the corresponding application. After the electronic equipment is started, the second application is installed on the electronic equipment, and the first application is not installed on the electronic equipment.
In one possible embodiment, the first directory is used to store an installation package of a predetermined application. Wherein the preset application is a system application of the electronic device; and/or the preset application is an enterprise application issued to the electronic device by an enterprise server, and the enterprise server is used for controlling the application in the electronic device.
In another possible design, the electronic device includes at least one second directory, and the at least one second directory includes the first directory. The computer instructions, when executed by the processor, cause the electronic device to perform the steps of: in the process of starting up the electronic equipment, the electronic equipment sequentially scans each directory in the at least one second directory, and when the electronic equipment scans one directory, the electronic equipment sequentially scans each installation package in the directory; the second installation package is the next installation package to be scanned after the first installation package is scanned.
In another possible design, the information parsed by the electronic device scanning installation package includes at least one of: the package name of the installation package, the version number of the application, the signature of the application and the authority of the application.
In another possible design, the computer instructions, when executed by the processor, cause the electronic device to perform the steps of: and if the first signature is the same as the system signature, the electronic equipment continues to scan the first installation package. And in response to the completion of scanning the first installation package, the electronic equipment loads the information analyzed by scanning the first installation package into an operating memory, and starts to scan the second installation package. After the electronic equipment is started, the first application and the second application are installed on the electronic equipment.
In another possible design, the computer instructions, when executed by the processor, cause the electronic device to perform the steps of: if the first signature is different from the system signature, the electronic device records an error log, wherein the error log comprises a preset error type and an identifier of the first installation package, and the preset error type indicates that the application signature is different from the system signature.
In another possible design, the first application is an enterprise application issued by an enterprise server to the electronic device, and the enterprise server is configured to manage and control applications in the electronic device. The computer instructions, when executed by the processor, cause the electronic device to perform the steps of: the electronic device sends the error log to the enterprise server. And the electronic equipment receives a third installation package issued by the enterprise server, wherein the third installation package is the installation package of the first application, the third installation package comprises a second signature of the first application, and the second signature is the same as the system signature. The electronic device stores the third installation package under the first directory.
In another possible design, the second installation package is also located under the first directory, and the second installation package includes a third signature of the second application. The computer instructions, when executed by the processor, cause the electronic device to perform the steps of: and if the third signature is the same as the system signature, the second application is installed on the electronic equipment after the electronic equipment is started.
In another possible design, the computer instructions, when executed by the processor, cause the electronic device to perform the steps of: and the PKMS starts scanning the first installation package. The PKMS stops scanning the first installation package. The PKMS begins scanning for the second installation package.
In a third aspect, an embodiment of the present application provides a chip system, where the chip system is applied to an electronic device including a display screen and a memory; the chip system includes one or more interface circuits and one or more processors; the interface circuit and the processor are interconnected through a line; the interface circuit is to receive a signal from a memory of the electronic device and to send the signal to the processor, the signal comprising computer instructions stored in the memory; when the processor executes the computer instructions, the electronic device performs the method as described in the first aspect and any one of its possible designs.
In a fourth aspect, the present application provides a computer storage medium comprising computer instructions which, when run on an electronic device, cause the electronic device to perform the method according to the first aspect and any one of its possible design forms.
In a fifth aspect, the present application provides a computer program product which, when run on a computer, causes the computer to perform the method according to the first aspect and any one of its possible designs.
It can be understood that the advantageous effects that the electronic device according to the second aspect, the chip system according to the third aspect, the computer storage medium according to the fourth aspect, and the computer program product according to the fifth aspect can achieve may refer to the advantageous effects of the first aspect and any one of the possible design manners thereof, and are not repeated herein.
Drawings
Fig. 1 is a schematic diagram illustrating a booting method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram illustrating another booting method according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a hardware structure of a mobile phone according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a software structure of a mobile phone according to an embodiment of the present application;
fig. 5 is a flowchart of a boot method according to an embodiment of the present application;
fig. 6 is a schematic diagram of a process of updating a system signature and issuing an installation package in an enterprise management scenario according to an embodiment of the present application;
fig. 7 is a schematic diagram illustrating a sequence of scanning an installation package by the PKMS in the boot method according to the embodiment of the present application;
fig. 8 is a flowchart illustrating a boot method according to an embodiment of the present disclosure;
fig. 9 is a flowchart of another boot method according to an embodiment of the present disclosure;
FIG. 10 is a flowchart of another boot-up method according to an embodiment of the present application
Fig. 11 is a schematic composition diagram of a chip system according to an embodiment of the present disclosure.
Detailed Description
In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present embodiment, the meaning of "a plurality" is two or more unless otherwise specified.
In an electronic device of an Android (Android) system, a package management service (PKMS) may be used to complete all preset processes related to an installation package of an application in the Android system. Illustratively, the PKMS is responsible for installation, uninstallation, updating, rights management, and the like of applications.
In the starting process of the Android system electronic equipment, the initialization of the PKMS is required to be completed firstly to acquire information required for executing the preset processing, and then the PKMS is called to complete the preset processing. In the process of initializing the PKMS, the PKMS scans each installation package in the electronic device in sequence, and analyzes information such as a package name, an application version, an application signature, and an application authority of the installation package for subsequent preset processing, such as installation of an application. For some high-authority target applications (which may also be referred to as first applications), for example, the target applications may be applications that need to acquire the system authority of the electronic device by default, such as a setup application, a contact application, and other system applications, and after scanning a target installation package (which may also be referred to as a first installation package) of the target application and analyzing the target installation package to obtain an application signature (which may also be referred to as a first signature) of the target application, the PKMS may further detect whether the application signature of the target application is the same as the system signature of the electronic device.
Typically, the publisher of the target application signs the target application with a system signature of the electronic device such that the application signature of the target application is the same as the system signature. In this way, after the electronic device acquires the target installation package of the target application, the security of the target application can be confirmed according to the application signature of the target application carried in the target installation package. It should be understood that, if the target application is maliciously tampered by the illegal user, since the illegal user cannot know the system signature of the electronic device, the illegal user cannot sign the target application by using the system signature after maliciously tampering the target application. Therefore, if the PKMS detects that the application signature in the target installation package is not the same as the system signature, it can be confirmed that the target application may be tampered by an illegal user. Due to the fact that the authority of the target application is high, after the target application is illegally tampered, the electronic device can be greatly threatened safely. For example, causing the privacy of the user in the electronic device to be stolen by the tampered target application. If the PKMS detects that the application signature in the target installation package is different from the system signature, the target application can be confirmed to be not tampered by an illegal user, and under the condition, the target application is safe.
Based on this, in some embodiments, it is considered that a fatal error occurs once the application signature is not the same as the system signature. Therefore, in order to improve the security of the electronic device, the PKMS interrupts the scanning of all installation packages if it detects that the application signature in the target installation package is not the same as the system signature. And the application signature in the target installation package is recorded as the application signature of the target application. For example, referring to fig. 1, in a starting process of an Android system electronic device, a PKMS shall sequentially scan an installation package 1, an installation package 2, an installation package 3 \ 8230, an installation package 8230and an installation package n shown in fig. 1. Wherein the installation package 2 is a target installation package. When the current installation package is the installation package 2, if the PKMS scans the installation package 2 and detects that matching fails, that is, the application signature and the system signature in the installation package 2 are not the same, the PKMS may interrupt scanning of the installation package from the installation package 2. That is, the subsequent scanning process for the installation package 2, such as the process of resolving the authority of the application, and the scanning process for the installation package 3 and all subsequent installation packages are interrupted.
Continuing with fig. 1, interrupting the scanning of all installation packages corresponds to interrupting the PKMS initialization, which further results in failure of the PKMS initialization. Because the initialization of the PKMS fails, when the preset processing is subsequently executed, for example, when the application is installed, the calling of the PKMS fails, and all applications cannot be successfully installed. Therefore, the target application cannot be installed successfully, and great security threat to the electronic equipment caused by unsafe installation and high application authority can be avoided. For example, leakage of user privacy data in the electronic device results.
Meanwhile, the calling of the PKMS fails, the subsequent starting process cannot be continued normally, and the electronic equipment can only execute the PKMS initialization again after being restarted. However, the application signature and the system signature are not the same, and usually an error occurs when the target application is signed, and even the restart cannot overcome the error. Then, the electronic device will again fail to initialize the PKMS after restarting. In general, the electronic device fails to be restarted many times (e.g., 3 times, 5 times, etc.) before being booted. For example, the electronic device may enter a recovery (recovery) mode after 5 times of restart failure, and cannot be normally started. Thereby rendering the electronic device unusable.
Referring to fig. 2, based on the technical problem in the embodiment shown in fig. 1, the embodiment of the present application provides a power-on method, where the method may be applied to an electronic device such as a mobile phone and a tablet, and an application may be installed in the electronic device. In the process of starting up the electronic device, if the electronic device analyzes that the application signature is different from the system signature of the electronic device from the currently scanned target installation package, such as the installation package 2 in fig. 2, the electronic device skips scanning the currently scanned target installation package. Therefore, the influence of unsafe target application on normal starting can be avoided. However, the electronic device continues to scan each subsequent installation package, for example, the installation packages 3 \8230, 8230and n in fig. 2. In this way, even if there is an insecure target application, scanning for the target application is simply skipped without interrupting PKMS initialization. So that the PKMS initialization can be successful.
It should be understood that after the PKMS is initialized successfully, in the process of subsequently completing the preset processing, if the application is installed, the PKMS can be successfully invoked to successfully complete the boot process. So that the boot can be successful.
For example, the electronic device in the embodiment of the present application may be a mobile phone, a camera, a tablet computer, a desktop, a laptop, a handheld computer, a notebook computer, an ultra-mobile personal computer (UMPC), a netbook, a cellular phone, a Personal Digital Assistant (PDA), an Augmented Reality (AR) \ Virtual Reality (VR) device, and the like, and the embodiment of the present application does not particularly limit the specific form of the electronic device. Hereinafter, the present application will be described mainly by taking the electronic device as a mobile phone as an example.
Referring to fig. 3, a hardware structure diagram of a mobile phone 300 according to an embodiment of the present disclosure is provided. As shown in fig. 3, the mobile phone 300 may include a processor 310, an external memory interface 320, an internal memory 321, a Universal Serial Bus (USB) interface 330, a charging management module 340, a power management module 341, a battery 342, an antenna 1, an antenna 2, a mobile communication module 350, a wireless communication module 360, an audio module 370, a speaker 370A, a receiver 370B, a microphone 370C, an earphone interface 370D, a sensor module 380, a button 390, a motor 391, an indicator 392, a camera 393, a display 394, a Subscriber Identity Module (SIM) card interface 395, and the like.
It is to be understood that the illustrated structure of the present embodiment does not constitute a specific limitation to the mobile phone 300. In other embodiments, the handset 300 may include more or fewer components than shown, or combine certain components, or split certain components, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
It should be understood that the connection relationship between the modules shown in this embodiment is only illustrative, and does not limit the structure of the mobile phone 300. In other embodiments, the mobile phone 300 may also adopt different interface connection manners or a combination of multiple interface connection manners in the above embodiments.
The charging management module 340 is used to receive charging input from a charger. The charger may be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 340 may receive charging input from a wired charger via the USB interface 330. In some wireless charging embodiments, the charging management module 340 may receive a wireless charging input through a wireless charging coil of the cell phone 300. The charging management module 340 can also supply power to the mobile phone 300 through the power management module 341 while charging the battery 342.
The power management module 341 is configured to connect the battery 342, the charging management module 340 and the processor 310. The power management module 341 receives input from the battery 342 and/or the charge management module 340 and provides power to the processor 310, the internal memory 321, the external memory, the display 394, the camera 393, and the wireless communication module 360. The power management module 341 may also be configured to monitor parameters such as battery capacity, battery cycle count, and battery state of health (leakage, impedance). In other embodiments, the power management module 341 may also be disposed in the processor 310. In other embodiments, the power management module 341 and the charging management module 340 may be disposed in the same device.
The wireless communication function of the mobile phone 300 can be implemented by the antenna 1, the antenna 2, the mobile communication module 350, the wireless communication module 360, the modem processor, the baseband processor, and the like.
The wireless communication module 360 may provide solutions for wireless communication applied to the mobile phone 300, including Wireless Local Area Networks (WLANs) (e.g., wireless fidelity (Wi-Fi) networks), bluetooth (BT), global Navigation Satellite System (GNSS), frequency Modulation (FM), near Field Communication (NFC), infrared (IR), and the like. The wireless communication module 360 may be one or more devices integrating at least one communication processing module. The wireless communication module 360 receives electromagnetic waves via the antenna 2, performs frequency modulation and filtering processing on electromagnetic wave signals, and transmits the processed signals to the processor 310. The wireless communication module 360 may also receive a signal to be transmitted from the processor 310, frequency-modulate and amplify the signal, and convert the signal into electromagnetic waves via the antenna 2 to radiate the electromagnetic waves.
The mobile phone 300 implements the display function through the GPU, the display screen 394, and the application processor. The GPU is an image processing microprocessor coupled to a display 394 and an application processor. The GPU is used to perform mathematical and geometric calculations for graphics rendering. The processor 310 may include one or more GPUs that execute program instructions to generate or alter display information.
The mobile phone 300 may implement a shooting function through the ISP, the camera 393, the video codec, the GPU, the display 394, the application processor, and the like. The ISP is used to process the data fed back by the camera 393. Camera 393 is used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. In some embodiments, cell phone 300 may include 1 or N cameras 393, N being a positive integer greater than 1.
The external memory interface 320 may be used to connect an external memory card, such as a Micro SD card, to extend the storage capability of the mobile phone 300. The external memory card communicates with the processor 310 through the external memory interface 320 to implement a data storage function. For example, files such as music, video, etc. are saved in an external memory card.
The internal memory 321 may be used to store computer-executable program code, which includes instructions. The processor 310 executes various functional applications and data processing of the cellular phone 300 by executing instructions stored in the internal memory 321. For example, the processor 310 may display different content on the display screen 384 in response to a user's operation to expand the display screen 394 by executing instructions stored in the internal memory 321. The internal memory 321 may include a program storage area and a data storage area. The storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required by at least one function, and the like. The data storage area may store data (such as audio data, phone book, etc.) created during use of the mobile phone 300, and the like. In addition, the internal memory 321 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, a Universal Flash Storage (UFS), and the like.
The mobile phone 300 can implement an audio function through the audio module 370, the speaker 370A, the receiver 370B, the microphone 370C, the earphone interface 370D, and the application processor. Such as music playing, recording, etc.
Keys 390 include a power key (also referred to as a power-on key), a volume key, etc. Keys 390 may be mechanical keys. Or may be touch keys. The cellular phone 300 may receive a key input, and generate a key signal input related to user setting and function control of the cellular phone 300. In some embodiments, when the mobile phone 300 is in the power-off state, the pressing operation of the power key by the user may trigger the mobile phone 300 to be powered on.
The motor 391 may generate a vibration cue. The motor 391 may be used for both incoming call vibration prompting and touch vibration feedback. Indicator 392 may be an indicator light that may be used to indicate a state of charge, a change in charge, or a message, missed call, notification, etc. The SIM card interface 395 is for connecting a SIM card. The SIM card can be attached to and detached from the cellular phone 300 by being inserted into or pulled out of the SIM card interface 395. The handset 300 can support 1 or N SIM card interfaces, where N is a positive integer greater than 1.
In the embodiment of the present application, the software system of the mobile phone 300 may adopt a layered architecture, an event-driven architecture, a micro-core architecture, a micro-service architecture or a cloud architecture. Also, the operating system of the handset 300 may be
Or other operating system. The following embodiments mainly take an Android system with a layered architecture as an example to exemplarily illustrate a software architecture of the mobile phone 300.
The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, referring to fig. 4, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer, from top to bottom.
As shown in fig. 4, applications (APPs) such as call, memo, browser, contact, camera, gallery, calendar, map, bluetooth, music, video, and short message may be installed in the application layer. By adopting the startup method provided by the embodiment of the application, the applications can be installed in the startup process, so that the mobile phone 300 can directly provide the installed applications for users to use after the mobile phone is started.
The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.
The application framework layer may include a window manager, resource manager, notification manager, and the like. Wherein, the window manager is used for managing the window program. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like. Content providers are used to store and retrieve data and make it accessible to applications. The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like. The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scrollbar text in a status bar at the top of the system, such as a notification of a running application in the background, or a notification that appears on the screen in the form of a dialog window. For example, to prompt text messages in the status bar, to emit a prompt tone, to vibrate, to flash an indicator light, etc.
In some embodiments, an initialization (init) process, a hatching (zygate) process, a system service (SystemServer) process, and PKMS may also be included in the application framework layer. In the process of starting up the mobile phone 300, an init process, a zygate process and a SystemServer process in the application framework layer can be started in sequence, and finally, the SystemServer process can start the PKMS. The PKMS may be configured to perform scanning of the installation package during the boot process and perform predetermined processing associated with the installation package, such as installation of an application.
The system library may include a plurality of functional modules. For example: layer integrator (surfaceFlinger), media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., openGL ES), 2D graphics engines (e.g., SGL), and the like. The surfacemaker is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications. The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats, such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, and the like. The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like. The 2D graphics engine is a drawing engine for 2D drawing.
The Android Runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system. The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android. In some embodiments, an initialization script file (init.rc) is included in the core library, which is usable to start an init process in the application framework layer.
The application layer and the application framework layer run in a virtual machine. The virtual machine executes java files of the application layer and the application framework layer as binary files. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.
The kernel layer is a layer between hardware and software. The inner core layer at least comprises a camera drive, an audio drive, a sensor drive and the like, and the embodiment of the application does not limit the drive. In some embodiments, a BootLoader (BootLoader) may be further included in the kernel layer, and after the mobile phone 300 is powered on, the BootLoader may be loaded to boot the Linux kernel.
The boot method provided in the embodiment of the present application can be implemented in the mobile phone 300 having the above hardware structure and software system. The following further describes, with reference to the accompanying drawings, a specific implementation of the boot method provided in the embodiment of the present application. Hereinafter, the embodiment of the present application is mainly described by taking an example in which an operating system is an Android system. It should be understood that the system kernel of the Android system is a Linux kernel.
Referring to fig. 5, the boot method according to the embodiment of the present application includes the following steps:
and powering on the mobile phone. For example, when the mobile phone is in a Power-off state, a user presses a Power key to trigger the mobile phone to be powered on. For another example, when the mobile phone is in the power-on state, the user clicks the power-off restart control to trigger the mobile phone to power on after the mobile phone is powered off.
S501, a boot loader (BootLoader) boots and starts a Linux kernel.
A boot process is required from handset power-up to Linux kernel boot. After the mobile phone is powered on, the processor chip of the mobile phone is also powered on. Thereafter, the processor chip may load BootLoader into the memory. Bootloader is a piece of program that executes before the Linux kernel runs. After the BootLoader is loaded into the memory, the BootLoader can be used for guiding the Linux kernel to start. In the process of booting the Linux kernel by the Bootloader, firstly establishing a software and hardware environment required by the operation of the Linux kernel, and then starting the Linux kernel.
S502, searching an initialization script (init.rc) file from a system library by the Linux kernel.
S503, starting an initialization (init) process by the Linux kernel.
Wherein the init process is the first user-level process initiated by the kernel. The init process can complete initialization of resources such as software and hardware environments, virtual machines and the like required by running of the Linux kernel based on the init. And the init process may also start the zygate process based on the init. As shown in S504.
S504, the init process starts an incubation (Zygote) process.
The Zygote process is the first Java process of the Android system and is used for hatching all Java processes in the Android system. In other words, the Zygote process is the parent of all Java processes.
Rc document introduces a zygate process. Specifically, the init process parses the init.rc file, and calls a start method of an application runtime file (appruntime.cpp) in the main method in the app _ main.cpp file in the init.rc file to start the zygate process.
After the Zygote process is started, java related resources can be created. For example, creating a Java virtual machine, loading Java classes, and loading Android core resources. The Zygote process may then replicate the Zygote process through a spawn (fork) mechanism and create a new process based thereon. Since the Zygote process has already created a large number of Java related resources, after the Zygote process is copied by using the fork mechanism, the created new process can directly reuse the Java related resources. So that it is not necessary to create Java related resources after each new process is created. In this way, the time for creating Java related resources for the new process can be saved.
And S505, hatching (Zygote) process hatching system service (SystemServer) process.
The SystemServer process is the first Java process hatched by the Zygote process. The SystemServer process is responsible for initiating and managing critical services throughout the Java FrameWork (FrameWork).
Illustratively, the SystemServer process is responsible for starting and managing windows management services (activemanagerservice, such as the service corresponding to the window manager in fig. 4), task management services (WorkManagerService), power management services (PowerManagerService), and the like in the Java framework.
Also illustratively, the SystemServer process may also initiate and manage a Package management service (PKMS). Specifically, as shown in S506 below:
s506, the system service (SystemServer) process starts the PKMS.
The PKMS may be started by a main method call package management Java file (Java) in the SystemServer process. The PKMS is mainly used to complete preset processing related to an installation package of an application. Illustratively, the PKMS is responsible for installation, uninstallation, updating, rights management, and the like of applications. After the PKMS is started, it is first necessary to complete the initialization of the PKMS to acquire information required to complete the preset process.
In this embodiment of the present application, the PKMS initialization process includes scanning the installation package, which is specifically shown as the following S507:
and S507, scanning the installation package in the preset directory by the PKMS. If the current installation package is the target installation package, scanning the installation package and detecting whether the application signature in the current installation package is the same as the system signature of the mobile phone.
For convenience of explanation, the preset directory may be referred to as at least one second directory.
In some embodiments, the preset directory comprises a directory (denoted as directory 1) for storing installation packages of system applications. The system application is an application which is preset in the mobile phone and can not be uninstalled. For example, system applications include setup applications, contact applications, recorder applications, clock applications, and the like. In this embodiment, before the mobile phone leaves the factory, the mobile phone manufacturer may store the installation package of the system application in the directory 1. When the mobile phone is started, the PKMS scans the installation package in the directory 1, and then the relevant information of the system application can be obtained.
In other embodiments, the preset directory includes a directory (denoted as directory 2) for storing installation packages of the prefabricated applications. The pre-manufactured application is also pre-installed in the handset, but the pre-manufactured application is typically off-loadable. It should be understood that the pre-manufactured application may be a third party application, such as Taobao TM Application and public comment TM Applications, and the like. Alternatively, the pre-manufactured application may be a non-system application, such as sports and health, issued by a cell phone manufacturer TM Application is carried out. In this embodiment, before the mobile phone leaves the factory, the mobile phone manufacturer may store the installation package of the pre-manufactured application in the directory 2. When the mobile phone is started, the PKMS scans the installation package in the directory 2, and then the relevant information of the prefabricated application can be obtained.
In other embodiments, the preset directory includes a directory (denoted as directory 3) for storing an installation package of a third-party application that the user installs himself during the use of the mobile phone. In this embodiment, during the process of using the mobile phone by the user, the user may request to download various third-party applications, such as clicking WeChat in an application store TM Download button of application, which can request download WeChat TM Application is carried out. The handset responds to the requestThe installation package of the corresponding third party application may be downloaded. After the installation package of the third-party application is obtained through downloading, the mobile phone can store the installation package of the third-party application in the directory 4 of the mobile phone. For example, the directory 4 is a directory for storing downloaded files of an application store. For another example, the directory 4 is a directory for storing downloaded files of the browser. Then, the mobile phone may complete the installation of the corresponding third-party application based on the installation package under the directory 4. After the installation of the third-party application is completed, the mobile phone can store the installation package of the third-party application in the directory 3. It should be noted that after the third-party application is installed, the mobile phone may delete the installation package under the directory 4 to release the storage space of the mobile phone. However, the installation package under directory 3 is typically only deleted after the corresponding third party application is uninstalled. When the mobile phone is started, the PKMS scans the installation package in the directory 3, and then can acquire the relevant information of the third-party application installed by the user.
In other embodiments, in an enterprise management scenario, a mobile phone manufacturer issues a customized mobile phone for an enterprise, and the enterprise dispatches the customized mobile phone to an employee as a work mobile phone for the employee. And (b) and (c). Enterprises may manage applications in these working handsets. For example, when an enterprise needs to configure a unified card punching application or a communication application for an employee, and other enterprise applications, an installation package of the enterprise applications may be issued to the employee work mobile phone through an enterprise server (i.e., a server used by the enterprise to manage the employee work mobile phone). In the enterprise management scenario, the preset directory may include a directory (denoted as directory 5) for storing an installation package of the enterprise application issued by the enterprise server. In this embodiment, in the process of operating the mobile phone, after receiving the installation package issued by the enterprise server, the mobile phone may store the installation package in the directory 5. When the mobile phone is started, the PKMS scans the installation package in the directory 5, and can acquire the relevant information of the installation package issued by the enterprise server. It should be noted that the enterprise server may directly issue the installation package to the working mobile phone. Or, the enterprise server may also send the installation package to the management and control device of the mobile phone, and then the management and control device forwards the installation package to the mobile phone. The management and control equipment is specially used for maintaining the mobile phone customized by the enterprise, and the management and control equipment can be developed by a mobile phone manufacturer and then provided for the enterprise.
In other embodiments, in a scenario of upgrading an operating system of a mobile phone, in order to make the system application compatible with an updated operating system, a mobile phone manufacturer may update the system application, and send the updated system application and the upgraded operating system to the mobile phone through a manufacturer server (i.e., a server of the mobile phone manufacturer). In this embodiment, in the process of operating the mobile phone, after receiving the installation package sent by the enterprise server, the mobile phone may store the installation package in the directory 6. When the mobile phone is started, the PKMS scans the installation package in the directory 6, and can acquire the relevant information of the installation package of the updated system application.
At this point, it should be noted that, in practical implementation, the preset directory listed above is not limited. And, various embodiments and/or implementations in S507 may be combined, that is, the preset directory may also be a combination of at least two of directory 1, directory 2, directory 3, directory 5 and directory 6. The directories 1, 2, 3, 5, and 6 may be different directories, or may be part or all of the same directories. For example, directory 1 and directory 6 may be the same directory, both for storing installation packages for system applications. Alternatively, any one of the directories 1, 2, 3, 5, and 6 may be divided into a plurality of directories. For example, directory 2 may be further divided into two directories, one of which is used to store third party applications in a pre-manufactured application, such as Taobao TM Application and public comment TM Applications, another for storing non-systematic applications in pre-manufactured applications, e.g. sports and health TM The application is as follows.
The PKMS may scan each installation package under the preset directory in turn. The PKMS scans each installation package and can analyze information such as a package name, an application version, an application signature and the like of the installation package. Further, if the current installation package (i.e. the currently scanned installation package) is the target installation package (e.g. the installation package of the system application), the scanning process further includes: and after the application signature is obtained through analysis, detecting whether the application signature is the same as the system signature so as to determine whether the target application is safe.
The target application is a high-permission application, if the default application can acquire the system permission of the mobile phone, the target installation package is the installation package of the target application. For example, system applications, such as a setting application, a contact application, and the like, may generally acquire a system permission of a mobile phone by default, and have a high application permission. Thus, the target application may be a system application of a cell phone. Accordingly, the target installation package may be an installation package stored in directory 1 and/or directory 6 described above. For another example, the mobile phone of the work distributed by the enterprise to the employee is a mobile phone customized for the enterprise by the mobile phone manufacturer, so the enterprise may have a higher authority for the customized mobile phone. For example, an enterprise may use a system signature of a mobile phone to sign an enterprise application, and then issue an installation package of the enterprise application to the mobile phone, and after the enterprise application is installed on the mobile phone, a very high system permission may be obtained, for example, a user may only use the enterprise application, but cannot perform operations such as uninstallation and update on the enterprise application. Correspondingly, the installation package issued by the enterprise server can also be regarded as an installation package of a high-permission application, and the default of the installation package can acquire the system permission of the mobile phone. Therefore, the target application may be an application for installation of an installation package issued by the enterprise server. Accordingly, the target installation package may be the installation package stored in the above-mentioned directory 5. For convenience of description, directory 1, directory 5 and/or directory 6 may be referred to as a first directory, which belongs to the aforementioned at least one second directory.
Further, in order to facilitate management of the target application, installation packages other than the target installation package (which may also be referred to as non-target installation packages) are not stored under the directory in which the target installation package is stored. Based on this, in some embodiments, the PKMS may determine whether the current installation package is the target installation package according to the directory in which the current installation package is located. For example, if the current installation package is located under directory 1, directory 5, or directory 6, it may be determined that the currently scanned installation package is the target installation package.
It should be noted that, in practical implementation, the manner of determining the target installation package is not limited to the above. For example, in other embodiments, a preset identifier may also be preset in the target installation package, and the PKMS may determine that the current installation package is the target installation package if the preset identifier is analyzed in the current installation package.
After determining that the current installation package is the target installation package, the PKMS further detects whether the application signature in the current installation package is the same as the system signature of the mobile phone. In general, the target application is maliciously tampered by an illegal user, which causes the application signature of the target application to be different from the system signature. In addition, the inventors have discovered the following scenarios that may cause the application signature of the target application to be different from the system signature:
referring to fig. 6, in order to improve the security performance of the mobile phone, or after the operating system of the mobile phone is upgraded, the system signature of the mobile phone may be updated, and then the version of the operating system signed by using the updated system signature is sent to the mobile phone through the manufacturer server. In an enterprise management scenario, the enterprise server may not obtain the updated system signature in time. For example, the vendor server does not synchronize the system signature of the handset to the enterprise server. Then, the enterprise server can subsequently only use the old system signature to sign the application, and then add the application to an installation package (e.g., installation package m in fig. 6) and send the application to the mobile phone. Therefore, the mobile phone can detect that the application signature in the installation package issued by the enterprise server is different from the updated system signature.
In this embodiment of the application, if the PKMS detects that the application signature in the current installation package is the same as the system signature of the mobile phone, S508 is executed to continue the subsequent scanning processing of the current installation package, such as analyzing the application permission. And if the PKMS detects that the application signature in the current installation package is different from the system signature of the mobile phone, namely the target application used for installation of the current installation package is unsafe, skipping the scanning processing of the current installation package. In one aspect, skipping the scanning process of the current installation package comprises: and not continuing the subsequent scanning processing of the current installation package, such as analyzing the application authority. That is, when the target application is not secure, the current installation package is no longer scanned. Therefore, the computing resources in the starting process can be saved. On the other hand, skipping the scanning process of the current installation package further includes: the information that has been analyzed by scanning the current installation package is not loaded into the operation memory, for example, the information such as the analyzed package name, application version, application signature and the like is not loaded into the operation memory, and the information loaded into the operation memory is used for installing corresponding information. Therefore, the abnormal starting process caused by the fact that preset processing such as application installation is completed by using the analyzed information subsequently can be avoided. Thereby affecting the processing of other applications. And after skipping the current installation package, the PKMS will continue to execute S507 and subsequent steps for the next installation package in the preset directory until the scanning of all installation packages in the preset directory is completed. In this way, even if there is an insecure target application, scanning of subsequent installation packages is not interrupted, and thus PKMS initialization is not interrupted. For convenience of description, a target application with an application signature different from the system signature may be referred to as a target application a, and a target installation package of the target application with the application signature different from the system signature may be referred to as a target installation package a.
It should be noted that if the current installation package is not the target installation package, when the PKMS scans the current installation package, only the package name, the application version, the application signature, and other information need to be analyzed from the current installation package, and it is not necessary to detect whether the application signature is the same as the system signature. And the mobile phone can load the information acquired by scanning the current installation package into the running memory for use in subsequent installation of the application. This is not described in detail herein.
And S508, the PKMS continues the subsequent scanning processing of the current installation package, loads the information analyzed by the current installation package into the running memory, and executes S507 aiming at the next installation package in the preset directory after the current installation package is scanned.
For convenience of description, a next installation package in the preset directory may be referred to as a second installation package, an application signature in the next installation package in the preset directory may be referred to as a third signature, and an application for installation of the next installation package in the preset directory may be referred to as a second application. It should be understood that the second installation package may not be a target installation package, but may also be a target installation package. If the second installation package is the target installation package, the second installation package may or may not be the target installation package a. This is not particularly limited in the embodiments of the present application. In general, if the second installation package is not the target installation package or the second installation package is not the target installation package a, the PKMS will not skip the scanning process for the second installation package, and then keep the information obtained by scanning the second installation package.
In order to facilitate understanding of the above S507-S508, a specific implementation of the above S507-S508 is described below with reference to the example of fig. 7. Assume that the current installation package is the installation package k in fig. 7, the installation package k is the target installation package, and scanning the target installation package sequentially includes the processes of parsing the package name, parsing the application version, parsing the application signature, signature matching (i.e. detecting whether the application signature is the same as the system signature), parsing the application authority, and the like shown in fig. 7. By analyzing the package name, the application version and the application signature in S507, the package name of the installation package k, the application version in the installation package k and the application signature in the installation package k can be obtained respectively. And, through signature matching in 507, it can be detected whether the application signature in the installation package k is the same as the system signature. If the matching is successful (i.e., the application signature in the installation package k is the same as the system signature), S508 may be executed. After the processing such as analyzing the application authority in S508, information such as the application authority in the installation package k can be obtained, and after the scanning processing of the installation package k is completed, the installation package k +1 can be scanned. Otherwise, if it is detected in S507 that the application signature in the installation package k is different from the system signature (i.e., the matching fails), the step S508 is not executed again to continue the subsequent scanning processing of the installation package k, such as analyzing the application permission, and the scanning of the installation package k +1 is directly started.
With reference to fig. 7, the above steps S507-S508 are executed until all installation packages in the preset directory are scanned, so that the PKMS initialization is successful.
In the conventional technology, a similar scenario of enterprise management is not considered, but if an application signature is different from a system signature, a great security threat is caused to a mobile phone. Based on this, after detecting that the application signature in the current installation package is different from the system signature of the mobile phone, a method of state exception (i.e. illgalstateexception) is called to throw the illgalstateexception. Exemplary, the code that throws a status exception is as follows:
throw new IllegalStateException (//method calling IllegalStateException to throw IllegalStateException).
The ilegalstateexception interrupts PKMS initialization. For example, for an installation package k, when it is detected that an application signature in the installation package k is different from a system signature, an illgalstateexception is thrown out, and the illgalstateexception interrupts scanning of the PKMS for all installation packages, that is, the installation package k is not scanned any more, and the installation package k +1 and subsequent installation packages thereof are not scanned any more, so that initialization of the PKMS is interrupted. Eventually leading to failure of PKMS initialization.
Unlike the conventional art: in the method of the embodiment of the application, by using the above S507-S509, when the application signature is different from the system signature, the next installation package is skipped to continue scanning, and the PKMS initialization is not interrupted. For example, replacing the code that throws the exception in the above example with return, after detecting that the application signature is not the same as the system signature, the scan can be started directly from the next installation package, and the PKMS initialization is continued.
After the initialization of the PKMS is completed, the PKMS may be subsequently invoked to complete preset processing related to the installation package of the application, such as processing of installation, rights management, and the like of the application.
S509, the PKMS executes a preset process in response to being called.
In the embodiment of the application, even if the application signature is detected to be different from the system signature, the initialization of the PKMS can be completed, so that the PKMS can be successfully called to execute the preset processing. Then, the PKMS may complete preset processing, such as installation of applications, authority management, and the like, so that the user can directly use the applications after starting up. It should be noted that when the scanning of the target installation package a is skipped, information such as the package name, the application version, and the application signature that the scanning target installation package a has parsed is not loaded to the run memory, and thus, when the preset processing is executed, the processing cannot be performed with respect to the target installation package a. For example, the target application a cannot be installed. For another example, if the next installation package (i.e., the second installation package) in the preset directory is not the target installation package or is not the target installation package a, the information parsed when the next installation package is scanned may be acquired from the running memory, so that the application (i.e., the second application) used for installation in the next installation package (i.e., the second installation package) in the preset directory is successfully installed.
And after the preset processing is completed, the subsequent starting processes such as time synchronization, desktop starting and the like can be continuously completed, and finally the starting is successful. And after the mobile phone is successfully started, the successfully installed application can be displayed on the desktop of the mobile phone.
However, if the conventional technique is adopted, since the initialization of the PKMS fails, the invocation will fail when the PKMS is subsequently invoked. Illustratively, a null pointer exception (NullPointerException- -System zygate _ directed with exception) may occur when a PKMS is invoked, resulting in a failure to invoke the PKMS. The PKMS is started by the SystemServer process, and after the PKMS call fails, the SystemServer process is restarted through the Zygote process, and then the PKMS is restarted by the SystemServer process, so that the PKMS initialization can be executed again. In general, if the number of rebooting times exceeds a preset number, such as 3 times or 5 times, the mobile phone enters a recovery mode, and thus cannot be booted normally.
Further, in some embodiments, if it is detected in S508 that the application signature in the current installation package is not the same as the system signature of the mobile phone, an error log (log) may also be recorded. The error log may include a predetermined error type, an identifier (e.g., a package name) of the target installation package a, and/or a timestamp of the occurrence of the error. Wherein the preset error type indicates that the application signature is different from the system signature. After the mobile phone is successfully started, a manager of the mobile phone (such as a developer of the mobile phone or a network manager of an enterprise) can obtain authorization of a mobile phone owner remotely or on site, and call and analyze an error log after obtaining the authorization. After the analysis determines that the error type is a signature mismatch and the target installation package a is determined, the target application a may be re-signed using the updated system signature to generate an updated application signature (which may also be referred to as a second signature) of the target application a. And then, adding the updated application signature into the installation package of the target application a to obtain a target installation package A (also called as a third installation package), and sending the target installation package A to the mobile phone again. The mobile phone receives the target installation package A and stores the target installation package A in a preset directory, such as the directory 1.
Taking an enterprise management scenario as an example, after a network manager of an enterprise obtains authorization of a mobile phone owner remotely through an enterprise server, the mobile phone can send an error log to the enterprise server. After analyzing the error log, the webmaster can sign the target application a again to obtain the target installation package A. Then, the network manager issues the target installation package A to the mobile phone through the enterprise server. After receiving the target installation package a, the mobile phone stores the target installation package a in the directory 5.
And finally, after the mobile phone is started up again, the target installation package A can be scanned, the application signature in the target installation package A is the same as the system signature, and the preset processing such as the installation of the target application a can be completed subsequently.
In order to further clarify the difference between the implementation and the effect of the solution of the present application and the conventional technology, the following is compared and illustrated with reference to fig. 8 and fig. 9, taking the preset number of times as an example, which is 5 times:
referring to fig. 8, in the embodiment of the present application, after a user presses a Power (Power) key to trigger Power on, an initialization (init) process, an incubation (zygate) process, a system service (SystemServer) process, and a packet management service (PKMS) may be started in sequence. After the PKMS is started, the PKMS scans installation packages in a preset directory, and if a target installation package (such as a target installation package a) with a signature matching failure does not exist, namely application signatures in all the target installation packages are the same as system signatures, the PKMS completes the initialization of the PKMS after completing the scanning of all the installation packages. On the contrary, even if the target installation package with the signature matching failure exists, namely the application signature in the target installation package is different from the system signature, the PKMS only outputs the error log, skips the target installation package with the signature matching failure, and then continues to complete the scanning of the subsequent installation package. Also after all installation package scans are completed, PKMS initialization is complete. The PKMS may be subsequently successfully invoked to complete a predetermined process, such as installation of an application. And finally, after all the starting processes are completed, the starting is successful. That is to say, in the solution of the present application, even if there is a target installation package with a signature matching failure, the PKMS initialization can be completed and the boot can be successfully started.
Referring to fig. 9, in the conventional art, only if there is no target installation package with failed signature matching, the scanning of all installation packages can be smoothly completed, thereby completing the initialization of the PKMS. And if the target installation package with the signature matching failure exists, the state exception, namely IllegalStateException, is thrown out, so that the initialization of the PKMS is interrupted, and the initialization of the PKMS is failed. Due to the fact that the initialization of the PKMS is failed, the preset processing is executed subsequently, for example, the installation of an application, when the PKMS is called, null pointer exception occurs, for example, nullPointerException-System zygate programmed with exception, namely, the calling is failed, and the System needs to be restarted to execute the initialization of the PKMS again. If the system is restarted for less than 5 times during the startup, the system can be continuously restarted. Generally, the signature matching failure cannot be overcome by restarting the system, so that the signature mismatch still occurs after restarting the system, which causes the PKMS initialization failure, and the subsequent call failure when calling the PKMS still causes the restart system to be triggered again, until the number of times of restarting the system is not less than (i.e., greater than or equal to) 5 times, which causes the boot failure, i.e., entering into an engineering (recovery) mode. That is, in the conventional art, a successful boot is possible only if there is no application whose signature does not match.
Since the PKMS service in the foregoing embodiment belongs to a software system of the mobile phone, the scanning of the target installation package by the PKMS in the foregoing embodiment may also be performed by using the mobile phone as an execution subject. For example, referring to fig. 10, with a mobile phone as an execution subject, the power-on method according to the embodiment of the present application may include the following steps:
s1001, in the process of starting the mobile phone, the mobile phone starts to scan the target installation package. Scanning the target installation package requires detecting whether the application signature in the target installation package is the same as the system signature of the mobile phone. If yes, executing S1002; if not, S1003 is executed. See the description of S507 above.
In some embodiments, during the process of powering on the mobile phone, the mobile phone may sequentially scan the installation packages in the preset directory, and need to identify whether the current installation package is the target installation package. In general, if the current installation package is in the directory 1, the directory 5, or the directory 6, it is determined that the current installation package is the target installation package.
S1002, the mobile phone skips scanning of the target installation package and starts scanning of the next installation package. See the description of S507 above.
S1003, the mobile phone continues to complete subsequent scanning processing of the target installation package, information analyzed by the scanning target installation package is loaded into the running memory, and the mobile phone continues to scan the next installation package until the scanning of the target installation package is completed. See the description of S508 above.
And S1004, after the mobile phone is started, the application is installed in the mobile phone, and the application does not comprise the application used for installation of the target installation package with the signature matching failure.
And the target installation package with the signature matching failure is the target installation package a.
In summary, with the method of the embodiment of the present application, when the target installation package a exists, the mobile phone skips scanning of the target installation package a, so that the target installation package a does not affect processing of other installation packages, and the probability of successful booting is improved. And the mobile phone can continue to scan the subsequent installation package, so that the PKMS initialization can be completed, and finally the mobile phone can be successfully started.
In the foregoing embodiment, the processing procedure of a target installation package is mainly described in detail. It should be understood that, in actual implementation, if there are multiple target installation packages, each target installation package may be processed according to the processing procedure of one target installation package.
An embodiment of the present application further provides an electronic device, which may include: a memory and one or more processors. The memory is coupled to the processor. The memory is for storing computer program code comprising computer instructions. When the processor executes the computer instructions, the electronic device may perform the various functions or steps performed by the device in the method embodiments described above.
The embodiment of the present application further provides a chip system, as shown in fig. 11, the chip system 1100 includes at least one processor 1101 and at least one interface circuit 1102. The processor 1101 and the interface circuit 1102 may be interconnected by wires. For example, the interface circuit 1102 may be used to receive signals from other devices (e.g., a memory of an electronic device). As another example, the interface circuit 1102 may be used to send signals to other devices (e.g., the processor 1101). Illustratively, the interface circuit 1102 may read instructions stored in the memory and send the instructions to the processor 1101. The instructions, when executed by the processor 1101, may cause the electronic device to perform the various steps in the embodiments described above. Of course, the chip system may further include other discrete devices, which is not specifically limited in this embodiment of the present application.
The present embodiment also provides a computer storage medium, in which computer instructions are stored, and when the computer instructions are run on an electronic device, the electronic device executes the above related method steps to implement the image processing method in the above embodiment.
The present embodiment also provides a computer program product, which when run on a computer causes the computer to execute the relevant steps described above, so as to implement the image processing method in the above embodiment.
In addition, embodiments of the present application also provide an apparatus, which may be specifically a chip, a component or a module, and may include a processor and a memory connected to each other; the memory is used for storing computer execution instructions, and when the device runs, the processor can execute the computer execution instructions stored in the memory, so that the chip can execute the image processing method in the above-mentioned method embodiments.
The electronic device, the computer storage medium, the computer program product, or the chip provided in this embodiment are all configured to execute the corresponding method provided above, and therefore, the beneficial effects that can be achieved by the electronic device, the computer storage medium, the computer program product, or the chip may refer to the beneficial effects in the corresponding method provided above, and are not described herein again.
Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the module or unit is only one type of logical function division, and other division manners may be available in actual implementation, for example, a plurality of units or components may be combined or integrated into another apparatus, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, that is, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present application and not for limiting, and although the present application is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made on the technical solutions of the present application without departing from the spirit and scope of the technical solutions of the present application.
Claims (12)
1. A starting method is applied to electronic equipment, the electronic equipment comprises a first installation package and a second installation package, the first installation package is an installation package of a first application, the second installation package is an installation package of a second application, the first installation package is located under a first directory, and the first installation package comprises a first signature of the first application, and the method comprises the following steps:
in the process of starting up the electronic equipment, the electronic equipment starts to scan the first installation package; wherein the scanning the first installation package comprises: judging whether the first signature is the same as a system signature of the electronic equipment or not;
if the first signature is different from the system signature, the electronic equipment stops scanning the first installation package, and the electronic equipment starts scanning the second installation package; the electronic equipment does not load the information analyzed by scanning the first installation package into an operation memory, and the information loaded into the operation memory is used for installing a corresponding application;
and after the electronic equipment is started, the second application is installed on the electronic equipment, but the first application is not installed on the electronic equipment.
2. The method of claim 1, wherein the first directory is used for storing an installation package of a preset application;
wherein the preset application is a system application of the electronic device; and/or the preset application is an enterprise application issued to the electronic device by an enterprise server, and the enterprise server is used for controlling the application in the electronic device.
3. The method according to claim 1 or 2, characterized in that the electronic device comprises at least one second directory comprising the first directory;
when the electronic equipment is started, the electronic equipment sequentially scans each directory in the at least one second directory, and when the electronic equipment scans one directory, the electronic equipment sequentially scans each installation package in the directories; the second installation package is the next installation package to be scanned after the electronic equipment scans the first installation package.
4. The method of any of claims 1-3, wherein the electronic device scanning information parsed by the installation package comprises: at least one of a package name of the installation package, a version number of the application, a signature of the application, and a permission of the application.
5. The method of any of claims 1-4, wherein the scanning the first installation package further comprises:
if the first signature is the same as the system signature, the electronic equipment continues to scan the first installation package;
the method further comprises the following steps:
in response to the completion of scanning the first installation package, the electronic device loads the information analyzed by scanning the first installation package into the operating memory, and starts scanning the second installation package;
after the electronic equipment is started, the first application and the second application are installed on the electronic equipment.
6. The method of any of claims 1-5, wherein if the first signature is different from the system signature, the method further comprises:
the electronic equipment records an error log, wherein the error log comprises a preset error type and an identifier of the first installation package, and the preset error type indicates that a signature of an application is different from a system signature.
7. The method according to claim 6, wherein the first application is an enterprise application issued by an enterprise server to the electronic device, and the enterprise server is used for managing and controlling applications in the electronic device;
after the electronic device logs the error log, the method further comprises:
the electronic equipment sends the error log to the enterprise server;
the electronic equipment receives a third installation package issued by the enterprise server according to the error log, wherein the third installation package is the installation package of the first application, the third installation package comprises a second signature of the first application, and the second signature is the same as the system signature;
the electronic device stores the third installation package under the first directory.
8. The method of any of claims 1-7, wherein the second installation package is located under the first directory, the second installation package including a third signature of the second application;
after the electronic device is started, the second application is installed on the electronic device, and the method includes:
and if the third signature is the same as the system signature, the second application is installed on the electronic equipment after the electronic equipment is started.
9. The method of any of claims 1-8, wherein the electronic device initiating scanning of the first installation package comprises:
a package management service (PKMS) in the electronic equipment starts to scan the first installation package;
the electronic device stopping scanning the first installation package, comprising:
the PKMS stops scanning the first installation package;
the electronic device starting to scan the second installation package, comprising:
the PKMS begins scanning for the second installation package.
10. An electronic device, wherein the electronic device includes a video to be processed therein, the electronic device comprising: a memory and one or more processors, the memory coupled with the processors; wherein the memory has stored therein computer program code comprising computer instructions which, when executed by the processor, cause the electronic device to perform the method of any of claims 1-9.
11. A computer storage medium comprising computer instructions that, when executed on an electronic device, cause the electronic device to perform the method of any of claims 1-9.
12. A chip system, wherein the chip system is applied to an electronic device comprising a display screen and a memory; the chip system includes one or more interface circuits and one or more processors; the interface circuit and the processor are interconnected through a line; the interface circuit is to receive a signal from a memory of the electronic device and to send the signal to the processor, the signal comprising computer instructions stored in the memory; the electronic device, when the processor executes the computer instructions, performs the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210360658.8A CN115562732A (en) | 2022-04-07 | 2022-04-07 | Starting method, electronic equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210360658.8A CN115562732A (en) | 2022-04-07 | 2022-04-07 | Starting method, electronic equipment and computer storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115562732A true CN115562732A (en) | 2023-01-03 |
Family
ID=84736869
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210360658.8A Pending CN115562732A (en) | 2022-04-07 | 2022-04-07 | Starting method, electronic equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115562732A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117687708A (en) * | 2023-07-12 | 2024-03-12 | 荣耀终端有限公司 | Starting-up method and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105808253A (en) * | 2016-03-04 | 2016-07-27 | 北京奇虎科技有限公司 | Android system startup method and apparatus |
| CN110825396A (en) * | 2019-10-31 | 2020-02-21 | Oppo(重庆)智能科技有限公司 | Exception handling method and related equipment |
| CN111382425A (en) * | 2018-12-29 | 2020-07-07 | 深圳Tcl新技术有限公司 | Application installation management method under multi-signature mechanism, intelligent terminal and storage medium |
-
2022
- 2022-04-07 CN CN202210360658.8A patent/CN115562732A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105808253A (en) * | 2016-03-04 | 2016-07-27 | 北京奇虎科技有限公司 | Android system startup method and apparatus |
| CN111382425A (en) * | 2018-12-29 | 2020-07-07 | 深圳Tcl新技术有限公司 | Application installation management method under multi-signature mechanism, intelligent terminal and storage medium |
| CN110825396A (en) * | 2019-10-31 | 2020-02-21 | Oppo(重庆)智能科技有限公司 | Exception handling method and related equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117687708A (en) * | 2023-07-12 | 2024-03-12 | 荣耀终端有限公司 | Starting-up method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3441876B1 (en) | Patch upgrade-based file processing method and device, terminal, and storage medium | |
| US9798555B2 (en) | Application implementation method and apparatus | |
| US8200962B1 (en) | Web browser extensions | |
| CN110569130B (en) | Cross-process communication method, device and equipment | |
| WO2019019668A1 (en) | Application startup method and device, computer apparatus, and storage medium | |
| US10628588B2 (en) | Information processing apparatus and computer readable storage medium | |
| CN107220074B (en) | Method and device for accessing and upgrading supporting layer software function | |
| US9747449B2 (en) | Method and device for preventing application in an operating system from being uninstalled | |
| CN106406956B (en) | Application program installation method and device | |
| CN112162795B (en) | Plug-in starting method and device, computer equipment and storage medium | |
| CN110865837B (en) | Method and terminal for system upgrade | |
| CN112394906B (en) | Method and equipment for switching application operation | |
| CN115328563B (en) | System starting method and electronic equipment | |
| CN113727333A (en) | Downloading method and system of customized application | |
| WO2022135215A1 (en) | Method and apparatus for repairing abnormal power-on | |
| CN115562732A (en) | Starting method, electronic equipment and computer storage medium | |
| CN116700768B (en) | Application processing method and related device | |
| CN111158735B (en) | Hot patch file processing method and communication terminal | |
| WO2022143126A1 (en) | Method, apparatus, and device for analyzing safety of application, and storage medium | |
| KR101675420B1 (en) | Method for automatically transforming android os based application package to tizen os based application package for appliances | |
| CN114138343A (en) | Terminal and terminal starting method | |
| CN114138293A (en) | Terminal and method for upgrading portable system of external memory card | |
| KR20210108279A (en) | Electronic device and method for managing signature key | |
| CN112181406A (en) | Rendering engine sharing method and device | |
| CN117135263B (en) | Log information acquisition method, electronic device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |