CN115617397A - Safe real-time SHELL design method - Google Patents

Safe real-time SHELL design method Download PDF

Info

Publication number
CN115617397A
CN115617397A CN202211299723.7A CN202211299723A CN115617397A CN 115617397 A CN115617397 A CN 115617397A CN 202211299723 A CN202211299723 A CN 202211299723A CN 115617397 A CN115617397 A CN 115617397A
Authority
CN
China
Prior art keywords
shell
real
application program
time
white list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211299723.7A
Other languages
Chinese (zh)
Inventor
刘来波
李朝铭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong New Generation Information Industry Technology Research Institute Co Ltd
Original Assignee
Shandong New Generation Information Industry Technology Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong New Generation Information Industry Technology Research Institute Co Ltd filed Critical Shandong New Generation Information Industry Technology Research Institute Co Ltd
Priority to CN202211299723.7A priority Critical patent/CN115617397A/en
Publication of CN115617397A publication Critical patent/CN115617397A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30076Arrangements for executing specific machine instructions to perform miscellaneous control operations, e.g. NOP
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to the technical field of robot operating systems, in particular to a safe real-time SHELL design method, which comprises the following steps: installing the modified kernel installation package; installing the modified real-time SHELL command processor; editing a white list configuration file by a ROOT administrator, and adding robot node application programs, priority and CPU number information; in a SHELL console, an application program command is input to run, namely, the application program command automatically runs in a real-time process scheduling mode; the beneficial effects are that: the design method of the safe real-time SHELL is based on a Linux real-time operating system, and realizes that the robot node application program automatically runs in a real-time process scheduling mode under the SHELL through the real-time modification of the SHELL, the priority can be improved without modifying codes of the application program, the transplanting workload of the application program is reduced, and meanwhile, the function is enabled only for the appointed IROS user through the modification of an operating system kernel, and meanwhile, the application program state is managed through a SHELL white list.

Description

Safe real-time SHELL design method
Technical Field
The invention relates to the technical field of robot operating systems, in particular to a safe real-time SHELL design method.
Background
At present, most robots adopt a real-time operating system, and in the robot real-time operating system, a robot node application program is required to run in a real-time process scheduling mode, so that the real-time requirement of the system can be met.
In the prior art, an application program started and run in a SHELL command processor is defaulted to run in a common low-priority scheduling mode, cannot run in a real-time process scheduling mode, needs to be modified, increases design codes related to process scheduling, and can take effect only by running in root authority.
However, the operation can only be effective when the operation is performed in the root authority, which results in a large development workload and also results in exposure of the root authority, thereby causing system safety hazards.
Disclosure of Invention
The present invention is directed to a method for designing secure real-time SHELL to solve the above-mentioned problems in the background art.
In order to achieve the purpose, the invention provides the following technical scheme: a design method of a secure real-time SHELL, the design method of the secure real-time SHELL comprising:
installing the modified kernel installation package;
installing the modified real-time SHELL command processor;
editing a white list configuration file by a ROOT administrator, and adding robot node application programs, priority and CPU number information;
in the SHELL console, the input application commands run, i.e., automatically run in real-time process scheduling mode.
Preferably, kernel codes of a real-time operating system based on the robot IROS-RLinux are modified, a kernel process scheduling part code is modified, and an IROS user scheduling authority check code module is added in a process priority system calling function code.
Preferably, a check code module 1 is added: checking whether the UID and the user name of the IROS user are consistent;
adding a check code module 2: checking whether the robot node application program belongs to an IROS user or not;
after the check passes, the method may allow the robotic node application to execute under the IROS user.
Preferably, the SHELL command handler includes: and setting the SHELL white list operation parameters and controlling the SHELL white list operation.
Preferably, the setting function of the SHELL white list operation parameters is set by a ROOT administrator by editing a SHELL white list configuration file, and the content of the SHELL white list authority includes: the robot node application program name, the real-time priority and the CPU running number parameter information.
Preferably, the SHELL white list runs a control function, including: loading a SHELL white list, verifying an IROS robot node application program, setting the real-time priority of a process and setting the CPU affinity of the process.
Preferably, the SHELL white list loading function reads the SHELL white list configuration file and loads the same into the memory when the SHELL is started.
Preferably, the IROS robot node application program checks whether the user to which the application program belongs is an IROS user, and checks whether the shared library used by the node application program is an IROS shared library.
Preferably, the functions of real-time priority setting of the process and CPU affinity setting of the process realize that before the SHELL runs the application program, a sub-process is established first, the priority of the sub-process is set according to the SHELL white list priority parameter, then the CPU affinity of the process is set, and finally the application program is loaded in the sub-process, wherein the process number of the application program is the sub-process, namely, the set priority and the CPU affinity are provided.
Preferably, no set application program is added to the SHELL white list, when the SHELL starts the application program, a real-time priority is assigned by default, and meanwhile, the CPU affinity is defaulted to be in a disabled state, so that all the application programs started and operated under the real-time SHELL are ensured to be operated in a real-time priority mode, and the real-time performance of the system program is ensured.
Compared with the prior art, the invention has the beneficial effects that:
the design method of the safe real-time SHELL is based on a Linux real-time operating system, realizes that the robot node application program automatically runs in a real-time process scheduling mode under the SHELL through the real-time modification of the SHELL, can realize priority promotion without code modification on the application program, reduces the transplanting workload of the application program, enables the function only for the appointed IROS user through the modification of an operating system kernel, and manages the application program state through a SHELL white list to ensure the application safety of the system.
Drawings
FIG. 1 is a system design architecture diagram of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clear and fully described, embodiments of the present invention are further described in detail below with reference to the accompanying drawings. It is to be understood that the specific embodiments described herein are merely illustrative of some embodiments of the invention and are not limiting of the invention, and that all other embodiments obtained by those of ordinary skill in the art without the exercise of inventive faculty are within the scope of the invention.
Example one
Referring to fig. 1, the present invention provides a technical solution: a design method of safe real-time SHELL mainly comprises two key steps of kernel IROS user real-time priority scheduling control design and SHELL process priority operation control design. The main scheme comprises the following steps:
kernel IROS user real-time priority scheduling control method-implementing steps:
i. reconstructing based on a kernel code of a robot IROS-RLinux real-time operating system;
modifying a kernel process scheduling part code, and adding an IROS user scheduling authority verification code module in a process priority system calling function code;
add check code module 1: checking whether the UID and the user name of the IROS user are consistent iv. Adding a check code module 2: checking whether the robot node application program belongs to an IROS user or not;
v. after the check passes, the method may allow the robot node application to execute under the IROS user.
SHELL process priority operation control-implementation step
The shell white list runs a parameter setting function. The function is set by a ROOT administrator by editing a SHELL white list configuration file, and the SHELL white list authority content comprises the following contents: and the robot node application program name, the real-time priority, the CPU running number and other parameter information.
And ii, a SHELL white list loading function, wherein when SHELL is started, the SHELL white list configuration file is read and loaded into the memory.
And iii, checking whether the user of the application program belongs to an IROS user, and checking whether a shared library used by the node application program is an IROS shared library to ensure that the shared library is the robot node application program.
A process real-time priority setting, process CPU affinity setting function. Before running an application program, the SHELL command processor firstly creates a subprocess, sets the priority of the subprocess according to the SHELL white list priority parameter, then sets the CPU affinity of the process, and finally loads the application program in the subprocess, wherein the process number of the application program is the subprocess, namely the subprocess has the set priority and the CPU affinity.
v. for the node application programs which are not set in the SHELL white list, when the SHELL starts the application programs, a real-time priority is assigned by default, the CPU affinity is set in a forbidden state by default, and all the application programs which are started and run under the real-time SHELL are ensured to run in a real-time priority state.
Example two
On the basis of the first embodiment, in order to realize a safe real-time SHELL design method patent, the patent method comprises two key technologies, namely a kernel IROS user real-time priority scheduling control method and a SHELL process priority control method.
The invention comprises a real-time priority scheduling control method for kernel IROS users, which is characterized in that Linux kernel scheduling codes are designed and modified, an IROS user scheduling authority verification function is added on the basis of codes set by kernel priorities, and after verification is passed, a robot node application program can be allowed to run under the IROS users.
The method has the functions of checking the scheduling authority of the IROS user, and the checking functions comprise: and checking whether the UID and the user name of the IROS user are consistent or not, and checking whether the robot node application program belongs to the file of the IROS user or not.
The invention includes a SHELL process priority run control function. The functions include: setting the operation parameters of the SHELL white list and controlling the SHELL white list.
The function comprises a SHELL white list operation parameter setting function, the function is set by a ROOT administrator through editing a SHELL white list configuration file, and the SHELL white list authority content comprises: and the robot node application program name, the real-time priority, the CPU running number and other parameter information.
The functions include a SHELL white list run control function, which includes: loading a SHELL white list, verifying an IROS robot node application program, setting real-time priority of a process, setting CPU affinity of the process and the like.
The function comprises a SHELL white list loading function, and when the SHELL is started, the SHELL white list configuration file is read and loaded into a memory.
The functions comprise checking IROS robot node application programs, checking whether a user of the application programs is an IROS user, and checking whether a shared library used by the node application programs is an IROS shared library.
The functions comprise process real-time priority setting and process CPU affinity setting functions. Before running an application program, the SHELL firstly establishes a subprocess, sets the priority of the subprocess according to the priority parameter of a SHELL white list, then sets the CPU affinity of the process, and finally loads the application program in the subprocess, wherein the process number of the application program is the subprocess, namely the process number has the set priority and the CPU affinity.
For the application programs which are not added in the SHELL white list and are set, when the SHELL starts the application programs, a real-time priority is assigned by default, and meanwhile, the CPU affinity is defaulted to be in a forbidden state, so that all the application programs which are started and run under the real-time SHELL are ensured to run in a real-time priority mode, and the real-time performance of the system program is ensured.
EXAMPLE III
On the basis of the second embodiment, in order to realize a safe real-time SHELL design method, the method is applied to the field of robot operating systems, and through SHELL real-time design transformation and kernel process priority control design transformation, a real-time SHELL command processor is realized. The design method comprises three processes, namely designing a kernel scheduling code, and aiming at IROS common users, adding priority scheduling authority verification control to ensure that the IROS users have priority setting function authority and other common users do not have the authority; secondly, the administrator sets SHELL white list parameters, and the SHELL white list configuration file comprises the robot node application program name, the priority and the CPU running number; and thirdly, designing and modifying a SHELL code, and respectively realizing functions of SHELL white list loading, IROS user program verification, real-time priority setting, CPU affinity setting and the like. Firstly reading a SHELL white list configuration file after starting a SHELL and loading the SHELL white list configuration file into a memory, then running a robot node application program in a SHELL command line by a user, firstly verifying the user of the application program after the SHELL receives an application program command, establishing a subprocess in the SHELL after confirming that the user is an IROS user, setting the priority of the subprocess according to a SHELL white list priority parameter, then setting the CPU affinity of the subprocess, and finally loading and starting the robot node application program in the subprocess, wherein the process number of the application program is the subprocess, namely the subprocess has the set priority and the CPU affinity. For the application programs which are not added in the SHELL white list, the SHELL assigns a default real-time priority, the CPU affinity defaults to a disabled state, the application programs running in the SHELL are ensured to run in a real-time priority mode, and the real-time performance of the application programs is ensured.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. A design method of safe real-time SHELL is characterized in that: the design method of the safe real-time SHELL comprises the following steps:
installing the modified kernel installation package;
installing a modified real-time SHELL command processor;
editing a white list configuration file by a ROOT administrator, and adding robot node application programs, priority and CPU number information;
in the SHELL console, the input application commands run, i.e., automatically run in real-time process scheduling mode.
2. The method of claim 1, wherein the method further comprises: the kernel code of the real-time operating system is modified based on the robot IROS-RLinux, a kernel process scheduling part code is modified, and an IROS user scheduling authority verification code module is added in a process priority system calling function code.
3. The method of claim 2, wherein the method further comprises: adding a check code module 1: checking whether the UID and the user name of the IROS user are consistent;
adding a check code module 2: checking whether the robot node application program belongs to an IROS user or not;
after the check passes, the robot node application may be allowed to execute under the IROS user.
4. The method of claim 1, wherein the method further comprises: the SHELL command processor includes: the method comprises two functions of SHELL white list operation parameter setting and SHELL white list operation control.
5. The method of claim 4, wherein the method further comprises: the setting function of the SHELL white list operation parameters is set by a ROOT administrator by editing a SHELL white list configuration file, and the SHELL white list authority content comprises the following contents: the robot node application program name, the real-time priority and the CPU running number parameter information.
6. The method of claim 4, wherein the method further comprises: the SHELL white list operation control function comprises the following steps: loading a SHELL white list, verifying an IROS robot node application program, setting the real-time priority of a process and setting the CPU affinity of the process.
7. The method of claim 6, wherein the method further comprises: and a SHELL white list loading function, namely reading the SHELL white list configuration file and loading the SHELL white list configuration file into the memory when the SHELL is started.
8. The method of claim 6, wherein the method further comprises: and checking the IROS robot node application program, checking whether the user to which the application program belongs is an IROS user, and checking whether the shared library used by the node application program is an IROS shared library.
9. The method of claim 6, wherein the method further comprises: the method comprises the steps of establishing a subprocess before the application program is run by the SHELL through the functions of real-time priority setting of the process and CPU affinity setting of the process, setting the priority of the subprocess according to a white list priority parameter of the SHELL, then setting the CPU affinity of the process, and finally loading the application program in the subprocess, wherein the process number of the application program is the subprocess, and the application program has the set priority and the CPU affinity.
10. The method of claim 9, wherein the method further comprises: the method is characterized in that the set application program is not added in the SHELL white list, when the SHELL starts the application program, a real-time priority is assigned by default, meanwhile, the CPU affinity is defaulted to be in a forbidden state, all the application programs started and operated under the real-time SHELL are ensured to operate in a real-time priority mode, and the real-time performance of the system program is ensured.
CN202211299723.7A 2022-10-24 2022-10-24 Safe real-time SHELL design method Pending CN115617397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211299723.7A CN115617397A (en) 2022-10-24 2022-10-24 Safe real-time SHELL design method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211299723.7A CN115617397A (en) 2022-10-24 2022-10-24 Safe real-time SHELL design method

Publications (1)

Publication Number Publication Date
CN115617397A true CN115617397A (en) 2023-01-17

Family

ID=84865227

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211299723.7A Pending CN115617397A (en) 2022-10-24 2022-10-24 Safe real-time SHELL design method

Country Status (1)

Country Link
CN (1) CN115617397A (en)

Similar Documents

Publication Publication Date Title
CN109710384B (en) Safe Java intelligent contract interpretation execution engine and method
DE69836469T2 (en) Method and apparatus for propagating a security model to proprietary code
JP5108789B2 (en) Software system with controlled access to objects
CN111782340B (en) Data processing method, device, equipment and system based on byte codes
US7065649B2 (en) Method and system for controlling use of software programs
WO2007109650A1 (en) Apparatus and method for capabilities verification and restriction of managed applications in an execution environment
CN111240720A (en) Boot program upgrading method and device and storage medium
CN108388793B (en) Virtual machine escape protection method based on active defense
Borg et al. A real-time RMI framework for the RTSJ
CN111736954A (en) Multi-intelligent contract virtual machine implementation method, multi-intelligent contract virtual machine and system
CN110086827A (en) A kind of SQL injection method of calibration, server and system
US6502176B1 (en) Computer system and methods for loading and modifying a control program without stopping the computer system using reserve areas
CN115617397A (en) Safe real-time SHELL design method
CN115994004B (en) Application program interface calling method and device
US20140173635A1 (en) System and method for adding local resources for use by a mobile agent object
CN113282378B (en) Vehicle-mounted system based on environment isolation subsystem
CN111552524A (en) Plug-in loading method and device and computer readable storage medium
US6694370B1 (en) Computerized method and system for implementing distributed applications
CN113791824B (en) Peripheral driver loading method, system and medium of terminal equipment
CN115828231A (en) Application program running method and device, vehicle and storage medium
CN111475763B (en) Webpage running method and device, storage medium and equipment
CN111796909B (en) Lightweight mobile application virtualization system
CN111694583B (en) Cloud game updating method, cloud game updating system and storage medium
CN110598393B (en) Safe user architecture and authority control method
Wood et al. Triton: a domain specific language for cyber-physical systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination