CN117131515A - Application request execution method and device, computer equipment and storage medium - Google Patents
Application request execution method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN117131515A CN117131515A CN202311385467.8A CN202311385467A CN117131515A CN 117131515 A CN117131515 A CN 117131515A CN 202311385467 A CN202311385467 A CN 202311385467A CN 117131515 A CN117131515 A CN 117131515A
- Authority
- CN
- China
- Prior art keywords
- data processing
- request
- processing request
- execution
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 132
- 238000012545 processing Methods 0.000 claims abstract description 137
- 230000008569 process Effects 0.000 claims abstract description 73
- 238000004590 computer program Methods 0.000 claims description 10
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 11
- 239000008186 active pharmaceutical agent Substances 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present application relates to the field of computer technologies, and in particular, to an application request execution method, an application request execution device, a computer device, and a storage medium, where the method includes: acquiring a data processing request of a user through an operating system virtual interface; extracting a packet name in the data processing request; judging whether the data processing request is allowed to be executed or not based on the packet name and the data processing request; and when the data processing request is allowed to be executed, invoking a process corresponding to the request type to execute the target execution command, and returning an execution result to the user side. The application can improve stability, convenience and safety, and can process different requests by using different authorities for the same application.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to an application request execution method, an application request execution device, a computer device, and a storage medium.
Background
The rights acquired by the application include root rights (root user rights) and system rights (system rights). Existing applications have the following drawbacks in the process of acquiring rights:
first, when an application obtains a certain authority, the whole application can obtain the authority, so that the function of not using the authority is affected when the application interacts with other applications. But also results in a higher security risk for the android system.
Secondly, a process has only one package name, so that only one of the two types of rights can be owned when each application acquires the rights, and the two types of rights cannot be owned at the same time.
Therefore, a solution to the above-described problems is needed.
Disclosure of Invention
In view of the above, the present application proposes an application request execution method, apparatus, computer device, and storage medium.
The embodiment of the application provides an application request execution method, which comprises the following steps:
an application request execution method, comprising:
acquiring a data processing request of a user through an operating system virtual interface, wherein the data processing request comprises a request type and a target execution command;
extracting a packet name in the data processing request;
judging whether the data processing request is allowed to be executed or not based on the packet name and the data processing request;
and when the data processing request is allowed to be executed, invoking a process corresponding to the request type to execute the target execution command, and returning an execution result to the user side.
Further, in the above application request execution method, the determining whether to allow execution of the data processing request based on the packet name and the data processing request includes:
acquiring a request type in the data processing request;
based on the packet name and the request type, it is determined whether the data processing request is allowed to be executed.
Further, in the above application request execution method, the determining whether to allow execution of the data processing request based on the packet name and the request type includes:
searching a blacklist corresponding to the request type of the package name;
based on the blacklist, it is determined whether the data processing request is allowed to be executed.
Further, in the above application request execution method, the determining whether to allow the execution of the data processing request based on the blacklist includes:
acquiring a target execution command in the data processing request;
comparing the target execution command with the blacklist;
if the target execution command is not in the blacklist, judging that the data processing request is allowed to be executed;
and if the target execution command is in the blacklist, judging that the execution of the data processing request is not allowed.
Further, in the above application request execution method, the data processing request includes a request type and a target execution command, and further includes:
when the data processing request is allowed to be executed, invoking a process corresponding to the request type to execute the target execution command, and returning an execution result to the user side;
and when the data processing request is not allowed to be executed, returning error prompt information to the user side.
Further, in the application request execution method, the request types include a system permission type and a root user permission type, the process corresponding to the system permission type is a system permission process, and the process corresponding to the root user permission type is a root user permission process.
Further, in the above application request execution method, the method further includes:
when the target execution command causes danger to the system, the target execution command is added to a corresponding blacklist.
Another embodiment of the present application further provides an application request execution device, including:
the acquisition unit is used for acquiring a data processing request of the user side through the virtual interface of the operating system;
an extracting unit, configured to extract a packet name in the data processing request;
a judging unit configured to judge whether execution of the data processing request is permitted or not based on the packet name and the data processing request;
and the execution unit is used for calling a process corresponding to the request type to execute the target execution command when the data processing request is allowed to be executed, and returning an execution result to the user side.
Another embodiment of the present application also proposes a computer device, including a storage unit and a processing unit, where the storage unit stores a computer program, and the processing unit executes the steps of the above-mentioned application request execution method by calling the computer program stored in the storage unit.
Another embodiment of the present application also proposes a computer readable storage medium storing a computer program adapted to be loaded by a processor for executing the steps of the application request execution method described above.
The embodiment of the application has the following beneficial effects:
the embodiment of the application provides an application request execution method, which comprises the steps of obtaining a data processing request of a user side through an operating system virtual interface; extracting a request type in the data processing request; and judging whether the data processing request is allowed to be executed or not based on the request type and the data processing request. In the scheme of the application, two processes (a system authority process and a root user authority process) are provided for respectively processing different requests of the user side application. The application itself is not provided with the authority, so that the safety and the stability are improved; but also different rights can be used simultaneously for the same application to handle different requests. In addition, the method of the application does not need to involve complicated authority management and configuration, thereby improving convenience.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are required for the embodiments will be briefly described, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope of the present application. Like elements are numbered alike in the various figures.
FIG. 1 illustrates a first flow diagram of an application request execution method according to some embodiments of the application;
FIG. 2 illustrates a second flow diagram of an application request execution method according to some embodiments of the application;
FIG. 3 illustrates a third flow diagram of an application request execution method according to some embodiments of the application;
FIG. 4 illustrates a fourth flow diagram of an application request execution method according to some embodiments of the application;
FIG. 5 illustrates a fifth flow diagram of an application request execution method according to some embodiments of the application;
fig. 6 is a schematic structural diagram of an application request execution apparatus according to some embodiments of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments.
The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present application.
The terms "comprises," "comprising," "including," or any other variation thereof, are intended to cover a specific feature, number, step, operation, element, component, or combination of the foregoing, which may be used in various embodiments of the present application, and are not intended to first exclude the presence of or increase the likelihood of one or more other features, numbers, steps, operations, elements, components, or combinations of the foregoing.
Furthermore, the terms "first," "second," "third," and the like are used merely to distinguish between descriptions and should not be construed as indicating or implying relative importance.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which various embodiments of the application belong. The terms (such as those defined in commonly used dictionaries) will be interpreted as having a meaning that is the same as the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein in connection with the various embodiments of the application.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The embodiments described below and features of the embodiments may be combined with each other without conflict.
Generally, application nomination generally refers to an Android application acquiring system rights or root rights. In the prior art, the Android application acquires the system permission by adding a specified attribute in an Android management file of an application program, and then re-signing an apk file by adding local_CERTIFICATE: =platform or using a platform key of a system in the Android file, so as to endow the application program with the system-level permission, and allow the application program to execute an operation requiring the system permission. For obtaining the root authority, the prior art generally uses a run time getrun (). Exec (String command) method to access a program or script of the underlying Linux system and execute SU commands, so that an application program has the root authority. In this way, the application can perform an operation requiring root rights. Therefore, the existing authority raising process is complicated, if one application process needs different authorities, authorities need to be added to each process in sequence to switch authorities, so that the workload of the whole process can be very large, and the processing time is increased.
Accordingly, in order to solve the above-mentioned problems, the present application proposes an application request execution method.
Referring to fig. 1, a flowchart of an application request execution method according to an embodiment of the application is shown. The application request execution method is exemplarily applied to a server.
In some embodiments, as shown in fig. 1, the application request execution method includes:
s110, obtaining a data processing request of a user terminal through an operating system virtual interface.
Specifically, the operating system virtual interface in the present embodiment includes an android virtual interface, an IOS virtual interface, and the like. The Android virtual interface refers to an AIDL, i.e., an Android interface definition language, which can be used to define a programming interface for inter-process communication (IPC) between a client and a server. In the Android system, each process runs in an independent memory, and each activity of the process is completed in the independent memory and is separated from other processes. However, there are sometimes demands for interaction between applications, and comparing transfer data or task delegation, so that the AIDL is required to acquire data of another process in one process and call a method for exposing the data, thereby meeting the demands for communication between processes. AIDL is a description language for defining the communication interfaces of the server and the client, and can be used to produce IPC codes, in the sense that AIDL is actually a template, because in use, it is not an AIDL file that actually acts, but an instance code of an Interface produced accordingly.
In the application, the web side acquires the data processing request of the user side through the AIDL interface, wherein the data processing request comprises three parts, namely, a required authority type (namely, a request type), a package name and a target execution command of data. After the web side can verify by extracting the target execution command, the verification result and the data processing request are transmitted to the server side, the server side executes corresponding operation according to the verification result and the data processing request, and the execution result is returned.
S210, extracting the packet name in the data processing request.
Specifically, since each application corresponds to a different packet name, the application corresponding to the data processing request needs to be acquired according to the packet name in the data processing request, so that the subsequent operation can be performed.
If the same application continuously transmits a plurality of data processing requests, the web end continuously receives the plurality of data processing requests and sequentially extracts the packet name of each data processing request.
S310, judging whether to allow the execution of the data processing request based on the packet name and the data processing request.
Specifically, after extracting and judging the packet name of each data processing request, it is judged whether the data processing request is allowed to be executed according to the packet name, because the data processing request that each application may be allowed to execute is different, it is necessary to acquire the corresponding application according to the packet name, and then it is judged whether the data processing request is allowed to be executed.
Wherein the request types include a system rights type and a root user rights type. The process corresponding to the system authority type is a system authority process, and the process corresponding to the root user authority type is a root user authority process. The Root authority is a super administrator user account in the android system, and the account has the highest authority of the whole system, so that all objects in the system can be operated.
The root user authority is far higher than the system authority, when an application acquires the root user authority, the corresponding file can be modified at will, and when the authority is not needed, the root user authority is preferably restricted. When the rights required by different processes of an application are different, multiple modifications are required, which is very complicated, so that the method of the application can separate the two rights, and the modification of the rights is not required to be added once for each process in the conventional manner.
Furthermore, if a packet name is given, other processes have the permission, because each application has only one packet name, and the unused processes of the application use the same packet name, so that when a plurality of processes execute operations, the processes which do not need the permission have the permission, and various risks and problems are easy to generate.
For example, if the same application has a process C and a process D, the process C needs root user rights, and the process D does not need any rights, so that when executing the process C, only the process C needs root user rights, and the process D does not need to execute, so if in the existing manner, the process D also has root user rights. Therefore, when a certain process needs what rights, what rights are given is the best.
Illustratively, 2 data processing requests are now received, the first data processing request is request a, the second data processing request is request B, and the rights required by request a are system rights, and then the system rights process is invoked to perform subsequent processing on request a. And then continuing to judge the authority type corresponding to the request B, and calling a user authority process to carry out subsequent processing on the request B when judging that the authority type required by the request B is the root user authority.
In the application request execution method of some embodiments, as shown in fig. 2, determining whether to allow execution of the data processing request based on the packet name and the data processing request includes:
s311, obtaining the request type in the data processing request.
S312, based on the packet name and the request type, it is determined whether the data processing request is allowed to be executed.
Specifically, each application corresponds to a request type with different rights, and sometimes needs to obtain system rights for processing, and sometimes needs to obtain root rights for processing, so that the processing needs to be performed separately according to the request type in the data processing request.
Each data processing request has a corresponding request type, each request type corresponds to a process, and only the corresponding process can process the data processing request of the corresponding request type. After the process acquires the corresponding data processing request, the process judges whether the request is allowed to be executed or not according to the content of the data processing request.
Exemplarily, when there are 3 data processing requests, namely a data processing request M, a data processing request N and a data processing request P, respectively, if the request type in the extracted data processing request M is a system authority type, a process corresponding to the system authority type is invoked to process the data processing request M. And if the request type in the extracted data processing request N is the root user authority type, invoking a process corresponding to the root user authority type to process the data processing request N.
In the application request execution method of some embodiments, as shown in fig. 3, determining whether to allow execution of a data processing request based on a packet name and a request type includes:
s313, searching a blacklist corresponding to the request type of the package name.
Specifically, each package name corresponds to an application, each application corresponds to two types of blacklists, namely a root blacklist and a system blacklist, and the corresponding blacklist is found through the acquired request type. Wherein, each blacklist stores all commands that the application is not allowed to execute.
S314, judging whether the data processing request is allowed to be executed or not based on the blacklist.
Specifically, it is determined whether the data processing request is allowed to be executed or not based on the obtained blacklist.
Alternatively, the data processing request is "package name+request type+target execution command". For example, the data processing request includes "123456", "system", xxxxx ", and then the request type is" system ", and the packet name is" 123456". It should be noted that the packet name, the request type, and the target execution command may not be connected together, but are merely examples.
In some embodiments of the application request execution method, as shown in fig. 4, determining whether to allow execution of the data processing request based on the blacklist includes:
s3141, a target execution command in the data processing request is acquired.
S3142, the target execution command is compared with the blacklist.
S3143, if the target execution command is not in the blacklist, it is determined that the execution of the data processing request is permitted.
S3144, if the target execution command is in the blacklist, it is determined that the execution of the data processing request is not permitted.
Illustratively, it is determined whether the target execution command is allowed to be executed based on the acquired packet name. Assuming that the currently acquired data processing request includes "6666", "system", "xxxxx", the package name is 6666, and the blacklist associated with the application corresponding to the search package name 6666 includes 6666root blacklist and 6666system blacklist, but the type in the data processing request is "system", so that the 6666system blacklist needs to be acquired. And comparing the obtained command with all commands in the 6666system blacklist to judge whether the data processing request is executed.
S410, when the execution of the data processing request is allowed, a process corresponding to the request type is called to execute the target execution command, and the execution result is returned to the user side.
Specifically, when the execution of the data processing request is allowed, the web end generates the execution permission information of the execution data, sends the information and the data processing request to the server end, and after the server end receives the execution permission information, obtains the corresponding request type and the target execution command according to the acquired data processing request, and calls the corresponding process according to the request type to execute the target execution command. The process corresponding to the system authority type is a system authority process, and the process corresponding to the root user authority type is a root user authority process.
For example, assuming that the data processing request acquired by the current server includes "888", "system", and "xxx", if the server receives the permission execution information, the "system" is extracted from the data processing request, the corresponding process (i.e., the system authority process) is acquired according to the "system", and then the extracted "xxx" is executed by using the system authority, and the execution result is returned to the user.
In some embodiments, in the application request execution method, the data processing request includes a request type and a target execution command, and the method further includes:
and when the data processing request is not allowed to be executed, returning error prompt information to the user side.
Specifically, when the execution of the data processing request is not permitted, the web side generates non-permission execution information of the execution data and transmits the information and the data processing request to the server side. And when the server receives the disallowed execution information, returning error prompt information to the user side. The error prompt information is preset prompt information, and after the user receives the error prompt information, the user can select a popup display of the popup frame or can display the error prompt information without the popup frame. Optionally, a preset mailbox can be added, and when error prompt information occurs, the error prompt information can be sent to the preset mailbox for prompting the manager at any time.
In some embodiments, as shown in fig. 5, the application request execution method further includes:
s510, when the danger occurs to the system due to the execution of the target execution command, the target execution command is added to the corresponding blacklist.
Specifically, the general execution of commands causes danger to the system, including but not limited to, insufficient filtering and verification of input parameters, unsafe APIs and library functions used in the application program or system, no effective measures against script injection attacks, imperfect calling mechanisms of the program or system to external commands, pollution of system environment variables, code containing design defects, and the like. The blacklist is used for judging whether the command is allowed to be executed or not before the next execution of the target execution command.
In some embodiments, the application request execution method further comprises:
when the execution of the target execution command causes a danger to the system, the danger is recorded and saved.
Specifically, when a danger occurs, each corresponding target execution command and the problem are saved for later viewing when needed.
Further, before the server receives the data processing request, the user side transmits three parameters of a package name, a request type and a target execution command to a control command management platform of the web side, and accesses the server side through the control command management platform of the web side so that the user side and the server side can perform data interaction.
Alternatively, the administrator may modify the blacklist content on the web-side control command management platform.
The embodiment of the application provides an application request execution method, which comprises the steps of obtaining a data processing request of a user side through an operating system virtual interface; extracting a request type in the data processing request; and judging whether the data processing request is allowed to be executed or not based on the request type and the data processing request. In the scheme of the application, two processes are provided for respectively processing different requests of the user side application. The application itself is not provided with the authority, so that the safety and the stability are improved. The specific steps are as follows:
first, security. According to the scheme, the system or root command is executed in the mode of the API and the SDK, so that the application program is ensured not to have the system and root rights, and the security of the system is improved. Meanwhile, the command authority is operated in real time through the Web terminal, once a command with a safety problem is found, the command is immediately disabled, and the safety of the system is further enhanced. The security reinforcement measures ensure that the application program does not need to acquire system and root rights in the running process, thereby reducing potential security risks. By monitoring and operating command authorities in real time, a system administrator can timely cope with new security threats and take necessary measures, so that the overall security level of the system is effectively improved.
Second, stability. The application program does not have system and root rights, so that the integrity of the interaction function between the application program and other processes and the accuracy of the function of the application program can be ensured. In a system, an application typically needs to interact with multiple processes, which may be unnecessarily impacted or risky if the application has system and root rights. By adopting the scheme, the functional operation of the application program can depend on the secure API and the SDK, so that the data integrity and the operation accuracy in the interaction process are ensured. And the system is also beneficial to reducing unexpected behaviors in the system and unexpected interference to the functions of the application program, and improves the reliability and stability of the application program.
Third, convenience. By executing the system or root command in the mode of API and SDK, the portability of the system is improved. Compared with the traditional mode, the scheme simplifies the operation flow under the multi-application scene and reduces the complexity and the time consumption. The execution of the system command can be completed by only calling a specified API or SDK method without involving cumbersome rights management and configuration. The simple and efficient scheme enables development and deployment of the application program to be more convenient and flexible, and portability of the application program is improved. The developer can concentrate on the core functions of the application program without paying too much attention to the specific implementation of the underlying system rights, thereby improving the development efficiency and the adaptability of the application program.
Fourth, functionality. In the existing scheme, an application program only has one package name, and cannot simultaneously have system authority and root authority, so that an authority method of the system and the root cannot be simultaneously used, and certain limitation exists in the aspect of functions. The scheme of the application can enable the application program to simultaneously use the system authority and the root authority.
Another embodiment of the present application further proposes an application request execution apparatus 600, as shown in fig. 6, the apparatus 600 includes:
the acquiring unit 610 is configured to acquire a data processing request of a user terminal through an operating system virtual interface.
The extracting unit 620 is configured to extract a packet name in the data processing request.
A judging unit 630 for judging whether the data processing request is allowed to be executed based on the packet name and the data processing request;
and an execution unit 640, configured to add the target execution command to the corresponding blacklist when the execution of the target execution command causes a danger to the system.
Another embodiment of the present application also provides a computer device, including a storage unit and a processing unit, where the storage unit stores a computer program, and the processing unit executes the steps of the application request execution method by calling the computer program stored in the storage unit.
Another embodiment of the present application also proposes a computer readable storage medium storing a computer program adapted to be loaded by a processor for executing the steps of the above-mentioned application request execution method.
It will be appreciated that the method steps of the present embodiment correspond to the application request execution method in the above embodiment, where the options of the application request execution method described above are equally applicable to the present embodiment, and will not be repeated here.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flow diagrams and block diagrams in the figures, which illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules or units in various embodiments of the application may be integrated together to form a single part, or the modules may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a smart phone, a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application.
Claims (10)
1. An application request execution method, comprising:
acquiring a data processing request of a user through an operating system virtual interface, wherein the data processing request comprises a request type and a target execution command;
extracting a packet name in the data processing request;
judging whether the data processing request is allowed to be executed or not based on the packet name and the data processing request;
and when the data processing request is allowed to be executed, invoking a process corresponding to the request type to execute the target execution command, and returning an execution result to the user side.
2. The application request execution method according to claim 1, wherein the determining whether to permit execution of the data processing request based on the packet name and the data processing request includes:
acquiring a request type in the data processing request;
based on the packet name and the request type, it is determined whether the data processing request is allowed to be executed.
3. The application request execution method according to claim 2, wherein the determining whether to allow execution of the data processing request based on the packet name and the request type includes:
searching a blacklist corresponding to the request type of the package name;
based on the blacklist, it is determined whether the data processing request is allowed to be executed.
4. The application request execution method according to claim 3, wherein the determining whether to allow execution of the data processing request based on the blacklist includes:
acquiring a target execution command in the data processing request;
comparing the target execution command with the blacklist;
if the target execution command is not in the blacklist, judging that the data processing request is allowed to be executed;
and if the target execution command is in the blacklist, judging that the execution of the data processing request is not allowed.
5. The application request execution method according to claim 1, further comprising:
and when the data processing request is not allowed to be executed, returning error prompt information to the user side.
6. The application request execution method according to claim 5, wherein the request types include a system authority type and a root user authority type, the process corresponding to the system authority type is a system authority process, and the process corresponding to the root user authority type is a root user authority process.
7. The application request execution method according to claim 6, further comprising:
when the target execution command causes danger to the system, the target execution command is added to a corresponding blacklist.
8. An application request execution apparatus, comprising:
the system comprises an acquisition unit, a target execution unit and a control unit, wherein the acquisition unit is used for acquiring a data processing request of a user side through an operating system virtual interface, and the data processing request comprises a request type and a target execution command;
an extracting unit, configured to extract a packet name in the data processing request;
a judging unit configured to judge whether execution of the data processing request is permitted or not based on the packet name and the data processing request;
and the execution unit is used for calling a process corresponding to the request type to execute the target execution command when the data processing request is allowed to be executed, and returning an execution result to the user side.
9. A computer device comprising a storage unit in which a computer program is stored and a processing unit that performs the steps of the application request execution method according to any one of claims 1 to 7 by calling the computer program stored in the storage unit.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program adapted to be loaded by a processor for executing the steps of the application request execution method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311385467.8A CN117131515B (en) | 2023-10-25 | 2023-10-25 | Application request execution method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311385467.8A CN117131515B (en) | 2023-10-25 | 2023-10-25 | Application request execution method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117131515A true CN117131515A (en) | 2023-11-28 |
| CN117131515B CN117131515B (en) | 2024-02-20 |
Family
ID=88860361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311385467.8A Active CN117131515B (en) | 2023-10-25 | 2023-10-25 | Application request execution method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117131515B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102917359A (en) * | 2012-09-27 | 2013-02-06 | 中兴通讯股份有限公司 | Mobile terminal with PPPoE number dialing function and number dialing method thereof |
| CN103617380A (en) * | 2013-11-28 | 2014-03-05 | 北京邮电大学 | Application program authority dynamic control method and system |
| CN105045625A (en) * | 2015-07-17 | 2015-11-11 | 上海斐讯数据通信技术有限公司 | Method for root authority management and control in Android platform |
| CN106529312A (en) * | 2016-10-25 | 2017-03-22 | 广东欧珀移动通信有限公司 | Method and device for permission control of mobile terminal, and mobile terminal |
| CN106934288A (en) * | 2015-12-31 | 2017-07-07 | 北京金山安全软件有限公司 | Root virus cleaning method and device and electronic equipment |
| CN107392010A (en) * | 2017-06-19 | 2017-11-24 | 阿里巴巴集团控股有限公司 | Perform method and device, terminal device, the storage medium of Root operations |
| CN113032766A (en) * | 2021-05-26 | 2021-06-25 | 荣耀终端有限公司 | Application authority management method and device |
-
2023
- 2023-10-25 CN CN202311385467.8A patent/CN117131515B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102917359A (en) * | 2012-09-27 | 2013-02-06 | 中兴通讯股份有限公司 | Mobile terminal with PPPoE number dialing function and number dialing method thereof |
| CN103617380A (en) * | 2013-11-28 | 2014-03-05 | 北京邮电大学 | Application program authority dynamic control method and system |
| CN105045625A (en) * | 2015-07-17 | 2015-11-11 | 上海斐讯数据通信技术有限公司 | Method for root authority management and control in Android platform |
| CN106934288A (en) * | 2015-12-31 | 2017-07-07 | 北京金山安全软件有限公司 | Root virus cleaning method and device and electronic equipment |
| CN106529312A (en) * | 2016-10-25 | 2017-03-22 | 广东欧珀移动通信有限公司 | Method and device for permission control of mobile terminal, and mobile terminal |
| CN107392010A (en) * | 2017-06-19 | 2017-11-24 | 阿里巴巴集团控股有限公司 | Perform method and device, terminal device, the storage medium of Root operations |
| CN113032766A (en) * | 2021-05-26 | 2021-06-25 | 荣耀终端有限公司 | Application authority management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117131515B (en) | 2024-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110310205B (en) | Block chain data monitoring method, device, equipment and medium | |
| CN109831419A (en) | The determination method and device of shell program authority | |
| CN102347941B (en) | A kind of safety applications control method based on open platform | |
| JP7228751B2 (en) | Method and apparatus for authority management, computer equipment and storage medium | |
| CN104217139B (en) | Processing system | |
| CN111191226B (en) | Method, device, equipment and storage medium for determining program by utilizing right-raising loopholes | |
| US11663337B2 (en) | Methods and systems for system call reduction | |
| CN110990798B (en) | Application program permission configuration method and device, electronic equipment and storage medium | |
| CN117131515B (en) | Application request execution method and device, computer equipment and storage medium | |
| CN112463266A (en) | Execution policy generation method and device, electronic equipment and storage medium | |
| KR102669688B1 (en) | Dynamic security policy enforcement method for container system, recording medium and system for performing the same | |
| CN116132150A (en) | Method, device and system for detecting environment-aware API in android system | |
| CN107392010B (en) | Root operation execution method and device, terminal equipment and storage medium | |
| CN112417402B (en) | Authority control method, authority control device, authority control equipment and storage medium | |
| CN112464176B (en) | Authority management method and device, electronic equipment and storage medium | |
| CN113076529B (en) | Access control method, device, computer readable storage medium and equipment | |
| CN109165509A (en) | The software method of credible measurement, equipment, system and storage medium in real time | |
| CN103984730B (en) | information processing method and electronic equipment | |
| Kim et al. | Detecting illegally-copied apps on android devices | |
| CN113190836A (en) | Web attack behavior detection method and system based on local command execution | |
| CN112464225A (en) | Request processing method, request processing device and computer readable storage medium | |
| CN110378116B (en) | Method and device for preventing operating system from being attacked based on native code | |
| CN111523115B (en) | Information determining method, function calling method and electronic equipment | |
| Gupta et al. | SEC‐H5: secure and efficient integration of settings of enhanced HTML5 XSS vector defensive framework on edge network of fog nodes | |
| CN113901483A (en) | Application detection method and device, computer storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |