JP2012003488A - Portable terminal and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a portable terminal and a program capable of preventing unauthorized use of applications.SOLUTION: An application processing part 10a executes processing defined as processing for an application. An authorization promotion command determination part 10b and the like determine whether there is a change of settings which can be made with the highest level of authorization as an authorization related to the use of or change of settings of functions provided by a terminal. An application control part 10g stops an application 10 when it is determined that a change has been made.

Description

  The present invention relates to a mobile terminal such as a mobile phone terminal, a mobile information terminal, and a smartphone. The present invention also relates to a program for causing a computer of a mobile terminal to execute processing.

  Based on the OS (operating system) for PCs, OSs developed for portable terminals that allow general users to operate various functions have become widespread. Under such circumstances, it is necessary to prevent unauthorized use by users of mobile terminals, such as applications that handle various types of content that require copyright management and applications for communication services. .

  When the terminal operates, the authority related to the use of the function of the terminal and the change of the setting is set, and the user can operate the terminal within the range of the authority. For example, when general user authority is set, various applications and commands can be executed within the range of general user authority. Also, when the root authority (superuser authority), which is the highest authority, is set, in addition to the operations that are possible within the scope of general user authority, it is possible to change important settings in the terminal. Usually, the mobile terminal is set to operate with a general user authority.

  A malicious user exploits an OS vulnerability to obtain root privileges illegally, monitors the behavior of the application, and performs unauthorized control. Therefore, it is necessary to prevent such unauthorized use of the application. Patent Document 1 describes a method of protecting a computer from a stack smashing attack for illegally acquiring root authority by detecting occurrence of a stack overflow due to input of illegal data.

JP-A-2005-32185

  The most popular mobile phone terminals in the past do not have an interface that allows users to operate the terminal from a PC, the applications that can be installed are limited, and the functions of the terminals that can use the applications In the first place, there was no unauthorized acquisition of root privileges. In contrast, smartphones that have recently appeared have an interface that allows users to operate the terminal from a PC, and applications that can use various functions of the terminal have appeared, but unauthorized acquisition of root privileges has been performed. There was no way to detect this, and the application could not be protected from unauthorized use.

  The present invention has been made in view of the above-described problems, and an object of the present invention is to provide a mobile terminal and a program that can prevent unauthorized use of an application.

  The present invention has been made in order to solve the above-described problem, and has the highest authority as the authority related to the use of the function in the terminal and the change of the setting, the application processing unit that executes the process specified as the process of the application. A determination unit that determines whether there is a change in setting that can be changed if it has, and a stop unit that stops the application processing unit when it is determined that the change has been made. It is a portable terminal characterized by.

  In the mobile terminal of the present invention, the determination unit determines whether or not a command for changing the authority is set in the terminal.

  In the mobile terminal of the present invention, the determination unit determines whether or not the highest authority is set in a file for setting the authority when the terminal is used.

  In the mobile terminal of the present invention, the determination unit determines whether or not a setting for communication control that can be changed when the user has the highest authority has been changed.

  In the mobile terminal of the present invention, the determination unit is an access authority that can be changed when the highest authority is given, and is set in a specific area in a storage unit that stores a file. It is characterized in that it is determined whether or not the read or write access authority has been changed.

  The portable terminal of the present invention further includes an execution file determination unit that determines whether or not a known execution file for changing the authority related to the use of the function in the terminal and the change of the setting to the highest authority exists in the terminal. The stopping unit stops the application processing unit when the setting is made or the execution file exists in the terminal.

  The mobile terminal of the present invention further includes a command control unit that receives command information for execution control from outside the terminal and notifies the command information to an OS in the terminal, and the stop unit further includes the setting When it is determined that the command has been made, the command control unit is stopped.

  The portable terminal of the present invention further includes a storage unit that stores an execution file of the command control unit, and the stop unit further deletes the execution file after the command control unit stops. .

  The portable terminal of the present invention further includes a storage unit that stores an execution file of the command control unit, and the stop unit further executes the execution file after the command control unit is stopped. It is characterized in that it is replaced with another execution file that executes processing different from the processing.

  The portable terminal of the present invention further includes a display unit that displays a warning when it is determined that the setting has been made.

  In addition, the present invention can be changed when the application processing unit that executes the process specified as the process of the application and the highest authority as the authority related to the use of the function in the terminal and the change of the setting can be changed. A program for causing a computer of a mobile terminal to function as a determination unit that determines whether or not a setting has been changed and a stop unit that stops the application processing unit when it is determined that the change has been made.

  According to the present invention, when it is determined that a setting change that can be changed when the highest authority has been given as the authority relating to the use of the function in the terminal and the change of the setting is being executed. By stopping the application, unauthorized use of the application can be prevented.

It is a block diagram which shows the function structure of the portable terminal and control apparatus by the 1st Embodiment of this invention. It is a block diagram which shows the function structure of the application in the 1st Embodiment of this invention. It is a reference figure which shows the directory structure in the memory | storage part in the 1st Embodiment of this invention. It is a flowchart which shows the procedure of the operation | movement of the application in the 1st Embodiment of this invention. It is a flowchart which shows the procedure of the operation | movement of the application in the 1st Embodiment of this invention. It is a block diagram which shows the partial function structure of the portable terminal by the 2nd Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. This embodiment pays attention to the settings that a malicious user will perform to obtain root privileges illegally and the settings that a malicious user will perform after unauthorized acquisition of root privileges. If an abnormality is detected, the application is stopped.

(First embodiment)
First, a first embodiment of the present invention will be described. When a specific OS is installed in a mobile terminal, it is possible to connect the mobile terminal and a control device such as a PC with a control cable such as RS232C and operate the mobile terminal via the control device. FIG. 1 shows a functional configuration of the mobile terminal and the control device. The portable terminal 1 and the control device 2 are connected by a cable 3 such as RS232C.

  The mobile terminal 1 includes an application 10, an OS 12, a command control unit 13, a storage unit 14, a display unit 15, and a work area W1. The application 10, the OS 12, and the command control unit 13 operate on a work area W1 composed of devices such as SRAM. These execution files (programs) are stored in the storage unit 14, and these execution files are activated by being read from the storage unit 14 into the work area W1.

  The application 10 runs on the OS 12 and issues a system call to the OS 12 and receives an execution result from the OS 12. As a result, the application 10 executes various commands, accesses the storage unit 14, and the like.

  The command control unit 13 performs control related to commands input by the user by operating the operation unit 23 of the control device 2. Specifically, the command control unit 13 communicates with the command control unit 20 of the control device 2, receives command information indicating the input command, and notifies the OS 12 of the command information. The OS 12 executes processing related to various commands based on the command information. Further, the command control unit 13 receives a notification of the execution result of the processing from the OS 12 and transmits execution result information indicating the execution result to the command control unit 20. The command control unit 13 normally operates with general user authority. However, when a malicious user illegally acquires root authority, the command control unit 13 operates with root authority.

  The storage unit 14 is configured by a device such as a flash memory, and stores various information and execution files used in the mobile terminal 1. The display unit 15 is composed of a liquid crystal display device or the like and displays various information.

  The control device 2 includes a command control unit 20, an OS 21, a storage unit 22, an operation unit 23, a display unit 24, and a work area W2. The command control unit 20 and the OS 21 operate on a work area W2 composed of devices such as SDRAM. These execution files (programs) are stored in the storage unit 22 and are activated when these execution files are read from the storage unit 22 into the work area W2.

  The command control unit 20 performs control related to commands input by the user operating the operation unit 23. Specifically, the command control unit 20 communicates with the command control unit 13 of the mobile terminal 1, transmits command information indicating the input command, and receives execution result information indicating the execution result.

  The storage unit 22 is configured by a device such as a hard disk drive, and stores various information and execution files used in the control device 2. The operation unit 23 is configured by a device such as a keyboard and a mouse, and outputs a signal based on a result of a user operation. The display unit 24 is configured by a liquid crystal display device or the like, and displays an execution result or the like based on the execution result information.

  FIG. 2 shows a functional configuration of the application 10. The application 10 includes an application processing unit 10a, a privilege promotion command determination unit 10b, a privilege setting file determination unit 10c, a communication control file determination unit 10d, an access right determination unit 10e, a right acquisition execution file determination unit 10f, and an application control unit 10g. Have.

  The application processing unit 10a performs a process defined as the original application process. The privilege promotion command determination unit 10b, the privilege setting file determination unit 10c, the communication control file determination unit 10d, the access right determination unit 10e, the privilege acquisition execution file determination unit 10f, and the application control unit 10g are newly added to the protection target application. It is a part added to.

  The privilege elevating command determination unit 10b, the authority setting file determination unit 10c, the communication control file determination unit 10d, and the access right determination unit 10e are roots that have the highest authority for use of functions in the mobile terminal 1 and change of settings. It is determined whether there is a change in settings that can be changed when the user has authority (superuser authority). In particular, the privilege elevating command determination unit 10b and the authority setting file determination unit 10c determine whether or not there is a setting that cannot be changed unless the user has root authority, and is set to change the authority when using the terminal to the root authority. To do.

  The privilege promotion command determination unit 10 b determines whether or not a command (for example, su command) for changing the operation authority of the command control unit 13 is set in the mobile terminal 1. Normally, the portable terminal 1 cannot execute a command because there is no execution file for a command for changing authority. Further, in order to introduce an execution file of a command into the mobile terminal 1, it is necessary to give root authority to the execution file. Therefore, when the execution file of the above command to which the root authority is granted is included in the mobile terminal 1, the root authority is illegally acquired. In addition, malicious users can use the terminal to issue commands that change the authority temporarily by illegally acquiring root authority by exploiting OS vulnerabilities while the settings for using the terminal only with general user authority are made. In order to use the terminal with root privileges, run this command from the next time.

  The authority setting file determination unit 10c determines whether or not root authority is set in the file for setting the operation authority of the command control unit 13. The command control unit 13 is given authority according to this file at the time of activation. In this file, a value that defines whether the command control unit 13 operates with root authority or general user authority is set. Normally, this file is configured to use the terminal only with general user authority. If the user does not have root authority, the file settings cannot be changed. Therefore, when the root authority is set in the file for setting the operation authority of the command control unit 13, the root authority is illegally acquired. In addition, the malicious user temporarily obtains the root authority illegally by exploiting the OS vulnerability with the above file set to use the terminal only with general user authority. To make it possible to use the terminal with root privileges by normal operation from the next time.

  The communication control file determination unit 10d determines whether or not the setting of a communication control file that can be changed when the user has root authority has been changed. A file for name resolution control related to packet control (for example, a hosts file) is an important file, and settings of these files cannot be changed unless the user has root authority. Therefore, if the communication control file has been tampered with, the root authority has been illegally acquired.

  The access right determination unit 10e is an access right that can be changed when the user has root authority, and is the read / write access right set in a specific directory in the storage unit 14 changed? Determine whether or not. An access authority (permission) related to reading / writing is set in the directory in the storage unit 14. Regardless of whether the user has root authority or general user authority, this access authority is followed when accessing a directory in the storage unit 14. FIG. 3 shows a directory structure of the storage unit 14.

  The area 300 is an area configured by a directory in which files related to the OS are stored. Normally, reading from this area 300 is permitted, but writing is not permitted. If the user does not have root authority, the access authority setting for each directory in the area 300 cannot be changed. Therefore, when the access authority of the area 300 is set to be writable, the root authority is illegally acquired.

  The authority acquisition executable file determination unit 10f determines whether or not a known executable file for changing the authority when using the terminal to the root authority exists in the terminal. In April 2010, an application that illegally obtains root authority includes a common malicious application that takes root authority. In FIG. 3, an execution file of an application installed in the mobile terminal 1 is stored in the directory D1. If an executable file having a specific name (common malicious application name) exists in this directory D1, there is a possibility that the root authority is illegally acquired (or has already been performed).

  The application control unit 10g distributes processing to the application processing unit 10a, the privilege elevating command determination unit 10b, the authority setting file determination unit 10c, the communication control file determination unit 10d, the access right determination unit 10e, and the authority acquisition execution file determination unit 10g. Control. Further, the application control unit 10g stops the operation of the application 10 based on the determination results by the privilege elevation command determination unit 10b, the authority setting file determination unit 10c, the communication control file determination unit 10d, and the access right determination unit 10e ( Control).

  Next, the operation of the application 10 according to the present embodiment will be described. FIG. 4 shows a first operation example of the application 10. In order to start the application 10, the user operates the operation unit 23 and inputs an instruction to start the application 10. Thereafter, as described above, the command information is transmitted from the command control unit 20 of the control device 2 to the command control unit 13 of the portable terminal 1, and the OS 12 executes a process of starting the application 10 based on the command information. When the execution file of the application 10 is read from the storage unit 14 into the work area W1 and the application 10 is activated, the application 10 operates as follows.

  First, the privilege elevating command determination unit 10b confirms a setting related to a command for elevating the authority at the time of using the terminal to the root privilege (hereinafter, privilege elevating command) (step S100). Specifically, the privilege escalation command determination unit 10b confirms whether or not the privilege escalation command execution file is stored in a predetermined directory. For example, this confirmation can be performed by executing which command. Alternatively, the privilege elevating command determination unit 10b executes the privilege elevating command and confirms the execution result notified from the OS 12.

  Subsequently, the privilege elevating command determination unit 10b determines whether or not the privilege elevating command is set in the mobile terminal 1 based on the result of confirmation in step S100 (step S105). When the execution file of the privilege escalation command is stored in a predetermined directory, or when the execution result of the privilege escalation command is notified that the promotion to the root privilege has been performed, the privilege escalation command is transmitted to the mobile terminal 1. Therefore, the process proceeds to step S155. In addition, if the execution file of the privilege escalation command is not stored in the specified directory, or the execution result of the privilege escalation command is notified that the elevation to root privilege has been denied or there is no privilege escalation command. In this case, the privilege elevating command is not set in the mobile terminal 1, and the process proceeds to step S110.

  In step S110, the authority setting file determination unit 10c confirms the setting contents of a file (hereinafter, authority setting file) for setting the authority of the operation of the command control unit 13 (step S110). Specifically, the authority setting file determination unit 10c checks the value set in the authority setting file.

  Subsequently, the authority setting file determination unit 10c determines whether or not root authority is set in the authority setting file based on the result of confirmation in step S110 (step S115). If a value that defines the operation with root authority is set in the authority setting file, root authority is set in the authority setting file, and the process proceeds to step S155. If the value that defines the operation with the general user authority is set in the authority setting file, the root authority is not set in the authority setting file, and the process proceeds to step S120.

  In step S120, the communication control file determination unit 10d confirms the setting contents of a communication control file (hereinafter, communication control file) that can be changed when the user has root authority (step S120). Specifically, at the first activation of the application 10, the communication control file determination unit 10 d confirms the content of the communication control file and records the confirmed content in a predetermined file in the storage unit 14. When the application 10 is activated for the second time or later, the communication control file determination unit 10d confirms the contents of the communication control file and stores a predetermined file in which the contents of the communication control file are recorded when the application 10 is activated for the first time. Read from unit 14.

  Subsequently, the communication control file determination unit 10d determines whether or not the communication control file has been changed (step S125). When the application 10 is first activated, the process proceeds to step S130. When the application 10 is activated for the second time or later, the communication control file determination unit 10d compares the content of the communication control file confirmed in step S120 with the content of the predetermined file read from the storage unit 14. If they are different, the communication control file has been changed, and the process proceeds to step S155. If the two match, the communication control file has not been changed, and the process proceeds to step S130.

  In step S130, the access right determination unit 10e is an access right that can be changed when the user has the root right, and the read right or write access right set in a specific directory in the storage unit 14 is changed. The setting contents are confirmed (step S130). Specifically, the access right determination unit 10e confirms the setting contents of the access authority for a specific directory in the storage unit 14 by executing a command (for example, ls -l command) for checking the setting contents of the access authority. To do.

  Subsequently, the access right determination unit 10e determines whether or not the access right has been changed based on the result of confirmation in step S130 (step S135). If writing of a specific directory in the storage unit 14 is permitted, the access authority has been changed, and the process proceeds to step S155. If only reading of a specific directory in the storage unit 14 is permitted and writing is not permitted, the access authority has not been changed, and the process proceeds to step S140.

  In step S140, the authority acquisition execution file determination unit 10f confirms the application installed in the mobile terminal 1 (step S140). Specifically, the authority acquisition execution file determination unit 10f acquires the name of the application execution file stored in the directory D1 in FIG.

  Subsequently, the authority acquisition executable file determination unit 10f compares the name of the executable file acquired in step S140 with the name of a known executable file that changes the authority when using the terminal to the root authority. It is determined whether or not a known executable file (hereinafter referred to as an authority acquisition executable file) for changing the password to root authority exists in the terminal (step S145). If any of the executable file names acquired in step S140 matches the name of the authority acquisition execution file, the authority acquisition execution file exists in the terminal, and the process proceeds to step S155. If none of the names of the execution files acquired in step S140 match the name of the authority acquisition execution file, the authority acquisition execution file does not exist in the terminal, and the process proceeds to step S150.

  In step S150, the application processing unit 10a performs an original process of the application (step S150). Although not shown in FIG. 4, in the original process of the application, for example, when the application is instructed by an instruction from the user, the application 10 stops (ends) the process according to a normal procedure.

  In step S155, the application control unit 10g executes processing for stopping the application 10 (step S155). When the processing of the application 10 is stopped, the application 10 disappears from the work area W1. As described above, when the setting that can be changed when you have root authority is changed, or when there is a known executable file in the terminal that changes the authority when using the terminal to root authority Since the application 10 is stopped, unauthorized use of the application can be prevented.

  There may be cases where a user who has illegally obtained root authority cannot complain about an application and complains about a problem with the application. In order to avoid this, a warning message may be displayed to notify that “the terminal falls into a dangerous state and an important application is stopped for the purpose of preventing leakage of personal information”. Specifically, in step S155, the application control unit 10g executes a process of displaying a message on the display unit 15 before stopping the process of the application 10. The display unit 15 displays a message according to an instruction from the OS 12.

  FIG. 5 shows a second operation example of the application 10. Hereinafter, only different portions from the first operation example shown in FIG. 4 will be described. The processes in steps S100 to S150 and S155 are the same as the processes shown in FIG. Subsequent to step S150, the application control unit 10g determines whether or not the time elapsed since the start of the process of step S100 has reached a predetermined monitoring cycle (step S160). If the elapsed time has not reached the monitoring cycle, the application control unit 10g causes the application processing unit 10a to execute processing. If the elapsed time reaches the monitoring cycle, the process returns to step S100.

  In the first operation example shown in FIG. 4, processing for preventing unauthorized use of the application is executed only when the application 10 is activated. On the other hand, in the second operation example shown in FIG. 5, after the application 10 is activated, processing for preventing unauthorized use of the application is periodically executed. As a result, it is possible to cope with the act of illegally acquiring root authority while the application is running.

  As described above, according to the present embodiment, unauthorized use of an application can be prevented. In addition, by displaying a warning message before stopping the application, it is possible to urge the user who has illegally acquired the root authority to realize that his / her own action is an illegal action. Even if a malicious application that illegally obtains root privileges is installed on the terminal without the user's knowledge, the user can connect to the terminal by stopping the application or displaying a warning message as described above. It can also be expected to repair the terminal in a safe state by judging that a defect has occurred.

  In this embodiment, an example in which a mechanism for preventing unauthorized use of an application is implemented in a protected application is described. However, an application that executes only processing for preventing unauthorized use of an application is protected. It may be prepared separately from the application. However, as described above, the load for monitoring the activation of the application is reduced by implementing a mechanism for preventing unauthorized use of the application in the application to be protected.

(Second Embodiment)
Next, a second embodiment of the present invention will be described. FIG. 6 shows only the portion according to the second embodiment extracted from the portable terminal 1 according to the present embodiment. The parts not shown are the same as in FIG.

  In the present embodiment, a monitoring unit 16 is added. The monitoring unit 16 operates on the work area W1. The execution file (program) of the monitoring unit 16 is stored in the storage unit 14, and the monitoring unit 16 is activated when the execution file is read from the storage unit 14 into the work area W1.

  The monitoring unit 16 includes a determination unit 16a, a stop unit 16b, and an execution file processing unit 16c. The determination unit 16a performs the same determination as part or all of the privilege elevating command determination unit 10b, the authority setting file determination unit 10c, the communication control file determination unit 10d, and the access right determination unit 10e illustrated in FIG. The stop unit 16b stops the operation of the command control unit 13 operating on the work area W1. The executable file processing unit 16c performs processing such as deletion of the executable file stored in the storage unit 14.

  The monitoring unit 16 operates with root authority in order to stop the operation of the command control unit 13 and delete the execution file. For this reason, a command (for example, a chown command) that gives root authority to the execution file of the monitoring unit 16 is executed by the seller's operation before the portable terminal 1 is shipped. This command requires root privileges.

  Next, the operation of the monitoring unit 16 will be described. The monitoring unit 16 is activated simultaneously with the activation of the mobile terminal 1. The activated monitoring unit 16 determines whether there is a setting change that can be changed when the user has root authority, or whether there is a known executable file that changes the authority when using the terminal to the root authority. . If the setting that can be changed when the user has root authority is changed, or if there is a known executable file that changes the authority at the time of terminal use to root authority, the stop unit 16b displays the command control unit. 13 is executed. When the process of the command control unit 13 is stopped, the command control unit 13 disappears from the work area W1.

  After the processing of the command control unit 13 is stopped, the execution file processing unit 16c deletes the execution file of the command control unit 13 from the storage unit 14. Since the execution file of the command control unit 13 cannot be deleted from the storage unit 14 while the command control unit 13 is operating on the work area W1, the execution file is deleted after the command control unit 13 is stopped.

  In the above, the execution file of the command control unit 13 is deleted from the storage unit 14, but the execution file of the command control unit 13 has the same file name as the execution file and is executed by the command control unit 13. It may be replaced with a fake (dummy) executable file that performs different processing. In this case, the fake executable file is stored in the same directory as the directory where the command control unit 13 execution file was stored. In addition, the execution file of the command control unit 13 is deleted, the file name is changed, or moved to another directory.

  In the above description, the monitoring unit 16 is provided separately from the application, but the monitoring target application may perform the same processing as the monitoring unit 16. Further, the application may be stopped and the command control unit 13 may be stopped by the method described in the first embodiment.

  As described above, according to the present embodiment, when the setting that can be changed when the user has root authority is changed, or the known executable file that changes authority when using the terminal to root authority. Since the command control unit 13 stops when there is a user, the user cannot control the portable terminal 1 from the control device 2. As a result, unauthorized use of the application can be prevented.

  Further, after the command control unit 13 is stopped, the command control unit 13 is deleted by deleting the execution file of the command control unit 13 from the storage unit 14 or replacing the execution file of the command control unit 13 with a fake execution file. It will not be possible to restart. As a result, unauthorized use of the application can be prevented more reliably. Before stopping the command control unit 13 or deleting the execution file of the command control unit 13, a warning message may be displayed as in the first embodiment. As a result, it is possible to encourage a user who has illegally obtained root authority to realize that his / her actions are illegal.

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the above-described embodiments, and includes design changes and the like without departing from the gist of the present invention. . For example, a program for realizing the operations and functions of the application 10 and the monitoring unit 16 according to the above-described embodiment is recorded on a computer-readable recording medium, and the program recorded on the recording medium is stored in the computer of the portable terminal 1. It may be read and executed.

  Here, the “computer” includes a homepage providing environment (or display environment) if the WWW system is used. The “computer-readable recording medium” refers to a storage device such as a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a hard disk built in the computer. Further, the “computer-readable recording medium” refers to a volatile memory (RAM) in a computer system that becomes a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In addition, those holding programs for a certain period of time are also included.

  The program described above may be transmitted from a computer storing the program in a storage device or the like to another computer via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Further, the above-described program may be for realizing a part of the above-described function. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer, what is called a difference file (difference program) may be sufficient.

  DESCRIPTION OF SYMBOLS 1 ... Portable terminal, 2 ... Control apparatus, 3 ... USB cable, 10 ... Application, 10a ... Application processing part, 10b Authority promotion command determination part, 10c ... Authority setting file determination , 10d: Communication control file determination unit, 10e: Access right determination unit, 10f: Authority acquisition execution file determination unit, 10g: Application control unit, 12 ... OS, 21, 13, 20 ... Command control unit, 14, 22 ... Storage unit, 15, 24 ... Display unit, 16 ... Monitoring unit, 16a ... Determination unit, 16b ... Stop unit, 16c ... -Execution file processing unit, 23 ... operation unit, W1, W2 ... work area

Claims (11)

An application processing unit that executes processing defined as application processing;
A determination unit that determines whether or not there is a setting change that can be changed when the user has the highest authority as the authority related to the use of the function in the terminal or the setting change,
A stop unit that stops the application processing unit when it is determined that the change has been made;
A portable terminal comprising:   The mobile terminal according to claim 1, wherein the determination unit determines whether a command for changing the authority is set in the terminal.   The mobile terminal according to claim 1, wherein the determination unit determines whether the highest authority is set in a file for setting the authority when the terminal is used.   The mobile terminal according to claim 1, wherein the determination unit determines whether or not a setting for communication control that can be changed when the user has the highest authority is changed.   The determination unit is an access right that can be changed when the highest right is granted, and the read or write access right set in a specific area in the storage unit for storing the file is changed. The mobile terminal according to claim 1, wherein it is determined whether or not the mobile terminal is present. Further comprising an executable file determination unit for determining whether or not a known executable file for changing the authority related to the use of the function in the terminal and the change of the setting to the highest authority exists in the terminal;
The said stop part stops the said application process part, when the said setting is made or the said execution file exists in a terminal. The Claim 1 characterized by the above-mentioned. The portable terminal described. A command control unit that receives command information for execution control from outside the terminal and notifies the command information to the OS in the terminal;
The mobile terminal according to any one of claims 1 to 6, wherein the stop unit further stops the command control unit when it is determined that the setting has been made. A storage unit for storing an execution file of the command control unit;
The portable terminal according to claim 7, wherein the stop unit further deletes the execution file after the command control unit is stopped. A storage unit for storing an execution file of the command control unit;
The said stop part further replaces the said executable file with the other executable file which performs the process different from the process which the said executable file performs after the said command control part stops. Mobile device.   The mobile terminal according to any one of claims 1 to 9, further comprising a display unit that displays a warning when it is determined that the setting is made. An application processing unit that executes processing defined as application processing;
A determination unit that determines whether or not there is a setting change that can be changed when the user has the highest authority as an authority related to the use of the function in the terminal or the change of the setting;
A stop unit that stops the application processing unit when it is determined that the change has been made;
As a program to make the computer of the portable terminal function.

Images