JP5443231B2 - Information processing apparatus, information processing method, and program - Google Patents

Description

  The present invention relates to an information processing apparatus, an information processing method, and a program for controlling operations on a setting file created by an application.

  Generally, in an application used in a PC (Personal Computer) or the like, a user can make various settings regarding the function of the application. On the other hand, for example, in an environment where multiple employees use multiple PCs in a company, the administrator (company) side makes various settings for a given application for reasons such as preventing excessive management costs and controlling security risks. There is an intention that employees do not want to change freely.

  As a method of restricting various settings in the application from being freely changed by the user, for example, access to a configuration file (information indicating the contents of various settings in the application) is authenticated by identification information (for example, ID or password). In general, the setting file itself to be accessed is encrypted and held. Such authentication of access to a predetermined file and encryption of a file to be accessed are disclosed in Patent Documents 1 and 2, for example.

JP 2004-110588 A JP 2001-51903 A

  However, the above-described authentication and encryption methods have the following problems. When the application is first executed, the application creates the setting file (for example, ini file) separately from the execution file (for example, exe file) in which the application itself is stored. The created setting file is stored in storage means such as a hard disk. Thereafter, when the setting file is not stored in the storage unit when executed, the application operates to create a new setting file. Therefore, even if the setting file is authenticated or encrypted, if the user finds the setting file and deletes it from the storage unit, the application creates a new setting file. Since authentication and encryption are not set in the new setting file, there is a problem that the user can access the new setting file and freely change the setting.

  In addition, an application must be designed and created from the beginning to perform authentication and encryption, and is ineffective for applications that are already running or cannot be modified.

  The present invention has been made in view of the above circumstances, and controls the setting file of an application so that the user cannot freely change without using access authentication or encryption in the application for each application. An object of the present invention is to provide an information processing apparatus, an information processing method, and a program that can control access to a file.

  In order to achieve such an object, an information processing apparatus according to the present invention is an information processing apparatus in which a setting file indicating contents of settings related to an application is created by a built-in application, and an execution file in which the application itself is stored A first storage means for storing the setting file in the fork of the execution file, a second storage means for storing a first list file indicating the correspondence between the execution file and the setting file, and a first list Based on the file, monitoring means for monitoring the presence or absence of an access request for the setting file, and when the access request is read as a result of monitoring by the monitoring means, a read request to the setting file stored in the first storage means If the access request is a write, write to something other than the first storage means And access control means for a request, and having a.

  The information processing method of the present invention is an information processing method performed by an information processing apparatus in which a setting file indicating the contents of settings related to an application is created by a built-in application, and stores an execution file in which the application itself is stored And a first storage step for storing the setting file in the fork of the execution file and storing it, a second storage step for storing in the predetermined storage means a first list file indicating the correspondence between the execution file and the setting file, A monitoring step for monitoring the presence or absence of an access request for a setting file based on one list file, and if the access request is read as a result of monitoring by the monitoring step, the setting file stored in the first storage means If the request is changed to a read request and the access request is a write, the first And having an access control step of the write request to other 憶手 stages, a.

  The program of the present invention is a program that can be read by an information processing apparatus in which a setting file indicating the contents of settings related to the application is created by a built-in application, and the information processing apparatus stores the application itself. A setting file is stored in the fork of the execution file together with the file and stored in the first storage means, and a first list file indicating the correspondence between the execution file and the setting file is stored in the second storage means. Based on the first list file, the processing device monitors the presence or absence of an access request for the setting file. If the access request is read as a result of the monitoring processing, the setting stored in the first storage means If you change to a read request to a file and the access request is a write request, An access control process to write request to other than the storage means and thereby the execution.

  According to the present invention, it is possible to control a setting file of an application so that the user cannot freely change without using access authentication or encryption in the application for each application, and to control access to the setting file. It becomes possible.

It is a block diagram which shows the structural example of the information processing apparatus which concerns on Embodiment 1 of this invention. It is a figure explaining the example of the preparation stage of the information processing apparatus which concerns on Embodiment 1 of this invention, (a) is a flowchart which shows the operation example at the time of the preparation stage of information processing apparatus, (b) is 1st memory | storage. It is an image figure which shows the example of the execution file and setting file which are memorize | stored in a means, (c) is an image figure which shows the example of the 1st list file memorize | stored in a 2nd memory | storage means. It is a flowchart which shows the operation example after the preparation stage of the information processing apparatus which concerns on Embodiment 1 of this invention. It is a block diagram which shows the structural example of the information processing apparatus which concerns on Embodiment 2 of this invention. It is a figure explaining the example of the preparation stage of the information processing apparatus which concerns on Embodiment 2 of this invention, (a) is a flowchart which shows the operation example at the time of the preparation stage of information processing apparatus, (b) is 3rd memory | storage. It is an image figure which shows the example of the 2nd list file memorize | stored in a means. It is a flowchart which shows the operation example after the preparatory stage of the information processing apparatus which concerns on Embodiment 2 of this invention. It is a block diagram which shows the structural example of the information processing apparatus which concerns on Embodiment 3 of this invention. It is a flowchart which shows the operation example after the preparatory stage of the information processing apparatus which concerns on Embodiment 3 of this invention. It is a flowchart which shows the operation example after the preparatory stage of the information processing apparatus which concerns on Embodiment 4 of this invention.

  DESCRIPTION OF EMBODIMENTS Hereinafter, embodiments (embodiments) for carrying out the present invention will be described in detail with reference to the accompanying drawings.

Embodiment 1
A first embodiment of the present invention will be described. FIG. 1 is a block diagram illustrating a configuration example of the information processing apparatus according to the present embodiment. In the present embodiment, an example of an information processing apparatus will be described as a PC (Personal Computer), but is not limited to a PC, and may be another information processing apparatus.

  As shown in FIG. 1, the PC 1 of this embodiment includes an operation unit 11, a display unit 12, a first storage unit 13, a second storage unit 14, a monitoring unit 15, and an access control unit 16.

  The operation unit 11 is a unit that performs an operation when the user gives an instruction or selection to the PC 1. Examples of hardware that implements the operation means 11 include a mouse and a keyboard.

  The display means 12 is means for displaying various information on the screen to the user. The display unit 12 receives a user instruction and displays a predetermined screen. Examples of hardware that implements the display unit 12 include a video card and a display.

  The 1st memory | storage means 13 memorize | stores the execution file in which the application built in PC1 was stored. The first storage unit 13 stores a setting file created by the application. The setting file is information indicating the content (value) of the setting related to the application. In this embodiment, the first storage unit 13 stores the execution file and the setting file in association with each other. A detailed specific example of the storage method will be described later. Examples of hardware for realizing the first storage unit 13 include a flash memory and a hard disk.

  The second storage unit 14 stores a first list file in which the name of the executable file stored in the first storage unit 13 and the name of the setting file are recorded in association with each other. The setting file referred to here is a setting file that is originally an independent file of the application execution file and whose entity is stored in the first storage unit 13. A specific example in the second storage unit 14 will be described later. Examples of hardware that implements the second storage unit 14 include a flash memory and a hard disk.

  In the present embodiment, for convenience of explanation, the first storage unit 13 and the second storage unit 14 are separated, but they may be combined into one storage unit. However, logically, it is assumed that no files other than those described above are stored in the first storage unit 13 and the second storage unit 14.

  Although not shown in FIG. 1, the PC 1 also includes storage means (other storage means) other than the first storage means 13 and the second storage means 14. The other storage means stores the same setting file (referred to as another setting file) as the setting file stored in the first storage means 13. The other setting file functions as a dummy, so even if it is accessed and written, the writing is not reflected. That is, the actual setting contents are not recorded in the other setting file. The actual setting contents are recorded only in the setting file stored in the first storage unit 13.

  The monitoring unit 15 monitors all access requests issued to the OS. When the monitoring unit 15 detects an access request, the monitoring unit 15 refers to the first list file, and determines whether the detected access request is an access request to a setting file whose name is recorded in the first list file. The monitoring unit 15 notifies the access control unit 16 of the result of this determination. Examples of hardware that implements the monitoring unit 15 include a CPU (Central Processing Unit) and a memory (RAM: Random Access Memory, ROM: Read Only Memory).

  If the result of determination by the monitoring unit 15 is that the detected access request is an access request to a setting file other than the setting file having the name in the first list file, the access control unit 16 delivers the access request as it is to the OS. On the other hand, as a result of the determination by the monitoring unit 15, when the detected access request is an access request to a setting file having a name in the first list file, the access control unit 16 determines whether the access request is read or written. to decide. As a result of the determination, if it is read, the access control means 16 refers to the association of the first list file and changes the content of the access request. That is, the access request is changed to access (read request) to the setting file stored in the alternative data stream of the executable file stored in the first storage unit 13. Then, the access control means 16 delivers the changed access request to the OS. On the other hand, if the result of determination is write, the access control means 16 delivers the access request as it is to the OS (in this case, access to another setting file stored in the other storage means (write). Request)). Examples of hardware that implements the access control means 16 include a CPU and a memory.

  In the present embodiment, for convenience of explanation, the monitoring unit 15 and the access control unit 16 are separated, but they may be combined into one control unit.

  An operation example of the PC 1 configured as described above will be described. First, as a preparation stage, the flow shown in FIG. 2A is executed in the PC 1 by the operation of the administrator.

  First, the administrator uses the operation unit 11 and the display unit 12 in the PC 1 to set the setting file to a desired content (value) using an execution file of a desired application that the user does not want to change the setting. Then, the setting file is stored in the fork of the execution file (S1). Hereinafter, an example of a desired application is word processor software (an application that performs document creation, decoration, layout, and the like) installed on the PC 1, an example of an execution file is an exe file, and an example of a setting file is an ini file.

  Here, a fork is one or more metadata linked to an object in a computer file system. Examples include data forks and resource forks in Apple's HFS file system, and alternative data streams (ADS) in Microsoft's NTFS file system. Hereinafter, an alternative data stream of the NTFS file system will be described as an example. A file is usually composed of only a main stream (normally displayed table data), but a plurality of alternative data streams (back data not normally displayed) can be added. This alternative data stream is basically a hidden file that is invisible to the user, and cannot be accessed if the stream name is unknown. Also, it is not possible to delete only the alternative data stream, and if the alternative data stream is deleted, the main stream is also deleted. In the present embodiment, such a property of the alternative data stream is used to store a setting file that the user does not want to change in the alternative data stream. Thereby, only the setting file can be read.

  From the above, in S1, the ini file of the word processing software is stored in the alternative data stream of the exe file of the selected word processing software (named as app a) by the operation of the administrator. An image at this time is shown in FIG. As shown in FIG. 2B, the ini file (named a.ini) of the application a is associated with the exe file (named a.exe) of the application a. In this state, a. exe and a. ini is stored in the first storage means 13 by the operation of the administrator. Thus a. exe to the alternate data stream a. ini is stored so that a. The ini entity includes information that cannot be accessed when the stream name is unknown, such as a. It is stored in the first storage means 13 together with exe. a. ini is normally invisible to the user, but even if it is found by the user, a. Deleting ini a. exe is also deleted, so the user a. ini cannot be deleted.

  Next, the administrator uses the operation unit 11 and the display unit 12 in the PC 1 to store the first list file in which the name of the execution file and the name of the setting file stored in the first storage unit 13 are recorded in association with each other. Create (S2). That is, in S2, a. exe and a. ini is associated and recorded in the first list file. An image at this time is shown in FIG. This first list file is stored in the second storage means 14 by the operation of the administrator. The association recorded in the first list file is the basis when the access control means 16 changes the content of the access request. Here, as a recording example of the first list file, the recording is performed using the name, but the identification information is not limited to the name but may be other identification information. In the present embodiment, as an example, the number of associations (a set of execution file names and setting file names) to be recorded is one as shown in FIG. 2C, but a plurality of associations may be recorded.

  In the description of the flow in FIG. 2A, the example in which the administrator manually performs S1 and S2 has been described. However, S1 and S2 may be automatically performed by a predetermined application. Further, for changing the contents of the first list file, authentication using an ID, a password, or the like may be performed. This authentication can be performed not only directly by the administrator on the PC 1 but also by accessing the PC 1 from another PC via the network.

  Thus, after the preparation stage shown in FIG. 2A is completed, the flow shown in FIG. 3 becomes possible. Hereinafter, an example of the operation of the PC 1 will be described with reference to FIG. 3, but will be described by taking over the specific example used in FIG. 2.

  After the PC 1 is activated, the monitoring unit 15 monitors access requests to all files issued to the OS (S11).

  When the monitoring unit 15 detects an access request as a result of monitoring, the monitoring unit 15 refers to the first list file and determines whether the access request is an access request to the setting file whose name is recorded in the first list file. (S12). Specifically, as shown in FIG. 2C, in the first list file, a. When the ini is recorded, the monitoring unit 15 determines that the access destination of the detected access request is a. It will be judged whether it is ini.

  As a result of the determination by the monitoring means 15, the detected access request is a. When it is not an access request to ini (S12 / NO), the access control means 16 permits the contents of the access request as the access control means and transfers the request as it is to the OS (S16). However, access control by the OS may be performed and access may be prohibited. On the other hand, as a result of determination by the monitoring means 15, the detected access request is a. If the access request is for ini (S12 / YES), the access control means 16 determines the type of the access request.

  The access control means 16 determines whether the detected access request is read or write (S13).

  If the access request is read as a result of the determination (S13 / read), the access control means 16 refers to the association of the first list file and stores the contents of the access request in the first storage means 13. After changing to access (reading request) to the setting file stored in the alternative data stream of the execution file, the file is transferred to the OS (S14). Specifically, a. Stored in the first storage means 13. stored in the alternate data stream of exe Passed as access to ini.

  On the other hand, if the access request is a write as a result of the determination (S13 / write), the access control means 16 delivers the access request as it is to the OS. Specifically, another a. Stored in the other storage means. Passed as an access to ini (write request).

  By doing so, the setting file stored in the alternative data stream of the executable file stored in the first storage means 13 without causing abnormal operation due to the application not being able to write the setting file. It is possible to prohibit rewriting (one that has recorded the actual setting contents).

  As described above, according to the present embodiment, the setting file of an existing application is controlled so that the user cannot freely change without using authentication or encryption in the application for each application. You can control access to files. Moreover, according to this embodiment, when performing the said control, it is not necessary to change an existing application.

[Embodiment 2]
A second embodiment of the present invention will be described. In the first embodiment, the administrator may want to change the contents of the setting file stored in the first storage unit 13. In that case, the administrator changes the contents using a special program. In this embodiment, the administrator determines whether the access request is from a special program, and if so, it is privileged. Always read / write configuration files.

  FIG. 4 is a block diagram illustrating a configuration example of the information processing apparatus according to the present embodiment. Compared to the configuration shown in FIG. 1 described in the first embodiment, the PC 1 of the present embodiment has a configuration in which a third storage unit 17 is added. The configuration other than the third storage unit 17 is the same as that shown in FIG.

  The third storage unit 17 stores a second list file in which the name of the setting file stored in the first storage unit 13 and the name of a program that can use the setting file are recorded in association with each other. The setting file referred to here is a setting file that is originally an independent file of the application execution file and whose entity is stored in the first storage unit 13. A specific example in the third storage unit 17 will be described later. Examples of hardware for realizing the third storage unit 17 include a flash memory and a hard disk.

  In the present embodiment, for convenience of explanation, the first storage unit 13, the second storage unit 14, and the third storage unit 13 are separated, but they may be combined into one storage unit. However, logically, the first storage unit 13, the second storage unit 14, and the third storage unit 17 will be described assuming that no other files are stored.

  An operation example of the PC 1 configured as described above will be described. First, as a preparation stage, the flow shown in FIG. 5A is executed in the PC 1 by the operation of the administrator. Since S1 and S2 in FIG. 5A are the same as the operations shown in FIG.

  After the creation of the first list file in S2, the administrator can use the setting file name stored in the first storage means 13 and the setting file using the operation means 11 and the display means 12 in the PC 1. A second list file in which the program names are recorded in association with each other is created (S3). An example of a program that can use the setting file is a special program that is used by an administrator and that transmits and receives a file in response to an instruction from a server. Specifically, there is C / S type management operation software in which the administrator centrally manages the settings of the PC 1. Here, as an example, the name of a special program is assumed to be program α. Therefore, in S3, a. ini and program α are associated and recorded in the second list file. An image at this time is shown in FIG. This second list file is stored in the third storage means 17 by the operation of the administrator. The association recorded in the second list file is the basis when the access control means 16 confirms the prior registration of the access request source. Here, as a recording example of the second list file, recording is performed using a name. However, the identification information is not limited to the name but may be other identification information. In this embodiment, as an example, the number of associations (a set file name and a program name) to be recorded is one as shown in FIG. 5B, but a plurality of associations may be recorded.

  In the description of the flow in FIG. 5A, the example in which the administrator manually performs S1 to S3 has been described. However, S1 to S3 may be automatically performed by a predetermined application. In addition, in order to change the contents of the second list file by a special program, authentication using an ID, a password, or the like may be performed. This authentication can be performed not only directly by the administrator on the PC 1 but also by accessing the PC 1 from another PC via the network.

  Thus, after the preparation stage shown in FIG. 5A is completed, the flow shown in FIG. 6 becomes possible. Hereinafter, an operation example of the PC 1 will be described with reference to FIG. 6, but will be described by taking over the specific example used in FIG. 5. Further, in the flow of FIG. 6, operations other than S31 and S32 are the same as the operations shown in FIG.

  As a result of the determination by the monitoring unit 15 in S12, when the detected access request is an access request to a setting file (for example, a.ini) having a name in the first list file (S12 / YES), the access control unit 16 Determines whether the program (request source) that issued the access request is registered (recorded) in the second list file in advance.

  The access control means 16 refers to the second list file and determines whether the request source program name is registered in association with the access target setting file name (for example, a.ini) (S31).

  As a result of the determination, if the request source program name is not in the second list file (S31 / NO), the access control means 16 performs the above-described access request type determination (S13). On the other hand, when the request source program name is in the second list file (S31 / YES), the access control means 16 determines the execution file stored in the first storage means 13 based on the association of the first list file. Access (both read and write) to the setting file stored in the alternative data stream is permitted (S32). Specifically, a. Stored in the first storage means 13. stored in the alternate data stream of exe Access to ini is permitted for both reading and writing.

  As described above, according to the present embodiment, when the administrator changes the contents of the setting file (the one stored in the alternative data stream) stored in the first storage unit 13 using a special program. , You can always read and write to the configuration file.

[Embodiment 3]
Embodiment 3 of the present invention will be described. In the PC 1 according to the first embodiment, for example, in response to a user instruction, a file list acquisition request indicating a file (for example, a file name) stored in the PC 1 (first storage unit 13 and second storage unit 14) is issued. There is. In this case, for example, a generation unit (not shown) (for example, realized by a CPU and a memory) generates a list of file names stored in the first storage unit 13 and the second storage unit 14 and outputs the list to the display unit 12 or the like. . Thereby, the user can confirm what kind of file is stored in the PC 1. Therefore, in this embodiment, before the generated file list is output, the setting file name that the administrator does not want to be changed by the user can be deleted from the file list.

  FIG. 7 is a block diagram illustrating a configuration example of the information processing apparatus according to the present embodiment. Compared with the configuration shown in FIG. 1 described in the first embodiment, the PC 1 of the present embodiment has a configuration in which a changing unit 18 is added. Except for the changing means 18, the configuration is the same as that shown in FIG.

  When the file list is generated in response to the file list acquisition request, the changing unit 18 selects the first file list from the file list before the file list is output to the program (including the application) that is the source of the acquisition request. The file name of the one list file itself and the file name of the setting file indicated in the first list file are removed. Thereafter, the changing means 18 outputs the file list to the acquisition request source program. Therefore, for example, in the file list displayed on the display means 12 by this program, the file name of the first list file itself and the setting file name shown in the first list file are not displayed.

  An operation example of the PC 1 of this embodiment is shown in FIG. The operation example of FIG. 8 is an operation after the preparation stage described in FIG. 2, and in the following description, it is assumed that the specific example described in the first embodiment is taken over. Compared with the operation example shown in FIG. 3 described in the first embodiment, the operation example of FIG. 8 has a configuration in which the operations of S21 to S23 are added. Except for these operations, the operations are the same as those shown in FIG.

  After the PC 1 is activated, the monitoring unit 15 monitors the issued access request (S11). When the access request is detected, the monitoring unit 15 determines whether it is an access request to a generation unit (not shown), that is, a file list acquisition request. (S21).

  As a result of the determination by the monitoring means 15, if the detected access request is not a file list acquisition request (S21 / NO), the process proceeds to the above-described operation of S12. On the other hand, as a result of the determination by the monitoring means 15, if the detected access request is a file list acquisition request (S21 / YES), a file list is generated by a generation means (not shown) (S22).

  The changing unit 18 acquires the file list after removing the first list file name and the setting file name (for example, a.ini) indicated in the first list file from the generated file list. Output to the request source program (S23).

  As described above, according to the present embodiment, the file name of the first list file itself and the setting file name shown in the first list file are removed from the file list. You can prevent users from being notified of the presence of configuration files.

  In the present embodiment, the example applied to the first embodiment has been described. However, the present embodiment can also be applied to the second embodiment. In this case, the changing unit 18 also removes the file name of the second list file itself and the file name (for example, the execution file name and the setting file name) related to the program indicated in the second list file from the file list. To.

[Embodiment 4]
Embodiment 4 of the present invention will be described. In this embodiment, access requests to the first list file and the second list file described in the first and second embodiments are controlled.

  Since the configuration of the PC according to the present embodiment is the same as the configuration shown in FIG. 4 according to the second embodiment described above, description thereof is omitted here.

  An operation example of the PC 1 configured as described above will be described. First, as a preparation stage, the flow shown in FIG. 5A is executed in the PC 1 by the operation of the administrator. As described above, the operations of S1 to S3 are performed. In the present embodiment, the following operations are further performed in S2 and S3.

  In S2, the name of the first list file (referred to as list 1) is recorded in the first list file itself by the operation of the administrator. Similarly, the name of the second list file (referred to as list 2) is also recorded in the first list file. In this case, it is not necessary to associate other file names with the list 1 and the list 2.

  In S3, the name of the first list file (for example, list 1) is associated with the name of the program that can use the first list file (for example, the program α described in the second embodiment) by the operation of the administrator. And recorded in the second list file. Similarly, the name of the second list file (for example, list 2) and the name of the program that can use the second list file (for example, program α) are associated with each other and recorded in the second list file itself.

  Examples of programs that can use the first list file include a program for realizing the monitoring means 15, a program for realizing the access control means 16, a program for realizing the changing means 18, and these means. A program that realizes any combination of the above is also included. An example of a program that can use the second list file is a program for realizing the access control means 16.

Thus, after the preparation stage shown in FIG. 5A is completed, the flow shown in FIG. 9 becomes possible.
9 is the same as the operation shown in FIG. 6 except for S41 to S44, and the description thereof will be omitted.

  As a result of the determination by the monitoring unit 15 in S12, when the detected access request is not an access request to the setting file having the name in the first list file (S12 / NO), the monitoring unit 15 determines that the access request is It is determined whether the access request is for a list file (for example, list 1 or list 2) having a name in the first list file (S41).

  As a result of the determination by the monitoring means 15, if the detected access request is not an access request to the list 1 or 2 (S41 / NO), the access control means 16 permits the contents of the access request as the access control means. Then, the request is transferred to the OS as it is (S16).

  As a result of the determination by the monitoring unit 15, when the detected access request is an access request to the list 1 or 2 (S41 / YES), the access control unit 16 refers to the second list file and determines the access request. It is determined whether the issued program name (for example, program α) is registered (recorded) in advance in association with the list file name to be accessed (for example, list 1 or list 2) (S42).

  As a result of the determination, if the request source program name is not in the second list file (S42 / NO), the access control means 16 disallows the access request, and performs an error notification, for example, on the display means 12 (S44). . Therefore, for example, reading / writing with respect to the list 1 or the list 2 using a program other than the program α (a program having no name in the second list file) is not permitted. On the other hand, when the request source program name is in the second list file (S42 / YES), the access control means 16 permits the access request (S43). Therefore, for example, reading / writing with respect to the list 1 or the list 2 using the program α is permitted.

  As described above, according to the present embodiment, access requests for the first list file and the second list file can be controlled. In the present embodiment, both the first list file and the second list file are controlled, but only one of them may be used.

[Embodiment 5]
Embodiment 5 of the present invention will be described. The operations described in the first to fourth embodiments can be realized by using at least one of hardware and software.

  When the operations of the first to fourth embodiments described above are realized by a program such as middleware, for example, the program in which the processing sequence is recorded is installed in a memory in a computer incorporated in dedicated hardware and executed. May be. Or you may install and run a program in the general purpose computer which can perform various processes.

  Such a program can be recorded in advance on, for example, a hard disk or a ROM, and can be temporarily or permanently stored and recorded on a removable recording medium such as a CD, DVD, or USB memory. It is possible to leave. Such a removable recording medium can be provided as so-called package software.

  In addition to installing the program from the removable recording medium as described above, the program may be wirelessly transferred from the download site to the computer. Or you may wire-transfer to a computer via networks, such as LAN (Local Area Network) and the internet. A computer such as a PC can receive the transferred program and install it on a recording medium such as a built-in hard disk.

  When the operations of the first to fourth embodiments described above are realized by a program, it is not necessary to make all the operations described above into one program, and one or more programs can be selected by arbitrarily selecting and combining the operations. It may be created. As in the above embodiments, it is preferable that the setting file of the program is stored in the fork of the execution file of the program. The program name and the setting file name are preferably associated with each other and recorded in a predetermined correspondence file.

  As mentioned above, although each embodiment of this invention was described, it is not limited to said each embodiment, A various deformation | transformation is possible in the range which does not deviate from the summary.

  For example, it is configured not only to be executed in time series in accordance with the processing operations described in the above embodiments, but also to be executed in parallel or individually as required by the processing capability of the apparatus that executes the processing. It is also possible.

DESCRIPTION OF SYMBOLS 11 Operation means 12 Display means 13 1st memory | storage means 14 2nd memory | storage means 15 Monitoring means 16 Access control means 17 3rd memory means 18 Change means

Claims (11)

An information processing apparatus in which a setting file indicating the content of settings related to the application is created by a built-in application,
First storage means for storing an execution file in which the application itself is stored, and storing the setting file in a fork of the execution file;
Second storage means for storing a first list file indicating a correspondence between the execution file and the setting file;
Monitoring means for monitoring the presence or absence of an access request for the configuration file based on the first list file;
As a result of monitoring by the monitoring unit, when the access request is a read, the request is changed to a read request to a setting file stored in the first storage unit, and when the access request is a write, An access control means for making a write request to other than one storage means;
An information processing apparatus comprising: Third storage means for storing a second list file indicating a correspondence between the setting file indicated in the first list file and a program that can use the setting file;
The access control means includes
As a result of monitoring by the monitoring means, if the program that issued the access request is registered in the second list file, read and write to the setting file stored in the first storage means is permitted,
As a result of monitoring by the monitoring means, if the program that issued the access request is not registered in the second list file, and if the access request is read, the setting file stored in the first storage means 2. The information processing apparatus according to claim 1, wherein if the access request is a write request, the request is a write request to other than the first storage means.   When there is an acquisition request for a file list indicating the identification information of a file stored in the information processing apparatus, the identification information of the first list file, the identification information of the second list file, from the file list, Change means for removing the identification information of the setting file shown in the first list file and the identification information of the file related to the program shown in the second list file, and outputting the information to the program that is the source of the acquisition request The information processing apparatus according to claim 2, further comprising: In addition to the correspondence, at least one of the identification information of the first list file and the identification information of the second list file can be registered in the first list file,
The monitoring means includes
4. The information processing apparatus according to claim 2, wherein presence or absence of an access request for at least one of the first list file and the second list file is monitored based on the first list file. 5. In addition to the correspondence, the second list file can use the correspondence between the first list file and a program that can use the first list file, and the second list file and the second list file. Can register at least one of the correspondence with
The access control means includes
As a result of monitoring by the monitoring means, if there is an access request for the first list file or the second list file and the program that issued the access request is registered in the second list file, the requested list 5. The information processing apparatus according to claim 2, wherein reading and writing to a file are permitted. An information processing method performed by an information processing apparatus in which a setting file indicating the content of settings related to the application is created by a built-in application,
A first storage step of storing an execution file in which the application itself is stored and storing the setting file in a fork of the execution file;
A second storage step of storing a first list file indicating a correspondence between the execution file and the setting file in a predetermined storage unit;
A monitoring step of monitoring presence / absence of an access request to the configuration file based on the first list file;
As a result of monitoring by the monitoring step, when the access request is a read, the request is changed to a read request to a setting file stored in the first storage unit, and when the access request is a write, An access control step for making a write request to other than one storage means;
An information processing method characterized by comprising: A program that can be read by the information processing apparatus in which a setting file indicating the setting contents related to the application is created by a built-in application,
In the information processing apparatus,
Along with the execution file storing the application itself, the setting file is stored in the fork of the execution file and stored in the first storage means,
A first list file indicating a correspondence between the execution file and the setting file is stored in a second storage unit;
In the information processing apparatus,
A monitoring process for monitoring presence / absence of an access request to the configuration file based on the first list file;
As a result of the monitoring process, when the access request is a read, the request is changed to a read request to a setting file stored in the first storage unit, and when the access request is a write, the first storage Access control processing as a write request to other than means,
A program characterized by having executed. In the information processing apparatus,
A second list file indicating a correspondence between the setting file indicated in the first list file and a program that can use the setting file is stored in the third storage unit;
In the information processing apparatus,
As a result of the monitoring process, when the program that issued the access request is registered in the second list file, a process for permitting reading and writing to the setting file stored in the first storage unit;
As a result of the monitoring process, if the program that issued the access request is not registered in the second list file, and if the access request is a read, the setting file stored in the first storage means A change to a read request, and if the access request is a write, a process to make a write request to other than the first storage means;
The program according to claim 7, wherein the program is executed. In the information processing apparatus,
When there is an acquisition request for a file list indicating the identification information of a file stored in the information processing apparatus, the identification information of the first list file, the identification information of the second list file, from the file list, A change process for removing the identification information of the setting file indicated in the first list file and the identification information of the file relating to the program indicated in the second list file and outputting the information to the program that is the source of the acquisition request The program according to claim 8, wherein the program is executed. When at least one of the identification information of the first list file and the identification information of the second list file is registered in the first list file,
In the information processing apparatus,
9. The monitoring process is performed based on the first list file to monitor whether or not there is an access request for at least one of the first list file and the second list file. Or the program of 9. The second list file includes at least correspondence between the first list file and a program that can use the first list file, and correspondence between the second list file and a program that can use the second list file. If one is registered,
In the information processing apparatus,
If there is an access request for the first list file or the second list file as a result of the monitoring process, and the program that issued the access request is registered in the second list file, the requested list file is displayed. The program according to any one of claims 8 to 10, wherein a process for permitting reading and writing is executed.

Images