KR101308859B1 - Terminal having temporary root authority granting function and root authority granting method using the same - Google Patents

Abstract

PURPOSE: A terminal having a temporary administrator authority granting function and a temporary administrator authority granting method using the same are provided to selectively grant temporary root authority for resources in which changes are permitted, thereby increasing user convenience. CONSTITUTION: A deletion and installation managing unit (20) provides a user with a user interface (UI) related to the deletion or installation of an application. A package installer (30) processes a command for the deletion or installation of the application according to the request of the deletion and installation managing unit. A package manager (40) performs the deletion or installation of the application according to the request of the package installer. If a user requests to change the application, the deletion and installation managing unit determines whether it is necessary to have the administrator authority or not. If so, the deletion and installation managing unit requests the administrator authority to the package manager. [Reference numerals] (20) Deletion and installation managing unit; (30) Package installer; (40) Package manager; (50) Installation DB

Description

Terminal having Temporary Root Authority Granting Function and Root Authority Granting Method Using The Same}

The present invention relates to a terminal capable of temporarily granting administrator authority and a method for granting temporary administrator authority using the same.

As devices such as smart phones are rapidly spreading, studies are being actively carried out to enhance hardware and software performance of terminals. In particular, recently, terminal users can access a vast amount of information through related information such as the Internet, and if they want to delete a specific application or module of their own terminal to optimize the terminal, such as securing storage space and improving speed of the terminal. Is getting bigger.

The act of gaining administrator rights in the Android phone's operating system is called rooting, which derives from the term for the act of gaining administrator rights in Linux. In other words, Android uses Linux as its operating system, and the most privileged account in Linux is the root. Rooting allows you to change the user's permissions on the Android operating system to a "super user" to add or remove features not supported by the Android operating system.

In particular, the application that is mounted when the terminal is released, also known as a preload application, is set when the terminal is released so that the user cannot delete the terminal even if the user wants to delete it from the terminal. Must be obtained. Acquiring this administrator authority is called routing as described above, and many users use this routing to delete, modify, or add an application on the terminal according to their own style.

However, incorrectly accessing, modifying, or deleting a module or application for operating the system may result in the loss of the critical module or application that the user wants to use. Even the most basic booting may not be possible. Also imported.

In particular, in a terminal equipped with a Linux-based operating system such as the Android platform, users randomly attempt to root to obtain unauthorized root privileges (ie, administrator privileges) and then internally change the settings or resources by the user. In this case, the device may malfunction due to incorrect handling, or may be exposed to malicious code or malware.

The existing technology solves this problem by fundamentally restricting routing. However, there are limitations in fundamentally limiting routing in that it fundamentally blocks users from gaining the benefit of routing.

The present invention has been made to solve the above-described problems, and when the user wants to delete the application, it is determined whether the administrator authority is required when deleting, and if the administrator authority is required, the package manager communicates with each other in the kernel region. It is an object of the present invention to provide a terminal capable of deleting an application by temporarily receiving administrator authority from a root manager and returning administrator authority and a method of granting temporary administrator authority using the same.

To this end, a terminal according to an embodiment of the present invention, the deletion and installation management unit for providing a user interface related to the deletion or installation of the application to the user, and processing the deletion or installation command of the application at the request of the deletion and installation management unit And a package manager for deleting or installing an application according to a request of the package installer, wherein the deletion and installation management unit requests the change through the package manager when the user requests an application change. Determining whether administrator authority is required to change the configuration, requesting administrator authority from the package manager if administrator authority is required, and the package manager grants administrator authority from the root manager of the kernel region using interprocess communication. It is characterized by receiving.

In this case, the administrator authority may mean access to a system file and control the system file, and the authority to monitor and control the operation of the system.

The root manager may grant the administrator authority to the package manager by installing and executing a super user utility in a system area. The deletion and installation manager changes the requested application in the state of being given the administrator authority, requests the package manager to return the administrator authority, and the package manager uses the interprocess communication to establish The administrator authority may be returned to the root administrator.

The root manager may return the administrator authority to the package manager by terminating and deleting a super user utility of a system area.

The deletion and installation management unit may include an authority determination unit that determines whether an administrator authority is required to change the requested application, a change permission determination unit that determines whether the change requested application is an application that allows the change, and user authentication. It may include an authentication unit for performing. The package manager may include a package deletion and installation processor for deleting or installing an application according to a request of the package installer, and a package information manager for managing installation and deletion information of the application.

In this case, the interprocess communication may be socket communication, and the package manager may use a Java Native Interface (JNI) as an application programming interface (API) for the socket communication.

In addition, the temporary administrator authorization method of the terminal according to an embodiment of the present invention, the step of receiving an application change request from the user using the deletion and installation management unit, and the deletion and installation management unit changes the application requested to change Determining whether the administrator authority is required to do so, and if the administrator authority is required, the deletion and installation management unit requesting the administrator authority from the package manager, and the package manager uses the interprocess communication from the root manager of the kernel region. It may include the step of being granted administrator rights.

The administrator authority means authority to access a system file and control the system file, and to monitor and control the operation of the system.

The root manager may grant the administrator authority to the package manager by installing and executing a super user utility in a system area.

In addition, the temporary administrator authorization method of the terminal according to an embodiment of the present invention includes the step of requesting the package installer to change the application in the state that the deletion and installation management has been granted the administrator authority, the package installer is the Changing the application through a package manager; requesting the package manager to return the administrator authority to the package manager; and wherein the package manager uses the interprocess communication to manage the root manager of a kernel region. And requesting the administrator to return the administrator's authority, and returning the administrator's authority to the package manager by terminating and deleting the super user utility of the system area by the root manager. In addition, the temporary administrator authorization method of the terminal according to an embodiment of the present invention, the deletion and installation management unit determining whether the change-requested application is an application that is allowed to change, and the deletion and installation management unit is a user The method may further include performing authentication.

In this case, the interprocess communication may be socket communication, and the package manager may use a Java Native Interface (JNI) as an application programming interface (API) for the socket communication.

According to a terminal having a temporary administrator authorization function and a temporary administrator authorization method using the same according to the present invention, a change is permitted without effort to change resources in a system area through a rooting process to obtain root authority which is not normally permitted. The user convenience is increased by allowing the system to selectively perform temporary root privileges on the resources.

In addition, although a rooted terminal operating in a root authority state may maintain a security risk state, according to the present invention, the security is relatively improved by taking a task of temporarily granting and retrieving the root authority.

In addition, the present invention by selecting the system resources that can be accessed with the given root authority and operating in accordance with the allowed information can limit the access or change that has a risk factor that the general user can harm the operation of the terminal.

In addition, there is a problem that the existing permanent root terminal detects this and determines that it is a security risk and does not run an application designed to not run on its own. However, the present invention temporarily operates as a root authority only when the allowed operation is performed. This problem can be solved.

1 is a diagram illustrating file access authority in a Linux system.
2 is a schematic structural diagram of an Android root file system.
3 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
4 is a detailed configuration diagram illustrating an operation of a terminal according to an embodiment of the present invention.
5 is a flowchart illustrating a method for granting temporary administrator authority of a terminal according to an embodiment of the present invention.
FIG. 6 is a detailed flowchart of the root authority obtaining method of FIG. 5.
7 is a detailed flowchart of the root authority return method of FIG. 5.
8 is a flowchart illustrating an application deletion in a terminal according to an embodiment of the present invention.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. However, the accompanying drawings and the following description are only possible embodiments of a terminal having a temporary administrator authorization function and a temporary administrator authorization method using the same according to the present invention, and the technical spirit of the present invention is limited by the following contents. Not.

1 is a diagram illustrating file access authority in a Linux system.

Linux systems manage permissions on a file-by-file basis. Looking at the permissions of the file "init.rc" shown in Figure 1 is described as follows.

-rwxr-x --- root root 24482 1970-01-01 09:00 init.rc

Here, the "-rwxr-x ---" display part on the left shows the access right to the file. The authority will be described in detail with reference to the following table.

- Type of file -: File, d: directory, |: link r Authority to the owner of the file r: readable,-: unreadable w w: Can modify and delete,-: Can not modify and delete x x: executable,-: not executable - Authority to the file owner's group r: readable,-: unreadable x w: Can modify and delete,-: Can not modify and delete - x: executable,-: not executable - Privileges for all other users except owner and group r: readable,-: unreadable - w: Can modify and delete,-: Can not modify and delete - x: executable,-: not executable

In Table 1 above, the file “init.rc” is marked as “root / root” after the file permission display. The root shown at the front indicates the owner of the file. Represents a group of file owners. Thus, we can see that “init.rc” is the root of the file and that the group of file owners is defined as root. Thus, according to the above permission definition, the root user, who is the owner of the file, has full permissions for read (R), write (X), and execute (X) the file, but does not belong to the owner, root user, and the group to which the user belongs. Other users (for example, ordinary users) cannot read, edit, or execute this file. In this way, Linux controls file access by owner, group, and other users on a file-by-file basis. The Android platform, which is based on Linux, also works with this file system.

2 is a schematic structural diagram of an Android root file system.

The root file system contains files for system initialization and control of various peripheral devices, and usually has a directory structure mounted as /. The root file system is created in the structure shown in Figure 2 after the Android platform source is compiled. In addition to the Linux root file system, “/ system” and “/ data” folders are added to Android. The file is usually located in “/ system / bin” or “/ system / xbin”.

The most typical method of rooting an Android device is to install (copy) the SU (super user) utility in the form of "/ system / bin" or "/ system / xbin" and execute it. Once root is obtained by running the SU utility (ie, administrator privileges), the files in “/ system / bin” and “system / xbin” can be executed, resulting in the terminal being rooted.

In the case of a terminal adopting the existing Android platform, in order to delete or install a package such as an application or a resource, a package installation related application called a package installer is generally used. At this time, rather than requesting all the packages, the package information is requested to the pre-installed installation database to analyze what authority is required for the deletion or installation of the package.

If the application properties are checked from the package information, it can be seen in which region of the device the package is installed. If the package is installed in the system region, root authority is required for deletion or installation.

At this time, the "application" is a kind of program that the user executes to perform a desired operation on the terminal, and the "resource" is a part constituting a terminal environment such as an icon, a font, and a user interface on the terminal. This application and resource may be modified, installed, or deleted by the user, but as mentioned above, if installed in the system area, it cannot be modified, installed, or deleted without root authority.

In case of downloaded application that can be deleted or installed with general user authority, delete or install through the package manager. Otherwise, provide the user with a message that the deletion or installation is not possible and terminate the deletion or installation process. .

In this case, the application that cannot be deleted or installed may be an application information application basically provided by Android. For example, a preload application installed in a terminal before release by a terminal manufacturer may be used. In general, in the case of a downloaded application, the delete button is provided in the user interface, whereas in the case of the basic application or the preloaded application provided in Android, the delete button is inactivated and the user cannot delete it arbitrarily. That is, because the application package requires root authority to be deleted, the button is deactivated so that the deletion cannot be attempted.

In general, in the case of a terminal device equipped with the Android operating system, the user cannot change system applications or resources. Because the owner of a file corresponding to a system application or resource is root, the non-root general user is restricted from accessing the file to read (R), write (W), or execute (X). In general, the user access is controlled by the UI. Basically, general user authority restricts access rights such as read (R), write (W), and execute (X) on the file. In particular, the Linux file system structure requires write (W) permission to modify or delete a file (a directory is also considered a file). In a mode that operates as a normal user other than root, the owner of the file, If you try to delete or edit the file corresponding to the resource, it will not be executed because you do not have write permission (Permission denied).

In the present invention, the SU utility installation (copying) itself is performed by the system when necessary, and instead of being immediately recovered and deleted after use, a situation where a user's unintended operation occurs due to the rooting causes damage or threatens security. Its feature is to provide a function to prevent continuous exposure. Here, the installation (copy) of the SU utility is a method for granting root authority to a terminal, and any method of temporarily granting root authority to a terminal may be used in addition to such a method.

Hereinafter, a terminal and a temporary administrator authorization method using the same according to an embodiment of the present invention will be described in detail with reference to FIGS. 3 to 8.

3 is a schematic structural diagram of a terminal according to an embodiment of the present invention.

3, the terminal 10 according to an embodiment of the present invention, the deletion and installation management unit 20, the package installer (Package Installer: 30), the package manager (Package Manager: 40), the installation DB It consists of 50.

The terminal 10 may be an example of a terminal adopting an Android platform based on Linux. In addition, a terminal adopting an iOS platform, a Window Mobile platform, and a Bada platform may be used. In addition, the terminal 10 includes a mobile communication terminal, a PDA, a tablet PC, a notebook computer, a PC, and the like.

The deletion and installation management unit 20 refers to an application located in an application layer and providing a user interface related to deletion or installation of an application. On Android terminals, this usually includes “InstallAppDetails” and “Launcher”.

The package installer 30 is an application located in an application layer and serves to process a deletion or installation command of an application according to a request of the deletion or installation management unit 20.

The package manager 40 is located in the framework layer and plays a role of deleting or installing an application application according to a request of the package installer 30. That is, an intent is received from the package installer 30 to request the removal or installation of an application, and according to the intent, an APK installation path (for example, an application installation path) is installed from the installation DB 50 on the Android platform. , / system / app or / data / app) and parses the androidmanifest.xml file of the file from the installed APK file, and collects all the permission information defined in the APK such as various permission information and intent filter information. To be managed. In addition, it receives a broadcast intent generated when a new application is added or deleted, and updates or deletes an address book managed by the user.

4 is a detailed configuration diagram illustrating an operation of a terminal according to an embodiment of the present invention.

Referring to FIG. 4, the deletion and installation management unit 20 and the package installer 30 are located in the application layer 1, the package manager 40 is located in the framework layer 3, and a kernel area: 5. It can be seen that the root management unit 60 is located at).

The deletion and installation management unit 20 may be a management program such as a home launcher or a settings application of the terminal 10, and the step of sending an application deletion intent to the package installer 30 at the request of the user may be the first deletion. It is a request. The deletion and installation management unit 20 further includes an authority determination unit 22, a deletion permission determination unit 24, and an authentication unit 26.

The authority determining unit 22 determines whether administrator authority is required to delete the application that is requested to be deleted. That is, when a request for deleting an application is received from a user, a system application or an application is called to retrieve application information of the installation DB 50 through the package information management unit 42 of the package manager 40 located in the framework layer and delete the corresponding application. Determine whether administrator authority is required, such as a preload application. Here, “administrator authority” means root authority, which is the highest authority on the Android platform, and has authority to access and control system files. As a way of determining whether you need administrator privileges to delete an application, you can generally use the path information of the target system application or resource to determine whether this file is located in a path accessible only by current root privileges. Can be. In other words, the current Android root file system is mainly installed system applications that require root authority in the "/ system" directory, and general users do not have permission except the read (R) permission.

Alternatively, if such access authority information is provided, there may be a method of determining whether root authority is required using the information to be provided. For example, in the case of an application installed in the Android operating system, the platform may check whether a specific flag (FLAG_SYSTEM) of ApplicationInfo is set to check whether the application is a system application. Here is the relevant code to do this:

system Is it an application  Whether or not Checked  Routine 1. System application  Specify path Environment . java ) Private static final File ROOT _ Directory  = getDirectory (“ ANDROID _ ROOT ”,” / system ”); 2. Scan the system directory ( PackageManagerService . java ) p = scanPackageLI ( fullPath , ( mlsRom  ? PackageParser . PARSE _ IS _ SYSTEM ... ) 3. System Application  Occation FLAG _ SYSTEM  grant( PackageManagerService . java ) If (( parseFlags & PackageParser . PARSE _ IS _ SYSTEM )! = 0) {
Pkg . applicationInfo . flags  | = ApplicationInfo . FLAG _ SYSTEM ;
} 4. The system through the granted flag Is it an application  how to check ( PackageManagerService . java ) Private static Boolean isSystemApp ( PackageParser . Package pkg ) {
Return  ( pkg . applicationInfo . flags  & ApplicationInfo . FLAG _ SYSTEM )! = 0;
}

After checking the access right to the application or resource, proceed to the next step to change the permission if the file location requires root authority.

The deletion permission determining unit 24 determines whether the application requested to be deleted is an application that is permitted to be deleted. Be careful when making changes to system applications or resources. In particular, in the case of a system application, there are applications that must be deleted, including contents necessary for the operation of the device. In the case of system resources, missing or changing required resources can cause screen output to be erratic or fail and fail. Therefore, it is necessary to grant root authority only to selectively allowable items without allowing a user to change resources of an unconditional system area.

Databases for applications that can allow deletion and modification, such as system applications, should be placed in system areas that users cannot normally handle. The database specifies whether to allow all applications installed in the system area.

The simplest form is to create a table with the name of the application package as the key and its value as a value that can be deleted or installed (true / false). The package manager 40 already has all the information necessary for deleting or installing the package, such as the name of each package, the location where the code and resources are installed, and the location where the native library is installed. Discrimination is possible. When setting the permission for deletion and the permission for installation respectively, expand the table. Query and match the name of the package and the desired action (delete / install) to the database. If the value is true, you can proceed to the next step.

The authentication unit 26 serves to perform user authentication. That is, the authentication unit 26 serves to authenticate the user in order to distinguish whether or not it operates as a malicious application. The authentication process can be implemented differently depending on the level of security required in the actual implementation.

For example, if you require security at the normal terminal level, you can use the lock pattern, PIN, and password session provided by the existing Android platform to verify that you are the current terminal user. The password of the lock setting is encrypted with a hash and stored in the file format (gesture, key, password.key) in the system data area (/ data / system), so the file can be directly accessed and authenticated. You can also use the LockPatternUils provided for this.

To be more secure, an application that can set a separate password for deleting an application may be additionally implemented in the system setting menu. If a high level of security is required, such as a financial application, an authentication server or a separate authentication module should be provided to perform this.

The package manager 40 further includes a package information management unit 42 and a package deletion or installation processing unit 44.

The package deletion or installation processor 44 performs a role of substantially deleting or installing an application according to a request of the package installer 30.

The package information manager 42 manages installation and deletion information of an application. That is, the package information manager 42 manages installation information, authority information, and the like of an application to be deleted, and retrieves and transmits the information according to a request of the deletion or installation manager 20.

A root manager 60 exists in the kernel region 5, and serves as a server for interprocess communication, which will be described later. Detailed operations will be described later.

The temporary administrator authorization method of the terminal 10 according to an embodiment of the present invention having the configuration of FIG. 4 will be described with reference to FIG. 5 as follows.

The user attempts to change (delete, reinstall, etc.) a resource (application or resource) in the terminal 10 through a user interface provided by an application such as the delete or install manager 20 (S500). In this case, the change operation may be a system application or framework resource reinstallation, but the user may attempt the change operation as described above without distinguishing which resource is the corresponding resource.

When the user requests the application to be deleted in step S500, the authority determining unit 22 of the deletion or installation management unit 20 determines whether root authority is required to delete the corresponding application (S510). To this end, the authority determining unit 22 may request the package information management unit 42 for information on a package of the corresponding application, receive the information, and check the application attribute to determine whether root authority is required to delete the corresponding application. have.

In this case, when it is determined that the application can be deleted in the general user mode, the user request operation is immediately performed in the user mode (S560).

If it is determined that the application can be deleted in the root authority mode, it is determined once again whether the application is a resource that is allowed to be changed (S520). As mentioned earlier, a list of resources that are not allowed to be modified is built in a separate database and can be determined by comparing this list.

When deleting the application, a fatal problem occurs, or when the communication provider does not allow the deletion, the application is terminated immediately without allowing the deletion.

On the other hand, if the application is an application that is allowed to change, the user authentication process is performed to enhance security (S530). At this time, the user authentication process may provide a different method according to the degree of security to recognize the user. If the general level of password or PIN information is secure, you can check whether the user is a terminal user using the terminal locking system provided by the Android platform, and if you require high level authentication, a separate authentication system is required. You can also build and proceed with user authentication.

If it is determined that the operation due to the malicious code is excluded by performing the user authentication process, the process of obtaining the root authority for deleting the corresponding application is performed (S540). Root authority acquisition uses a method of switching to root mode by sending a request to the root management unit 60, which is a Linux kernel daemon. That is, since the terminal 10 is in user mode, in order to perform routing, the terminal 10 must request a routing to the root manager 60 having root authority. PackageManager service that has user authority does not have the authority to execute the root executable file, so it is solved by using socket communication. Therefore, the package manager server (PackageManagerServer) makes a request to the socket client of the native layer (Native Layer) and makes a routing request for the socket communication to the socket server which is the root management unit 60 of the root authority.

The package manager service is implemented in the Java language, and since the root manager 60 is located in the Linux kernel, it is implemented in the C language. Therefore, socket communication requires the use of JNI (Java Native Interface). JNI is an API (Application Programming Interface) designed to access native code (in this case, code written in C) that can be executed only on the platform in programming using the Java language.

Specifically, JNI is implemented in the following order: 1) create Java file, 2) compile Java, 3) create Java header, 4) implement C / C ++ code, 5) compile C / C ++ code, and 6) execute. Therefore, in the same way as above in the package manager service,

Public native boolean requestRooting ();

Create a Iran function, and implement it in the C language on the native layer side, the socket client makes a routing request to the socket server called the root management unit (60). If the promised Socket Port number is 567, the root management unit 60 waits to process the 567 requests, and the socket client can make a routing request to the 567. . The root manager 60 knows that a routing request has been entered through this.

When the root authority grant request is received through the API, the root manager 60 may execute the SU utility stored under a different name in a folder that can be read only by the root authority of the terminal for rooting of the terminal 10. Copy the system / xbin ”or“ / system / bin ”to the path and execute it to convert the terminal into the rooted state. At this time, the installation (copy) of the SU utility is one method for granting the root authority to the terminal. In addition to this method, any method of temporarily granting the root authority to the terminal may be used.

Now, since the root authority can be controlled for all operations of the terminal, the root management unit 60 performs the remount operation so that the entire file system partition can be read (R) and write (W). . As a result, when the root management unit 60 transmits the status of the routing to the socket client through the socket, and delivers it to the package manager service, the package manager service deletes a system application desired by the user.

That is, when the root authority is obtained, the user performs a task requested by the user in the root authority mode (S550), and returns the root authority again (S570) to finish the application deleting operation.

Specifically, the terminal 10 returns the rooted state to the user mode so that the root authority is not maintained for security, and the package manager service sends the unrouting request to the socket client through JNI as in the routing request. This socket client forwards it to the root manager 60. At this time, the root management unit 60 performs a remount operation with read-only authority so that the entire file system can be normally used in user authority while having root authority. Then exit to exit the SU utility, and delete the SU utility that was copied to the “/ system / bin” or “/ system / xbin” directory.

Through such a series of tasks, the terminal is temporarily routed out of the state and returned to the terminal with normal authority, and the user can achieve the intended purpose of deleting the system application.

In this case, the root authority acquisition process S540 and the root authority return process S570 will be described with reference to FIG. 6.

In order to proceed with the operation that requires root authority on the Android platform, a process of communicating with the root management unit 60 that temporarily processes root authority in the kernel area is required, and it is decided to use a socket communication method among inter-process communication. do. Of course, other kinds of interprocess communication methods such as signal, pipe, FIFO, message queue, shared memory, semaphore, and TLI can be used.

As shown in FIG. 6, the Linux root manager 9 opens and waits for a specific port, and requests root authority by connecting a socket to a port of the Linux root manager 9 from the Android platform 7. That is, the Android platform 7 requests the socket I / O to the Linux root manager 9 (S541), and if the requested Linux root manager 9 accepts it (S542), the Android platform 7 sends this socket. The root authority is requested (S543).

In this case, the Linux root management unit 9 obtains the root authority by copying the SU (Super User) utility to the "/ system / xbin" path, which is a system file installation path (S544). Thereafter, the Linux root management unit 9 transmits a message indicating that the root authority has been acquired to the Android platform 7 (S545).

Similarly, FIG. 7 illustrates a method for returning root authority.

If the Android terminal 10 has completed all the tasks to proceed with the root authority, using the connected socket, requests the root authority return to the Linux root management unit 9 (S571). At this time, the Linux root management unit 9 terminates the SU utility, switches to the existing user mode, and removes it so that it is not possible to execute SU again (S572). Thereafter, the Linux root management unit 9 transmits a message indicating that the socket I / O is terminated to the Android platform 7 (S573).

6 and 7 refer to the package manager 40 as a client for socket communication of the framework layer.

An operation of a terminal according to an embodiment of the present invention when a user deletes an application requiring root authority will be described below with reference to FIG. 8.

Referring to FIG. 8, the user 1 requests the application to be deleted from the deletion and installation management unit 20 (S801), and the deletion and installation management unit 20 requests the application deletion request to the authority determination unit 22. In operation S803, the authority judging unit 22 requests authority information from the package information management unit 42 (S805).

The package information management unit 42 queries the authority information from the database of the installation DB 50 and transmits the authority information to the authority determination unit 22 (S807), and the authority determination unit 22 deletes and installs the management unit 20. The authority information is transmitted to the server (S809).

The deletion and installation management unit 20 having received the authority information requests permission information from the deletion permission determination unit 24 to confirm whether the change (deletion) requested to be deleted is an application that is allowed to be deleted. (S811). The permission information determination unit 24 queries the previously built database to determine whether the application requested to be deleted is an application that is allowed to be changed (deleted), and transmits the determined permission information to the deletion and installation management unit 20 (S813). ).

The deletion and installation management unit 20 may allow or disallow the application deletion request of the user based on the received permission information. When it is determined that the application is permitted to be deleted, the deletion and installation management unit 20 requests a user authentication to the authentication unit 26 (S815), and the authentication unit 26 authenticates and authenticates the user by various methods such as a password input. The result is transmitted to the deletion and installation management unit 20 (S817).

When the user authentication is completed, the deletion and installation management unit 20 makes a deletion request to the package installer 30 (S819), and the package installer 30 makes a deletion request to the package deletion and installation processing unit 44 (S821). .

The package deletion and installation processing unit 44 requests root authority by using socket communication (S823), and the root management unit 60 installs and executes the SU utility to root the terminal 10 (S825).

When the routing is completed, the root management unit 60 transmits a root authority approval message indicating that the routing is completed to the package deletion and installation processing unit 44 (S827), and the package deletion and installation processing unit 44 completes the routing, so that the user Performs the requested operation (S829), and requests the root authority return to the root management unit 60 again (S831).

The root management unit 60 terminates and unroutes the SU utility, deletes the SU utility (S833), and transmits a root authority return message to the package deletion and installation processing unit 44 (S835).

The package deletion and installation processing unit 44 transmits a completion notification message to the package installer 30 (S837), and the package installer 30 transmits a completion notification message to the deletion and installation management unit 20 (S839). And the installation management unit 20 displays the completion notification message to the user through the UI (S841).

In this operation, the terminal 10 according to an embodiment of the present invention temporarily acquires the root authority when necessary by using inter-process communication, in particular, socket communication, and then returns the root authority after performing the operation requested by the user. This not only allows users to perform rooting but also enhances security.

10: terminal 20: deletion and installation management unit
30: Package Installer 40: Package Manager
50: installation DB

Claims (19)

A deletion and installation management unit providing a user with a user interface related to the deletion or installation of an application;
A package installer for processing an application for deleting or installing an application at the request of the deletion and installation management unit; And
A package manager for deleting or installing an application according to a request of the package installer,
When the user requests an application change, the deletion and installation management unit determines whether the administrator authority is required to change the requested application through the package manager, and if the administrator authority is required, requests the administrator authority from the package manager. ,
The package manager is characterized in that the administrator is temporarily granted from the root management unit of the kernel region using the inter-process communication. The method of claim 1,
The administrator authority is a terminal that can access a system file and control the system file, and the authority to monitor and control the operation of the system. The method of claim 1,
And the root management unit grants the administrator authority to the package manager by installing and executing a super user utility in a system area. The method of claim 1,
The deletion and installation management unit changes the application for which the change is requested in the state in which the administrator authority has been granted, and requests the package manager to return the administrator authority.
And the package manager requests the root manager of a kernel region to return the administrator authority by using the interprocess communication. 5. The method of claim 4,
And the root manager returns the administrator authority to the package manager by terminating and deleting a super user utility of a system area. 5. The method of claim 4,
The deletion and installation management unit,
An authority determining unit that determines whether an administrator authority is required to change the application for which the change is requested; And
And a change permission determiner configured to determine whether the change-requested application is an application that is allowed to change. The method according to claim 6,
The deletion and installation management unit,
The terminal further comprises an authentication unit for performing user authentication. 5. The method of claim 4,
The package manager,
A package deletion and installation processing unit for deleting or installing an application according to a request of the package installer; And
A terminal comprising a package information management unit for managing the installation and deletion information of the application. 5. The method of claim 4,
The inter-process communication is a terminal, characterized in that the socket communication. 10. The method of claim 9,
The package manager is characterized in that for using the JNI (Java Native Interface) as an application programming interface (API) for the socket communication. Receiving an application change request from a user using a deletion and installation manager;
Determining, by the deletion and installation management unit, that an administrator authority is required to change the requested application;
Requesting administrator rights from a package manager by the deletion and installation manager when administrator rights are required; And
And the package manager temporarily granting administrator authority from a root manager of a kernel region using interprocess communication. 12. The method of claim 11,
The administrator authority is a authority to access a system file and to control the system file, and the temporary administrator authority grant method of the terminal, characterized in that for monitoring and controlling the operation of the system. 12. The method of claim 11,
The root management unit grants the administrator authority to the package manager by installing and executing a super user utility in a system area. 12. The method of claim 11,
Requesting a package installer to change the application while the deletion and installation manager has been granted the administrator authority;
The package installer changing the application through the package manager;
Requesting the package manager to return the administrator authority to the package manager; And
And requesting, by the package manager, the return of the administrator authority to the root manager of a kernel region by using the interprocess communication. 15. The method of claim 14,
And the root management unit returns the administrator authority to the package manager by terminating and deleting a super user utility of a system area. 15. The method of claim 14,
The deletion and installation management unit further comprises the step of determining whether the change-requested application is an application that is allowed to change the temporary administrator authorization method of the terminal. 15. The method of claim 14,
And deleting and installing the management unit to perform user authentication. 15. The method of claim 14,
And the inter-process communication is socket communication. 19. The method of claim 18,
The package manager is a temporary manager authorization method of the terminal, characterized in that for using the JNI (Java Native Interface) as the Application Programming Interface (API) for the socket communication.

Images