CN110457894A - Distribution method, device, storage medium and the terminal device of root authority - Google Patents
Distribution method, device, storage medium and the terminal device of root authority Download PDFInfo
- Publication number
- CN110457894A CN110457894A CN201910720524.0A CN201910720524A CN110457894A CN 110457894 A CN110457894 A CN 110457894A CN 201910720524 A CN201910720524 A CN 201910720524A CN 110457894 A CN110457894 A CN 110457894A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- default
- root authority
- terminal
- digital signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses a kind of distribution method of root authority, device, storage medium and terminal devices, the terminal device is equipped with multiple partition holdings, multiple partition holding includes system partitioning and target partition, the distribution method of the root authority includes: when the restarting terminal device entered for the first default stage, device attribute information is obtained from terminal chip, which includes equipment mark code;Digital signature information is obtained from the target partition;The system partitioning is controlled into writable state according to the digital signature information and equipment mark code;It is that the terminal device distributes root authority based on default executable file under the writable state, so as to be conducive to the acquisition of various terminals root authority, method is simple, and it is applied widely, it is highly reliable.
Description
Technical field
This application involves field of communication technology more particularly to a kind of distribution method of root authority, device, storage medium and
Terminal device.
Background technique
Root is unique power user in system, with permission all in system, such as starts or stops a process,
User is deleted or increases, increase or disable hardware etc..Such as: Android Android system administrator's account of Google is just named
It is Root, the Root account possesses the sovereign right of whole system, it has access to that and modifying terminal device almost
All files have the administration authority of highest level.
The process of the Root mobile phone Root authority of mobile phone (also referred to as obtain) namely obtain mobile phone highest access right (namely
Root authority) process, wherein for Android Android system, the process of Root mobile phone is exactly by su executable file in fact
Copy to android system /system/xbin catalogue under, and the process that modification authority is 4755, but due to more and more
Android mobile phone joined various defencive functions, such as selinux (Security-Enhanced Linux, forced symmetric centralization
Security system), user is difficult direct right/system/xbin catalogue and is written with, so that mobile phone can not be made to weigh with root
Limit.
Summary of the invention
The embodiment of the present application provides distribution method, device, storage medium and the terminal device of a kind of root authority, can be applicable in
It is distributed in the root authority of various terminals, it is highly reliable.
The embodiment of the present application provides a kind of distribution method of root authority, is applied to terminal device, the terminal device
Equipped with multiple partition holdings, the multiple partition holding includes system partitioning and target partition, and the distribution method includes:
When the restarting terminal device entered for the first default stage, device attribute information is obtained from terminal chip, institute
Stating device attribute information includes equipment mark code;
Digital signature information is obtained from the target partition;
The system partitioning, which is controlled, according to the digital signature information and equipment mark code enters writable state;
It is that the terminal device distributes root authority based on default executable file under the writable state.
The embodiment of the present application also provides a kind of distributors of root authority, are applied to terminal device, and the terminal is set
Standby to be equipped with multiple partition holdings, the multiple partition holding includes system partitioning and target partition, and the distributor includes:
First acquisition unit, for being obtained from terminal chip when the restarting terminal device entered for the first default stage
Device attribute information is taken, the device attribute information includes equipment mark code;
Second acquisition unit, for obtaining digital signature information from the target partition;
Control unit, it is writeable for being entered according to the digital signature information and the equipment mark code control system partitioning
Enter state;
Allocation unit, for being terminal device distribution based on default executable file under the writable state
Root authority.
Further, described control unit specifically includes:
Subelement is determined, for determining informative abstract according to Message Digest 5 and the equipment mark code;
Subelement is decrypted, for the digital signature information to be decrypted using default public key, obtains decryption abstract;
Judgment sub-unit, for judging whether the terminal device is awarded according to the informative abstract and decryption abstract and repairing
Change permission;
Subelement is controlled, if controlling the system partitioning into writable state for modification authority to be awarded.
Further, the judgment sub-unit is specifically used for:
Judge whether the decryption abstract and informative abstract are identical;
If they are the same, then judge that modification authority is awarded in the terminal device;
If not identical, judge that modification authority is not awarded for the terminal device.
Further, the device attribute information further includes terminal models and/or version number, and the determining subelement is specific
For:
The equipment mark code and the terminal models and/or version number are combined, combinational code is obtained;
The combinational code is handled using Message Digest 5, obtains informative abstract.
Further right, the control subelement is specifically used for:
When the terminal device is in the first default stage, the writing protection function of the system partitioning is closed;
When the terminal device entered for the second default stage by the described first default stage, access control module is arranged
At tolerant mode, and access correction verification module is closed, so that the system partitioning enters writable state, wherein in the tolerance
Under mode, the multiple partition holding is allowed to unauthorized access.
Further, the allocation unit is specifically used for:
Default executable file is stored under the target directory of the system partitioning, and rights parameters are revised as presetting
Numerical value, to distribute root authority for the terminal device.
Further, the distributor of the root authority further includes storage unit, is used for:
Before obtaining digital signature information in the target partition, preset when terminal device booting enters second
When the stage, the device attribute information is obtained from terminal chip, and the device attribute information is written in target partition
Default bias position, so that brush machine software obtains the device attribute information from the default bias position, and according to described
Device attribute information generates digital signature information, and the digital signature information is stored at the default bias position later;
The second acquisition unit is specifically used for: described in obtaining from the default bias position in the target partition
Digital signature information.
The embodiment of the present application also provides a kind of computer readable storage medium, a plurality of finger is stored in the storage medium
It enables, described instruction is suitable for being loaded by processor to execute the distribution method of any of the above-described root authority.
The embodiment of the present application also provides a kind of terminal device, including processor and memory, the processor with it is described
Memory is electrically connected, and the memory is for storing instruction and data, the processor are used to execute described in any of the above-described
Root authority distribution method in step.
Distribution method, device and the storage medium of root authority provided by the present application, are applied to terminal device, which sets
Standby to be equipped with multiple partition holdings, multiple partition holding includes system partitioning and target partition, when the restarting terminal device enters
When the first default stage, by obtaining device attribute information from terminal chip, which includes equipment mark code,
Then, digital signature information is obtained from the target partition, and this is controlled according to the digital signature information and equipment mark code and is
Subregion of uniting enters writable state, is that the terminal device distributes root based on default executable file under the writable state
Permission, so as to be conducive to the acquisition of various terminals root authority, method is simple, applied widely, highly reliable.
Detailed description of the invention
With reference to the accompanying drawing, it is described in detail by the specific embodiment to the application, the technical solution of the application will be made
And other beneficial effects are apparent.
Fig. 1 is the flow diagram of the distribution method of root authority provided by the embodiments of the present application.
Fig. 2 is the flow diagram of mobile phone root authority acquisition process provided by the embodiments of the present application.
Fig. 3 is another flow diagram of the distribution method of root authority provided by the embodiments of the present application.
Fig. 4 is the structural schematic diagram of the distributor of root authority provided by the embodiments of the present application.
Fig. 5 is another structural schematic diagram of the distributor of root authority provided by the embodiments of the present application.
Fig. 6 is the structural schematic diagram of control unit 30 provided by the embodiments of the present application.
Fig. 7 is the structural schematic diagram of terminal device provided by the embodiments of the present application.
Fig. 8 is another structural schematic diagram of terminal device provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, those skilled in the art's every other implementation obtained without creative efforts
Example, shall fall in the protection scope of this application.
A kind of distribution method of root authority is applied to terminal device, which is equipped with multiple partition holdings, this is more
A partition holding includes system partitioning and target partition, the distribution method of the root authority include: when the restarting terminal device into
When entering for the first default stage, device attribute information is obtained from terminal chip, which includes equipment mark code;From
Digital signature information is obtained in the target partition;The system partitioning is controlled according to the digital signature information and equipment mark code to enter
Writable state;It is that the terminal device distributes root authority based on default executable file under the writable state.
As shown in Figure 1, Fig. 1 is the flow diagram of the distribution method of root authority provided by the embodiments of the present application, it should
The distribution method of root authority is applied to terminal device, which is equipped with multiple partition holdings, multiple partition holding packet
System partitioning and target partition are included, detailed process can be such that
S101. when the restarting terminal device entered for the first default stage, device attribute information is obtained from terminal chip,
The device attribute information includes equipment mark code.
In the present embodiment, which refers to LK (little kernel) stage, is before system kernel starts
Vectoring phase, be mainly used for initialize hardware, be loaded into kernel, configuration initialization register and command line parameter etc..It can be with
Terminal is obtained by the system API (Application Programming Interface, application programming interface) of terminal
Device attribute information in chip, the device attribute information refer mainly to attribute information related with terminal, such as equipment mark code,
Wherein the equipment mark code is the unique identifier of terminal, can be terminal SN (Serial Number, product ID)
Code.
S102. digital signature information is obtained from the target partition.
In the present embodiment, terminal rom chip can be divided into multiple partition holdings, and different partition holdings are for storing not
Same data realize that different function, such as system system partitioning are used for storage system file, and cache subregion is used for memory buffers
Data, userdata subregion is for storing user data etc..The target partition refers in terminal device except system system partitioning
Except some specified partition, such as Proinfo subregion.It is easily understood that the digital signature information should be stored in advance
Alright, that is, before above-mentioned steps S102, the distribution method of the root authority further include:
When terminal device booting entered for the second default stage, the device attribute information is obtained from terminal chip, and
The default bias position in target partition is written into the device attribute information, so that brush machine software obtains from the default bias position
The device attribute information is taken, and digital signature information is generated according to the device attribute information, later deposits the digital signature information
Storage is at the default bias position.
At this point, above-mentioned steps S102 is specifically included: obtaining the number from the default bias position in the target partition
Signing messages.
In the present embodiment, which can be manually set, for example assume that target partition memory capacity is 10M,
Then default bias position can be the initial memory address where 8M.The second default stage refers to the kernel stage, is
Kernel startup stage, be mainly used for starting some associated process, for example, starting idle idle process, kernel_init process,
Kthreadd process etc..
The brush machine software may be mounted on other terminal devices, such as tablet computer, in general, on other terminal devices
Application software can not obtain SN information directly from the terminal chip of this terminal device, but can read in partition holding
Data, and in view of data could be only written in system system partitioning when with root authority, so this terminal device must
The device attribute informations such as SN must be stored in the target partition in addition to system system partitioning in advance, specifically, this terminal
Equipment can run a native process, utilize in the native process when each booting enters the kernel stage
System API obtains device attribute information from terminal chip and is stored, so that other terminal devices can get the equipment category
Property information, later, digital signature information can be generated in other terminal devices, which added using unsymmetrical key
What secret skill art and digital digest technical treatment obtained.
S103. the system partitioning is controlled into writable state according to the digital signature information and equipment mark code.
In the present embodiment, which, which refers to, can carry out disk-read and writing disk manipulation to system partitioning.
For example, above-mentioned steps S103 can specifically include:
1-1 determines informative abstract according to Message Digest 5 and the equipment mark code;
1-2 is decrypted the digital signature information using default public key, obtains decryption abstract;
1-3 judges whether the terminal device is awarded modification authority according to the informative abstract and decryption abstract;
If modification authority is awarded in 1-4, the system partitioning is controlled into writable state.
In the present embodiment, which refers mainly to MD5 (Message-Digest Algorithm)Algorithm.This is pre-
It, also can be on this terminal device and other terminal devices respectively if public key and the encryption key of digital signature information are corresponding
Storage of public keys and private key, the private key is in advance encrypting device attribute information, the logarithm when public key is for verifying authorization
The decryption of word signing messages.
Specifically, the informative abstract can be directly when device attribute information only has equipment mark code (namely SN code)
The processing of SN code is obtained using MD5 algorithm, and is enhancing validation difficulty, raising is security verified, which may be used also
To include other information, such as terminal models and/or version number, at this point, the determination of the informative abstract is also required to combine these letters
Breath, that is, above-mentioned steps 1-1 can specifically include:
The equipment mark code and the terminal models and/or version number are combined, combinational code is obtained;
The combinational code is handled using Message Digest 5, obtains informative abstract.
In the present embodiment, which can be manually set, and can be sequence according to the rules each character code is simple
Single group close, built-up sequence can be equipment mark code, terminal models, version number, can also before combining or combination after to word
Symbol is centainly handled, for example is transformed into the decimal system or hexadecimal etc., later, calculates combinational code using MD5 algorithm
Informative abstract.
Wherein, above-mentioned steps 1-3 can specifically include:
Judge whether the decryption abstract and informative abstract are identical;
If they are the same, then judge that modification authority is awarded in the terminal device;
If not identical, judge that modification authority is not awarded for the terminal device.
In the present embodiment, when decryption abstract is equal with informative abstract, illustrates encrypted public key and decrypted private key is a pair,
The acquisition of root authority be it is legal, it is otherwise illegal.
Wherein, above-mentioned steps " controlling the system partitioning into writable state " specifically include:
When the terminal device is in the first default stage, the writing protection function of the system partitioning is closed;
When the terminal device entered for the second default stage by the first default stage, access control module is arranged to width
Molar formula, and access correction verification module is closed, so that the system partitioning enters writable state, wherein, should under the tolerance mode
Multiple partition holdings are allowed to unauthorized access.
In the present embodiment, the configuration of writing protection function is usually in LK phase process, and writing protection function is by terminal
EMMC register is set in equipment to realize, each partition holding of physical EM MC can be made to be in not writeable state, and if
Want to realize root, it is necessary to copy to su executable file in system system partitioning, therefore, it is necessary to before replicating file extremely
The writing protection function of system system partitioning is closed less, and the writing protection function of other partition holdings can retain.
The configuration of access control module selinux (security-enhanced linux) is usually in the kernel stage
Processing, selinux are used to carry out safe context examination to the resource of each object accesses system in system comprising two kinds
Mode: Enforcing Mode compulsory mode and Permissive Mode tolerance mode, selinux is in strong under default situations
Molding formula, wherein compulsory mode is used for the access that intercepting system does not configure, and prints LOG log, and tolerant mode is served only for
Record LOG, but inreal Intercept Interview.Due under compulsory mode, can not traversal queries or modification partition directory, therefore can not will
Su executable file copy to system /system/xbin catalogue under, therefore, selinux must be arranged before replicating file
For tolerant mode.Specifically, compiling ALLOW_PERMISSIVE_SELINUX=1 can be modified, such kernel stage starts
It when selinux, will be obtained from androidboot.selinux, rather than default configuration is compulsory mode.
The configuration for accessing correction verification module DM-verity (device-mapper-verity) is usually in the kernel stage
Compilation phase processing, can the compilation phase generate image file Hash tree, if terminal device run when to use
Certain block number evidence in system system partitioning, system can detect automatically the record data in the data and the Hash tree whether
Match, do not allow then if mismatch using this block number evidence, in this context, is held to su is written in system system partitioning
Style of writing part, then must first close DM-verity.
It S104. is that the terminal device distributes root authority based on default executable file under the writable state.
For example, above-mentioned steps S104 can specifically include:
The storage of default executable file is arrived under the target directory of the system partitioning, and rights parameters are revised as present count
Value, to distribute root authority for the terminal device.
In the present embodiment, which is mainly that su executes file, which is system system point
The root in area, namely/system/xbin, the default value are manually set, for example are 4755.
It can be seen from the above, the distribution method of root authority provided in this embodiment, is applied to terminal device, the terminal device
Equipped with multiple partition holdings, multiple partition holding includes system partitioning and target partition, when the restarting terminal device enters the
When one default stage, by obtaining device attribute information from terminal chip, which includes equipment mark code, is connect
, digital signature information is obtained from the target partition, and the system is controlled according to the digital signature information and equipment mark code
Subregion enters writable state, is that the terminal device distributes root power based on default executable file under the writable state
Limit, so as to be conducive to the acquisition of various terminals root authority, method is simple, applied widely, highly reliable.
Fig. 2 and Fig. 3 are referred to, first terminal equipment and second terminal will be applied to below with the distribution method of root authority
It in equipment, is described in detail, wherein first terminal equipment is mobile phone, and second terminal equipment is computer, this first
Terminal device is equipped with multiple partition holdings, and multiple partition holding includes system partitioning and target partition.
S201. when booting entered for the second default stage, first terminal equipment obtains equipment category from own terminal chip
Property information, and by the device attribute information be written target partition in default bias position, which includes equipment
Identification code.
For example, can set mobile phone be switched on every time enter the kernel stage when, obtained in native process with system API
The SN information in terminal chip is taken, and is stored to the position that specifies Offsets of Proinfo subregion.
S202. the mounted brush machine software of second terminal equipment utilization obtains the device attribute from the default bias position
Information, and digital signature information is generated according to the device attribute information, it is default inclined that the digital signature information is stored in this later
At pan position.
For example, user can install brush machine software on computers, and computer is connect with mobile phone, which can be
It is downloaded from some platforms, brush machine software can obtain the SN code from the default bias position in mobile phone later, and to utilization
Default private key signs to it, is stored in mobile phone after obtaining digital signature information.
S203. when rebooting into for the first default stage, first terminal equipment obtains the equipment from own terminal chip
Attribute information, and the digital signature information is obtained from the default bias position.
S204. first terminal equipment determines informative abstract according to Message Digest 5 and the equipment mark code, and using in advance
If the digital signature information is decrypted in public key, decryption abstract is obtained.
S205. first terminal equipment judges whether the decryption abstract and informative abstract are identical, if they are the same, then executes following steps
Rapid S206 is not executed to re-start and is restarted detection if unequal.
For example, after computer end sets digital signature information in mobile phone, mobile phone can be restarted, and into
When entering the LK stage, SN information is obtained from chip, while believing from the position acquisition digital signature that specifies Offsets of Proinfo subregion
Breath, later, is decrypted digital signature information using default public key, under normal circumstances, the solution that legal brush machine process obtains
Close abstract and the informative abstract of generation can be identical.
S206. when being in the first default stage, first terminal equipment closes the writing protection function of the system partitioning, when
When entering for the second default stage by the first default stage, access control module is arranged to tolerant mode by first terminal equipment,
And access correction verification module is closed, so that the system partitioning enters writable state, wherein multiple to deposit under the tolerance mode
Storage subregion is allowed to unauthorized access.
For example, when decryption abstract is identical with informative abstract, illustrate that permission modification is authorized, at this point it is possible to
The LK stage generates licensing status information, and the licensing status information is passed to kernel rank by command line order line
Section, and in the LK stage of licensing status, mobile phone can close the writing protection function to system system partitioning, in licensing status
Kernel stage, mobile phone can modify compiling ALLOW_PERMISSIVE_SELINUX=1, and such kernel stage starts
It when selinux, will be obtained from androidboot.selinux, selinux is configured to Permissive Mode wide
Molar formula, rather than the Enforcing Mode compulsory mode defaulted, while in the compilation phase, mobile phone can close DM-
verity。
S207. under the writable state, the storage of default executable file is arrived the system partitioning by first terminal equipment
Under target directory, and rights parameters are revised as default value, to distribute root authority for the terminal device.
For example, su can be executed the root that file copies to system system partitioning, namely/system/ by mobile phone
In xbin, and it is 4755 that permission, which is arranged, at this point, mobile phone has root authority, user can be to any process, the use in mobile phone
Family account, hardware etc. are controlled, certainly, to inform user's brush machine as a result, a prompting interface, the prompting interface can be generated
On can show texts such as " root success ".
The method according to described in above-described embodiment, the present embodiment are further by the angle of the distributor from root authority
It is described, the distributor of the root authority can be used as independent entity specifically to realize.
Referring to Fig. 4, the distributor of root authority provided by the embodiments of the present application has been described in detail in Fig. 4, it is applied to eventually
End equipment, the terminal device may include mobile phone, tablet computer, individual PC etc., which is equipped with multiple partition holdings, should
Multiple partition holdings include system partitioning and target partition, and the distributor of the root authority may include: first acquisition unit
10, second acquisition unit 20, control unit 30 and allocation unit 40, in which:
(1) first acquisition unit 10
First acquisition unit 10, for being obtained from terminal chip when the restarting terminal device entered for the first default stage
Device attribute information is taken, which includes equipment mark code.
In the present embodiment, which refers to LK (little kernel) stage, is before system kernel starts
Vectoring phase, be mainly used for initialize hardware, be loaded into kernel, configuration initialization register and command line parameter etc..It can be with
Terminal is obtained by the system API (Application Programming Interface, application programming interface) of terminal
Device attribute information in chip, the device attribute information refer mainly to attribute information related with terminal, such as equipment mark code,
Wherein the equipment mark code is the unique identifier of terminal, can be terminal SN (Serial Number, product ID)
Code.
(2) second acquisition unit 20
Second acquisition unit 20, for obtaining digital signature information from the target partition.
In the present embodiment, terminal rom chip can be divided into multiple partition holdings, and different partition holdings are for storing not
Same data realize that different function, such as system system partitioning are used for storage system file, and cache subregion is used for memory buffers
Data, userdata subregion is for storing user data etc..The target partition refers in terminal device except system system partitioning
Except some specified partition, such as Proinfo subregion.It is easily understood that the digital signature information should be stored in advance
Alright, that is, referring to Fig. 5, the distributor of the root authority further includes storage unit 50, is used for:
Before obtaining digital signature information in the target partition, entered for the second default stage when the terminal device is switched on
When, the device attribute information is obtained from terminal chip, and the default bias in target partition is written into the device attribute information
Position, so that brush machine software obtains the device attribute information from the default bias position, and it is raw according to the device attribute information
At digital signature information, the digital signature information is stored at the default bias position later.
At this point, the second acquisition unit 20 is specifically used for: obtaining from the default bias position in the target partition should
Digital signature information.
In the present embodiment, which can be manually set, for example assume that target partition memory capacity is 10M,
Then default bias position can be the initial memory address where 8M.The second default stage refers to the kernel stage, is
Kernel startup stage, be mainly used for starting some associated process, for example, starting idle idle process, kernel_init process,
Kthreadd process etc..
The brush machine software may be mounted on other terminal devices, such as tablet computer, in general, on other terminal devices
Application software can not obtain SN information directly from the terminal chip of this terminal device, but can read in partition holding
Data, and in view of data could be only written in system system partitioning when with root authority, so this terminal device must
The device attribute informations such as SN must be stored in the target partition in addition to system system partitioning in advance, specifically, this terminal
Equipment can run a native process, utilize in the native process when each booting enters the kernel stage
System API obtains device attribute information from terminal chip and is stored, so that other terminal devices can get the equipment category
Property information, later, digital signature information can be generated in other terminal devices, which added using unsymmetrical key
What secret skill art and digital digest technical treatment obtained.
(3) control unit 30
Control unit 30, for according to the digital signature information and equipment mark code control the system partitioning enter it is writable
State.
In the present embodiment, which, which refers to, can carry out disk-read and writing disk manipulation to system partitioning.
For example, referring to Fig. 6, which is specifically included:
Subelement 31 is determined, for determining informative abstract according to Message Digest 5 and the equipment mark code;
Subelement 32 is decrypted, for the digital signature information to be decrypted using default public key, obtains decryption abstract;
Judgment sub-unit 33, for judging whether the terminal device is awarded modification according to the informative abstract and decryption abstract
Permission;
Subelement 34 is controlled, if controlling the system partitioning into writable state for modification authority to be awarded.
In the present embodiment, which refers mainly to MD5 (Message-Digest Algorithm)Algorithm.This is pre-
It, also can be on this terminal device and other terminal devices respectively if public key and the encryption key of digital signature information are corresponding
Storage of public keys and private key, the private key is in advance encrypting device attribute information, the logarithm when public key is for verifying authorization
The decryption of word signing messages.
Specifically, the informative abstract can be directly when device attribute information only has equipment mark code (namely SN code)
The processing of SN code is obtained using MD5 algorithm, and is enhancing validation difficulty, raising is security verified, which may be used also
To include other information, such as terminal models and/or version number, at this point, the determination of the informative abstract is also required to combine these letters
Breath, that is, the device attribute information further includes terminal models and/or version number, which is specifically used for:
The equipment mark code and the terminal models and/or version number are combined, combinational code is obtained;
The combinational code is handled using Message Digest 5, obtains informative abstract.
In the present embodiment, which can be manually set, and can be sequence according to the rules each character code is simple
Single group close, built-up sequence can be equipment mark code, terminal models, version number, can also before combining or combination after to word
Symbol is centainly handled, for example is transformed into the decimal system or hexadecimal etc., later, calculates combinational code using MD5 algorithm
Informative abstract.
Wherein, which is specifically used for:
Judge whether the decryption abstract and informative abstract are identical;
If they are the same, then judge that modification authority is awarded in the terminal device;
If not identical, judge that modification authority is not awarded for the terminal device.
In the present embodiment, when decryption abstract is equal with informative abstract, illustrates encrypted public key and decrypted private key is a pair,
The acquisition of root authority be it is legal, it is otherwise illegal.
Wherein, which is specifically used for:
When the terminal device is in the first default stage, the writing protection function of the system partitioning is closed;
When the terminal device entered for the second default stage by the first default stage, access control module is arranged to width
Molar formula, and access correction verification module is closed, so that the system partitioning enters writable state, wherein, should under the tolerance mode
Multiple partition holdings are allowed to unauthorized access.
In the present embodiment, the configuration of writing protection function is usually in LK phase process, and writing protection function is by terminal
EMMC register is set in equipment to realize, each partition holding of physical EM MC can be made to be in not writeable state, and if
Want to realize root, it is necessary to copy to su executable file in system system partitioning, therefore, it is necessary to before replicating file extremely
The writing protection function of system system partitioning is closed less, and the writing protection function of other partition holdings can retain.
The configuration of access control module selinux (security-enhanced linux) is usually in the kernel stage
Processing, selinux are used to carry out safe context examination to the resource of each object accesses system in system comprising two kinds
Mode: Enforcing Mode compulsory mode and Permissive Mode tolerance mode, selinux is in strong under default situations
Molding formula, wherein compulsory mode is used for the access that intercepting system does not configure, and prints LOG log, and tolerant mode is served only for
Record LOG, but inreal Intercept Interview.Due under compulsory mode, can not traversal queries or modification partition directory, therefore can not will
Su executable file copy to system /system/xbin catalogue under, therefore, selinux must be arranged before replicating file
For tolerant mode.Specifically, compiling ALLOW_PERMISSIVE_SELINUX=1 can be modified, such kernel stage starts
It when selinux, will be obtained from androidboot.selinux, rather than default configuration is compulsory mode.
The configuration for accessing correction verification module DM-verity (device-mapper-verity) is usually in the kernel stage
Compilation phase processing, can the compilation phase generate image file Hash tree, if terminal device run when to use
Certain block number evidence in system system partitioning, system can detect automatically the record data in the data and the Hash tree whether
Match, do not allow then if mismatch using this block number evidence, in this context, is held to su is written in system system partitioning
Style of writing part, then must first close DM-verity.
(4) allocation unit 40
Allocation unit 40, for being terminal device distribution based on default executable file under the writable state
Root authority.
For example, the allocation unit 40 is specifically used for:
The storage of default executable file is arrived under the target directory of the system partitioning, and rights parameters are revised as present count
Value, to distribute root authority for the terminal device.
In the present embodiment, which is mainly that su executes file, which is system system point
The root in area, namely/system/xbin, the default value are manually set, for example are 4755.
When it is implemented, above each unit can be used as independent entity to realize, any combination can also be carried out, is made
It is realized for same or several entities, the specific implementation of above each unit can be found in the embodiment of the method for front, herein not
It repeats again.
It can be seen from the above, the distribution method of root authority provided in this embodiment, is applied to terminal device, the terminal device
Equipped with multiple partition holdings, multiple partition holding includes system partitioning and target partition, when the restarting terminal device enters the
When one default stage, device attribute information is obtained from terminal chip by first acquisition unit 10, the device attribute information packet
Equipment mark code is included, then, second acquisition unit 20 obtains digital signature information, 30 basis of control unit from the target partition
The digital signature information and equipment mark code control the system partitioning into writable state, under the writable state, adjust
It is that the terminal device distributes root authority that module 40, which is based on default executable file, so as to be conducive to various terminals root authority
Acquisition, method is simple, applied widely, highly reliable.
In addition, the embodiment of the present application also provides a kind of terminal device, which can be smart phone, tablet computer
Etc. equipment.As shown in fig. 7, terminal device 200 includes processor 201, memory 202.Wherein, processor 201 and memory 202
It is electrically connected.
Processor 201 is the control centre of terminal device 200, utilizes various interfaces and the entire terminal device of connection
Various pieces by the application program of operation or load store in memory 202, and are called and are stored in memory 202
Data, execute terminal device various functions and processing data, thus to terminal device carry out integral monitoring.
In the present embodiment, which is equipped with multiple partition holdings, and multiple partition holding includes system partitioning
And target partition, the processor 201 in terminal device 200 can apply journey for one or more according to following step
The corresponding instruction of the process of sequence is loaded into memory 202, and is run by processor 201 and be stored in answering in memory 202
With program, to realize various functions:
When the restarting terminal device entered for the first default stage, device attribute information is obtained from terminal chip, this sets
Standby attribute information includes equipment mark code;
Digital signature information is obtained from the target partition;
The system partitioning is controlled into writable state according to the digital signature information and equipment mark code;
It is that the terminal device distributes root authority based on default executable file under the writable state.
Fig. 8 shows the specific block diagram of terminal device provided in an embodiment of the present invention, which can be used for
The distribution method of the root authority provided in above-described embodiment is provided.The terminal device 300 can be smart phone or plate electricity
Brain.
RF circuit 310 realizes the mutual conversion of electromagnetic wave and electric signal, thus with logical for receiving and transmitting electromagnetic wave
News network or other equipment are communicated.RF circuit 310 may include various existing for executing the circuit elements of these functions
Part, for example, antenna, RF transceiver, digital signal processor, encryption/deciphering chip, subscriber identity module (SIM) card, storage
Device etc..RF circuit 310 can carry out communicating or by wireless with various networks such as internet, intranet, wireless network
Network is communicated with other equipment.Above-mentioned wireless network may include cellular telephone networks, WLAN or Metropolitan Area Network (MAN).
Various communication standards, agreement and technology, including but not limited to global system for mobile communications can be used in above-mentioned wireless network
(Global System for Mobile Communication, GSM), enhanced mobile communication technology (Enhanced Data
GSM Environment, EDGE), Wideband CDMA Technology (Wideband Code Division Multiple
Access, WCDMA), Code Division Multiple Access (Code Division Access, CDMA), time division multiple access technology (Time
Division Multiple Access, TDMA), adopting wireless fidelity technology (Wireless Fidelity, Wi-Fi) (such as U.S.'s electricity
Gas and Electronic Engineering Association standard IEEE 802.11a, IEEE 802.11b, IEEE802.11g and/or IEEE 802.11n),
The networking telephone (Voice over Internet Protocol, VoIP), worldwide interoperability for microwave accesses (Worldwide
Interoperability for Microwave Access, Wi-Max), other are for mail, instant messaging and short message
Agreement and any other suitable communications protocol, or even may include the agreement that those are not developed currently yet.
Memory 320 can be used for storing software program and module, as front camera is taken pictures automatically in above-described embodiment
Corresponding program instruction/the module of light-supplementing system, method, the software program that processor 380 is stored in memory 320 by operation
And module, thereby executing various function application and data processing, i.e. the realization front camera function of taking pictures automatic light-supplementing.
Memory 320 may include high speed random access memory, may also include nonvolatile memory, as one or more magnetic storage fills
It sets, flash memory or other non-volatile solid state memories.In some instances, memory 320 can further comprise relative to place
The remotely located memory of device 380 is managed, these remote memories can pass through network connection to terminal device 300.Above-mentioned network
Example include but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Input unit 330 can be used for receiving the number or character information of input, and generate and user setting and function
Control related keyboard, mouse, operating stick, optics or trackball signal input.Specifically, input unit 330 may include touching
Sensitive surfaces 331 and other input equipments 332.Touch sensitive surface 331, also referred to as touch display screen or Trackpad are collected and are used
Family on it or nearby touch operation (such as user using any suitable object or attachment such as finger, stylus in touch-sensitive table
Operation on face 331 or near touch sensitive surface 331), and corresponding attachment device is driven according to preset formula.It is optional
, touch sensitive surface 331 may include both touch detecting apparatus and touch controller.Wherein, touch detecting apparatus detection is used
The touch orientation at family, and touch operation bring signal is detected, transmit a signal to touch controller;Touch controller is from touch
Touch information is received in detection device, and is converted into contact coordinate, then gives processor 380, and can receive processor 380
The order sent simultaneously is executed.Furthermore, it is possible to using multiple types such as resistance-type, condenser type, infrared ray and surface acoustic waves
Realize touch sensitive surface 331.In addition to touch sensitive surface 331, input unit 330 can also include other input equipments 332.Specifically,
Other input equipments 332 can include but is not limited to physical keyboard, function key (such as volume control button, switch key etc.),
One of trace ball, mouse, operating stick etc. are a variety of.
Display unit 340 can be used for showing information input by user or the information and terminal device that are supplied to user
300 various graphical user interface, these graphical user interface can by figure, text, icon, video and any combination thereof Lai
It constitutes.Display unit 340 may include display panel 341, optionally, can using LCD (Liquid Crystal Display,
Liquid crystal display), the forms such as OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) configure display
Panel 341.Further, touch sensitive surface 331 can cover display panel 341, when touch sensitive surface 331 detect on it or near
Touch operation after, send processor 380 to determine the type of touch event, be followed by subsequent processing device 380 according to touch event
Type provides corresponding visual output on display panel 341.Although in fig. 8, touch sensitive surface 331 is with display panel 341
Output and input function as two independent components to realize, but in some embodiments it is possible to by touch sensitive surface 331 with
Display panel 341 is integrated and realizes and outputs and inputs function.
Terminal device 300 may also include at least one sensor 350, for example, optical sensor, motion sensor and other
Sensor.Specifically, optical sensor may include ambient light sensor and proximity sensor, wherein ambient light sensor can basis
The light and shade of ambient light adjusts the brightness of display panel 341, proximity sensor can when terminal device 300 is moved in one's ear,
Close display panel 341 and/or backlight.As a kind of motion sensor, gravity accelerometer can detect all directions
The size of upper (generally three axis) acceleration, can detect that size and the direction of gravity, can be used to identify mobile phone posture when static
Application (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (for example pedometer, strikes
Hit) etc.;Gyroscope, barometer, hygrometer, thermometer, infrared sensor for can also configure as terminal device 300 etc. other
Sensor, details are not described herein.
Voicefrequency circuit 360, loudspeaker 361, microphone 362 can provide the audio interface between user and terminal device 300.
Electric signal after the audio data received conversion can be transferred to loudspeaker 361, be converted by loudspeaker 361 by voicefrequency circuit 360
For voice signal output;On the other hand, the voice signal of collection is converted to electric signal by microphone 362, is connect by voicefrequency circuit 360
Audio data is converted to after receipts, then by after the processing of audio data output processor 380, is sent to through RF circuit 310 such as another
One terminal, or audio data is exported to memory 320 to be further processed.Voicefrequency circuit 360 is also possible that earplug
Jack, to provide the communication of peripheral hardware earphone Yu terminal device 300.
Terminal device 300 can help user send and receive e-mail, is clear by transmission module 370 (such as Wi-Fi module)
Look at webpage and access streaming video etc., it provides wireless broadband internet for user and accesses.Although Fig. 8 shows transmission mould
Block 370, but it is understood that, and it is not belonging to must be configured into for terminal device 300, it can according to need do not changing completely
Become in the range of the essence of invention and omits.
Processor 380 is the control centre of terminal device 300, utilizes each of various interfaces and connection whole mobile phone
Part by running or execute the software program and/or module that are stored in memory 320, and calls and is stored in memory
Data in 320 execute the various functions and processing data of terminal device 300, to carry out integral monitoring to mobile phone.It is optional
, processor 380 may include one or more processing cores;In some embodiments, processor 380 can integrate application processor
And modem processor, wherein the main processing operation system of application processor, user interface and application program etc., modulatedemodulate
Processor is adjusted mainly to handle wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor
In 380.
Terminal device 300 further includes the power supply 390 (such as battery) powered to all parts, in some embodiments, electricity
Source can be logically contiguous by power-supply management system and processor 380, to realize management charging by power-supply management system, put
The functions such as electricity and power managed.Power supply 190 can also include one or more direct current or AC power source, recharge
The random components such as system, power failure detection circuit, power adapter or inverter, power supply status indicator.
Although being not shown, terminal device 300 can also include camera (such as front camera, rear camera), bluetooth
Module etc., details are not described herein.Specifically in the present embodiment, the display unit of terminal device is touch-screen display, and terminal is set
Standby further includes having memory and one perhaps more than one program one of them or more than one program being stored in and deposits
In reservoir, and it is configured to execute one or more than one program by one or more than one processor to include for carrying out
The instruction operated below:
When the restarting terminal device entered for the first default stage, device attribute information is obtained from terminal chip, this sets
Standby attribute information includes equipment mark code;
Digital signature information is obtained from the target partition;
The system partitioning is controlled into writable state according to the digital signature information and equipment mark code;
It is that the terminal device distributes root authority based on default executable file under the writable state.
When it is implemented, the above modules can be used as independent entity to realize, any combination can also be carried out, is made
It is realized for same or several entities, the specific implementation of the above modules can be found in the embodiment of the method for front, herein not
It repeats again.
It will appreciated by the skilled person that all or part of the steps in the various methods of above-described embodiment can be with
It is completed by instructing, or relevant hardware is controlled by instruction to complete, which can store computer-readable deposits in one
In storage media, and is loaded and executed by processor.For this purpose, the embodiment of the present invention provides a kind of storage medium, wherein storing
There is a plurality of instruction, which can be loaded by processor, to execute any root power provided by the embodiment of the present invention
Step in the distribution method of limit.
Wherein, which may include: read-only memory (ROM, Read Only Memory), random access memory
Body (RAM, Random Access Memory), disk or CD etc..
By the instruction stored in the storage medium, any root power provided by the embodiment of the present invention can be executed
Step in the distribution method of limit, it is thereby achieved that the distribution side of any root authority provided by the embodiment of the present invention
Beneficial effect achieved by method is detailed in the embodiment of front, and details are not described herein.
The specific implementation of above each operation can be found in the embodiment of front, and details are not described herein.
Although above preferred embodiment is not to limit in conclusion the application is disclosed above with preferred embodiment
The application processed, those skilled in the art are not departing from spirit and scope, can make various changes and profit
Decorations, therefore the protection scope of the application subjects to the scope of the claims.
Claims (10)
1. a kind of distribution method of root authority is applied to terminal device, which is characterized in that the terminal device is equipped with multiple deposit
Subregion is stored up, the multiple partition holding includes system partitioning and target partition, and the distribution method of the root authority includes:
When the restarting terminal device entered for the first default stage, device attribute information is obtained from terminal chip, it is described to set
Standby attribute information includes equipment mark code;
Digital signature information is obtained from the target partition;
The system partitioning, which is controlled, according to the digital signature information and equipment mark code enters writable state;
It is that the terminal device distributes root authority based on default executable file under the writable state.
2. the distribution method of root authority according to claim 1, which is characterized in that described to be believed according to the digital signature
Breath and equipment mark code control the system partitioning and enter writable state, comprising:
Informative abstract is determined according to Message Digest 5 and the equipment mark code;
The digital signature information is decrypted using default public key, obtains decryption abstract;
Judge whether the terminal device is awarded modification authority according to the informative abstract and decryption abstract;
If modification authority is awarded, the system partitioning is controlled into writable state.
3. the distribution method of root authority according to claim 2, which is characterized in that it is described according to the informative abstract and
Decryption abstract judges whether the terminal device is awarded modification authority, comprising:
Judge whether the decryption abstract and informative abstract are identical;
If they are the same, then judge that modification authority is awarded in the terminal device;
If not identical, judge that modification authority is not awarded for the terminal device.
4. the distribution method of root authority according to claim 2, which is characterized in that the device attribute information further includes
Terminal models and/or version number, it is described that informative abstract is determined according to Message Digest 5 and the equipment mark code, comprising:
The equipment mark code and the terminal models and/or version number are combined, combinational code is obtained;
The combinational code is handled using Message Digest 5, obtains informative abstract.
5. the distribution method of root authority according to claim 2, which is characterized in that the control system partitioning into
Enter writable state, comprising:
When the terminal device is in the first default stage, the writing protection function of the system partitioning is closed;
When the terminal device entered for the second default stage by the described first default stage, access control module is arranged to width
Molar formula, and access correction verification module is closed, so that the system partitioning enters writable state, wherein in the tolerant mode
Under, the multiple partition holding is allowed to unauthorized access.
6. the distribution method of root authority according to claim 1-5, which is characterized in that it is described based on it is default can
Executing file is that the terminal device distributes root authority, comprising:
Default executable file is stored under the target directory of the system partitioning, and rights parameters are revised as present count
Value, to distribute root authority for the terminal device.
7. the distribution method of root authority according to claim 1-5, which is characterized in that divide from the target
In area before acquisition digital signature information, further includes:
When terminal device booting entered for the second default stage, the device attribute information is obtained from terminal chip, and
The default bias position in target partition is written into the device attribute information, so that brush machine software is from the default bias position
Place obtains the device attribute information, and generates digital signature information according to the device attribute information, later by the number
Signing messages is stored at the default bias position;
It is described to obtain digital signature information from the target partition, comprising: from the default bias in the target partition
The digital signature information is obtained at position.
8. a kind of distributor of root authority is applied to terminal device, which is characterized in that the terminal device is equipped with multiple deposit
Subregion is stored up, the multiple partition holding includes system partitioning and target partition, and the distributor includes:
First acquisition unit, for obtaining and setting from terminal chip when the restarting terminal device entered for the first default stage
Standby attribute information, the device attribute information includes equipment mark code;
Second acquisition unit, for obtaining digital signature information from the target partition;
Control unit enters writable shape for controlling the system partitioning according to the digital signature information and equipment mark code
State;
Allocation unit, for being that the terminal device distributes root based on default executable file under the writable state
Permission.
9. a kind of computer readable storage medium, which is characterized in that be stored with a plurality of instruction, described instruction in the storage medium
Suitable for loading the distribution method for requiring 1 to 7 described in any item root authorities with perform claim by processor.
10. a kind of terminal device, which is characterized in that including processor and memory, the processor and the memory are electrical
Connection, the memory is for storing instruction and data, the processor are described in any item for perform claim requirement 1 to 7
Step in the distribution method of root authority.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910720524.0A CN110457894B (en) | 2019-08-06 | 2019-08-06 | root authority distribution method and device, storage medium and terminal equipment |
PCT/CN2019/121812 WO2021022729A1 (en) | 2019-08-06 | 2019-11-29 | Root permission assignment method and apparatus, storage medium, and terminal device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910720524.0A CN110457894B (en) | 2019-08-06 | 2019-08-06 | root authority distribution method and device, storage medium and terminal equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110457894A true CN110457894A (en) | 2019-11-15 |
CN110457894B CN110457894B (en) | 2021-08-03 |
Family
ID=68485016
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910720524.0A Active CN110457894B (en) | 2019-08-06 | 2019-08-06 | root authority distribution method and device, storage medium and terminal equipment |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110457894B (en) |
WO (1) | WO2021022729A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111045737A (en) * | 2019-11-29 | 2020-04-21 | 惠州Tcl移动通信有限公司 | Equipment identifier acquisition method and device, terminal equipment and storage medium |
CN112069494A (en) * | 2020-06-30 | 2020-12-11 | 西安万像电子科技有限公司 | Permission operation method and system of zero terminal |
WO2021022729A1 (en) * | 2019-08-06 | 2021-02-11 | 惠州Tcl移动通信有限公司 | Root permission assignment method and apparatus, storage medium, and terminal device |
CN116402475A (en) * | 2023-06-06 | 2023-07-07 | 北京建科研软件技术有限公司 | Method and system for generating hand-written signature by gradually locking regional and regional rights |
CN117131519A (en) * | 2023-02-27 | 2023-11-28 | 荣耀终端有限公司 | Information protection method and equipment |
CN118070344A (en) * | 2024-04-25 | 2024-05-24 | 浪潮云信息技术股份公司 | Relation database authority control method and device based on sensitive marks, medium and equipment |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465805A (en) * | 2022-02-18 | 2022-05-10 | 深圳市优***科技股份有限公司 | Active identification control method and system |
CN114760621A (en) * | 2022-03-23 | 2022-07-15 | 深圳市普渡科技有限公司 | Terminal flashing method and device, computer equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102981835A (en) * | 2012-11-02 | 2013-03-20 | 福州博远无线网络科技有限公司 | Android application program permanent Root permission acquiring method |
CN105975818A (en) * | 2015-11-06 | 2016-09-28 | 乐视移动智能信息技术(北京)有限公司 | Method and device for obtaining super user permission |
CN109657448A (en) * | 2018-12-21 | 2019-04-19 | 惠州Tcl移动通信有限公司 | A kind of method, apparatus, electronic equipment and storage medium obtaining Root authority |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105975864A (en) * | 2016-04-29 | 2016-09-28 | 北京小米移动软件有限公司 | Operation system starting method and device, and terminal |
CN107153792B (en) * | 2017-04-06 | 2020-07-24 | 北京安云世纪科技有限公司 | Data security processing method and device and mobile terminal |
CN107729755A (en) * | 2017-09-28 | 2018-02-23 | 努比亚技术有限公司 | A kind of terminal safety management method, terminal and computer-readable recording medium |
CN110457894B (en) * | 2019-08-06 | 2021-08-03 | 惠州Tcl移动通信有限公司 | root authority distribution method and device, storage medium and terminal equipment |
-
2019
- 2019-08-06 CN CN201910720524.0A patent/CN110457894B/en active Active
- 2019-11-29 WO PCT/CN2019/121812 patent/WO2021022729A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102981835A (en) * | 2012-11-02 | 2013-03-20 | 福州博远无线网络科技有限公司 | Android application program permanent Root permission acquiring method |
CN105975818A (en) * | 2015-11-06 | 2016-09-28 | 乐视移动智能信息技术(北京)有限公司 | Method and device for obtaining super user permission |
CN109657448A (en) * | 2018-12-21 | 2019-04-19 | 惠州Tcl移动通信有限公司 | A kind of method, apparatus, electronic equipment and storage medium obtaining Root authority |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021022729A1 (en) * | 2019-08-06 | 2021-02-11 | 惠州Tcl移动通信有限公司 | Root permission assignment method and apparatus, storage medium, and terminal device |
CN111045737A (en) * | 2019-11-29 | 2020-04-21 | 惠州Tcl移动通信有限公司 | Equipment identifier acquisition method and device, terminal equipment and storage medium |
CN111045737B (en) * | 2019-11-29 | 2023-09-19 | 惠州Tcl移动通信有限公司 | Equipment identifier acquisition method, device, terminal equipment and storage medium |
CN112069494A (en) * | 2020-06-30 | 2020-12-11 | 西安万像电子科技有限公司 | Permission operation method and system of zero terminal |
CN117131519A (en) * | 2023-02-27 | 2023-11-28 | 荣耀终端有限公司 | Information protection method and equipment |
CN117131519B (en) * | 2023-02-27 | 2024-06-11 | 荣耀终端有限公司 | Information protection method and equipment |
CN116402475A (en) * | 2023-06-06 | 2023-07-07 | 北京建科研软件技术有限公司 | Method and system for generating hand-written signature by gradually locking regional and regional rights |
CN118070344A (en) * | 2024-04-25 | 2024-05-24 | 浪潮云信息技术股份公司 | Relation database authority control method and device based on sensitive marks, medium and equipment |
Also Published As
Publication number | Publication date |
---|---|
WO2021022729A1 (en) | 2021-02-11 |
CN110457894B (en) | 2021-08-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110457894A (en) | Distribution method, device, storage medium and the terminal device of root authority | |
US11088836B2 (en) | Key updating method, apparatus, and system | |
CN109472166B (en) | Electronic signature method, device, equipment and medium | |
EP3308522B1 (en) | System, apparatus and method for multi-owner transfer of ownership of a device | |
US10592670B2 (en) | Technologies for provisioning and managing secure launch enclave with platform firmware | |
US11057216B2 (en) | Protection method and protection system of system partition key data and terminal | |
CN104303190B (en) | Device and method for providing geographic protection to a system | |
CN109657448B (en) | Method and device for acquiring Root authority, electronic equipment and storage medium | |
WO2017211205A1 (en) | Method and device for updating whitelist | |
CN105975864A (en) | Operation system starting method and device, and terminal | |
CN112989430A (en) | Integrity verification method and device, terminal equipment and verification server | |
WO2020125134A1 (en) | Customized model tamper-proof method and apparatus, terminal device and storage medium | |
CN106921799A (en) | A kind of mobile terminal safety means of defence and mobile terminal | |
US20170201378A1 (en) | Electronic device and method for authenticating identification information thereof | |
CN107729759B (en) | APP operation authority control method, storage device and mobile terminal | |
TW201939922A (en) | Policy Deployment Method, Apparatus, System and Computing System of Trusted Server | |
CN109964227A (en) | Update the method and terminal of SELinux security strategy | |
EP3817322A1 (en) | Method for upgrading service application range of electronic identity card, and terminal device | |
US20180309744A1 (en) | Storage device and operation method of the same | |
US20140258734A1 (en) | Data security method and electronic device implementing the same | |
KR20100126472A (en) | System and method of authorizing execution of software code in a device based on entitlements granted to a carrier | |
US10764038B2 (en) | Method and apparatus for generating terminal key | |
US20190026452A1 (en) | Method for Associating Application Program with Biometric Feature, Apparatus, and Mobile Terminal | |
US20190340343A1 (en) | Application interface display method, apparatus, and terminal, and storage medium | |
CN111475832A (en) | Data management method and related device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |