CN113468188A - SELinux policy base updating method and device - Google Patents
SELinux policy base updating method and device Download PDFInfo
- Publication number
- CN113468188A CN113468188A CN202010239459.2A CN202010239459A CN113468188A CN 113468188 A CN113468188 A CN 113468188A CN 202010239459 A CN202010239459 A CN 202010239459A CN 113468188 A CN113468188 A CN 113468188A
- Authority
- CN
- China
- Prior art keywords
- selinux
- selinux policy
- ree
- policy base
- tee
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2365—Ensuring data consistency and integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method and a device for updating a SELinux policy base, and relates to the technical field of security. The method solves the problem of SELinux strategy protection failure caused by the fact that the SELinux strategy library in the REE device is attacked and tampered. The method is applied to terminal equipment which comprises an REE device and a TEE device, wherein the TEE device and the REE device are isolated through hardware, and a first SELinux strategy library is preset in the TEE device. The method is performed by a TEE apparatus, the method comprising: and receiving the check value sent by the REE device. And checking whether the second SELinux strategy base is the same as the first SELinux strategy base or not based on the check value. And if the second SELinux strategy base is different from the first SELinux strategy base, sending the first SELinux strategy base to the REE device.
Description
Technical Field
The present application relates to the field of security technologies, and in particular, to a method and an apparatus for updating a security-enhanced Linux library.
Background
SELinux is an implementation method for Mandatory Access Control (MAC) established by the National Security Agency (NSA), and is a security module in a Linux operating system. After the terminal equipment loads the SELinux security module, the security level of an operating system of the terminal equipment can be greatly improved. The SELinux security module includes a SELinux policy base, where the SELinux policy base includes at least one SELinux policy, and the SELinux policy is an important component of the SELinux security module in implementing MAC. The SELinux policy is used for instructing access control of a subject to an object in an operating system. For example, whether the social software is allowed to access the local address book is controlled, here, the subject is a social software application (App), and the object is the local address book.
SELinux usually runs in a kernel state of a general execution environment (REE), however, SELinux can only load a SELinux policy when a Linux system running in the REE is started. When a SELinux policy in a SELinux policy library is tampered with by an attack, the SELinux policy protection is invalid.
Disclosure of Invention
The application provides a method and a device for updating a SELinux policy base, which solve the problem of invalid SELinux policy protection caused by tampering of the SELinux policy base in an REE device after the SELinux policy base is attacked.
In order to achieve the above purpose, the present application provides the following technical solutions:
in a first aspect, the present application provides a method for updating a SELinux policy repository, where the method is applied to a terminal device. The terminal equipment comprises a general execution environment REE device and a trusted execution environment TEE device, wherein the TEE device and the REE device are isolated through hardware, and a first SELinux strategy library is preset in the TEE device. The method is performed by a TEE apparatus, the method comprising: and receiving a check value sent by the REE device, wherein the check value is obtained based on a second SELinux policy base, and the second SELinux policy base is a SELinux policy base currently used by the REE device. And based on the received check value, checking whether the second SELinux strategy base is the same as the first SELinux strategy base. And if the second SELinux policy base is different from the first SELinux policy base, sending the first SELinux policy base to the REE device, where the first SELinux policy base is used by the REE device to update the second SELinux policy base.
According to the method, a first SELinux strategy base used for controlling the access authority of a subject to an object in an REE device is preset in the TEE device, and a second SELinux strategy base in the REE device is verified and updated to ensure that the second SELinux strategy base is the same as the first SELinux strategy base. Therefore, the security of the second SELinux strategy library is improved, and the problem of SELinux strategy protection failure caused by tampering of the SELinux strategy in the second SELinux strategy library by attack is effectively solved.
In one possible design, the method further includes: and periodically sending a first SELinux policy base to the REE device by taking the first time length as a period, wherein the first SELinux policy base is used for updating a second SELinux policy base by the REE device. By the method, the second SELinux policy base in the REE is updated regularly to ensure that the second SELinux policy base is the same as the first SELinux policy base. Therefore, the problem that the SELinux strategy in the second SELinux strategy library is invalid in protection caused by tampering of the SELinux strategy by attack is effectively solved.
In another possible design, the method further includes: and receiving a first request and identity information of a user, which are sent by the REE device, wherein the first request is used for requesting to modify a first SELinux policy base. And verifying whether the user has the right to modify the first SELinux policy base or not based on the received identity information. And if the user has the right to modify the first SELinux strategy base, modifying the first SELinux strategy base according to the first request to obtain a third SELinux strategy base. Through the possible design, the method for updating the SELinux policy base further supports modification of the SELinux policy in the SELinux policy base preset in the TEE device, and compared with the prior art that the SELinux policy base cannot be modified, user experience is improved.
In another possible design, the method further includes: and sending the third SELinux policy base to the REE device, where the third SELinux policy base is used for the REE device to update the second SELinux policy base. Through the possible design, the second SELinux policy base in the REE device can be updated in time, so that the newly modified SELinux policy base can be applied to access control of a subject to an object in the REE device in time, and user experience is improved.
In another possible design, the "receiving the check value sent by the REE device" includes: periodically receiving the check value sent by the REE device by taking the second duration as a period; wherein the second duration is less than the first duration. By this possible design, the second SELinux policy base in the REE is periodically checked and updated to ensure that it is the same as the first SELinux policy base. Therefore, the problem that the SELinux strategy in the second SELinux strategy library is invalid in protection caused by tampering of the SELinux strategy by attack is effectively solved.
In a second aspect, the present application provides a method for updating a SELinux policy repository, where the method is applied to a terminal device, and the terminal device includes a common execution environment REE device and a trusted execution environment TEE device. The TEE device and the REE device are isolated through hardware, and a first SELinux strategy library is preset in the TEE device. The method is performed by a REE device, the method comprising: and determining a check value based on a second SELinux policy base, wherein the second SELinux policy base is a SELinux policy base currently used by the REE device. And sending a check value to the TEE device, wherein the check value is used for the TEE device to check whether the second SELinux policy base is the same as the first SELinux policy base, so that when the second SELinux policy base is different from the first SELinux policy base, the TEE device sends the first SELinux policy base to the REE device. And receiving the first SELinux policy base sent by the TEE device to update the second SELinux policy base.
In one possible design, the method further includes: and periodically receiving the first SELinux strategy base sent by the TEE device by taking the first time length as a period so as to update the second SELinux strategy base.
In another possible design, the method further includes: and sending a first request and identity information of the user to the TEE device, wherein the first request is used for requesting to modify the first SELinux policy base, and the identity information is used for verifying whether the user has the right to modify the first SELinux policy base or not by the TEE device, so that when the user has the right to modify the first SELinux policy base, the TEE device modifies the first SELinux policy base to obtain a third SELinux policy base.
In another possible design, the method further includes: and receiving the third SELinux policy base sent by the TEE device to update the second SELinux policy base.
In another possible design, the method further includes: periodically deleting a SELinux strategy cached in an access vector cache AVC according to a preset time length as a period; or deleting the SELinux strategy cached in the AVC when the number of times of calling the SELinux strategy cached in the AVC is a preset threshold value. And the AVC is used for caching the SELinux strategy in the second SELinux strategy library. Through the possible design, the cached SELinux strategy in AVC is regularly maintained, so that the SELinux strategy cached in AVC is ensured to exist in the second SELinux strategy library, namely the SELinux strategy cached in AVC is not tampered by attack, and the problem of SELinux strategy protection failure caused by tampering of the SELinux strategy cached in AVC by attack is effectively solved.
In another possible design, the "sending a check value to the TEE apparatus" includes: and periodically sending a check value to the TEE device by taking a second duration as a period, wherein the second duration is less than the first duration.
It is understood that the beneficial effects of the technical solutions provided by the second aspect or the corresponding possible designs thereof can refer to the descriptions in the technical solutions provided by the first aspect or the corresponding possible designs thereof, and are not described herein again.
In a third aspect, the present application provides a trusted execution environment, TEE, apparatus.
In one possible design, the TEE apparatus is configured to perform any of the methods provided by the first aspect above. The present application may perform the division of the functional modules for the TEE apparatus according to any one of the methods provided by the first aspect. For example, the functional blocks may be divided for the respective functions, or two or more functions may be integrated into one processing block. For example, the TEE device may be divided into a receiving unit, a checking unit, a sending unit, and the like according to functions. The above description of possible technical solutions and beneficial effects executed by each divided functional module may refer to the technical solutions provided by the first aspect or the corresponding possible designs thereof, and will not be described herein again.
In another possible design, the TEE apparatus includes: the memory is coupled to the one or more processors. The memory is for storing computer instructions which the processor is adapted to invoke in order to perform any of the methods as provided by the first aspect and any of its possible designs.
In a fourth aspect, the present application provides a common execution environment REE apparatus.
In one possible design, the REE device is configured to perform any of the methods provided by the second aspect above. The present application may divide the functional modules of the REE device according to any one of the methods provided in the second aspect. For example, the functional blocks may be divided for the respective functions, or two or more functions may be integrated into one processing block. For example, the present application may divide the REE device into a determination unit, a transmission unit, and a reception unit according to functions. The above description of possible technical solutions and beneficial effects executed by each divided functional module can refer to the technical solution provided by the second aspect or its corresponding possible design, and will not be described herein again.
In another possible design, the REE device includes: the memory is coupled to the one or more processors. The memory is for storing computer instructions that the processor is adapted to invoke in order to perform any of the methods as provided by the second aspect and any of its possible designs.
In a fifth aspect, the present application provides a computer-readable storage medium, such as a computer non-transitory readable storage medium. Having stored thereon a computer program (or instructions) which, when run on a trusted execution environment, TEE apparatus, causes the TEE apparatus to perform any of the methods provided by any of the possible implementations of the first aspect described above.
In a sixth aspect, the present application provides a computer-readable storage medium, such as a computer non-transitory readable storage medium. Having stored thereon a computer program (or instructions) which, when run on a general purpose execution environment, re apparatus, causes the re apparatus to perform any of the methods provided by any of the possible implementations of the second aspect described above.
In a seventh aspect, the present application provides a computer program product which, when run on a trusted execution environment, TEE, apparatus, causes any of the methods provided by any of the possible implementations of the first aspect to be performed.
In an eighth aspect, the present application provides a computer program product enabling any of the methods provided in any of the possible implementations of the first aspect to be performed when the computer program product is run on a general execution environment REE device.
In a ninth aspect, the present application provides a chip system, comprising: and the processor is used for calling and running the computer program stored in the memory from the memory and executing any one of the methods provided by the implementation mode in the first aspect.
In a tenth aspect, the present application provides a chip system, comprising: and the processor is used for calling and running the computer program stored in the memory from the memory and executing any method provided by the implementation mode in the second aspect.
It is understood that any one of the apparatuses, computer storage media, computer program products, or chip systems provided above can be applied to the corresponding methods provided above, and therefore, the beneficial effects achieved by the apparatuses, the computer storage media, the computer program products, or the chip systems can refer to the beneficial effects in the corresponding methods, and are not described herein again.
In the present application, the names of the above-mentioned trusted execution environment TEE apparatus and general execution environment REE apparatus do not constitute a limitation on the devices or functional modules themselves, which may appear by other names in actual implementations. Insofar as the functions of the respective devices or functional modules are similar to those of the present application, they fall within the scope of the claims of the present application and their equivalents.
These and other aspects of the present application will be more readily apparent from the following description.
Drawings
Fig. 1 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for updating a SELinux policy repository according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another method for updating a SELinux policy repository according to an embodiment of the present application;
fig. 4 is a schematic diagram of a method for updating a SELinux policy base according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a trusted execution environment TEE apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a general execution environment REE device according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a chip system according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a computer program product according to an embodiment of the present application.
Detailed Description
Some of the terms or techniques referred to in the examples of this application are described below:
1)、REE
the REE is a general operation environment of the mobile device, and can operate in the internet world. The REE may be used to run a general-purpose Operating System (OS), such as an android operating system. In general, REE may be referred to as the common world (normal world).
The REE generally comprises a kernel mode and a user mode, and the kernel mode authority level of the REE is higher than the user mode authority level. In the kernel mode, the application program may access all data of the memory, including data of peripheral devices, such as a hard disk and a network card. In the user mode, the application program has limited access to the memory and is not allowed to access the peripheral device.
2) Trusted Execution Environment (TEE)
The TEE corresponds to and is isolated from the REE from the hardware level. For example, the TEE may be implemented by hardware such as a separate processing core, memory, and cache. In general, TEE may be referred to as secure world.
The TEE can be guaranteed not to be disturbed by the general operating system running in the REE, and is therefore called "trusted". The TEE may be used to run critical operations (e.g., with a higher security level) to provide security services for the general-purpose operating system running in the REE. Such as fingerprint authentication, Personal Identification Number (PIN), etc. required for mobile payments, or secure storage of confidential data, including private keys or digital certificates, for example.
The TEE and the REE can communicate with each other through a specific input/output interface, for example, an Application Programming Interface (API). TEE has a higher level of security than REE. The TEE may access the memory of the REE, but the REE cannot access the memory of the TEE isolated from its hardware.
3) AVC (AVC) access vector cache
AVC is used to cache part of the SELinux policy in the SELinux policy library. Generally, when a terminal device calls a SELinux policy through a SELinux running in a core state of an REE, the SELinux policy is usually searched from AVC. When the SELinux policy is not cached in AVC, the terminal device searches the SELinux policy from the SELinux policy library through the SELinux, and adds the SELinux policy to AVC after the SELinux policy is found, so that the terminal device can find the SELinux policy from AVC when the SELinux policy needs to be called next time through the SELinux, thereby improving the calling efficiency of the SELinux policy.
4) Other terms
In the embodiments of the present application, words such as "exemplary" or "for example" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
In the embodiments of the present application, the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "a plurality" means two or more unless otherwise specified.
The embodiment of the application provides a method for updating a SELinux policy base, which is applied to terminal equipment. The terminal equipment can comprise a REE device and a TEE device, and the TEE device is preset with a first SELinux policy library. In this way, since the TEE device has a high security level, the TEE device presets the first SELinux policy library, so that the security of the SELinux policy library can be improved. In addition, in the method provided by the embodiment of the present application, the SELinux policy base currently used in the REE device is synchronously updated to the first SELinux policy base preset in the TEE device. The method effectively solves the problem of protection failure caused by tampering of the currently used SELinux strategy library in the REE device.
The terminal device may be a portable device such as a mobile phone, a tablet computer, and a wearable electronic device, may also be a device such as a vehicle-mounted device, and may also be a computing device such as a Personal Computer (PC), a Personal Digital Assistant (PDA), a netbook, and a server. This is not limitative.
Referring to fig. 1, fig. 1 illustrates a hardware structure of a terminal device 10 provided in an embodiment of the present application. As shown in fig. 1, the terminal device 10 includes a processor 11, a memory 12, a communication interface 13, and a bus 14. The processor 11, the memory 12, and the communication interface 13 may be connected to each other via a bus 14.
The processor 11 is a control center of the terminal device 10, and may be a Central Processing Unit (CPU), another general-purpose processor, or the like. Wherein a general purpose processor may be a microprocessor or any conventional processor or the like.
As an example, the processor 11 may include at least two CPUs, such as CPU 0 and CPU 1 shown in fig. 1. Wherein, CPU 0 may be used to run the TEE and CPU 1 may be used to run the REE.
The memory 12 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
In one possible implementation, the memory 12 may exist independently of the processor 11. Memory 12 may be coupled to processor 11 via bus 14 for storing data, instructions, or program code. When the processor 11 calls and executes the instructions or program codes stored in the memory 12, the method for updating the SELinux policy base provided in the embodiment of the present application can be implemented.
In another possible implementation, the memory 12 may also be integrated with the processor 11.
A communication interface 13, configured to connect the terminal device 10 and another device (e.g., a server, etc.) through a communication network, where the communication network may be an ethernet, a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), or the like. The communication interface 13 may comprise a receiving unit for receiving data and a transmitting unit for transmitting data.
As an example, the terminal device 10 may download App from a server through the communication interface 13.
The bus 14 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 1, but it is not intended that there be only one bus or one type of bus.
It is noted that the configuration shown in fig. 1 does not constitute a limitation of the terminal device 10, and that the terminal device 10 may include more or less components than those shown in fig. 1, or combine some components, or a different arrangement of components, in addition to the components shown in fig. 1.
The terminal device 10 described above is divided in function and may include an REE device and a TEE device. The REE device can realize REE through the processor, the memory and other devices. The TEE apparatus may implement TEE by means of the processor and memory described above. It should be noted that the devices used to implement TEE are isolated from the devices used to implement REE at the hardware level. The TEE device and the REE device may communicate with each other via a specific input/output interface, such as an API.
The method provided by the embodiment of the application is described below with reference to the accompanying drawings.
In this embodiment of the present application, to facilitate differentiation, a SELinux policy base preset by a TEE apparatus is referred to as a first SELinux policy base, and a current SELinux policy base of the REE apparatus is referred to as a second SELinux policy base.
Referring to fig. 2, fig. 2 shows a method for updating a SELinux policy base according to an embodiment of the present application, where the method may include the following steps:
s101, the TEE device sends a first SELinux strategy base to the REE device. Correspondingly, the REE device takes the received first SELinux policy base as a second SELinux policy base.
Here, a first SELinux policy repository is pre-located in the TEE device. The first SELinux policy library includes m (m is an integer greater than or equal to 1) SELinux policies. The SELinux policy is used for indicating the access right of a subject to an object in an REE device. For example, whether financial software running on the REE is allowed to use the fingerprint payment function. At this time, the subject is financial software and the object is a fingerprint payment function. Since the TEE device has a high security level, the security of the SELinux policy library can be improved by pre-placing the first SELinux policy library in the TEE device.
Specifically, the TEE device may send the first SELinux policy library to the REE device when the terminal device is started or when an OS running in the REE device is started. In response, the REE device receives the first SELinux policy base, and uses the received first SELinux policy base as a second SELinux policy base. Then, the REE device controls the access right of the subject to the object in the REE device according to the SELinux policy in the second SELinux policy library.
Optionally, the TEE apparatus may also send the first SELinux policy library to the REE apparatus periodically with the first time length as a period after sending the first SELinux policy library to the REE apparatus when the terminal device is started or when an OS running in the REE apparatus is started.
In response, the REE device periodically receives the first SELinux policy repository. Specifically, the REE device may delete the currently used second SELinux policy base, and then use the received first SELinux policy base as a new second SELinux policy base. And then the REE device controls the access authority of the subject to the object in the REE according to the SELinux strategy in the new second SELinux strategy library.
In this way, the REE device may perform synchronous update on the second SELinux policy base at regular time according to the first SELinux policy base, so that the second SELinux policy base is the same as the first SELinux policy base. Therefore, the problem of protection failure caused by tampering the SELinux strategy in the second SELinux strategy library by attack can be effectively solved.
And S102, the REE device determines a first check value based on the second SELinux strategy base.
Here, the first check value is used for the TEE apparatus to check whether the second SELinux policy base is the same as the first SELinux policy base.
Specifically, the REE device may determine, based on a random Information Value (IV Value) and a SELinux policy in the second SELinux policy repository, a first check Value corresponding to the second SELinux policy repository by using a preset algorithm. By way of example, the predetermined algorithm may be any kind of hash algorithm, and is not limited thereto. The IV value may be an IV value randomly generated by the REE device, or an IV value randomly generated by the TEE device and sent to the REE device, which is not limited herein.
It can be understood that, for the same SELinux policy base and different IV values, the obtained check value corresponding to the SELinux policy base is different. By determining the check value corresponding to the SELinux policy base based on the random IV value, it can be found in time that the SELinux policy base in the REE device is tampered with by an attack, so that the SELinux policy base can be updated in time, and the security of the SELinux policy base is improved.
Optionally, the REE device may periodically determine the first check value based on the second SELinux policy base and the random IV value with the second duration as a period. Here, the second SELinux policy base is a SELinux policy base used by the REE device at the time when the first check value is determined. The second time period may be shorter than the first time period in S101.
As an example, at time 1, the REE device may determine, based on the SELinux policy base used at time 1 and a random IV value, a first check value corresponding to the SELinux policy base. The REE device may determine, at time 2, a first check value corresponding to the SELinux policy base based on the SELinux policy base used at time 2 and the random IV value. And n second time lengths are arranged between the time 1 and the time 2, wherein n is an integer greater than or equal to 1.
S103, the REE device sends the first check value to the TEE device.
Optionally, the REE device may periodically send the first check value to the TEE device with the first duration as a period. Here, the first check value is a first check value that is periodically determined based on the second SELinux policy base and the random IV value with the first duration as a cycle in S102.
In a first possible implementation manner, the REE device may periodically send the first check value to the TEE device through the API interface. Here, the IV value used to determine the first check value is TEE randomly generated. In response to operation of the REE device, the TEE device receives a first check value.
In a second possible implementation manner, if the IV value used for determining the first check value in S102 is randomly generated by the REE, the REE device periodically sends the first check value and the IV value used for determining the first check value to the TEE device. In response to operation of the REE device, the TEE device receives a first check value and an IV value used to determine the first check value.
S104, the TEE device checks whether the first SELinux strategy base and the second SELinux strategy base are the same or not based on the first check value.
In a first possible implementation manner, if the IV value used for determining the first check value is randomly generated by the TEE apparatus, the TEE apparatus determines, based on the IV value and the first SELinux policy base, a second check value corresponding to the first SELinux policy base by using a preset algorithm.
In a second possible implementation manner, if the IV value used for determining the first check value is randomly generated by the REE device, the TEE determines, by using a preset algorithm, a second check value corresponding to the first SELinux policy base based on the received IV value used for determining the first check value and the first SELinux policy base.
The preset algorithm in the possible implementation manners may be any hash algorithm, which is not limited herein. It should be noted that the preset algorithm is the same as the preset algorithm in the determination of the first check value in S102.
Further, when the TEE device determines that the second check value is the same as the first check value, it indicates that the first SELinux policy repository is the same as the second SELinux policy repository. In this way, the TEE device may send a check-passed message to the REE device and wait to receive the first check value sent by the REE device when the next cycle arrives, and then perform the next check. When the TEE device determines that the second check value is different from the first check value, it indicates that the first SELinux policy repository is different from the second SELinux policy repository. That is, the second SELinux policy repository may be tampered with by an attack. At this time, the TEE device may perform S105.
That is to say, through the verification of the first check value, the TEE device can timely and effectively discover whether the second SELinux policy base is tampered.
And S105, when the first SELinux policy base and the second SELinux policy base are different, the TEE device sends the first SELinux policy base to the REE device, so that the REE device updates the second SELinux policy base.
In this case, the TEE device may also send a check failure message to the REE device, so that the REE device may send an alert message to the user.
Specifically, when the first SELinux policy base and the second SELinux policy base are different, the process of the TEE device sending the first SELinux policy base to the REE device may be implemented in any one of the following manners:
in a first possible implementation manner, when the TEE device determines that the first SELinux policy base and the second SELinux policy base are different, the TEE device may be triggered to send the first SELinux policy base to the REE device, so that the REE updates the second SELinux policy base.
In a second possible implementation manner, when the TEE device determines that the first SELinux policy base and the second SELinux policy base are different, the TEE device may send a message that the check fails to the REE device. Then, the REE device receives the message that the check fails, and sends a request message for updating the second SELinux policy repository to the TEE device. In response to the request message, the TEE device may send the first SELinux policy repository to the REE device, so that the REE updates the second SELinux policy repository.
S106, deleting the SELinux strategy in AVC by the REE device.
In order to prevent the failure of the protection of the SELinux policy caused by tampering of the SELinux policy cached in the AVC by an attack, the REE device may perform periodic maintenance on the SELinux policy cached in the AVC to ensure that the SELinux policies cached in the AVC are all sourced from the second SELinux policy library and are not tampered.
In a first possible implementation manner, the REE device may check each SELinux policy in the AVC according to a third preset time duration as a polling period.
Specifically, in one polling cycle, for each SELinux policy in AVC, the REE device may check whether the SELinux policy exists in the second SELinux policy library. When any SELinux policy in AVC does not exist in the second SELinux policy library, the REE device may delete the SELinux policy. Or, the REE device may clear the SELinux policy in AVC, and add the SELinux policy again in AVC when the SELinux policy is called next time by the SELinux running in the REE kernel mode.
When any SELinux strategy in AVC does not exist in the second SELinux strategy library, the REE device also sends out alarm information to the user.
In a second possible implementation manner, the REE device may periodically empty the SELinux policy cached in AVC with a fourth preset time period as a period.
In a third possible implementation manner, when the number of times that the SELinux policy is called from the AVC by the SELinux running in the REE kernel mode exceeds a preset threshold, the REE device clears the SELinux policy in the AVC. Here, the preset threshold is not particularly limited in the embodiment of the present application.
It can be understood that, in the embodiment of the present application, after the terminal device is started, or after the OS running in the REE device is started, the REE device may start to receive the first SELinux policy library sent by the TEE device for the first time, that is, may execute S106.
Thus, by the method for updating the SELinux policy base described in S101-S106, the second SELinux policy base tampered with by the attack can be updated in time according to the first SELinux policy base preset in the TEE apparatus, so as to ensure that the second SELinux policy base is the same as the first SELinux policy base. In addition, the embodiments of the present application may also ensure that the SELinux policies cached in AVC all exist in the second SELinux policy library by periodically maintaining the SELinux policies cached in AVC. Therefore, the method provided by the embodiment of the application effectively solves the problems that the SELinux strategy in the second SELinux strategy library and the SELinux strategy cached in AVC are tampered by attacks, and the SELinux strategy is invalid in protection.
Referring to fig. 3, fig. 3 illustrates another method for updating a SELinux policy repository according to an embodiment of the present application, where the method may include the following steps:
s201, the REE device sends a first request to the TEE device.
Wherein the first request is for requesting modification of the first SELinux policy repository. Since the SELinux policy in the first SELinux policy library is used to indicate the access right of the subject to the object in the REE device, the first request may be used to request to modify the access right of the subject to the object running in the REE device. For example, the first request may be: and modifying the SELinux strategy of allowing the social software to access the local address book into the SELinux strategy of not allowing the social software to modify the local address book. As another example, the first request may be: and adding a SELinux strategy of allowing the financial App to use the fingerprint payment function.
Specifically, the user may input the first request to the REE device through an input-output device of the terminal apparatus. The REE device may send the first request to the TEE device through the API interface after receiving the first request input by the user.
For example, the terminal device is a mobile phone, and the first request is to add a SELinux policy of "allowing the financial App to use the fingerprint payment function". As shown in fig. 4, after the user downloads and installs the financial App, the user can select "yes" on the column "whether payment using fingerprint is allowed" on the setting page of the financial App. In this way, the user enters a first request to add a SELinux policy of "allow financial App to use fingerprint payment function" into the REE device. The REE device then sends the received first request to the TEE device through the API interface.
In response, the TEE device receives the first request.
S202, the TEE device verifies whether the user has the right to modify the first SELinux policy base.
After receiving the first request, the TEE device verifies the identity of the user initiating the first request before modifying the SELinux policy in the first SELinux policy library. In this way, it can be ensured that the modification requested by the first request is a modification allowed by the user.
In a first possible implementation, the TEE device may send an authentication request to the TEE device after receiving the first request. Then, the user may input identity information, which may be a power-on password of the user or a biometric feature of the user, to the REE device through the input and output device of the terminal device, where the biometric feature of the user may be a fingerprint recognition feature of the user or a face recognition feature of the user, and the like. And then, the REE device sends the acquired identity information of the user to the TEE device, and the TEE device verifies the received identity information of the user.
In a second possible implementation, after the user inputs the first request to the REE device through the input/output device of the terminal equipment, the REE device requests the user to input the identity information. The REE device then sends the first request and the identity information of the user to the TEE device. The TEE device then verifies the received identity information of the user.
And then, if the TEE device determines that the received identity information of the user is different from the identity information of the user stored by the TEE device, the user identity authentication is failed. In this case, the user does not have the right to modify the first SELinux policy repository. As such, the TEE device does not modify the first SELinux policy repository. And if the TEE device determines that the received identity information of the user is the same as the identity information of the user stored by the TEE device, the user identity authentication is passed. In this case, the user has the right to modify the first SELinux policy repository. As such, the TEE device may perform S203.
And S203, when the user has the right to modify the first SELinux strategy base, modifying the first SELinux strategy base by the TEE device according to the first request to obtain a third SELinux strategy base.
The TEE device may modify the first SELinux policy base according to the first request, thereby obtaining a third SELinux policy base. Here, the modification of the first SELinux policy base may be to modify a SELinux policy in the first SELinux policy base, or to add a SELinux policy to the first SELinux policy base, or of course, to delete a SELinux policy in the first SELinux policy base, which is not limited to this.
For example, the TEE device may modify, according to the first request, a SELinux policy of "allowing the social software to access the local address book" in the first SELinux policy library to a SELinux policy of "not allowing the social software to modify the local address book", so as to obtain a third SELinux policy library. For another example, a SELinux policy of "allowing the financial App to use the fingerprint payment function" is newly added to the first SELinux policy base, so as to obtain a third SELinux policy base.
It can be understood that the modified first SELinux policy base is the third SELinux policy base. In this way, in the above S101, in the process that the TEE device periodically sends the first SELinux policy base to the REE device with the first time length as a period, when the first SELinux policy base in the TEE device is updated to the third SELinux policy base, the TEE device periodically sends the third SELinux policy base to the REE device with the first time length as a period.
And S204, the TEE device sends the third SELinux strategy base to the REE device so that the REE device updates the second SELinux strategy base.
Specifically, in a first possible implementation manner, the TEE device may send the third SELinux policy library to the REE device through the API interface.
In response, the REE device updates the second SELinux policy repository according to the received third SELinux policy repository. Specifically, the REE device may delete the original second SELinux policy base, and use the third SELinux policy base as the new second policy base. Then, the REE device controls the access right of the subject to the object in the REE device according to the SELinux policy in the new second SELinux policy library.
In a second possible implementation manner, the TEE device may send the modified SELinux policy or the newly added SELinux policy in the first SELinux policy library to the TEE device. Then, the TEE apparatus updates the second SELinux policy library according to the modified SELinux policy or the newly added SELinux policy.
It should be noted that, if the third SELinux policy base is a SELinux policy base obtained by deleting, by the TEE apparatus, at least one SELinux policy in the first SELinux policy base according to the first request. The TEE device may send, by using the first possible implementation manner, the third SELinux policy library to the REE device, so that the REE device updates the second SELinux policy library.
Therefore, the method for updating the SELinux policy base, provided by the embodiment of the application, can realize dynamic addition, modification or deletion of the SELinux policy in the first SELinux policy base, and improve user experience.
To sum up, an embodiment of the present application provides a method for updating a SELinux policy base, where a first SELinux policy base for controlling a subject in an REE device to access an object is preset in the TEE device, and a second SELinux policy base in the REE is updated regularly according to the first SELinux policy base, so that a problem of failure of SELinux policy protection caused by tampering a SELinux policy in the second SELinux policy base is effectively solved.
Further, the method for updating the SELinux policy base according to the embodiment of the present application also maintains the cached SELinux policy in AVC, so as to ensure that the SELinux policy cached in AVC is present in the second SELinux policy base, that is, the SELinux policy cached in AVC is not tampered with by an attack, thereby effectively solving the problem of failure in protection of the SELinux policy caused by tampering of the SELinux policy cached in AVC by an attack. Meanwhile, the method for updating the SELinux policy base provided by the embodiment of the application also supports modification of the SELinux policy in the SELinux policy base preset in the TEE device, and improves user experience compared with the prior art that the SELinux policy base cannot be modified.
The scheme provided by the embodiment of the application is mainly introduced from the perspective of a method. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, the TEE apparatus and the REE apparatus may be divided into functional modules according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.
As shown in fig. 5, fig. 5 is a schematic structural diagram of a TEE apparatus 50 provided in the embodiment of the present application. The TEE device 50 is applied to a terminal device, the terminal device further includes an REE device, the REE device and the TEE device 50 are isolated by hardware, and a first SELinux policy base is preset in the TEE device 50. The TEE apparatus 50 is configured to perform the above-described method for updating the SELinux policy base, for example, to perform the method shown in fig. 2 or fig. 3. The TEE apparatus 50 may include a receiving unit 51, a checking unit 52, and a transmitting unit 53, among others.
A receiving unit 51, configured to receive a check value sent by the REE device, where the check value is obtained based on a second SELinux policy base, and the second SELinux policy base is a SELinux policy base currently used by the REE device. The checking unit 52 is configured to check whether the second SELinux policy base is the same as the first SELinux policy base based on the check value. A sending unit 53, configured to send the first SELinux policy base to the REE device if the second SELinux policy base is different from the first SELinux policy base, where the first SELinux policy base is used by the REE device to update the second SELinux policy base.
As an example, in conjunction with fig. 2, the receiving unit 51 may be configured to respond to S103, the checking unit 52 may be configured to perform S104, and the transmitting unit 53 may be configured to perform S101.
Optionally, the sending unit 53 is further configured to periodically send the first SELinux policy base to the REE device with the first duration as a cycle, where the first SELinux policy base is used by the REE device to update the second SELinux policy base.
As an example, in connection with fig. 2, the sending unit 53 may be configured to perform S101.
Optionally, the TEE apparatus 50 further comprises a verification unit 54 and a modification unit 55. The receiving unit 51 is further configured to receive a first request and identity information of a user, where the first request is used to request to modify a first SELinux policy base, where the first request is sent by an REE device. The verifying unit 54 is configured to verify whether the user has an authority to modify the first SELinux policy repository based on the identity information. A modifying unit 55, configured to modify the first SELinux policy base according to the first request to obtain a third SELinux policy base if the user has the right to modify the first SELinux policy base.
As an example, in conjunction with fig. 3, the receiving unit 51 may be configured to respond to S201, the verifying unit 54 may be configured to perform S202, and the modifying unit 55 may be configured to perform S203.
Optionally, the sending unit 53 is further configured to send a third SELinux policy base to the REE device, where the third SELinux policy base is used for the REE device to update the second SELinux policy base.
As an example, in connection with fig. 3, the sending unit 53 may be configured to execute S204.
Optionally, the receiving unit 51 is specifically configured to periodically receive the check value sent by the REE device with the second duration as a period; wherein the second duration is less than the first duration.
As an example, in connection with fig. 2, the receiving unit 51 may be configured to respond to S103.
For the detailed description of the above alternative modes, reference may be made to the foregoing method embodiments, which are not described herein again. In addition, for any explanation and beneficial effects of the TEE apparatus 50 provided above, reference may be made to the corresponding method embodiments, and details are not repeated.
As an example, in connection with fig. 1, the checking unit 54 and the modifying unit 55 in the TEE apparatus 50 may be implemented by the processor 11 in fig. 1 executing program code in the memory 12 in fig. 1.
As shown in fig. 6, fig. 6 is a schematic structural diagram of an REE device 60 provided in an embodiment of the present application. The REE device 60 is applied to a terminal device, the terminal device further includes a TEE device, the TEE device and the REE device 60 are isolated by hardware, and a first SELinux policy base is preset in the TEE device. The REE device 60 is configured to perform the above-mentioned method for updating the SELinux policy base, for example, to perform the method shown in fig. 2 or fig. 3. Among them, the REE apparatus 60 may include a determination unit 61, a transmission unit 62, and a reception unit 63.
A determining unit 61, configured to determine a check value based on a second SELinux policy base, where the second SELinux policy base is a SELinux policy base currently used by the REE device. A sending unit 62, configured to send a check value to the TEE apparatus, where the check value is used for the TEE apparatus to check whether the second SELinux policy base is the same as the first SELinux policy base, so that when the second SELinux policy base is different from the first SELinux policy base, the TEE apparatus sends the first SELinux policy base to the REE apparatus. A receiving unit 63, configured to receive the first SELinux policy base, so as to update the second SELinux policy base.
As an example, in conjunction with fig. 2, the determining unit 61 may be configured to perform S102, the transmitting unit 62 may be configured to perform S103, and the receiving unit 63 may be configured to respond to S105.
Optionally, the receiving unit 63 is further configured to periodically receive, with the first duration as a period, the first SELinux policy base sent by the TEE apparatus, so as to update the second SELinux policy base.
As an example, in connection with fig. 2, the receiving unit 63 may be configured to perform S101.
Optionally, the sending unit 62 is further configured to send a first request and identity information of a user to the TEE apparatus, where the first request is used to request modification of the first SELinux policy base; the identity information is used by the TEE device to verify whether the user has the right to modify the first SELinux policy base, so that when the user has the right to modify the first SELinux policy base, the TEE device modifies the first SELinux policy base to obtain a third SELinux policy base.
As an example, in connection with fig. 3, the sending unit 62 may be configured to perform S201.
Optionally, the receiving unit 63 is further configured to receive a third SELinux policy base sent by the TEE apparatus, so as to update the second SELinux policy base.
As an example, in connection with fig. 3, the receiving unit 63 may be configured to respond to S204.
Optionally, the REE device 60 further includes: a deleting unit 64, configured to periodically delete the SELinux policy cached in the access vector cache AVC according to a preset time duration as a period; or deleting the SELinux strategy cached in the AVC when the number of times of calling the SELinux strategy cached in the AVC is a preset threshold value. And the AVC is used for caching the SELinux strategy in the second SELinux strategy library.
As an example, in connection with fig. 2, the deletion unit 64 may be configured to perform S106.
Optionally, the sending unit 62 is specifically configured to send the check value to the TEE apparatus periodically with the second duration as a period; wherein the second duration is less than the first duration.
As an example, in connection with fig. 2, the sending unit 62 may be configured to execute S103.
For the detailed description of the above alternative modes, reference may be made to the foregoing method embodiments, which are not described herein again. In addition, for any explanation and beneficial effects of the REE device 60 provided above, reference may be made to the corresponding method embodiments described above, and details are not repeated.
As an example, in connection with fig. 1, the determining unit 61 and the deleting unit 64 in the REE device 60 may be implemented by the processor 11 in fig. 1 executing program code in the memory 12 in fig. 1.
The embodiment of the present application further provides a chip system 70, as shown in fig. 7, where the chip system 70 includes at least one processor 71 and at least one interface circuit 72. The processor 71 and the interface circuit 72 may be interconnected by wires. For example, the interface circuit 72 may be used to receive signals (e.g., input output interface receive signals). As another example, the interface circuit 72 may be used to send signals to other devices, such as the processor 71. Illustratively, the interface circuit 72 may read instructions stored in the memory and send the instructions to the processor 71. The instructions, when executed by the processor 71, may cause the TEE device or the REE device to perform the various steps in the embodiments described above. Of course, the chip system 70 may also include other discrete devices, which is not specifically limited in this embodiment.
Another embodiment of the present application further provides a computer-readable storage medium, having stored therein instructions, which, when executed on a TEE device or a REE device, perform the steps performed by the TEE device or the REE device in the method flows shown in the above-mentioned method embodiments.
In some embodiments, the disclosed methods may be implemented as computer program instructions encoded on a computer-readable storage medium in a machine-readable format or encoded on other non-transitory media or articles of manufacture.
Fig. 8 schematically illustrates a conceptual partial view of a computer program product comprising a computer program for executing a computer process on a computing device provided by an embodiment of the application.
In one embodiment, the computer program product is provided using a signal bearing medium 80. The signal bearing medium 80 may include one or more program instructions that, when executed by one or more processors, may provide the functions or portions of the functions described above with respect to fig. 2 or 3. Thus, for example, one or more features described with reference to S101-S106 in FIG. 2, or S201-S204 in FIG. 3, may be undertaken by one or more instructions associated with the signal bearing medium 80. Further, the program instructions in FIG. 8 also describe example instructions.
In some examples, signal bearing medium 80 may comprise a computer readable medium 81, such as, but not limited to, a hard disk drive, a Compact Disc (CD), a Digital Video Disc (DVD), a digital tape, a memory, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
In some embodiments, signal bearing medium 80 may comprise a computer recordable medium 82 such as, but not limited to, memory, read/write (R/W) CDs, R/W DVDs, and the like.
In some implementations, the signal bearing medium 80 may include a communication medium 83, such as, but not limited to, a digital and/or analog communication medium (e.g., a fiber optic cable, a waveguide, a wired communications link, a wireless communication link, etc.).
The signal bearing medium 80 may be communicated by a wireless form of communication medium 83, such as a wireless communication medium conforming to the IEEE 802.11 standard or other transmission protocol. The one or more program instructions may be, for example, computer-executable instructions or logic-implementing instructions.
In some examples, TEE and REE devices, such as described with respect to fig. 2 or 3, may be configured to provide various operations, functions, or actions in response to one or more program instructions via computer-readable medium 81, computer-recordable medium 82, and/or communication medium 83.
It should be understood that the arrangements described herein are for illustrative purposes only. Thus, those skilled in the art will appreciate that other arrangements and other elements (e.g., machines, interfaces, functions, orders, and groupings of functions, etc.) can be used instead, and that some elements may be omitted altogether depending upon the desired results. In addition, many of the described elements are functional entities that may be implemented as discrete or distributed components or in conjunction with other components, in any suitable combination and location.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The processes or functions according to the embodiments of the present application are generated in whole or in part when the instructions are executed on and by a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). Computer-readable storage media can be any available media that can be accessed by a computer or can comprise one or more data storage devices, such as servers, data centers, and the like, that can be integrated with the media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (26)
1. A method for updating SELinux policy bases is characterized in that the method is applied to terminal equipment, the terminal equipment comprises a general execution environment (REE) device and a Trusted Execution Environment (TEE) device, the TEE device and the REE device are isolated through hardware, and a first SELinux policy base is preset in the TEE device; the method is performed by the TEE device; the method comprises the following steps:
receiving a check value sent by the REE device; the check value is obtained based on a second SELinux policy base, where the second SELinux policy base is a SELinux policy base currently used by the REE device;
based on the check value, checking whether the second SELinux policy base is the same as the first SELinux policy base;
if the second SELinux policy base is different from the first SELinux policy base, sending the first SELinux policy base to the REE device, where the first SELinux policy base is used by the REE device to update the second SELinux policy base.
2. The method of claim 1, further comprising:
and periodically sending the first SELinux policy base to the REE device by taking a first time length as a period, wherein the first SELinux policy base is used for updating the second SELinux policy base by the REE device.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
receiving a first request and identity information of a user sent by the REE device, where the first request is used to request modification of the first SELinux policy base;
verifying whether the user has the right to modify the first SELinux policy base based on the identity information;
and if the user has the right to modify the first SELinux policy base, modifying the first SELinux policy base according to the first request to obtain a third SELinux policy base.
4. The method of claim 3, further comprising:
and sending the third SELinux policy base to the REE device, where the third SELinux policy base is used for the REE device to update the second SELinux policy base.
5. The method according to any one of claims 2 to 4, wherein the receiving the check value sent by the REE device comprises:
periodically receiving the check value sent by the REE device by taking a second duration as a period; wherein the second duration is less than the first duration.
6. A method for updating SELinux policy bases is characterized in that the method is applied to terminal equipment, the terminal equipment comprises a general execution environment (REE) device and a Trusted Execution Environment (TEE) device, the TEE device and the REE device are isolated through hardware, and a first SELinux policy base is preset in the TEE device; the method is performed by the REE device; the method comprises the following steps:
determining a check value based on the second SELinux policy base; the second SELinux policy repository is a SELinux policy repository currently used by the REE device;
sending the check value to the TEE apparatus, where the check value is used for the TEE apparatus to check whether the second SELinux policy base is the same as the first SELinux policy base, so that the TEE apparatus sends the first SELinux policy base to the REE apparatus when the second SELinux policy base is different from the first SELinux policy base;
and receiving the first SELinux policy base sent by the TEE device to update the second SELinux policy base.
7. The method of claim 6, further comprising:
and periodically receiving the first SELinux policy base sent by the TEE device by using a first time length as a period so as to update the second SELinux policy base.
8. The method according to claim 6 or 7, characterized in that the method further comprises:
sending a first request and identity information of a user to the TEE device, wherein the first request is used for requesting to modify the first SELinux policy base; the identity information is used by the TEE device to verify whether the user has the right to modify the first SELinux policy base, so that when the user has the right to modify the first SELinux policy base, the TEE device modifies the first SELinux policy base to obtain a third SELinux policy base.
9. The method of claim 8, further comprising:
and receiving the third SELinux policy base sent by the TEE device to update the second SELinux policy base.
10. The method according to any one of claims 6 to 9, further comprising:
periodically deleting a SELinux strategy cached in an access vector cache AVC according to a preset time length as a period; or deleting the SELinux strategy cached in the AVC when the number of times of calling the SELinux strategy cached in the AVC is a preset threshold value;
and the AVC is used for caching the SELinux strategy in the second SELinux strategy library.
11. The method of any of claims 7 to 10, wherein said sending the check value to the TEE device comprises:
periodically sending the check value to the TEE device by taking a second duration as a period; wherein the second duration is less than the first duration.
12. A Trusted Execution Environment (TEE) device is applied to terminal equipment, the terminal equipment further comprises a general execution environment (REE) device, the TEE device and the REE device are isolated through hardware, and a first SELinux policy base is preset in the TEE device; the device comprises:
a receiving unit, configured to receive a check value sent by the REE device; the check value is obtained based on a second SELinux policy base, where the second SELinux policy base is a SELinux policy base currently used by the REE device;
a checking unit, configured to check whether the second SELinux policy base is the same as the first SELinux policy base based on the check value;
a sending unit, configured to send the first SELinux policy base to the REE device if the second SELinux policy base is different from the first SELinux policy base, where the first SELinux policy base is used by the REE device to update the second SELinux policy base.
13. The apparatus of claim 12, wherein the sending unit is further configured to:
and periodically sending the first SELinux policy base to the REE device by taking a first time length as a period, wherein the first SELinux policy base is used for updating the second SELinux policy base by the REE device.
14. The apparatus according to claim 12 or 13, characterized in that the apparatus further comprises a verification unit and a modification unit;
the receiving unit is further configured to receive a first request and identity information of a user, where the first request is used to request modification of the first SELinux policy repository;
the verification unit is configured to verify, based on the identity information, whether the user has an authority to modify the first SELinux policy repository;
the modifying unit is configured to modify the first SELinux policy base according to the first request to obtain a third SELinux policy base if the user has the right to modify the first SELinux policy base.
15. The apparatus of claim 14,
the sending unit is further configured to send the third SELinux policy base to the REE device, where the third SELinux policy base is used by the REE device to update the second SELinux policy base.
16. The apparatus of any one of claims 13 to 15,
the receiving unit is specifically configured to periodically receive the check value sent by the REE device with a second duration as a period; wherein the second duration is less than the first duration.
17. A general execution environment REE device is applied to terminal equipment, the terminal equipment further comprises a trusted execution environment TEE device, the TEE device and the REE device are isolated through hardware, and a first SELinux policy base is preset in the TEE device; the device comprises:
a determining unit, configured to determine a check value based on the second SELinux policy base; the second SELinux policy repository is a SELinux policy repository currently used by the REE device;
a sending unit, configured to send the check value to the TEE apparatus, where the check value is used for the TEE apparatus to check whether the second SELinux policy base is the same as the first SELinux policy base, so that when the second SELinux policy base is different from the first SELinux policy base, the TEE apparatus sends the first SELinux policy base to the REE apparatus;
a receiving unit, configured to receive the first SELinux policy base, so as to update the second SELinux policy base.
18. The apparatus of claim 17,
the receiving unit is further configured to periodically receive, with a first duration as a period, the first SELinux policy base sent by the TEE apparatus, so as to update the second SELinux policy base.
19. The apparatus of claim 17 or 18,
the sending unit is further configured to send a first request and identity information of a user to the TEE apparatus, where the first request is used to request modification of the first SELinux policy base; the identity information is used by the TEE device to verify whether the user has the right to modify the first SELinux policy base, so that when the user has the right to modify the first SELinux policy base, the TEE device modifies the first SELinux policy base to obtain a third SELinux policy base.
20. The apparatus of claim 19,
the receiving unit is further configured to receive the third SELinux policy base sent by the TEE apparatus, so as to update the second SELinux policy base.
21. The apparatus of any one of claims 17 to 20, further comprising:
a deletion unit, configured to periodically delete the SELinux policy cached in the access vector cache AVC according to a preset time duration serving as a period; or deleting the SELinux strategy cached in the AVC when the number of times of calling the SELinux strategy cached in the AVC is a preset threshold value;
and the AVC is used for caching the SELinux strategy in the second SELinux strategy library.
22. The apparatus of any one of claims 18 to 21,
the sending unit is specifically configured to send the check value to the TEE device periodically with a second duration as a period; wherein the second duration is less than the first duration.
23. A trusted execution environment, TEE, apparatus, the apparatus comprising: a memory for storing computer instructions and one or more processors for invoking the computer instructions to perform the method of any of claims 1-5.
24. A generic execution environment, REE, apparatus, the apparatus comprising: a memory for storing computer instructions and one or more processors for invoking the computer instructions to perform the method of any of claims 6-11.
25. A computer-readable storage medium, having stored thereon a computer program which, when run on a trusted execution environment, TEE, apparatus, causes the TEE apparatus to perform the method of any of claims 1 to 5.
26. A computer-readable storage medium, having stored thereon a computer program which, when run on a general-purpose execution environment, REE, apparatus, causes the REE apparatus to perform the method of any of claims 6 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010239459.2A CN113468188A (en) | 2020-03-30 | 2020-03-30 | SELinux policy base updating method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010239459.2A CN113468188A (en) | 2020-03-30 | 2020-03-30 | SELinux policy base updating method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113468188A true CN113468188A (en) | 2021-10-01 |
Family
ID=77865123
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010239459.2A Pending CN113468188A (en) | 2020-03-30 | 2020-03-30 | SELinux policy base updating method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468188A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117155716A (en) * | 2023-10-31 | 2023-12-01 | 腾讯科技(深圳)有限公司 | Access verification method and device, storage medium and electronic equipment |
-
2020
- 2020-03-30 CN CN202010239459.2A patent/CN113468188A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117155716A (en) * | 2023-10-31 | 2023-12-01 | 腾讯科技(深圳)有限公司 | Access verification method and device, storage medium and electronic equipment |
| CN117155716B (en) * | 2023-10-31 | 2024-02-09 | 腾讯科技(深圳)有限公司 | Access verification method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109617907B (en) | Authentication method, electronic device, and computer-readable storage medium | |
| US9960912B2 (en) | Key management for a rack server system | |
| CN109617896B (en) | Internet of things access control method and system based on intelligent contract | |
| US11212283B2 (en) | Method for authentication and authorization and authentication server using the same for providing user management mechanism required by multiple applications | |
| US20140189119A1 (en) | Controlling Access to Resources on a Network | |
| CN110612517B (en) | Memory protection based on system state | |
| US20160048688A1 (en) | Restricting System Calls using Protected Storage | |
| US11265702B1 (en) | Securing private wireless gateways | |
| CN108777691B (en) | Network security protection method and device | |
| US20240211601A1 (en) | Firmware policy enforcement via a security processor | |
| KR102678671B1 (en) | Data processing methods, servers, client devices and media for security authentication | |
| CN104348616A (en) | Method for visiting terminal security component, device thereof and system thereof | |
| KR20200145663A (en) | System and method for universal mobile device lock using blockchain | |
| EP3737129B1 (en) | Management method for offline management instruction and terminal | |
| CN112468497B (en) | Block chain terminal equipment authorization authentication method, device, equipment and storage medium | |
| CN113468188A (en) | SELinux policy base updating method and device | |
| US10606813B2 (en) | Systems and methods for securely managing program execution | |
| CN111541649A (en) | Password resetting method, device, server and storage medium | |
| CN114692228A (en) | Security monitoring method, device, equipment and readable storage medium | |
| JP6287491B2 (en) | Information processing apparatus, authentication control method, and program | |
| CN114039779A (en) | Method and device for safely accessing network, electronic equipment and storage medium | |
| CN108449753B (en) | Method for reading data in trusted computing environment by mobile phone device | |
| CN112491893B (en) | Block chain terminal equipment network access method, device, server and storage medium | |
| CN115580848B (en) | Mobile equipment privacy information safety processing method based on big data | |
| CN111385791B (en) | Security threat detection method and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |