CN115391794A - Method, system and equipment for adding permission in application program starting process - Google Patents
Method, system and equipment for adding permission in application program starting process Download PDFInfo
- Publication number
- CN115391794A CN115391794A CN202211322110.0A CN202211322110A CN115391794A CN 115391794 A CN115391794 A CN 115391794A CN 202211322110 A CN202211322110 A CN 202211322110A CN 115391794 A CN115391794 A CN 115391794A
- Authority
- CN
- China
- Prior art keywords
- authority
- program
- application program
- preset
- name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 230000008569 process Effects 0.000 title claims abstract description 40
- 230000004048 modification Effects 0.000 claims abstract description 14
- 238000012986 modification Methods 0.000 claims abstract description 14
- 238000011084 recovery Methods 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 17
- 238000009434 installation Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
Abstract
The application discloses a method, a system and equipment for adding permission in the starting process of an application program, mainly relates to the technical field of application programs, and is used for solving the problems that the starting process of the application program cannot be modified in the existing Root permission mode, the requirements for processing other transactions in the starting process cannot be met and the like. The method comprises the following steps: acquiring an Exec variable value for modifying the program flow or replacing the authority attaching program name with an application program name, so that the authority attaching program is called before the application program is called; modifying the authority value of the preset authority in the application program through a Cap function in an authority additional program or a preset kernel HOOK mode; when receiving an authority recovery instruction, recovering the authority value of the preset authority; and when an application program recovery instruction is received, recovering the starting process of the application program based on the original operating environment parameters backed up in the permission additional program. The method realizes the modification of the starting process of the application program and meets the requirement of processing other transactions in the starting process.
Description
Technical Field
The present application relates to the field of application program technologies, and in particular, to a method, a system, and a device for attaching a right in an application program starting process.
Background
At present, the method for improving the application program permission on the Linux system mainly uses Root permission to start the application program.
However, the method of starting the application program only by using the Root authority cannot modify the starting flow of the application program, and cannot meet the requirement of processing other transactions in the starting process. And the way of starting the application program by using the Root authority ensures that the application program has the Root authority in the whole operation life cycle, is easy to be attacked and causes the reduction of the system security.
Disclosure of Invention
In view of the above disadvantages in the prior art, the present invention provides a method, system and device for adding permissions during the starting process of an application program, so as to solve the above technical problems.
In a first aspect, the present application provides a method for attaching permissions in an application program starting process, where the method includes: acquiring an Exec variable value for modifying the program flow or replacing the authority attaching program name with an application program name, so that the authority attaching program is called before the application program is called; calling a Cap function provided by a Linux kernel through an authority additional program or a preset kernel HOOK mode, and modifying the authority value of the preset authority in the application program through the Cap function based on the preset modification authority value; when receiving an authority recovery instruction, recovering the authority value of the preset authority; and when an application program recovery instruction is received, recovering the starting process of the application program based on the original operation environment parameters backed up in the permission additional program.
Further, acquiring an Exec variable value for modifying the program flow or replacing the authority-attached program name with an application program name specifically includes: triggering a program flow file editing interface through a program flow file shortcut key preset on a desktop; and acquiring the EXEC variable value of the calling application program after the authority additional program is called through the program flow file editing interface.
Further, acquiring an Exec variable value for modifying the program flow or replacing the authority-attached program name with an application program name specifically includes: determining a preset name and a directory of an application program; renaming the application program, and modifying the name of the permission attaching program into a preset name.
Further, the preset authority at least comprises any one or more of the following items: configuring network authority, modifying system configuration file authority and installing installation package authority.
In a second aspect, the present application provides a system for attaching permissions in an application starting process, where the system includes: the calling module is used for acquiring an Exec variable value for modifying the program flow or replacing the authority attaching program name with an application program name, so that the application program is called after the authority attaching program is added; the modification module is used for calling a Cap function provided by a Linux kernel in a permission attaching program or a preset kernel HOOK mode, and further modifying the permission value of the preset permission in the application program through the Cap function based on the preset modification permission value; the recovery module is used for recovering the authority value of the preset authority when receiving the authority recovery instruction; and when receiving an application program recovery instruction, recovering the starting process of the application program based on the original operating environment parameters backed up in the permission additional program.
Furthermore, the calling module also comprises an acquisition unit; the system comprises a desktop, a program flow file editing interface, a program flow file shortcut key and a program flow file editing interface, wherein the program flow file editing interface is used for triggering the program flow file editing interface through the program flow file shortcut key preset on the desktop; and acquiring the EXEC variable value of the calling application program after the authority additional program is called through the program flow file editing interface.
Furthermore, the calling module also comprises a modification unit; the method comprises the steps of determining a preset name and a directory of an application program; renaming the application program, and modifying the name of the permission attaching program into a preset name.
In a third aspect, the present application provides a device for attaching a right in an application program starting process, where the device includes: a processor; and a memory having executable code stored thereon, the executable code, when executed, causing the processor to perform a method of attaching permissions during application start-up as in any one of the above.
As can be appreciated by those skilled in the art, the present invention has at least the following beneficial effects:
the method and the device for improving the application program operation performance provide technical support for the application program operation scene before the application program is started on the premise that the application program is not modified, the problem that the application program is not modified but needs to be operated under Linux is solved by combining the application scene under Linux, and meanwhile scheme reference is provided for other similar scenes.
The method and the device can improve the capability value of the application program under the condition that the starting process of the application program is not modified in the Linux system. Some high-privilege tasks are processed before the application starts, and then certain capability values may be retained or removed as appropriate according to the needs of the application.
Because the application program is weighted by using the capability value instead of the Root authority, the granularity of weighting the application program is smaller, the minimization of the authority is easier to guarantee, and the safety of the system is improved.
Drawings
Some embodiments of the disclosure are described below with reference to the accompanying drawings, in which:
fig. 1 is a flowchart of a method for appending a right in an application program starting process according to an embodiment of the present application.
Fig. 2 is a schematic diagram of an internal structure of a system for attaching a right in an application program starting process according to an embodiment of the present application.
Fig. 3 is a schematic diagram of an internal structure of a device for attaching a right in an application starting process according to an embodiment of the present application.
Detailed Description
It should be understood by those skilled in the art that the embodiments described below are only preferred embodiments of the present disclosure, and do not mean that the present disclosure can be implemented only by the preferred embodiments, which are merely for explaining the technical principles of the present disclosure and are not intended to limit the scope of the present disclosure. All other embodiments that can be derived by one of ordinary skill in the art from the preferred embodiments provided by the disclosure without undue experimentation will still fall within the scope of the disclosure.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The technical solutions proposed in the embodiments of the present application are described in detail below with reference to the accompanying drawings.
An embodiment of the present application further provides a method for attaching a right in an application program starting process, as shown in fig. 1, the method provided in the embodiment of the present application mainly includes the following steps:
and step 110, acquiring an Exec variable value for modifying the program flow or replacing the authority attaching program name with an application program name, so that the application program is called after the authority attaching program is attached.
The method comprises the steps of obtaining an Exec variable value for modifying a program flow, calling an application program after an authority is attached to the program, and specifically comprising the following steps: triggering a program flow file editing interface through a program flow file shortcut key preset on a desktop; and acquiring the EXEC variable value of the calling application program after the authority additional program is called through the program flow file editing interface.
The authority attaching program name is replaced by an application program name, so that the authority attaching program is called before the application program is called, and the authority attaching program name can be specifically: determining a preset name and a directory of an application program; renaming the application program, and modifying the name of the permission attaching program into a preset name.
According to the above step 110, it can be known that before modifying the authority for the application program, the application program may be invoked after the authority appending program is invoked:
as an example one, by desktop shortcut: the value of an Exec (program flow file) variable in a desktop icon (program flow file shortcut key) is modified, so that the permission attachment program is called first and then the application program is called.
As an example two places, the homonym process alternative: and searching the directory where the application program is located, renaming the application program, naming the permission attachment program as the name of the application program, and calling the permission attachment program first and then calling the application program.
And step 120, calling a Cap function provided by the Linux kernel in a way of the permission attaching program or the preset kernel HOOK, and modifying the permission value of the preset permission in the application program through the Cap function based on the preset modification permission value.
The preset authority at least comprises one or more of the following items: configuring network authority, modifying system configuration file authority and installing installation package authority.
It should be noted that the authority appending program is used as a fixed module, and is preset to have Root authority. For example, the permission attachment program can add the E and P permission values to the application program in a Cap mode provided by Linux so as to meet the condition that the application program processes high-permission transactions. In the kernel Hook mode, because the operation is in a kernel state, a Cap function provided by a Linux kernel can be directly called, the authority value of an application program is improved, and the problem of self authority does not need to be concerned.
In addition, before modifying the application program permission in the kernel Hook manner, linux needs to perform comparison operation first, specifically: a hook do _ execute function in a Linux kernel determines a program of which the authority is to be improved in the do _ execute function by comparing the name of the authority application program of which the capacity value is to be improved with a do _ execute parameter;
step 130, restoring the authority value of the preset authority when receiving the authority restoring instruction; and when an application program recovery instruction is received, recovering the starting process of the application program based on the original operation environment parameters backed up in the permission additional program.
In addition, fig. 2 is a system for adding a right in an application program starting process according to an embodiment of the present application. As shown in fig. 2, the system provided in the embodiment of the present application mainly includes:
the calling module 210 is configured to obtain an Exec variable value for modifying a program flow or replace the authority-attaching program name with an application program name, so that the application program is called after the authority-attaching program is attached.
The calling module 210 further includes an obtaining unit 211; the system comprises a desktop, a program flow file editing interface, a program flow file shortcut key and a program flow file editing interface, wherein the program flow file editing interface is used for triggering the program flow file editing interface through the program flow file shortcut key preset on the desktop; and acquiring the EXEC variable value of the calling application program after the authority additional program is called through the program flow file editing interface.
The calling module 210 further includes a modification unit 212; the method comprises the steps of determining a preset name and a directory of an application program; renaming the application program, and modifying the name of the permission attaching program into a preset name.
The modification module 220 is configured to call a Cap function provided by the Linux kernel in a permission attaching program or a preset kernel HOOK manner, and further modify a permission value of a preset permission in the application program through the Cap function based on a preset modification permission value.
A restoring module 230, configured to restore the authority value of the preset authority when receiving the authority restoring instruction; and when an application program recovery instruction is received, recovering the starting process of the application program based on the original operating environment parameters backed up in the permission additional program.
In addition, an embodiment of the present application further provides a device for adding a right during an application program starting process, as shown in fig. 3, where executable instructions are stored thereon, and when the executable instructions are executed, the method for adding a right during an application program starting process is implemented. Specifically, the server sends an execution instruction to the memory through the bus, and when the memory receives the execution instruction, sends an execution signal to the processor through the bus so as to activate the processor.
It should be noted that the processor is configured to obtain an Exec variable value for modifying a program flow or replace an authority-attaching program name with an application program name, so that the application program is called after the authority-attaching program is attached; calling a Cap function provided by a Linux kernel through an authority additional program or a preset kernel HOOK mode, and further modifying the authority value of the preset authority in the application program through the Cap function based on the preset modification authority value; when receiving an authority recovery instruction, recovering the authority value of the preset authority; and when an application program recovery instruction is received, recovering the starting process of the application program based on the original operation environment parameters backed up in the permission additional program.
So far, the technical solutions of the present disclosure have been described in connection with the foregoing embodiments, but it is easily understood by those skilled in the art that the scope of the present disclosure is not limited to only these specific embodiments. The technical solutions in the above embodiments can be split and combined, and equivalent changes or substitutions can be made on related technical features by those skilled in the art without departing from the technical principles of the present disclosure, and any changes, equivalents, improvements, etc. made within the technical concept and/or technical principles of the present disclosure will fall within the protection scope of the present disclosure.
Claims (8)
1. A method for attaching a right in the starting process of an application program is characterized by comprising the following steps:
acquiring an Exec variable value for modifying the program flow or replacing the authority attaching program name with an application program name, so that the authority attaching program is called before the application program is called;
calling a Cap function provided by a Linux kernel through an authority additional program or a preset kernel HOOK mode, and modifying the authority value of the preset authority in the application program through the Cap function based on the preset modification authority value;
when receiving an authority recovery instruction, recovering the authority value of the preset authority; and when an application program recovery instruction is received, recovering the starting process of the application program based on the original operating environment parameters backed up in the permission additional program.
2. The method for attaching the authority during the starting process of the application program according to claim 1, wherein obtaining an Exec variable value for modifying a program flow or replacing an authority attaching program name with an application program name specifically comprises:
triggering a program flow file editing interface through a program flow file shortcut key preset on a desktop;
and acquiring the EXEC variable value of the calling application program after the authority additional program is called through the program flow file editing interface.
3. The method for attaching the authority during the starting process of the application program according to claim 1, wherein obtaining an Exec variable value for modifying a program flow or replacing an authority attaching program name with an application program name, further comprises:
determining a preset name and a directory of an application program; renaming the application program, and modifying the name of the permission attaching program into the preset name.
4. The method for appending the authority during the starting process of the application program according to claim 1, wherein the preset authority at least comprises any one or more of the following items: configuring network authority, modifying system configuration file authority and installing installation package authority.
5. A system for appending permissions during application startup, the system comprising:
the calling module is used for acquiring an Exec variable value for modifying the program flow or replacing the authority-attached program name with an application program name, so that the authority-attached program is firstly added and then the application program is called;
the modification module is used for calling a Cap function provided by a Linux kernel in a permission attaching program or a preset kernel HOOK mode, and further modifying the permission value of the preset permission in the application program through the Cap function based on the preset modification permission value;
the recovery module is used for recovering the authority value of the preset authority when receiving the authority recovery instruction; and when receiving an application program recovery instruction, recovering the starting process of the application program based on the original operating environment parameters backed up in the permission additional program.
6. The system for appending authority during starting process of application program according to claim 5, wherein the calling module further comprises an obtaining unit;
the system comprises a desktop, a program flow file editing interface, a program flow file shortcut key and a program flow file editing interface, wherein the program flow file editing interface is used for triggering the program flow file editing interface through the program flow file shortcut key preset on the desktop; and acquiring the EXEC variable value of the calling application program after the authority additional program is called through the program flow file editing interface.
7. The system for appending authority during starting process of application program according to claim 5, wherein said calling module further comprises a modification unit;
the method comprises the steps of determining a preset name and a directory of an application program; renaming the application program, and modifying the name of the permission attaching program into the preset name.
8. An apparatus for attaching rights during application startup, the apparatus comprising:
a processor;
and a memory having stored thereon executable code that, when executed, causes the processor to perform a method of attaching rights during application startup as claimed in any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211322110.0A CN115391794A (en) | 2022-10-27 | 2022-10-27 | Method, system and equipment for adding permission in application program starting process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211322110.0A CN115391794A (en) | 2022-10-27 | 2022-10-27 | Method, system and equipment for adding permission in application program starting process |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115391794A true CN115391794A (en) | 2022-11-25 |
Family
ID=84128217
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211322110.0A Pending CN115391794A (en) | 2022-10-27 | 2022-10-27 | Method, system and equipment for adding permission in application program starting process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115391794A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102981835A (en) * | 2012-11-02 | 2013-03-20 | 福州博远无线网络科技有限公司 | Android application program permanent Root permission acquiring method |
| CN103714287A (en) * | 2013-12-25 | 2014-04-09 | 北京奇虎科技有限公司 | Method and device for obtaining temporary Root authority |
| CN104063303A (en) * | 2014-06-30 | 2014-09-24 | 上海斐讯数据通信技术有限公司 | Method for acquiring and freeing root permissions |
| CN105138898A (en) * | 2015-07-22 | 2015-12-09 | 北京元心科技有限公司 | Method for allocating operation right to application program in intelligent terminal |
| CN106471466A (en) * | 2014-11-14 | 2017-03-01 | 谷歌公司 | Brief application |
| CN106650407A (en) * | 2016-12-05 | 2017-05-10 | 宇龙计算机通信科技(深圳)有限公司 | Authority management method and device |
-
2022
- 2022-10-27 CN CN202211322110.0A patent/CN115391794A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102981835A (en) * | 2012-11-02 | 2013-03-20 | 福州博远无线网络科技有限公司 | Android application program permanent Root permission acquiring method |
| CN103714287A (en) * | 2013-12-25 | 2014-04-09 | 北京奇虎科技有限公司 | Method and device for obtaining temporary Root authority |
| CN104063303A (en) * | 2014-06-30 | 2014-09-24 | 上海斐讯数据通信技术有限公司 | Method for acquiring and freeing root permissions |
| CN106471466A (en) * | 2014-11-14 | 2017-03-01 | 谷歌公司 | Brief application |
| CN105138898A (en) * | 2015-07-22 | 2015-12-09 | 北京元心科技有限公司 | Method for allocating operation right to application program in intelligent terminal |
| CN106650407A (en) * | 2016-12-05 | 2017-05-10 | 宇龙计算机通信科技(深圳)有限公司 | Authority management method and device |
Non-Patent Citations (2)
| Title |
|---|
| 贾春福、郑鹏主: "《操作***安全》", 31 December 2006, 武汉:武汉大学出版社 * |
| 陈文波: "基于机器学习的Android应用软件权限管理技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑(月刊)》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11106446B2 (en) | Preinstalled application management method for mobile terminal and mobile terminal | |
| US7757291B2 (en) | Malware containment by application encapsulation | |
| CN107766101B (en) | Method, device and equipment for processing App starting event | |
| CN103826215B (en) | A kind of method and apparatus for carrying out Root authority management on the terminal device | |
| EP1682981B1 (en) | System for invoking a privileged function in a device | |
| EP1678613B1 (en) | System for providing transitions between operating modes of a device | |
| CN114676424B (en) | Container escape detection and blocking method, device, equipment and storage medium | |
| US7552434B2 (en) | Method of performing kernel task upon initial execution of process at user level | |
| CN110944286A (en) | Method, apparatus, system and storage medium for providing positioning information | |
| WO2006114677A2 (en) | System and method for providing bundle group termination in an osgi service platform | |
| CN114595462A (en) | Data processing method and device | |
| US7546600B2 (en) | Method of assigning virtual process identifier to process within process domain | |
| CN115391794A (en) | Method, system and equipment for adding permission in application program starting process | |
| US8650579B1 (en) | Containment for computer-software update installation processes | |
| CN114756289A (en) | Cloud mobile phone recovery method | |
| JP2017126293A (en) | Information processing apparatus and resource management method | |
| CN113064601B (en) | Method, device, terminal and storage medium for determining dynamic loading file | |
| CN112559132A (en) | Safe static detection method and device for containerized deployment application | |
| CN111708579A (en) | Operating system setting recovery method, device, equipment and storage medium | |
| CN111241553A (en) | BIOS (basic input output System) permission setting method, device, equipment and storage medium | |
| CN111190613B (en) | Method for lodging and deploying brain glioma image feature extraction cloud service in single machine | |
| EP1722312A2 (en) | Malware containment by application encapsulation | |
| KR101384929B1 (en) | Media scanning method and media scanning device for storage medium of user terminal | |
| US20150230080A1 (en) | Media scanning method and media scanning terminal | |
| CN112130919A (en) | Fingerprint device self-adaption method, computer and fingerprint device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221125 |
|
| RJ01 | Rejection of invention patent application after publication |