Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SeLinux-based resource access method and device under multiple users

A technology of resource access and resource access request, applied in computer security devices, instruments, computing and other directions, can solve problems such as security loopholes, loss of host users, etc.

Inactive Publication Date: 2018-06-26
CHINA MOBILE COMM LTD RES INST +1
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a resource access method based on SeLinux under multi-users, which is used to solve the problems in the prior art that multiple users share a set of SeLinux, causing security loopholes and causing losses to machine owners and users

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SeLinux-based resource access method and device under multiple users
  • SeLinux-based resource access method and device under multiple users
  • SeLinux-based resource access method and device under multiple users

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] figure 1 A schematic diagram of a resource access process based on SeLinux under a multi-user provided by the embodiment of the present invention, the process includes:

[0048] S101: Receive a resource access request, wherein the resource access request carries identification information of an application to access a resource and identification information of a target resource to be accessed.

[0049] The multi-user-based Android SeLinux resource access method provided by the embodiment of the present invention is applied to a mobile terminal, and the mobile terminal may be a mobile phone, a tablet computer, and the like.

[0050] With the start of Android5.1, Google has added the function of supporting multiple users in Android. Multiple user accounts can be established in the same android mobile terminal. Each user account corresponds to a user, and each user can have their own Applications, application data, and system settings. The first user in the embodiment of...

Embodiment 2

[0064] In the embodiment of the present invention, the host user can divide the resources in SeLinux according to their own needs, thereby improving the experience of the host user. On the basis of the above-mentioned embodiment, before the resource access request is received, the method Also includes:

[0065] receiving a second user's selection instruction for sensitive resources in SeLinux, wherein the selection instruction carries identification information selected as a sensitive resource;

[0066] Marking the resource selected by the second user as a sensitive resource.

[0067] The second user can be the owner user of the mobile terminal, or a non-owner user who is given sensitive resource selection authority by the owner user. In the existing Android multi-user mechanism, the first one to start the mobile terminal The user is called the master user, similar to the administrator user in a personal computer (PC).

[0068] Specifically, receiving an instruction from a s...

Embodiment 3

[0079] In order to reduce security vulnerabilities and provide information security, on the basis of the above implementations, in the embodiment of the present invention, the method further includes:

[0080] receiving a configuration instruction from the second user to the first user, wherein the configuration instruction includes identification information of the first user and identification information of an application capable of accessing the sensitive resource for each sensitive resource in SeLinux;

[0081] According to the configuration instruction, for the first user and each sensitive resource, the identification information of the application that can access the sensitive resource is stored in the configuration table.

[0082] The current basic principle of SELinux is that a resource access request has a security label, and a resource in SELinux also has a security label. When a resource access request accesses a resource in SELinux, the labels of the two need to b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a SeLinux-based resource access method and device under multiple users. The method comprises the steps that a resource access request is received, wherein the resource access request carries identification information of an application about to access resources and identification information of a target resource to be accessed; whether the target resource is a sensitive resource in SeLinux is judged; if yes, whether the application has a permission for accessing the target resource is judged according to a first user performing login currently; and if yes, the application is allowed to access the target resource. According to the embodiment, sensitive resources are set in SeLinux, permissions for applications to access the sensitive resources are set for the applications of the user, therefore, whether the application is allowed to access the corresponding sensitive resource can be determined according to the judgment of whether the application of the current user has the permission for accessing the target resource, security bugs are reduced, and the situation that loss is caused to the host user is avoided.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a resource access method and device based on a security policy (SeLinux) under multi-user. Background technique [0002] With the advent of Android, Android, as an open source operating system, has been widely used in mobile terminals through continuous development. Starting from Android4.3, the Android kernel integrates SeLinux, which greatly improves the security of the entire system. The so-called SeLinux means that any access to resources is illegal without the permission of the rules. For example: there are multiple applications in the mobile terminal, and one of the applications is not authorized to be installed by the owner user of the mobile terminal. Even if the application obtains the resource access permission, because the SeLinux policy judges that the reading is illegal, the application will be blocked. resource access. [0003] Starting from Android5....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/62G06F21/56
CPCG06F21/56G06F21/6218
Inventor 刘玮哲
Owner CHINA MOBILE COMM LTD RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com