Control method and system of restricted access in Android application multi-running environment

Abstract

The invention discloses a control method and system of restricted access in an Android application multi-running environment, an open source virtualization framework is extended, and a privilege escalation attack initiated by a ClientApp due to the sharing of a permission of a HostApp is limited. The method includes a step of judging whether a current sensitive API call operation is legal or not with the combination of loaded policy information if a current operation is the sensitive API call operation when the ClientApp is running, and allowing the ClientApp to call a real API if so, a step of triggering an IOHook module to obtain a currently accessed file directory if the current operation belongs to a file access operation, then allowing an IoCheck module to check whether current accessis legal or not with the combination of a policy library, and calling a real system for file operation if so, and a step of analyzing a permission list to be a default quasi-permission authorizationset while the HostApp loads the ClientApp, and forming an authorization set with the integration of a developer-configured policy. According to the method and the system, the sensitive API access control in a third-party application multi-running environment is achieved.

Description

technical field [0001] The present invention relates to the fields of mobile security and access control, and more specifically, to a control method and system for restricting access in an Android application multi-open environment. Background technique [0002] As a personal personal handheld device, an Android mobile phone stores a lot of personalized user privacy data. Some of these data are generated when the user uses an application developed by a third party, such as the account number and password for logging in to a social application, and browsing information generated by a browser. Records, etc., and some data such as GPS, mobile device ID, etc. are provided by the Android phone itself. On the native Android system, in order to ensure the security of user privacy data, each application runs an instance with the same UID. The security sandbox technology is used to isolate the application and the application. The implementation of the security sandbox is based on the...

AI Technical Summary

Problems solved by technology

At the same time, it has the same file system access rights as the host application, including access to read and write access to other important application file directories in a multi-open environment, resulting in leakage of private information

[0007] To sum up, no one has proposed a solution to control application permissions in a multi-open environment. Previous research mainly focused on isolating malicious applications to restricted environments, which is also different from application isolation on the Android operating system. Access control in an application multi-open environment is resource access control for multiple processes running as a single user

Images