The invention discloses a Linux operating system file read-write transparent encryption and decryption method, comprising the following steps: 1, finding the address of a sys_close function; 2, starting from the starting address of the memory, reading the data in the memory and matching; and if the content is the address of the system call sys_close, determining that the matching is successful, and carrying out the next step; If not, determining that the matching fails, and reading the data in the next memory and performing matching; 3, after the matching is successful, calling the open, read,write, mmap and msync functions on the hook system to encrypt and decrypt the data; 4, achieving the function of file encryption protection. The method has the advantages of simple process and wide platform compatibility, and is not only suitable for Mips processors, but also suitable for Arm processors. The search method is simple; the code is simple and understandable.