[go: up one dir, main page]

CN105095702B - A kind of superuser right control method and device - Google Patents

A kind of superuser right control method and device Download PDF

Info

Publication number
CN105095702B
CN105095702B CN201410195732.0A CN201410195732A CN105095702B CN 105095702 B CN105095702 B CN 105095702B CN 201410195732 A CN201410195732 A CN 201410195732A CN 105095702 B CN105095702 B CN 105095702B
Authority
CN
China
Prior art keywords
super user
terminal device
authority
user authority
response message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410195732.0A
Other languages
Chinese (zh)
Other versions
CN105095702A (en
Inventor
李仕伦
汪智勇
阳得常
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinhe Lingguan Trading Co.,Ltd.
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201410195732.0A priority Critical patent/CN105095702B/en
Publication of CN105095702A publication Critical patent/CN105095702A/en
Application granted granted Critical
Publication of CN105095702B publication Critical patent/CN105095702B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种超级用户权限控制方法及装置,用以解决现有技术中终端设备以非正常方式获取超级用户权限之后,会导致与其关联的终端设备存在多种安全隐患的问题。本发明的方法包括:目标终端设备向与目标终端设备相关联的其他终端设备发送超级用户权限请求;获取相关联的终端设备对超级用户权限请求的响应消息;根据响应消息确定目标终端设备是否可以获取超级用户权限。采用该方案可以避免因终端非法获取超级用户权限而威胁其他关联终端的安全性问题,提高了系统的安全性。

The invention discloses a super user authority control method and device, which are used to solve the problem in the prior art that after a terminal equipment obtains the super user authority in an abnormal manner, various hidden safety hazards will be caused in the associated terminal equipment. The method of the present invention includes: the target terminal device sends a super user permission request to other terminal devices associated with the target terminal device; obtains a response message of the associated terminal device to the super user permission request; determines whether the target terminal device can Get superuser privileges. Adopting this scheme can avoid the security problem of threatening other associated terminals due to the illegal acquisition of super user authority by the terminal, and improves the security of the system.

Description

一种超级用户权限控制方法及装置A super user authority control method and device

技术领域technical field

本发明涉及操作系统领域,具体而言,涉及一种超级用户权限控制方法及装置。The present invention relates to the field of operating systems, in particular to a method and device for controlling authority of a super user.

背景技术Background technique

Root是指存在于UNIX系统和类UNIX系统中的唯一的超级用户,它使得用户可以获取操作系统的超级用户权限,如启动或停止一个进程,删除或增加用户,增加或者禁用硬件等。例如,手机制造商原始出厂的手机并未开放root权限,获取root权限的方法都是不受官方支持的,一般获取root权限的方法都是利用系统漏洞实现的。因此,root权限通常用于帮助用户越过手机制造商的限制,使得用户可以卸载手机制造商预装在手机中某些应用,以及运行一些需要超级用户权限的应用程序。通过非正常方式获取超级用户拥有的权限,破坏系统安全性的行为。由于Root权限的功能过于强大,终端获取root权限之后会有一定的风险。例如,安卓系统手机获取root权限后会存在以下的风险:Root refers to the only superuser existing in UNIX systems and UNIX-like systems, which enables users to obtain superuser privileges of the operating system, such as starting or stopping a process, deleting or adding users, adding or disabling hardware, etc. For example, the original mobile phones shipped by mobile phone manufacturers do not have root privileges, and the methods of obtaining root privileges are not officially supported. Generally, the methods of obtaining root privileges are realized by exploiting system loopholes. Therefore, root privileges are usually used to help users bypass the restrictions of mobile phone manufacturers, allowing users to uninstall certain applications pre-installed in mobile phones by mobile phone manufacturers, and to run some applications that require superuser privileges. The act of violating the security of the system by obtaining the authority of the super user through abnormal means. Because the function of the root authority is too powerful, there will be certain risks after the terminal obtains the root authority. For example, after the Android system mobile phone obtains root permission, there will be the following risks:

1.手机系统获取root权限后,木马病毒会利用root权限肆意攻击系统,导致用户面临不必要的手机安全威胁。1. After the mobile phone system obtains the root authority, the Trojan horse virus will use the root authority to attack the system wantonly, causing users to face unnecessary mobile phone security threats.

2.手机系统获取root权限后,往往由于root权限不彻底,软件兼容性导致的系统不稳定,或导致打电话、发短信或者上网等基本功能失效。2. After the mobile phone system obtains the root authority, the system is often unstable due to incomplete root authority and software compatibility, or the basic functions such as making calls, sending text messages, or surfing the Internet will fail.

3.手机系统获取root权限意味着任何软件都有可能对系统文件执行操作,如删除、替换等。ES文件浏览器等可对系统文件执行操作,若用户获取了此类软件的root权限,用户有可能因此误删除了系统重要文件,继而引发系统错误。3. Obtaining the root authority of the mobile phone system means that any software may perform operations on system files, such as deletion and replacement. ES file browser, etc. can perform operations on system files. If the user obtains the root authority of such software, the user may delete important system files by mistake, and then cause system errors.

4.当手机系统获取root后,可能会导致手机将不再享有个性化的售后服务,导致终端用户造成一些不必要的损失。4. When the mobile phone system is rooted, the mobile phone may no longer enjoy personalized after-sales service, causing unnecessary losses to end users.

5.软件获取root权限后可对用户的手机执行任何隐私操作,如获取手机号、获取位置、发送短信等操作,从而造成用户私密数据的泄漏。5. After the software obtains the root authority, it can perform any privacy operations on the user's mobile phone, such as obtaining the mobile phone number, obtaining the location, sending SMS, etc., resulting in the leakage of the user's private data.

可见,在相关技术中,在终端设备被以非正常方式获取超级用户权限之后,会导致终端设备存在多种安全隐患。因此,现有的技术中缺乏相应措施来预防关联终端被以非正常方式获取超级用户权限的问题。It can be seen that, in related technologies, after a terminal device obtains a superuser authority in an abnormal manner, various security risks may exist in the terminal device. Therefore, there is a lack of corresponding measures in the existing technology to prevent the problem that the associated terminal is obtained the super user authority in an abnormal manner.

发明内容Contents of the invention

本发明提供一种超级用户权限控制方法及装置,用以解决现有技术中终端设备以非正常方式获取超级用户权限之后,会导致与其关联的终端设备存在多种安全隐患的问题。The present invention provides a super user authority control method and device, which are used to solve the problem in the prior art that after a terminal equipment acquires super user authority in an abnormal manner, various potential safety hazards will be caused to associated terminal equipment.

根据本发明的一个方面,提供了一种超级用户权限控制方法,包括:目标终端设备向与目标终端设备相关联的其他终端设备发送超级用户权限请求;获取相关联的终端设备对超级用户权限请求的响应消息;根据响应消息确定目标终端设备是否可以获取超级用户权限。According to one aspect of the present invention, there is provided a super user permission control method, comprising: the target terminal device sends a super user permission request to other terminal devices associated with the target terminal device; A response message; determine whether the target terminal device can obtain superuser authority according to the response message.

其中,获取相关联的终端设备对超级用户权限请求的响应消息具体包括:通过目标终端获取相关联的所有终端设备的超级用户权限的响应消息。Wherein, obtaining the response message of the associated terminal device to the request of the super user authority specifically includes: acquiring the response message of the super user authority of all the associated terminal devices through the target terminal.

其中,获取相关联的终端设备对超级用户权限请求的响应消息具体包括:通过相关联的各个终端设备各自获取与自身相关联的所有终端设备的超级用户权限响应消息。Wherein, obtaining the response message of the associated terminal device to the superuser permission request specifically includes: obtaining the superuser permission response message of all terminal devices associated with itself through each associated terminal device.

其中,根据响应消息确定目标终端设备是否可以获取超级用户权限具体包括:目标终端根据获取到的超级用户权限响应消息确定自身是否获取超级用户权限;在超级用户权限响应消息全部确定获取超级用户权限时,获取超级用户权限,否则,不获取超级用户权限。Wherein, determining whether the target terminal device can obtain the superuser authority according to the response message specifically includes: the target terminal determines whether to obtain the superuser authority according to the acquired superuser authority response message; , to obtain the super user privilege, otherwise, not to obtain the super user privilege.

进一步的,上述方法还包括:相关联的各个终端设备分别根据自身获取的超级用户权限响应消息确定自身是否获取超级用户权限;在超级用户权限响应消息全部确定获取超级用户权限时,获取超级用户权限,否则,不获取超级用户权限。Further, the above method further includes: each associated terminal device respectively determines whether to acquire the super user authority according to the super user authority response message obtained by itself; , otherwise, superuser privileges are not obtained.

根据本发明的另一个方面,提供了一种超级用户权限控制装置,包括:According to another aspect of the present invention, a super user authority control device is provided, including:

发送模块,用于目标终端设备向与目标终端设备相关联的其他终端设备发送超级用户权限请求;获取模块,用于获取相关联的终端设备对超级用户权限请求的响应消息;第一确定模块,用于根据响应消息确定目标终端设备是否可以获取超级用户权限。The sending module is used for the target terminal device to send a super user permission request to other terminal devices associated with the target terminal device; the obtaining module is used for obtaining a response message of the associated terminal device to the super user permission request; the first determining module, It is used to determine whether the target terminal device can obtain superuser authority according to the response message.

其中,获取模块具体用于:通过目标终端获取相关联的所有终端设备的超级用户权限的响应消息。Wherein, the obtaining module is specifically configured to: use the target terminal to obtain a response message of the super user authority of all associated terminal devices.

其中,获取模块具体用于:通过相关联的各个终端设备各自获取与自身相关联的所有终端设备的超级用户权限响应消息。Wherein, the obtaining module is specifically configured to: obtain the super user authority response messages of all terminal devices associated with itself through each associated terminal device.

其中,第一确定模块具体用于:目标终端根据获取到的超级用户权限响应消息确定自身是否获取超级用户权限;在超级用户权限响应消息全部确定获取超级用户权限时,获取超级用户权限,否则,不获取超级用户权限。Wherein, the first determining module is specifically used for: the target terminal determines whether to acquire super user authority according to the obtained super user authority response message; when all the super user authority response messages determine to obtain super user authority, obtain super user authority, otherwise, Do not gain superuser privileges.

进一步的,上述装置还包括:第二确定模块,用于相关联的各个终端设备分别根据自身获取的超级用户权限响应消息确定自身是否获取超级用户权限;判断模块,用于在超级用户权限响应消息全部确定获取超级用户权限时,获取超级用户权限,否则,不获取超级用户权限。Further, the above-mentioned device further includes: a second determination module, used for each associated terminal device to determine whether it obtains the super user permission according to the super user permission response message obtained by itself; When all are determined to obtain super user privileges, obtain super user privileges, otherwise, do not obtain super user privileges.

本发明提供的超级用户权限控制方案,避免了因关联终端设备其中的一个终端设备被授予超级用户权限之后,导致关联在一起的其他终端通过超级权限控制其他终端设备,并获取其他终端设备的敏感数据的问题,避免了用户数据泄漏,提高了系统的安全性。The super user rights control scheme provided by the present invention avoids that after one of the associated terminal devices is granted super user rights, other associated terminals control other terminal devices through super rights and acquire sensitive information of other terminal devices. The problem of data avoids the leakage of user data and improves the security of the system.

附图说明Description of drawings

图1为本发明实施例的超级用户权限控制方法的流程图;Fig. 1 is the flow chart of the superuser authority control method of the embodiment of the present invention;

图2为本发明实施例的超级用户权限控制装置的结构框图;Fig. 2 is a structural block diagram of a super user authority control device according to an embodiment of the present invention;

图3为本发明实施例的另一种超级用户权限控制装置的结构框图。Fig. 3 is a structural block diagram of another super user authority control device according to an embodiment of the present invention.

具体实施方式Detailed ways

为了解决现有技术用户被以非正常方式获取超级用户拥有的权限会导致用户存在多种安全隐患的问题,本发明提供了一种超级用户权限控制方法、装置以及系统,以下结合附图以及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不限定本发明。In order to solve the problem in the prior art that a user’s access to the authority owned by the superuser in an abnormal way will cause the user to have various security risks, the present invention provides a method, device and system for controlling the authority of the superuser. The following is combined with the accompanying drawings and implementation For example, the present invention will be described in further detail. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

图1是本发明实施例的超级用户权限控制方法的流程图,如图1所示,该方法包括以下步骤:Fig. 1 is the flow chart of the superuser authority control method of the embodiment of the present invention, as shown in Fig. 1, this method comprises the following steps:

步骤101:目标终端设备向与目标终端设备相关联的其他终端设备发送超级用户权限请求;Step 101: the target terminal device sends a superuser permission request to other terminal devices associated with the target terminal device;

步骤102:获取相关联的终端设备对超级用户权限请求的响应消息;Step 102: Obtain a response message of the associated terminal device to the superuser authority request;

步骤103:根据响应消息确定目标终端设备是否可以获取超级用户权限。Step 103: Determine whether the target terminal device can obtain superuser authority according to the response message.

上述步骤101中,所述的超级用户权限即为root,当关联在一起的多个终端设备中有一目标终端有root权限需求时,它需要向与其关联的所有终端设备发出root请求,具体地,该请求可以以广播的形式发送到关联在一起的其他各个终端设备上。In the above step 101, the super user authority is root. When a target terminal among the multiple terminal devices associated together has a root authority requirement, it needs to send a root request to all terminal devices associated with it. Specifically, The request can be sent to other associated terminal devices in the form of broadcast.

其中上述步骤102具体可以通过目标终端获取相关联的所有终端设备的超级用户权限的响应消息;或者,相关联的各个终端设备分别获取相关联的所有终端设备的超级用户权限响应消息。即,可以是关联在一起的各个终端设备收到其中的一台终端设备的root权限请求时,各个终端设备对该请求做出响应,同意获取root权限或者是不同意获取root权限,各个终端设备中每一台终端设备做出的响应都会通知到与其关联在一起的其他的各个终端设备,该响应消息也可以以广播的形式的发出,这样每台终端设备中都保存有多个响应消息,且各终端设备中的响应消息相同,所以各终端设备可根据自身保存的响应消息来确定自身是否获取root权限,这样可以使各个终端设备对root权限的授权状态相同,即全部获取root权限,或全部不获取root权限。The above-mentioned step 102 may specifically obtain the response message of the super user authority of all the associated terminal devices through the target terminal; or, each associated terminal device obtains the response message of the super user authority of all the associated terminal devices respectively. That is, when each associated terminal device receives a root permission request from one of the terminal devices, each terminal device responds to the request by agreeing to obtain the root permission or not agreeing to obtain the root permission, and each terminal device The response made by each terminal device in the system will notify other terminal devices associated with it, and the response message can also be sent in the form of broadcast, so that each terminal device has multiple response messages stored in it. And the response messages in each terminal device are the same, so each terminal device can determine whether itself obtains the root authority according to the response message saved by itself, so that the authorization status of each terminal device to the root authority is the same, that is, all obtain the root authority, or All without root privileges.

在上述步骤102后,关联在一起的每一台终端设备在接收到其他终端设备的响应消息后,可以分别把各个终端设备的响应消息保存到本终端设备中,具体地,可以存储在终端设备的参数分区中。由于每台终端设备向其他终端设备发出的响应消息一致,所以关联在一起的每台终端设备存储到自身中的响应消息,即是否获取root权限的消息是一致的。After the above step 102, after receiving the response messages from other terminal devices, each associated terminal device can store the response messages of each terminal device in the terminal device, specifically, it can be stored in the terminal device in the parameter partition. Since the response messages sent by each terminal device to other terminal devices are consistent, the response messages stored in itself by each associated terminal device, that is, the message of whether to obtain the root authority are consistent.

上述步骤103具体可以通过以下两种情况来执行:The above step 103 can be specifically performed through the following two situations:

在目标终端获取相关联的所有终端设备的超级用户权限响应消息的情况下,目标终端根据超级用户权限响应消息确定自身是否可以获取超级用户权限。When the target terminal acquires the superuser authority response messages of all associated terminal devices, the target terminal determines whether it can acquire the superuser authority according to the superuser authority response messages.

在相关联的各个终端设备分别获取相关联的所有终端设备的超级用户权限响应消息的情况下,相关联的各个终端设备分别根据超级用户权限响应消息确定自身是否获取超级用户权限。In the case that each associated terminal device respectively obtains the super user authority response message of all associated terminal devices, each associated terminal device respectively determines whether to acquire the super user authority according to the super user authority response message.

具体地,以上所述的根据终端设备对超级用户权限的响应消息来确定是否获取超级用户权限的步骤具体可以为,在超级用户权限响应消息全部确定可以获取权限时,自身获取超级用户权限,否则,不获取超级用户权限。Specifically, the above-mentioned step of determining whether to obtain the super user authority according to the response message of the terminal device to the super user authority may specifically be: when all the super user authority response messages confirm that the authority can be acquired, the terminal device itself acquires the super user authority, otherwise , without obtaining superuser privileges.

本实施例所提供的方法在上述步骤101至步骤103的基础上,还可以包括以下步骤:The method provided in this embodiment may further include the following steps on the basis of the above steps 101 to 103:

目标终端设备根据超级用户权限响应消息确定是否获取超级用户权限之后,将是否获取权限的结果发送给与其关联的其他终端设备;其他终端设备根据该结果同步自身的超级用户权限授权状态。基于此,本实施例提供的超级用户权限控制方法的整体流程还可以是,在目标终端设备有root权限需求时,向与其关联的各个终端设备发送root权限请求,接收来自各个终端设备的响应消息后,存储响应消息,检测存储的各个响应消息,根据这些响应消息,来判断是否获取root权限。当关联在一起的所有终端设备的响应消息都同意获取root权限时,确定获取root权限,否则不获取root权限。如果目标终端设备获取root权限,同时向与其关联在一起的其他终端设备的发送授权结果,即将该授权结果作为其他终端设备的同步更新授权状态的指示消息,其中,同步授权状态即为当授权结果为确定获取root权限时,则各个终端分别根据指示消息获取root权限。当授权结果为确定不获取root权限时,目标终端也将授权结果发送给与其相关连的其他终端设备,各终端设备接收授权结果后,确定各个终端自身不获取root权限。After the target terminal device determines whether to obtain the super user permission according to the super user permission response message, it sends the result of whether to obtain the permission to other terminal devices associated with it; other terminal devices synchronize their own super user permission authorization status according to the result. Based on this, the overall process of the super user authority control method provided in this embodiment may also be: when the target terminal device has a root authority requirement, send a root authority request to each terminal device associated with it, and receive a response message from each terminal device Finally, store the response message, detect each stored response message, and judge whether to obtain the root authority according to these response messages. When the response messages of all associated terminal devices agree to obtain the root permission, it is determined to obtain the root permission, otherwise the root permission is not obtained. If the target terminal device obtains the root authority and sends the authorization result to other terminal devices associated with it at the same time, the authorization result will be used as an indication message for synchronously updating the authorization status of other terminal devices, wherein the synchronous authorization status is the current authorization result To determine to obtain the root authority, each terminal obtains the root authority according to the instruction message. When the authorization result is determined not to obtain the root authority, the target terminal also sends the authorization result to other terminal devices connected to it, and each terminal device determines that each terminal itself does not obtain the root authority after receiving the authorization result.

以下通过一个具体的应用场景来进一步描述本发明实施例的超级用户权限控制方法:The super user permission control method of the embodiment of the present invention is further described below through a specific application scenario:

例如,在一个有智能手表、智能眼镜以及智能手机的相关设备中,当智能手表有root权限需求时,该智能手表发出root权限请求给智能眼镜以及智能手机,智能眼镜和智能手机接收到root权限请求后,各自做出相应的响应。该关联设备中,智能手表、智能眼镜以及智能手机都会收到与其关联的其他终端设备的响应消息,然后把自身的响应消息以及接收到的响应消息保存在自身存储模块中,这样每一台终端设备都会存储智能手表、智能眼镜以及智能手机三个响应消息。此外,当智能手机即将关机或插数据线时,智能手机检测模块就会检测该响应消息,以及时获取响应消息。如果三个终端设备的响应消息中存在不同意授权的响应消息时,则三个终端设备都不获取root权限,若三个终端设备都同意获取root权限,则智能手表则可以获取root权限,同时智能手表在确定可以获得root权限后通知智能手机、智能眼镜的同步模块,二者的同步模块接到确定授权的通知之后,分别获取root权限。从而可以保证智能手表、智能眼镜和智能手机同时获取root权限。For example, in a related device with a smart watch, smart glasses and a smart phone, when the smart watch has a root permission requirement, the smart watch sends a root permission request to the smart glasses and the smart phone, and the smart glasses and the smart phone receive the root permission After the request, each responds accordingly. Among the associated devices, smart watches, smart glasses, and smart phones will receive response messages from other terminal devices associated with them, and then store their own response messages and received response messages in their own storage modules, so that each terminal The device will store three response messages of smart watch, smart glasses and smart phone. In addition, when the smart phone is about to be turned off or the data cable is plugged in, the smart phone detection module will detect the response message, so as to obtain the response message in time. If there is a response message that does not agree with the authorization in the response messages of the three terminal devices, the three terminal devices do not obtain the root authority. If the three terminal devices agree to obtain the root authority, the smart watch can obtain the root authority, and at the same time The smart watch notifies the synchronization modules of the smart phone and the smart glasses after determining that the root authority can be obtained, and the synchronization modules of the two obtain the root authority respectively after receiving the notification that the authorization is confirmed. This ensures that smart watches, smart glasses, and smart phones obtain root permissions at the same time.

图2是本发明实施例的超级用户权限控制装置20的结构框图,如图2所示,该装置20包括:Fig. 2 is a structural block diagram of a superuser authority control device 20 according to an embodiment of the present invention. As shown in Fig. 2, the device 20 includes:

发送模块21,用于目标终端设备向与目标终端设备相关联的其他终端设备发送超级用户权限请求;The sending module 21 is used for the target terminal device to send a super user permission request to other terminal devices associated with the target terminal device;

获取模块22,用于获取相关联的终端设备对超级用户权限请求的响应消息;An acquisition module 22, configured to acquire a response message of the associated terminal device to the superuser authority request;

第一确定模块23,用于根据响应消息确定目标终端设备是否可以获取超级用户权限。The first determining module 23 is configured to determine whether the target terminal device can obtain super user authority according to the response message.

其中,上述获取模块22具体用于:通过目标终端获取相关联的所有终端设备的超级用户权限的响应消息;或者,通过相关联的各个终端设备各自获取与自身相关联的所有终端设备的超级用户权限响应消息。Wherein, the above acquisition module 22 is specifically used to: obtain the response message of the super user rights of all associated terminal devices through the target terminal; Permission response message.

上述第一确定模块23具体可以用于:目标终端根据获取到的超级用户权限响应消息确定自身是否获取超级用户权限;The above-mentioned first determination module 23 may specifically be used for: the target terminal determines whether it obtains the super user authority according to the obtained super user authority response message;

在超级用户权限响应消息全部确定获取超级用户权限时,获取超级用户权限,否则,不获取超级用户权限。When all the super user permission response messages confirm that the super user permission is obtained, the super user permission is obtained; otherwise, the super user permission is not obtained.

进一步的,上述装置20还包括:Further, the above-mentioned device 20 also includes:

第二确定模块,用于相关联的各个终端设备分别根据自身获取的超级用户权限响应消息确定自身是否获取超级用户权限;判断模块,用于在超级用户权限响应消息全部确定获取超级用户权限时,获取超级用户权限,否则,不获取超级用户权限。The second determining module is used for each associated terminal device to determine whether it obtains the super user permission according to the super user permission response message obtained by itself; the judging module is used for when all the super user permission response messages determine to obtain the super user permission, Obtain superuser privileges, otherwise, do not obtain superuser privileges.

进一步的,上述装置20还可以包括:Further, the above-mentioned device 20 may also include:

第二发送模块,用于根据超级用户权限响应消息确定是否获取超级用户权限之后,将授权结果发送给与其关联的其他终端设备;同步模块,用于通过其他终端设备根据授权结果同步自身的授权状态。The second sending module is used to determine whether to obtain the super user permission according to the super user permission response message, and then sends the authorization result to other terminal devices associated with it; the synchronization module is used to synchronize the authorization status of itself according to the authorization result through other terminal devices .

其中,上述装置20还可以以图3的具体结构来实现,如图3所示,该具体结构的超级用户权限控制装置具体包括以下组成部分:Wherein, the above-mentioned device 20 can also be realized with the specific structure of FIG. 3 , as shown in FIG. 3 , the super-user authority control device of the specific structure specifically includes the following components:

请求模块31,该请求模块35用于当终端有root权限需求时,向与该终端关联的所有终端设备发出root请求,具体地,该请求可以以广播的形式发出。The requesting module 31, the requesting module 35 is configured to send a root request to all terminal devices associated with the terminal when the terminal has a root authority requirement, specifically, the request can be sent in the form of broadcast.

响应模块32,该响应模块32用于当终端设备收到root权限请求时,对该root权限请求做出的响应,同意获取root权限或者是不同意获取root权限,并将响应消息发送与其关联在一起的其他的各个终端设备,该响应消息也可以以广播的形式的发出。Response module 32, the response module 32 is used to respond to the root permission request when the terminal device receives the root permission request, agree to obtain root permission or disagree to obtain root permission, and send a response message associated with it For other terminal devices together, the response message can also be sent in the form of broadcast.

存储模块33,该存储模块33用于当终端设备在接收到其他终端设备的响应消息后,把各个设备的响应消息保存到本设备中,具体可以存在参数分区中。由于每台终端设备发出的响应结果一致,所以关联在一起的每台终端存储到本设备中的所有响应结果即是一致的。从而保证了关联在一起的设备同时获取root权限或者是同时不获取root权限。A storage module 33, the storage module 33 is used for storing the response messages of each device in the terminal device after receiving the response messages of other terminal devices, which may specifically be stored in the parameter partition. Since the response results sent by each terminal device are consistent, all the response results stored in the device by each associated terminal device are consistent. Thus, it is ensured that the devices associated together obtain the root authority or do not obtain the root authority at the same time.

检测模块34,该检测模块34用于检测存储于本设备中的各个响应消息,根据这些响应消息,来判断是否获取root权限。当关联在一起的所有终端设备都同意获取root权限时,才会授权给终端设备,否则不授权。如果设备获取root权限。则同时通知关联在一起的其他的终端设备的同步模块35同步授权状态,即根据授权结果通知其他终端可以获取root权限或不可以获取root权限。A detection module 34, the detection module 34 is used to detect each response message stored in the device, and judge whether to obtain the root authority according to these response messages. When all the terminal devices associated together agree to obtain the root authority, the terminal device will be authorized, otherwise it will not be authorized. If the device gets root permission. At the same time, the synchronization module 35 of other associated terminal devices is notified to synchronize the authorization state, that is, to notify other terminals that the root authority can be obtained or not root authority can be obtained according to the authorization result.

同步模块35,该同步模块35,用于当关联在一起的终端设备如有一台终端设备同意获取root权限之后,通知其他的设备获取root权限,这时其他终端设备的同步模块开始同步更新自身的root权限授权状态,即自身获取root权限,保证其root权限状态与其他的各个设备root权限状态一致。Synchronization module 35, the synchronization module 35 is used to notify other devices to obtain root authority when the associated terminal equipment agrees to obtain root authority, and at this time the synchronization modules of other terminal equipment start to update their own synchronously. Root authority authorization status, that is, to obtain root authority itself, to ensure that its root authority status is consistent with the root authority status of other devices.

本发明提供了超级用户权限控制方案,该方案可以保证关联在一起用户只存在同时获取超级用户权限以及同时不获取超级用户权限这两种状态,避免了因其中的一个用户获取超级用户权限控制之后,导致关联在一起的其他用户通过超级权限控制其他用户,并获取其他用户的敏感数据的问题,避免了用户数据泄漏,从而提高了系统的安全性。The present invention provides a super user authority control scheme, which can ensure that the associated users only have two states of obtaining super user authority at the same time and not obtaining super user authority at the same time. , leading to the problem that other associated users control other users through super authority and obtain sensitive data of other users, avoiding user data leakage, thereby improving system security.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. In this way, if these modifications and variations of the present invention belong to the claims of the present invention and their equivalents

同技术的范围之内,则本发明也意图包含这些改动和变型在内。Within the scope of the same technology, the present invention also intends to cover these changes and modifications.

Claims (6)

1.一种超级用户权限控制方法,其特征在于,包括:1. A super user authority control method, characterized in that, comprising: 目标终端设备向与所述目标终端设备相关联的其他终端设备发送超级用户权限请求;The target terminal device sends a superuser permission request to other terminal devices associated with the target terminal device; 获取相关联的终端设备对所述超级用户权限请求的响应消息;Acquiring a response message of the associated terminal device to the superuser permission request; 根据所述响应消息确定所述目标终端设备是否可以获取超级用户权限;determining whether the target terminal device can acquire superuser authority according to the response message; 获取相关联的终端设备对所述超级用户权限请求的响应消息具体包括:Obtaining the response message of the associated terminal device to the superuser permission request specifically includes: 通过相关联的各个终端设备各自获取与自身相关联的所有终端设备的超级用户权限响应消息;Obtain the super user permission response messages of all terminal devices associated with itself through each associated terminal device; 所述方法还包括:The method also includes: 相关联的各个终端设备分别根据自身获取的所述超级用户权限响应消息确定自身是否获取超级用户权限;Each associated terminal device determines whether it obtains the super user right according to the super user right response message obtained by itself; 在所述超级用户权限响应消息全部确定获取所述超级用户权限时,获取所述超级用户权限,否则,不获取所述超级用户权限。When all the super user authority response messages determine to acquire the super user authority, acquire the super user authority; otherwise, do not acquire the super user authority. 2.如权利要求1所述的方法,其特征在于,获取相关联的终端设备对所述超级用户权限请求的响应消息具体包括:2. The method according to claim 1, wherein obtaining the response message of the associated terminal device to the super user permission request specifically comprises: 通过所述目标终端获取相关联的所有终端设备的超级用户权限的响应消息。The target terminal obtains a response message of the super user rights of all associated terminal devices. 3.如权利要求2所述的方法,其特征在于,根据所述响应消息确定所述目标终端设备是否可以获取超级用户权限具体包括:3. The method according to claim 2, wherein determining whether the target terminal device can acquire superuser authority according to the response message specifically comprises: 所述目标终端根据获取到的所述超级用户权限响应消息确定自身是否获取超级用户权限;The target terminal determines whether it obtains super user authority according to the obtained super user authority response message; 在所述超级用户权限响应消息全部确定获取所述超级用户权限时,获取所述超级用户权限,否则,不获取所述超级用户权限。When all the super user authority response messages determine to acquire the super user authority, acquire the super user authority; otherwise, do not acquire the super user authority. 4.一种超级用户权限控制装置,其特征在于,包括:4. A super user authority control device, characterized in that, comprising: 发送模块,用于目标终端设备向与所述目标终端设备相关联的其他终端设备发送超级用户权限请求;A sending module, configured for the target terminal device to send a super user permission request to other terminal devices associated with the target terminal device; 获取模块,用于获取相关联的终端设备对所述超级用户权限请求的响应消息;An obtaining module, configured to obtain a response message of the associated terminal device to the superuser permission request; 第一确定模块,用于根据所述响应消息确定所述目标终端设备是否可以获取超级用户权限;A first determining module, configured to determine whether the target terminal device can obtain superuser authority according to the response message; 所述获取模块具体用于:The acquisition module is specifically used for: 通过相关联的各个终端设备各自获取与自身相关联的所有终端设备的超级用户权限响应消息;Obtain the super user permission response messages of all terminal devices associated with itself through each associated terminal device; 所述装置还包括:The device also includes: 第二确定模块,用于相关联的各个终端设备分别根据自身获取的所述超级用户权限响应消息确定自身是否获取超级用户权限;The second determining module is used for each associated terminal device to determine whether itself obtains the super user authority according to the super user authority response message obtained by itself; 判断模块,用于在所述超级用户权限响应消息全部确定获取所述超级用户权限时,获取所述超级用户权限,否则,不获取所述超级用户权限。A judging module, configured to acquire the super user authority when all the super user authority response messages determine to acquire the super user authority, otherwise, not acquire the super user authority. 5.如权利要求4所述的装置,其特征在于,所述获取模块具体用于:5. The device according to claim 4, wherein the acquiring module is specifically used for: 通过所述目标终端获取相关联的所有终端设备的超级用户权限的响应消息。The target terminal obtains a response message of the super user rights of all associated terminal devices. 6.如权利要求5所述的装置,其特征在于,所述第一确定模块具体用于:6. The device according to claim 5, wherein the first determining module is specifically configured to: 所述目标终端根据获取到的所述超级用户权限响应消息确定自身是否获取超级用户权限;The target terminal determines whether it obtains super user authority according to the obtained super user authority response message; 在所述超级用户权限响应消息全部确定获取所述超级用户权限时,获取所述超级用户权限,否则,不获取所述超级用户权限。When all the super user authority response messages determine to acquire the super user authority, acquire the super user authority; otherwise, do not acquire the super user authority.
CN201410195732.0A 2014-05-09 2014-05-09 A kind of superuser right control method and device Active CN105095702B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410195732.0A CN105095702B (en) 2014-05-09 2014-05-09 A kind of superuser right control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410195732.0A CN105095702B (en) 2014-05-09 2014-05-09 A kind of superuser right control method and device

Publications (2)

Publication Number Publication Date
CN105095702A CN105095702A (en) 2015-11-25
CN105095702B true CN105095702B (en) 2018-03-16

Family

ID=54576117

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410195732.0A Active CN105095702B (en) 2014-05-09 2014-05-09 A kind of superuser right control method and device

Country Status (1)

Country Link
CN (1) CN105095702B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107491669B (en) * 2017-02-16 2020-06-05 东软集团股份有限公司 Super user permission obtaining method and device
CN107358090A (en) * 2017-07-05 2017-11-17 北京珠穆朗玛移动通信有限公司 Control method, mobile terminal and the storage medium of System Privileges
CN115684818A (en) * 2022-10-11 2023-02-03 国网浙江省电力有限公司 Intelligent terminal detection system for power distribution network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101208704A (en) * 2005-06-29 2008-06-25 Nxp股份有限公司 Security system and method for securing the integrity of at least one arrangement comprising multiple devices
CN101521615A (en) * 2009-03-31 2009-09-02 深圳创维数字技术股份有限公司 Communication method for different networks and internetwork for smart machine
CN103491396A (en) * 2013-09-11 2014-01-01 辽源市信长城信息技术研发有限公司 Intelligent set top box with digital right management mechanism and information security mechanism
CN103518205A (en) * 2013-03-27 2014-01-15 华为技术有限公司 Method for limiting operation authority and automation device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8201227B2 (en) * 2008-05-06 2012-06-12 International Business Machines Corporation System and method for authenticating an end user

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101208704A (en) * 2005-06-29 2008-06-25 Nxp股份有限公司 Security system and method for securing the integrity of at least one arrangement comprising multiple devices
CN101521615A (en) * 2009-03-31 2009-09-02 深圳创维数字技术股份有限公司 Communication method for different networks and internetwork for smart machine
CN103518205A (en) * 2013-03-27 2014-01-15 华为技术有限公司 Method for limiting operation authority and automation device
CN103491396A (en) * 2013-09-11 2014-01-01 辽源市信长城信息技术研发有限公司 Intelligent set top box with digital right management mechanism and information security mechanism

Also Published As

Publication number Publication date
CN105095702A (en) 2015-11-25

Similar Documents

Publication Publication Date Title
US9923902B2 (en) Remote processsing of mobile applications
JP6412140B2 (en) Make sure to allow access to remote resources
CN104967997B (en) A kind of Wi-Fi cut-in method, Wi-Fi equipment, terminal device and system
CN104461749B (en) A kind of application program synchronous method, sychronisation and the terminal of multisystem terminal
CN102904869B (en) Method and apparatus for remote authentication
CN109168156B (en) A method, system, medium, computer program product and server for implementing a virtual SIM card
WO2016106150A1 (en) Enforcement of proximity based policies
CN103647785A (en) Security control method, device and system for mobile terminal
CN105072255A (en) Mobile device privacy authority control method, device and corresponding mobile phone device
AU2014235181A1 (en) Certificate based profile confirmation
CN105512576A (en) Method for secure storage of data and electronic equipment
KR20150054828A (en) Securely handling server certificate errors in synchronization communication
CN104376263A (en) Application behavior intercepting method and application behavior intercepting device
CN103914520B (en) Data query method, terminal device and server
CN103713904A (en) Method, related device and system for installing applications in working area of mobile terminal
CN103744686A (en) Control method and system for installing application in intelligent terminal
WO2014166227A1 (en) Method, apparatus, and device for adding plug-in in address book
WO2018049564A1 (en) Anti-theft method and device for mobile terminal
US20150220726A1 (en) Authentication Method, Authentication Apparatus and Authentication Device
CN104462997A (en) Method, device and system for protecting work data in mobile terminal
CN106534102A (en) Device access method and device and electronic device
US20210185051A1 (en) Security De-Escalation for Data Access
WO2019037521A1 (en) Security detection method, device, system, and server
CN105095702B (en) A kind of superuser right control method and device
JP2018509692A (en) Selective block-based integrity protection techniques

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20250604

Address after: 100071 Room 1104, Building 1, Compound 2, Caqiao East Road, Fengtai District, Beijing

Patentee after: Beijing Xinhe Lingguan Trading Co.,Ltd.

Country or region after: China

Address before: 518057 South Mountain High-tech Industrial Park North District, Shenzhen City, Guangdong Province, 1 Kupai Information Port, 6 floors

Patentee before: YULONG COMPUTER TELECOMMUNICATION SCIENTIFIC (SHENZHEN) Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right