[go: up one dir, main page]

CN101702128B - Methods and systems for isolating execution to software application programs - Google Patents

Methods and systems for isolating execution to software application programs Download PDF

Info

Publication number
CN101702128B
CN101702128B CN200910009933.6A CN200910009933A CN101702128B CN 101702128 B CN101702128 B CN 101702128B CN 200910009933 A CN200910009933 A CN 200910009933A CN 101702128 B CN101702128 B CN 101702128B
Authority
CN
China
Prior art keywords
request
resource
file
key
scope
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200910009933.6A
Other languages
Chinese (zh)
Other versions
CN101702128A (en
Inventor
L·G·拉博尔茨法尔维
A·罗伊乔德里
A·G·博尔茨基
J·D·穆伊尔
H·C·秦
P·泽马恩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Citrix Systems Inc
Original Assignee
Citrix Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/711,736 external-priority patent/US8171479B2/en
Priority claimed from US10/711,734 external-priority patent/US20060069662A1/en
Priority claimed from US10/711,735 external-priority patent/US7853947B2/en
Priority claimed from US10/711,733 external-priority patent/US8117559B2/en
Priority claimed from US10/711,737 external-priority patent/US7680758B2/en
Priority claimed from US10/711,732 external-priority patent/US7752600B2/en
Priority claimed from US11/231,370 external-priority patent/US8095940B2/en
Application filed by Citrix Systems Inc filed Critical Citrix Systems Inc
Publication of CN101702128A publication Critical patent/CN101702128A/en
Application granted granted Critical
Publication of CN101702128B publication Critical patent/CN101702128B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Stored Programmes (AREA)

Abstract

A method for isolating access by application programs to native resources provided by an operating system redirects a request for a native resource made by an application program executing on behalf of a user to an isolation environment. The isolation environment includes a user isolation scope and an application isolation scope. An instance of the requested native resource is located in the user isolation scope corresponding to the user. The request for the native resource is fulfilled using the version of the resource located in the user isolation scope. If an instance of the requested native resource is not located in the user isolation scope, the request is redirected to an application isolation scope. The request for the native resource is fulfilled using the version of the resource located in the application isolation scope. If an instance of the requested native resource is not located in the application isolation scope, the request is redirected to a system scope.

Description

For isolating the method and apparatus to the execution of software application
The application divides an application, and its female case application number is 200580041015.1; Its female case international filing date is on September 23rd, 2005; Its female case denomination of invention is: " for isolating the method and apparatus to the execution of software application ".
Technical field
The present invention relates to management execution to software application by computing machine, more particularly, relate to for reducing between different application and by the method and apparatus of the compatibility between the individual consumer of the performed same application domain of same computer system and sociability problem
Background technology
Computer software application, carry out and installation period between, make full use of the various local resources that the operating system by computing machine provides.Traditional single user computer is depicted in Figure 1A.As shown in Figure 1A, the local resource that operating system 100 provides may comprise file system 102, registry data storehouse 104 and object 106.The mechanism of data file 150,152 is opened, creates, reads, copies, revises and deleted to file system 102 for application program provides.Data file 150,152 can be grouped in together in the logical layered architecture in catalogue 160,162.Registry data storehouse 104 storage about the hardware, which system option that are attached to physically computing machine selected, how computer memory is set up, the various projects of application-specific data and should be had the information of what application program in starting when operating system 100.As shown in Figure 1A, registry data storehouse 104 is organized in the logical layered architecture of " key " 170,172, " key " 170,172nd, the container of registry value publicly.Operating system 100 can also provide a plurality of communication and synchronization object 106, comprises semaphore, segmentation, mutexes, timer, variant (mutant) and pipeline.By operating system 100, become available file system 102, registry data storehouse 104, object 106 and any other local resource and all will be called as " system layer " 108 from start to finish running through the literature together.The resource being provided by system layer 108 is all available for any application program or system program 112,114.
Yet, when attempting to carry out or install in two incompatible application programs 112,114, will go wrong.As shown in Figure 1A, two application A PP1112 and APP2114, carry out on " on the top " of operating system 100, that is to say, described application program makes full use of by operating system the function that visits local resource is provided.When described application program the term of execution or during installation process, in the mode of mutually repelling, make full use of local resource 102,104, in 106, just say that described application program is incompatible each other.APP1112 may need or may attempt installing, and be positioned at the file of path c: windows system32 msvcrt.dll by name, and APP2114 may need or may attempt being positioned at the second different files of same paths name.In the case, APP1112 and APP2114 cannot be carried out on identical computing machine, just say that they are incompatible each other.For other local resources, also may run into similar problem.This is for need to be in same operation system 100 environment installing together or carry out these two computer user of APP1112 and APP2114, then what is better is also inconvenient.
Figure 1B described the application program 112,114,112 that the some user concurrents of support representative carry out ', 114 ' multi-user computer system.As shown in Figure 1B, the first example 112 of APP1 and the first example 114 of APP2 are carried out in the context 110 of first user session, the second example 112 of APP1 ' carry out in the context 120 of the second user conversation, and the second example 114 of APP2 ' in the context 130 of the 3rd user conversation, carry out.In this environment, if two examples 112,112 of APP1 ' and two examples 114,114 of APP2 ' make full use of local resource 102,104,106 just look like that to only have unique user to carry out described application program the same, will go wrong at this moment.For example, APP1112 can be stored in application-specific data in registry key 170.When first real 112 and APP11 the second example 112 carried out in the second user's context 120 of the APP1 carrying out in first user context 110 ' all attempt configuration data is stored in identical registry key 170, just will store incorrect configuration data for a user.For other local resources, also can there is similar problem.
The present invention is devoted to solve compatibility and the sociability problem of these application programs.
Summary of the invention
The present invention allows on single computing machine, to install and carry out mutually incompatible application program and the version incompatible of same application domain.In addition, it also allow on multiple-access computer to install and to carry out once for single user computer, created or once do not considering when in the situation that multiple-access computer carry out in the program that creates of those problems of appearance.Described method and apparatus can be applicable to single user computing environment, and described single user computing environment comprises that a plurality of users can one after the other use the environment of single computing machine and a plurality of user concurrents and use multi-user's computing environment of single computing machine.The present invention is virtual to the user of local resource (such as file system, registry data storehouse, system object, window class and window title) and application program access, and need not revise the operating system on application program or basis.In addition, virtualized local resource can be stored and (that is to say according to native format, virtualized file is stored in file system, virtualized registry entries is stored in registry data storehouse, etc.), so just allow to check that the resource with managing virtual can realize by tool master and technology.
In one aspect, the present invention relates to a kind of for the method to the access of the local resource being provided by operating system by application program is provided.The request to local resource that the process that represents first user execution is made is redirected to the isolation environment that comprises user isolation scope and application isolation scope.The example of requested resource is positioned in user isolation scope, uses the example of the resource of locating in this user isolation scope to reply the request to this local resource.In certain embodiments, the example of requested resource is not positioned in user isolation scope.In these embodiments, this request is redirected to application isolation scope.In some embodiment in these embodiments, the example of requested resource is positioned in application isolation scope, and replys the request to local resource with the example that is positioned at the resource of application isolation scope.
In yet another aspect, the present invention relates to a kind of for the isolation environment to the access of the local resource being provided by operating system by application program is provided.This isolation environment comprises the user isolation scope corresponding to user, for storing the example of local resource; And redirector, for what tackle that the process carried out by representative of consumer makes, to the request of local resource with this request, be redirected to user isolation scope.In certain embodiments, this isolation environment also comprises application isolation scope, for storing the example of local resource.
In one aspect, the present invention relates to a kind of for showing the method for the Aggregation view of local resource.Described method comprises step: the local resource of a plurality of system scopes that provided by system scope is provided, and the local resource of a plurality of range of applications that provided by application isolation scope is provided.Some in the resource of a plurality of range of applications are corresponding to some in the resource of a plurality of system scopes.The method also comprises step: be one in the resource of a plurality of system scopes corresponding existence of in the resource of determining a plurality of range of applications, and in one of correspondence in the resource of a plurality of range of applications Aggregation view that is included in local resource.
In one embodiment, the method comprising the steps of: in one in the resource of a plurality of system scopes resource of determining a plurality of range of applications corresponding one do not exist.In another embodiment, the method comprising the steps of: in one in the resource of a plurality of system scopes Aggregation view that is included in local resource.
In yet another embodiment, the method comprising the steps of: the local resource that a plurality of user scopes that provided by user isolation scope are provided.Some in the resource of a plurality of user scopes are corresponding to some in the resource of a plurality of system scopes.The method is also included as the corresponding existence of in the resource that in the resource of a plurality of system scopes one determines a plurality of user scopes, and in one of correspondence in the resource of a plurality of user scopes Aggregation view that is included in local resource.
In another embodiment, the method is included as corresponding in the resource that in the resource of a plurality of system scopes one determines a plurality of user scopes one and does not exist.In one embodiment, the method comprises in the Aggregation view of one in the resource of a plurality of system scopes resource that is included in system scope.In yet another embodiment, the method is included as corresponding in the resource that in the resource of a plurality of system scopes one determines a plurality of range of applications one and shows that this resource is deleted.
In one embodiment, the method comprising the steps of: the resource of removing system scope from the Aggregation view of the resource of system scope.In another embodiment, the method comprising the steps of: in one in the resource of a plurality of system scopes resource of determining a plurality of user scopes corresponding one show that this resource is deleted.In yet another embodiment, the resource that the method comprising the steps of removes system scope from the Aggregation view of the resource of system scope.
In another embodiment, the method is by file system driver, mini drive, and user model hook mechanism, and one of core schema hook mechanism carrys out interception request to enumerate to comprise the request of file system of the resource of system scope.In another embodiment again, the method comprising the steps of: interception request is enumerated the request of a plurality of registry entries.
In one aspect, the present invention relates to a kind ofly for the virtual method of access to the system object of name, comprise step: from carrying out process the context of user isolation scope, receive the request of request access system object.This request comprises the virtual name of this system object.The rule being associated with this request is determined, and the word title of this system object forms in response to determined rule.The request of this system object of request access is sent to operating system.This request comprises the word title of this system object.
On the other hand, the present invention relates to a kind of for the virtual equipment of access to the system object of name.Hook mechanism is from carrying out the request of the process reception request access system object the context of user isolation scope.The request receiving comprises the virtual name of this system object.Title virtualization engine forms the word title of this system object.Operating system interface carrys out this system object of request access by word title.
In one aspect, the present invention relates to a kind of for the virtual method to the access of local resource.The request of request access local resource is received from the process of carrying out the context of isolation environment, and this request comprises the virtual name of local resource.Determine that the rule action remapping is associated with the virtual name being included in received request.The word title of local resource is formed, and this word title is designated the word local resource of same type the resource of request.The request of this local resource of request access is sent to operating system, and this request comprises the determined word title of local resource.
In one embodiment, from carrying out the request that the process of institute the context of isolation environment receives, be the system object that access is named, this request comprises the virtual name of this system object.In another embodiment, determine a rule, for the word title that forms the sign writing system object of this system object, use.In certain embodiments, this system object is file system element.In other embodiments, this system object is registry key.
In yet another aspect, the present invention relates to a kind of for the virtual equipment to the access of local resource.Hook mechanism is from carrying out the request of the process reception request access local resource the context of isolation environment, and this request comprises the virtual name of this local resource.Title virtualization engine forms the word title of this local resource, and formed word title is designated the word local resource of same type the resource of request.This word local resource identifying of operating system interface request access.
In one embodiment, this hook mechanism interception request is accessed the request of this local resource.In another embodiment, the rule that regulation engine storage is associated with the virtual name being included in received request.
Accompanying drawing explanation
The present invention is with pointing out especially in accompanying claim.Advantage of the present invention described above and invention other advantages originally can be better understood by reference to given by reference to the accompanying drawings following description, in the accompanying drawings:
Figure 1A is the block diagram of prior art operating system environment of execution of two application programs of support representative user;
Figure 1B is the block diagram of prior art operating system environment of concurrent execution of a plurality of application programs of the some users of support representative;
Fig. 2 A is the block diagram of the embodiment of the computer system that reduced of application compatibility and sociability problem;
Fig. 2 B is the figure of the embodiment of the computer system that reduced of application compatibility and sociability problem;
Fig. 2 C is the process flow diagram illustrating an embodiment of process taked step associated with isolation range;
Fig. 3 A is the process flow diagram that an embodiment of the virtual step that the access of the local resource in computer system is taked is shown;
Fig. 3 B is the process flow diagram of an embodiment of the step that identification replacement example is taked in execution pattern;
Fig. 3 C be describe when receive one for opening in the request of local resource (this request shows that this resource object that is being opened is to revise it) identification word (literal) resource and take to obtain the process flow diagram of an embodiment of step under Installation Modes;
Fig. 3 D is the process flow diagram of describing when receive an embodiment of the step of identifying literal resource in a request that creates virtual resource and taking under Installation Modes.
Fig. 4 is the process flow diagram that is depicted in an embodiment of the step that the entry that opens file in system in described virtualized environment takes;
Fig. 5 is the process flow diagram that is depicted in an embodiment of the step of taking from file system deletion entry in described virtualized environment;
Fig. 6 is the process flow diagram that is depicted in an embodiment who enumerates the step that the entry in file system takes in described virtualized environment;
Fig. 7 is depicted in the process flow diagram that described virtualized environment creates an embodiment of the step that entry takes in file system;
Fig. 7 A is depicted in the process flow diagram that creates an embodiment who distributes the step that unique short filename takes after a new file;
Fig. 8 is the process flow diagram that is depicted in an embodiment who opens the step that registry key takes in described virtualized environment;
Fig. 9 is the process flow diagram that is depicted in an embodiment who deletes the step that registry key takes in described virtualized environment;
Figure 10 is the process flow diagram that is depicted in an embodiment who enumerates the step that the sub-key of the key in registry data storehouse takes in described virtualized environment;
Figure 11 is that the process flow diagram that creates an embodiment of the step that registry key takes in described virtualized environment is described;
Figure 12 is the process flow diagram of describing an embodiment of the virtual step that the access of named object is taked;
Figure 13 is the process flow diagram that is depicted in an embodiment of the step that in described environment, virtual window title and window class are taked;
Figure 13 A is the process flow diagram of an embodiment of the step describing to determine that word window title and window class title are taked;
Figure 14 is the process flow diagram that is depicted in an embodiment of the step that in described virtualized environment, the outer com server of calling process is taked;
Figure 15 carrys out the process flow diagram of an embodiment of the step that virtualization applications routine call takes with file type associations; And
Figure 16 describes process to move to from source isolation range the process flow diagram of an embodiment of the step that target isolation range takes.
Index
The object of index is to help reader to follow discussion of the present invention:
1.0 isolation environment concept general introductions
1.1 application program isolation
1.2 user isolation
The Aggregation view of 1.3 local resources
Associated between 1.4 processes and isolation range
1.4.1 associated between extraneous process and isolation range
2.0 virtualization mechanism general introductions
3.0 installations in isolation environment
4.0 detailed virtual examples
4.1 file system are virtual
4.1.1 file system opening operation
4.1.2 file system deletion action
4.1.3 file system is enumerated operation
4.1.4 file system creation operation
4.1.5 short filename claims management
4.2 registration tablies are virtual
4.2.1 registry key opening operation
4.2.2 registry key deletion action
4.2.3 registry key is enumerated operation
4.2.4 registration table creation operation
4.3 named object virtualization operations
4.4 window title is virtual
The outer com server of 4.5 processes is virtual
4.6 virtualized file type associations
The dynamic mobile of 4.7 processes between isolation environment
Embodiment
1.0 isolation environment concept general introductions
1.1 application program isolation
With reference now to Fig. 2 A,, show an embodiment of the computing machine moving under the control of the operating system 100 having reduced in application compatibility and application program sociability problem.Operating system 100 makes application program 112,114 can use various local resources via its system layer 108.The view of the resource that system layer 108 is included will be called as term " system scope ".For fear of application program 112,114 access local resources 102,104,106,107, produce conflict, isolation environment 200 is just provided.As shown in Figure 2 A, isolation environment 200 comprises application program separation layer 220 and user isolation layer 240.In concept, isolation environment 200 provides unique local resource view, described local resource such as file system 102, registration table 104, object 106 and window title 107 to application program 112,114 via application program separation layer 220.Each separation layer is revised the local resource view that offers an application program.The modification view of the local resource being provided by a layer is called as " isolation range " of this layer.As shown in Figure 2 A, described application program separation layer comprises two application isolation scope 222,224.Scope 222 representatives offer the view of the local resource of application program 112, and scope 224 representatives offer the view of the local resource of application program 114.Therefore, in the shown embodiment of Fig. 2 A, to APP1112 provide file system 102 ' private views, return APP2114 provides file system 102 simultaneously " be also another special-purpose view.In certain embodiments, application program separation layer 220 provides local resource 102,104,106,107 private views to each single utility program of carrying out on the top of operating system 100.In other embodiments, application program 112,114 can be organized into set, in these embodiments, application program separation layer 220 provides the private views of local resource for each pool of applications.The application program of conflict can be placed in to separate group, in order to strengthen compatibility and the sociability of application program.At other embodiment, the application program that belongs to a set can be configured due to keeper.In certain embodiments, " lead directly to that " isolation range can be defined by definitely corresponding to system scope.In other words, the application program of carrying out within straight-through isolation range directly operates system scope.
In certain embodiments, also application isolation scope is divided into the subrange of layering.Boss's scope comprises base application isolation range, and additional subrange comprises the various modifications to the visible scope of a plurality of execution example of this this application program.For example, the modification that subrange can be to the scope of the variation that embodies the Patch-level of application program or the installation of supplementary features or remove.In certain embodiments, the set that can be changed into the visible additional subrange of example of the application program of carrying out is configurable.In certain embodiments, the set of that visible subrange is all identical for all examples of the application program of carrying out, no matter this application program is representing which user is carrying out.In other embodiments, visible subrange set may change for the different user of carrying out this application program.At other embodiment, can define the various set of subrange, and for using which set, user can make one's options.In certain embodiments, when no longer needing in subrange, can to abandon subrange.In certain embodiments, the modification being included in the set of subrange can merger form single subrange together.
1.2 user isolation
With reference now to Fig. 2 B,, described the multiple-access computer that application compatibility and application program sociability problem have reduced.This multiple-access computer comprises local resource 102,104 in system layer 108,106,107 and the isolation environment 200 of discussing above that is close to.Application program separation layer 220 plays a role like that according to described above, the modification view of local resource is provided to application program or set of applications.User isolation layer 240, conceptive, provides following local resource view to application program 112,114, and this local resource view also represents that according to application program that user's of its execution User Identity makes change.As shown in Figure 2 B, user isolation layer 240 can be regarded as comprising a plurality of user isolation scope 242 ', 242 ", 242 " ', 242 " ", 242 " " ', 242 " " " (being 242 generally).User isolation scope 242 provides user's private views of the application-specific view of local resource.For example, provide that a file system view 102 ' (a), this document system view is by user isolation scope 242 to representative of consumer " a " is carried out in user conversation 110 APP1112 " and application isolation scope 222 these two change or revise.
In other words, layering that user isolation layer 240 is for each individual consumer is by by user isolation scope 242 " ' provide user's private views revise " " on the application-specific view being provided by application isolation scope 222 is revised (it again by layering on the wide local resource view of the system scope because system layer provided) change local resource view.For example, in the entry in the first example 112 access registry data storehouses 104 of APP1, just consult the view in the registry data storehouse 104 of first user session and application-specific ' (a).If the registry key of asking has found in user's private views of registration table 104 ' (a), so just this registry key is turned back to APP1112.If do not found, consult the registry data storehouse 104 of application-specific ' view.If the registry key of asking registration table 104 ' application-specific view in found, so just this registry key is returned to APP1112.If do not found, so just the registry key of storing in the registry data storehouse 104 in system layer 108 (that is, the machine registry key) is returned to APP1112.
In certain embodiments, user isolation layer 240 provides isolation range for each individual consumer.In other embodiments, user isolation layer 240 provides isolation range for user's group, and its role that can be used within tissue defines or can be pre-determined by keeper.In other other embodiment, do not provide any user isolation layer 240.In these embodiments, the local resource view that application program is seen is the local resource view being provided by application program separation layer 220.Isolation environment 200, although described by the multiple-access computer of the concurrent execution of various user's application programs with respect to support, but it also can use on single user computer, in order to be devoted to solve application compatibility that the executive utility of different users order in same computer system causes and sociability problem and same subscriber, install and carry out those problems that incompatible program causes.
In certain embodiments, user isolation scope is also divided into subrange.By user isolation scope, to presenting to the modification of the view of the application program of carrying out in that scope, be included in the polymerization of the modification within the subrange in this scope.Subrange by layering on mutual top, and in this Aggregation view, the modification to the modification heavy duty of the resource in higher subrange to same asset in low layer more.
In some embodiment in these embodiments, one or more in these subranges can comprise the modification to the view of user's special use.In some embodiment in these embodiments, one or more subrange can comprise the modification of user being gathered to special-purpose view, and user's set can be defined by system manager, or in operating system, is defined as user's group.In some embodiment in these embodiments, one of these subranges can comprise the modification of the view of specific login sessions special use, and therefore in this conversation end, are abandoning them.In some embodiment in these embodiments, the Application Instance being associated with user isolation scope always affects one of these subranges to the change of local resource, and in other embodiments, those variations can affect different subranges, and this depends on changed specific resources.
The Aggregation view of 1.3 local resources
Notional architecture described above allows the application program of carrying out to representative of consumer to present the polymerization of local resource or unified virtualized view (this view is application program and user's combination special use).The view of this polymerization can be called as " virtual scope ".The Application Instance of carrying out to representative of consumer presents the single view of the local resource of all exercisable virtual examples that reflect local resource.Conceptive, the local resource set that first view of this polymerization is provided at system scope by operating system forms, this local resource set and the modification overlaid being included in the application isolation scope that is applicable to the application program carried out, also with the modification overlaid being included in the user isolation scope that is applicable to the application program that representative of consumer carries out.Local resource in system scope is characterised in that for all users and application program in this system and all shares, except operating system premission denay is to the place of specific user or application program access.The all examples that are characterised in that the application program to being associated with that application isolation scope to being included in the modification of the resource view in application isolation scope all share.To being included in the modification of the resource view in user isolation scope, be characterised in that all application programs that the user that the application isolation scope with applicable is associated and representative is associated with user isolation scope is carried out all share.
This concept can expand to subrange; All application programs that the modification that is included in the resource view in user's subrange is organized to execution for the separaant scope with applicable is associated and representative is associated with user isolation subrange user or user all share.Running through this instructions from start to finish, it should be understood that whenever generally with reference in " scope ", in scope and subrange, all have part, it also estimates to refer to subrange.
When application requests is enumerated in local resource (such as the part in file system or registry data storehouse), virtualized enumerating by first enumerating the example of " system scope " of local resource, in system layer, visible example (if present) is constructed.Then, enumerate the example of " range of applications " of requested resource, also, the example finding in suitable application isolation scope (if present).Any resource of enumerating of meeting in application isolation scope is all added to this view.If cited resource is (because its is also present in this system scope in the past) in this view Already in, so just it is replaced to the example of the resource of meeting in application isolation scope.Similarly, enumerate the example of " user scope " of requested resource, also, the example finding in suitable user isolation scope (if present) really.Again any resource of enumerating of meeting is all added to this view in user isolation scope.If this local resource is (because its is just present in this system scope or is present in this suitable application isolation scope in the past) in this view Already in, so just it is replaced to the example of the resource of meeting in user isolation scope.Like this, any enumerating all of local resource will correctly be reflected the virtual of cited local resource.Conceptive, identical method is also applicable to enumerate the isolation range that comprises a plurality of subranges.Enumerate independent subrange, in Aggregation view, from the substitution of resources of higher subrange from the coupling example of lower subrange.
In other embodiments, enumerate and can carry out to system layer downwards from user isolation scope layer, rather than carry out conversely user isolation scope layer from system layer.In these embodiments, enumerate user isolation scope.Then, enumerate application isolation scope and add this Aggregation view in structure to appearing at any resource example of still not enumerated in user isolation scope in application isolation scope.Can repeat a similar process for the resource only appearing in this system scope.
In other embodiment, all isolation range can be enumerated and enumerating and can be combined respectively separately simultaneously.
If an application program attempts to open an existing example of local resource, but but do not revise the object of this resource, the special-purpose example that returns to so this application program is exactly an example seen in virtual scope, or is the example there will be in the parents' of requested resource virtualized enumerating equivalently.According to isolation environment, this application program is for example asking to open one " virtual resource ", and is exactly for example " literal resource " corresponding to requested resource for meeting the particular instance of the local resource of this request.
If the application program of a representative of consumer execution is attempted to open resource and is shown that it is being made like this and object is to revise this resource, Application Instance is just given with the privately owned copy of that resource that will revise conventionally so, and reason is that the resource in application isolation scope and system scope shares for representing the application program that other users carry out.Typically, produce the copy of the user scope of this resource, unless the example of this user scope has existed.The definition of the Aggregation view being provided by virtual scope is meaned to the action that resource range of applications or system scope is copied to user isolation scope is not paid close attention to user and application, be not any other user, not for the Aggregation view being provided by virtual scope is provided any other Application Instance.The follow-up modification that the Application Instance of being carried out by representative of consumer is made copied resource does not affect any other and does not share the Aggregation view of the Application Instance of identical user isolation scope.In other words, those modifications are not other users, for the unconnected Application Instance of the application isolation scope with identical, do not change the Aggregation view of local resource yet.
Associated between 1.4 processes and isolation range
Application program can be installed in specific isolation range and (be described in further detail below).The application program being installed in isolation range is always associated with this scope.As selection, can be application program launching among specific isolation range, or start in a plurality of isolation range.In fact, an application program is activated and is associated with one or more isolation range.The isolation range that this is associated, or scope, provide the particular figure of local resource to process.Also can application program launching among system scope, that is to say, can they be associated with any isolation range.This has taken into account within isolation environment optionally executive operating system application program (such as Internet Explorer) and third party application.
No matter where application program be arranged on and application program launching alleviated to application compatibility and sociability problem to this ability within isolation range, and this application program need to be installed within isolation range independently.This optionally installed application program launching is provided to allow to the ability in different isolation range need the application program of HELPER APPLICATION (such as Word, Notepad etc.) to have to allow the ability of those HELPER APPLICATIONs with the identical incompatible startup of rule set.
And then, application program launching is taken into account between the application program of isolating and common application and can be had better and integrate to this ability within the environment of a plurality of isolation.
With reference now to Fig. 2 C,, in succinct total sight, a kind of method for process is associated with isolation range, comprises process initiation step of (step 282) in suspended state.The rule being associated with desirable isolation range is acquired (step 284), and the identifier of this process and the rale store (step 286) in memory component obtained, then recovers the process (step 288) of hanging up.Interception or hook follow-up call (step 290) to access local resource of having been done by this process, and the rule (if present) being associated with this Process identifier is used for the virtual access (step 292) to requested resource.
Also with reference to figure 2C, in more detail, a process initiation (step 282) in suspended state.In certain embodiments, by client's starter program, complete this task.In some of these embodiment, this starter is designed to especially a process initiation in selected isolation range.In other embodiments, this starter for example by command-line option accept desirable isolation range regulation and as input.
The rule being associated with the isolation range of hope is acquired (step 284).In certain embodiments, described rule is obtained the memory element from lasting (such as hard disk drive or other solid-state memory elements).Described rule can be stored as relational database, flat file database, the database of tree structure, binary tree structure, or other lasting data structures.In other embodiments, described rule can be stored in special configuration and stores in their data structure.
The identifier of process, is stored in (step 286) in memory component such as process id (PID) and the rule obtained.In certain embodiments, a core schema driver is provided, and this core schema driver receives the operating system message about new process creation.In these embodiments, PID can be stored in driver context with the rule of obtaining.In other embodiments, provide file system filter driver, or microfilter, its interception local resource request.In these embodiments, PID can be stored in this filtrator with the rule of obtaining.In other embodiments, all interceptions are all linked up with to carry out by user model, and not store any PID.Described rule is loaded during process initialization by user model hook-up apparatus, and any other assembly does not need to know that the rule that is applied to this PID, reason are that rule association entirely carries out in process.
The process of hanging up is resumed (step 288), and tackle or hook the subsequent calls (step 290) to access local resource of being made by this process, and the rule being associated with Process identifier (if present) is used for the virtual access (step 292) to requested resource.In certain embodiments, file system filter driver or microfilter, interception is to the request of access local resource and determine whether the Process identifier being associated with tackled request is associated with a regular collection.If be associated, so just use the rule being associated with stored Process identifier to carry out the request of virtual request access local resource.If also do not had, so just do not add modification and allow the request of request access local resource pass through.In other embodiments, dynamic link library is loaded in the process of new establishment, and this storehouse loads isolation rule.In other embodiment more again, these two is all used for interception to accessing calling of local resource core schema technology (hook, filter driver, microfilter) and user model technology.For the embodiment that stores described rule for file system filter driver, this storehouse can be from rule described in described file system filter driver load.
As the process that is " child " of the process that is associated with isolation range, be associated with the isolation range of their " parents " process.In certain embodiments, in establishment child process, this is realized by core schema driver circular document system filter driver.In these embodiments, file system filter driver determines whether the Process identifier of parents' process is associated with isolation range.If so, file system filter driver is just stored in the Process identifier of child's process of new establishment and the association between the isolation range of parents' process so.In other embodiments, this document system filter driver can be by directly from this system call, and does not use core schema driver.In other embodiments, in the process being associated with isolation range, for creating the operating system function of new process, just hooked or tackled.In the request that the request that receives when the process from such creates new process, the association between new child's process and parents' isolation range is just stored.
In certain embodiments, scope or subrange can be associated with independent thread rather than whole process, so just allow to isolate with each thread for carrying out fundamentally.In certain embodiments, can use the isolation of each thread for service and COM+ server.
1.4.1 extraneous process is associated with isolation range
Another aspect of the present invention is any Application Instance to be associated with any application isolation scope, and need not manage described application program, be to be installed to this application isolation scope, be installed in Another application program isolation range and be not still arranged in any application isolation scope.Yet, the application program not being installed in application-specific scope also can representative of consumer be carried out in the context of application isolation scope and corresponding user isolation scope, reason is that their local resource passes through by user isolation scope, and the virtual scope of application isolation scope and the formed polymerization of system scope can be used by them.In the situation that hope goes to run application in isolation range, with regard to providing the application program that makes to be directly installed in system scope to move within isolation range, do not need so independently application program to be arranged on to the ability within isolation range mutually.So also provide and can in the context of any isolation range, the application program being directly installed in system scope be used as to HELPER APPLICATION.
Each Application Instance, comprises all processes that form the application program of carrying out, and is associated, and is associated by expanding corresponding with zero or one definitely user isolation scope with zero or an application isolation scope.This association is being determined and which rule (if any) will be applied in resource request and use by regulation engine.Association needs not to be that application isolation scope (if any) being installed to for application program.Be installed to many application programs in isolation range and can not correctly play a role in operating in different isolation range or not operating in isolation range, reason is that they cannot find necessary local resource.Yet, because isolation range is the polymerization that comprises the resource view of system scope, so the application program being arranged in system scope generally can both be brought into play correct effect within any application isolation scope.This just means Helper program and the outer com server of process, and the application program that can both be carried out in specific isolation range by representative of consumer is called and carried out.
In certain embodiments, the application program being arranged in system scope is carried out in isolation range, and object is in order to change the identification result of execution for this reason the file of computing machine and configuration setting have been made to which.Because all affected files and configuration are set, in user isolation scope, kept apart, so these files and configuration are set, be easy to just be identified.In some embodiment of these embodiment, this point is used in report to file and configuration being set in the change of having done by application program.In certain embodiments, described file and configuration are set in finishing in application program execution and are deleted, and have so just effectively guaranteed any change of the file of computing machine and configuration setting can not be stored as the result that application program is carried out.In other embodiment more again, described file and configuration are set and are optionally deleted, or not deleted in finishing in the execution of application program, this has just guaranteed that the variation that the file of computing machine and configuration are set only has some to be just stored as the result that application program is carried out effectively.
2.0 virtualization mechanism general introductions
With reference now to Fig. 3 A,, show an embodiment of the virtual step that will take the access of local resource in execution pattern, described execution pattern will be different from Installation Modes below.In brief general introduction, interception or reception are in order to access the request (step 302) of local resource.That local resource that described request identification access will be found.Determine about how treating the application rule (step 304) of received request of access.If this rule shows this request and should be left in the basket, so just allow this request of access pass through, and system layer is not made an amendment to (step 306), then returning to requestor's (step 310).If this rule shows should to be redirected or to be isolated for this request of access, so just identification meets the textual examples (step 308) of the resource of this request, the modification of literal resource or replacement request are delivered to system layer (step 306), then this result is returned to requestor's (step 310).
Also, with reference to figure 3, in more detail, interception or reception identify the request (step 302) of local resource.In certain embodiments, to the request of local resource by by operating system by application program provide in order to produce local resource request " hook " tackled by function.In certain embodiments, this is implemented as dynamic link library, and this dynamic link library is loaded in the address space of each the new process being created by operating system, and it carries out hook during its initialization routine.DLL is loaded into the instrument that can provide via operating system in each process to be realized, or as selecting, by revising the executable image list of DLL to import in disk file or realize when the executable image of this process imports in storer in being loaded from disk.In other embodiments, function is linked up with by serving, and driver or finger daemon (daemon) are carried out.In other embodiments, to the executable image being provided by operating system (comprising shared library and executable file), can make an amendment or patch installing, to function hook is provided or directly comprises logic of the present invention.For the specific embodiment that is an operating system in the WINDWOS of Microsoft operating system family for this operating system, interception can be carried out by core schema driver hook system service dispatch table.In other embodiment more again, this operating system can provide and allow third party can go hook for the instrument of the function of request access local resource.In some embodiment of these embodiment, this operating system can provide this instrument via application programming interface (API) or debugging acid.
In other embodiments, local resource request is tackled by the filtrator in the driver stack being associated with local resource or handling procedure storehouse.For example, certain operations system in the WINDOWS of Microsoft operating system family has ability comes third party's filter driver or microfilter to be inserted in file system driver storehouse, and file system filter driver or microfilter can be to be used to provide isolation features described below.In other embodiment more again, the present invention includes the file system implementation that can directly be incorporated to logic of the present invention.As selection, can rewriting operation system to function described below can be directly provided.In certain embodiments, listed abovely for tackling or receiving, to the some or all combination of the method for the request of resource, can be used simultaneously.
In many examples, only have those for the request of opening existing local resource or creating new local resource, just to be hooked or tackle.In these embodiments, to the initial access of local resource, be exactly the access that causes that resource is virtualized.After initial access, the application program of asking can use the handle of directly identifying literal resource that operating system provides or pointer or other identifiers with operating system with regard to virtual resources and intercommunication mutually.In other embodiments, request is also hooked or is tackled the request of the other types of virtualized local resource operation.In some embodiment of these embodiment, by application program, open or create the request of virtual resource and return to the virtual handle of directly not identifying literal resource, and this isolation environment is responsible for, for virtual handle, follow-up request is translated into corresponding literal resource.In some embodiment of those embodiment, additional virtualization operation can be postponed, until proof needs just to carry out really.For example, the operation that the privately owned revisable copy of resource is provided to isolation range just can be postponed, until be generated as only for changing the request of this resource, rather than this resource just starts this operation in being opened under the pattern that is allowing subsequent modification.
Once local resource request is blocked or receives, so for determining about how processing this specific application rule of asking just by definite (step 304).The most applicable rule can be by reference to regulation engine, and database association rule or the regular flat file that comprises suitable data structure (such as list or the tree construction) tissue of use are determined.In certain embodiments, give and to be given rule with priority, for determining that when applying priority in two or more rules which rule is the most applicable by being considered to be.In some embodiment of these embodiment, regular priority is included in rule they self, or, as selection, rule priority can be embedded in the data structure for storage rule, and for example, regular priority can be indicated in the position of tree construction by rule.Determined rule can comprise about how going to process the additional information of virtualized resource request (all like, request to be redirected to which literal resource).In certain embodiments, rule is ternary item, comprises filtrator field, action field and data field.In this embodiment, filtrator field comprises being the local resource request receiving for coupling to determine whether this rule is effective filtrator for requested resource title.Action field can be " ignoring ", " be redirected " or " isolation ".Data field can be any additional information about being the action that will take in effectively when rule, comprise when rule be the function that will use in effectively.
Rule action " is ignored " and is meaned that this request is directly to the local resource operation of asking in system scope.That is to say, this request is delivered to system layer 108 (step 306) without change, and to the completing of this request, just looks like not exist any isolation environment 200 the same.In the case, just say that isolation environment is to have one " hole ", or this request can be called as " leading directly to " request.
If this rule action shows local resource request, should be redirected or isolate, so just identification meets the literal resource (step 308) of this request.
Rule action " is redirected " and means the directly local resource operation to system scope of this request, but this local resource is different from resource specified in this request.Literal resource is by identifying the title that in the data field of determined rule, specified or implicit mapping function is applied to asked local resource.The most general in the situation that, word local resource can be positioned in system scope Anywhere.Cite a plain example, rule { prefix_match (" c: temp; resource name); REDIRECT; replace_prefix (" c: temp "; " d: wutemp ", resource name) } by file c: temp examples the access of request of d1.txt be redirected to text file d: wutemp examples d1.txt.The mapping function and the matching feature that are included in regular data field can also be promoted, with for example by support complicated behavior with regular expression.Some embodiment can provide and are given in user isolation scope or are applicable to subrange or the application isolation scope of the application program that representative of consumer carries out or are applicable to locate within the subrange of application program the ability of the mapping function of literal resource.Further embodiment can provide to specify in and within the application isolation scope that is applicable to different application, locate the mapping function of literal resource to the ability of interactive form controlled between isolates application is provided.In some special embodiment, " " move and can be configured to provide be equivalent to " is provided and ignores " the behavior of rule action.In these embodiments, literal resource is exactly asked local resource just.In this condition is configured, isolation environment can be described as has one, and " hole, " or request can be called as " lead directly to and " asks.
" isolation " rule action means the literal resource operation that this request is identified using suitable user isolation scope and application isolation scope.That is to say, the identifier of this literal resource passes through user's isolation range, application isolation scope, and these two scopes, or the identifier that any range does not make land used revise the local resource of asking is determined.The specific character Resource Dependence of identifying is in the example of the type of institute's request access and the local resource of asking applicable user isolation scope Already in whether, in applicable application isolation scope and system scope.
Fig. 3 B describes to understand that when receiving to open the required list of local resource this resource object that is being opened is to revise an embodiment who identifies the step that literal resource (step 306 in Fig. 3 A) will take in it.In brief, determine the example of the user scope of the local resource of asking, also, whether the example being present in applicable user scope or user's subrange there is (step 354).If existed, to be just identified as be the literal resource (step 372) to this request to the example of user scope so, and this example is opened and is then returned to requestor.If the example of user scope does not exist, so just determine whether the example of the range of applications of the local resource of asking exists (step 356).If the example of range of applications exists, so just it being designated is " candidate " resource example (step 359), then checks the permissions data being associated with candidate translation example, to determine whether to allow to revise this example (step 362).If there is no the example of any range of applications, so just determines whether the example of the system scope of the local resource of asking exists (step 358).If it does not exist, so just error condition is returned to requestor, show that asked virtual resources is not present in (step 360) in virtual scope.Yet if the resource of system scope exists, so just it being designated is candidate's resource example (step 361), and the permissions data that inspection is associated with candidate translation example is to determine whether to allow to revise this example (step 362).If it does not exist, so just error condition is returned to requestor's (step 364), show whether allow to revise this virtualized resource.If this permissions data shows to revise candidate's resource, so just the candidate translation example of local resource is made the copy (step 370) of user scope, the instance identification of user scope, be to be the textual examples (step 372) to this request, open it and then it is returned to requestor.
Also, with reference to figure 3, in more detail, determine whether the resource of user scope exists, or in other words, whether requested resource is present in applicable user scope or subrange (step 354).Applicable user scope or subrange are exactly the scope being associated with user in the application isolation scope being associated in the application program with producing this request by layering.User isolation scope or subrange, the in the situation that of file system, can be to be present in the catalogue that the All Files in user isolation scope is stored in.In some embodiment of these embodiment, the path of the directory tree structure reflection requested resource under user isolation catalogue.For example, if the file of asking be c: temp test.txt and user isolation scope catalogue be d: user1 APP1, to the path of the text file of user scope, may be just so d: user1 APP1 c temp test.txt.In other embodiments, the path to the word of user scope can define according to the machine UNC.For example, can d:user1 to the path of user scope text file APP1 device harddisk1 temp test.txt.In other embodiment more again, the file of user scope can be stored in has that to be chosen as be in the single catalogue of unique title, and database can be mapping between the file name of asking for being stored in and the title of the corresponding text file of being stored in this catalogue.In other embodiment more again, the content of text file can be stored in database.In other embodiment more again, the machine file system provides instrument for Single document, and in order to comprise " stream " of a plurality of independent names, and the content of user scope file is stored in the additional streams of the associated files in system scope.As selection, text file can be stored in client's file system, and this client's file system can be designed to optimize disk utilization rate or interested other criterions.
If the resource example of user scope does not exist, so just determine whether the resource of range of applications exists, or in other words determine whether requested resource is present in (step 356) in application isolation scope.Method described above is used for doing this and determines.For example, if the file of asking be c: temp test.txt and application isolation scope catalogue be e: APP1, to the path of the file of range of applications, can be just so e: APP1 c temp test.txt.As above, to the path of the file of range of applications, can be stored according to the machine UNC.The above embodiments also can be applied to application isolation scope.
If the resource of range of applications does not exist, so just determine whether the resource of system scope exists, or in other words, determine whether requested resource is present in (step 358) in system scope.For example, if the file of asking be c: temp test.txt, to the path of the file of system scope, be so c: temp test.txt.If requested resource is not present in system scope, the indication just requested resource not being present in virtual scope returns to requestor's (step 360).
No matter candidate's resource example of requested resource is positioned in application isolation scope, be still positioned in system scope, all determine whether to allow to revise candidate's resource example (step 362).For example, candidate's local resource example can have the machine permissions data being associated, and the indication of the machine permissions data does not allow that user to revise candidate translation example.In addition, regulation engine can comprise that configuration sets, and configuration is set and is used to indicate that isolation environment goes to defer to or the machine permissions data of the virtual copy of heavily loaded resource.In certain embodiments, rule can for example, for specifying the scope that modification will occur therein, system scope or application isolation scope or subrange, or user isolation scope or subrange for some virtual resources.In certain embodiments, regulation engine can specify the configuration of the subset that is applied to virtualized local resource to set according to hierarchy or according to accessed resource type.In some embodiment of these embodiment, it can be special-purpose to each atom local resource that configuration is set.In another example, regulation engine can comprise configuration data, and configuration data is used for forbidding or allows to revise some class file (such as executable code or mime type or operating system institute defined file type).
If determine and do not allow to revise candidate's resource example in step 362, so just error condition is returned to requestor, show not allow the write access (step 364) to virtual resource.If determine and allow to revise candidate's resource example in step 362, so just candidate translation example is copied to suitable user isolation scope or subrange (step 370).For for the logical layered architecture of asked local resource being maintained to the embodiment in isolation range, the candidate translation example of resource is copied to user isolation scope and may in user isolation scope, create hierarchy placeholder (placeholder).Hierarchy placeholder is one and is placed in hierarchy in order to correct node of locating the resource of copy in isolation range.Hierarchy placeholder is not stored any data, and being identified as is placeholder node, and can not be this meaning of literal resource that returns to requestor from it, and it is " non-existent ".In certain embodiments, by Statement of Facts is completed this node identification in the metadata that is attached to the parents of a node or this node or is attached to certain other related entities in system layer, be placeholder node.In other embodiments, the phase independent knowledge storehouse of placeholder nodename is maintained.
In certain embodiments, rule can be specified and can be revised specific resources at particular range (such as application isolation scope).In those situations, expansion is in the copy function of step 370, to determine whether to allow, in finding the scope of candidate's resource example or subrange, revises candidate's resource example.If do not allowed, so just candidate's resource example is copied therein to scope or the subrange that allows to revise it, this scope or subrange may be not user isolation scope always, and new copy is designated is literal resource example (step 372).If so, just candidate's resource instance identification for being textual examples (step 372), and open it and result returned to requestor's (step 306).
To returning with reference to figure 3A, literal resource example, regardless of it be in step 354, be positioned or in step 370, be created, all open its (step 306) and and it returned to requestor's (step 310).In certain embodiments, this point is by sending one " opening " order to operating system and realizing the response of " opening " order being returned to requestor from operating system.
If the application program that representative of consumer is carried out has been deleted local resource, so just the Aggregation view of local resource is presented to this application program (because this virtual scope must reflect this deletion).For deleting resource request, be the request of revising for specific type, one by the existence of resource being removed completely revise the request of resource is also.Conceptive, in order to delete the request of resource, to be similar to the mode of being summarized in Fig. 3 A, carry out, comprise according to like that definite literal resource of summarizing in Fig. 3 B.Yet step 306 is for the resource of isolation and the resource being redirected or ignore is had to different operations.For being redirected and ignoring, literal resource is deleted from system scope.For isolation, literal resource was deleted by " virtually ", or in other words, it deleted this Statement of Facts in user isolation scope.The node of deleting does not comprise any data, be identified as and delete, and it all " does not exist " with all follow-up of it.In other words, if it is this resource or the ancestors that can meet in addition the resource of resource request, " resource does not find " mistake is just returned to requestor so.Further details will summarize 4 in the 4th joint.In certain embodiments, by Statement of Facts is completed to the deletion of node that is this node identification in the metadata that is attached to the parents of a node or this node or is attached to certain other related entities in system layer.In other embodiments, the phase of the nodename of deletion independently knowledge base be for example maintained at mutually independently in subrange.
3.0 installations in isolation environment
Above-mentioned application isolation scope can be regarded as associated application example therein and be independent of any user, or represent likely user's equivalent and the scope of shared resource, this resource comprises the resource that those Application Instances create.The main classes of this resource is the set creating in being installed in operating system when application program.As shown in Figure 1A, two incompatible application programs can not be installed in identical system scope, but this problem but can be by being installed at least one in those application programs in isolation environment and solving.
Isolation range, or the Application Instance being associated with isolation range can be operated to support the installation of application programs in " Installation Modes ".This forms and compares with " execution pattern " described below in conjunction with Fig. 4-16.Under Installation Modes, application program installation procedure is associated with application isolation scope and supposes to represent that all users are carrying out.The action of application isolation scope to that Application Instance, just look like it be the user isolation scope of " all users ", and for that Application Instance, without any user isolation scope, be movable.
It is in order to revise an embodiment of the step of identifying literal resource in it and taking in Installation Modes that Fig. 3 C describes when receiving to open the bright literal resource of required list of the local resource object that is being opened.In brief because be movable without any user isolation scope, just first determine whether the example of the range of applications of the local resource of asking exists (step 374).If the example of range of applications exists, so just its sign literal resource example (step 384).If the example without any range of applications exists, so just determine whether the example of the system scope of the local resource of asking exists (step 376).If it does not exist, so just error condition is returned to requestor, show that asked virtual resources is not present in (step 377) in virtual scope.Yet, if the resource of system scope exists, so just it is designated to candidate's resource example (step 378), and the permissions data that inspection is associated with candidate translation example is to determine whether to allow to revise that example (step 380).If do not allowed, so just error condition is returned to requestor's (step 381), show not allow to revise virtualized resource.If permissions data shows to revise candidate's resource, so because user isolation scope is movable, just carry out the copy (step 382) of range of applications of the candidate translation example of local resource, and be the textual examples (step 384) to this request the instance identification of range of applications.In certain embodiments, alternative file is copied to by the defined position of regulation engine.For example, rule can be specified this document is copied to application isolation scope.In other embodiments, rule can be specified that application-specific separaant scope or the user isolation subrange that file copy is arrived.Do not occur file copy to that isolation range in any ancestors of the file of asking to be all created as be the placeholder in isolation range so that the example of location copy in hierarchy correctly.
Fig. 3 D illustrates as an embodiment that receive the step of identifying literal resource in a request that creates local resource and taking under Installation Modes.In brief, because be movable without any user isolation scope, so first determine whether the example of the range of applications of the local resource of asking exists (step 390).If the example of range of applications exists, so just error condition can be returned to requestor, show that this resource can not be created (because it exists) (step 392).If there is no the example of any range of applications, can determine whether the example of system scope of the local resource of request exists (step 394) so.If the example of system scope exists, so just error condition can be returned to requestor, show that this resource can not be created (because it exists) (step 392).In certain embodiments, make can specify the example of any existing system scope of this resource to be rewritten for opening the request of resource.If the resource example of system scope does not exist, resource instance identification that so just can range of applications is to be the textual examples (step 396) by creating for completing this request.
By comparison diagram 3B, Fig. 3 C and 3D, can find out that Installation Modes is to operate in the mode similar with execution pattern, be attended by application isolation scope and replace user isolation scope.In other words, revise lasting resource, comprise establishment new resources, occur in suitable application isolation scope, rather than occur in suitable user isolation scope.And, to accessing the virtual of resource of existing isolation, also ignore suitable user isolation scope and start the candidate character resource of search in application isolation scope.
Have two other situations, wherein application isolation scope operates in this way to comprise to the modification of existing resource and creates new resources.First, can be to be configured to the isolation environment that operates in the situation that there is no user isolation layer, or the virtual scope that is configured to operate in the situation that there is no user isolation scope.In the case, application isolation scope is exactly the only isolation range that can isolate the resource of revising and newly creating.Secondly, the rule of the specific collection of domination virtual resource can be specified them will be isolated to suitable application isolation scope rather than be isolated in suitable user isolation scope.In addition, this means and defer to this rule to the modification of resource and create and will be isolated in suitable application isolation scope, wherein they are all visible for all Application Instances of sharing that scope, rather than be isolated in user isolation scope, wherein they are only just seen carrying out the user of those Application Instances.
In other embodiment more again, isolation environment can be configured to allow some resource to be shared in system scope, that is to say, isolation environment can be all effective for one or more system resource, just looks like not exist any user isolation scope to exist the same with application isolation scope.When accessing to be revised as object in system resource shared in system scope, just never copy them, because they are being shared by all application programs and all users, that is, they are global objects.
4.0 detailed virtual examples
Above-mentioned method and apparatus can make for the wide multiple local resource 108 of virtualized range.Below describe them in detail.
4.1 file system are virtual
Above-mentioned method and apparatus can make for the virtual access to file system.As mentioned above, file system is generally organized in the logical layered architecture of catalogue, and catalogue self is also file and can comprises other catalogues and data.
4.1.1 file system opening operation
In concise and to the point general introduction, Fig. 4 is depicted in an embodiment of the taked step that opens file in above-mentioned virtualized environment.The request that request opens file is received or interception (step 402).This request include file title, it is isolated environment and is used as virtual file name and treats.Being applicable to file system opens the processing rule of request target and is determined (step 404).If rule action is, " be redirected " (step 406), the virtual file name providing in this request so is just mapped to literal file name (step 408) by the rule according to applicable.Request in order to use literal file name to open text file is delivered to operating system and returning to requestor's (step 410) from the result that comes from operating system.If replaced, rule action is " ignoring " (step 406), just to be confirmed as be virtual file name (step 412) to this literal file name just so, and the request of opening text file is delivered to operating system and the result that comes from operating system is returned to requestor's (step 410).If be " isolation " at this rule action of step 406, so just the file name of the virtual file name corresponding in user isolation scope is designated to alternative file title (step 414).In other words, corresponding the machine file name that alternative file title is shone upon the applicable user isolation scope special use of virtual file name by handle forms.The classification of the existence of alternative file is determined (step 416) by checking user isolation scope and any metadata being associated with alternative file.If alternative file is determined to have " negative existence " (deleting because one of alternative file or its ancestors' catalogue in user isolation scope are marked as), so this just mean the virtual file of request known be non-existent.In the case, the error condition just file that shows request not being found returns to requestor's (step 422).If replace step 416 alternative file be confirmed as having " just existing " (because alternative file be present in user isolation scope in and not to be marked as be placeholder node), the virtual file of this request exists with regard to known so.It is the text file (step 418) to this request that this alternative file is designated, and sent returned to requestor's (step 420) for opening the summed result of asking of text file.Yet if in step 416, alternative file has " neutral existence " (not existing or exist because of alternative file because of alternative file, is placeholder node but be but marked as), so just also do not know that this virtual file existence does not still exist.In such cases, just the file name of the range of applications corresponding to virtual file name is designated to alternative file title (step 424).In other words, alternative file title is by forming virtual file name mapping to corresponding the machine file name of applicable application isolation scope special use.The classification of the existence of alternative file is determined (step 426) by checking application isolation scope and any metadata being associated with alternative file.If alternative file is confirmed as having " negative exist " (deleting because alternative file or its ancestors' catalogue in application isolation scope are marked as), so this just mean asked virtual file known be non-existent.In the case, showing that asked file is not found error condition and returns to requestor's (step 422).If replace step 426 alternative file be confirmed as having " just existing " (because alternative file be present in application isolation scope in and not to be marked as be placeholder node), the virtual file of request exists with regard to known so.Check that this asks to determine whether the request of opening shows that object is revised file (step 428).If not, so just this alternative file is designated to the text file (step 418) to this request, and the sent summed result of asking of opening text file is returned to requestor's (step 420).Yet, in step 428, if determine what open required list improving eyesight, be to revise this document, so just check that the permissions data being associated with this document is to determine whether to allow modification this document (step 436).If do not allowed, so just error condition is returned to requestor's (step 438) and show not allow to revise this document.If permissions data shows to revise this document, so just alternative file is copied to user isolation scope (step 440).In certain embodiments, alternative file is copied to by the defined position of regulation engine.For example, rule can be specified this document is copied to application isolation scope.In other embodiments, rule can be specified that application-specific separaant scope or the user isolation subrange that this document is copied to.It is the placeholder in isolation range that any ancestors that do not appear at the file of the request in that isolation range that this document is copied to are created as, so that the example that correctly location copies in hierarchy.It is that text file (step 442) and a summed result of asking of opening text file of sending return to requestor's (step 420) that the example of this scope is identified as.Turn back to step 426, if alternative file has neutrality, have (because alternative file does not exist, or being placeholder node because but alternative file is searched is but marked as), so also still do not know that virtual file is exist or do not exist.In the case, the file name of the system scope corresponding to virtual file name being designated is alternative file title (step 430).In other words, this alternative file title is exactly virtual file name definitely.If there is not (step 432) in alternative file, so just showing that the not found error condition of virtual file returns to requestor's (step 434).If contrary alternative file exists (step 432), just check that this asks to determine whether the request of opening shows that object is to revise this document (step 428).If not, just alternative file being designated is the text file (step 418) to this request, and the sent summed result of asking of opening text file is returned to requestor's (step 420).Yet, if in step 428, what determine that this opens required list improving eyesight is to revise this document, so just checks that the permissions data being associated with this document is to determine whether to allow modification this document (step 436).If do not allowed, just error condition is returned to requestor's (step 438), show not allow to revise this document.If this permissions data shows to revise this document, just alternative file is copied to user isolation scope (step 440).In certain embodiments, this alternative file is copied to by the defined position of regulation engine.For example, rule can be specified this document is copied to application isolation scope.In other embodiments, rule can be specified that application-specific separaant scope or the user isolation subrange that this document is copied to.It is the placeholder in isolation range that any ancestors that do not appear at the file of asking in isolation range are created as, so that the example that correctly location copies in hierarchy.The example of this scope is identified as to be text file (step 442) and the sent text file of opening please summed result be returned to requestor's (step 420).
This embodiment can slightly make an amendment, in order to check the existence of file rather than to open file.Attempt opening text file in step 420, replace to the existence of this text file of inspection and state is returned to requestor.
Also with reference to figure 4, and now in more detail, open the received or interception (step 402) of the request of virtual file.Corresponding text file can belong to user isolation scope, application isolation scope or system scope, or its scope can be arrived to application program separaant scope or user isolation subrange surely.In certain embodiments, this request is replaced operation system function or replaces the function of the function for opening file to hook.At another embodiment, hook dynamic link library is used for tackling this request.Hook function can be carried out in user model or carry out in core schema.For hook function is carried out the embodiment in user model, in a process of establishment, hook function can be loaded in the address space of this process.For hook function is carried out the embodiment in core schema, hook function can be associated with the operating-system resources using in to the request of the machine file in minute group.For the embodiment that all provides mutually operating system function independently for the file operation for every type, each function can be hooked mutually independently.As selection, can provide single hook function, in order to tackle the establishment of the file operation of some types or to open and call.
This request include file title, this document title is isolated environment and comes pending as virtual file name.By consulting regulation engine, determine and be applicable to the processing rule (step 404) that file system is opened request.In certain embodiments, with the virtual name being included in the request of opening, determine the processing rule that is applicable to the request of opening.In certain embodiments, regulation engine can be provided as is relational database.In other embodiments, regulation engine can be the database of tree structure, Hash table, or flat file database.In certain embodiments, the virtual file name file for request being provided is as entering one or more the regular index that is applied to this request in regulation engine in order to location.In the special embodiment of these embodiment, for special file, a plurality of rules may reside in regulation engine, and in these embodiments, the rule with virtual file name with longest prefix match is exactly the rule that is applied to this request.In other embodiments, Process identifier is used in regulation engine the rule (prerequisite is if there is a rule) that location is applied to this request.The rule being associated with a request can be to ignore this request, is redirected this request, or isolates this request.Although be shown individual data storehouse affairs or single the searching in a file at Fig. 4, rule searching can be used as a rule searching series and carries out.
If rule action is, " be redirected " (step 406), so just according to applicable rule, the virtual file name providing be mapped to literal file name (step 408) in this request.Being delivered to operating system and the result that comes from operating system is returned to requestor's (step 410) for opening the request of the text file identifying with literal file name.For example, open a request that is called the file of " file_1 " and can cause opening the text file that name is called " Different_file_1 ".In one embodiment, this is by calling the hook function of prototype version and the word name delivery forming being realized as parameter to this function.For the embodiment of use file system filter driver, the first request that use virtual name opens file causes returning from file system filter driver the response of STATUS_REPARSE, shows determined word title.Then I/O manager sends file open request again by the definite word title being included in STATUS_REPARSE response.
If replaced, rule action is " ignoring " (step 406), just to be confirmed as be virtual file name (step 412) to literal file name definitely so, and the request of opening text file is delivered to operating system and the result that comes from operating system is returned to requestor's (step 410).For example, open request that name is called the file of " file_1 " and will cause opening in fact a file that is called " file_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to this function.
If at step 406 rule action be " isolation ", so just the file name of the user scope corresponding to virtual file name being designated is alternative file title (step 414).In other words, alternative file title is to form by virtual file name being mapped to corresponding the machine file name of applicable user isolation scope special use.For example, open request that name is called the file of " file_1 " and may cause opening the file that name is in fact called " lsolated_file_1 ".In one embodiment, this is by calling the hook function of prototype version and the word name delivery forming being realized as parameter to this function.For the embodiment of use file system filter driver, use the first request that virtual name opens file to cause returning to STATUS_REPARSE response from file system filter driver, show definite word title.Then I/O manager uses the definite word title being included in REPARSE response again to send file open request.
In certain embodiments, the word title forming for the system file of isolation request can be based on received virtual file name and the identifier of scope special use.The identifier of scope special use can be the identifier being associated with application isolation scope, user isolation scope, session isolation range, application program separaant scope, user isolation subrange or above every a certain combination.The identifier of scope special use is used for the virtual name that " disarraying (mangle) " receives in this request.
In other embodiments, user isolation scope or subrange can be catalogues, are present in the All Files in user isolation scope under this catalogue.In some embodiment of these embodiment, the path of the directory tree structure reflection requested resource under user isolation catalogue.In other words, text file path is to form by virtual file path is mapped to user isolation scope.For example, if the file of asking be c: temp test.txt and user isolation scope catalogue be d: user1 APP1, to the path of the text file of user scope, can be just so d: user1 APP1 c temp test.txt.In other embodiments, the path to the word of user scope can be defined according to the machine UNC.For example, to the path of the text file of user scope, can be d: user1 APP1 device harddisk1 ternp test.txt.In other embodiment more again, the file of user scope can be stored has that to be chosen as be the single catalogue of unique title, and database can be used for the file name of the request of being stored in and be stored in the mapping between the title of the corresponding text file in this catalogue.In other embodiment more again, the content of text file can be stored in database.In other embodiment more again, the machine file system provides instrument for Single document, and in order to comprise " stream " of a plurality of independent names, and the content of the file of user scope is stored as the additional streams of the associated files in system scope.As selection, text file can be stored in client's file system, and this client's file system can be designed to optimize disk utilization rate or interested other criterions.
By checking user isolation scope and any metadata being associated with alternative file, determine the classification (step 416) of the existence of alternative file.If alternative file is determined to have " negative existence " (deleting because one of alternative file or its ancestors' catalogue in user isolation scope are marked as), this means so the virtual file of request known be not exist.In the case, do not have found error condition to return to requestor's (step 422) file that shows request.
In certain embodiments, a small amount of metadata about file can be directly stored in literal file name, such as by adding suffix to this virtual name with metadata designator, metadata designator is character string unique and that specifically metadata state is associated herein.Metadata designator can indicate one of metadata or some bits or to its coding.With virtual file name access file, to check owing to having the former of metadata designator thereby causing the request of the variation of possible text file name, and the request of obtaining the title of file self hooked or tackled, to make and replying by word title.In other embodiments, one or more standby title of this document can form according to virtual file name and metadata designator, and can create with the hard link being provided by file system or soft link instrument.If provided a request in order to use the title of link to visit file, isolation environment can be by showing this document not to be found conceals these links to application program so.The existence of particular link or disappearance can indicate for each metadata designator a bit of metadata, or can have such link, have and can show as a plurality of states to indicate the metadata designator of some bits of metadata.In other embodiment more again, wherein file system is supported backup file stream, and backup file stream can be created out to comprise metadata, and the size of stream shows some bits of metadata.In other embodiment more again, file system can directly be provided as the ability that each file in file system is stored certain third party's metadata.
In more specific embodiment in these embodiments, the list of the file of deletion or file system element can be maintained and can be consulted, in order to optimize this inspection of the file to deleting.In these embodiments, if deleted file is re-created, this document title just can be removed the list of the file from deleting so.In other embodiment of these embodiment, if rising to, this list surpasses a certain size, so just can from this list, remove file name.
If replace step 416 alternative file be confirmed as having " just existing " (because alternative file be present in user isolation scope in and not to be marked as be placeholder node), the virtual file of this request exists with regard to known so.It is to be the text file (step 418) of this request to this that alternative file is designated, and sent returned to requestor's (step 420) in order to open the summed result of asking of text file.
Yet if in step 416, alternative file tool, by there being " neutral existence " (because alternative file does not exist, or being placeholder node because but alternative file exists is but marked as), does not so just also still know that virtual file is exist or do not exist.In the case, the file name of the range of applications corresponding to virtual file name being designated is alternative file title (step 424).In other words, alternative file title is to form by virtual file name being mapped to the machine file name of applicable application isolation scope special use.The classification of the existence of alternative file is determined (step 426) by checking application isolation scope and any metadata being associated with alternative file.
If the alternative file of range of applications is confirmed as having " negative exist " (deleting because one of alternative file or its ancestors' catalogue in application isolation scope are marked as), this just mean the virtual file of request known be non-existent.In the case, do not have found error condition to return to requestor's (step 422) file that shows request.
If be confirmed as having " just existing " (being placeholder node because alternative file is present in application isolation scope and is not marked as) at step 426 alternative file, the virtual file of this request exists with regard to known so.Check that this asks to determine whether this request of opening shows that object is revised file (step 428).If not, so just alternative file being designated is the text file (step 418) to this request, and sent returned to requestor's (step 420) in order to open the summed result of asking of text file.
Yet if in step 428, determining what open required list improving eyesight is to revise this document, so just checks that the permissions data being associated with this document is to determine whether to allow modification this document (step 436).In certain embodiments, this permissions data is associated with the alternative file of range of applications.In some embodiment of these embodiment, permissions data is stored in regulation engine or is stored in the metadata being associated with this alternative file.In other embodiments, the permissions data being associated with alternative file is provided by operating system.In addition, regulation engine can comprise that configuration sets, and is used to indicate that isolation environment is deferred to or the machine permissions data of heavy duty to the virtual copy of resource.In certain embodiments, rule can be specified the scope that modification will occur therein, for example system scope or application isolation scope or subrange, or user isolation scope or subrange for some virtual resources.In certain embodiments, regulation engine can specify the configuration of the subset that is applied to virtualized local resource to set according to hierarchy or the resource type of accessing.In some embodiment of these embodiment, it can be special-purpose to each atom local resource that configuration is set.In another example, regulation engine can comprise configuration data, for forbidding or allowing to revise some class file (such as executable code or mime type or by the defined file type of operating system).
If the permissions data being associated with alternative file shows that it cannot be modified, so just error condition is returned to requestor's (step 438), show that revised file is not allowed to.If permissions data shows this document and can be modified, this alternative file will be copied to user isolation scope (step 440) so.In certain embodiments, alternative file is copied to by the defined position of regulation engine.For example, rule can be specified this document is copied to Another application program isolation range.In other embodiments, rule can be specified that application-specific separaant scope or the user isolation subrange that file copy is arrived.It is the placeholder in isolation range that any ancestors that do not appear at the file of the request in that isolation range that this document is copied to are created as, to correctly locate the example of this copy in hierarchy.
In certain embodiments, metadata is associated with the file that copies isolation range to, the date and time of its sign copy this document.This information can be used for time mark and the time mark of original instance of last change this document or the time mark of another example of this document that last change is arranged in lower isolation range that comparison is associated with the example of the copy of this document.In these embodiments, if the original instance of this document or the example that is arranged in this document of lower isolation range are associated with the time mark that is later than the time mark of this copy, so just this document can be copied to isolation range, in order to upgrade this alternative file.The metadata of the scope that in other embodiments, the copy of this document in isolation range can comprise the source document being copied with sign is associated.
In a further embodiment, can monitor the file (object is to revise them because this document has been opened) that copies isolation range to, to determine that in fact whether they be modified.In one embodiment, the file of copy can by with when this document, by sign specified in revising practically, be associated.In these embodiments, if in fact the file of copy is not modified, the scope that so just can after it is closed, it be copied into from it and any placeholder of being associated with the file of this copy, remove.
The example of this scope is identified as to be text file (step 442) and in order to what open text file, please summed result to return to requestor's (step 420) sent.
Turn back to step 426, if this alternative file have neutrality exist (because alternative file do not exist, if but or found being marked as of this alternative file be placeholder node, so also still do not know that virtual file is exist or do not exist.In the case, the file name of the system scope corresponding to virtual file name being designated is alternative file title (step 430).In other words, the lucky virtual file name of alternative file title.
If there is not (step 432) in this alternative file, just showing that the not found error condition of virtual file returns to requestor's (step 434).If this alternative file exists (step 432) on the contrary, by inspection, this asks to determine whether this request of opening shows that object is to revise this document (step 428) so.
As mentioned above, if alternative file is being opened, object is not to revise it, so just the alternative file of system scope being designated is the text file (step 418) to this request, and sent returned to requestor's (step 420) in order to open the summed result of asking of text file.Yet if in step 428, what determine that this opens required list improving eyesight is to revise this document, so just checks and this document associated rights data, to determine whether to allow to revise this document (step 436).In certain embodiments, permissions data is associated with the alternative file of system scope.In some embodiment of these embodiment, permissions data is stored in regulation engine or is stored in the metadata being associated with this alternative file.In other embodiments, provided by operating system with alternative file associated rights data.
If the permissions data being associated with the alternative file of system scope shows that this document cannot be modified, so just error condition is returned to requestor's (step 438), show not allow to revise this document.Yet, if showing file, this permissions data can be modified, so just this alternative file is copied to user isolation scope (step 440).In certain embodiments, this alternative file is copied to by the defined position of regulation engine.For example, rule can be specified this document is copied to application isolation scope or it can be stayed in system scope.In other embodiments, rule can be specified that special application program separaant scope or the user isolation subrange that this document is copied to.It is the placeholder in isolation range that any ancestors that do not appear at the file of this request in isolation range are created as, to correctly locate the example of this copy in hierarchy.
In certain embodiments, metadata is associated with the file that copies isolation range to, and its sign copies the date and time in this document.This information can be used for time mark that comparison is associated with the copy example of this document and the original instance time mark of last change this document.In these embodiments, if the original instance of this document is associated with the time mark that is later than the time mark of this copied files, source document just can be copied into isolation range so, to upgrade this alternative file.In other embodiments, copy to isolation range alternative file can with sign from it, copied the scope of this source document metadata be associated.
In further embodiment, can monitor the file (object is to revise them because this document has been opened) that copies isolation range to, to determine that in fact whether they be modified.In one embodiment, the file of copy can by with when this document, by the sign setting in revising practically, be associated.In these embodiments, if in fact the file of copy is not modified, the scope that so just can after it is closed, it be copied into from it and any placeholder of being associated with the file of this copy, remove.In another embodiment, only when this document just copies suitable isolation range to this document in being revised practically.
This scope instance identification for being text file (step 442) and please summed result returning to requestor's (step 420) sent in order to what open text file.
4.1.2 file system deletion action
With reference now to Fig. 5,, in a succinct overview, described embodiment of the step that deleted file takes.Request in order to deleted file is received or interception (step 502).This request include file title, this document title is isolated environment and is used as virtual file name to pending.Rule determines how to process file operation (step 504).If rule action is, " be redirected " (step 506), so just according to this rule, this virtual file name be directly mapped to literal file name (step 508).Being delivered to operating system and the result that comes from operating system is returned to requestor's (step 510) in order to deleting the request of text file.If this rule action is " ignoring " (step 506), so just literal file name being designated is exactly virtual file name (step 513) definitely, and the request of deleting text file is delivered to operating system and the result that comes from operating system is returned to requestor's (step 510).If this rule action is " isolation " (step 506), so just determine exist (step 514) of this virtual file.If this virtual file does not exist, so just error condition is returned to requestor, show that this virtual file does not exist (step 516).If this virtual file exists, and if this virtualized file assigned catalogue rather than specify common file is so just consulted virtual directory to determine whether it comprises any virtual file or virtual subnet catalogue (step 518).If the virtual file of asking is a virtual directory that comprises any virtual file or virtual subnet catalogue, should just can not deletes this virtual directory and return to an error message (step 520) so.If the virtual file of this request is common file or one not to be comprised any virtual file and do not comprise the virtual directory of any virtual subnet catalogue yet, so just sign is corresponding to the text file (step 522) of this virtual file.Check that the permissions data being associated with this document is to determine whether to allow to delete (step 524).If do not allowed, so just return to a permission error message (step 526).Yet, if allow to delete this document, and if this text file is just in suitable user isolation scope (step 528), so just deletes this text file (step 534) and in this suitable user isolation scope, create " deletion " the node (step 536) of the virtual file represent this deletion.Yet, if determine this text file not in user isolation scope in step 528, but but in suitable application isolation scope or system scope, so just create non-existent demand file user scope example each user scope ancestors example and this it to be labeled as be placeholder (step 532).So do is in order to maintain the logical layered architecture of bibliographic structure in user isolation scope.Then in suitable user isolation scope, create " deletion " the node (step 536) of the user scope of the virtual file that represents this deletion.
Also with reference to figure 5, in more detail, the received or interception (step 502) for the request of deleted file.This document may belong to user isolation scope, application isolation scope, system scope, or certain applicable separaant scope.In certain embodiments, this request is replaced operating system function or is hooked in order to the function of the function of deleted file.In another embodiment, hook dynamic link library is used for tackling this request.Hook function can be carried out under user model, also can carry out under core schema.For hook function is carried out the embodiment under user model, in a process of establishment, this hook function can be loaded in the address space of this process.For carry out the embodiment under core schema at this hook function for, this hook function can be associated with the operating-system resources being used in minute sending the request of the machine file.For the embodiment that all provides mutually operating system function independently for the file for each type, each function can be hooked independently.As selection, single hook function can be provided, its is tackled the establishment of some type files or opens and call.
This request include file title, it is isolated environment and regards virtual file name to pending.By consulting regulation engine, determine the processing rule (step 504) that is applicable to deletion action.In certain embodiments, the virtual file name providing for the file of this request is used in the rule that location in regulation engine is applied to this request.In special embodiment in these embodiments, to special file, a plurality of rules may reside in regulation engine, and in these embodiments, the rule with virtual file name with longest prefix match is exactly the rule that is applied to this request.In certain embodiments, to may be provided in be relational database to regulation engine.In other embodiments, regulation engine can be the database of tree structure, Hash table or flat file database.In certain embodiments, the virtual file name providing in this request is used as entering into regulation engine and in order to location, is applied to one or more regular index of this request.In other embodiments, Process identifier is used in regulation engine the rule (if having a rule) that location is applied to this request.The rule being associated with a request can be to ignore this request, is redirected this request, or isolates this request.Although be shown a series of judgement in Fig. 5, rule searching can be used as individual data storehouse affairs and occurs.
If this rule action is, " be redirected " (step 506), so just according to applicable rule, this virtual file name be directly mapped to literal file name (step 508).The request of deleting text file is delivered to operating system and the result that comes from operating system is returned to requestor's (step 510).For example, the request that is called the file of " file_1 " in order to delete name can cause deleting the file that name is in fact called " Different_file_1 ".In one embodiment, this is as parameter, to realize to this function by calling hook function and this formed word name delivery of prototype version.For the embodiment of use file system filter driver, use the first request of virtual name deleted file to cause returning to STATUS_REPARSE response from file system filter driver, show definite word title.Then I/O manager sends file deletion requests again by the definite word title being included in STATUS_REPARSE response.
In certain embodiments, the operating system authority being associated with text file " Different_file_1 " can prevent from deleting this text file.In these embodiments, return to an error message: this document can be not deleted.
If this rule action is " ignoring " (step 506), so just literal file name being designated is exactly definitely virtual file name (step 513), and the request of deleting text file is delivered to operating system and the result that comes from operating system is returned to requestor's (step 510).For example, deleting name, to be called " file_1 " be that the request of file causes deleting the file that name is in fact called " file_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to this function.For the embodiment of use file system filter driver, first request of deleting this document with virtual name causes returning to STATUS_REPARSE response from file system filter driver, shows word title.Then I/O manager uses the definite word title being included in STATUS_REPARSE response again to send file deletion requests.
In certain embodiments, the operating system authority being associated with text file " file_1 " can prevent from deleting this text file.In these embodiments, return to an error message: this document can be not deleted.
If this rule action is " isolation " (step 506), so just determine exist (step 514) of this virtual file.If this document does not exist, so just return to mistake: show that this document is not found (step 516).
Yet, if determine that in step 518 this document exists but it is not common file and is not empty virtual directory, that is, it comprises virtual file or virtual subnet catalogue, so just returns to an error message: show that this document cannot deleted (step 520).
Yet, if determine that this document is that virtual file that exist and this request is exactly common file or empty virtual directory,, it does not comprise any virtual file and does not comprise any virtual subnet catalogue (step 518) yet, and so just sign is corresponding to the text file (step 522) of this virtual file.This literal file name is according to being determined by the specified virtual file name of isolation rule.For example, delete request that name is called the file of " file_1 " and may cause deleting the file that name is in fact called " lsolated_file_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to this function.For the embodiment of use file system filter driver, use the first request of virtual name deleted file to cause returning to STATUS_REPARSE response from file system filter driver, show word title.Then I/O manager uses the definite word title being included in STATUS_REPARSE response again to send file deletion requests.
Once identify the text file of this virtual file, just determined whether this text file can be deleted (step 524).If this document cannot be deleted, so just return to a mistake: show that this document can deleted (step 524).In certain embodiments, permissions data is associated with the alternative file of system scope.In some embodiment of these embodiment, permissions data is stored in regulation engine or is stored in the metadata being associated with alternative file.In other embodiments, the permissions data being associated with this alternative file is provided by operating system.
Yet, if permission deleted file, and if this text file just in suitable user isolation scope (step 528), is so just deleted this text file (step 534) and create " deletion " the node (step 536) of the virtual file that represents this deletion in suitable user isolation scope.
Yet, if determine this text file not in user isolation scope but in suitable application isolation scope or in system scope in step 528, so just create non-existent request file user scope example each user scope ancestors example and this example is labeled as is placeholder (step 532).Do is like this in order to maintain the logical layered architecture of bibliographic structure in user isolation scope.Then, in suitable user isolation scope, create " deletion " the node (step 536) of the user scope of the virtual file that represents this deletion.In certain embodiments, the identify label of the file of deleting is stored in file or other cache memories in order to optimize the inspection of the file to deleting.
The virtual file of locating in certain embodiments, can with show this virtual file deleted metadata be associated.In a certain other embodiment, the ancestors of virtual file (the higher catalogue that for example, the comprises this document) metadata deleted with showing it is associated.In these embodiments, can return to an error message, show that this virtual file does not exist really.In the specific embodiment of these embodiment, the list of the file of deletion or file system element can be maintained and be consulted in order to optimize this inspection of the file to deleting.
4.1.3 file system is enumerated operation
With reference now to Fig. 6,, in simple overview, be illustrated in an embodiment who enumerates the step that catalogue takes in the virtualized environment of description.For the request of enumerating, be received or interception (step 602).This request comprises directory name, and this directory name is isolated environment and treats processing as virtual directory title.Conceptive, according to exist (step 603) of carrying out like that to determine virtual directory described in 4.1.1 joint.If this virtual directory does not exist, so just showing that virtual directory does not have found result to return to requestor's (step 620).If replaced, this virtual directory exists, and so just consults the rule (step 604) that regulation engine is identified for catalogue specified in enumerating request.If this rule required movement is " to be redirected " (step 606), so just according to specified the carrying out like that definite word directory title (step 608) corresponding to this virtual directory title and enumerate the word directory identifying by this word title of this rule, and enumerating result store in operational data storer (step 612), be after a while described step 630 afterwards.If specified rule action is not " be redirected " but " ignore; " (step 610) so this word directory name is just virtual directory title (step 613) just and enumerates this word directory, and enumerating result store in operational data storer (step 612), be after a while described step 630 afterwards.Yet " isolation, " so first enumerates system scope if this rule action is specified; That is to say, candidate's directory name is just virtual directory title just, and if this candidate's catalogue exists, just enumerates it.Enumerating result store in operational data storer.If this candidate's catalogue does not exist, operational data storer just remains sky (step 614) in this stage.Then, this candidate's catalogue is designated to the example of the range of applications that is virtual directory, and determines that this selects the classification (step 615) of the existence of catalogue.If this candidate's catalogue has " negative existence ", that is, it or it one of ancestors of this scope, to be marked as be to delete, so within this scope, it is known is deleted, and this realizes (step 642) by removing operational data storer.If replaced, this candidate's catalogue does not have negative existence, just enumerates this candidate's catalogue and obtained any result of enumerating is all integrated in operational data storer.Particularly, be each the file system element in enumerating at this, determine the classification of its existence.Have the negative element existing is removed from this operational data storer, and there is the element just existing,, exist and and not to be marked as be placeholder and not also to be marked as be those deleted elements, be added to operational data storer, replace corresponding element (if element Already in this operational data storer in) (step 616).
In either case, all this candidate's catalogue is designated to the example of the user scope that is this virtual directory, and determines the classification (step 617) of the existence of this candidate's catalogue.If this candidate's catalogue has " negative existence ", that is, it or it ancestors in this scope are marked as and delete, so within this scope, it is known is deleted, and this is to remove operational data storer (step 644 showing) by this.If replaced, this candidate's catalogue does not have negative existence, so just enumerates this candidate's catalogue and any enumerating in all merger operational datas of result storer obtaining.Especially, be this each file system element in enumerating, all determine the classification of its existence.Have the negative element existing is removed from operational data storer, and there is the element just existing,, those existence and to be marked as be placeholder and not to be marked as be deleted element, be added to operational data storer, if element Already in operational data storer, is so just replaced corresponding element (step 618), is exactly following described step 630 afterwards.
Then, be the rule of all three types, execution step 630.Rule searching engine does not still but mate the regular collection (step 630) of the catalogue self of this request to search the direct child of the catalogue of its this request of filter matching.For the rule in this set, use the logic of summarizing at 4.1.1 joint to inquire about its title coupling virtual child's of title in rule existence.If this child just has, exist, so just it is added to operational data storer, replace any child there with identical title.If child has negative existence, so just remove in operational data storer the entry (if present) corresponding to this child.(step 632).Finally, constructed enumerating then returned to requestor's (step 620) from operational data storer.
Also, with reference to figure 6, in more detail, receive or tackle for enumerating the request (step 602) of catalogue.In certain embodiments, this request is replaced operating system function or hooks for enumerating the function of the function of catalogue.In another embodiment, hook dynamic link library is used for tackling this request.This hook function can be carried out in user model and also can carry out in core schema.For this hook function is carried out the embodiment under user model, in establishment process, this can be linked up with in the address space that function is loaded into this process.For this hook function is carried out the embodiment under core schema, this hook function can be associated with the operating-system resources being used in minute sending the request of file operation.For the embodiment that all provides mutually operating system function independently for the file operation for every type, each function can be hooked independently.As selection, single hook function can be provided, its is tackled the establishment of the file operation of some types or opens and call.
Determine exist (step 603) of this virtual directory.This is according to realizing like that 4.1.1 joint is described.If this virtual directory does not exist, it just can not be enumerated so, and showing that the non-existent result of this virtual directory returns to requestor's (step 620).
This request comprises directory name, and this directory name is isolated environment and is used as virtual directory title and processes and to treat.If this virtual directory exists, so just by consulting regulation engine, locate for determining how to process the rule (step 604) of enumerating operation.In certain embodiments, to may be provided in be relational database to this regulation engine.In other embodiments, the database that this regulation engine can tree structure, Hash table, or flat file database.In certain embodiments, the virtual directory title providing for the catalogue of this request is used in the rule that location in regulation engine is applied to this request.In the special embodiment of these embodiment, for special catalogue, a plurality of rules can be present in this regulation engine, and in these embodiments, having the rule of longest prefix match most with this virtual directory title is exactly the rule that is applied to this request.In other embodiments, Process identifier is used in this regulation engine the rule (if having a rule) that location is applied to this request.The rule being associated with request can be to ignore this request, is redirected this request, or isolates this request.Although be shown in Fig. 6, be individual data storehouse affairs or single searching hereof, rule searching can be used as series of rules and searches to carry out.
If rule action is, " be redirected " (step 606), virtual directory title is just directly mapped to word directory title (step 608) according to this rule so.The request of enumerating word directory is delivered to operating system (step 612) and performs step 630 according to description after a while.For example, enumerate a request that is called the catalogue of " directory_1 " and may cause enumerating the word directory that name is called " Different-_directory_1 ".In one embodiment, this is by calling prototype version hook function and realizing as parameter to function forming word name delivery.For the embodiment of use file system filter driver, the first request that use virtual name is opened the catalogue of enumerating causes " STATUS_REPARSE " request response, shows definite word title.Then I/O manager uses and is included in the catalogue that the definite word title in this STATUS_REPARSE response sends again to enumerating and opens request.
If this rule action is not " to be redirected " (step 606), but " ignoring " (step 610), so just this word directory name being designated is to be virtual directory title (step 613) just, and the request of enumerating word directory is delivered to operating system (step 612) and performs step like that 630 according to described after a while.For example, enumerate request that name is called the catalogue of " directory_1 " and will cause enumerating in fact a catalogue that is called " directory_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to function.For using the embodiment of file system filter driver, with the first request that virtual name is enumerated catalogue, by filtrator driver, do not added modification and hand on.
If step 610 determined rule action in place is not " ignoring " but " isolation " so just enumerates system scope, that is to say, the virtual name providing in this request is used for the catalogue (step 614) that sign is enumerated.The result store of enumerating in operational data storer.In certain embodiments, this operational data storer is comprised of memory component.In other embodiments, this operational data storer comprises database or file or solid-state memory element or lasting data-carrier store.
Then, candidate's catalogue is designated to the example of the range of applications that is this virtual directory, and determines the classification (step 615) of the existence of this candidate's catalogue.If this candidate's catalogue has " negative exist ", that is, it is to delete that it or it ancestors in this scope are marked as, so within this scope it with regard to known be deleted, and this shows (step 642) by removing operational data storer.
In certain embodiments, metadata about a tittle of file can directly be stored in literal file name, such as by add the suffix of a metadata designator to virtual name, metadata designator is the character string being associated with certain metadata state uniquely herein.This metadata designator can show or or several bits of encoding metadata.Request with virtual file name access file with inspection due to the request of the possible variation of the text file name that exists metadata designator to cause with hooked or tackle for obtaining the request of the title of this document self, to make and replying by word title.In other embodiments, one or more standby title of this document can form according to virtual file name and metadata designator, and can create with the hard link being provided by file system or soft link instrument.If provide a request for using the title of link to visit file, the existence of these links just can be by isolation environment by showing that this document is not found an application program and conceals so.The person of existence of particular link lacks and can indicate for each metadata designator a bit of metadata, or can have one to have metadata designator and can be rendered as a plurality of states to show the link of some bits of metadata.In other embodiment more again, wherein file system is supported backup file stream, and backup file stream can be created to comprise metadata, and the size of this stream shows some bits of metadata.In other embodiment more again, file system can directly be provided as the ability that each file in file system is stored certain third party's metadata.In another embodiment again, independently subrange can be used for the file that record is deleted mutually, and file (be not marked as is placeholder) is in that subrange, just means that this document is deleted.
If replaced, this candidate's catalogue does not have negative existence, so just enumerates candidate's catalogue and obtained any result of enumerating is integrated in operational data storer.Especially, be this each file system element in enumerating, determine the classification of its existence.Have the negative element existing is removed from operational data storer, and there is the element just existing,, those existence and not to be marked as be placeholder and not to be marked as be deleted element, be added to operational data storer, replace corresponding element (if element existed with operational data storer in) (step 616).
In either case, candidate's catalogue is designated to the example of the user scope that is this virtual directory, and the classification of the existence of this candidate's catalogue is determined (step 617).If this candidate's catalogue has " negative existence ",, it or it ancestors in this scope are marked as and delete, so within this scope it with regard to known be deleted, and this removes operational data storer by this and realizes (step 644).If replaced, this candidate's catalogue does not have negative existence, and any result of enumerating that this candidate's catalogue is just enumerated and obtained so is just integrated in operational data storer.Especially, be this each file system element in enumerating, determine the classification of its existence.Have the negative element existing is removed from operational data storer, and there is the element just existing,, those existence and not to be marked as be placeholder and not to be marked as be the element of deleting, be added to operational data storer, replacing corresponding element (if element Already in operational data storer in) (step 618), is following described step 630 afterwards.
Then, for the rule of all three types, execution step 630.Inquire about this regulation engine and still but do not mate the regular collection (step 630) of the catalogue self of this request to search the direct child of the catalogue of its this request of filter matching.For each rule in this set, use the logic of summarizing at 4.1.1 joint to inquire about the virtual child's of the title in this rule of its name-matches existence.If this child just has, exist, just it is added to operational data storer, replace any child with identical title there.If this child has negative existence, so just remove in operational data storer the entry (if present) corresponding to this child.(step 632).Finally, constructed enumerating then returned to requestor's (step 620) from operational data storer.
It will be recognized by those of ordinary skills: the enumeration process of above-mentioned layering is made to less modification and just can be applied in the operation of enumerating the single isolation range that comprises a plurality of separaant scopes.Operational data storer is created, and subrange is in succession enumerated and result is integrated in operational data storer and is enumerated to form the polymerization of isolation range.
4.1.4. file system creation operation
With reference now to Fig. 7,, in simple overview, be illustrated in an embodiment who creates the step that file takes in isolation environment.For creating the request of file, be received or interception (step 702).This request include file title, this document title is isolated environment and is used as virtual file name and processes and treat.Attempt to use applicable rule, that is, use suitable user and application isolation scope to use fully virtualized the asked file of opening, as (step 704) with described in 4.1.1 joint.If access denied (step 706), so just returns to requestor's (step 709) access reject mistake.If access licensed (step 706), and the file of asking successfully opened (step 710), so just asked file returned to requestor's (step 712).Yet, if access licensed (step 706), but the file of this request is not but opened (step 710), if the parents of the file of this request do not exist (step 714) so yet, just to requestor, sends and be suitable for this and ask semantic mistake (step 716).If use on the contrary suitable user and range of application to find parents' (step 714) of the file of this request in fully virtualized view, rule is just determined this document operation how processed (step 718) so.If this rule action is, " be redirected " or " ignores that " (step 720) is so just directly mapped to literal file name according to rule this virtual file name.Especially, if rule action is " ignoring ", so just this literal file name being designated is exactly virtual file name definitely.If replaced, this rule action is " being redirected ", so just according to the specified virtual file name of this rule, determines literal file name.Then the request that creates this text file is delivered to operating system, and this result is returned to requestor's (step 724).If contrary, in step 720, determined this rule action is " isolation ", and so just this literal file name being designated is the example of this virtual file name in user isolation scope.If this text file exists, but but with show that it is that placeholder or its deleted metadata are associated, and so just revises this metadata being associated so that removing those shows, and guarantees that this document is empty.In either case, the request of opening this text file is delivered to operating system (step 726).If this text file was successfully opened (step 728), so just this text file is returned to requestor's (step 730).If contrary, in step 728, the file of this request is not opened, and just current each ancestors's who is not present in the text file in user isolation scope placeholder (step 732) and the request that creates this text file for using word title to go is delivered to operating system and this result is returned to requestor's (step 734).
Also, with reference to figure 7, in more detail, the request that creates file is received or interception (step 702).In certain embodiments, this request is replaced operating system function or hooks for creating the function of the function of file.In another embodiment, hook dynamic link library is used for tackling this request.This hook function can be carried out under user model and also can carry out under core schema.For this hook function is carried out the embodiment under user model, when creating in a process, just this can be linked up with in the address space that function is loaded into this process.For this hook function is carried out the embodiment in core schema, this can be linked up with to function and be associated with the operating-system resources using in minute sending the request of file.For the embodiment that all provides mutually operating system function independently for the file operation for every type, each function can be hooked independently.As selection, single hook function can be provided, its is tackled the establishment of the file operation of some types or opens and call.
This request include file title, this document title is isolated environment and is used as virtual file name to pending.Requestor attempts to use applicable rule, that is, use suitable user and application isolation scope to use the fully virtualized file of opening request, as (step 704) described at 4.1.1.If access denied (step 706) during fully virtualized opening operation, so just returns to requestor's (step 709) access reject mistake.If access licensed (step 706), and the virtual file of this request successfully opened (step 710), so just corresponding text file returned to requestor's (step 712).Yet if access licensed (step 706), but the file of this request is not but successfully opened (step 710), it is non-existent so just determining this virtual file.If the virtual parents of the virtual file of this request do not exist yet, as the process in 4.1.1 determined (step 714), so just to requestor, send and be suitable for asking semantic mistake (step 716).If contrary, use suitable user and range of application in fully virtualized view, to find the virtual parents (step 714) of the virtual file of this request, so just by consulting regulation engine, locate rule (step 718) how to process creation operation for determining.In certain embodiments, to may be provided in be relational database to this regulation engine.In other embodiments, this regulation engine can be the database of tree structure, Hash table, or flat file database.In certain embodiments, the virtual file name providing for the file of this request is used in the rule that location in regulation engine is applied to this request.In the special embodiment of these embodiment, for special file, a plurality of rules can be present in this regulation engine, and in some embodiment of these embodiment, the rule with virtual file name with longest prefix match is exactly the rule that is applied to this request.In certain embodiments, Process identifier is used in regulation engine the rule (if a rule exists) that location is applied to this request.The rule being associated with request can be to ignore this request, is redirected this request, or isolates this request.Although be shown individual data storehouse affairs or single searching hereof in Fig. 7, this rule searching can be used as a series of rule searching and carries out.
If this rule action is, " be redirected " or " ignores that " (step 720) is so just directly mapped to literal file name (step 724) according to rule this virtual file name.If being, this rule action " is redirected " (step 720), so just according to determining literal file name (step 724) by the specified virtual file name of this rule.If this rule action is " ignoring " (step 720), to be just confirmed as be exactly this virtual file name (step 724) to this literal file name definitely so.If this rule action is " ignoring " or this rule action is " being redirected ", so just the request of using determined literal file name to create this text file is delivered to operating system and the result that comes from operating system is returned to requestor's (step 724).For example, creating the request that virtual name is the file of " file_1 " just may cause creating the text file that name is called " Different_file1 ".In one embodiment, this is by calling the hook function of prototype version and (step 724) that formed word name delivery is realized as parameter to this function.For the embodiment of use file system filter driver, request is used the first request that virtual name opens file to cause the request of " STATUS_REPARSE " to respond, and it shows the word title that this is definite.Then I/O manager just uses included definite word title in STATUS_REPARSE response again to send file open request.
If determined rule action is not that " ignoring " neither " be redirected " but " isolation in step 720 ", so just this literal file name being designated is the example of this virtual file name in user isolation scope.If this text file exists, but but with show that it is that placeholder or its deleted metadata are associated, and so just revises this metadata being associated so that removing those shows, and guarantees that this document is empty.
In certain embodiments, a tittle metadata about file can directly be stored in literal file name, such as the suffix that passes through to add upper metadata designator to this virtual name, metadata designator is the character string being associated with certain metadata state uniquely herein.This metadata designator can show or some bits of coding or metadata.Request is hooked or is tackled because existing of metadata designator causes the request of possible variation of text file name and the request of the title of acquisition request this document self to check with virtual file name access file, to reply by this word title.In other embodiments, one or more standby title of this document can form according to virtual file name and metadata designator, and can create with the hard link being provided by file system or soft link instrument.If provided a request, request is used the title of link to visit file, and the existence of these links can be isolated environment by showing that this document is not found to conceal to application program so.The existence of particular link or disappearance can indicate for each metadata designator a bit of metadata, or can have such link, have and can show as a plurality of states to indicate the metadata designator of some bits of metadata.In other embodiment more again, wherein file system is supported backup file stream, and backup file stream can create out to comprise metadata, and the size of stream indicates some bits of metadata.In other embodiment more again, file system can directly be provided as the ability that each file in file system is stored a certain third party's metadata.
In more specific embodiment in these embodiments, the list of the file of deletion or file system element can be maintained and can be consulted, in order to optimize this inspection of the file to deleting.In these embodiments, if deleted file is re-created, this document title just can be removed the list of the file from deleting so.In other embodiment of these embodiment, if rising to, this list surpasses a certain size, so just can from this list, remove file name.
The request of in either case, request being opened to the text file of user scope is delivered to operating system (step 726).In certain embodiments, rule can specify the text file corresponding to this virtual file should be created in the scope that is different from user isolation scope, such as application isolation scope, and system scope, user isolation subrange or application program separaant scope.
If text file has successfully been opened (step 728), just text file is returned to requestor's (step 730).If contrary, in step 728, the file of this request fails to open, so just for the request that current each ancestors who is not present in the text file in user isolation scope create placeholder (step 732) and use word title to create text file request is delivered to operating system and this result is returned to requestor's (step 734).
This embodiment only supports each to call/quote the operating system that creates other API of level or instrument for having.Obviously be can expand to each to call/quote a plurality of ranks to those skilled in the art.
4.1.5 short filename claims management
In some file system, can give short filename to each file and claim to claim this two kinds of titles with long name.Any title can be used in access file in above-mentioned any file operation.For thering is short filename, claim to claim that with long filenames for each files of this two kinds of file names, this has just impliedly created associated between the short filename of distributing to this document claims to be referred to as with long filenames.Some file system in these file system, short name is automatically to be distributed to and used long filenames to claim created file by file system.If the association between short filename and long filenames is not isolated environment and maintains, in the same directory file that still but the file name length in different range rank is different, but can claim by identical short filename so, if use this short name to visit virtual file, this will cause polysemy.As selection, when file copy to user isolation scope in revising, this short filename claims to change, this just means and no longer can use original short name to visit virtual file.
In order to prevent these problems, first, associated between the short filename being associated with the example of this copy and long filenames of the file system operation protection that copies opened object and be the document instance that is modified to " higher " scope.Secondly, for creating unique short name, the new off-limit file creating replaces the file name of being distributed by operating system.The short filename generating claims meet the following conditions: the file name generating do not match under the same directory being in identical isolation range or be in " lower " isolation scope in same directory under any existing short filename claim.For example, claim to the existing short filename be located in the example that short filename that the example of the file in user isolation scope generates should not mate the range of applications in this catalogue or in the example of the system scope in this catalogue.
With reference now to Fig. 7 A,, be illustrated in the new file of establishment and distribute unique short filename to claim an embodiment of taked step afterwards.In brief overview, check to determine whether that generate short filename claims (step 752).If not should, so just return to a state, to show not generate any short filename (step 754).Otherwise, just according to file system check this document name to determine whether it has been legal short filename (step 756).If it has been legal short filename, claim, just return to a state, show not generate any short name (step 754).Otherwise, just construct an applicable short filename (step 758).
Also with reference to figure 7A, and in more detail, make checking and claim (step 752) to determine whether generate short filename.The equipment of the file that can refer to according to storage this document name in certain embodiments, is made this judgement.In other embodiments, can be some scope or subrange, or as hole, enable the generation that short filename claims for isolation environment.In some embodiment of these embodiment, registration table is set can stipulate whether will generate short filename for special file name.If should not generate any short filename, so just return to a state, to show that any short filename (step 754) will do not generated.
Otherwise, just check this document name to determine whether it has been legal short filename (step 756).In certain embodiments, legal short filename claims to comprise in filename nearly 8 characters and and in optional extension name, is comprising nearly three characters.In certain embodiments, legal short name comprises only legal character, such as A-Z, and a-z, 0-9, ` ,~,! ,@, #, $, %, ^, &, *, () ,-, _, ',, and}.In certain embodiments, the space of beginning or ". " or to embed more than one ". " be illegal.If the filename providing has been legal short filename, claim, so just return to a state, to show not generate any short filename (step 754).
Otherwise, if determined in step 756: this document name is that illegal short filename claims, so just construct a suitable short filename (step 758).In certain embodiments, this is by being that certain legal some parts combines to form candidate's short filename with the iteration count of coding and claims to realize with using in short filename claims in long filenames.This iteration count is increasing, until that the candidate's short filename being associated becomes is suitable, that is to say, until it is the legal short filename that any other file under the same directory under the same directory not being in same range or in lower scope is used.In other embodiments, long filenames is disarrayed or done Hash and process and encode, then combine to form candidate's short filename with the iteration count of coding and claim.This iteration count is increasing, until the candidate's short filename being associated becomes suitable, that is to say, until it is the legal short filename that any other file under the same directory under the same directory not being in same range or in lower scope is used.In all these embodiment, the character string of scope special use can be incorporated into candidate's short filename to increase probability: suitable candidate's short filename can be searched with low iteration count.
4.2 registration tablies are virtual
Above-mentioned method and apparatus can be used for the virtual access to registry data storehouse.As mentioned above, registry data library storage about the hardware, which system option that are attached to physically computing machine selected, how computer memory is set up, the various projects of the specific data of application program and should be had the information of what application program in starting when operating system.Registry data storehouse is generally all organized in the logical layered architecture of " key " 170,172, and described key is the container of registry value.
4.2.1 registry key opening operation
In succinct overview, Fig. 8 has described to open an embodiment of the step that registry key takes in above-mentioned isolation environment.The request that registry key is opened in request is received or interception, and this request comprises registry key title, and this registry key title is isolated environment and is used as virtual key name to pending (step 802).The processing rule that is applicable to the virtual name in this request determines how to process registry key operation (step 804).If this rule action is, " be redirected " (step 806), so just the virtual key name providing be mapped to the text button title (step 808) by the regular defined being suitable in this request.The request of using this text button title to open word registry key request is delivered to operating system and the result that comes from operating system is returned to requestor's (step 810).If not being, this rule action " is not redirected ", but " ignoring " (step 806), so just this virtual key name being designated is text button title (step 812), and the request that word registry key is opened in request is delivered to operating system and the result that comes from operating system is returned to requestor's (step 810).If determined this rule action is not in step 806 " be redirected " neither " ignore; " but " isolation ", so just the virtual key name providing is mapped to the Candidate Key title of user scope in this request, that is, a key name corresponding to the virtual key name of applicable user isolation scope special use claims (step 814).The classification of the existence of the Candidate Key of user scope is passed and checks that user isolation scope and any metadata being associated with this Candidate Key determine (step 816).If this Candidate Key is determined to have " negative existence " (deleting because this Candidate Key or its ancestors' key in user isolation scope are marked as), so this just mean the virtual key of this request known be non-existent.In the case, do not have found error condition to return to requestor's (step 822) file that shows this request.If replaced, at this Candidate Key of step 816, determined and there is " just existing " (because this Candidate Key be present in user isolation scope in and not to be marked as be placeholder node), the virtual key of this request exists with regard to known so.It is the text button (step 818) to this request that this Candidate Key is designated, and asks the summed result of asking of opening this text button return to requestor's (step 820) sending.Yet if in step 816, this Candidate Key has " neutral exist " (because this Candidate Key does not exist, or this Candidate Key but to exist be marked as be placeholder node), so just also still know that this virtual key exists still not exist.In the case, the key name of the range of applications corresponding to this virtual key name being claimed to be designated is Candidate Key title (step 824).In other words, this Candidate Key title is to claim to form by virtual key name being mapped to corresponding the machine key name of applicable application isolation scope special use.The classification of the existence of this Candidate Key is determined (step 826) by checking application isolation scope and any metadata being associated with this Candidate Key.If this Candidate Key is determined to have " negative existence " (deleting because this Candidate Key or its ancestors' key in this application isolation scope are marked as), this just means that this asks virtual key known is non-existent so.In the case, do not have found error condition to return to requestor's (step 822) on the key that shows this request.If replace this Candidate Key of step 826 be confirmed as be have " just existing " (because this Candidate Key be present in this application isolation scope in and not to be marked as be placeholder node), the virtual key of this request exists with regard to known so.Check that this asks to determine whether the request of opening shows that object is to revise this key (step 828).If not, so just this Candidate Key being designated is the text button (step 818) to this request, and the request of sending is opened to this text button please summed result return to requestor's (step 820).Yet if in step 828, what determine that this opens required list improving eyesight is to revise this key, so just checks the permissions data being associated with this key, in order to determine whether to allow this key (step 836) of modification.If do not allowed, so just error condition is returned to requestor's (step 838), show not allow to revise this key.If this permissions data shows to revise this key, so just this Candidate Key is copied to user isolation scope (step 840).In certain embodiments, this Candidate Key is copied to by the defined position of regulation engine.For example, rule can regulation copy application isolation scope to this key.In other embodiments, this rule can be stipulated that application-specific separaant scope or the user isolation subrange that this key is copied to.It is the placeholder in this isolation range that any ancestors that do not appear at the key of this request in that isolation range that this key is copied to are created as, to correctly locate the example of this copy in hierarchy.The instance identification of the scope of new copy for be text button (step 842) and the request of sending is opened to text button please summed result return to requestor's (step 820).Turn back to step 826, if this Candidate Key has neutrality, have (but because this Candidate Key does not exist or to be but marked as be placeholder node because this Candidate Key is found), so just still do not know that this virtual key is exist or do not exist.In the case, the key name of the system scope corresponding to this virtual key name being claimed to be designated is Candidate Key title (step 830).In other words, this Candidate Key title is just virtual key name just.If there is not (step 832) in this Candidate Key, so just showing that the not found error condition of this virtual key returns to requestor's (step 834).If this Candidate Key exists (step 832) on the contrary, so just check this request to determine whether the request of opening shows that object is to revise this key (step 828).If not, so just this Candidate Key being designated is the text button (step 818) to this request, and the request of sending is opened to this text button please summed result return to this requestor's (step 820).Yet if in step 828, what determine that this opens required list improving eyesight is to revise this key, so just checks the permissions data being associated with this key, in order to determine whether to allow this key (step 836) of modification.If do not allowed, so just error condition is returned to requestor's (step 838), show not allow to revise this key.If this permissions data shows to revise this key, so just this Candidate Key is copied to user isolation scope (step 840).In certain embodiments, this Candidate Key is copied to by the defined position of regulation engine.For example, rule can regulation copy application isolation scope to this key.In other embodiments, this rule can be stipulated that application-specific separaant scope or the user isolation subrange that this key is copied to.It is placeholder isolation range that any ancestors that do not appear at the key of the request in this isolation range are created as, to correctly locate the example of this copy in hierarchy.The scope instance identification of new copy for be text button (step 842) and the request of sending is opened to this text button please summed result return to requestor's (step 820).
Also with reference to figure 8 and in more detail, the received or interception (step 802) of the request of virtual registry key is opened in request.Corresponding word registry key can belong to user isolation scope, application isolation scope or system scope, or its scope can belong to application program separaant scope or user isolation subrange.In certain embodiments, this request is replaced operating system function or replaces and hooks for opening the function of the function of registry key.In another embodiment, hook dynamic link library is used for tackling this request.This hook function can be carried out under user model and also can carry out under core schema.For this hook function is carried out the embodiment under user model, in establishment process, this can be linked up with in the address space that function is loaded into this process.For this hook function is carried out the embodiment under core schema, this hook function can be associated with the operating-system resources being used in minute sending the request of the machine registry key.For the embodiment that all provides mutually operating system function independently for the registry key operation for every type, each function can be hooked individually.As selection, single hook function can be provided, its interception creates or opens calling the registry key operation of some types.
This request comprises registry key title, and this registry key title is isolated environment and is used as virtual registry key title and comes pending.By consulting regulation engine, determine and be applicable to the processing rule (step 804) that registry key is opened request.In certain embodiments, to may be provided in be relational database to this regulation engine.In other embodiments, this regulation engine can tree structure data storehouse, Hash table, or flat file database.In certain embodiments, for the virtual registry key title that provides of registry key of request is used in the rule that location in regulation engine is applied to this request.In the special embodiment of these embodiment, for special registry key, a plurality of rules can be present in this regulation engine, and in these embodiments, the rule that has longest prefix match with this virtual registry key title is exactly the rule that is applied to this request.In other embodiments, Process identifier is used in regulation engine the rule (if a rule exists) that location is applied to this request.The rule being associated with request can be to ignore this request, is redirected this request, or isolates this request.Although be shown individual data storehouse affairs or single searching hereof in Fig. 8, rule searching can be used as series of rules and searches to carry out.
If this rule action is, " be redirected " (step 806), so just according to applicable rule, the virtual registry key name map providing arrived to word registry key title (step 808) in this request.The request of using this word registry key title to open word registry key request is delivered to operating system and the result that comes from this operating system is returned to requestor's (step 810).For example, ask to open a request that is called the registry key of " registry_key_1 " and just may cause opening the word registry key that name is called " Different_registry_key_1 ".In one embodiment, this is by calling prototype version hook function and formed word name delivery being realized as parameter to function.In other embodiments, the similar registration table filter driver instrument of conceptive and file system filter actuator tool can be provided by operating system.In these embodiments, opening word registry key can realize by going to reply this raw requests by the raw requests that definite text button title comes again analysis request to open virtual key to registration table filter manager signaling.If replaced, this rule action is " ignoring " (step 806), just to be confirmed as be exactly this virtual registry key title (step 812) to this word registry key title definitely so, and the request that word registry key is opened in request is delivered to operating system and the result that comes from operating system is returned to requestor's (step 810).For example, ask to open a registry key that is called " registry_key_1 " and will cause opening the word registry key that name is called " registry_key_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to function.In another embodiment, this is by going to process the request of this original unmodified in common mode to the continuation of registration table filter manager signaling.
If be " isolation " at this rule action of step 806, so just the registry key name identification of the user scope corresponding to this virtual registry key title for being candidate's registry key title (step 814).In other words, this candidate's registry key title is by virtual registry key name map, the corresponding the machine registry key title to applicable user isolation scope special use realizes.For example, ask to open a registry key that is called " registry_key_1 " and may cause opening the word registry key that name is called " lsolated_UserScope_UserA_registry_key_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to this function.In other embodiments, opening word registry key can be by going to reply this request by the raw requests that definite text button title comes again analysis request to open this virtual key to registration table filter manager signaling.
In certain embodiments, the word title forming in order to isolate the virtual registry key of request can be based on received virtual registry key title and the identifier of scope special use.The identifier of this scope special use can be and application isolation scope, user isolation scope, session isolation range, application program separaant scope, the identifier that user isolation subrange or above a certain combination are associated.The identifier of scope special use is used for the virtual name that " disarraying " receives in this request.
In other embodiments, user isolation scope or subrange can be registry key, store all keys that are present in this user isolation scope under this registry key.In some embodiment of these embodiment, the key hierarchy under user isolation key reflects the path of requested resource.In other words, this text button path forms by virtual key path is mapped to user isolation scope.For example, if the key of request be HKLM Software Citrix MyKey and user isolation scope key be HKCU Software UserScope, to the path of the text button of this user scope, can be just so HKCU Software UserScope HKLM Software Citrix MyKey.In other embodiments, the path to the word of user scope can define according to the machine UNC.For example, can HKCU to the path of the text button of user scope Software UserScop Registry Machine Software Citrix MyKey.In other embodiment more again, the key of user scope can all be stored in has that to be chosen as be under the single key of unique title, and the database key name that can be used for the request of being stored in claim and be stored in user isolation key corresponding to the mapping between the title of text button.In other embodiment more again, the content of this text button can be stored in database or be stored in file memory.
The classification of the existence of Candidate Key is determined (step 816) by checking user isolation scope and any metadata being associated with this Candidate Key.If this Candidate Key is determined to have " negative existence " (deleting because this Candidate Key or its ancestors' key in user isolation scope are marked as), so this this just mean that this asks virtual key known is non-existent.In the case, do not have found error condition to return to requestor's (step 822) on the key that shows this request.
In certain embodiments, this word registry key can by with show this virtualized registry key deleted metadata be associated.In certain embodiments, about the metadata of registry key, can be stored in the different value being kept by that key, the existence of that value is being concealed the use of the common application program of registration table API.In certain embodiments, metadata about a tittle of registry key can directly be stored in text button title, such as passing through, to this virtual name, add a metadata designator as suffix, metadata designator is the character string being associated with certain metadata state uniquely herein.This metadata designator can show or or some bits of encoding metadata.Request is accessed this key to check owing to existing metadata designator to cause the request of possible variation of this text button title and the request of the title of this key of acquisition request self to be hooked or tackle, to make and replying by this word title with virtual name.In other embodiments, this metadata designator can be coded in that sub-key name claims or registry value title in, rather than be coded in this key name and claim in self.In other embodiment more again, registry key system can directly be provided as the ability that each key is stored certain third party's metadata.In certain embodiments, the database that metadata is stored in or be stored in other knowledge bases that are independent of this registry data storehouse.In certain embodiments, mutually independently subrange can be used for storing that those are marked as is the key of deleting.The existence of key in this subrange shows that this key is marked as and deletes.
In specific embodiment in these embodiments, the list of the key of deletion or key system element can be maintained and be consulted, in order to optimize this inspection of the key to deleting.In these embodiments, if the key of deleting is re-created, this key name claims just can the list of the key from deleting, to be removed so.In other embodiment of these embodiment, if rising to, this list surpasses a certain size, key name claims just can be removed in this list and remove so.
If replaced, at this Candidate Key of step 816, be determined to be and have " just existing " (because this Candidate Key is present in user isolation scope and is not marked as, being placeholder node), the virtual key of this request exists with regard to known so.It is the text button (step 818) to this request that this Candidate Key is designated, and the request of sending is opened to this text button please summed result return to requestor's (step 820).
Yet if in step 816, this Candidate Key has " neutral exist " (because this Candidate Key does not exist or this Candidate Key but to exist be but marked as be placeholder node), so just still know that this virtual key exists still not exist.In the case, the key name of the range of applications corresponding to virtual key name being claimed to be designated is Candidate Key title (step 824).In other words, this Candidate Key title is by this virtual key name mapping is claimed to form to the machine key name of applicable application isolation scope special use.The classification of the existence of this Candidate Key is (step 826) by checking that this application isolation scope and any metadata being associated with this Candidate Key are determined.
If the Candidate Key of this range of applications is determined to be and has " negative existence " (deleting because this Candidate Key or its ancestors' key in this application isolation scope are marked as), so this just mean the virtual key of this request known be non-existent.In the case, do not have found error condition to return to requestor's (step 822) on the key that shows this request.
Yet, if this Candidate Key of step 826 be confirmed as be have " just existing " (because this Candidate Key be present in this application isolation scope in and not to be marked as be placeholder node), the virtual key of this request exists with regard to known so.Check this request to determine whether the request of opening shows that object is to revise this key (step 828).If not, so just this Candidate Key being designated is the text button (step 818) to this request, and the request of sending is opened to this text button please summed result return to requestor's (step 820).
Yet if in step 828, what determine that this opens required list improving eyesight is to revise this key, so just checks the permissions data being associated with this key, to determine whether to allow the key (step 836) of modification.In certain embodiments, this permissions data is associated with the Candidate Key of range of applications.In some embodiment of these embodiment, this permissions data is stored in regulation engine or is stored in the metadata being associated with this Candidate Key.In other embodiments, the permissions data being associated with this Candidate Key is provided by operating system.And then this regulation engine can comprise that configuration sets, be used to indicate that isolation environment goes to defer to or the machine permissions data of the virtualized copy of heavily loaded resource.In certain embodiments, can will there is therein the scope of revising, for example this system scope or application isolation scope or subrange, or user isolation scope or subrange for some virtual resource regulations in this rule.In certain embodiments, this regulation engine can be applied to according to hierarchy regulation the configuration setting of the subset of this virtualized local resource.In some embodiment of these embodiment, what this configuration setting can be special-purpose to each atom local resource.
If the permissions data being associated with this Candidate Key shows to revise it, so just error condition is returned to requestor's (step 838), show not allow to revise this key.If this permissions data shows to revise this key, so just this Candidate Key is copied to user isolation scope (step 840).In certain embodiments, this Candidate Key is copied to by the defined position of regulation engine.For example, rule can regulation copy Another application program isolation range to this key.In other embodiments, this rule can be stipulated that application-specific separaant scope or the user isolation subrange that this key is copied to.It is the placeholder in this isolation range that any ancestors that do not appear at the key of this request in that isolation range that this key is copied to are created as, to correctly locate the example of this copy in hierarchy.
In certain embodiments, metadata is associated with the key of copying to isolation range, and its sign copies the date and time in this key.This information can be used for the original instance of time mark that comparison is associated with the example of the copy of this key and this key of last change or be arranged in the time mark of another example of the key of lower isolation range.In these embodiments, if the original instance of this key, or be arranged in lower isolation range this key another example by be associated with the time mark of time mark that is later than the key of this copy, so just this key can be copied to isolation range, in order to upgrade this Candidate Key.The metadata of the scope that in other embodiments, can comprise the original key being copied with sign to the copy of this key in isolation range is associated.
In a further embodiment, can monitor the key (object is to revise them because this key has been opened) that copies isolation range to, to determine that in fact whether they be modified.In one embodiment, the key of copy can with when this key, by the sign setting in revising practically, be associated.In these embodiments, if in fact the key of copy is not modified, the scope that so just can after it is closed, it be copied into from it and any placeholder of being associated with the key of this copy, remove.
The example of this scope is identified as to be text button (step 842) and in order to what open text button, please summed result to return to requestor's (step 820) sent.
Turn back to step 826, if this Candidate Key has neutrality, have (because Candidate Key do not exist), if but or found being marked as of this Candidate Key be placeholder node, so also still do not know that this virtual key is exist or do not exist.In the case, the key name of the system scope corresponding to virtual key name being claimed to be designated is Candidate Key title (step 830).In other words, this Candidate Key title is exactly virtual key name just.
If there is not (step 832) in this Candidate Key, just showing that the not found error condition of virtual key returns to requestor's (step 834).If this Candidate Key exists (step 832) on the contrary, by inspection, this asks to determine whether the request of opening shows that object is to revise this key (step 828) so.
As mentioned above, if this Candidate Key is being opened, object is not to revise it, so just the Candidate Key of system scope being designated is the text button (step 818) to this request, and sent request is opened to text button please summed result return to requestor's (step 820).Yet if in step 828, what determine that this opens required list improving eyesight is to revise this key, so just checks the permissions data being associated with this key, to determine whether to allow this key (step 836) of modification.In certain embodiments, permissions data is associated with the Candidate Key of range of applications.In some embodiment of these embodiment, permissions data is stored in regulation engine or is stored in the metadata being associated with this Candidate Key.In other embodiments, the permissions data being associated with this Candidate Key is provided by operating system.In addition, regulation engine can comprise that configuration sets, and is used to indicate that isolation environment goes to defer to or the machine permissions data of the virtual copy of heavily loaded resource.In certain embodiments, rule can be specified the scope that modification will occur therein, for example system scope or application isolation scope or subrange, or user isolation scope or subrange for some virtual resources.In certain embodiments, regulation engine can be applied to according to hierarchy regulation the configuration setting of the subset of virtualized local resource.In some embodiment of these embodiment, it can be special-purpose to each atom local resource that configuration is set.
If the permissions data being associated with the Candidate Key of this system scope shows to revise this key, so just error condition is returned to requestor's (step 838), show not allow to revise this key.Yet, if this permissions data shows to revise this key, so just Candidate Key is copied to user isolation scope (step 840).In certain embodiments, Candidate Key is copied to by the defined position of regulation engine.For example, rule can regulation copy this key application isolation scope to or it can be stayed in system scope.In other embodiments, rule can be stipulated that application-specific separaant scope or the user isolation subrange that this key is copied to.It is the placeholder in isolation range that any ancestors that do not appear at the key of the request in isolation range are created as, so that the example that correctly location copies in hierarchy.
In certain embodiments, metadata is associated with this key that copies isolation range to, the date and time of its this key of sign copy.This information can be used for the time mark of the original instance of time mark that comparison is associated with the example of the copy of this key and this key of last change.In these embodiments, if the original instance of this key is associated with the time mark of time mark that is later than the key of this copy, so just this original key can be copied to isolation range, in order to upgrade this Candidate Key.In other embodiments, copy to this isolation range Candidate Key can by with sign from it, copied the scope of this original key metadata be associated.
In a further embodiment, can monitor the key (object is to revise them because this key has been opened) that copies isolation range to, to determine that in fact whether they be modified.In one embodiment, the key of copy can by with when this key, by the sign setting in revising practically, be associated.In these embodiments, if in fact the key of copy is not modified, the scope that so just can after it is closed, it be copied into from it and any placeholder node of being associated with the key of this copy, remove.
The example of this scope be identified as be text button (step 842) and sent request is opened to text button please summed result return to requestor's (step 820).
4.2.2 registry key deletion action
With reference now to Fig. 9,, in simple overview, described to delete an embodiment of the step that registry key takes.Before can deleting a key, first must successfully open this key (step 901) with deleting access.If this key is not successfully opened, so just return to a mistake (step 916).If virtual key is successfully opened, the just received or interception of request of virtualized registry key is deleted in request so, and this request is included in the handle (step 902) corresponding to the text button of this virtual key.Rule determines how to process registry key operation (step 904).Except checking the rule be applicable to the key that will delete, also check any other rule (step 905) that is applicable to direct sub-key.For be applicable to found direct sub-key each rule for, all attempt to open virtual subnet key, the title of this virtual subnet key given title in the rule finding in step 905 is specified.If its title sub-key corresponding with the rule finding in step 905 successfully opened (step 906), so just this virtual key is considered as having sub-key, this just means that it can not be deleted, then returns to a mistake (step 907).
If all virtual key names that extract in step 905 all have been attempted to open (step 906), so just do not find any virtual key also, need to further check.If this rule action is not " isolation ", but " be redirected ", or " ignoring " (step 908), so just the request of request deletion word registry key is delivered to operating system and the result that comes from operating system is returned to requestor's (step 911).Yet, if determined rule action is in step 908 " isolation ", so just consult the virtualized registry key of polymerization, in order to determine whether it comprises any virtual subnet key (step 914).If this virtualized key has virtual subnet key, so just can not continue to delete, and return to a mistake, show this key not yet deleted (step 920).If this virtualized key does not have virtual subnet key, so just check the text button corresponding with this virtual key, in order to determine whether it has shielded the range key (step 922) in another scope rank with identical virtual name.But if do not have shielding to there is the different key of identical virtual name scope corresponding to the text button of this virtual key, just deleted corresponding to the text button of this virtual key so, and result is returned to (step 926).But if shielded and there is different key of identical virtual name scope corresponding to the text button of this virtual key, so just with one, show that its deleted value shields the text button corresponding to this virtual key, and successful result is returned to caller (step 924).
Also, with reference to figure 9, in more detail, in order to delete a key, first just must open this key (step 901) with deleting access.Request comprises the title of this key with the request of deleting access and open key, the title of this key is isolated environment and regards virtual name and come pending.Fully virtualized key is opened according to carrying out like that described in 4.2.1 joint.If virtual opening operation failure, so just returns to requestor's (step 916) a mistake.If virtual opening operation success, so just returns to requestor the handle of the text button corresponding to this virtual key.Then, the received or interception (step 902) of the request of the registry key opened in step 901 is deleted in request.This word registry key of opening can belong to user isolation scope, application isolation scope, system scope, or a certain applicable separaant scope.In certain embodiments, this removal request is replaced operating system function or replaces and hooks for deleting the function of the function of registry key.In another embodiment, hook dynamic link library is used for tackling this removal request.This hook function can be carried out under user model or carry out under core schema.For hook function is carried out the embodiment in user model, in a process of establishment, hook function can be loaded in the address space of this process.For hook function is carried out the embodiment in core schema, hook function can be associated with the operating-system resources using in to the request of the machine registry key in minute group.In other embodiments, the similar registration table filter driver instrument of conceptive and file system filter actuator tool can be provided by operating system.Those skilled in the art can create registration table filter driver, and the request that operating system is carried out registry operations request is delivered to this registration table filter driver, and the mechanism of intercept registration table handling request is provided thus.For the registry key function for every type, all provide mutually in the embodiment of operating system function independently, each function can hook independently.As selection, single hook function can be provided, it is in order to tackle the establishment of the registry key of some types or to open and call.
This removal request comprises text button handle.The virtual key name being associated with this handle is that the word title by being associated with this handle in query manipulation system is determined.Consult regulation engine, in order to determine the virtual name (if present) being associated with this word title.Determine that rule how to process registry key operation (step 904) obtains by consulting regulation engine.The virtual key name of the virtual registry key that delete in certain embodiments, is used in regulation engine the rule that location is applied to this request.In the special embodiment of these embodiment, for special virtual registry key, a plurality of rules can be present in this regulation engine, and in some embodiment of these embodiment, the rule with this virtual key name with longest prefix match is exactly the rule that has been applied to this request.In certain embodiments, to may be provided in be relational database to this regulation engine.In other embodiments, the database that this regulation engine can tree structure, Hash table, or plane registry key database.In certain embodiments, corresponding to the virtual key name of the virtual key handle in this request, being used as entering into regulation engine is applied to this in order to location and asks one or more regular index.In certain embodiments, Process identifier is used in regulation engine the rule (if having a rule) that location is applied to this request.The rule being associated with this request can be to ignore this request, is redirected this request, or isolates this request.Rule searching can be used as a series of judgements and occurs, or this rule searching can be used as individual data storehouse affairs and occurs.
But the virtual name of the key of deleting is used for consulting regulation engine, is applicable to any direct child's key of this virtual key that will delete is not but suitable for the regular collection of this virtual key that will delete in order to location.No matter those child's keys are exist or do not exist, all locate this regular collection (step 905).If it is not empty being applicable to the regular collection of direct child's key, so just extract each the regular virtual name in these rules.Then, attempt to carry out fully virtualized open (step 906) that each the virtual child's key name extract claims.If any virtual key corresponding to any virtual name of these virtual names can both successfully be opened, this just means that virtual subnet key exists so.This just means that this virtual key can not be deleted, because it has the virtual child of existence, and returns to a mistake (step 907).If be applicable to the direct child's of this virtual key strictly all rules set (step 905) in inspection, can not find the virtual subnet key of any existence, delete and just can proceed so.For example, virtual name is applicable to child's rule of " key1 subkey_1 " and " key1 subkey_2 " for the key of " key_1 " may have.In this step, attempt to carry out virtual the opening to " key1 subkey_1 " and " key1 subkey_2 ".If any the virtual subnet key in these virtual subnet keys can both successfully be opened, deleting so will be failed, and return to a mistake (step 907).In only any one the sub-key in these virtual subnet keys does not exist, can continue to delete.
If this rule action is not " isolation ", but " be redirected ", or " ignoring " (step 908), the request of so just using text button handle to delete word registry key request is delivered to operating system and the result that comes from operating system is returned to requestor's (step 911).If this text button comprises the sub-key of word, this request will be failed so.In one embodiment, the request of request deletion word registry key is to realize as parameter by calling the hook function of prototype version and text button handle being delivered to this function.In making full use of the embodiment of registration table filter driver, this is by replying this request by completion status (its signaling operating system is carried out normal process to this request).In certain embodiments, the operating system authority being associated with this word registry key can prevent its deletion.In these embodiments, return to an error message: this virtual registry key can be not deleted.
If determined rule action is in step 908 " isolation ", so just consult the virtual registry key of polymerization, in order to determine whether it comprises any virtual subnet key (step 914).If the virtual registry key of this request comprises virtual subnet key, this virtual key just can not be deleted so, and a mistake is returned to caller (step 920).
If the virtual registry key of this request does not comprise virtual subnet key, this virtual key just can be deleted so.Next the scope that comprises the text button of wanting deleted is depended in the action taked.For example, the request of the virtual registry key of request deletion may cause deleting the text button of range of applications.The scope that comprises text button can be consulted regulation engine and determines by being used the complete trails of this text button.
If found the text button that will delete in particular range, and this text button has shielded another key in another scope with identical virtual name, so just this text button that will delete is labeled as and is deleted, and result is returned to requestor's (step 924).For example, if there is the key of corresponding range of applications of identical virtual name or the key with the correspondence system scope of identical virtual name, there is " just existing ", that is to say, be present in this scope, so just the virtual key of the text button corresponding to user scope being considered as is for the different key of shield ranges, and not being marked as is placeholder, and be not considered to be deletion.Similarly, if the key of a system scope exists, just the key of range of applications be considered as be shielding corresponding to the key of the system scope of identical virtual name, and be not considered to be deletion.
If the text button that will delete finding is not to deshield to have another key of identical virtual name in another scope, so just deletes practically the text button that will delete and result is returned to (step 926).
In certain embodiments, the operating system authority being associated with this word registry key can prevent from deleting this word registry key.In these embodiments, return to an error message: this virtual registry key can be not deleted.
In certain embodiments, this word registry key can be associated with metadata, and it shows that this virtualized registry key is deleted.In certain embodiments, about the metadata of registry key, can be stored in the different value being kept by that key, the existence of that value is being concealed the common application program utilization of registration table API.In certain embodiments, about can being directly stored in text button title of the metadata of a small amount of of registry key, such as by adding to this virtual name, above metadata designator is as suffix, metadata designator is the character string being associated with certain metadata state uniquely herein.This metadata designator can show or or some bits of encoding metadata.Request is accessed this key to check owing to existing metadata designator to cause the request of possible variation of this text button title and the request of the title of this key of acquisition request self to be hooked or tackle, to reply by this word title with virtual name.In other embodiments, this metadata designator can be coded in that sub-key name claims or registry value title in, rather than be coded in this key name and claim in self.In other embodiment more again, registry key system can directly be provided as the ability that each key is stored certain third party's metadata.In certain embodiments, metadata can be stored in database or be stored in the knowledge base that is independent of registry data storehouse.In certain embodiments, mutually independently subrange can be used for that storage is marked as be the key of deleting.The existence of this key in this subrange shows that this key is marked as and deletes.
In specific embodiment in these embodiments, the list of the key of deletion or key system element can be maintained and be consulted, in order to optimize this inspection of the key to deleting.In these embodiments, if the key of deleting is re-created, this key name claims just can the list of the key from deleting, to be removed so.In other embodiment of these embodiment, if rising to, this list surpasses a certain size, key name claims just can from this list, to be removed so.
In certain embodiments, the ancestors of word registry key in same range by with show that it is deleted or show that in addition it wants deleted metadata to be associated.In these embodiments, can return to an error message, show that this virtualized registry key does not exist.In specific embodiment in these embodiments, the list of the registry key of deletion or registry key system element can be maintained and be consulted, in order to optimize this inspection of the registry key to deleting.
4.2.3 registry key is enumerated operation
With reference now to Figure 10,, in simple overview, be illustrated in an embodiment who enumerates the step that key takes in described virtualized environment.Before key can be enumerated, first must successfully with enumerating access, open key (step 1001).If this key is not successfully opened, so just return to a mistake (step 1040).If this virtual key has successfully been opened, the request that request is enumerated is so received or interception just, and this request is included in the handle (step 1002) corresponding to the text button of this virtual key.
Determine the virtual key name corresponding to this handle, and consult regulation engine, with thinking that enumerating key specified in request at this determines rule (step 1004).If this rule does not have required movement " isolation ", and contrary appointment " ignoring " or appointment " being redirected " (step 1006), so just enumerate the text button being identified by this text button handle, and enumerating result store in operational data storer (step 1012), be after a while described step 1030 afterwards.
Yet, if this rule action is specified " isolation ", so first enumerate this system scope; That is to say, this Candidate Key title is just this virtual key name definitely, and if this Candidate Key exists, so just enumerates it.Enumerating result store in operational data storer.If this Candidate Key does not exist, so in this stage, this operational data memory retention is empty (step 1014).Next, this Candidate Key is designated to the example of the range of applications that is this virtual key, and determines the classification (step 1015) of the existence of this Candidate Key.
If this Candidate Key has " negative existence ", that is, it or it ancestors in this scope are marked as and delete, so within this scope, it with regard to known be deleted, and this shows (step 1042) by removing this operational data storer.If replaced, this Candidate Key does not have negative existence, so just enumerates this Candidate Key, and obtained any enumerating is all integrated in operational data storer.Especially, be every sub-key in enumerating at this, determine the classification of its existence.Thering is the negative sub-key existing, from this operational data storer, remove, and there is the sub-key just existing,, those existence and not to be marked as be placeholder and not to be marked as be the sub-key of deleting, be added to operational data storer, if sub-key Already in this operational data storer, is so just replaced corresponding sub-key (step 1016).
In either case, it is the user scope example of this virtual key that this Candidate Key is designated, and determines the classification (step 1017) of the existence of this Candidate Key.If this Candidate Key has " negative existence ", that is, it or it in this scope ancestors be marked as and delete, so within this scope, it with regard to known be deleted, and this removes this operational data storer by this and shows (step 1044).If replaced, this Candidate Key does not have negative existence, so just enumerates this Candidate Key, and obtained any result of enumerating is all integrated in operational data storer.Especially, be this every sub-key in enumerating, all determine the classification of its existence.Thering is the negative sub-key existing, from this operational data storer, remove, and there is the sub-key just existing,, those existence and not to be marked as be placeholder and not to be marked as be the sub-key of deleting, be added to operational data storer, if sub-key Already in this operational data storer, is so just replaced corresponding sub-key (step 1018), is after a while described step 1030 afterwards.
Then, be the rule of all three types, execution step 1030.Inquire about this regulation engine, in order to search rule set, the direct child of the virtual key name of this request of filter matching of this regular collection, but but do not mate the virtual key name self (step 1030) of this request.For the every rule in this set, determine the virtual child's of the title in this rule of its name-matches existence.If this child just has, exist, so just it is added to operational data storer, replace any child there with same names.If this child has negative existence, just remove in this operational data storer the entry (if present) corresponding to this child.(step 1032).Finally, then constructed enumerating from this operational data storer returned to requestor's (step 1020).
Also, with reference to Figure 10, in more detail, in order to enumerate a key, first must open its (step 1001) with enumerating access.The title of enumerating request that access opens this key and comprise this key for request, the title of this key is isolated environment and is used as virtual name and comes pending.Fully virtualized key is opened as described in 4.2.1 joint being and carried out.If this virtualized opening operation failure, just returns to requestor's (step 1040) a mistake.If this this virtualized opening operation success, just returns to requestor the handle of the text button corresponding to this virtual key.Then, request is set forth in the received or interception (step 1002) of the request of the registry key that step 1001 was opened.This word registry key of opening can belong to user isolation scope, application isolation scope, system scope, or applicable separaant scope.In certain embodiments, this enumerate request be replaced operating system function or replace for enumerate registry key function function and hook.In another embodiment, hook dynamic link library is used for tackling this and enumerates request.This hook function can be carried out in user model or carry out in core schema.For this hook function is carried out the embodiment in user model, in a process of establishment, hook function can be loaded in the address space of this process.For hook function is carried out the embodiment in core schema, hook function can be associated with the operating-system resources using in to the request of the machine registry key in minute group.In other embodiments, the similar registration table filter driver instrument of conceptive and file system filter actuator tool can be provided by operating system.Those skilled in the art can create registration table filter driver, and the request that operating system is carried out registry operations request is delivered to this registration table filter driver, and the mechanism of intercept registration table handling request is provided thus.For the embodiment that all provides mutually operating system function independently for the registry key function for every type, each function can hook independently.As selection, single hook function can be provided, it is in order to tackle the establishment of the registry key function of some types or to open and call.
This is enumerated request and comprises text button handle.The virtual key name being associated with this handle is that the word title by being associated with this handle in query manipulation system is determined.Consult this regulation engine, in order to determine the virtual name (if present) being associated with this word title.
Determine that rule how to process registry key operation (step 1004) obtains by consulting regulation engine.The virtual key name of the virtual registry key that enumerate in certain embodiments, is used in regulation engine the rule that location is applied to this request.In the special embodiment of these embodiment, for special virtual registry key, a plurality of rules can be present in this regulation engine, and in some embodiment of these embodiment, the rule with this virtual key name with longest prefix match is exactly the rule that has been applied to this request.In certain embodiments, to may be provided in be relational database to this regulation engine.In other embodiments, the database that this regulation engine can tree structure, Hash table, or plane registry key database.In certain embodiments, corresponding to the virtual key name of the virtual key handle in this request, being used as entering into regulation engine is applied to this in order to location and asks one or more regular index.In certain embodiments, Process identifier is used in regulation engine the rule (if having a rule) that location is applied to this request.The rule being associated with a request can be to ignore this request, is redirected this request, or isolates this request.Rule searching can be used as a series of judgements and occurs, or this rule searching can be used as individual data storehouse affairs and occurs.
If this rule action is not " isolation " (step 1006), but " ignoring " or " being redirected ", with regard to the request of using this text button handle that request is enumerated to this text button, be delivered to operating system so, and enumerating result (if that exist and), be stored in operational data storer (step 1012), and step 1030 is carried out as described in being after a while.
In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to this function.In other embodiments, the similar registration table filter driver instrument of conceptive and file system filter actuator tool can be provided by operating system.In these embodiments, enumerating this word registry key can be by signaling and goes the request of processing unmodified in common mode to come acknowledges requests to enumerate the request of this key to this registration table filter manager.
If determined this rule action is " isolation " in step 1010, so just enumerate this system scope.In order to realize this point, it is the key corresponding to the system scope of the virtual key that will enumerate that this Candidate Key is designated.This Candidate Key is enumerated, and the result of enumerating is stored in operational data storer (step 1014).In certain embodiments, this operational data storer is comprised of memory component.In other embodiments, this operational data storer comprises database or key or solid-state memory element or lasting data-carrier store.
Then, this Candidate Key is designated to the example of the range of applications that is this virtual key, and determines the classification (step 1015) of the existence of this Candidate Key.If this Candidate Key has " negative existence ", that is, it or it ancestors in this scope are marked as and delete, so within this scope, it with regard to known be deleted, and this shows (step 1042) by removing operational data storer.
In certain embodiments, this candidate's registry key can with show being associated of deleted metadata of this candidate's registry key.In certain embodiments, about the metadata of registry key, can be stored in the different value being kept by that key, the existence of that value is used and is being concealed the common application program of registration table AP I.
In certain embodiments, metadata about a tittle of registry key can directly be stored in text button title, such as by add the suffix of a metadata designator to virtual name, metadata designator is the character string being associated with special metadata state uniquely herein.This metadata designator can show or or several bits of encoding metadata.Request is accessed this key to check due to the request of the possible variation of the word title that exists metadata designator to cause and to be hooked or tackle for obtaining the request of the title of this key self, to make and replying by word title with virtual name.In other embodiments, this metadata designator can be coded in that sub-key name claims or registry value title in rather than be coded in this key name and claim in self.In other embodiment more again, registry key system can directly be provided as the ability that each key is stored certain third party's metadata.In certain embodiments, metadata is stored in database or is independent of in other knowledge bases in registry data storehouse.In certain embodiments, mutually independently subrange can be used for that storage is marked as be the key of deleting.The existence in this subrange of key shows that this key is marked as and deletes.
If replaced, in step 1015, this Candidate Key does not have negative existence, so just enumerates this Candidate Key and obtained any result of enumerating is all integrated in operational data storer.Especially, be every sub-key in enumerating at this, all determine the classification of its existence.Have the negative sub-key existing is removed from operational data storer, and there is the sub-key just existing,, those existence and not to be marked as be placeholder and not to be marked as be the sub-key of deleting, be added to operational data storer, if sub-key Already in operational data storer, is so just replaced corresponding sub-key (step 1016).
In either case, this Candidate Key is designated to the example of the user scope that is this virtual key, and determines the classification (step 1017) of the existence of this Candidate Key.If this Candidate Key has " negative existence ", that is, it or it ancestors in this scope are marked as and delete, so within this scope, it with regard to known be deleted, and this shows (step 1044) by removing operational data storer.If replaced, this Candidate Key does not have negative existence, so just enumerates this Candidate Key and obtained any result of enumerating is all integrated in operational data storer.Especially, be every sub-key in enumerating at this, all determine the classification of its existence.The negative sub-key existing is removed from operational data storer, and there is the sub-key just existing,, those existence and not to be marked as be placeholder and not to be marked as be the sub-key of deleting, be added to operational data storer, if sub-key Already in operational data storer, is so just replaced corresponding sub-key (step 1018), is following described step 1030 afterwards.
Then, be the rule of all three types, execution step 1030.Inquire about this regulation engine, in order to the set of search rule, the direct child of the key of this request of filter matching that this is regular, but but do not mate the key self (step 1030) of this request.For each rule in this set, determine virtual child's existence, the title of this virtual child's name-matches in this rule.In certain embodiments, this is definite by checking that suitable isolation range and the metadata being associated with this virtual child realize.In other embodiments, this determines by attempting to open this key.If this is opened, ask successfully, this virtual child just just has and exists so.If this is opened, ask unsuccessfully, and show that this virtual child does not exist, this virtual child just has negative existence so.
If this child just has, exist, so just it is added to operational data storer, replace any child there with same names.If this child has negative existence, in this operational data storer, the child's (if any) corresponding to this virtual child is just removed so.(step 1032).Finally, constructed enumerating then returned to requestor's (step 1020) from this operational data storer.
It will be recognized by those of ordinary skills: the enumeration process of above-mentioned layering is made to less modification and just can be applied in the operation of enumerating the single isolation range that comprises a plurality of separaant scopes.Operational data storer is created, and subrange is in succession enumerated and result is integrated in operational data storer and is enumerated to form the polymerization of isolation range.
4.2.4. registration table creation operation
With reference now to Figure 11,, in simple overview, be illustrated in an embodiment who creates the step that key takes in isolation environment.For creating the request of key, be received or interception (step 1102).This request comprises key name and claims, this key name claims to be isolated environment and is used as virtual key name and processes and treat.Attempt to use applicable rule, that is, use suitable user and application isolation scope to use fully virtualized the asked key of opening, as (step 1104) with described in 4.1.1 joint.If access denied (step 1106), so just returns to requestor's (step 1109) access reject mistake.If access licensed (step 1106), and the key of this request successfully opened (step 1110), so just asked key returned to requestor's (step 1112).Yet, if access licensed (step 1106), but the key of this request is not but successfully opened (step 1110), if the parents of the key of this request do not exist (step 1114) so yet, just to requestor, send and be suitable for this and ask semantic mistake (step 1116).If use on the contrary suitable user and range of application to find parents' (step 1114) of the key of this request in fully virtualized view, then rule just determines this key operation how processed (step 1118) so.If this rule action is, " be redirected " or " ignores that " (step 1120) is so just directly mapped to text button title according to rule this virtual key name.Especially, if rule action is " ignoring ", so just this text button name identification for being exactly virtual key name definitely.If replaced, this rule action is " being redirected ", so just according to the specified virtual key name of this rule, determines text button title.Then the request that creates this text button is delivered to operating system, and this result is returned to requestor's (step 1124).If contrary, in step 1120, determined this rule action is " isolation ", this text button name identification, is to be so just the example of this virtual key name in user isolation scope.If this text button exists, but but with show that it is that placeholder or its deleted metadata are associated, so just revise this metadata being associated to remove and change those and show, and guarantee that this key is empty.In either case, the request of opening this text button is delivered to operating system (step 1126).If this text button was successfully opened (step 1128), so just this text button is returned to requestor's (step 1130).If contrary, in step 1128, the key of this request is not opened, and just current each ancestors's who is not present in the text button in user isolation scope placeholder (step 1132) and the request that creates this text button for using word title to go is delivered to operating system and this result is returned to requestor's (step 1134).
Also, with reference to Figure 11, in more detail, the request that creates key is received or interception (step 1102).In certain embodiments, this request is replaced operating system function or replaces and hooks for creating the function of the function of key.In another embodiment, hook dynamic link library is used for tackling this request.This hook function can be carried out under user model and also can carry out under core schema.For this hook function is carried out the embodiment under user model, when creating in a process, just this can be linked up with in the address space that function is loaded into this process.For this hook function is carried out the embodiment in core schema, this can be linked up with to function and be associated with the operating-system resources using in minute sending the request of key operation.For the embodiment that all provides mutually operating system function independently for the key operation for every type, each function can be hooked independently.As selection, single hook function can be provided, its is tackled the establishment of the key operation of some types or opens and call.
This request comprises key name and claims, this key name claims to be isolated environment and is used as virtual key name to pending.In certain embodiments, this virtual key name can be expressed the handle of parents' key and the combination of arriving the relative path name of follow-up key.This parents' key handle is associated with text button title, and this text button title self is just associated with virtual key name.Requestor attempts to use applicable rule, that is, use suitable user and application isolation scope to use the fully virtualized virtual key of opening, as (step 1104) described at 4.2.1.If access denied (step 1106) during fully virtualized opening operation, so just returns to requestor's (step 1109) access reject mistake.If access licensed (step 1106), and the virtual key of this request successfully opened (step 1110), so just corresponding text button returned to requestor's (step 1112).Yet if access licensed (step 1106), but this virtual key is not but successfully opened (step 1110), it is non-existent so just determining this virtual key.If the virtual parents of the virtual key of this request do not exist yet, as the process in 4.2.1 determined (step 1114), so just to requestor, send and be suitable for asking semantic mistake (step 1116).If contrary, use suitable user and range of application in fully virtualized view, to find the virtual parents (step 1114) of the virtual key of this request, so just by consulting regulation engine, locate definite rule (step 1118) of how processing creation operation.In certain embodiments, to may be provided in be relational database to this regulation engine.In other embodiments, this regulation engine can be the database of tree structure, Hash table, or parallel key database.In certain embodiments, the virtual key name providing for the key of this request is used in the rule that location in regulation engine is applied to this request.In the special embodiment of these embodiment, for special key, a plurality of rules can be present in this regulation engine, and in some embodiment of these embodiment, the rule with virtual key name with longest prefix match is exactly the rule that is applied to this request.In certain embodiments, Process identifier is used in regulation engine the rule (if a rule exists) that location is applied to this request.The rule being associated with request can be to ignore this request, is redirected this request, or isolates this request.Although be shown individual data storehouse affairs or single the searching in key in Figure 11, this rule searching can be used as a series of rule searching and carries out.
If this rule action is, " be redirected " or " ignores that " (step 1120) is so just directly mapped to text button title (step 1124) according to rule this virtual key name.If being, this rule action " is redirected " (step 1120), so just according to determining text button title (step 1124) by the specified virtual key name of this rule.If this rule action is " ignoring " (step 1120), to be just confirmed as be exactly this virtual key name (step 1124) to this text button title definitely so.If this rule action is " ignoring " or this rule action is " being redirected ", the request of so just using determined text button title to create this text button request is delivered to operating system and the result that comes from operating system is returned to requestor's (step 1124).For example, create a request that is called the virtual key of " key_1 " and just may cause creating the text button that name is called " Different_key_1 ".In one embodiment, this is by calling the hook function of prototype version and (step 1124) that formed word name delivery is realized as parameter to this function.In other embodiments, the similar registration table filter driver instrument of conceptive and file system filter actuator tool can be provided by operating system.In these embodiments, creating this word registry key can be by signaling and goes the raw requests with determined file key title comes again analysis request to create virtual key to reply this raw requests to this registration table filter manager.
If determined rule action is not " ignoring " in step 1120, neither " be redirected ", but " isolation " is to be so just the example of this virtual key name in user isolation scope this text button name identification.If this text button exists, but but with show that it is that a placeholder or its deleted metadata are associated, so just revise this associated metadata, in order to remove those, show, and guarantee that this key is empty.
In certain embodiments, about the metadata of registry key, can be stored in the different value being kept by that key, the existence of that value is being concealed for the use of the common application program of registration table API.In certain embodiments, metadata about a small amount of of registry key can directly be stored in text button title, such as the suffix that passes through to add upper metadata designator to this virtual name, metadata designator is the character string being associated with special metadata state uniquely herein.This metadata designator can show or some bits of encoding metadata.Request is accessed to check because existing of metadata designator causes the request of possible variation of word key name and the request of the title of this key of acquisition request self with virtual key name and is hooked or tackle, to reply by this word title.In other embodiments, this metadata designator can be coded in that sub-key name claims or registry value title in, rather than be coded in this key name and claim in self.In other embodiment more again, registry key system can directly be provided as the ability that each key is stored certain third party's metadata.In certain embodiments, metadata can be stored in database or be stored in the knowledge base that is independent of registry data storehouse.In certain embodiments, mutually independently subrange can be used for that storage is marked as be the key of deleting.The existence of key in subrange shows that this key is marked as and deletes.
In more specific embodiment in these embodiments, the list of the key of deletion or key system element can be maintained and can be consulted, in order to optimize this inspection of the key to deleting.In these embodiments, if delete key is re-created, this key name claims just can the list of the key from deleting, to be removed so.In other embodiment of these embodiment, if rising to, this list surpasses a certain size, so just can from this list, remove key name and claim.
The request of in either case, request being opened to the text button of user scope is delivered to operating system (step 1126).In certain embodiments, the scope that rule can specify the text button corresponding to this virtual key to be created in to be different from user isolation scope is (such as application isolation scope, system scope, user isolation subrange or application program separaant scope) in.
If this text button has successfully been opened (step 1128), just text button is returned to requestor's (step 1130).If contrary, in step 1128, the key of this request fails to open, so just for the request that current each ancestors who is not present in the text button in user isolation scope create placeholder (step 1132) and use word title to create text button request is delivered to operating system and this result is returned to requestor's (step 1134).
This embodiment only supports each to call/quote the operating system that creates other API of level or instrument for having.Obviously be can expand to each to call/quote a plurality of ranks to those skilled in the art.
4.3 named object virtualization operations
The resource of another kind of system scope (they can use above-mentioned technology to be virtualized) is named object, this named object comprises semaphore, mutexes, variant, the timer that can wait for, event, target object, segmentation (section), named pipes and mail time slot (mailslot).These objects are characterised in that they typically only just exist at the duration that creates their process.Name space for these objects can be at independent user conversation, to be effectively or only effectively (scope is in dialogue) whole computing machine (being overall in scope).
With reference now to Figure 12,, in simple overview, the request that request created or opened named object is received or interception (step 1202).This request comprises object oriented, and this object oriented is isolated environment and is used as virtual name and comes pending.Determine rule (step 1204) how to treat this request.If this rule shows this request should be left in the basket (step 1206), so just text object title being defined as is exactly virtual name (step 1207), and the request of asking to create or opening text object is issued to operating system (step 1214).If this definite rule is not to ignore this request, show that on the contrary this request should be redirected (step 1208), so just basis is determined this text object title (step 1210) by the virtual name that is redirected regular defined, and asks the request that creates or open this text object to be sent to operating system (step 1214).If this rule does not show this request and should be redirected (step 1208), and show that on the contrary this request should be isolated, so just according to determining this text object title (step 1212) and create or open by the virtual name of the regular defined of isolation, the order of this text object is sent to operating system (step 1214).By operating system in response to sent establishment or open order and the handle of the text object that returns returns to the program (step 1216) that request created or opened this virtual objects.
Also, with reference to Figure 12, in more detail, the request that the request of process created or opened named object is blocked (step 1202).This named object can belong to discourse referent or it can belong to global scope.In certain embodiments, this request by replacement operation system function or replace for create or open named object function function and hook.At another embodiment, hook dynamic link library is used for interception request.This hook function can be carried out in user model or carry out in core schema.For this hook function is carried out the embodiment in user model, when creating in a process, this hook function can be by be loaded in the address space of this process.For this hook function is carried out the embodiment in core schema, this hook function can be associated with the operating-system resources using in minute sending the request of system object.The request that request created or opened this named object can be quoted any one resource for the resource of the multiple types system scope of the communication between process and wide region synchronous and that identified by unique identifier, this unique identifier comprises semaphore, mutexes, variant, the timer that can wait for, file-mapping object, event, target, segmentation, named pipes and mail time slot.For the embodiment that all provides mutually operating system function independently for the object for every type, each function can be hooked independently.As selection, single hook function can be provided, its interception creates or opens calling the object of some types.
The request of tackling comprises object oriented, and this object oriented is isolated environment and is used as virtual name and comes pending.By consulting regulation engine, be identified for determining how to treat the rule (step 1204) to the request of this object.In certain embodiments, to may be provided in be relational database to this regulation engine.In other embodiments, this regulation engine can be tree structure data storehouse, Hash table, or flat file database.In certain embodiments, the virtual name providing for the object of this request is used in the rule that location in this regulation engine is applied to this request.In the special embodiment of these embodiment, for special object, a plurality of rules can be present in this regulation engine, and in these embodiments, and the rule between this virtual name with longest prefix match is exactly the rule that has been applied to this request.In certain embodiments, Process identifier is used in the rule (if a rule exists) that this regulation engine location is applied to this request.The rule being associated with request can be to ignore this request, is redirected this request, or isolates this request.Although be shown a series of judgements in Figure 12, this rule searching can be used as individual data storehouse affairs and occurs.
If this rule shows this request and should be left in the basket (step 1206), to be just confirmed as be this virtual name to this text object title so, and operating system (step 1214) is issued in the request that request is created or opened this text object.For example, request creates or opens request that name is called the named object of " Object_1 " and will cause creating in fact an object that is called " Object_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to this function.
If be not to ignore this request by accessing the determined rule of this regulation engine, and be to show that this request should be redirected (step 1208) on the contrary, so just according to being determined this text object title (step 1210) by the virtual name that is redirected regular defined and the establishment of text object or the request of opening being sent to operating system (step 1214).For example, request creates or opens named object that name is called " Object_1 " and may cause creating the object that name is in fact called " Different_Object_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to this function.
If this rule does not show this request and should be redirected (step 1208), but show that on the contrary this request should be isolated, so just according to determining this text object title (step 1212) and handle to the establishment of this text object by the virtual name of the regular defined of isolation or opening order and issue operating system (step 1214).For example, request creates or opens request that name is called the named object of " Object_1 " and may cause creating the object that name is in fact called " Isolated_Object_1 ".In one embodiment, this is by calling the hook function of prototype version and formed word name delivery being realized as parameter to this function.
The word title forming in order to isolate the system object of request can be based on received virtual name and the identifier of scope special use.The identifier of this scope special use can be and application isolation scope, user isolation scope, session isolation range, or the identifier that is associated of their certain combinations of three.The identifier of this scope special use is used for the virtual name that " disarraying " receives in this request.For example, if the identifier being associated for it is the application isolation scope of " SA1 ", to the request of named object " Object_1 ", be segregate, this word title can be just " lsolated_AppScope_SA1_Object_1 " so.Following table sign is used session isolation range, or user isolation scope and application isolation scope are disarrayed the impact of the title of this object.Disarraying restricted group listed in this table altogether of the combination of usable range.
The identifier of session-specific The identifier of user's special use The identifier of application-specific
Global object Be used in the object of the application program of all isolation of carrying out in the context of user conversation The object that can be used for the application program of all isolation that representative of consumer carries out Be used in the object of the application program of all isolation of carrying out in application isolation scope
Session object Be used in the object of the application program of all isolation of carrying out in the context of user conversation The object that can be used for the application program of all isolation that representative of consumer carries out in session Be used in the object of the application program of all isolation of carrying out within session in application isolation scope
For the embodiment that is one of WINDOWS series operating system for operating system, object range can be revised by switching back and forth the overall situation/local-title prefix being associated with this object, for the application program of isolation, this with and with the identifier of session-specific, disarray object oriented and there is identical impact.Yet for the application program of non-isolation, switching back and forth the overall situation/local-title prefix also affects object range.
By operating system in response to the establishment of sending in step 1214 or open the order of this named object and the handle of the text object that returns returns to the program (step 1216) that request created or opened this virtual objects.
4.4 window titles are virtual
Can use the resource of system scope of other classes of above-mentioned virtual technology is window title and window class title.Whether application of graph software program is used the name of window or its window class to be referred to as a kind of recognition method, come recognition application moving and for other forms of synchronous.With reference now to Figure 13,, in simple overview, the received or interception (step 1302) about the request of window title or window class.Request can adopt the form that Win32API calls or adopt the form of window message.The request of two types is all processed.Those requests comprise or acquisition request window title and/or window class title, and window title and/or window class title are isolated environment and are used as virtual name and come pending.If this request is to obtain the window title of the window identifying with handle or window class (step 1304), so just consult window mapping table, in order to determine whether the information about this window of this handle and request is known (step 1306).If known, so just the solicited message from this window mapping table is returned to requestor's (step 1308).If not known, so just this request is delivered to operating system (step 1310), and this result is returned to requestor's (step 1314), in step 1304, this request provides window title or window class, so just check this request inspection, in order to determine whether it specifies the class (step 1320) by the defined window of operating system.If it has been specified, so just this request is issued to operating system and the result of returning from operating system is returned to requestor's (step 1322).If a class by the defined window of operating system is not specified in this request, so just according to this virtual class title and rule, determine word class title (step 1324) and come and word window title (step 1326) according to virtual window name and rule.Then use word window and word class title that this request is delivered to operating system (step 1328).If determined word window title or word window class title are different from corresponding virtual name in step 1324 and 1326, so just upgrade the window mapping table entry of this window handle, in order to virtual window name or the virtual class title (step 1330) providing in this request to be provided.If comprise the machine sign of the machine window title or class from the response of operating system, the virtual window name or the virtual class title that provide be so just provided replace their (steps 1312) and this result is returned to requestor's (step 1314) in this request.
Also with reference to figure 13A, in more detail, the received or interception (step 1302) about the request of window title or window class.Those requests comprise or acquisition request window title and/or window class title, and they are isolated environment and are used as virtual name and process.
If this request is to obtain the window title of the window identifying with handle or window class (step 1304), so just consult mapping table, in order to determine this handle and whether to be known (step 1306) about the solicited message of this window.In certain embodiments, use the instrument being provided by operating system for each window and window class storing additional data, replace memory map assignments.
If so, so just from the solicited message of window mapping table return to requestor's (step 1308).If not, so just this request is delivered to operating system (step 1310), and result is returned to requestor's (step 1314).
If in step 1304, this request provides window title or window class, so just checks this request, to determine whether it specifies the class (step 1320) by the defined window of operating system.If it provides, so just this request is delivered to operating system and the result of returning from operating system is returned to requestor's (step 1322).
If a class by the defined window of operating system is not specified in this request, so just according to virtual class title and rule, determine word class title (step 1324) and determine word window title (step 1326) according to virtual window name and rule.Then, use word window and word class title that this request is delivered to operating system (step 1328).In certain embodiments, window title and window class title can atoms, rather than character string word.Typically, application program is placed in atom table character string and receives the integer (calling atom) of 16 bits, and this atom can be used for accessing this character string.
If determined word window title or word window class title are different from corresponding virtual name in step 1324 and 1326, so just upgrade the window mapping table entry of this window handle, in order to virtual window name or the virtual class title (step 1330) providing in this request to be provided.
If comprise the machine sign of the machine window title or class from the response of operating system, the virtual window name or the virtual class title that provide be so just provided replace their (steps 1312) and this result is returned to requestor's (step 1314) in this request.
With reference now to Figure 13 A,, according to shown there, come like that to determine that word window title or window class title illustrate.Consult this regulation engine, to determine the rule (step 1352) that is applied to this request.If this rule action is " ignoring " (step 1354), so just make this word title equal this virtual name (step 1356).Yet, if this rule action is not " ignoring " but " being redirected " (step 1358), so just according to determining word title (step 1360) by being redirected the specified virtual name of rule.Yet, if this rule action is not " be redirected " but " isolation ", with regard to the identifier of usable range special use, according to virtual name, determine this word title (step 1362) so.
In certain embodiments, the identifier of particular range special use is defined in this rule.In other embodiments, the identifier of this scope special use of using is an identifier being associated with application isolation scope, and the process of sending request is associated with this application isolation scope.With regard to any other the application program that allows that this window or window class be associated by the application isolation scope with identical, use like this.In operating system (such as any operating system in any WINDOWS of Microsoft series operating system), window title and class are isolated within a session herein, and this carries out in this same session the application program being associated with identical application isolation scope and can use window title or class with regard to meaning to only have.
In some the serial WINDOWS of Microsoft operating systems, this window title is used as the title of window in title block.People wish to process the picture window message of nonclient-area, to guarantee that window title shown in title bar window reflects the word title of this virtual name rather than demonstration certain window.In the picture message of nonclient-area is blocked, so just from mapping table, obtain the virtual name (if present) being associated with this window.If got virtual name, so just virtual name is drawn to nonclient-area and shown that this request message is processed as window title.If do not get any virtual name, so just use the word title of this window to show that this request does not have processed, this just forwards this request for drawing the original function of title block to.
The outer com server of 4.5 processes is virtual
Component software technology (such as COM, CORBA, NET and other) allows component software to be developed, and disposes, and registration, finds, activation or instantiation and be used as discrete unit.In most of component models, assembly can be carried out in the process of caller, also can carry out on identical computing machine or the phase on computing machine completely independently independently in process, but some assemblies only can be supported the subset of these situations.
One or more unique identifier identifies these assemblies.Typically, assembly foundation structure is provided for service or the finger daemon (daemon) of agent activities request.Wish to bring into use the software process of assembly that a request is passed to agency, in order to activate with that specified assembly of this component identifier.This agency activates that assembly of asking (if possible), and returns to quoting of example to being activated.In some foundation structures in these assembly foundation structures, a plurality of versions of identical assembly cannot exist jointly, and reason is that it is identical that this component identifier keeps from a version to another version.
Some members of WINDOWS series operating system provide the assembly foundation structure that is called COM.Com component (" com server ") is with being called the GUID of class identifier (CLSID) and identifying, and each assembly provides one or more interface, and each interface in described interface has its own unique interface identifier (UIID).COM Service controll manager (CSCM) is exactly to provide permission caller to go for and ask the interface that activates com server via CLSID for the agency of the outer activation request of process and it.Although the following description is used phrase to express with regard to com server and COM client, what those skilled in the art should understand that is other software architectures that it is applicable to CORBA, NET and regulation dynamically active component software.
In com component is installed on computing machine, they are registered to their CLSID in registry data storehouse in known portions together with the needed information of new example that starts com server by CSCM.For the com server outside process, this can be included in path and the command line parameter of the body carried out that will move.A plurality of versions of identical com server are shared identical CLSID, therefore only have a version can be installed to computing machine at every turn.
In certain embodiments, application program (serving as COM client) for example, is carried out instantiation com server by calling COM API (, CoCreatelnstance () or CoCreatelnstanceEx ()).The activity contexts that the parameter regulation that this calls is wished: in process; Outside process on identical computing machine; Outside process on remote computer; Or allow COM subsystem to go to determine will to use any in these three kinds of situations.If determined, need process outer movable, so just the request that comprises CLSID is delivered to CSCM.This CSCM is used registry data storehouse location path and parameter, and this path and parameter are that startup is needed as the master's of com server the body carried out.When this, can carry out in body is activated, it just uses all CLSID of COM API CoRegisterClassObject () all com servers that it is supported to CSCM registration.If the CLSID of this request has been registered, this CSCM is the application of this com server is returned to this caller so.All follow-up being independent of alternately this CSCM and occurring between COM client and com server.
The Multi-instance that isolation environment 200 described above allows to have the com server of identical CLSID is mounted on computers, and each in them is in (in them, only having one can be system scope) in different isolation range.Yet this will can not make those com servers can be used for COM client individually.
Figure 14 describes an embodiment of the virtual step that the access of com server is taked.In simple overview, for the outer com server of each process being activated among isolation range creates new CLSID, hereinafter referred to as segregate CLSID (or ICLSID) (step 1402).According to definition, this is CLSID, and among every other CLSID, must be therefore unique, and in other words, it must have the character of GUID.Create a mapping table, it is mapped to ICLSID paired (CLSID, application isolation scope).For this ICLSID creates com server registry entries, this ICLSID describes how to go to be used in and in suitable application isolation scope, starts com server and can carry out the start-up parameter of body and start com server (step 1404).By COM client, to COM API, ((step 1406) hooked or tackled in calling of making such as CoCreate lnstance () and CoCreatelnstanceEx ().If (a) this request of determining can be in process com server be satisfied or (b) COM client and com server be not associated with any isolation range, so just this request is not added to modification and is delivered to original COM API and result is returned to caller (step 1408).The suitable example (step 1410) of the com server that identification will be used.If selected com server example, in application program isolation environment, is so just determined its ICLSID above by the data structure of summarizing.Otherwise, just use the CLSID (step 1412) in this request.If identified an ICLSID in step 1412, so just with ICLSID, call original CoCreatelnstance () or CoCreatelnstanceEx () function.So just this request is delivered to CSCM (step 1414).This CSCM adopts common mode to determine start-up parameter and search and start com server, can carry out body by search asked CLSID in registration table.If asked ICLSID, so just search the ICLSID system scope registry entries described in step 1404 and in suitable application isolation scope, start com server (step 1416).The CLSID that the COM starting can carry out the com server that body supports with it calls hooked CoRegisterClassObject () API, then these is translated into the suitable ICLSID (step 1418) that is passed to original CoRegisterClassObject () API.When this CSCM receives in the response of calling from the CoRegisterclassObject () with the CLSID of expectation, it just to the return by reference of that com server example to caller (step 1420).
Also with reference to Figure 14, in more detail, for the outer com server of each process being activated among isolation range creates ICLSID (step 1402).In certain embodiments, this ICLSID creates during com server is installed.In other embodiments, this ICLSID installs afterwards just to create immediately.In other embodiment more again, this ICLSID creates before among this com server is activated isolation range.In all these embodiment, this ICLSID can create by hooking or tackle for creating or inquire about the system call of CLSID entry in registry data storehouse.As selection, this ICLSID can (create such as CoCreatelnstance () and CoCreatelnstanceEx () by hooking or tackle for creating calling of com server example COM API.As selection, after installing, can observe the variation of the CLSID private part in this registry data storehouse.
Create a mapping table, it is paired (CLSID, application isolation scope) together with the suitable registry entries with the com server of that ICLSID, be mapped to ICLSID, this ICLSID describes how to be used in and in suitable application isolation scope, starts com server and can carry out the start-up parameter of body and start com server (step 1404).In many examples, this table is stored in (such as hard disk drive or solid-state memory element) in lasting memory component.In other embodiments, this table can be stored in registration table, is stored in flat file, is stored in database or is stored in volatile memory elements.In other embodiment more again, the COM private part that this table can be able to be distributed in to registry data storehouse everywhere, for example, distributes by the special-purpose specific new sub-key of this object is added to each the suitable com server entry being identified by CLSID.Entry in this table can be by hooking or tackle for creating calling during installation of CLSID entry in this registry data storehouse or creating immediately after installation, or by observing the variation of the CLSID private part in registry data storehouse after there is installation, create, or create by the COM API Calls (such as CoCreate lnstance () and CoCreatelnstanceEx ()) of hooking or tackling for creating com server example.The installation that com server is installed in specific isolation range can be recorded enduringly.As selection, the mapping that specific com server and isolation range is mapped to ICLSID can and be stored as the entry in non-persistent data storehouse by dynamic creation, or is stored as the entry in registry data storehouse.
By COM client, COM call (such as CoCreatelnstance () and CoCreatelnstanceEx ()) hooked or tackled (step 1406).If (a) this request of determining can be met by the com server in process or (b) COM client and com server these two all reside in (step 1407) in system scope, so just this request is not revised and is delivered to original COM API and result is returned to caller (step 1408).
No matter if this request can not be met by the com server in process and be that COM client or com server all do not reside in this system scope (step 1407), the suitable example (step 1410) of the com server that so just identification will be used.For COM client carries out the embodiment in specific isolation range, can first right of priority be given and the com server being installed in same application domain isolation range, then be those (may carry out in client's application isolation scope) that are installed in system scope, be mounted in afterwards the com server in other application isolation scope.In some embodiment of these embodiment, the com server being installed in system scope can equally with COM client be carried out in same application domain isolation range.This can be controlled by regulation engine and management configuration, to allow this to occur for the com server of correctly carrying out under this pattern, but the com server of correctly not carrying out is but prevented to this generation.For COM client carries out the embodiment in system scope, right of priority can be given and system scope com server, be the com server in isolation range afterwards.This COM client can specify in the com server that will use in the calling of example that creates this com server.As selection, the information of the com server that config memory can storaging mark will be instantiated.In certain embodiments, the com server of this appointment is posted and is stayed by another computing machine, and this another computing machine can be independently, physical machine or virtual machine.The described mapping table of integrating step 1404 can be used for searching applicable com server above set and (if necessary) are calculated right of priority according to rule.
For the com server applicable is present in the embodiment on another computing machine, can be the ICLSID query execution that will use service or the finger daemon on remote computer.If COM client links up with, determine to need a long-range com server, so this COM client's hook just first-selected this service of inquiry or finger daemon to determine the CLSID/ICLSID that will use.This service or finger daemon are determined the ICLSID corresponding to CLSID given in this request.In certain embodiments, can, according to the configuration data of keeper's definition, be included in the rule in regulation engine, or the ICLSID being returned by this service or finger daemon be selected or be created to built-in hard-coded logic.In other embodiments, this request can be specified the isolation range on the server that will use.In other embodiment more again, the com server of this request can be associated with the system scope of server, in this case, just returns to the CLSID being associated with this com server.In other embodiment more again, the com server of this request can be associated by one of isolation range with this this server, and in the case, it returns to the ICLSID being associated with the example of this com server and isolation range.In certain embodiments, above-mentioned service or finger daemon can be used for supporting to start the com server outside local process.
If in the application program isolation environment of selected com server example on local computer, so just by the described data structure of integrating step 1404, determine its ICLSID.If replaced, selected com server example is in the system scope on local computer, so just uses the CLSID (step 1412) in this request.In some embodiment of these embodiment, just can dynamic creation use the entry of the com server of this CLSID.
If ICLSID is returned, so just it is delivered to original COM API and replaces original CLSID.For example, determined ICLSID can be delivered to original CoCreatelnstance () or CoCreate lnstanceEx () function, so just this request be delivered to CSCM (step 1414).For this com server is posted the embodiment staying by another computing machine for, this CSCM is delivered to this ICLSID to post the computing machine that stays this com server, and the CSCM of this computing machine processes the startup of this com server herein.
This CSCM can carry out body by search the CLSID that asked or ICLSID in this registration table to determine start-up parameter and search and start this com server in common mode.If asked ICLSID, so just search the ICLSID system scope registry entries described in step 1404, and in suitable application isolation scope, start com server (step 1416).
If the com server example starting carry out in application isolation scope (and no matter be mounted in that scope or installation system scope in), the COM api function CoRegisterClassObject () of com server example is just hooked or is tackled so.The use CLSID that defined mapping table is delivered to CoRegisterClassObject () each in step 1404 is mapped to corresponding ICLSID.With this ICLSID, call original CoRegisterClassObject () API (step 1418).
When this CSCM receives in the response of calling from the CoRegisterClassObject () with the ICLSID of expectation, it is just that com server example is returned to caller (step 1420).
In COM client and com server carry out in any combination of application isolation scope (comprising different scopes) and system scope, this technical support com server execution.This ICLSID is special-purpose to the combination of (CLSID identifies) server and desirable suitable isolation range.If this server is installed in this system scope and therein and carries out, this client only needs to determine correct ICLSID (or original CLSID) so.
4.6 virtualized file type associations (FTA)
File type associations is the well-known graphical user interface techniques for the execution of invokes application.Graphic icons from representative data file to user that show.This user uses keyboard commands or uses pointing device (such as mouse) select data file and on this icon, click or double-click to show that this user wants to open this document.As selection, in some computing environment, this user locates to be input to the path of this document at command-line prompt symbol (replacing order).This document typically has the file type indication being associated, and the file type indication that this is associated is used for determining the application program that will use in open file.This typically uses one and this document type indication is mapped to the table of specific application program realizes.In many operating systems in the serial WINDOWS of Microsoft operating system, this mapping is typically stored in registry data storehouse in tuple mode, this tuple comprises the comspec of the application program that file type designator and sign will be carried out, and only has an application program to be associated with any particular file types.
In described isolation environment, a plurality of versions of application program can be installed on single computing machine and thereon and carry out.Therefore,, in these environment, the relation between file type and the application program that is associated is no longer just man-to-man relation, and is the relation of one-to-many on the contrary.For MIME type of attachment, also there is similar problem.In these environment, this problem is by solving when selecting to replace in a given file type pathname of the application program that sign will be activated.This pathname is replaced by the pathname of selector switch instrument, and this selector switch instrument provides the option of the application program that will start to user.
With reference now to Figure 15,, in simple overview, the request that request is written to config memory file type associations data is blocked (step 1502).Determine whether this request is upgrading the file type associations letter (step 1504) in breath config memory.If not, that is, if this entry exists, so just there is not any renewal (step 1506).Otherwise, just use above the Intel Virtualization Technology described in 4.1.4 or the 4.2.4 joint to create new entry, or upgrade existing entry (step 1508).This new entry or the entry (this entry has been virtualized for suitable isolation range) that is updated are this document Type mapping to selector switch instrument, and this selector switch instrument allows user to go to select when checking or edit which application program that will use a plurality of application programs in this document.
Also, with reference to Figure 15, in more detail, the request that request is written to config memory file type associations data is blocked (step 1502).In certain embodiments, this config memory is WINDOWS registry data storehouse.The request that request writes data into this config memory can be linked up with function by user model, core schema hook function, file system filter driver, or mini drive and tackling.
Determine whether this request seeks to be updated in the file type associations information (step 1504) in this config memory.In one embodiment, this is whether to show that by detecting the request of this this interception its object removes to revise this config memory and realize.In another embodiment, the target of this request is compared with the information being included in this request, to determine whether this request is attempting to revise this config memory.For being for the embodiment in registry data storehouse at this config memory, the request of request edit the registry is blocked, as described at the 4.2nd joint.
If determine this request, do not attempt to upgrade this config memory, any renewal (step 1506) does not so just occur.In certain embodiments, determine and do not make any attempting of this config memory that go to upgrade, reason is that the request of this interception is read request.In other embodiments, when the target entry in this config memory is identical with the information in the request of this interception of being included in or identical substantially in, can do this and determine.
Yet, if determine this request object in step 1504, be to upgrade this config memory, so just in this config memory, create new entry, or upgrade existing entry (step 1508).In certain embodiments, which isolation range is rule determine in and to create or to upgrade this entry.In certain embodiments, be in system scope or application isolation scope, create new entry or upgrade existing entry.In many any embodiment, be in suitable user isolation scope, to create new entry or upgrade existing entry.If created new entry, it is not identified at the application program identifying in the request of this interception so, but lists a selector switch application program as the application program that will will use in the file of access particular type.In certain embodiments, in the application program of installation redaction, or when another being installed for the treatment of in the application program of same file type, or in the file of application program registration or that particular type of its oneself processing of cancel register, just automatically upgrade this selector switch instrument.In certain embodiments, this selector switch instrument can be incorporated to any application program that the same file type in the part that maintains the config memory in other scopes (such as system scope) and range of application (if this selector switch instrument is carried out in user scope) is processed in any registration in its list of suitable application program.If existing entry has been updated, and this existing entry classifies this selector switch application program as the application program that will use in the file of that particular file types of use as, so just can upgrade by this selector switch is the application list that file type presents, in order to comprise the application program of this renewal.If upgraded this existing entry, but it does not but list this selector switch application program, so just allows the entry of this renewal go this selector switch application program to classify the application program that will use as in the file of that particular file types of use.In these embodiments, information that can the application program to being associated is relevant is stored in the configuration file being associated, or in certain embodiments, is stored as the entry in registry data storehouse.
This selector switch application program can present to user the list of the application program being associated with selected file type.This application program can also allow this user to go to select user to want to make for processing the application program of this document.This selector switch is then in suitable scope: system scope; Application isolation scope; Or in user isolation scope, start this application program.In certain embodiments, this selector switch instrument maintains the identify label of the default application being associated with file type.In these embodiments, this default application program can be by not accessing desktop or being configured to use the process of this default handling procedure to use, and to user, do not show option.
The dynamic mobile of 4.7 processes between isolation environment
Additional aspect of the present invention is the instrument for mobile running process between different virtual scopes.In other words, when application program is carried out, can be showing the Aggregation view of the local resource of Application Instance to change over different Aggregation views by isolation environment 200.So just when moving, this process allows being arrived another isolation range by the process of isolating " movement " within specific isolation range.This is particularly useful for system service or process (only having an example to carry out in them) (such as the MSI service in Windows) at every turn.Can also allow on the one hand user to be sequentially operated in some isolation range with of the present invention this.
With reference to Figure 16, in simple overview, illustrate one between an isolation range and the second isolation range, or between system scope and isolation range an embodiment of the process of moving processes.As what use in this instructions, term " target isolation range " will be used for referring to that isolation range (comprising system scope) process being moved to, and term " source isolation range " will be used for referring to that isolation range (comprising system scope) that this process is being moved out from it.As shown in the figure 16, in simple overview, a kind of for process being moved to the method for target isolation range, comprise step: guarantee this process (step 1602) in a safe condition; In regulation engine, the association of this process is moved to target isolation range (step 1604) from its source isolation range; For any filter driver or hook move to target isolation range (step 1606) the association of this process from source isolation range; And allow this process to recover to carry out (step 1608).
Also, with reference to Figure 16, in more detail, when process being moved to different isolation range, this process should be in " safety " state (step 1602).In certain embodiments, monitor this process, in order to determine that it is not in the time of processing request.In these embodiments, in being processed by process without any request, this process is considered to be in being applicable to mobile " safety " state.In some embodiment of these embodiment, once this process is considered to be in " safety " state, be so just deferred to the new request of this process, until this process is moved.In other embodiments, in the embodiment in conjunction with diagnosis of application program, can provide user interface to trigger the change of isolation range.In these embodiments, this user interface can move the code that the process that will move is placed in to " safety " state.In other embodiment more again, supervisory routine can allly enter into the request of this process and wait for that this process gone the execution of the request of any activity to force this process to enter into " safety " state by postponing.
The rule being associated with target isolation range is loaded into (if they are not still present in regulation engine) (step 1603) in this regulation engine.
In regulation engine, change associated (step 1604) between this process and source isolation range.As mentioned above, process can be associated with any isolation range.This association is used on to each request of virtual local resource by this regulation engine, in order to determine the rule that is applied to this request.By change suitable data structure in regulation engine, just Application Instance can be associated with target isolation range.In certain embodiments, write new data base entries, it is associated this process with new isolation range.In other embodiments, rewrite for storing the tree node of the identifier of the isolation range being associated with this process, in order to identify this new isolation range.In other embodiment more again, can make operating system request, with thinking course allocation annex memory, to store the rule being associated with target isolation range, or in certain embodiments, store this regular identifier.
Where no matter this association or this rule are stored in outside regulation engine, and such as filter driver, core schema hook, or user model hook, all change associated (step 1606) of this process and source isolation range.For the association between process and isolation range rule is the embodiment being maintained according to PID, just change the association between process PID and regular collection.For PID is not used for the associated embodiment between the process that maintains and applicable isolation regular collection, can change user model hook function, the regular collection being associated with target isolation range in order to access.For the embodiment that is maintained at regulation engine for the process context of the regular collection with isolation range, it is enough changing the above association being stored in step 1604 in regulation engine.
This process is allowed in new isolation range, recover to carry out (step 1610).For the embodiment that has been delayed or has been prohibited to produce for new request, just those requests are issued to this process and allowed new request.
One useful especially aspect, above-mentioned method can be used for virtual MSI, by Microsoft, is produced and be can be used for installation packing and the field engineering of the certain operations system in the serial operating system of the WINDOWS of Microsoft.By being that application program that installation is packed is called MSI and wraps by this technology.Support the operating system of this technology to there is the WINDOWS service of the auxiliary MSI of installation bag, be called MSI service.This service has single instance in system.The process of MSI bag wish to be installed, in send the session that COM calls to this MSI service, to move a MSI process.
MSI installs and can be virtualized, for MSI bag is installed to application program isolation environment.In concept, this can realize by hook or tackle calling of making to MSI API in to the installation sessions of MSI service.Mutexes can be used for guaranteeing to only have a generation is installed at every turn.When receive or intercept to MSI API and request start new install calling and in calling process is associated with special application isolation scope, before this calls and is allowed to proceed, this MSI service is placed in the context of this isolation range.Along with its common installation action of this MSI service execution, install and continue, but the local resource of being asked by MSI service is virtualized according to applicable isolation range.When detecting in this erection schedule finishes, just remove the association between this MSI service and isolation range.Although above, with respect to MSI, made description, other installations that described this technology is also suitable for.
Equivalence
The present invention can be used as one or more manufacture in article or included one or more computer-readable program therein.These manufacture article can be floppy disks, hard disk, CD-ROM, flash memory cards, PROM, RAM, ROM, or tape.Generally speaking, this computer-readable medium can be realized with any programming language, and described programming language is LISP, PERL, C, C++, PROLOG, or any bytecode language (such as JAVA).This software program can be used as object identification code and is stored on one or more manufacture article or is stored in manufacture article.
After having described some embodiment of the present invention, now becoming to those skilled in the art, it is clear to be perfectly clear: other embodiment that comprise principle of the present invention also can be used.Therefore, the present invention should not be limited to some embodiment, and more precisely should only be subject to the restriction of the spirit and scope of accompanying claim.

Claims (11)

1. for the application program of carrying out to representative of consumer, present a method for the Aggregation view of local resource, described method comprises step:
(a) enumerate the local resource of a plurality of system scopes that provided by system layer;
(b), by comprising that the isolation environment of user isolation layer and application program separation layer is provided by the local resource of a plurality of range of applications that provided by application program separation layer, in the resource of a plurality of range of applications, some are corresponding to some in the resource of a plurality of system scopes;
(c) for the resource of the system scope in the resource of a plurality of system scopes, determine the resource of range of applications corresponding in the resource of a plurality of range of applications and there is sure existence;
(d) resource of scope of corresponding application program with the resource of described system scope is incorporated in the Aggregation view of local resource;
(e) enumerate the local resource of a plurality of user scopes that provided by user isolation layer, some in the resource of a plurality of user scopes are corresponding to some in the resource of a plurality of system scopes;
(f) for the resource of the range of applications in the resource of a plurality of range of applications, determine the resource of user scope corresponding in the resource of a plurality of user scopes and there is sure existence; With
(g) resource of corresponding user scope with the resource of described range of applications is incorporated in the Aggregation view of local resource.
2. the method for claim 1, wherein step (c) comprising:
The resource of determining the corresponding range of applications in the resource of a plurality of range of applications for the resource of the system scope in the resource of a plurality of system scopes does not exist.
3. method as claimed in claim 2, wherein step (d) comprising:
The resource of system scope is included in the Aggregation view of local resource.
4. the method for claim 1, the resource that wherein step (f) is included as the range of applications in the resource of a plurality of range of applications determines that the resource of user scope corresponding in the resource of a plurality of user scopes does not exist.
5. method as claimed in claim 4, wherein step (g) comprising:
The resource of range of applications is included in the Aggregation view of local resource.
6. the method for claim 1, the resource that wherein step (c) is included as the described system scope in the resource of a plurality of system scopes determines that the resource of range of applications corresponding in the resource of a plurality of range of applications shows that the resource of this system scope is deleted.
7. method as claimed in claim 6, wherein step (d) comprises the resource of removing system scope from the Aggregation view of local resource.
8. the method for claim 1, the resource that wherein step (f) is included as the range of applications in the resource of a plurality of range of applications determines that the resource of user scope corresponding in the resource of a plurality of user scopes shows that this resource is deleted.
9. method as claimed in claim 8, wherein step (g) comprises the resource of removing system scope from the Aggregation view of local resource.
10. the method for claim 1, also comprises step: by file system driver, and mini drive, the request of the file system of the resource that comprises system scope is enumerated in user model hook mechanism or the interception of core schema hook mechanism.
11. the method for claim 1, also comprise step: the request of a plurality of registry entries is enumerated in interception.
CN200910009933.6A 2004-09-30 2005-09-23 Methods and systems for isolating execution to software application programs Expired - Fee Related CN101702128B (en)

Applications Claiming Priority (24)

Application Number Priority Date Filing Date Title
US10/711735 2004-09-30
US10/711733 2004-09-30
US10/711734 2004-09-30
US10/711,734 US20060069662A1 (en) 2004-09-30 2004-09-30 Method and apparatus for remapping accesses to virtual system resources
US10/711,735 US7853947B2 (en) 2004-09-30 2004-09-30 System for virtualizing access to named system objects using rule action associated with request
US10/711,733 US8117559B2 (en) 2004-09-30 2004-09-30 Method and apparatus for virtualizing window information
US10/711,737 US7680758B2 (en) 2004-09-30 2004-09-30 Method and apparatus for isolating execution of software applications
US10/711736 2004-09-30
US10/711737 2004-09-30
US10/711,732 US7752600B2 (en) 2004-09-30 2004-09-30 Method and apparatus for providing file-type associations to multiple applications
US10/711732 2004-09-30
US10/711,736 US8171479B2 (en) 2004-09-30 2004-09-30 Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers
US10/956723 2004-10-01
US10/956,723 US8042120B2 (en) 2004-09-30 2004-10-01 Method and apparatus for moving processes between isolation environments
US11/231,317 US8132176B2 (en) 2004-09-30 2005-09-19 Method for accessing, by application programs, resources residing inside an application isolation scope
US11/231,284 US8302101B2 (en) 2004-09-30 2005-09-19 Methods and systems for accessing, by application programs, resources provided by an operating system
US11/231284 2005-09-19
US11/231,370 US8095940B2 (en) 2005-09-19 2005-09-19 Method and system for locating and accessing resources
US11/231315 2005-09-19
US11/231,315 US7676813B2 (en) 2004-09-30 2005-09-19 Method and system for accessing resources
US11/231316 2005-09-19
US11/231370 2005-09-19
US11/231,316 US20060174223A1 (en) 2004-09-30 2005-09-19 Method and environment for associating an application with an isolation environment
US11/231317 2005-09-19

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN2005800410151A Division CN101073058B (en) 2004-09-30 2005-09-23 Method for isolating the execution of a software application

Publications (2)

Publication Number Publication Date
CN101702128A CN101702128A (en) 2010-05-05
CN101702128B true CN101702128B (en) 2014-03-19

Family

ID=42157045

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910009933.6A Expired - Fee Related CN101702128B (en) 2004-09-30 2005-09-23 Methods and systems for isolating execution to software application programs

Country Status (1)

Country Link
CN (1) CN101702128B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114020444B (en) * 2022-01-05 2022-05-10 阿里云计算有限公司 Calling system and method for resource service application in enterprise digital middle station
CN114579206B (en) * 2022-03-17 2023-03-28 重庆紫光华山智安科技有限公司 Method, device, equipment and medium for dynamically loading application program

Also Published As

Publication number Publication date
CN101702128A (en) 2010-05-05

Similar Documents

Publication Publication Date Title
CN101069156B (en) Method and apparatus for moving processes between isolation environments
CN101073059B (en) Methods and systems for accessing, by application programs, resources provided by an operating system
US7756821B2 (en) Virtual deletion in merged file system directories
US7853947B2 (en) System for virtualizing access to named system objects using rule action associated with request
AU2005292308B2 (en) A method and system for accessing resources
JPH11327919A (en) Method and device for object-oriented interruption system
WO2008054989A1 (en) Virtual deletion in merged registry keys
US8171479B2 (en) Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers
CN101702128B (en) Methods and systems for isolating execution to software application programs
US20060253858A1 (en) Software service application and method of servicing a software application
HK1112977A (en) Method and apparatus for isolating execution of software applications
HK1107850B (en) Methods and systems for accessing, by application programs, resources provided by an operating system
HK1114197A (en) Method and apparatus for isolating execution of software applications
HK1112761A (en) A method and system for accessing resources
HK1155242A (en) Methods and systems for accessing, by application programs, resources provided by an operating system
HK1114913A (en) Methods and systems for accessing, by application programs, resources provided by an operating system
HK1110413A (en) Method and apparatus for isolating execution of software applications
HK1114914A (en) Methods and systems for accessing, by application programs, resources provided by an operating system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140319

CF01 Termination of patent right due to non-payment of annual fee