CN113591139A - File access control method and device - Google Patents
File access control method and device Download PDFInfo
- Publication number
- CN113591139A CN113591139A CN202111168307.9A CN202111168307A CN113591139A CN 113591139 A CN113591139 A CN 113591139A CN 202111168307 A CN202111168307 A CN 202111168307A CN 113591139 A CN113591139 A CN 113591139A
- Authority
- CN
- China
- Prior art keywords
- access
- file
- target file
- policy
- fuse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a file access control method and device, electronic equipment and a storage medium, wherein the method comprises the following steps: a Fuse Daemon module and a strategy module; the Fuse Daemon module is used for mounting/dev/Fuse to a parent directory of a target file and receiving an IO operation request sent by a Fuse Kernel, wherein the IO operation request is an access request of an accessor to the target file; and the policy module is used for determining an access policy of the visitor to the target file according to the IO operation request, determining an execution result of the IO operation according to the access policy, and sending the execution result to the visitor, wherein the access policy comprises at least one of access prohibition and access permission to the dummy file, so that the file access control of cloud application can be realized, and the system efficiency loss can be reduced.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a file access control method and apparatus, an electronic device, and a storage medium.
Background
With the development of cloud technology, more and more cloud applications are emerging in people's lives. The cloud application is based on cloud computing, runs in a virtual machine/container of a cloud server, completes all computing of cloud application pictures by the virtual machine/container, generates picture images of each frame, and accordingly forms an image stream composed of continuous image frames, the cloud server sends the image stream to a user terminal, and the user terminal displays the picture images of each frame in sequence. In this mode, the user terminal actually only needs to send the operation instruction of the user to the cloud server, and then receives the image stream from the cloud server for playing.
One difficulty faced by cloud applications is to prevent reconnaissance of the cloud applications to the cloud server, which involves controlling the access rights of the files, i.e., which cloud applications are allowed to access a certain file (further allowing the cloud applications to read or write the file, or simultaneously read and write the file), and which cloud applications are not allowed to access the file. For example, in order to provide a good experience for a user, some cloud applications may check some features of a cloud server, such as a MAC address (i.e., a media access control address), a mobile phone serial number IMEI, and then query their own server according to the features, and if it is found that the user has already registered using the cloud server, the user logs in directly, thereby saving the trouble of user login. This manner of operation is unacceptable for cloud applications, which require servicing of any legitimate user and therefore require the feature of masking out these hardware.
One way in which cloud applications are often used to obtain cloud server hardware information is to read some specific file contents. In this way, hardware information can be shielded by modifying the system call of the kernel, if the system call of the kernel is modified, each open-class system call needs to be judged, and the frequency of using the system call is very high, so that the system efficiency is lost in this way.
Therefore, how to provide a scheme can realize the control of the cloud application to access the file and reduce the system efficiency loss, which is a technical problem to be solved urgently.
Disclosure of Invention
To solve the technical problems in the prior art, embodiments of the present application provide a file access control method and apparatus, an electronic device, and a storage medium.
In a first aspect, an embodiment of the present application provides a file access control method, including:
receiving an IO operation request sent by a FUSE Kernel, wherein the IO operation request is an access request of an accessor to a target file, and/dev/FUSE is mounted to a parent directory of the target file;
and determining an access policy of the visitor to the target file according to the IO operation request, determining an execution result of the IO operation according to the access policy, and sending the execution result to the visitor, wherein the access policy comprises at least one of access prohibition and access permission to the dummy file.
In a second aspect, an embodiment of the present application further provides a file access control apparatus, including:
a Fuse Daemon module and a strategy module;
the Fuse Daemon module is used for mounting/dev/Fuse to a parent directory of a target file and receiving an IO operation request sent by a Fuse Kernel, wherein the IO operation request is an access request of an accessor to the target file;
and the policy module is used for determining an access policy of the visitor to the target file according to the IO operation request, determining an execution result of the IO operation according to the access policy, and sending the execution result to the visitor, wherein the access policy comprises at least one of access prohibition and access permission to the dummy file.
In a third aspect, this application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program performs the steps of the file access control method according to the first aspect.
In a fourth aspect, an embodiment of the present application further provides an electronic device, including: a processor, a storage medium and a bus, wherein the storage medium stores machine-readable instructions executable by the processor, when the electronic device runs, the processor communicates with the storage medium through the bus, and the processor executes the machine-readable instructions to execute the steps of the file access control method according to the first aspect.
To sum up, by mounting/dev/FUSE to a parent directory of a target file, when an accessor accesses the target file, a FUSE Kernel may send an IO operation request of the accessor to an execution main body of an entire scheme, and then may determine an access policy of the accessor for the target file according to the IO operation request, determine an execution result of the IO operation according to the access policy, and send the execution result to the accessor, where the access policy includes at least one of prohibition of access and permission of access to a dummy file, so that the entire scheme may control file access through policy configuration, and if the entire scheme is applied to a cloud application, control of access to a file by the cloud application may be achieved, and the entire scheme does not need to make a judgment on a system call used at a high frequency, thus reducing system efficiency losses.
Drawings
Fig. 1 is a schematic flowchart of an embodiment of a file access control method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an embodiment of a file access control device according to an embodiment of the present disclosure;
FIG. 3 is an interaction diagram of the Fuse Daemon module 20 and the policy module 21 in FIG. 2;
fig. 4 is a schematic flowchart of a file access control apparatus according to another embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the drawings in the present application are for illustrative and descriptive purposes only and are not used to limit the scope of protection of the present application. Additionally, it should be understood that the schematic drawings are not necessarily drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be performed out of order, and steps without logical context may be performed in reverse order or simultaneously. One skilled in the art, under the guidance of this application, may add one or more other operations to, or remove one or more operations from, the flowchart.
In addition, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that in the embodiments of the present application, the term "comprising" is used to indicate the presence of the features stated hereinafter, but does not exclude the addition of further features.
Referring to fig. 1, a schematic flow chart of a file access control method provided in an embodiment of the present application is shown, which specifically includes:
s10, receiving an IO operation request sent by a FUSE Kernel, wherein the IO operation request is an access request of an accessor to a target file, and/dev/FUSE is mounted to a parent directory of the target file;
s11, determining the access policy of the visitor to the target file according to the IO operation request, determining the execution result of the IO operation according to the access policy, and sending the execution result to the visitor, wherein the access policy includes at least one of access prohibition and access permission.
According to the file access control method provided by the embodiment of the application, by mounting/dev/FUSE to a parent directory of a target file, when an accessor accesses the target file, a FUSE Kernel can send an IO operation request of the accessor to an execution main body of the whole scheme, then an access policy of the accessor for the target file can be determined according to the IO operation request, an execution result of the IO operation is determined according to the access policy, and the execution result is sent to the accessor, wherein the access policy comprises at least one of forbidding access and allowing access to a false file, so that the whole scheme can control file access through policy configuration, if the whole scheme is applied to cloud application, the file access control of the cloud application can be realized, and the whole scheme does not need to judge system call used at high frequency, thus reducing system efficiency losses.
On the basis of the foregoing method embodiment, the determining, according to the IO operation request, an access policy of the visitor to the target file may include:
and determining the access strategy of the visitor to the target file by inquiring the corresponding relation between a preset identifier and the access strategy of the target file according to the identifier of the visitor carried in the IO operation request.
On the basis of the foregoing method embodiment, the access policy may further include: allowing access to the target file;
before determining an execution result of the IO operation according to the access policy, the method may further include:
copying the target file to a target directory;
determining an execution result of the IO operation according to the access policy may include:
and if the access strategy is to allow the target file to be accessed, executing IO operation according to the IO operation request to obtain the execution result.
On the basis of the foregoing method embodiment, the target file may be a/sys/class/net/eth 0/address file.
Referring to fig. 2, a schematic structural diagram of a file access control device provided in an embodiment of the present application is shown, where the file access control device specifically includes:
a Fuse Daemon module 20 and a policy module 21;
the Fuse Daemon module 20 is configured to mount/dev/Fuse to a parent directory of a target file, and receive an IO operation request sent by a Fuse Kernel, where the IO operation request is an access request of an accessor to the target file;
in this embodiment, it can be understood that, before performing access control on a target file, the Fuse Daemon module 20 needs to mount/dev/Fuse to a parent directory of the target file, so that after receiving an access request (i.e., an IO operation request) of an accessor to the target file, the Fuse Kernel sends the IO operation request to the Fuse Daemon module 20. After receiving the IO operation request, the Fuse Daemon module 20 invokes a policy module 21.
A policy module 21, configured to determine, according to the IO operation request, an access policy of the visitor to the target file, determine an execution result of the IO operation according to the access policy, and send the execution result to the visitor, where the access policy includes at least one of prohibition of access and permission of access to the dummy file.
In this embodiment, it can be understood that, when called by the Fuse Daemon module 20, the policy module 21 determines, according to the IO operation request, an access policy of the visitor to the target file, determines an execution result of the IO operation according to the access policy, and sends the execution result to the visitor, where the access policy includes at least one of prohibition of access and permission of access to the dummy file, and may be specifically configured according to an access control requirement of the target file. It should be noted that the dummy file refers to other files with different contents from the target file, and is used for the visitor to access the target file instead of the target file when the visitor accesses the target file.
In the file access control device provided in the embodiment of the present application, the Fuse Daemon module 20 is used to mount/dev/Fuse to the parent directory of the target file, when an accessor accesses the target file, the Fuse Kernel may send an IO operation request of the accessor to the Fuse Daemon module 20, then may determine an access policy of the accessor for the target file according to the IO operation request by using the policy module 21, determine an execution result of the IO operation according to the access policy, and send the execution result to the accessor, where the access policy includes at least one of prohibition of access and permission of access to a dummy file, which makes the entire scheme capable of controlling file access through policy configuration, and if the entire scheme is applied to cloud application, it may implement control of accessing a file by cloud application, and the entire scheme does not need to make a judgment on a system call used at a high frequency, thus reducing system efficiency losses.
On the basis of the foregoing apparatus embodiment, the policy module may be configured to:
and determining the access strategy of the visitor to the target file by inquiring the corresponding relation between a preset identifier and the access strategy of the target file according to the identifier of the visitor carried in the IO operation request.
In this embodiment, it can be understood that the correspondence between the identifier of the visitor who needs to perform file access control and the access policy for the target file is stored in the correspondence between the preset identifier and the access policy for the target file. Under the condition of knowing the identification of the visitor, the access strategy of the visitor for the target file can be quickly obtained by inquiring the corresponding relation.
On the basis of the foregoing apparatus embodiment, the access policy may further include: allowing access to the target file;
before the policy module determines the execution result of the IO operation according to the access policy, the Fuse Daemon module may be further configured to:
copying the target file to a target directory;
wherein the policy module may be configured to:
and if the access strategy is to allow the target file to be accessed, executing IO operation according to the IO operation request to obtain the execution result.
In this embodiment, it may be understood that the access policy may further include: and allowing access to the target file, wherein the allowing access to the target file comprises three conditions, namely only allowing read operation on the target file, only allowing write operation on the target file, and allowing read and write operation on the target file. When the access policy is configured, the configuration is required according to the control requirement of the visitor on the target file. After the Fuse Daemon module mounts the/dev/Fuse to the parent directory of the target file, the target file is invisible to the policy module, so if the access policy is to allow access to the target file, in order to enable the policy module to execute IO operations on the target file, the target file needs to be copied to the target directory before the policy module executes the IO operations. Then, the policy module may perform IO operations on the target file of the target directory. In order to enable the policy module to execute the IO operation on the target file of the target directory, the target directory corresponding to the target file needs to be configured in advance, so that the target file can be found at the target directory when the policy module executes the IO operation. In addition, it should be noted that FUSE is a device that needs to be mounted, and once mounted, all visitors will go to the policy module when accessing the target file, so that it is necessary to accurately distinguish whether system access or general application access cannot be affected, and the system access needs to return to the true value. Specifically, the differences can be made through User Identification (UID), and a visitor with a UID less than 10000 is considered as a system, and access to the target file is not affected in principle, that is, the access policy to the target file can be configured to allow read-write operation to the target file; and the visitor with the UID greater than or equal to 10000 can configure the access policy of the visitor to the target file as forbidden access or allowed access to the false file according to the requirement.
On the basis of the foregoing device embodiment, the target file may be a/sys/class/net/eth 0/address file.
In this embodiment, it can be understood that, when the target file is a/sys/class/net/eth 0/address file, the access policy of some visitors to the target file may be controlled to allow access to the dummy file. For example, some games on the line read some files in the system and then do some logic of their own based on the content of the files. These games would read the device node/sys/class/net/eth 0/address file directly, which stores the actual device MAC address. The game guest login account and the MAC address are often related, and if the MAC address cannot be modified, the guest account may be serial, and the game may be prohibited. Then for these games, their access policy to/sys/class/net/eth 0/address files may be configured to allow access to fake files. When accessing/sys/class/net/eth 0/address file, mapping the file to other files, so that the other files actually accessed by the games can play the purpose of randomly changing the files, thereby preventing the problems of guest account serial number, game seal and the like caused by the fact that the games can obtain real device MAC addresses.
Fig. 3 is an interaction diagram of the Fuse Daemon module 20 and the policy module 21 in fig. 2, and fig. 4 is a flowchart of another embodiment of a file access control device according to an embodiment of the present disclosure. The process of accessing the target file by the application is explained below with reference to fig. 3 and 4.
The whole access process involves Application (Application), Fuse Daemon Module, Policy Module (Policy Module), VFS (i.e. virtual File System), Fuse Kernel (Fuse Kernel) and Real File System (Real File System), wherein the Application, Fuse Daemon Module and Policy Module are located in user space, and the VFS, Fuse Kernel and Real File System are located in Kernel space.
Before the Application accesses the target file, the Fuse Daemon module will mount/dev/Fuse to the parent directory of the target file. When the Application accesses the target file, the Application sends an IO operation request to the VFS, the VFS sends the IO operation request to the FUSE Kernel, and then the FUSE Kernel sends the IO operation request to the FUSE Daemon module. After receiving the IO operation request, the Fuse Daemon Module calls a Policy Module, the Policy Module analyzes the IO operation request to obtain an Application UID, and an Application access strategy is determined according to the UID. And if the access policy is that the target File is allowed to be accessed, executing the IO operation by calling the Real File System, and obtaining an IO operation execution result. And then the Policy Module sends the IO operation execution result to the Fuse Daemon Module, and the Fuse Daemon Module sends the IO operation execution result to the Fuse Kernel. And after receiving the IO operation execution result, the FUSE Kernel sends the IO operation execution result to the VFS, and the VFS returns the IO operation execution result to the Application.
The implementation process of the file access control device provided in the embodiment of the present application is consistent with that of the file access control method provided in the embodiment of the present application, and the achievable effect is also the same as that of the file access control method provided in the embodiment of the present application, and details are not repeated here. The scheme depends on the function of FUSE (file in user space file system), the function of FUSE is gradually removed from kernel after Android 10, and in order to realize the scheme, the function of FUSE needs to be manually transplanted in the following kernel version.
As shown in fig. 5, an electronic device provided in an embodiment of the present application includes: a processor 50, a memory 51 and a bus 52, wherein the memory 51 stores machine-readable instructions executable by the processor 50, when the electronic device is operated, the processor 50 communicates with the memory 51 via the bus 52, and the processor 50 executes the machine-readable instructions to perform the steps of the file access control method as described above.
Specifically, the memory 51 and the processor 50 can be general-purpose memories and processors, which are not specifically limited herein, and the file access control method can be executed when the processor 50 runs a computer program stored in the memory 51.
Corresponding to the file access control method, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and the computer program is executed by a processor to perform the steps of the file access control method.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to corresponding processes in the method embodiments, and are not described in detail in this application. In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and there may be other divisions in actual implementation, and for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or modules through some communication interfaces, and may be in an electrical, mechanical or other form.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A file access control method, comprising:
receiving an IO operation request sent by a FUSE Kernel, wherein the IO operation request is an access request of an accessor to a target file, and/dev/FUSE is mounted to a parent directory of the target file;
and determining an access policy of the visitor to the target file according to the IO operation request, determining an execution result of the IO operation according to the access policy, and sending the execution result to the visitor, wherein the access policy comprises at least one of access prohibition and access permission to the dummy file.
2. The method of claim 1, wherein the determining the access policy of the visitor to the target file from the IO operation request comprises:
and determining the access strategy of the visitor to the target file by inquiring the corresponding relation between a preset identifier and the access strategy of the target file according to the identifier of the visitor carried in the IO operation request.
3. The method of claim 1 or 2, wherein the access policy further comprises: allowing access to the target file;
before determining an execution result of the IO operation according to the access policy, the method further includes:
copying the target file to a target directory;
wherein, the determining the execution result of the IO operation according to the access policy includes:
and if the access strategy is to allow the target file to be accessed, executing IO operation according to the IO operation request to obtain the execution result.
4. The method of claim 1, wherein the target file is a/sys/class/net/eth 0/address file.
5. A file access control apparatus, comprising:
a Fuse Daemon module and a strategy module;
the Fuse Daemon module is used for mounting/dev/Fuse to a parent directory of a target file and receiving an IO operation request sent by a Fuse Kernel, wherein the IO operation request is an access request of an accessor to the target file;
and the policy module is used for determining an access policy of the visitor to the target file according to the IO operation request, determining an execution result of the IO operation according to the access policy, and sending the execution result to the visitor, wherein the access policy comprises at least one of access prohibition and access permission to the dummy file.
6. The apparatus of claim 5, wherein the policy module is to:
and determining the access strategy of the visitor to the target file by inquiring the corresponding relation between a preset identifier and the access strategy of the target file according to the identifier of the visitor carried in the IO operation request.
7. The apparatus of claim 5 or 6, wherein the access policy further comprises: allowing access to the target file;
before the policy module determines an execution result of the IO operation according to the access policy, the Fuse Daemon module is further configured to:
copying the target file to a target directory;
wherein the policy module is to:
and if the access strategy is to allow the target file to be accessed, executing IO operation according to the IO operation request to obtain the execution result.
8. The apparatus of claim 5, wherein the target file is a/sys/class/net/eth 0/address file.
9. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, performs the steps of the file access control method according to any one of claims 1 to 4.
10. An electronic device, comprising: a processor, a storage medium and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor and the storage medium communicating via the bus when the electronic device is operating, the processor executing the machine-readable instructions to perform the steps of the file access control method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111168307.9A CN113591139A (en) | 2021-10-08 | 2021-10-08 | File access control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111168307.9A CN113591139A (en) | 2021-10-08 | 2021-10-08 | File access control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113591139A true CN113591139A (en) | 2021-11-02 |
Family
ID=78242926
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111168307.9A Pending CN113591139A (en) | 2021-10-08 | 2021-10-08 | File access control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113591139A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114637703A (en) * | 2022-03-25 | 2022-06-17 | 北京有竹居网络技术有限公司 | Data access apparatus, method, readable medium and electronic device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100131559A1 (en) * | 2008-11-26 | 2010-05-27 | Red Hat, Inc. | Isolating an execution container in a system with mandatory access control (mac) |
| CN102541984A (en) * | 2011-10-25 | 2012-07-04 | 曙光信息产业(北京)有限公司 | File system of distributed type file system client side |
| CN102656550A (en) * | 2009-12-09 | 2012-09-05 | 桑迪士克以色列有限公司 | Storage device and method for accessing multiple protected files in a private memory area using a virtual file in a public memory area |
| CN104301442A (en) * | 2014-11-17 | 2015-01-21 | 浪潮电子信息产业股份有限公司 | Method for realizing client of access object storage cluster based on fuse |
| CN109522744A (en) * | 2018-11-06 | 2019-03-26 | 北京指掌易科技有限公司 | A kind of android system file data insulation blocking method |
| CN113268450A (en) * | 2021-04-06 | 2021-08-17 | 北京鲸鲮信息系统技术有限公司 | File access method and device, electronic equipment and storage medium |
-
2021
- 2021-10-08 CN CN202111168307.9A patent/CN113591139A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100131559A1 (en) * | 2008-11-26 | 2010-05-27 | Red Hat, Inc. | Isolating an execution container in a system with mandatory access control (mac) |
| CN102656550A (en) * | 2009-12-09 | 2012-09-05 | 桑迪士克以色列有限公司 | Storage device and method for accessing multiple protected files in a private memory area using a virtual file in a public memory area |
| CN102541984A (en) * | 2011-10-25 | 2012-07-04 | 曙光信息产业(北京)有限公司 | File system of distributed type file system client side |
| CN104301442A (en) * | 2014-11-17 | 2015-01-21 | 浪潮电子信息产业股份有限公司 | Method for realizing client of access object storage cluster based on fuse |
| CN109522744A (en) * | 2018-11-06 | 2019-03-26 | 北京指掌易科技有限公司 | A kind of android system file data insulation blocking method |
| CN113268450A (en) * | 2021-04-06 | 2021-08-17 | 北京鲸鲮信息系统技术有限公司 | File access method and device, electronic equipment and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114637703A (en) * | 2022-03-25 | 2022-06-17 | 北京有竹居网络技术有限公司 | Data access apparatus, method, readable medium and electronic device |
| CN114637703B (en) * | 2022-03-25 | 2023-09-01 | 北京有竹居网络技术有限公司 | Data access device, method, readable medium and electronic equipment |
| WO2023179509A1 (en) * | 2022-03-25 | 2023-09-28 | 北京有竹居网络技术有限公司 | Data access apparatus and method, and readable medium and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11321452B2 (en) | Execution environment virtualization method and apparatus and virtual execution environment access method and apparatus | |
| CN108369604B (en) | Method and device for sharing file system by multiple operating systems and electronic equipment | |
| US20170329618A1 (en) | Modification of write-protected memory using code patching | |
| CN111666579B (en) | Computer device, access control method thereof and computer readable medium | |
| CN111177726B (en) | A system vulnerability detection method, device, equipment and medium | |
| Dall et al. | The design, implementation, and evaluation of cells: A virtual smartphone architecture | |
| CN114697440B (en) | Network management method and mobile terminal | |
| US8589657B2 (en) | Operating system management of address-translation-related data structures and hardware lookasides | |
| CN116028455A (en) | A data processing method, device, storage medium and electronic equipment | |
| CN114489898B (en) | Processing method of floating window, electronic equipment and computer readable storage medium | |
| CN118264675B (en) | Data copying method, device, storage medium and program product | |
| CN107908957B (en) | Safe operation management method and system of intelligent terminal | |
| CN113591139A (en) | File access control method and device | |
| CN110688650B (en) | Access request monitoring methods and devices, storage media, computer equipment | |
| CN112925606B (en) | Memory management method, device and equipment | |
| CN103023704B (en) | Virtual network service equipment access method and system | |
| CN112596950A (en) | Virtual machine data backup method, device, equipment and storage medium | |
| CN115617544A (en) | Memory sharing method and system | |
| CN113885904A (en) | System upgrading method and device, electronic equipment and storage medium | |
| CN111428240B (en) | Method and device for detecting illegal access of memory of software | |
| CN111651763B (en) | Process monitoring method and device, electronic equipment and storage medium | |
| CN118093083A (en) | Page processing method, page processing device, computer equipment and computer readable storage medium | |
| CN115562807A (en) | Method and system for mounting dynamic equipment for android container in kubernets environment | |
| CN114726905A (en) | Method, device, equipment and storage medium for accessing Tbox network to Android system | |
| CN115208671A (en) | Firewall configuration method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211102 |