CN117056903A - Application data management method, device and system - Google Patents
Application data management method, device and system Download PDFInfo
- Publication number
- CN117056903A CN117056903A CN202310956441.8A CN202310956441A CN117056903A CN 117056903 A CN117056903 A CN 117056903A CN 202310956441 A CN202310956441 A CN 202310956441A CN 117056903 A CN117056903 A CN 117056903A
- Authority
- CN
- China
- Prior art keywords
- application
- target
- target application
- data management
- starting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 129
- 238000013523 data management Methods 0.000 title claims abstract description 53
- 230000008569 process Effects 0.000 claims abstract description 94
- 230000006870 function Effects 0.000 claims abstract description 31
- 238000012544 monitoring process Methods 0.000 claims abstract description 29
- 238000002347 injection Methods 0.000 claims description 14
- 239000007924 injection Substances 0.000 claims description 14
- 238000013475 authorization Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 abstract description 13
- 230000004044 response Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 12
- 239000008186 active pharmaceutical agent Substances 0.000 description 7
- 238000004891 communication Methods 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an application data management method, device and system, and relates to the technical field of data security. The method is directed to a macOS system, embodiments of which may include: monitoring a target application of a preset security policy configuration; under the condition that the starting of the target application is monitored, acquiring a list of the target application, which contains a loading instruction; inserting a target load instruction corresponding to the newly added process into the list; and starting a new process for the target application in response to successful loading of the target loading instruction, so as to manage the data of the target application through the new process. According to the implementation mode, a new process can be directly inserted into the application program without changing the data packet of the application program, so that the management of the data of the application program is realized, and meanwhile, the normal operation of all functions of the application program can be ensured.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method, an apparatus, and a system for managing application data.
Background
In the field of data security, in order to ensure the security of enterprise data, enterprises need to monitor the data used and circulated inside application programs in addition to the data security transmitted by a network layer.
Currently, in order to implement the supervision of data used and circulated inside an application program, an application program injection process is implemented mainly by injecting a target file into a data packet of the application, and modifying a command list of a binary file of the application for the target file. In the existing mode, as the new file is added to the application data packet, the application program can only run after the application program needs to be re-signed by the system carried by the application, and partial functions of the application program cannot be used due to the re-signature.
Disclosure of Invention
In view of this, the embodiment of the invention provides a method and a device for managing application data, which can directly insert a new process into an application program without changing a data packet of the application program, realize management of data of the application program, and ensure normal operation of all functions of the application program.
To achieve the above object, in a first aspect, an embodiment of the present invention provides an application data management method, for a macOS system, including:
monitoring a target application of a preset security policy configuration;
under the condition that the starting of the target application is monitored, acquiring a list of the target application, which contains a loading instruction;
inserting a target load instruction corresponding to the newly added process into the list;
and responding to successful loading of the target loading instruction, starting the new process for the target application so as to manage the data of the target application through the new process.
Optionally, the application data management method further includes:
registering a callback function through an API kauth_list_scope provided by the macOS system kernel;
acquiring information of all applications in the macOS system through the callback function;
the application of monitoring the preset security policy configuration comprises the following steps:
and monitoring the starting event and/or the file related to the starting of the target application in the information of all the applications acquired by the callback function.
Optionally, the application data management method further includes:
determining an initial address of the target application in a memory of the macOS system;
positioning the last loading instruction in the list according to the starting address;
the inserting a target load instruction corresponding to a newly added process into the list includes:
the target load instruction corresponding to the newly added process is inserted after the last load instruction.
Optionally, the target load instruction includes: path information of a dynamic library containing the newly added process;
the application data management method further comprises the following steps: and loading the dynamic library into a process space of the target application according to the path information through the target loading instruction.
Optionally, before the starting the new process for the target application, the method further includes:
triggering the target application to enable the target application to be switched to a tag page indicating verification, and verifying whether the newly added process is successfully injected.
Optionally, the application data management method further includes:
sending an authorization request to a target application;
and responding to the received authorization information corresponding to the authorization request fed back by the target application, and adding the target application into a preset security policy.
In a second aspect, an embodiment of the present invention provides an application data management apparatus, for a macOS system, including:
the system comprises a monitoring module, a process injection module and a data management module, wherein,
the monitoring module is used for monitoring a target application of preset security policy configuration;
the process injection module is used for acquiring a list of the target application, which contains a loading instruction, under the condition that the starting of the target application is monitored; inserting a target load instruction corresponding to the newly added process into the list; responding to successful loading of the target loading instruction, and starting the new process for the target application;
and the data management module is used for managing the data of the target application through the new process.
One embodiment of the above invention has the following advantages or benefits: according to the technical scheme provided by the embodiment of the invention, the target application configured by the security policy is monitored, the list containing the loading instruction of the target application is obtained under the condition that the starting of the target application is monitored, then the target loading instruction of the new process is inserted into the list, the new process can be started for the target application directly through the target loading instruction in the list, and as the loading of the new process does not need to change the data packet of the application program, the application program can be normally started, various functions can be normally used, the new process can be directly inserted into the application program without changing the signature of the application program, and the normal operation of all functions of the application program can be ensured while the management of the data of the application program is realized.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
FIG. 2 is a schematic diagram of a main flow of an application data management method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of an application data management method according to another embodiment of the present invention;
FIG. 4 is a schematic diagram of the main modules of an application data management device according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of the primary devices of an application data management system according to an embodiment of the invention;
fig. 6 is a schematic diagram of a computer system suitable for use in implementing a terminal device or a server installing an application data management apparatus of an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 illustrates an exemplary system architecture 100 to which an application data management method or application data management apparatus of an embodiment of the present invention may be applied.
As shown in fig. 1, the system architecture 100 may include a plurality of terminal devices 101, 102, a network 103, and an application management server 104. The network 103 serves as a medium for providing communication links between the plurality of terminal apparatuses 101, 102 and the application management server 104. The network 103 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The terminal devices 101, 102 generally refer to devices equipped with a macOS system for offices configured by enterprises for staff offices, which can be installed with various applications required for offices such as communication programs, enterprise platform access programs, online sharing office applications, etc., and in addition, the terminal devices 101, 102 can be installed with other applications such as browsers, mailbox clients, social platform software, etc. (for example only) to enable staff of the enterprises to use these applications for offices, etc.
The terminal devices 101, 102 may be various electronic devices having a display screen and supporting web browsing, including but not limited to desktop computers, smart phones, tablet computers, and the like.
The application management server 104 manages application data of authorized applications in all the terminal devices 101 and 102 carrying the macOS system provided to the employee by the enterprise. The application management server acquires information of all applications in a macOS system through an API kauth_list_scope registration callback function provided by a macOS system kernel carried by a terminal device, monitors application starting through monitoring a starting event belonging to a target application and/or a file related to starting in the acquired information of the applications, and acquires a list containing loading instructions of the applications after the application starting is monitored; inserting a target load instruction corresponding to the newly added process into the list; and responding to successful loading of the target loading instruction, starting a new process for the application, and managing the data of the application through the new process.
It should be noted that, the application data management method provided in the embodiment of the present invention is generally implemented by the terminal devices 101, 102 and the application management server 104, and accordingly, each module of the application data management device is generally disposed in the application management server 104.
It should be understood that the number of terminal devices, networks and application management servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks and application management servers, as desired for implementation.
It should be noted that, in the application data management according to the embodiments of the present invention, the user authorization is generally performed through the terminal device, and the process of managing the application data does not involve collecting the privacy information of the user.
Fig. 2 is a schematic flow chart of an application data management method according to an embodiment of the present invention. As shown in fig. 2, the application data management method may include the steps of:
step S201: monitoring a target application of a preset security policy configuration;
the security policy may be configured by the enterprise according to requirements, for example, different applications are configured for employees of different levels and differentiated application data to be monitored for employee configurations of different levels.
Step S202: under the condition that the starting of the target application is monitored, acquiring a list of the target application, which contains a loading instruction;
the load instruction indicates the start and load of the process of the application.
Step S203: inserting a target load instruction corresponding to the newly added process into the list;
step S204: and starting a new process for the target application in response to successful loading of the target loading instruction, so as to manage the data of the target application through the new process.
The new process can be to collect data of the target application and send the data of the target application to the monitoring server, or analyze the data of the target application to obtain operation behaviors corresponding to the data, intercept some non-compliant behaviors such as storing files to a mobile hard disk, printing some non-allowed files and the like.
In the embodiment shown in fig. 2, by monitoring the target application configured by the security policy, under the condition that the starting of the target application is monitored, a list containing loading instructions of the target application is obtained, then by inserting the target loading instructions of the new process into the list, the new process can be started for the target application directly through the target loading instructions in the list, and since the loading of the new process does not need to change the data packet of the application program, the application program can be normally started, various functions can be normally used, the new process can be directly inserted into the application program without changing the signature of the application program, and the normal operation of all functions of the application can be ensured while the management of the data of the application program is realized.
Specifically, the target load instruction includes: path information of a dynamic library containing the newly added process; accordingly, the application data management method may further include: and triggering through the target loading instruction, and loading the dynamic library into a process space of the target application according to the path information. Therefore, the path information based on the dynamic library is realized, the process in the dynamic library is loaded, and the process file is not required to be inserted into the data packet of the application, so that the damage to the application data packet is avoided, and the normal operation of the application and the inserted process is ensured.
Further, the application data management method may further include: registering a callback function through an API kauth_list_scope provided by a macOS system kernel; obtaining information of all applications in the macOS system through a callback function; accordingly, specific embodiments of the application of monitoring the preset security policy configuration may include: and monitoring starting events and/or files related to starting of the target application in the information of all the applications acquired by the callback function. The application starting is monitored through the starting event acquired by the callback function and/or the file related to the starting, so that damage to the macOS system is avoided.
Further, the application data management method further includes: determining a starting address of a target application in a memory of a macOS system; positioning the last loading instruction in the list according to the starting address; accordingly, embodiments for inserting a target load instruction corresponding to a newly added process into a list may include: the target load instruction corresponding to the newly added process is inserted after the last load instruction. By inserting the target loading instruction corresponding to the new process into the last loading instruction, the new process is started after the target application is normally started, and the new process is ensured to run under the normal starting of the target application.
Specifically, using the API provided by macOS: current_task, get_task_map, get_map_min obtain the starting address of the target application in the memory, and then analyze the binary Load Command list according to the structure and API provided by the map-o/loader.h to find the position of the last Load Command. The target Load instruction is then inserted after the last Load Command.
Further, before the new process is started for the target application, the method further includes: and triggering the target application to enable the target application to be switched to a tag page indicating verification, and verifying whether the newly added process is successfully injected. Specifically, after the new process corresponding to the target load instruction is successfully loaded by the target application, whether the injection is successful or not can be verified through an activity monitor of the macOS system. I.e. the activity monitor switches to the "open file and port" tab page for search verification after double clicking on the target application. And verifying to further improve the reliability of the loading of the new process.
Further, the application data management method may further include: sending an authorization request to a target application; and in response to receiving authorization information corresponding to the authorization request and fed back by the target application, adding the target application into a preset security policy. That is, the application data management needs to be authorized by the target application to ensure compliance of the application data management.
The application data management method is described in detail below with a specific example. As shown in fig. 3, the application data management method may include the steps of:
step S300: registering a callback function through an API kauth_list_scope provided by a macOS system kernel; acquiring information of all applications in the macOS system through a callback function;
step S301: monitoring starting events and/or starting-related files of target applications belonging to preset security policy configuration in information of all applications acquired by a callback function;
step S302: under the condition that the starting of the target application is monitored, acquiring a list of the target application, which contains a loading instruction, and determining an initial address of the target application in a memory of a macOS system;
step S303: positioning the last loading instruction in the list according to the starting address;
step S304: inserting a target load instruction corresponding to the newly added process after the last load instruction in the list;
step S305: triggering through a target loading instruction, and loading a dynamic library into a process space of a target application according to path information included in the target loading instruction;
step S306: responding to successful loading of the target loading instruction, triggering the target application to enable the target application to be switched to a tag page indicating verification, and verifying whether the newly added process is successfully injected; if the injection of the new process is successful, step S307 is executed; in the case of failure of the injection of the new process, step S308 is executed;
step S307: starting a new process for the target application, managing the data of the target application through the new process, and ending the current flow;
step S308: the progress injection failure is prompted.
Fig. 4 is a schematic structural diagram of an application data management device according to an embodiment of the present invention. The application data management apparatus for the macOS system, as shown in fig. 4, the application data management apparatus 400 may include: a monitoring module 401, a process injection module 402, and a data management module 403, wherein,
the monitoring module 401 is configured to monitor a target application configured by a preset security policy;
a process injection module 402, configured to obtain a list of the target application that includes a load instruction when it is monitored that the target application is started; inserting a target load instruction corresponding to the newly added process into the list; responding to successful loading of the target loading instruction, and starting a new process for the target application;
the data management module 403 is configured to manage data of the target application through the new process.
In the embodiment of the present invention, the monitoring module 401 is further configured to register a callback function through an API kauth_list_scope provided by the macOS system kernel; acquiring information of all applications in the macOS system through a callback function; and monitoring starting events and/or files related to starting of the target application in the information of all the applications acquired by the callback function.
In the embodiment of the present invention, the process injection module 402 is further configured to determine a starting address of the target application in the memory of the macOS system; positioning the last loading instruction in the list according to the starting address; the target load instruction corresponding to the newly added process is inserted after the last load instruction.
In an embodiment of the present invention, a target load instruction includes: path information of a dynamic library containing the newly added process;
the process injection module 402 is further configured to load the dynamic library into a process space of the target application according to the path information triggered by the target load instruction.
In the embodiment of the present invention, the process injection module 402 is further configured to trigger the target application, so that the target application switches to the tag page indicating verification, and verifies whether the newly added process is successfully injected.
In the embodiment of the present invention, the monitoring module 401 is further configured to send an authorization request to the target application; and in response to receiving authorization information corresponding to the authorization request and fed back by the target application, adding the target application into a preset security policy.
Fig. 5 is a schematic structural diagram of an application data management system according to an embodiment of the present invention. As shown in fig. 5, the application data management system 500 may include: a terminal device 501 on which a macOS system is mounted and which installs a plurality of applications, and an application data management apparatus 400 provided by the embodiment shown in fig. 4. Wherein,
the application data management apparatus 400 is configured to manage data of a plurality of applications of the terminal device 501.
Referring now to fig. 6, there is shown a schematic diagram of a computer system 600 suitable for use in implementing a terminal device or a server installing an application data management apparatus of an embodiment of the present invention.
The computer system shown in fig. 6 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU) 601, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other through a bus 804. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 601.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described modules may also be provided in a processor, for example, as: a processor comprises a monitoring module, a process injection module and a data management module. The names of these modules do not in any way constitute a limitation of the module itself, for example, the monitoring module may also be described as "module monitoring the target application of the preset security policy configuration".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to include: monitoring a target application of a preset security policy configuration; under the condition that the starting of the target application is monitored, acquiring a list of the target application, which contains a loading instruction; inserting a target load instruction corresponding to the newly added process into the list; and starting a new process for the target application in response to successful loading of the target loading instruction, so as to manage the data of the target application through the new process.
According to the technical scheme of the embodiment of the invention, the target application configured by the security policy is monitored, the list containing the loading instruction of the target application is obtained under the condition that the starting of the target application is monitored, then the target loading instruction of the new process is inserted into the list, the new process can be started for the target application directly through the target loading instruction in the list, the loading of the new process does not need to change the data packet of the application program, the application program can be normally started, various functions can be normally used, the new process can be directly inserted into the application program without changing the signature of the application program, the management of the data of the application program is realized, and the normal operation of all the functions of the application can be ensured.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (10)
1. An application data management method, characterized by comprising, for a macOS system:
monitoring a target application of a preset security policy configuration;
under the condition that the starting of the target application is monitored, acquiring a list of the target application, which contains a loading instruction;
inserting a target load instruction corresponding to the newly added process into the list;
and responding to successful loading of the target loading instruction, starting the new process for the target application so as to manage the data of the target application through the new process.
2. The application data management method according to claim 1, further comprising:
registering a callback function through an APIkauth_list_scope provided by the macOS system kernel;
acquiring information of all applications in the macOS system through the callback function;
the application of monitoring the preset security policy configuration comprises the following steps:
and monitoring the starting event and/or the file related to the starting of the target application in the information of all the applications acquired by the callback function.
3. The application data management method according to claim 1, further comprising:
determining an initial address of the target application in a memory of the macOS system;
positioning the last loading instruction in the list according to the starting address;
the inserting a target load instruction corresponding to a newly added process into the list includes:
the target load instruction corresponding to the newly added process is inserted after the last load instruction.
4. The method for application data management as claimed in claim 1 or 3, wherein,
the target load instruction includes: path information of a dynamic library containing the newly added process;
further comprises: and triggering through the target loading instruction, and loading the dynamic library into a process space of the target application according to the path information.
5. The application data management method according to claim 1, further comprising, before said starting said new process for said target application:
triggering the target application to enable the target application to be switched to a tag page indicating verification, and verifying whether the newly added process is successfully injected.
6. The application data management method according to claim 1, further comprising:
sending an authorization request to a target application;
and responding to the received authorization information corresponding to the authorization request fed back by the target application, and adding the target application into a preset security policy.
7. An application data management apparatus, characterized by comprising, for a macOS system: the system comprises a monitoring module, a process injection module and a data management module, wherein,
the monitoring module is used for monitoring a target application of preset security policy configuration;
the process injection module is used for acquiring a list of the target application, which contains a loading instruction, under the condition that the starting of the target application is monitored; inserting a target load instruction corresponding to the newly added process into the list; responding to successful loading of the target loading instruction, and starting the new process for the target application;
and the data management module is used for managing the data of the target application through the new process.
8. An application data management system, characterized by a terminal device on which a macOS system is mounted and on which a plurality of applications are installed, and by the application data management apparatus according to claim 7.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-6.
10. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310956441.8A CN117056903A (en) | 2023-08-01 | 2023-08-01 | Application data management method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310956441.8A CN117056903A (en) | 2023-08-01 | 2023-08-01 | Application data management method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117056903A true CN117056903A (en) | 2023-11-14 |
Family
ID=88656472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310956441.8A Pending CN117056903A (en) | 2023-08-01 | 2023-08-01 | Application data management method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117056903A (en) |
-
2023
- 2023-08-01 CN CN202310956441.8A patent/CN117056903A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10572240B2 (en) | Operating system update management for enrolled devices | |
| US9509697B1 (en) | Systems and methods for authorizing attempts to access shared libraries | |
| US20130254889A1 (en) | Server-Side Restricted Software Compliance | |
| US10289397B2 (en) | Silent installation of software with dependencies | |
| US9847987B2 (en) | Data center access and management settings transfer | |
| US10318272B1 (en) | Systems and methods for managing application updates | |
| US20150058926A1 (en) | Shared Page Access Control Among Cloud Objects In A Distributed Cloud Environment | |
| US11507396B2 (en) | Method, device and computer program product for storage management | |
| CN117131516B (en) | Operation and maintenance method and device | |
| CN113190812A (en) | Login method, system, electronic equipment and storage medium | |
| CN113010238A (en) | Permission determination method, device and system for micro application call interface | |
| CN117056903A (en) | Application data management method, device and system | |
| CN114374657B (en) | Data processing method and device | |
| US11662927B2 (en) | Redirecting access requests between access engines of respective disk management devices | |
| CN112181470B (en) | Patch deployment method and device | |
| CN111885006B (en) | Page access and authorized access method and device | |
| CN110727945B (en) | Virus scanning method, device and computer readable medium | |
| CN114662120A (en) | Patch management method and device | |
| CN112463616A (en) | Chaos testing method and device for Kubernetes container platform | |
| CN113641966B (en) | Application integration method, system, equipment and medium | |
| CN112882838B (en) | Method and apparatus for vacating resource instances | |
| US9727378B2 (en) | Persistent unenrollment for devices under management | |
| US9612885B1 (en) | System and method for providing a transient and removable inflection point | |
| CN113127051B (en) | Application resource packaging process monitoring method, device, equipment and medium | |
| CN113765986B (en) | Flow control method of open platform and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |