CN118821111A - Kernel access method, device, equipment, storage medium and computer program product - Google Patents
Kernel access method, device, equipment, storage medium and computer program product Download PDFInfo
- Publication number
- CN118821111A CN118821111A CN202410593368.7A CN202410593368A CN118821111A CN 118821111 A CN118821111 A CN 118821111A CN 202410593368 A CN202410593368 A CN 202410593368A CN 118821111 A CN118821111 A CN 118821111A
- Authority
- CN
- China
- Prior art keywords
- kernel
- application program
- program
- access
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000004590 computer program Methods 0.000 title claims abstract description 32
- 238000012795 verification Methods 0.000 claims abstract description 15
- 238000004891 communication Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 12
- 230000006870 function Effects 0.000 description 16
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000006872 improvement Effects 0.000 description 5
- 239000000306 component Substances 0.000 description 4
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kernel access method, a device, equipment, a storage medium and a computer program product, wherein the method is applied to a service management program and comprises the following steps: receiving a kernel access request sent by an application program, and acquiring resource configuration information of the application program; performing validity check on the kernel access request according to the resource configuration information; if the kernel access request is legal, a system call request is sent to the kernel, and after the kernel passes the context verification, an access result sent by the kernel is received and sent to the application program; and if the kernel access request is illegal, rejecting the kernel access request of the application program. The invention controls the application program to access the kernel resource through the system call interface by introducing the service management program, thereby ensuring the reasonable use of the kernel resource and effectively improving the reliability and availability of the whole system.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a kernel access method, apparatus, device, storage medium, and computer program product.
Background
The kernel is used as a core component of an operating system, not only manages various resources affecting the operation of the whole system, but also provides a standard method for accessing the kernel management resources for an application program in a system call mode. These system call interfaces are often exposed to all applications in the form of library functions that can directly access the kernel resources by calling them. However, if the application program maliciously accesses the kernel resources through the library function, the kernel cannot provide normal service, and normal operation of the whole operating system is affected.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a kernel access method, a device, equipment, a storage medium and a computer program product, and introduce a service management program to control the application program to access kernel resources through a system call interface, thereby ensuring reasonable use of the kernel resources and effectively improving the reliability and availability of the whole system.
In order to achieve the above object, an embodiment of the present invention provides a kernel access method, applied to a service management program, including:
Receiving a kernel access request sent by an application program, and acquiring resource configuration information of the application program;
performing validity check on the kernel access request according to the resource configuration information;
If the kernel access request is legal, a system call request is sent to the kernel, and after the kernel passes the context verification, an access result sent by the kernel is received and sent to the application program;
And if the kernel access request is illegal, rejecting the kernel access request of the application program.
As an improvement of the above scheme, the service management program runs in a user mode; when the kernel of the operating system is started, the service management program is automatically loaded and operated by the kernel as a first application program, and the kernel distributes a fixed identifier as a preset value for the service management program.
As an improvement of the above solution, the application program carries an RDL data area, where the RDL data area includes a type and a number of kernel resources requested, and the obtaining the resource configuration information of the application program specifically includes:
and analyzing the RDL data area of the application program to obtain the resource configuration information of the application program.
As an improvement of the above solution, the application program is started by the service management program, and if the service management program starts the application program and the application program does not carry the RDL data area, the service management program refuses to start the application program.
As an improvement of the above scheme, after the kernel receives the system call request sent by the service management program, it checks whether the identifier currently running is the preset value;
analyzing a call stack of the application program, and judging whether the kernel access request passes the validity check;
and if the service management program and the system call request are met, processing the system call request and sending an access result to the service management program.
As an improvement of the above-mentioned scheme, the application program and the service management program communicate with each other by an inter-process communication method.
The embodiment of the invention also provides a kernel access device, which comprises:
The receiving module is used for receiving a kernel access request sent by an application program and acquiring resource configuration information of the application program;
the verification module is used for verifying the validity of the kernel access request according to the resource configuration information;
The access module is used for sending a system call request to the kernel if the kernel access request is legal, receiving an access result sent by the kernel after the kernel passes the context verification, and sending the access result to the application program;
And the rejecting module is used for rejecting the kernel access request of the application program if the kernel access request is illegal.
The embodiment of the invention also provides a terminal device, which comprises a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the processor realizes the kernel access method when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program is used for controlling equipment where the computer readable storage medium is located to execute the kernel access method according to any one of the above.
Embodiments of the present invention also provide a computer program product comprising a computer program or computer instructions which, when executed by a processor, implement a kernel access method as defined in any one of the above.
Compared with the prior art, the kernel access method, the device, the equipment, the storage medium and the computer program product provided by the embodiment of the invention have the beneficial effects that: receiving a kernel access request sent by an application program by introducing a service management program, and acquiring resource configuration information of the application program; performing validity check on the kernel access request according to the resource configuration information; if the kernel access request is legal, a system call request is sent to the kernel, and after the kernel passes the context verification, an access result sent by the kernel is received and sent to the application program; and if the kernel access request is illegal, rejecting the kernel access request of the application program. According to the embodiment of the invention, the service management program is introduced, the realization complexity of microkernel is not increased, the number of available system calls of the application program is not reduced, the service management program controls the application program to access kernel resources through the system call interface, so that all application programs cannot bypass the service management program to access the kernel resources through the system call, the kernel resources of the system cannot be applied maliciously by the application program, the kernel resources are not consumed, and the reliability and the usability of the kernel are greatly improved.
Drawings
FIG. 1 is a flow chart of a preferred embodiment of a kernel access method provided by the present invention;
FIG. 2 is a diagram of interaction of kernel resource access in a kernel access method provided by the invention;
FIG. 3 is a schematic diagram of a preferred embodiment of a core access device provided by the present invention;
Fig. 4 is a schematic structural diagram of a preferred embodiment of a terminal device according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a flowchart of a preferred embodiment of a kernel access method according to the present invention. The kernel access method is applied to a service management program, and comprises the following steps:
s1, receiving a kernel access request sent by an application program, and acquiring resource configuration information of the application program;
S2, carrying out validity check on the kernel access request according to the resource configuration information;
s3, if the kernel access request is legal, a system call request is sent to a kernel, and after the kernel passes the context verification, an access result sent by the kernel is received and sent to the application program;
S4, if the kernel access request is illegal, rejecting the kernel access request of the application program.
The micro-kernel architecture is an extensible architecture for splitting functions, and is generally used for realizing product-based applications, and the architecture strips most of services in an operating system kernel out, so that only the most basic functions are reserved. In a microkernel architecture, the system is broken down into multiple independent modules, each of which is responsible for a specific function only. The core system is responsible for general functions unrelated to specific service functions, such as module loading, inter-module communication and the like; and the plug-in module is responsible for realizing specific business logic. The core system functions are stable and can not be continuously modified due to service function expansion, and the plug-in modules can be continuously expanded according to the service function requirements. The microkernel architecture features include: and (3) modular design: the new function is conveniently expanded, and the old function is also easily replaced or upgraded. The reliability is high: because the microkernel only contains the most basic functions, each service runs in an independent process, and therefore the breakdown of one service does not affect the stability of the whole system. Easy to maintain: the modular design makes the system easier to maintain and debug, the responsibility of each module is clear, and developers can more easily locate and repair problems. The flexibility is strong: the modules can be dynamically loaded or unloaded according to the requirements, and the rapid customization and expansion of the system functions are realized. However, the micro-kernel architecture also has some drawbacks, such as low communication efficiency, high development difficulty, complex version control, and the like. Furthermore, microkernels may be relatively poor in performance because they need to frequently switch contexts between user and kernel states. Meanwhile, the modular structure of the microkernel makes software development and debugging more complex, and direct access to hardware is difficult to achieve. There is no restriction on the access of user space programs to kernel resources through system calls in currently known microkernel operating systems. The kernel is limited to a system calling method which can be used by an application program through a permission control method, so that the development convenience of the application program is reduced, the realization complexity of the kernel is increased, the kernel complexity is not reduced as much as possible by a micro-kernel operating system, and the idea that services which are not necessarily provided in the kernel are provided by a user mode program is not satisfied. By introducing a trusted interception application program, the access of other application programs to the kernel resources is intercepted, but the other application programs cannot bypass the interception program to access the kernel resources, namely the malicious access of the application programs to the kernel resources through system call cannot be fundamentally solved.
Therefore, the embodiment of the invention provides a kernel access method, and because most system services are moved from a kernel mode to a user mode under a micro-kernel architecture, the embodiment of the invention introduces a trusted service management program running in the user mode for managing all the system services, including the system services provided by the kernel. For key system services provided by the kernel, other application programs can only request services from the service management program through an IPC inter-process communication mode, and the application of kernel resources through system call is not allowed. Specifically, referring to fig. 2, fig. 2 is a core resource access interaction diagram in a core access method provided by the present invention. When an application program needs to apply for new kernel resources, the application program sends a kernel access request for applying for kernel resources to a service management program in an IPC inter-process communication mode, and after the service management program receives the kernel access request of the application program, the service management program performs validity check on the kernel access request according to the resource configuration information of the application program and checks whether the application program has permission for applying for corresponding kernel resources. If the kernel access request is legal, the application program has the authority of applying for the corresponding kernel resource, the service management program sends a system call request to the kernel, and applies for the corresponding kernel resource to the kernel through the system call. And after the kernel passes the context verification, processing a system call request sent by the service management program, sending an access result to the service management program, and sending the received access result to the application program by the service management program. Illustratively, the kernel sends the processing result to the service management program, and the service management program converts the received processing result and returns a request result to the application program. If the kernel access request is illegal, the application program does not have the authority for applying the corresponding kernel resource, and the kernel access request of the application program is refused.
The kernel access method provided by the embodiment of the invention has the advantages of not increasing the realization complexity of the microkernel and not reducing the number of available system calls of the application program. Meanwhile, all application programs can not bypass the service management program to access the kernel resources through system call, so that the kernel resources of the system can not be maliciously applied by the application programs to cause the kernel resources to be exhausted, and the reliability and usability of the kernel are greatly improved.
In another preferred embodiment, the service manager operates in a user mode; when the kernel of the operating system is started, the service management program is automatically loaded and operated by the kernel as a first application program, and the kernel distributes a fixed identifier as a preset value for the service management program.
Specifically, in the embodiment of the present invention, the service management program runs in a user mode and is used for managing all system services, including the system services provided by the kernel. When the kernel of the operating system is started, the service management program is automatically loaded and operated by the kernel as a first application program, and the kernel distributes a fixed identifier for the service management program as a preset value. Illustratively, the kernel assigns a fixed identifier to the service manager as an ASID address space identification code, with a preset value of 1.
In another preferred embodiment, the application program carries a resource description language RDL data area, where the RDL data area includes a type and a number of kernel resources requested, and the acquiring the resource configuration information of the application program specifically includes:
and analyzing the RDL data area of the application program to obtain the resource configuration information of the application program.
Specifically, in the embodiment of the present invention, all application programs must carry a resource description language RDL data area, where the RDL data area includes information such as the type and number of kernel resources requested, and is used to declare the type and number of kernel resources required to be requested during the running period. The service management program can obtain the resource configuration information of the application program by analyzing the RDL data area of the application program, and further performs validity check on the kernel access request of the application program according to the resource configuration information.
In a further preferred embodiment, the application is started by the service manager, and if the service manager starts the application, the service manager refuses to start the application if the application does not carry the RDL data area.
Specifically, the starting application program needs to request a process creation service provided by the kernel, the service is a key service provided by the kernel, and the kernel only allows the service management program to request the service, so that all application programs can only be started by the service management program, and all other application programs can only be operated after the service management program finishes starting. If the service manager starts the application, the application does not carry the RDL data area, and the service manager refuses to start the application.
In a further preferred embodiment, after the kernel receives the system call request sent by the service management program, checking whether the identifier currently running is the preset value;
analyzing a call stack of the application program, and judging whether the kernel access request passes the validity check;
and if the service management program and the system call request are met, processing the system call request and sending an access result to the service management program.
Specifically, when an application program needs to apply for a new kernel resource, the application program sends a kernel access request for applying for the kernel resource to a service management program in an IPC mode, and after the service management program receives the kernel access request of the application program, the service management program performs validity check on the kernel access request according to the resource configuration information of the application program, so as to check whether the application program has permission for applying for the corresponding kernel resource. If the kernel access request is legal, the application program has the authority of applying for the corresponding kernel resource, the service management program sends a system call request to the kernel, and after the kernel receives the system call request sent by the service management program, the kernel judges whether to respond to the system call request by checking whether the current context belongs to the service management program context, and the check can successfully detect whether other application programs bypass the service management program to directly access the kernel resource through the system call, so that the service management program is the only scheme approach for accessing the key kernel resource. First, it is checked whether the identifier currently running is a preset value, for example: check if the ASID currently running is 1. Then, the call stack of the application program is analyzed to judge whether the kernel access request passes the validity check. If the identifier of the current running identifier is a preset value and the kernel access request passes the validity check, the system call request is processed and an access result is sent to the service management program, so that only the service management program can access the key kernel resources, and other application programs can not bypass the service management program to directly initiate the system call to access the key kernel resources.
It should be noted that, the context refers to an environment when the process executes, and includes various variables and data, such as register variables, a file opened by the process, memory information, and the like. When a process needs to execute a system call, the operating system executes a corresponding kernel function according to the current context information. When the user program needs to execute the system call, the operating system saves the context state of the current process, including the register value, the memory state, etc., and then switches to kernel mode to execute the system call. In the process of executing the system call, the kernel executes corresponding operation according to the transferred parameter and the current context information. Once the system call is completed, the operating system restores the previously saved context state and returns control to the user program for continued execution. By correctly saving and restoring the context information, the operating system can maintain the state of the process unchanged when executing the system call, ensuring correct execution of the program. Meanwhile, since the system call is executed in the kernel mode, the security and stability of the system call can be ensured.
Preferably, the application program and the service management program communicate through an inter-process communication mode.
The kernel orientation method provided by the embodiment of the invention can obviously enhance the reliability and availability of kernel resources of the microkernel operating system, and in the microkernel operating system, microkernel manages the most core resources of the whole system, is a core for ensuring the normal operation of the whole system, improves the reliability and availability of microkernel management resources and can improve the operation reliability of the whole microkernel operating system.
Correspondingly, the invention also provides a kernel access device which can realize all the flows of the kernel access method in the embodiment.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a core access device according to a preferred embodiment of the present invention. The kernel access device is applied to a service management program and comprises:
A receiving module 301, configured to receive a kernel access request sent by an application program, and obtain resource configuration information of the application program;
a verification module 302, configured to perform validity verification on the kernel access request according to the resource configuration information;
The access module 303 is configured to send a system call request to a kernel if the kernel access request is legal, and receive an access result sent by the kernel and send the access result to the application program after the kernel passes the context verification;
And a rejecting module 304, configured to reject the kernel access request of the application program if the kernel access request is illegal.
Specifically, the embodiment of the invention provides a kernel access device, which introduces a trusted service management program running in a user mode and is used for managing all system services, including the system services provided by the kernel. For key system services provided by the kernel, other application programs can only request services from the service management program through an IPC inter-process communication mode, and the application of kernel resources through system call is not allowed. When an application program needs to apply for new kernel resources, the application program sends a kernel access request for applying for kernel resources to a service management program in an IPC inter-process communication mode, and after the service management program receives the kernel access request of the application program, the service management program performs validity check on the kernel access request according to the resource configuration information of the application program and checks whether the application program has permission for applying for corresponding kernel resources. If the kernel access request is legal, the application program has the authority of applying for the corresponding kernel resource, the service management program sends a system call request to the kernel, and applies for the corresponding kernel resource to the kernel through the system call. And after the kernel passes the context verification, processing a system call request sent by the service management program, sending an access result to the service management program, and sending the received access result to the application program by the service management program. Illustratively, the kernel sends the processing result to the service management program, and the service management program converts the received processing result and returns a request result to the application program. If the kernel access request is illegal, the application program does not have the authority for applying the corresponding kernel resource, and the kernel access request of the application program is refused.
The embodiment of the invention has the advantages of not increasing the realization complexity of the microkernel and not reducing the number of available system calls of the application program. Meanwhile, all application programs can not bypass the service management program to access the kernel resources through system call, so that the kernel resources of the system can not be maliciously applied by the application programs to cause the kernel resources to be exhausted, and the reliability and usability of the kernel are greatly improved.
Preferably, the service management program runs in a user mode; when the kernel of the operating system is started, the service management program is automatically loaded and operated by the kernel as a first application program, and the kernel distributes a fixed identifier as a preset value for the service management program.
Preferably, the application program carries an RDL resource description language data area, where the RDL data area includes a type and a number of kernel resources requested, and the acquiring the resource configuration information of the application program specifically includes:
and analyzing the RDL data area of the application program to obtain the resource configuration information of the application program.
Preferably, the application program is started by the service management program, and if the service management program starts the application program and the application program does not carry the RDL data area, the service management program refuses to start the application program.
Preferably, after receiving the system call request sent by the service management program, the kernel checks whether the identifier running currently is the preset value;
analyzing a call stack of the application program, and judging whether the kernel access request passes the validity check;
and if the service management program and the system call request are met, processing the system call request and sending an access result to the service management program.
Preferably, the application program and the service management program communicate through an inter-process communication mode.
In specific implementation, the working principle, control flow and technical effects of the kernel access device provided by the embodiment of the present invention are the same as those of the kernel access method in the above embodiment, and are not described herein again.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a preferred embodiment of a terminal device according to the present invention. The terminal device comprises a processor 401, a memory 402 and a computer program stored in the memory 402 and configured to be executed by the processor 401, wherein the processor 401 implements the kernel access method according to any of the above embodiments when executing the computer program.
Preferably, the computer program may be divided into one or more modules/units (e.g. computer program 1, computer program 2, … …) stored in the memory 402 and executed by the processor 401 to complete the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing the specified functions, which instruction segments are used for describing the execution of the computer program in the terminal device.
The Processor 401 may be a central processing unit (Central Processing Unit, CPU), other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), application Specific Integrated Circuit (ASIC), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc., or the general purpose Processor may be a microprocessor, or the Processor 401 may be any conventional Processor, the Processor 401 is a control center of the terminal device, and various interfaces and lines are used to connect the various parts of the terminal device.
The memory 402 mainly includes a program storage area, which may store an operating system, an application program required for at least one function, and the like, and a data storage area, which may store related data and the like. In addition, the memory 402 may be a high-speed random access memory, a nonvolatile memory such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), etc., or the memory 402 may be other volatile solid-state memory devices.
It should be noted that the above-mentioned terminal device may include, but is not limited to, a processor, a memory, and those skilled in the art will understand that the schematic structural diagram of fig. 4 is merely an example of the above-mentioned terminal device, and does not limit the above-mentioned terminal device, and may include more or fewer components than those shown, or may combine some components or different components.
The embodiment of the invention also provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program is used for controlling equipment where the computer readable storage medium is located to execute the kernel access method according to any embodiment.
Embodiments of the present invention also provide a computer program product comprising a computer program or computer instructions which, when executed by a processor, implement the kernel access method according to any of the above embodiments.
The embodiment of the invention provides a kernel access method, a device, equipment, a storage medium and a computer program product, which are used for receiving a kernel access request sent by an application program and acquiring resource configuration information of the application program by introducing a service management program; performing validity check on the kernel access request according to the resource configuration information; if the kernel access request is legal, a system call request is sent to the kernel, and after the kernel passes the context verification, an access result sent by the kernel is received and sent to the application program; and if the kernel access request is illegal, rejecting the kernel access request of the application program. According to the embodiment of the invention, the service management program is introduced, the realization complexity of microkernel is not increased, the number of available system calls of the application program is not reduced, the service management program controls the application program to access kernel resources through the system call interface, so that all application programs cannot bypass the service management program to access the kernel resources through the system call, the kernel resources of the system cannot be applied maliciously by the application program, the kernel resources are not consumed, and the reliability and the usability of the kernel are greatly improved.
It should be noted that the system embodiments described above are merely illustrative, and that the units described as separate units may or may not be physically separate, and that units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the system embodiment of the present invention, the connection relationship between the modules represents that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that changes and modifications may be made without departing from the principles of the invention, such changes and modifications are also intended to be within the scope of the invention.
Claims (10)
1. A kernel access method, applied to a service manager, the method comprising:
Receiving a kernel access request sent by an application program, and acquiring resource configuration information of the application program;
performing validity check on the kernel access request according to the resource configuration information;
If the kernel access request is legal, a system call request is sent to the kernel, and after the kernel passes the context verification, an access result sent by the kernel is received and sent to the application program;
And if the kernel access request is illegal, rejecting the kernel access request of the application program.
2. The kernel access method as recited in claim 1, wherein the service manager operates in a user mode; when the kernel of the operating system is started, the service management program is automatically loaded and operated by the kernel as a first application program, and the kernel distributes a fixed identifier as a preset value for the service management program.
3. The kernel access method of claim 1, wherein the application program carries an RDL data area, the RDL data area includes a type and a number of kernel resources requested, and the acquiring the resource configuration information of the application program specifically includes:
and analyzing the RDL data area of the application program to obtain the resource configuration information of the application program.
4. The kernel access method of claim 3, wherein the application is launched by the service manager, and wherein the service manager refuses to launch the application if the application does not carry the RDL data area when the service manager launches the application.
5. The kernel access method as recited in claim 2, wherein after the kernel receives the system call request sent by the service manager, it is checked whether a currently running identifier is the preset value;
analyzing a call stack of the application program, and judging whether the kernel access request passes the validity check;
and if the service management program and the system call request are met, processing the system call request and sending an access result to the service management program.
6. The kernel access method as recited in claim 1, wherein the application program and the service manager program communicate by way of inter-process communication.
7. A kernel access device for use in a service manager, comprising:
The receiving module is used for receiving a kernel access request sent by an application program and acquiring resource configuration information of the application program;
the verification module is used for verifying the validity of the kernel access request according to the resource configuration information;
The access module is used for sending a system call request to the kernel if the kernel access request is legal, receiving an access result sent by the kernel after the kernel passes the context verification, and sending the access result to the application program;
And the rejecting module is used for rejecting the kernel access request of the application program if the kernel access request is illegal.
8. A terminal device comprising a processor and a memory, wherein the memory has a computer program stored therein and the computer program is configured to be executed by the processor, the processor implementing the kernel access method according to any of claims 1 to 6 when the computer program is executed by the processor.
9. A computer readable storage medium, wherein the computer readable storage medium stores a computer program, and wherein the kernel access method according to any one of claims 1 to 6 is implemented when the computer program is executed by a device in which the computer readable storage medium is located.
10. A computer program product, characterized in that the computer program product comprises a computer program or computer instructions which, when executed by a processor, implements the kernel access method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410593368.7A CN118821111A (en) | 2024-05-14 | 2024-05-14 | Kernel access method, device, equipment, storage medium and computer program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410593368.7A CN118821111A (en) | 2024-05-14 | 2024-05-14 | Kernel access method, device, equipment, storage medium and computer program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118821111A true CN118821111A (en) | 2024-10-22 |
Family
ID=93071988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410593368.7A Pending CN118821111A (en) | 2024-05-14 | 2024-05-14 | Kernel access method, device, equipment, storage medium and computer program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118821111A (en) |
-
2024
- 2024-05-14 CN CN202410593368.7A patent/CN118821111A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108763099B (en) | System starting method and device, electronic equipment and storage medium | |
| EP3761208B1 (en) | Trust zone-based operating system and method | |
| US11221838B2 (en) | Hot update method, operating system, terminal device, system, and computer-readable storage medium for a system process | |
| KR100855803B1 (en) | Cooperative embedded agents | |
| CN110597531B (en) | Distributed module upgrading method and device and storage medium | |
| US10019598B2 (en) | Dynamic service discovery | |
| US11853767B2 (en) | Inter-core data processing method, system on chip and electronic device | |
| EP1631905B1 (en) | Dynamic bios execution and concurrent update for a blade server | |
| CN114721719B (en) | Method and system for containerized deployment of heterogeneous applications in cluster | |
| CN110716845A (en) | Method for reading log information of Android system | |
| CN116028455A (en) | Data processing method and device, storage medium and electronic equipment | |
| CN111984263A (en) | Method, device, equipment and medium for running second system application on first system | |
| CN113382024A (en) | Rotation method of credential, computing device and storage medium | |
| CN118821111A (en) | Kernel access method, device, equipment, storage medium and computer program product | |
| CN116225541B (en) | Method and system for communication between in-band CPU and out-of-band management BMC | |
| EP4280053A1 (en) | Method and system for upgrading firmware of vehicle infotainment system | |
| CN112153628A (en) | Activation management, instruction processing and restart management method and device for code number resources | |
| CN113127089A (en) | Starting control method of module of service architecture and computer equipment | |
| CN110688130A (en) | Physical machine deployment method, physical machine deployment device, readable storage medium and electronic equipment | |
| CN110852139A (en) | Biometric feature recognition method, biometric feature recognition device, biometric feature recognition equipment and storage medium | |
| US11907071B2 (en) | Storage failover protocol for secure and seamless extended firmware load | |
| WO2019112971A1 (en) | Method and apparatus for secure system boot | |
| CN112130900B (en) | User information management method, system, equipment and medium for BMC | |
| CN115576626A (en) | Method, device and storage medium for safe mounting and dismounting of USB (Universal Serial bus) device | |
| CN113515299A (en) | Software development kit SDK hot upgrading method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |