公开(公告)号：US09323929B2

公开(公告)日：2016-04-26

申请号：US14090200

申请日：2013-11-26

Applicant: QUALCOMM Incorporated

Inventor： David Fiala ,  Mihai Christodorescu ,  Vinay Sridhara ,  Rajarshi Gupta ,  Kassem Fawaz

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/566

Abstract: The various aspects provide for a computing device and methods implemented by the device to ensure that an application executing on the device and seeking root access will not cause malicious behavior while after receiving root access. Before giving the application root access, the computing device may identify operations the application intends to execute while having root access, determine whether executing the operations will cause malicious behavior by simulating execution of the operations, and pre-approve those operations after determining that executing those operations will not result in malicious behavior. Further, after giving the application root access, the computing device may only allow the application to perform pre-approved operations by quickly checking the application's pending operations against the pre-approved operations before allowing the application to perform those operations. Thus, the various aspects may ensure that an application receives root access without compromising the performance or security integrity of the computing device.

Abstract translation: 各种方面提供了一种计算设备和由设备实现的方法，以确保在接收根访问之后在设备上执行并寻求root访问的应用不会引起恶意行为。 在给予应用程序根访问之前，计算设备可以识别应用程序在具有root访问的同时执行的操作，确定执行操作是否会通过模拟操作的执行而导致恶意行为，并且在确定执行这些操作之后预先批准这些操作 操作不会导致恶意行为。 此外，在给予应用程序根访问之后，计算设备可以仅允许应用程序通过在允许应用程序执行这些操作之前快速检查应用程序针对预先批准的操作的待处理操作来执行预先批准的操作。 因此，各个方面可以确保应用程序接收根访问，而不会影响计算设备的性能或安全完整性。

公开(公告)号：US20150150130A1

公开(公告)日：2015-05-28

申请号：US14090200

申请日：2013-11-26

Applicant: QUALCOMM Incorporated

Inventor： David Fiala ,  Mihai Christodorescu ,  Vinay Sridhara ,  Rajarshi Gupta ,  Kassem Fawaz

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/566

Abstract: The various aspects provide for a computing device and methods implemented by the device to ensure that an application executing on the device and seeking root access will not cause malicious behavior while after receiving root access. Before giving the application root access, the computing device may identify operations the application intends to execute while having root access, determine whether executing the operations will cause malicious behavior by simulating execution of the operations, and pre-approve those operations after determining that executing those operations will not result in malicious behavior. Further, after giving the application root access, the computing device may only allow the application to perform pre-approved operations by quickly checking the application's pending operations against the pre-approved operations before allowing the application to perform those operations. Thus, the various aspects may ensure that an application receives root access without compromising the performance or security integrity of the computing device.

Abstract translation: 各种方面提供了一种计算设备和由设备实现的方法，以确保在接收根访问之后在设备上执行并寻求root访问的应用不会引起恶意行为。 在给予应用程序根访问之前，计算设备可以识别应用程序在具有root访问的同时执行的操作，确定执行操作是否会通过模拟操作的执行而导致恶意行为，并且在确定执行这些操作之后预先批准这些操作 操作不会导致恶意行为。 此外，在给予应用程序根访问之后，计算设备可以仅允许应用程序通过在允许应用程序执行这些操作之前快速检查应用程序针对预先批准的操作的待处理操作来执行预先批准的操作。 因此，各个方面可以确保应用程序接收根访问，而不会影响计算设备的性能或安全完整性。