×

Fetching a policy definition library from a policy server at mobile device runtime of an application package to control access to mobile device resources

  • US 10,104,123 B2
  • Filed: 09/23/2015
  • Issued: 10/16/2018
  • Est. Priority Date: 09/23/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • performing operations as follows on a processor of a mobile device;

    responsive to occurrence of a defined event associated with an application package, fetching a policy definition library from a policy server through a data network without fetching other policy definition libraries from the policy server, the policy definition library containing policies defining resources of the mobile device that the application package is permitted to access;

    executing a wrapped application package containing application executable code and application wrapper executable code that is called by each execution of an agnostic wrapper function residing at each of a plurality of locations in the application executable code, wherein the agnostic wrapper function operates independent of the application executable code;

    responsive to execution of the agnostic wrapper function at one of the plurality of locations in the application executable code and further responsive to determining, based on applying one of the policies in the policy definition library, that the application executable code has permission to access one type of resource identified by a resource object name, executing the application wrapper executable code to control whether access by the application executable code is granted to resources of the mobile device based on the policies contained in the policy definition library by generating an operating system (OS) application programming interface (API) call, which contains an argument of an agnostic wrapper function to be passed to the one type of resource, to the one type of resource, wherein the resource object name and the argument of the agnostic wrapper function are received by the application wrapper executable code;

    responsive to determining that the application executable code does not have permission to access the one type of resource identified by the resource object name, executing the application wrapper executable code to block generation of the OS API call to the one type of resource identified by the resource object name; and

    responsive to determining that the application executable code has permission to access the one type of resource identified by the resource object name, executing the application wrapper executable code to pass a response by the one type of resource, from the OS API call, to the agnostic wrapper function.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×