Method and Device for Intercepting Call for Service by Application

US 20150169872A1
Filed: 05/30/2013
Published: 06/18/2015
Est. Priority Date: 06/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method for intercepting a call for a service by an application in an operating system of an electronic apparatus comprising:

loading, by at least one processor, an interception dynamic link library to a process where the service is located;

replacing, by the at least one processor, an address of an input/output control function in the process with a first address of the interception dynamic link library;

when the application is calling the service, executing, by the at least one processor, the interception dynamic link library based on the first address to as to obtain a name and information of the application and information of the call, and replacing an address of the service to be called included in the information of the call with a second address of the interception dynamic link library; and

executing, by the at least one processor, processing based on the second address according to at least one of the name and information of the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are a method and a device for intercepting a call for a service by an application in an operating system of an electronic apparatus. The method comprises: loading an interception dynamic link library to a process where the service is located; replacing the address of an input/output control function in the process with a first address of the interception dynamic link library; when the application is calling the service, executing the interception dynamic link library based on the first address so as to obtain the name and information of the application as well as the information of the call, and replacing the address of the service to be called comprised in the information of the call with a second address of the interception dynamic link library; and executing processing based on the second address according to the name and/or information of the application. The invention increases the security of the operating system of the electronic apparatus.

18 Citations

View as Search Results

23 Claims

1. A method for intercepting a call for a service by an application in an operating system of an electronic apparatus comprising:
- loading, by at least one processor, an interception dynamic link library to a process where the service is located;
  
  replacing, by the at least one processor, an address of an input/output control function in the process with a first address of the interception dynamic link library;
  
  when the application is calling the service, executing, by the at least one processor, the interception dynamic link library based on the first address to as to obtain a name and information of the application and information of the call, and replacing an address of the service to be called included in the information of the call with a second address of the interception dynamic link library; and
  
  executing, by the at least one processor, processing based on the second address according to at least one of the name and information of the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 23)
- - 2. The method as claimed in claim 1, wherein executing processing according to at least one of the name and information of the application comprises:
    - comparing at least one of the name and information of the application with information in a predefined database, and one of (a) executing the call according to the address of the service and returning an actual service result to the application, and (b) returning a predefined service result to the application.
  - 3. The method as claimed in claim 1, wherein executing processing according to the name of the application comprises one of:
    - (a) when the name of the application is included in a white list in a predefined database, executing the call according to the address of the service, and returning an actual service result to the application, (b) when the name of the application is included in a black list in the predefined database, returning a predefined service result to the application, and (c) when the name of the application is not included in the white list or in the black list in the predefined database, displaying the name and information of the application and the information of the call, and executing processing according to a selection with respect to the call via the operating system on the electronic apparatus.
  - 4. The method as claimed in claim 1, wherein executing processing according to the information of the application comprises one of:
    - (a) when the information of the application comprises feature data in a predefined database, returning a predefined service result to the application, and (b) when the information of the application does not comprise the feature data in the predefined database, displaying the name and information of the application and the information of the call, and executing processing according to a selection with respect to the call via the operating system on the electronic apparatus.
  - 5. The method as claimed in claim 3, wherein executing processing according to the selection with respect to the call via the operating system on the electronic apparatus comprises one of:
    - (a) in the event that the call for the service by the application is allowed, executing the call according to the address of the service and returning the actual service result to the application, and (b) in the event that the call for the service by the application is not allowed, returning the predefined service result to the application.
  - 6. The method as claimed in claim 1, further comprising:
    - suspending the process before loading the interception dynamic link library to the process where the service is located and resuming the process after replacing the address of an input/output control function in the process with the first address of the interception dynamic link library.
  - 7. The method as claimed in claim 1, wherein the information of the call comprises a sequence number of an interface of the call and the address of the service to be called.
  - 8. The method as claimed in claim 1, wherein the operating system is an Android operating system, and the application calls the service through a Binder mechanism of the Android operating system.
  - 9. The method as claimed in claim 8, wherein the input/output control function is an input/output control (IOCTL) function in the Binder mechanism.
  - 10. The method as claimed in claim 9, wherein when the application is calling the service, executing the interception dynamic link library based on the first address, to obtain, via the IOCTL function, the name and information of the application and the information of the call ahead of the Android operating system.
  - 23. The method as claimed in claim 4, wherein executing processing according to the selection with respect to the call via the operating system on the electronic apparatus comprises one of:
    - (a) in the event that the call for the service by the application is allowed, executing the call according to the address of the service, and returning an actual service result to the application and (b) in the event that the call for the service by the application is not allowed, returning the predefined service result to the application.

11. A device for intercepting a call for a service by an application in an operating system of an electronic apparatus comprising:
- at least one processor to execute;
  
  a loading module configured to load an interception dynamic link library to a process where the service is located;
  
  a first replacing module configured to replace an address of an input/output control function in the process with a first address of the interception dynamic link library;
  
  a second replacing module configured to, when the application is calling the service, execute the interception dynamic link library based on the first address to obtain a name and information of the application and information of the call, and replace an address of the service to be called included in the information of the call with a second address of the interception dynamic link library; and
  
  a processing module configured to execute processing based on the second address according to at least one of the name and information of the application.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The device as claimed in claim 11, wherein the processing module is configured to compare at least one of the name and the information of the application with information in a predefined database, and one of (a) execute the call according to the address of the service, and return an actual service result to the application, and (b) return a predefined service result to the application.
  - 13. The device as claimed in claim 11, wherein when the name of the application is include in a white list in a predefined database, the processing module (a) executes the call according to the address of the service, and returns an actual service result to the application, or (b) when the name of the application is included in a black list in the predefined database, the processing module returns a predefined service result to the application, or (c) when the name of the application is not included in the white list or in the black list in the predefined database, the processing module displays the name and information of the application and the information of the call, and executes processing according to a selection with respect to the call via the operating system on the electronic apparatus.
  - 14. The device as claimed in claim 11, wherein the processing module (a) returns a predefined service result to the application when the information of the application comprises feature data in a predefined database or (b) displays the name and information of the application and the information of the call, and executes processing according to a selection with respect to the call via the operating system on the electronic apparatus when the information of the application does not comprise the feature data in the predefined database.
  - 15. The device as claimed in claim 13, wherein in the event that the call for the service by the application is allowed, the processing module executes the call according to the address of the service, and returns the actual service result to the application, or in the event that the call for the service by the application is not allowed, the processing module returns the predefined service result to the application.
  - 16. The device as claimed in claim 11, further comprising a suspending module configured to suspend the process before the loading module loads the interception dynamic link library to the process where the service is located and a resuming module configured to resume the process after the first replacing module replaces the address of the input/output control function in the process with the first address of the interception dynamic link library.
  - 17. The device as claimed in claim 11, wherein the information of the call comprises a sequence number of an interface of the call and the address of the service to be called.
  - 18. The device as claimed in claim 11, wherein the operating system is an Android operating system, and the application calls the service through a Binder mechanism of the Android operating system.

19-21. -21. (canceled)

22. A non-transitory computer readable medium having instructions stored thereon that, when executed by at least one processor, cause the at least one processor to perform operations for intercepting a call for a service by an application in an operating system of an electronic apparatus comprising:
- loading an interception dynamic link library to a process where the service is located;
  
  replacing an address of an input/output control function in the process with a first address of the interception dynamic link library;
  
  when the application is calling the service, executing the interception dynamic link library based on the first address to obtain a name and information of the application and the information of the call, and replacing an address of the service to be called included in the information of the call with a second address of the interception dynamic link library; and
  
  executing processing based on the second address according to at least one of the name and information of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Qihu Technology Co. Ltd. (360 Security Technology, Inc.)
Original Assignee
Beijing Qihu Technology Co. Ltd. (360 Security Technology, Inc.)
Inventors
Ding, Yi, Li, Yuan

Granted Patent

US 9,697,353 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 2221/033   Test or assess software

Method and Device for Intercepting Call for Service by Application

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Device for Intercepting Call for Service by Application

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links