File system access for one or more sandboxed applications
First Claim
1. A machine implemented method comprising:
- receiving a selection of a resource managed by a restricted operating environment, the resource consisting of a file or folder;
requesting, in response to the selection, a location identifier associated with the resource, wherein the request for the location identifier is serviced by a cryptographically authenticated resource manager;
receiving, in response to the request, a first identifier, and a second identifier, wherein the second identifier is a uniform resource locator (URL), which allows retrieval of the resource if the resource is renamed or moved, and the first identifier is a cryptographically authenticated location identifier consisting of a first keyed hash of the URL; and
storing the first and second identifier on a non-transitory storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and machine-readable storage medium are described wherein, in one embodiment, identifiers, such as bookmarks, are used to allow access to files or folders in a sandboxed environment. One or more applications are restricted by an access control system, which can be, for example, a trusted software component of an operating system. In one embodiment, the bookmarks or other identifiers allow an application to have access to a file even if the file is renamed or moved by a user while the application has been terminated. In one embodiment, a resource manager, or other trusted access control system, can interact with an application to allow for the use of bookmarks in an environment in which a sandbox application controls access to the files such that each application must make a request to the sandbox application in order to obtain access to a particular file or folder.
30 Citations
19 Claims
-
1. A machine implemented method comprising:
-
receiving a selection of a resource managed by a restricted operating environment, the resource consisting of a file or folder; requesting, in response to the selection, a location identifier associated with the resource, wherein the request for the location identifier is serviced by a cryptographically authenticated resource manager; receiving, in response to the request, a first identifier, and a second identifier, wherein the second identifier is a uniform resource locator (URL), which allows retrieval of the resource if the resource is renamed or moved, and the first identifier is a cryptographically authenticated location identifier consisting of a first keyed hash of the URL; and storing the first and second identifier on a non-transitory storage device. - View Dependent Claims (2, 3, 4, 5, 19)
-
-
6. A system to provide a restricted operating environment for managing access to a resource on an electronic computer system, the system comprising:
-
memory to store instructions and resources; a storage device coupled to the memory; and one or more processors coupled to the memory and the storage device, the one or more processors to execute instructions stored in the memory to create the restricted operating environment for managing access to the resource by an application, wherein the restricted operating environment couples with a cryptographically authenticated resource manager, the cryptographically authenticated resource manager to receive a request for a location identifier to access the resource, authenticate the request by determining whether access is allowed to the resource, and send the location identifier and an identifier, wherein the identifier is a uniform resource locator (URL), which allows retrieval of the resource outside of the restricted operating environment if the resource is renamed or moved, and the location identifier is a keyed hash of the URL. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory machine-readable storage medium, which provides instructions that, when executed by a processing system, cause the processing system to perform operations managing resource access in a restricted operating environment, the operations comprising:
-
receiving a first request to provide a location identifier associated with a resource, the resource consisting of a file or folder, the file or folder representing a collection of one or more user selected files; verifying that the first request is entitled to access the resource; creating a random key and attaching the random key to the resource; creating a first keyed hash using the random key; and returning the location identifier associated with the resource, the location identifier including a uniform resource locator (URL) and the first keyed hash, wherein the location identifier provides persistent access to the collection of files represented by the resource. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification