Summary of the invention
In order to solve to monitor in the prior art be easy to appear when application program obtains cellphone information wrong report, detection efficiency it is low,The problem of application program and detection framework can not be installed on the same device simultaneously, the present invention propose that journey is applied in a kind of sandbox monitoringMethod, mobile terminal and the storage medium of sequence.
What the invention is realized by the following technical scheme:
A kind of method of sandbox monitoring application program, comprising:
Definition obtains information of mobile terminal behavior, and positions the acquisition information of mobile terminal behavior in the source of mobile terminalCode;
Log output function is inserted into the source code, compiling generates the installation of sandbox system in the terminal;
The sandbox system generates simultaneously output system log when application program executes and obtains information of mobile terminal behavior.
The method of the described sandbox monitoring application program, wherein the acquisitions information of mobile terminal behavior include: deletion orShort message enquiry, inquiring call history, inquiry address list, the mobile device world identification code for obtaining mobile terminal, acquisition are mounted onThe international mobile subscriber identity (IMSI) of mobile terminal, recording, opens mobile terminal at the phone number for obtaining mobile terminalAt least one of camera, positioning, the administrator's permission for obtaining mobile terminal.
The method of the sandbox monitoring application program, wherein the system log includes: to obtain information of mobile terminal rowFor application program UID, according to the UID position obtain information of mobile terminal behavior application program.
The method of the sandbox monitoring application program, wherein the system log includes: to obtain information of mobile terminal rowFor application program method call stack, positioned in the application program according to the method call stack and obtain information of mobile terminalThe function of behavior.
The method of the sandbox monitoring application program, wherein the system log includes: uniform resource locator and asksAsk the triggered time for obtaining information of mobile terminal behavior.
The method of the sandbox monitoring application program, wherein described " log output function is inserted into the source code,Compiling generate sandbox system installation in the terminal " include: by the source code be inserted into log output function original system,Sandbox system is compiled by-j the order of make.
The method of the sandbox monitoring application program, wherein described " log output function is inserted into the source code,Compiling generates the installation of sandbox system in the terminal " it include: that the sandbox system is installed by fastboot or recoveryIn the terminal.
The method of the sandbox monitoring application program, wherein described " log output function is inserted into the source code,Compiling generates the installation of sandbox system in the terminal " it later include: that test application program is installed in the terminal.
A kind of mobile terminal, including processor and memory, the sand that the memory storage can be executed by the processorCase system realizes the step of the method such as above-mentioned sandbox monitoring application program when the sandbox system is executed by the processorSuddenly.
A kind of storage medium, the storage medium are stored with one or more programs, and one or more of programs can quiltOne or more processors execute, to realize the method such as above-mentioned sandbox monitoring application program.
The beneficial effects of the present invention are:
When application call function obtains information of mobile terminal, it is inserted in log output function in function source code i.e.A system log is produced to monitor application program, no matter whether application program, which encrypts, can be monitored application program;
Application program can just be monitored application program when calling function, will not lead to the problem of wrong report;
The sandbox system that original system source code generates is modified, it is compatible with mobile terminal, it can be widely used in mobile wholeIn end.
Specific embodiment
To make the purpose of the present invention, technical solution and effect clearer, clear and definite, right as follows in conjunction with drawings and embodimentsThe present invention is further described.It should be appreciated that described herein, specific examples are only used to explain the present invention, is not used toLimit the present invention.
Referring to FIG. 1, being equipped with system in existing mobile terminal, user installs and runs using journey in system environmentsSequence, such as Android system is installed in smart phone, it installed in Android system, run different apk files (application program textPart).The application program of installation in the terminal can obtain the letter stored in mobile terminal by way of calling system functionThe information of breath or mobile terminal itself, if by compiling system function to generate sandbox system, when application call systemWhen function obtains information, sandbox system generates system log according to the system function of calling, can be monitored and be answered by system logUse program.
Referring to FIG. 2, generating sandbox system firstly the need of modification original system, specific implementation step, application and principle are as follows:
Modification original system needs to position the source code in original system, and positioning source code then needs specifically to determine application programWhich the information for obtaining mobile terminal specifically includes.Thus, modification original system obtains information of mobile terminal row firstly the need of definitionFor.
S100, definition obtain information of mobile terminal behavior:
In one embodiment of the invention, the mobile terminal is smart phone, and application program obtains mobile terminal letterBreath behavior includes:
Inquiry deletes the short message stored in mobile terminal, inquiring call history, inquiry address list, obtains mobile terminalMobile device world identification code (IMEI), obtain installation in the terminal the international mobile subscriber identity (IMSI) of SIM card,Phone number is recorded by mobile terminal or inquires recording file, the camera for opening mobile terminal, positioning, obtains movement eventuallyAdministrator's permission (Root authority) at end.
S200 positions source code:
Information of mobile terminal behavior is obtained according to application program, can position what original system domestic demand in mobile terminal to be modifiedSource code, by taking Android system is the smart phone of operating system as an example, below in conjunction with above-mentioned acquisition information of mobile terminal behaviorIt is illustrated respectively:
1. inquiry deletes short message, inquires position of the class file of address list, inquiring call history in smart phone:rameworks/base/core/java/android/content/ContentResolver.java
1.1. short message respective function source code is deleted are as follows:
public final int delete(@NonNull Uri url,@Nullable String where,
@Nullable String[]selectionArgs)
When the first parameter is " content: //sms ", short message behavior is deleted in triggering.
1.2. short message enquiry respective function source code are as follows:
public final@Nullable Cursor query(final@NonNull Uri uri,@NullableString[]projection,
@Nullable String selection,@Nullable String[]selectionArgs,
@Nullable String sortOrder,@Nullable CancellationSignalcancellationSignal)
Show to trigger short message enquiry behavior when the first parameter is " content: //sms ".
1.3. inquiring call history respective function source code are as follows:
public final@Nullable Cursor query(final@NonNull Uri uri,@NullableString[]projection,
@Nullable String selection,@Nullable String[]selectionArgs,
@Nullable String sortOrder,@Nullable CancellationSignalcancellationSignal)
Show to trigger inquiring call history behavior when the first parameter is " content: //call_log/calls ".
1.4. address list respective function source code is inquired are as follows:
public final@Nullable Cursor query(final@NonNull Uri uri,@NullableString[]projection,
@Nullable String selection,@Nullable String[]selectionArgs,
@Nullable String sortOrder,@Nullable CancellationSignalcancellationSignal)
Show to trigger inquiring call history row when the first parameter is " content: //com.android.contacts "For.
2. obtaining the mobile device world identification code (IMEI) of smart phone, acquisition is mounted on SIM card in smart phonePosition of the class file in smart phone of international mobile subscriber identity (IMSI), phone number:
frameworks/base/telephony/java/android/telephony/TelephonyManager.java
2.1. international mobile subscriber identity (IMSI) the respective function source code for being mounted on SIM card in smart phone is obtainedAre as follows: public String getImei (int slotId)
2.2. the mobile device world identification code (IMEI) the respective function source code for being mounted on smart phone is obtained are as follows:
public String getImei()
2.3. the phone number respective function source code for installing SIM card in the terminal is obtained are as follows:
public String getLine1NumberForSubscriber(int subId)
3. opening position of the class file of smart phone recording in smart phone:
frameworks/base/media/java/android/media/AudioRecord.java
Open the respective function source code of smart phone recording are as follows:
public void startRecording(MediaSyncEvent syncEvent)
4. opening position of the class file of the camera of smart phone in smart phone:
frameworks/base/core/java/android/hardware/camera2/CameraManager.java
Open the respective function source code of the camera of smart phone are as follows:
public void openCamera(@NonNull String cameraId,
@NonNull final CameraDevice.StateCallback callback,@Nullable Handlerhandler)
5. position of the class file of positioning intelligent mobile phone in smart phone:
frameworks/base/location/java/android/location/LocationManager.java
The respective function source code of positioning intelligent mobile phone are as follows:
public Location getLastLocation()
6. obtaining position of the class file of administrator's permission (Root authority) of mobile terminal in smart phone:
libcore/luni/src/main/java/java/lang/Runtime.java
Obtain the respective function source code of administrator's permission (Root authority) of mobile terminal are as follows:
public Process exec(String[]progArray,String[]envp,File directory)
Show that triggering obtains root authority behavior when in the first parameter including " su ".
S300 is inserted into log output function in source code:
Log output function is inserted into or added in above-mentioned respective function source code, and log output function is executing corresponding letterA system log is exported when number source code, thus, when application call system function is to obtain cellphone information, systemLog output function in function produces and output system log, and user, which can monitor application program by system log, isNo acquisition cellphone information.
S400, compiling generate sandbox system:
System after modification source code, which is compiled, generates sandbox system, in a preferred embodiment of the invention, modificationSystem after source code is compiled into sandbox system by the-j order of make.Code compilation at system can there are many compile mode,Wherein the compiling mode of make-j order can be stablized, quickly by code compilation at system file.In other realities of the inventionIt applies in example, source code can also be compiled into the compiling mode of system by other realizations.
S500 installs sandbox system in the terminal:
The sandbox system of generation is installed in the terminal to be monitored to the application program being mounted in sandbox system,Wherein, sandbox system is installed in the terminal by fastboot, can also be installed by recovery in the terminal,Mounting means is selected according to the usage mode of user.
The present invention is monitored application program by being inserted into log output function in original system source code, works as application programWhen obtaining information of mobile terminal, the corresponding function source code of system in mobile terminal is called, sandbox system will be by being inserted in sourceCode in log output function output system log, play the role of monitor application program, no matter application program whether reinforce orEncryption, once application program calling system function will generate system log, reinforce or encrypt with application program itself it is unrelated, noIt will affect monitoring of the sandbox system to application program.Moreover, the present invention is to modify to generate sandbox to the system of mobile terminalSystem not will cause sandbox system and the incompatible problem of mobile terminal, and before usage mode and insertion log output functionUsage mode it is identical, not will cause user's problem inconvenient for use, can be widely used among mobile terminal.
S600 installs test application program:
After sandbox system is installed in the terminal, test application program is installed in sandbox system to test sandbox systemIt unites and obtains the monitoring of information of mobile terminal to application program.
In sandbox system, sandbox system and application of the application program when obtaining information of mobile terminal, in mobile terminalProgram is according to process flow operation shown in Fig. 3:
R100, application program, which executes, obtains information of mobile terminal behavior;
R200, sandbox system receives and executing application is requested;
R300, sandbox system pass through the output system log of log output function.
It is described in one embodiment of the present of invention in order to accurately illustrate sandbox system is how to monitor application programLog output function is as follows, wherein the behavior TYPE of the log output function is needed according to the above-mentioned respective function source code of insertionPosition modification replace with corresponding function:
In above-mentioned log output function, the system log of generation includes: to obtain the application journey of information of mobile terminal behaviorThe UID of sequence, method call stack, the triggered time for obtaining information of mobile terminal behavior and uniform resource locator are executed.
Wherein, when UID is that application program is installed in the terminal, system distributes to the mark of application program, as long as obtainingTake UID, so that it may find the application program for obtaining mobile terminal, prevent from reporting by mistake.
In one embodiment of the invention, in mobile terminal, the programming language that sandbox system and application program use isJava voice, in Java language, each method can generate a corresponding method stack when being executed, describe for simplicity,By application executing method generate method stack become goal approach stack, system execute method generate method stack be referred to as beSystem method stack:
Application executing method is to obtain information of mobile terminal, and generate goal approach stack;
System receives the solicited message of application program, executes method as transmission information of mobile terminal to application program, andSystems approach stack is generated, which can be by the goal approach record stack of calling system method in systems approach stack, such asFruit obtains systems approach stack, so that it may be accurately positioned in application program, obtain the position of information of mobile terminal function.Due to beingSystem method stack has application program development request, calls and generate, thus systems approach stack is one kind of method call stack.RootAccording to the function for obtaining information of mobile terminal in method call stack positioning application program, the accuracy of monitoring may further ensure that,No matter whether application program encrypts, and the purpose of monitoring application program may be implemented.
Triggered time and uniform resource locator indicate that application program obtains time and the position of information of mobile terminal, are convenient forUser monitoring provides additional monitoring data for user.
In one embodiment of the invention, when sandbox system is Android system, sandbox system is at runtime using lifeIt enables adb logcat obtain corresponding system log in real time, makes due to containing UID in log when analysis log generates resultThe user behaviors log that the corresponding application program of UID is individually exported with grep combination UID order, achievees the purpose that monitoring.If there is defeatedLog out illustrates there is the behavior for obtaining information of mobile terminal in application program
Referring to FIG. 4, the invention proposes a kind of mobile terminal, which includes processing on the basis of above-mentionedDevice and memory, the sandbox system that the memory storage can be executed by the processor, the sandbox system is by the processingThe step of method such as above-mentioned sandbox monitoring application program is realized when device executes.The mobile terminal passes through sandbox system monitoringThe application program being mounted in the mobile terminal obtains the behavior of the information of mobile terminal, increases the letter of the mobile terminalSecurity performance is ceased, the system log that user generates according to the sandbox system being mounted in the mobile terminal understands application programThe case where obtaining the information of mobile terminal prevents information of mobile terminal from revealing.
The present invention also proposes a kind of storage medium, and the storage medium is stored with one or more programs, it is one orMultiple programs can be executed by one or more processors, the method to realize above-mentioned sandbox monitoring application program.
It is inserted into log output function in source code, when executing source code, is necessarily performed simultaneously log output function and gives birth toAt system log, it is only the mode for being inserted into output journal in the implementation procedure of source code, application program and sandbox system will not be generatedIt unites incompatible problem, it can be generally applicable.The mode of sandbox system output journal is by application call sandbox systemWhat interior method was realized, application program may be recorded in when obtaining information of mobile terminal to sandbox system request by interfaceIn the system log of output, no matter whether application program is reinforced, and can be positioned to application program, is positioned have by UID respectivelyThe application program of body, method call stack position the function for obtaining information of mobile terminal in application program, avoid decompiling applicationThe problem of being reported by mistake caused by program, meanwhile, Decompilation is bypassed, the application program of reinforcing can be equally monitored.
It should be understood that the application of the present invention is not limited to the above for those of ordinary skills canWith improvement or transformation based on the above description, all these modifications and variations all should belong to the guarantor of appended claims of the present inventionProtect range.