Disclosure of Invention
The application provides a process processing method, a device, electronic equipment and a storage medium, which are used for solving the defects that whether a new process is an abnormal process or not cannot be accurately judged in the prior art.
The first aspect of the present application provides a process processing method, including:
acquiring process information of all current processes of the terminal;
constructing a process pool according to the calling relation between the processes represented by the process information;
when the terminal exits any process, synchronously updating the process pool to maintain the process pool in real time;
and when the terminal generates a new process, performing reliability detection on the new process based on the process pool to obtain a reliability detection result of the new process.
In an optional implementation manner, the creating a process pool according to the calling relationship between the processes characterized by the process information includes:
determining a parent process of each process according to the calling relation between the processes represented by the process information;
and constructing a process pool according to the parent process of each process and the attribute information of each process represented by the process information.
In an alternative embodiment, the constructing a process pool according to the attribute information of each process characterized by the parent process of each process and the process information includes:
for any process, distributing process nodes for the process in a process pool;
Determining a parent node of the process node according to the parent process of the process, and establishing a connection relationship between the parent node and the process node;
and configuring the characteristic value of the process node according to the attribute information of the process to obtain a process pool for reflecting the calling relation among the processes and the attribute information of the processes.
In an optional implementation manner, when the terminal exits any process, the process pool is synchronously updated to maintain the process pool in real time, including:
when the terminal exits any process, judging whether the current exiting process has a subprocess or not;
and if the current exiting process is determined to have no subprocess, deleting the target process node corresponding to the current exiting process in the process pool.
In an alternative embodiment, the method further comprises:
if the current exiting process is determined to have a sub-process, traversing the process pool to locate a target sub-process of the current exiting process;
and modifying the parent process of the target child process in the process pool as the parent process of the current exiting process.
In an alternative embodiment, if it is determined that the current exit process has a sub-process, traversing the process pool to locate a target sub-process of the current exit process, including:
If the current exiting process is determined to have a sub-process, reading the characteristic value of the target process node;
judging whether the current exiting process carries a preset rule tag or not according to the characteristic value reading result;
if the current exiting process is determined to carry a preset rule tag, judging whether the current exiting process carries a trusted mark or not;
if the current exit process carries a trusted flag, traversing the process pool to locate a target sub-process of the current exit process.
In an alternative embodiment, the method further comprises:
if the current exiting process is determined to not carry a preset rule label or a trusted label, judging whether a storage path of the current exiting process is a pre-review white list path or not;
if the storage path of the current exiting process is determined to be a pre-audit white list path, traversing the process pool to locate a target subprocess of the current exiting process;
and updating the characteristic value of the target sub-process in the process pool according to the attribute information of the current exiting process.
In an alternative embodiment, the method further comprises:
if the storage path of the current exiting process is not the pre-examination white list path, judging whether the source storage path of the current exiting process is the preset white list path or not;
If the source storage path of the current exiting process is determined to be a preset white list path, traversing the process pool to locate a target subprocess of the current exiting process;
and updating the characteristic value of the target sub-process in the process pool according to the attribute information of the current exiting process.
In an optional implementation manner, when the terminal generates a new process, based on the process pool, performing reliability detection on the new process to obtain a reliability detection result of the new process, including:
when the terminal generates a new process, process information of the new process is acquired;
adding a new process node corresponding to the new process to the process pool;
and carrying out reliability detection on the new process according to the characteristic value of the new process node in the process pool to obtain a reliability detection result of the new process.
In an optional implementation manner, the performing reliability detection on the new process according to the characteristic value of the new process node in the process pool to obtain a reliability detection result of the new process includes:
judging whether the new process carries a preset rule tag or not;
If the new process is determined to carry a preset rule tag, judging whether the new process carries a trusted flag or not;
if the new process carries the credibility mark, the credibility detection result of the new process is determined to be normal.
In an alternative embodiment, the method further comprises:
if the new process is determined to not carry a preset rule tag or a trusted flag, judging whether a storage path of the new process is a pre-review white list catalog;
and if the storage path of the new process is the pre-review white list directory, determining that the reliability detection result of the new process is normal.
In an alternative embodiment, the method further comprises:
if the storage path of the new process is not the pre-review white list directory, judging whether the source storage path of the new process is a preset white list path or not;
if the source storage path of the new process is a preset white list path, determining that the reliability detection result of the new process is normal;
and if the source storage path of the new process is not the preset white list path, determining that the reliability detection result of the new process is abnormal.
A second aspect of the present application provides a process processing apparatus, including:
The acquisition module is used for acquiring the process information of all the current processes of the terminal;
the construction module is used for constructing a process pool according to the calling relation between the processes represented by the process information;
the maintenance module is used for synchronously updating the process pool when the terminal exits any process so as to maintain the process pool in real time;
and the detection module is used for carrying out reliability detection on the new process based on the process pool when the terminal generates the new process, so as to obtain a reliability detection result of the new process.
A third aspect of the present application provides an electronic device, including: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executes the computer-executable instructions stored by the memory such that the at least one processor performs the method as described above in the first aspect and the various possible designs of the first aspect.
A fourth aspect of the present application provides a computer-readable storage medium having stored therein computer-executable instructions which, when executed by a processor, implement the method as described above in the first aspect and the various possible designs of the first aspect.
The technical scheme of the application has the following advantages:
the application provides a process processing method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring process information of all current processes of the terminal; constructing a process pool according to the calling relation among the processes represented by the process information; when the terminal exits any process, synchronously updating the process pool to maintain the process pool in real time; and when the terminal generates a new process, performing reliability detection on the new process based on the process pool to obtain a reliability detection result of the new process. According to the method provided by the scheme, the process pool is synchronously updated through each process exit, so that the condition of broken chains is avoided, the father process of the new process can be determined when the terminal generates the new process, the real source of the new process can be traced, and whether the new process is an abnormal process or not can be accurately judged.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. In the following description of the embodiments, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
With the development of the internet, the popular cycle of computer malicious programs such as computer viruses, worms, trojan programs and the like is also shorter and shorter, and the safety of users is seriously endangered by a large number of viruses and various malicious files. Along with the continuous updating and changing of viruses, the method has important significance for the protection enhancement of terminal safety.
In order to prevent viruses from damaging a computer system, the prior art virus defense system takes measures to scan files downloaded into the computer in black and white, i.e. to determine whether the files belong to virus files (also called blacklist files) or security files (also called whitelist files) according to the prior art database or rules. The most fundamental is the detection of the application program in the terminal, however, the application program running in the system is the process, i.e. how to manage the process and how to control the execution of the process becomes the key.
In the prior art, a lot of process information is stored through a linked list structure, a tree structure and the like, however, the current process tree only has active process information, so that the situation of broken links (such as common orphan processes) can not be found at all when rules are matched, the relationship between the parent processes cannot be established, and the real sources cannot be traced, so that the situation of incapacity is caused when the processes are managed or controlled, and the limit of the eBPF technology itself, such as a limited instruction set, 512 bytes, function use limit and the like, can not be clearly caused, so that the problem is frosted on snow.
In view of the above problems, embodiments of the present application provide a process processing method, an apparatus, an electronic device, and a storage medium, where the method includes: acquiring process information of all current processes of the terminal; constructing a process pool according to the calling relation among the processes represented by the process information; when the terminal exits any process, synchronously updating the process pool to maintain the process pool in real time; and when the terminal generates a new process, performing reliability detection on the new process based on the process pool to obtain a reliability detection result of the new process. According to the method provided by the scheme, the process pool is synchronously updated through each process exit, so that the condition of broken chains is avoided, the father process of the new process can be determined when the terminal generates the new process, the real source of the new process can be traced, and whether the new process is an abnormal process or not can be accurately judged.
The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
First, a description will be given of a configuration of a process processing system on which the present application is based:
the process processing method, the device, the electronic equipment and the storage medium provided by the embodiment of the application are suitable for detecting the credibility of the process of the terminal. Fig. 1 is a schematic structural diagram of a process processing system according to an embodiment of the present application, which mainly includes a data acquisition device, a process pool, and a process processing device. Specifically, the data acquisition device is used for acquiring process information of all current processes of the terminal, sending the obtained process information to the process processing device, constructing a process pool according to the obtained process information, synchronously updating the process pool, and detecting the credibility of the new process according to the constructed process pool when the new process is generated.
The embodiment of the application provides a process processing method which is used for detecting the credibility of a process of a terminal. The execution body of the embodiment of the application is electronic equipment, such as a server, a desktop computer, a notebook computer, a tablet computer and other electronic equipment capable of being used for detecting the credibility of the process of the terminal.
As shown in fig. 2, a flow chart of a process processing method provided in an embodiment of the present application is shown, where the method includes:
step 201, process information of all processes of the terminal at present is obtained.
The process information may include tag information, parent process information, child process information, storage path, and the like carried by the process.
Specifically, the process information of all the current processes can be obtained by using the/proc virtual file system and stored into the eBPF map structure.
Step 202, constructing a process pool according to the calling relation among the processes represented by the process information.
The calling relationship mainly characterizes which process the parent process of each process is, and particularly, the calling relationship among the processes can be recorded in a structural tree mode.
Specifically, the currently created process pool is an initial state of the process pool, the process pool includes a plurality of nodes, each Node corresponds to a Node, and key and value fields in each Node are set as follows: the default value of the node version (carrying a preset rule tag) is-1, the trusted rule source (a pre-audit white list path) is empty, the sub-process count is-1, and other fields are accurately assigned according to the checked information.
It should be noted that, the process pool may be referred to as a trust chain, the trust chain is based on a process, and a basic inter-process call relationship is constructed through a process PID and a PPID, and is limited to the characteristics of an eBPF technology. Process paths, parent process identification, node version, trusted flag, trusted rule source, child process count, and may also include other process information such as startup parameters, command lines, etc. availability information.
And 203, when the terminal exits any process, synchronously updating the process pool to maintain the process pool in real time.
Specifically, when a process exits from the terminal, the process pool is synchronously updated according to the calling relation between the current exiting process and other processes in the process pool, so that the child process of the current exiting process cannot find the parent process in the process pool, and the child process becomes an orphan process.
Specifically, for the real-time maintenance mode of the process pool, the code security injection technology (Hook) of the eBPF can be adopted in the kernel mode of the eBPF program to respectively intercept data when the process is executed and exited, such as a system call mount point sched_process_exec and sched_process_exit, and a type mount point such as a KBtube or LSM can also be used.
And 204, when the terminal generates a new process, performing reliability detection on the new process based on the process pool to obtain a reliability detection result of the new process.
Specifically, when the terminal generates a new process, the new process may be added to the process pool first to determine a calling relationship before the new process goes to other processes in the process pool, and reliability detection is performed on the new process according to the process attribute information reflected by the value field of the new process, so as to obtain a reliability detection result of the new process, so as to determine whether the new process is an abnormal process. And if the new process is determined to be an abnormal process, stopping the process behavior of the new process so as to avoid the terminal from being attacked maliciously.
On the basis of the above embodiment, as an implementation manner, in an embodiment, the process pool is constructed according to the calling relationship between the processes characterized by the process information, including:
step 2021, determining a parent process of each process according to the calling relationship between each process represented by the process information;
step 2022, constructing a process pool according to the parent process of each process and attribute information of each process characterized by the process information.
Specifically, the node relation of each process in the process pool can be determined according to the calling relation between each process represented by the process information, and the value field and the like of the node corresponding to each process can be determined according to the attribute information of the process.
Specifically, in one embodiment, for any process, a process node is allocated to the process in a process pool; determining a parent node of the process node according to the parent process of the process, and establishing a connection relationship between the parent node and the process node; and configuring characteristic values of the process nodes according to the attribute information of the processes to obtain a process pool for reflecting calling relations among the processes and the attribute information of the processes.
The characteristic value of the process node is the value field.
Specifically, for any process, a process node is firstly allocated to the process in a process pool, then a parent process of the process is determined according to the calling relationship of the process, the node corresponding to the parent process is positioned, namely the parent node of the process is determined, and then the relationship between the parent node and the process node is established so as to advance the calling relationship of the parent node and the process node in the process pool. And then configuring characteristic values for the process nodes according to the attribute information of the process.
On the basis of the foregoing embodiment, as an implementation manner, in an embodiment, when the terminal exits any process, the process pool is synchronously updated to maintain the process pool in real time, including:
Step 2031, when the terminal exits any process, judging whether the current exiting process has a sub-process or not;
step 2032, if it is determined that the current exit process has no sub-process, deleting the target process node corresponding to the current exit process from the process pool.
Specifically, as shown in fig. 3, an exemplary process pool maintenance flow chart provided in this embodiment of the present application is shown, after a terminal kernel captures that a process exits, a user state is notified through a perf event, after the user state receives the event of the process exit, a libbpf help function is first used to obtain process information, a process identifier is used to search a corresponding process node in a process pool, whether the sub-process count of the current exiting process (process a) is 0 (whether the node a.child count is equal to 0) is determined, if so, no sub-process of the current exiting process is characterized, and therefore, the current node (the process node corresponding to the current exiting process) is directly deleted from the process pool to update the process pool.
Accordingly, in one embodiment, if it is determined that the current exit process has a sub-process, traversing the process pool to locate a target sub-process of the current exit process; and modifying the parent process of the target child process in the process pool as the parent process of the current exiting process.
Specifically, the parent process of the target child process is modified in the process pool to be the parent process of the current exiting process, so that the situation that the child process of the current exiting process does not have the parent process in the process pool, namely, the occurrence of broken links is avoided.
Specifically, in one embodiment, if it is determined that the current exit process has a sub-process, the characteristic value of the target process node is read; judging whether the current exiting process carries a preset rule tag or not according to the characteristic value reading result; if the current exiting process is determined to carry the preset rule tag, judging whether the current exiting process carries a trusted mark or not; if the current exit process carries a trusted flag, traversing the process pool to locate a target sub-process of the current exit process.
Specifically, firstly, a process node of a current exiting process is located in a process pool, the process node is used as a target process node, a value field of the target process is obtained to read a characteristic value of the target process node, and then whether the current exiting process carries a preset rule tag or not is judged according to a value of a node version in the characteristic value (NodeA. Version is equal to rule_version or not). If the current exit process is determined to carry a preset rule tag, further judging whether the current exit process carries a trusted flag (NodeA. Is trust is true or not); if the current exit process carries a trusted flag, characterizing the current exit process as a trusted process, finally, circularly traversing all nodes in a process pool, finding out a node with a parent process identifier as the current process identifier, positioning a target child process of the current exit process, changing the parent process identifier in the target child process node into the parent process of the current exit process (traversing the ppidNodex.ppid=NodeA.ppid of the child process of the update A), and finally deleting the process A.
Specifically, in an embodiment, if it is determined that the current exit process does not carry a preset rule tag or does not carry a trusted flag, determining whether a storage path of the current exit process is a pre-review whitelist path; if the storage path of the current exiting process is determined to be a pre-audit list path, traversing a process pool to locate a target sub-process of the current exiting process; and updating the characteristic value of the target sub-process in the process pool according to the attribute information of the current exiting process.
Specifically, if the current exiting process is determined to not carry a preset rule tag or a trusted flag, further using a rule base (judging whether the NodeA. Pid path > is trusted) for matching the storage path of the current exiting process, and if the matching is successful, characterizing that the storage path of the current exiting process is a pre-audit white list path. After locating the target sub-process, updating the characteristic value of each found target sub-process node: the trusted rule source is updated to the current exit process storage path, the trusted beacon is set to be trusted, the node version is set to be the rule base version, and the parent process identification is changed to be the parent process of the exit process.
Specifically, in an embodiment, if it is determined that the storage path of the current exit process is not the pre-review whitelist path, determining whether the source storage path of the current exit process is the pre-review whitelist path; if the source storage path of the current exiting process is determined to be a preset white list path, traversing a process pool to locate a target sub-process of the current exiting process; and updating the characteristic value of the target sub-process in the process pool according to the attribute information of the current exiting process.
Specifically, if the current exit process storage path matching rule base fails, the current exit process trusted rule source matching rule base is used (judging whether the NodeA. Trust path is trusted or not, if so, determining that the current exit process source storage path is a preset white list path, after locating the target sub-process, updating the characteristic value of each found target sub-process node, wherein the trusted rule source is updated to the current exit process source storage path, the beaconing is set to be trusted, the node version is set to be a rule base version, and the father process identification is changed to be the father process of the exit process (traversing the trust source Nox.trust_path=NodeA.pid_path or NodeA.trust_path of the sub-process of updating A; nodex.is_trust=true; nodex.version=rule_version).
It should be noted that PID means process PID is a unique identifier assigned to each process by the operating system for identifying, managing and operating the process. PID remains unique over the life cycle of a process and plays an important role in the operating system. PPID characterization Process PPID refers to the process ID of the parent process of a process, which is used in the operating system to identify hierarchical relationships and parent-child relationships between processes. Through PPID, the creation and relationship of processes can be tracked and understood, so that process management, inter-process communication and security control can be performed.
On the basis of the foregoing embodiment, as an implementation manner, in an embodiment, when a terminal generates a new process, performing reliability detection on the new process based on a process pool, to obtain a reliability detection result of the new process, including:
step 2041, when the terminal generates a new process, obtaining process information of the new process;
step 2042, adding a new process node corresponding to the new process to the process pool;
and 2043, performing reliability detection on the new process according to the characteristic value of the new process node in the process pool, and obtaining a reliability detection result of the new process.
Specifically, in one embodiment, whether the new process carries a preset rule tag is determined; if the new process is determined to carry the preset rule tag, judging whether the new process carries a trusted flag; if the new process carries the credibility mark, the credibility detection result of the new process is determined to be normal.
Further, in an embodiment, if it is determined that the new process does not carry the preset rule tag or the trusted flag, determining whether the storage path of the new process is a pre-review whitelist directory; if the storage path of the new process is the pre-review white list directory, determining that the reliability detection result of the new process is normal.
Further, in an embodiment, if the storage path of the new process is not the pre-review whitelist directory, determining whether the source storage path of the new process is a preset whitelist path; if the source storage path of the new process is a preset white list path, determining that the reliability detection result of the new process is normal; if the source storage path of the new process is not the preset white list path, determining that the reliability detection result of the new process is abnormal.
Specifically, as shown in fig. 4, an exemplary new process decision flow chart provided in the embodiment of the present application is shown, when a new process to be decided (process a) is received, a current Node in a process pool is first searched according to a process identifier (the process pool Node is read according to PID), whether a Node version of the current Node is consistent with a rule version is judged (whether node.version is equal to rule_version), if yes, and if yes, the new process is determined to be trusted, and if not, the next step of judgment is needed; matching a new process storage path of the current node with a rule base (node. Pid_path is credible or not), if the matching is successful, setting the beaconing mark of the current node as credible, setting the node version of the current node as a rule version, and if the matching is failed, carrying out the next judgment; judging whether a trusted rule source of the current node is matched with a rule base (whether node.trust_path is trusted or not), if so, setting a beaconing mark of the current node as trusted, setting a node version of the current node as a rule version (node.is_trust=true; node.version=rule_version; node A.is_trust=true NodeA.version=rule_version), and if so, judging that the new process is trusted, if so, judging that the new process is needed to be carried out next step; judging whether the parent process identification of the current new process is 1 (node.ppi is 1), if yes, the new process is not trusted, and if not, starting the next round of judgment with the parent process identification of the new process as key (pid=node.ppi) until the end. In Linux, a process whose process identifier is 1 is an init process (also referred to as systemd or SysV init). The first running process is responsible for starting and managing all other processes when the operating system is started. When a parent process is queried from the current process level to level until the parent process is identified as 1, the ancestor of the process tree is considered found and does not match the rule, so the process is not trusted.
The process processing method provided by the embodiment of the application obtains the process information of all the current processes of the terminal; constructing a process pool according to the calling relation among the processes represented by the process information; when the terminal exits any process, synchronously updating the process pool to maintain the process pool in real time; and when the terminal generates a new process, performing reliability detection on the new process based on the process pool to obtain a reliability detection result of the new process. According to the method provided by the scheme, the process pool is synchronously updated through each process exit, so that the condition of broken chains is avoided, the father process of the new process can be determined when the terminal generates the new process, the real source of the new process can be traced, and whether the new process is an abnormal process or not can be accurately judged. On the premise of eBPF technology, a complete trusted chain inquiry solution is provided from process pool construction and real-time maintenance to final trusted chain inquiry, and a foundation is laid for further improving the security of the terminal.
The embodiment of the application provides a process processing device, which is used for executing the process processing method provided by the embodiment.
Fig. 5 is a schematic structural diagram of a process processing device according to an embodiment of the present application. The process processing apparatus 50 includes: an acquisition module 501, a construction module 502, a maintenance module 503 and a detection module 504.
The acquisition module is used for acquiring process information of all the current processes of the terminal; the construction module is used for constructing a process pool according to the calling relation among the processes represented by the process information; the maintenance module is used for synchronously updating the process pool when the terminal exits any process so as to maintain the process pool in real time; and the detection module is used for carrying out reliability detection on the new process based on the process pool when the terminal generates the new process, so as to obtain a reliability detection result of the new process.
The specific manner in which the respective modules perform operations in relation to the process processing apparatus in this embodiment has been described in detail in relation to the embodiment of the method, and will not be described in detail here.
The process processing device provided in the embodiment of the present application is configured to execute the process processing method provided in the foregoing embodiment, and its implementation manner and principle are the same and are not described in detail.
The embodiment of the application provides an electronic device for executing the process processing method provided by the embodiment.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device 60 includes: at least one processor 61 and a memory 62.
The memory stores computer-executable instructions; at least one processor executes computer-executable instructions stored in the memory, causing the at least one processor to perform the process processing method as provided by the embodiments above.
The electronic device provided in the embodiment of the present application is configured to execute the process processing method provided in the foregoing embodiment, and its implementation manner and principle are the same and are not described in detail.
The embodiment of the application provides a computer readable storage medium, in which computer executable instructions are stored, and when a processor executes the computer executable instructions, the process processing method provided in any embodiment is implemented.
The storage medium including the computer executable instructions provided in the embodiments of the present application may be used to store the computer executable instructions of the process processing method provided in the foregoing embodiments, and the implementation manner and the principle of the implementation are the same, and are not repeated.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. The specific working process of the above-described device may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.