Search

CN-122020648-A - Multi-application management and control method, device and storage medium

CN122020648ACN 122020648 ACN122020648 ACN 122020648ACN-122020648-A

Abstract

The application relates to a multi-application management and control method, a device, a computer device and a storage medium, which are applied to an enterprise mobile management client, wherein the method comprises the steps of registering a plurality of monitoring events in a main process, wherein the plurality of monitoring events comprise target monitoring events; and the container process executes a management and control strategy corresponding to the target monitoring event according to the first management and control strategy mapping table so as to realize multi-application management and control. Therefore, the technical scheme of the application can realize interaction isolation and responsibility splitting, and the main process only bears the functions of event monitoring, interface docking and forwarding and does not participate in core strategy execution and sensitive data processing. The container process is used as an independent security domain and is specially responsible for policy execution, so that direct interaction of each application to the outside is effectively isolated. The clear design of the responsibility boundary blocks the diffusion path of malicious attacks from the architecture level, and provides reliable guarantee for enterprise data security.

Inventors

  • HE HUARONG
  • CHEN FENG
  • HUANG JIE
  • WANG ZHI

Assignees

  • 深圳市联软科技股份有限公司

Dates

Publication Date
20260512
Application Date
20260107

Claims (10)

  1. 1. A method for multi-application management and control, the method being applied to an enterprise mobility management client, the enterprise mobility management client comprising a host process and a container process, the method comprising: registering a plurality of listening events in the master process, the plurality of listening events including a target listening event; When the target monitoring event is received, the main process forwards the target monitoring event to the container process; and the container process executes the management and control strategy corresponding to the target monitoring event according to a first management and control strategy mapping table so as to realize multi-application management and control, wherein the first management and control strategy mapping table comprises at least one monitoring event and at least one management and control strategy, and the at least one monitoring event corresponds to the at least one management and control strategy one by one.
  2. 2. The method of claim 1, wherein the master process forwarding the target snoop event to the container process when the target snoop event is received, comprises: When the target monitoring event is received, the main process judges whether the target monitoring event needs to be intercepted; if the target monitoring event does not need to be intercepted, the main process forwards the target monitoring event to the container process.
  3. 3. The method according to claim 1, wherein the method further comprises: and when the target monitoring event is received, the main process executes a management and control strategy corresponding to the target monitoring event according to a second management and control strategy mapping table, wherein the second management and control strategy mapping table comprises at least one monitoring event and at least one management and control strategy, and the at least one monitoring event corresponds to the at least one management and control strategy one by one.
  4. 4. The method of claim 1, wherein if the target snoop event is a registered network change event, the container process executes a policing policy corresponding to the target snoop event according to a first policing policy mapping table, comprising: and the container process executes at least one operation of closing a network proxy function and switching to a preset network tunnel according to the first management and control strategy mapping table.
  5. 5. The method of claim 1, wherein if the target snoop event is a peripheral plug event, the container process executes a policing policy corresponding to the target snoop event according to a first policing policy mapping table, comprising: and the container process executes at least one operation of disabling a data line debugging function, disabling a storage device mounting function, disabling camera access rights and disabling microphone access rights according to the first management and control policy mapping table.
  6. 6. The method of claim 1, wherein if the target snoop event is a third party behavioral event, the container process executes a policing policy corresponding to the target snoop event according to a first policing policy mapping table, comprising: And the container process executes at least one operation of disabling a screen recording function, disabling a sharing function and disabling a clipboard function according to the first management and control policy mapping table.
  7. 7. The method of claim 1, wherein if the target snoop event is a top-level application change event, the container process executes a policing policy corresponding to the target snoop event according to a first policing policy mapping table, comprising: And the container process executes at least one operation of generating or updating the visual watermark overlay of the foreground application interface and switching to a preset visitor mode according to the first management and control strategy mapping table.
  8. 8. The method of claim 1, wherein if the target snoop event is an install event, the container process executes a policing policy corresponding to the target snoop event according to a first policing policy mapping table, comprising: And the container process executes at least one operation of prompting unauthorized application information and blocking unauthorized application installation according to the first management and control strategy mapping table.
  9. 9. A multi-application administration device for use with an enterprise mobility management client, the enterprise mobility management client comprising a host process and a container process, the device comprising: A registration unit, configured to register a plurality of listening events in the main process, where the plurality of listening events includes a target listening event; The forwarding unit is used for forwarding the target monitoring event to the container process by the main process when the target monitoring event is received; The first execution unit is used for executing the management and control strategy corresponding to the target monitoring event according to a first management and control strategy mapping table by the container process so as to realize multi-application management and control, wherein the first management and control strategy mapping table comprises at least one monitoring event and at least one management and control strategy, and the at least one monitoring event corresponds to the at least one management and control strategy one by one.
  10. 10. A computer readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method according to any of claims 1 to 8.

Description

Multi-application management and control method, device and storage medium Technical Field The present application relates to the field of mobile terminal management, and in particular, to a method and apparatus for managing and controlling multiple applications, and a storage medium. Background With the deep advancement of digital transformation and the comprehensive popularization of mobile office modes, various enterprise-level applications are emerging on the market. Such as OA systems, supply chain management software, and project management platforms, among others. Various enterprise applications have become a core carrier for supporting daily operations and improving work efficiency. The user can flexibly access different enterprise applications through the terminal equipment, and can efficiently complete tasks such as task approval, data input, cross-department collaboration and the like. However, diversification of enterprise applications and complications in access scenarios also present serious data security challenges. During the operation of enterprise applications, the transmission and storage of sensitive data such as trade secrets, customer privacy, internal configuration, etc. are involved. Once the problems of data leakage, illegal access or application unauthorized operation occur, huge economic loss and reputation risks are caused for enterprises. Therefore, implementing real-time and accurate monitoring and control on enterprise application at terminal side has become a core requirement for guaranteeing enterprise data security. Currently, conventional enterprise application management schemes mostly employ a single-process centralized processing architecture. The core design logic is that core function modules such as event monitoring, strategy decision, management and control execution and the like are integrated in the same main process of the client. However, this single-process centralized processing architecture presents significant security risks in practical applications. The host process inevitably involves interactions of sensitive data in executing policies, on the one hand, it is necessary to read core configuration data of enterprise mobility management (ENTERPRISE MOBILITY MANAGEMENT, EMM) clients, such as management policy parameters or enterprise security rules, and on the other hand, it is necessary to directly perform data transmission with enterprise application processes. Because the main process and the processes of various business applications are in the same operation environment, effective safety isolation is not formed, once the main process suffers from malicious attack, enterprise data leakage is extremely easy to occur, and thus systematic safety risks are caused. Disclosure of Invention The embodiment of the application provides a multi-application management and control method, a device, computer equipment and a storage medium, which aim to solve the technical problem of enterprise data leakage caused by a single-process centralized processing architecture. In a first aspect, an embodiment of the present application provides a multi-application management and control method, where the method is applied to an enterprise mobility management client, where the enterprise mobility management client includes a main process and a container process, and the method includes: registering a plurality of listening events in the master process, the plurality of listening events including a target listening event; When the target monitoring event is received, the main process forwards the target monitoring event to the container process; and the container process executes the management and control strategy corresponding to the target monitoring event according to a first management and control strategy mapping table so as to realize multi-application management and control, wherein the first management and control strategy mapping table comprises at least one monitoring event and at least one management and control strategy, and the at least one monitoring event corresponds to the at least one management and control strategy one by one. Optionally, when the target snoop event is received, the main process forwards the target snoop event to the container process, including: When the target monitoring event is received, the main process judges whether the target monitoring event needs to be intercepted; if the target monitoring event does not need to be intercepted, the main process forwards the target monitoring event to the container process. Optionally, the method further comprises: and when the target monitoring event is received, the main process executes a management and control strategy corresponding to the target monitoring event according to a second management and control strategy mapping table, wherein the second management and control strategy mapping table comprises at least one monitoring event and at least one management and control strategy, and the at le