Methods for handling a file associated with a program in a restricted program environment

摘要

Techniques for handling a file associated with a program are described herein. According to an aspect of the invention, in response to a request for accessing a file received through a first program, the file is stored in a first sandboxed storage area, where the file is to be accessed by a second program. An atomic move operation is then performed on the file that atomically moves the file from the first sandboxed storage area to a second sandboxed storage area, where the first sandboxed storage area is not accessible to the first program and second program. The second program is launched to access the file stored in the second sandboxed storage area, where the second sandboxed storage area is a part of a sandbox associated with the second program.

主权项

1. A machine-implemented method for handling a file associated with a program, the method comprising:
in response to a request for accessing a file that is received through a first program, storing the file in a first sandboxed storage area associated with a first sandbox associated with the first program, wherein the file is to be accessed by a second program; replicating the file from the first sandboxed storage area to a second sandboxed storage area that is associated with a second sandbox, wherein the second sandboxed storage area is not accessible by either the first program or the second program; performing a content analysis on the file within the second sandbox to determine whether the file contains malicious content; performing an atomic move operation on the file that atomically moves the file from the second sandboxed storage area to a third sandboxed storage area associated with a third sandbox, in response to determining that the file does not contain malicious content; and invoking the second program to access the file stored in the third sandboxed storage area within the third sandbox, wherein the third sandbox is not accessible by the first program.