| 摘要 |
Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g., a trusted) access controlling (or monitoring) system (or component) can control access to resources of a computing environment. For example, a trusted access monitoring system can be provided in a secure and trusted operating environment utilizing Mandatory Access Control (MAC) capabilities of a secure operating system (e.g., SELinux Operating System).
|
