公开(公告)号：US08978094B2

公开(公告)日：2015-03-10

申请号：US13624828

申请日：2012-09-21

Applicant: Apple Inc.

Inventor： Peter Kiehtreiber ,  Jacques A. Vidrine ,  Christopher S. Linn ,  Randy D. Saldinger ,  Braden J. Thomas

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/51 ,  H04L63/1433 ,  H04L63/1441

Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.

公开(公告)号：US08874905B2

公开(公告)日：2014-10-28

申请号：US13729014

申请日：2012-12-27

Applicant: Apple Inc.

Inventor： Jussi-Pekka Mantere, III ,  Alexander Tony Maluta ,  John William Scalo ,  Eugene Ray Tyacke ,  Bruce Gaya ,  Michael John Smith ,  Peter Kiehtreiber ,  Simon P. Cooper

IPC: H04L29/00 ,  H04L29/06 ,  G06F21/60

CPC classification number: G06F9/5005 ,  G06F9/54 ,  G06F21/44 ,  G06F21/602 ,  H04L63/104

Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.

Abstract translation: 资源限制与用户标识符相关联。 资源限制代理接收与资源相关的操作系统调用，并向资源代理提供资源请求数据。 资源代理基于资源请求数据和资源限制数据确定资源是否被限制，并且基于该确定生成访问数据。 资源限制代理根据访问数据授予或拒绝系统调用。