Hi Andrew,
To make matters worse, the plugin requirements may change over time,
meaning that a system upgrade may break the app because the app
didn't request access to some features required by the updated plugins.
Application shouldn't know/care about how does plugin work. Plugins
are parts of the system and shouldn't be sandboxed.
How to you sandbox a native app without affecting plugins? They all live
within the same process, the same virtual address space. I don't think
it's possible to reliably track a system call back to the
executable/shared library it originated from, even with DEP (data
execution prevention) enabled. Without DEP it's plain impossible.
With the interpreted code like Java it's certainly doable. With the
native code, I very much doubt it.
Cheers,
Slava
I don't know much about implementation, but Ubuntu Touch somehow
archives this with AppArmor.
Regards,
Andrew
_______________________________________________
SailfishOS.org Devel mailing list
To unsubscribe, please send a mail to devel-unsubscr...@lists.sailfishos.org
