I want the plugins to perform some calculations for me. So I want to call code inside them, and let them call some methods I define if they need to talk to the world, but otherwise don't want them having access to the UI, or being able to send intents to other apps (even things which would otherwise not have a permission associated with them). In other words, I trust them about as much as a web browser trusts the scripts on a web page.
On Wed, Jan 13, 2010 at 5:32 PM, Chris Palmer <[email protected]> wrote: > What kind of attack are you trying to prevent? > > On Jan 13, 2010 1:36 PM, "Yuliy Pisetsky" <[email protected]> wrote: > > I'm trying to write an app that will allow plugins (in the form of > JARs with a few classes), but I don't want them to be able to interact > with other applications on the device except through my own API. Are > there any nice ways of preventing code from broadcasting arbitrary > intents? If this isn't realistic at runtime, would a static analysis > that just searched for anything involving reflection or constructing > an Intent be sufficient? >
