Thanks for your informative replies. my thoughts are that privileges could solve the problem. Static analysis might also help. There needs to be some level of trust, reputation can, once established be valuable too.
It is possible to create a subprocess in java, but the jvm itself only has one process. Thanks, Peter. Sent from my Samsung device. Include original message ---- Original message ---- From: [email protected] Sent: 17/11/2015 10:00:01 pm To: [email protected] Subject: Dev Digest, Vol 27, Issue 11 Send Dev mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.tizen.org/listinfo/dev or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Dev digest..." Today's Topics: 1. Re: tizen public api - java (Mats Wichmann) 2. Re: tizen public api - java (Carsten Haitzler) 3. Re: tizen public api - java (Peter) ---------------------------------------------------------------------- Message: 1 Date: Mon, 16 Nov 2015 07:43:48 -0700 From: Mats Wichmann <[email protected]> To: [email protected] Subject: Re: [Dev] tizen public api - java Message-ID: <[email protected]> Content-Type: text/plain; charset=windows-1252 On 11/14/2015 05:44 PM, Peter wrote: > The libraries used by the jvm are: > > linux-gate.so1 > libdl.so2 > libc.so.6 > libm.so.6 > libpthread.so.0 > ld-linux.so.2 > > With my investigation so far it's quite easy to embed the jvm in a tizen > ui application. > > The Elementary and app libraries are easy to work with using java and c. > > The question now is, would an application that uses the above libraries > be accepted into the tizen store? that list at least looks harmless, it's just "libc" plus linux-gate is the virtual shared object from the kernel that appears in some implementations (I think some show it as linux-vdso, and not sure what tizen does here). unfortunately none of us can predict with high accuracy what's in the list of allowed interfaces. there are some things you should not do that libc on the surface allows you to do (like launching another process via exec, you need to use the tizen app launching system instead) - so it might be a question what your jvm does internally. ------------------------------ Message: 2 Date: Tue, 17 Nov 2015 11:07:19 +0900 From: Carsten Haitzler <[email protected]> To: Mats Wichmann <[email protected]> Cc: [email protected] Subject: Re: [Dev] tizen public api - java Message-ID: <20151117110719.06b4803b@fatty> Content-Type: text/plain; charset=US-ASCII On Mon, 16 Nov 2015 07:43:48 -0700 Mats Wichmann <[email protected]> wrote: > On 11/14/2015 05:44 PM, Peter wrote: > > The libraries used by the jvm are: > > > > linux-gate.so.1 > > libdl.so2 > > libc.so.6 > > libm.so.6 > > libpthread.so.0 > > ld-linux.so.2 > > > > With my investigation so far it's quite easy to embed the jvm in a > > tizen ui application. > > > > The Elementary and app libraries are easy to work with using java > > and c. > > > > The question now is, would an application that uses the above > > libraries be accepted into the tizen store? > > that list at least looks harmless, it's just "libc" plus linux-gate is > the virtual shared object from the kernel that appears in some > implementations (I think some show it as linux-vdso, and not sure what > tizen does here). > > unfortunately none of us can predict with high accuracy what's in the > list of allowed interfaces. there are some things you should not do > that libc on the surface allows you to do (like launching another > process via exec, you need to use the tizen app launching system > instead) - so it might be a question what your jvm does internally. this is currently an ongoing discussion that policies of tizen appstore and sdk are counter-productive to developers. api's are locked down now (literally apps banned if they use anything outside of it) and this is causing a series of issues i am now seeing. reality is though... any locking down of apis can be gotten past with dlsym() and if that were to be banned.. compile into your binary your own efl parser + linker to replace dl*(). tizen'd have to ban open and mmap to stop this. even then you can do your own syscallls... so syscalls would need to be banned directly... and well then... you may as well not have apps then. :) so right now my general advice to any development on tizen is - use dlsym() to work around api issues. you at LEAST have to also handle the failure case (it returns null). :) the proper solution is to not be so developer-hostile to begin with. ------------------------------ Message: 3 Date: Tue, 17 Nov 2015 19:01:17 +1000 (AEST) From: Peter <[email protected]> To: "[email protected]" <[email protected]> Subject: Re: [Dev] tizen public api - java Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" Sent from my Samsung device. ??Include original message ---- Original message ---- From: Peter <[email protected]> Sent: 15/11/2015 10:44:36 am To: [email protected] <[email protected]> Subject: tizen public api - java The libraries used by the jvm are: linux-gate.so.1 libdl.so.2 libc.so.6 libm.so.6 libpthread.so.0 ld-linux.so.2 With my investigation so far it's quite easy to embed the jvm in a tizen ui application. ? The Elementary and app libraries are easy to work with using java and c. The question now is, would an application that uses the above libraries be accepted into the tizen store? Regards, Peter. Sent from my Samsung device. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.tizen.org/pipermail/dev/attachments/20151117/69f3eb41/attachment-0001.html> ------------------------------ Subject: Digest Footer _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev ------------------------------ End of Dev Digest, Vol 27, Issue 11 ***********************************
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
