On Wednesday, September 7, 2016 4:20:04 PM MSK, Slava Monich
<slava.mon...@jolla.com> wrote:
Hi Andrew,
To make matters worse, the plugin requirements may change over time,
meaning that a system upgrade may break the app because the app
didn't request access to some features required by the updated plugins.
Application shouldn't know/care about how does plugin work. Plugins
are parts of the system and shouldn't be sandboxed.
How to you sandbox a native app without affecting plugins? They all live
within the same process, the same virtual address space. I don't think
it's possible to reliably track a system call back to the
executable/shared library it originated from, even with DEP (data
execution prevention) enabled. Without DEP it's plain impossible.
With the interpreted code like Java it's certainly doable. With the
native code, I very much doubt it.
Cheers,
Slava
That's why I wrote this:
I don't know much about implementation, but Ubuntu Touch somehow
achieves this with AppArmor.
AFAIK, at least for QML plugins it runs them in separate processes and
application communicates with them via DBus. All seamlessly for developer.
Regards,
Andrew
--
Sent using Dekko from my Ubuntu device
_______________________________________________
SailfishOS.org Devel mailing list
To unsubscribe, please send a mail to devel-unsubscr...@lists.sailfishos.org
