[SailfishDevel] [Minutes] Sailfish OS Open Source Community Collaboration Meeting, 5th of September 2016
slava.monich at jolla.com
Wed Sep 7 13:20:04 UTC 2016
>> To make matters worse, the plugin requirements may change over time,
>> meaning that a system upgrade may break the app because the app
>> didn't request access to some features required by the updated plugins.
> Application shouldn't know/care about how does plugin work. Plugins
> are parts of the system and shouldn't be sandboxed.
How to you sandbox a native app without affecting plugins? They all live
within the same process, the same virtual address space. I don't think
it's possible to reliably track a system call back to the
executable/shared library it originated from, even with DEP (data
execution prevention) enabled. Without DEP it's plain impossible.
With the interpreted code like Java it's certainly doable. With the
native code, I very much doubt it.
> I don't know much about implementation, but Ubuntu Touch somehow
> archives this with AppArmor.
More information about the Devel