Hello Michael,
On 25.06.2016 19:33, Michael Ullrich wrote:
I'm currently trying to modularize a Qt-based ChatClient. The basic idea is to isolate the parts of some guy-components from each other. I want to use Nitpicker for this. In generally the Client itself should run in a trusted nitpicker session. Now I want to start another nitpicker-sessions inside the quote-client. Meaning by that, I want for example a trusted input-field or a trusted label, isolated from the remaining qt-app. So isolate several graphical components from each other. Is it in generally a good idea, to use nitpicker in that way? Has someone tried something similar, or is there an reference implementation for that?
there are indeed two implementations of this idea:
1. There is a special Qt widget that allows you to embed any nitpicker client into a Qt GUI. Both programs have a dedicated nitpicker session. I.e. input entered into the "outer" program is not visible to the "inner" program. This approach is sensible for sandboxing untrusted parts of the application, e.g. a video codec, or the part that is exposed to the network. The basic concept is described in Section 4.7.1. "Sandboxing" in the manual [1]. You can find the implementation of this widget at [2]. The example as described in the book is located at [3]. For trying it out, please make sure to use the current master branch (it contains a recent fix).
2. The first variant is nice for sandboxing the "inner" part but it assumes that the "outer" part is trusted. In some situations, this is not the case. E.g., it is actually unreasonable for a browser plugin to trust an overly complex web browser. With Genode's loader service, it is possible to execute the "inner" part independent from the "outer" part. This idea is described in Section 4.7.4. "Ceding the parenthood" in the book. The corresponding Qt5 widget is located at [4]. The described plugin mechanism is implemented in our port of the Arora web browser (ports/run/arora.run).
Please be aware that those examples are not in a very good shape because we don't use them day to day. If you encounter any problems, don't hesitate to post them here. :-)
[1] http://genode.org/documentation/genode-foundations-16-05.pdf [2] libports/include/qt5/qnitpickerviewwidget/ [3] libports/src/app/qt5/qt_avplay/ [4] libports/include/qt5/qpluginwidget/
Cheers Norman