Recursive Nitpicker

Norman Feske norman.feske at ...1...
Tue Jun 28 14:07:49 CEST 2016 

Hello Michael,

On 25.06.2016 19:33, Michael Ullrich wrote:
> I'm currently trying to modularize a Qt-based ChatClient. The basic idea
> is to isolate the parts of some guy-components from each other. I want
> to use Nitpicker for this. In generally the Client itself should run in
> a trusted nitpicker session. Now I want to start another
> nitpicker-sessions inside the quote-client. Meaning by that, I want for
> example a trusted input-field or a trusted label, isolated from the
> remaining qt-app. So isolate several graphical components from each
> other. Is it in generally a good idea, to use nitpicker in that way? Has
> someone tried something similar, or is there an reference implementation
> for that?

there are indeed two implementations of this idea:

1. There is a special Qt widget that allows you to embed any nitpicker
   client into a Qt GUI. Both programs have a dedicated nitpicker
   session. I.e. input entered into the "outer" program is not visible
   to the "inner" program. This approach is sensible for sandboxing
   untrusted parts of the application, e.g. a video codec, or the
   part that is exposed to the network. The basic concept is described
   in Section 4.7.1. "Sandboxing" in the manual [1]. You can find the
   implementation of this widget at [2]. The example as described in
   the book is located at [3]. For trying it out, please make sure to
   use the current master branch (it contains a recent fix).

2. The first variant is nice for sandboxing the "inner" part but it
   assumes that the "outer" part is trusted. In some situations, this
   is not the case. E.g., it is actually unreasonable for a browser
   plugin to trust an overly complex web browser. With Genode's loader
   service, it is possible to execute the "inner" part independent from
   the "outer" part. This idea is described in Section 4.7.4. "Ceding
   the parenthood" in the book. The corresponding Qt5 widget is located
   at [4]. The described plugin mechanism is implemented in our port
   of the Arora web browser (ports/run/arora.run).

Please be aware that those examples are not in a very good shape because
we don't use them day to day. If you encounter any problems, don't
hesitate to post them here. :-)

[1] http://genode.org/documentation/genode-foundations-16-05.pdf
[2] libports/include/qt5/qnitpickerviewwidget/
[3] libports/src/app/qt5/qt_avplay/
[4] libports/include/qt5/qpluginwidget/

Cheers
Norman

-- 
Dr.-Ing. Norman Feske
Genode Labs

http://www.genode-labs.com · http://genode.org

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

More information about the users mailing list