platform specific imports and import security

Marco Martin notmart at gmail.com
Wed Sep 18 15:21:29 UTC 2013 

Good news everyone! http://www.youtube.com/watch?v=1D1cap6yETA

I am playing with the new api QQmlAbstractUrlInterceptor
(to completely work will need https://codereview.qt-project.org/#change,65626
and https://codereview.qt-project.org/#change,61208)

the thing will permit to do a kind of mod_rewrite for qml.
every file or remote url that will be asked by qml (even a component 
declaration such as Foo{}) can be filtered with this.
so what can be done with this:

* security *
** forbid access to absolute paths that are ouside both the applet package and 
the import paths (implemented)

** forbid or allow remote urls with some mechanism (todo)

** black or whitelist for imports (todo)

** since some applets and applications will have to do imports pretty much 
just for them, if all those "private" imports have some recognizable pattern, 
applets can refuse to import any private import that is not their "own" (this 
is more a social contract rather than security)


* platform specific content *

** for all files in the package, all urls are rewritten by resolving them with 
package.filePath, with all the file resolution magic given by PLASMA_PLATFORM 
env var.
This was very limited in plasma1, now every single file is resolved in this 
way and is enforced (yep, no way to have an image outside images/ or a js file 
outside scripts/, existing applets seem to still work)

** for files in imports
It's trying as well the same trick for imports, so the touch components may be 
loaded when needed.
it has a pro and a con.
pro: not necessary anymore to install a whole import: we used to have most of 
the qml files installed two times in order to have a whole "desktop set" and a 
whole "touch set" now only modified files need to be installed.

con: a QQmlAbstractUrlInterceptor needs to be installed in order to work, so 
works only for plasmoids at the moment (while we would want it to work on any 
qml app)


A way to solve the con may be installing the QQmlAbstractUrlInterceptor in 
kdeclarative (therefore for plasmoids we would need to install a subclass of 
the kdeclarative one that knows also about plasma packages)

Provided the bug of https://codereview.qt-project.org/#change,61208 gets fixed 
soon, the whole mechanism seems to work really well.
The only thing i'm a bit concerned of (but hopefully shouldn't incide too 
much) is potential overhead mostly at startup, since it adds a *lot* of string 
comparisons (and possibly some filesystem lookup as well)

Cheers,
Marco Martin

More information about the Plasma-devel mailing list