Challenging task. On úterý 4. dubna 2017 18:29:09 CEST Emilian Bold wrote: > Hello, > > One of the reasons I install only the essential plugins is the fact we have > no sandboxing. > > No IDE has plugins sandboxing, but we can do better. > > There is a wide array of plugins that need very little permissions (eg. the > highly rated "Toggle line wrap") and users would install them without > worries. > > Having a sandbox would also make a plugin review simpler. The less and > lower impact permissions a plugin needs, the easier to review. > > On most machines whatever overhead a security manager would have is > tolerable. > > Module creators would have to add the global tag OpenIDE-Policy and define > a standard privacy policy file (which we could enhance with IDE-specific > permissions).
Possible. Compare your approach with OSGi security spec before you go on. > Of course, we would need to display some nicer UI when installing in order > to explain the user what kind of permissions the plugin needs. Since the > permissions are checked at runtime we could also have (another) user dialog > then. > > I will start looking at the existing code and see about a proof of concept. Probably start somewhere around: https://github.com/emilianbold/netbeans-releases/blob/master/core.startup/src/ org/netbeans/core/startup/ModuleSystem.java and related class loaders. -jt