Reputation: 567
execute remote SWF in AIR Security Sandbox
I try to download an external SWF and run it within the AIR security sandbox.
this is the code of the AIR application:
public class Downloader extends Sprite
{
private static const REMOTE_FILE:URLRequest = new URLRequest("http://myserver.com/downloadable.swf");
private var _main:NativeWindow;
public function Downloader()
{
var loader:URLLoader = new URLLoader(REMOTE_FILE);
loader.dataFormat = URLLoaderDataFormat.BINARY;
loader.addEventListener(Event.COMPLETE, downloadComplete);
}
private function downloadComplete(e:Event):void{
var ba:ByteArray = e.target.data;
var stream:FileStream = new FileStream();
var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
stream.open(file, FileMode.WRITE);
stream.writeBytes(ba);
stream.close();
loadAndRunSwf();
}
private function loadAndRunSwf(){
this._main = new NativeWindow();
this._main.width = 1024;
this._main.height = 768;
////obsolete?
//var context:LoaderContext = new LoaderContext();
//context.allowLoadBytesCodeExecution = true;
//context.applicationDomain = ApplicationDomain.currentDomain;
var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
var loader:Loader = new Loader();
loader.load(new URLRequest(file.url)/*,context*/);
this._main.stage.addChild(loader);
this._main.activate();
}
}
Code of the downloadable.swf:
public class Downloadable extends Sprite
{
private var _btn:Button = new Button();
private var _baseFolder:File = new File("app-storage:/");
public function downloadable_test()
{
this.addChild(_btn);
_btn.label = "access Harddisk";
...
}
}
so now, If I run Downloader, it will download the swf and try to run it, but i'll get an exception in Downloadable on the line
private var _baseFolder:File = new File("app-storage:/");
the error:
SecurityError: file
at runtime::SecurityManager$/checkPrivilegeForCaller()
So - what Do I need to do to prevent such security errors? I want my remote SWF to be treated as native code running in the same security sandbox as the AIR code.
Upvotes: 3
Views: 2428
Answers (2)
Reputation: 1
function loadAndRunSwf()
{
var context:LoaderContext=new LoaderContext(false);
context.allowCodeImport=true;
var ba:ByteArray=new ByteArray();
var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
var fileStream:FileStream=new FileStream();
var loader:Loader = new Loader();
fileStream.open(file,"read");
fileStream.readBytes(ba);
ba.position=0;
loader.loadBytes(ba,context);
this._main = new NativeWindow();
this._main.width = 1024;
this._main.height = 768;
this._main.stage.addChild(loader);
this._main.activate();
}
Upvotes: 0
Reputation:
I'm not sure about Android, but for the regular web player you would need to specify SecurityDomain.currentDomain for the securityDomain of the Loader's context for the loaded code to be considered equal to the loader in terms of permissions. Also note that for reasons impossible to explain, if you use SecurityDomain when loading from the file system on PC Flash Player will complain.
However complicated, the Flash Player security is often a security by obscurity... So, if it doesn't work the way you coded it, try Loader.loadBytes() "workaround".
Upvotes: 1
Related Questions
- Loading external Swf - sandbox violation
- Loading An External Interactive swf in Air Mobile
- Load local SWF in AIR
- AIR App, load swf from server, call parent function?
- AIR 3.6 iOS - Load external SWF with ABC
- AIR Loading server hosted swf into same sandbox
- publishing swf from air 2.6 player
- Is there an way to load external swf into a sandbox in flash?
- local Swf bridge to remote Swf to go around flash sandbox
- "Bootstrapping" a remote swf into the application SecurityDomain (actionscript3)