在AIR Security Sandbox中执行远程SWF

时间:2011-06-13 16:23:53

标签: actionscript-3 security air flash-builder sandbox

我尝试下载外部SWF并在AIR安全沙箱中运行它。

这是AIR应用程序的代码:

public class Downloader extends Sprite
{

    private static const REMOTE_FILE:URLRequest = new URLRequest("http://myserver.com/downloadable.swf");
    private var _main:NativeWindow;

    public function Downloader()
    {
        var loader:URLLoader = new URLLoader(REMOTE_FILE);
        loader.dataFormat = URLLoaderDataFormat.BINARY;
        loader.addEventListener(Event.COMPLETE, downloadComplete);
    }

    private function downloadComplete(e:Event):void{
        var ba:ByteArray = e.target.data;
        var stream:FileStream = new FileStream();
        var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
        stream.open(file, FileMode.WRITE);
        stream.writeBytes(ba);
        stream.close();

        loadAndRunSwf();
    }

    private function loadAndRunSwf(){       
        this._main = new NativeWindow();
        this._main.width = 1024;
        this._main.height = 768;

                    ////obsolete?
        //var context:LoaderContext = new LoaderContext();
        //context.allowLoadBytesCodeExecution = true;
        //context.applicationDomain = ApplicationDomain.currentDomain;  

        var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
        var loader:Loader = new Loader();
        loader.load(new URLRequest(file.url)/*,context*/);

        this._main.stage.addChild(loader);
        this._main.activate();
    }
}

downloadable.swf的代码:

public class Downloadable extends Sprite
{
    private var _btn:Button = new Button();
    private var _baseFolder:File = new File("app-storage:/");

    public function downloadable_test()
    {
        this.addChild(_btn);
        _btn.label = "access Harddisk";
                    ...
    }
}

所以现在,如果我运行Downloader,它将下载swf并尝试运行它,但我会在行中的可下载中获得异常

    private var _baseFolder:File = new File("app-storage:/");

错误:

SecurityError: file
at runtime::SecurityManager$/checkPrivilegeForCaller()

那么 - 我需要做些什么来防止此类安全错误?我希望将远程SWF视为在与AIR代码相同的安全沙箱中运行的本机代码。

2 个答案:

答案 0 :(得分:1)

我不确定Android,但是对于常规网络播放器,您需要为Loader上下文的securityDomain指定SecurityDomain.currentDomain,以便加载的代码在权限方面被视为等于加载程序。另请注意,由于无法解释的原因,如果您在PC上从文件系统加载时使用SecurityDomain Flash Player会抱怨。

无论多么复杂,Flash Player安全性通常都是默默无闻的安全性......所以,如果它不能按照你编码的方式工作,请尝试使用Loader.loadBytes()“workaround”。

答案 1 :(得分:0)

function loadAndRunSwf()
{
    var context:LoaderContext=new LoaderContext(false);

    context.allowCodeImport=true;

    var ba:ByteArray=new ByteArray();
    var file:File = File.applicationStorageDirectory.resolvePath("downloadable.swf");
    var fileStream:FileStream=new FileStream();
    var loader:Loader = new Loader();

    fileStream.open(file,"read");
    fileStream.readBytes(ba);
    ba.position=0;
    loader.loadBytes(ba,context);
    this._main = new NativeWindow();
    this._main.width = 1024;
    this._main.height = 768;
    this._main.stage.addChild(loader);
    this._main.activate();
}
相关问题
最新问题