[英]How to run user-provided, arbitrary code in an android app?
The app I'm coding will need to take user-defined code (the language is not particularly important as the user will never see the language, users will use something like visual scripting) and run that code. 我正在编写的应用程序将需要采用用户定义的代码(该语言不是特别重要,因为用户永远不会看到该语言,用户将使用视觉脚本之类的东西)并运行该代码。 The code will need to access libraries written in Java, and create variables and so on.
该代码将需要访问用Java编写的库,并创建变量等。 The user provided code will be as complicated as a full program.
用户提供的代码将与完整程序一样复杂。
I have been looking around for ways to approach this. 我一直在寻找解决此问题的方法。 So far, I've found a few different approaches to this in Java, reflection, javax.script, JavaCompiler, write my own interpreter, among other others.
到目前为止,我在Java,反射,javax.script,JavaCompiler,编写我自己的解释器等中发现了几种不同的方法。 From what I've read reflection probably would not work, according to the android package index, android doesn't have javax.script or JavaCompiler, but there are projects that port Rhino and V8 to android, and I dread writing an interpreter, but will if necessary.
根据我阅读的内容,反射可能无法正常工作,根据android包索引,android没有javax.script或JavaCompiler,但是有些项目将Rhino和V8移植到android,我不敢写一个解释器,但是将在必要时。
What I want to know is, am I going in the right direction? 我想知道的是,我是否朝着正确的方向前进? What would be the best way to approach this?
解决此问题的最佳方法是什么?
If language is not important, you can probably try using Javascript instead. 如果语言不重要,则可以尝试使用Javascript。 Check: http://developer.android.com/reference/android/webkit/WebView.html#evaluateJavascript(java.lang.String, android.webkit.ValueCallback)
检查: http : //developer.android.com/reference/android/webkit/WebView.html#evaluateJavascript(java.lang.String,android.webkit.ValueCallback)
You could expose all the required system function (eg controlling vibration) using the addJavascriptInterface method. 您可以使用addJavascriptInterface方法公开所有必需的系统功能(例如,控制振动)。 This allows you to limit the access to system to only the methods you have exposed.
这使您可以将对系统的访问限制为仅公开的方法。
Another option (probably better) is to use your own interpreter. 另一个选择(可能更好)是使用您自己的解释器。 You will anyway create all the object to allow visual scripting, just define java calls corresponding to each object.
无论如何,您将创建所有对象以允许可视化脚本,只需定义与每个对象相对应的java调用即可。 This way you can prevent the user from running arbitrary code.
这样,您可以防止用户运行任意代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.