7.4. Cradle

Intent

Host DLL plug-ins in separate processes, operating at different levels of trust to your own, to securely increase the flexibility of your architecture whilst maintaining communication with each plug-in.

AKA

None known

7.4.1. Problem

7.4.1.1. Context

You need to provide a secure extension point in your component that supports extensive communication between the framework and the plug-ins whilst not overly restricting the plug-in providers.

7.4.1.2. Summary
  • Architectural extensibility has to be provided.

  • The potential damage caused by plug-ins needs to be limited by minimizing the capabilities they execute with (principle of least privilege).

  • It's desirable that the restrictions on who can provide plug-ins are as light as possible.

  • You wish to allow plug-ins to operate with a different set of capabilities than the framework.

  • You need to support a full communication channel between the framework and the plug-ins after the plug-ins have been loaded.

7.4.1.3. Description

If you're reading this pattern then you've probably tried to get Buckle (see page 252) to work but found that it doesn't provide a solution to this problem since you need to allow the plug-ins to operate at a different level of trust to the framework.

Quarantine (see page 260) is an alternative that does allow plug-ins to operate at a different level of trust to the framework but it only directly supports very simple, one-shot communication between the framework and each plug-in; in this context, ...

Get Common Design Patterns for Symbian OS: The Foundations of Smartphone Software now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.