主权项 |
1. A method comprising:
loading a web application in a web browser in a computing system; loading a native code module associated with the web application into a secure runtime environment of the computing system, wherein the native code module i) comprises binary code that runs directly on hardware in the computing system, ii) is executable in a plurality of instruction set architectures, and iii) comprises corresponding mechanisms for executing the native code module in each of the plurality of instruction set architectures; executing, in the secure runtime environment, a plurality of native code modules in isolation from one another, the plurality of native code modules including the native code module, by executing the native code module in isolation from the other native code modules in the plurality of native code modules; moderating, by the secure runtime environment, which system resources of the computing system can be accessed by the native code module and how the system resources are accessed, wherein the native code module can access system resources of the computing system only through the secure runtime environment by:
initiating, by the secure runtime environment on behalf of the native code module, a communication between the native code module and the web application running on the computing system; andmediating, by the secure runtime environment, the communication, including placing the output data in a shared memory buffer that is readable by the web application on the computing system for use by the web application, the moderating comprising one or more of the following:
performing, by the secure runtime environment, a read of a file system state on behalf of the native code module;performing, by the secure runtime environment, a change of the file system state on behalf of the native code module;initiating, by the secure runtime environment, a network communication on behalf of the native code module;initiating, by the secure runtime environment, an inter-module communication on behalf of the native code module; orinitiating, by the secure runtime environment, an inter-process communication on behalf of the native code module; providing input data associated with the web application to the native code module; and processing the input data, by executing the native code module directly on hardware in the computing system, to obtain output data. |