AS3 Air remote external swf can not access local apk

2
votes

I'm developing an android file by using flash cs5 air extention. I know the basic crossdomain policy and server to server connections. And I searched many pages but there is no solution about this.

My "container.apk" loads "external.swf" from the server.. And I want to be able to reach the variables and functions in "container.apk" from "external.swf". But I can't reach any function on my container (application file .apk) from my external module swf (remote file).. I mean, I'm trying to reach container.apk's functions from the loaded swf. Like when a button clicked on "external.swf" it should effect a function in "container.apk".

Also here are some error codes that I'm getting ;

SecurityError: Error #2047: Security sandbox violation: parent: http://**.com/external.swf cannot access app:/container.swf**

And the loading function of my container ;

var l:Loader = new Loader;
var externalSWF:MovieClip;
var contextC:LoaderContext = new LoaderContext(); 
contextC.checkPolicyFile = false;
contextC.allowCodeImport = true;
l.load(new URLRequest(filePath), contextC);
l.contentLoaderInfo.addEventListener(Event.COMPLETE, loadComplete);


function loadComplete(evt:Event){
    l.contentLoaderInfo.removeEventListener(Event.COMPLETE, loadComplete);
    externalSWF = l.content as MovieClip;
    MovieClip(root).addChild(externalSWF);
}
1
flashactionscript-3air
This may not be possible from a mobile app. Normally external swf access to AIR applications is via a sandbox bridge, however this requires an iframe embedded using html. This may be possible using StageWebView, though I'm unsure of the implimentation.Ethan Worley
Thanks Ethan, Just like you said. Neither sandbox bridge nor the saving files locally works on mobile. Actually I changed all the architecture for passing security violations. But somehow I should use the StageWebView and it doesnt let me to use it from external.swf. Is there any way to bridge to container to use StageWebView?zbgokalp
Sorry I took so long to respond. Unfortunately, looking in to StageWebView to solve a similar problem, I have found that there is no way to bridge content through that method either and Adobe's documentation reflects this.Ethan Worley

1 Answers

0
votes

I think this is by design, loaded SWFs are sandboxed.

Imagine the scenario where you have a Flash website and want to load Flash games for example. If loaded children had access to parent, a malicious SWF could get server access through your loader SWF for example.

It also doesn't help that what you're trying to do is even more dangerous, by having access to the APK and its permissions, a loaded SWF could in theory take over the phone.

It should however work the other way round, the loader host should be able to access anything inside the loaded SWF, so I'm afraid you'll have to architect your app with this in mind.