[Python-Dev] Capabilities / Restricted Execution
Talin
talin at acm.org
Tue Jul 11 12:36:09 CEST 2006
I thought a little bit more about Guido's comment that you can hide
Python objects in a C wrapper class. However, as I was trying to sleep,
I realized that you don't even need C to do it.
The trick is to store the object reference as a closure variable.
Assuming that there's no mechanism to directly access such variables,
you can effectively have 'private' variables.
Here's an pure-Python implementation of a wrapper that restricts access
to all class members except those marked with the 'public' decorator.
Note in the test cases below that even '__class__' and '__dict__' are
inaccessible.
------------------------------------------------------------------
# Exception to throw when we violate restrictions
class GuardException( Exception ): pass
# Decorator function
def public(func):
func.f_public = True
return func
# Wrapper function
def guard(content):
class Guard(object):
def __getattribute__(self, name):
# This will throw an AttributeException if the
# attribute doesn't exist, which is what
# we want.
attr = object.__getattribute__(content,name)
if hasattr( attr, 'im_func' ):
if hasattr( attr.im_func, 'f_public' ):
# We can't return the bound method directly,
# instead we create a proxy for it.
def proxy_attr( *args, **kwargs ):
return attr( *args, **kwargs )
return proxy_attr
# Attribute exists but has no proxy
raise GuardException( name )
return Guard()
# Test class
class Test(object):
def __init__(self,name):
self.name = name
@public
def get_name(self):
return self.name
def set_name(self,name):
self,name = name
# Test objects. First is unwrapped, second is wrapped.
t1 = Test("alpha")
t2 = guard(Test("beta"))
# These functions work correctly
print t1.name
print t2.get_name()
# This gets AttributeError because there's no such attribute
print t2.unk()
# These generate GuardException
print t2.set_name()
print t2.__dict__
print t2.__class__
print t2.name
------------------------------------------------------
-- Talin
More information about the Python-Dev
mailing list