Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2031513
  • 博文数量: 413
  • 博客积分: 10926
  • 博客等级: 上将
  • 技术积分: 3862
  • 用 户 组: 普通用户
  • 注册时间: 2006-01-09 18:14
文章分类

全部博文(413)

文章存档

2015年(5)

2014年(1)

2013年(5)

2012年(6)

2011年(138)

2010年(85)

2009年(42)

2008年(46)

2007年(26)

2006年(59)

分类: 嵌入式

2011-06-30 21:43:35

  1. How application run
    (Ref: file:///D:/Program%20Files/Android/android-sdk-windows/docs/guide/basics/what-is-android.html)
    Every Android application runs in its own process, with its own instance of the Dalvik virtual machine. Dalvik has been written so that a device can run multiple VMs efficiently. The Dalvik VM executes files in the Dalvik Executable (.dex) format which is optimized for minimal memory footprint. The VM is register-based, and runs classes compiled by a Java language compiler that have been transformed into the .dex format by the included "dx" tool.
  2. What is sandbox
    (Ref: http://developer.android.com/guide/topics/fundamentals.html)
    Once installed on a device, each Android application lives in its own security sandbox:
    • The Android operating system is a multi-user Linux system in which each application is a different user.
    • By default, the system assigns each application a unique Linux user ID (the ID is used only by the system and is unknown to the application). The system sets permissions for all the files in an application so that only the user ID assigned to that application can access them.
    • Each process has its own virtual machine (VM), so an application's code runs in isolation from other applications.
    • By default, every application runs in its own Linux process. Android starts the process when any of the application's components need to be executed, then shuts down the process when it's no longer needed or when the system must recover memory for other applications.
    In this way, the Android system implements the principle of least privilege. That is, each application, by default, has access only to the components that it requires to do its work and no more. This creates a very secure environment in which an application cannot access parts of the system for which it is not given permission.
  3. xxx
阅读(915) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~