- How application run
(Ref: file:///D:/Program%20Files/Android/android-sdk-windows/docs/guide/basics/what-is-android.html)
Every Android application runs in its own process, with its own instance of
the Dalvik virtual machine. Dalvik has been written so that a device can run
multiple VMs efficiently. The Dalvik VM executes files in the Dalvik
Executable (.dex) format which is optimized for minimal memory
footprint. The VM is register-based, and runs classes
compiled by a Java language compiler that have been transformed into the .dex
format by the included "dx" tool.
- What is sandbox
(Ref: http://developer.android.com/guide/topics/fundamentals.html)
Once installed on a device, each Android application lives in its own security sandbox:
- The Android operating system is a multi-user Linux system in which each application is a
different user.
- By default, the system assigns each application a unique Linux user ID (the ID is used only by
the system and is unknown to the application). The system sets permissions for all the files in an
application so that only the user ID assigned to that application can access them.
- Each process has its own virtual machine (VM), so an application's code runs in isolation from
other applications.
- By default, every application runs in its own Linux process. Android starts the process when any
of the application's components need to be executed, then shuts down the process when it's no longer
needed or when the system must recover memory for other applications.
In this way, the Android system implements the principle of least privilege. That is,
each application, by default, has access only to the components that it requires to do its work and
no more. This creates a very secure environment in which an application cannot access parts of
the system for which it is not given permission. - xxx
阅读(915) | 评论(0) | 转发(0) |
