[Dev] Sandbox mechanism

Leibowitz, Michael michael.leibowitz at intel.com
Fri Dec 13 20:27:41 GMT 2013


On Fri, Dec 13, 2013 at 11:50 AM, Peters, Brad T
<brad.t.peters at intel.com> wrote:
> The thing to realize here is that Tizen is a bare-metal application
> environment - and this is a GOOD thing. We get major performance
> improvements and improved native interaction based on the full native C and
> C++ API's. The idea of a Sandbox, at least as it exists in the Android JVM,
> is not supported. The closest comparison would be for HTML5 apps running in
> the Web Runtime.

This is what I mean when I say sandbox is a misused term.  It means
different things in different contexts and to different people.

> Tizen native apps are equivalent to system-level apps in that they all have
> PID's and are true processes. The BIG difference is that, in Tizen, we have
> SMACK and SystemD to limit and throttle what these processes can do, as well
> as top-to-bottom source-code review of all vendor supplied Apps.

Review is not a replacement for security mechanisms.


Cheers

-- 
Michael Leibowitz


More information about the Dev mailing list