(1)
In this way, the Android system implements the principle of least privilege. That is, each application, by default, has access only to the components that it requires to do its work and no more. This creates a very secure environment in which an application cannot access parts of the system for which it is not given permission.
在这种方式下,Android系统实现了最小权限原则。也就是说,一个应用程序,默认情况下只能访问它运行需要的组件。这就创建了一个非常安全的环境,一个应用程序在没有权限的情况下无法访问系统的其他模块。
However, there are ways for an application to share data with other applications and for an application to access system services:
然而,也有一些允许应用程序共享数据的方法,和允许应用程序访问系统服务的方法:
It's possible to arrange for two applications to share the same Linux user ID, in which case they are able to access each other's files. To conserve system resources, applications with the same user ID can also arrange to run in the same Linux process and share the same VM (the applications must also be signed with the same certificate).
可以安排两个应用程序共享相同的Linux用户ID,这样他们就可以相互访问文件。为了保护系统资源,相同用户ID的应用程序被安排在相同Linux进程里,共享相同的虚拟机。
An application can request permission to access device data such as the user's contacts, SMS messages, the mountable storage (SD card), camera, Bluetooth, and more. All application permissions must be granted by the user at install time.
应用程序可以通过申请权限访问设备数据,例如用户联系人,SMS消息,挂载的存储设备(sd 卡),照相机,蓝牙,等等。所有的应用程序权限必须在安装的时候被用户设定。
