【正文】 個確定的地址，通過包含分配給這個應(yīng)用程序的命名空間即可。經(jīng)過 Content provider 在數(shù)據(jù)庫記錄中儲存值，數(shù)據(jù)的檢索是獨特的 ——舉個例子，文件同樣通過 Content provider 接口來共享。 Service 經(jīng)常為遠(yuǎn)程過程調(diào)用（ RPC）定義接口，其他系統(tǒng)組件可以用 RPC 來發(fā)送命令并調(diào)用數(shù)據(jù)，同時緩 沖回調(diào)。而所有其他的都被暫停著。 組件類型 Android 定義了四個組件類型： Activity 組件被定義為一個應(yīng)用的用戶接口。在功能一種，朋友追蹤這個應(yīng)用包含了特定用于追蹤朋友位置的組件（舉個例子 ，通過一個網(wǎng)頁服務(wù)），儲存地理坐標(biāo)，并且與其他應(yīng)用共享這些坐標(biāo)。 樣例應(yīng)用 我們開發(fā)了一些應(yīng)用程序來幫助描述 android 應(yīng)用是怎么運行的。 這篇文章意圖揭開復(fù)雜的 android 安全性的神秘面紗并且指出一些可能發(fā)生在定義一個應(yīng)用的安全性時的開發(fā)陷阱。 Android 并不官方的支持為其他平臺開發(fā)的應(yīng)用軟件：在 java 中間層上方執(zhí)行的應(yīng)用軟件實際是運行在一個嵌入式的 Linux 內(nèi)核中，所以開發(fā)者若想將他們的應(yīng)用傳送到 android 系統(tǒng)，則必須使用他們定制的用戶接口環(huán)境。 Android 用戶只需要申請一個用戶名和密碼，然后他們的手機就可以自動的與 google 的服務(wù)同步。許多其他的手機提供廠商也保證或計劃在不久的將來支持這個系統(tǒng)。他提供了一個基礎(chǔ)運行系統(tǒng)，一個應(yīng) 用中間層，一個 java 軟件開發(fā)包（ SDK），和一個系統(tǒng)應(yīng)用的集合。這些新環(huán)境的開放性會帶來新的應(yīng)用和市場，同時會促進(jìn)現(xiàn)存網(wǎng)絡(luò)設(shè)備的更大程度集成。 all others are suspended. ? Service ponents perform background processing. When an activity needs to perform some operation that must continue after the user interface disappears (such as download a file or play music), it monly starts a service specifically designed for that action. The developer can also use services as applicationspecific daemons, possibly starting on boot. Services often define an interface for Remote Procedure Call (RPC) that other system ponents can use to send mands and retrieve data, as well as register callbacks. ? Content provider ponents store and share data using a relational database interface. Each content provider has an associated “authority” describing the content it contains. Other ponents use the authority name as a handle to perform SQL queries (such as SELECT, INSERT, or DELETE) to read and write content. Although content providers typically store values in database records, data retrieval is implementation specific—for example, files are also shared through content provider interfaces. ? Broadcast receiver ponents act as mailboxes for messages from other applications. Commonly, application code broadcasts messages to an implicit destination. Broadcast receivers thus subscribe to such destinations to receive the messages sent to it. Application code can also address a broadcast receiver explicitly by including the namespace assigned to its containing application. Figure 1 shows the FriendTracker and FriendViewer applications containing the different ponent types. The developer specifies ponents using a manifest file. There are no restrictions on the number of ponents an application defines for each type, but as a convention, one ponent has the same name as the application. Frequently, this is an activity, as in the FriendViewer application. This activity usually indicates the primary activity that the system application launcher uses to start the user interface。 the ponents themselves are classified by their ponent types. An Android developer chooses from predefined ponent types depending on the ponent’s purpose (such as interfacing with a user or storing data). Component Types Android defines four ponent types: ? Activity ponents define an application’s user interface. Typically, an application developer defines one activity per “screen.” Activities start each other, possibly passing and returning values. Only one activity on the system has keyboard and processing focus at a time。 this text string need not be unique. Developers assign applications collections of permission labels. When a ponent initiates ICC, the reference monitor looks at the permission labels assigned to its containing application and—if the target ponent’s access permission label is in that collection—allows ICC establishment to proceed. If the label isn’t in the collection, establishment is denied even if the ponents are in the same application. Figure 4 depicts this logic. The developer assigns permission labels via the XML manifest file that acpanies every application package. In doing so, the developer defines the application’s security policy—that is, assigning permission labels to an application specifies its protection domain, whereas assigning permissions to the ponents in an application specifies an access policy to protect its resources. Because Android’s policy enforcement is mandatory, as opposed to discretionary, all permission labels are set at install time and can’t change until the application is reinstalled. However, despite its MAC properties, Android’s permission label model only restricts access to ponents and doesn’t currently provide information flow guarantees, such as in domain type enforcement. Security Refinements Android’s security framework is based on the labeloriented ICC mediation described thus far, but our description is inplete. Partially out of necessity and partially for convenience, the Google developers who designed Android incorporated several refinements to the