【正文】 recently after the official release of TMobile G1 phones only affected the Web browser itself (ndroid/). Because of this design choice, the exploit couldn’t affect other applications or the system. A similar vulnerability in Apple’s iPhone gave way to the first “jail breaking” technique, which let users replace parts of the underlying system, but would also have enabled a workbased adversary to exploit this flaw ( valuators . /content/casestudies/iphone/). ICC isn’t limited by user and process boundaries. In fact, all ICC occurs via an I/O control mand on a special device node, /dev/binder. Because the file must be world readable and writable for proper operation, the Linux system has no way of mediating ICC. Although user separation is straightforward and easily understood, controlling ICC is much more subtle and warrants careful consideration. As the central point of security enforcement, the Android middleware mediates all ICC establishment by reasoning about labels assigned to applications and ponents. A reference monitor1 provides mandatory access control (MAC) enforcement of how applications access ponents. In its simplest form, access to each ponent is restricted by assigning it an access permission label。 all others are suspended. ? Service ponents perform background processing. When an activity needs to perform some operation that must continue after the user interface disappears (such as download a file or play music), it monly starts a service specifically designed for that action. The developer can also use services as applicationspecific daemons, possibly starting on boot. Services often define an interface for Remote Procedure Call (RPC) that other system ponents can use to send mands and retrieve data, as well as register callbacks. ? Content provider ponents store and share data using a relational database interface. Each content provider has an associated “authority” describing the content it contains. Other ponents use the authority name as a handle to perform SQL queries (such as SELECT, INSERT, or DELETE) to read and write content. Although content providers typically store values in database records, data retrieval is implementation specific—for example, files are also shared through content provider interfaces. ? Broadcast receiver ponents act as mailboxes for messages from other applications. Commonly, application code broadcasts messages to an implicit destination. Broadcast receivers thus subscribe to such destinations to receive the messages sent to it. Application code can also address a broadcast receiver explicitly by including the namespace assigned to its containing application. Figure 1 shows the FriendTracker and FriendViewer applications containing the different ponent types. The developer specifies ponents using a manifest file. There are no restrictions on the number of ponents an application defines for each type, but as a convention, one ponent has the same name as the application. Frequently, this is an activity, as in the FriendViewer application. This activity usually indicates the primary activity that the system application launcher uses to start the user interface。中文 5210 字 附錄 A 外文翻譯 原文部分 Android security mechanism The next generation of open operating systems won’t be on desktops or mainframes but on the small mobile devices we carry every day. The openness of these new environments will lead to new applications and markets and will enable greater integration with existing online services. However, as the importance of the data and services our cell phones support increases, so too do the opportunities for vulnerability. It’s essential that this next generation of platforms provides a prehensive and usable security infrastructure. Developed by the Open Handset Alliance (visibly led by Google), Android is a widely anticipated open source operating system for mobile devices that provides a base operating system, an application middleware layer, a Java software development kit (SDK), and a collection of system applications. Although the Android SDK has been available since late 2021, the first publicly available Android ready “G1” phone debuted in late October 2021. Since then, Android’s growth has been phenomenal: TMobile’s G1 manufacturer HTC estimates shipment volumes of more than 1 million phones by the end of 2021, and industry insiders expect public adoption to increase steeply in 2009. Many other cell phone providers have either promised or plan to support it in the near future. A large munity of developers has anized around Android, and many new products and applications are now available for it. One of Android’s chief selling points is that it lets devel