Security model compatibility, Permissions, User and process isolation – Google Android Compatibility Definition: Android 1.6 User Manual
Page 20: Permissions 10.2. user and process isolation
Application
Launch Time
The following applications
should launch within the
specified time.
Browser: less than 1300ms
MMS/SMS: less than 700ms
AlarmClock: less than 650ms
This is tested by CTS.
The launch time is measured as the total time to
complete loading the default activity for the
application, including the time it takes to start the
Linux process, load the Android package into the
Dalvik VM, and call onCreate.
Simultaneous
Applications
Multiple applications will be
launched. Re-launching the
first application should
complete taking less than the
original launch time.
This is tested by CTS.
10. Security Model Compatibility
Device implementations MUST implement a security model consistent with the Android platform security
model as defined in Security and Permissions reference document in the APIs [
, 29] in the
Android developer documentation. Device implementations MUST support installation of self-signed
applications without requiring any additional permissions/certificates from any third parties/authorities.
Specifically, compatible devices MUST support the following security mechanisms:
10.1. Permissions
Device implementations MUST support the Android permissions model as defined in the Android
developer documentation [
, 9]. Specifically, implementations MUST enforce each permission
defined as described in the SDK documentation; no permissions may be omitted, altered, or ignored.
Implementations MAY add additional permissions, provided the new permission ID strings are not in the
android.* namespace.
10.2. User and Process Isolation
Device implementations MUST support the Android application sandbox model, in which each application
runs as a unique Unix-style UID and in a separate process.
Device implementations MUST support running multiple applications as the same Linux user ID, provided
that the applications are properly signed and constructed, as defined in the Security and Permissions
reference [
, 29].