Thursday, September 06, 2012

A feature of Android "Jelly Bean": android:isolatedProcess

Just stumbled upon one interesting feature of the Jelly Bean.
The service tag got a new attribute android:isolatedProcess. 

"If set to true, this service will run under a special process that is isolated from the rest of the system and has no permissions of its own."

The application of this feature is quite limited, but interesting from a security perspective.

Basically, if you need to run some script (javascript, lua, etc) that you received from untrusted source or maybe some third-party library that might have some security issues, it allows you to isolate that part of you application in it's own "sandbox" process that doesn't inherit all the permissions of you primary application.

No comments: