Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
101102103104105106107108109110
How the BlackBerry 10 OS uses sandboxing
to protect app data
The BlackBerry 10 OS uses a security mechanism called sandboxing to separate and restrict the capabilities and
permissions of apps that run on the BlackBerry 10 device. Each application process runs in its own sandbox, which is a
virtual container that consists of the memory and the part of the file system that the application process has access to at a
specific time.
Each sandbox is associated with both the app and the space that it is used in. For example, an app on a BlackBerry
Balance device can have one sandbox in the personal space and another sandbox in the work space; each sandbox is
isolated from the other sandbox.
The BlackBerry 10 OS evaluates the requests that an application's process makes for memory outside of its sandbox. If a
process tries to access memory outside of its sandbox without approval from the BlackBerry 10 OS, the BlackBerry 10 OS
ends the process, reclaims all of the memory that the process is using, and restarts the process without negatively affecting
other processes.
When the BlackBerry 10 OS is installed, it assigns a unique group ID to each app. Two apps cannot share the same group
ID, and the BlackBerry 10 OS does not reuse group IDs after apps are removed. An app's group ID remains the same when
the app is upgraded.
By default, each app stores its data in its own sandbox. The BlackBerry 10 OS prevents apps from accessing file system
locations that are not associated with the app's group ID.
An app can also store and access data in a shared directory, which is a sandbox that is available to any app that has access
to it. When an app that wants to store or access files in the shared directory starts for the first time, the app prompts the
user to allow access.
How the BlackBerry 10 OS manages the
resources on a device
The BlackBerry 10 OS manages the BlackBerry 10 device resources so that an app cannot take resources from another
app. The BlackBerry 10 OS uses adaptive partitioning to reallocate unused resources to apps during typical operating
conditions and enhance the availability of the resources to specific apps during peak operating conditions.
Security Technical Overview The BlackBerry 10 OS
108