Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
111112113114115116117118119120
How the BlackBerry PlayBook OS uses
sandboxing to protect app data
The BlackBerry PlayBook OS uses a security mechanism called sandboxing to separate and restrict the capabilities and
permissions of apps that run on the BlackBerry PlayBook tablet. Each application process runs in its own sandbox, which is
a virtual container that consists of the memory and the part of the file system that the application process has access to at
a specific time.
Each sandbox is associated with both the app and the space that it is used in. For example, an app can have one sandbox
in the personal space and another sandbox in the work space; each sandbox is isolated from the other sandbox.
The PlayBook OS evaluates the requests that an app's process makes for memory outside of its sandbox. If a process tries
to access memory outside of its sandbox without approval from the PlayBook OS, the PlayBook OS ends the process,
reclaims all of the memory that the process is using, and restarts the process without negatively affecting other processes.
When the PlayBook OS is installed, it assigns a unique group ID to each app. Two apps cannot share the same group ID,
and the PlayBook OS does not reuse group IDs after apps are removed. An app's group ID remains the same when the app
is upgraded.
By default, each app stores its data in its own sandbox. The PlayBook OS prevents apps from accessing file system
locations that are not associated with the app's group ID.
An app can also store and access data in a shared directory, which is a sandbox that is available to any app that has access
to it. When an app that wants to store or access files in the shared directory starts for the first time, the app prompts the
user to allow access.
How the BlackBerry PlayBook OS manages
the resources on a tablet
The BlackBerry PlayBook OS manages the tablet resources so that an app cannot take resources from another app. The
PlayBook OS uses adaptive partitioning to reallocate unused resources to apps during typical operating conditions and
enhance the availability of the resources to specific apps during peak operating conditions.
Security Technical Overview The BlackBerry PlayBook OS
113