Android apps can be written using Kotlin, Java, and C++ languages. The Android SDK tools compile your code along with any data and resource files into an APK, an Android package, which is an archive(存档) file with an .apk
suffix. One APK file contains all the contents of an Android app and is the file that Android-powered devices use to install the app.
android app可以使用koltin,java,c++去实现。android sdk tools将apk中的任意data和资源文件与你的代码一起编译。apk,即一个android的包,是一个带.apk后缀存档的包。一个apk包含了app中的所有文件,同时也是支持安卓的设备用来安装app的文件。
Each Android app lives in its own security sandbox, protected by the following Android security features:
每一个android app都存在与它自己的安全区域沙箱中,被下列安卓的安全措施保护:
1.安卓系统是一个多用户的linux系统,在这其中,每一个app都是一个不同的用户。
2.默认地,系统会为每一个app分配一个独一无二的linux用户id(这个id只被系统使用,而不被app所识别)。系统会为每个app中的所有文件分配权限,以此来控制只有分配给该app的用户id才能访问这些文件。
3.每个进程都有它自己的虚拟机(VM),因此每个app的代码都可以与其他app的代码区分开来,并且独立地运行。
4.默认地,每个app只会在它自己的对应的虚拟机中运行。android系统会在app的任意部分需要被执行的时候开启进程,且会在进程不再被需要或系统必须为其他进程恢复内存的时候,就会把这个进程关闭。
The Android system implements the principle of least privilege. That is, each app, by default, has access only to the components that it requires to do its work and no more. This creates a very secure environment in which an app cannot access parts of the system for which it is not given permission. However, there are ways for an app to share data with other apps and for an app to access system services:
每个android系统都会实现最低特权的原则。那就是,每个app默认只能访问它必须访问的组件。这创建了一个非常安全的环境,因为每个app不可以访问系统中没有被授予权限的服务。但是,还是有几种方法可以让app与其他的app共享数据,以及让app可以访问系统服务。
1.可以让两个app共享相同的linux userId,这种情况下他们可以互相访问各自的app的文件。为了保护系统资源,分配了相同user id的app可以运行在相同的Linux进程和分享相同的VM。这些app必须被相同的证书签名。
2.一个app可以请求获取设备数据的权限,比如设备的定位数据,相机,蓝牙链接。用户必须显式地授予这些权限。关于这些地更多信息,可以看Working with System Permissions.
The rest of this document introduces the following concepts:
这个文档的剩下部分将会介绍下面这些概念:
1.定义你的app的核心框架组件。
2.你生命app组件和获取设备特征的manifest文件。
3.那些与app代码分离的资源,可让您的应用针对各种设备配置优雅地优化其行为。
App components are the essential building blocks of an Android app. Each component is an entry point through which the system or a user can enter your app. Some components depend on others.
There are four different types of app components:
Each type serves a distinct purpose and has a distinct lifecycle that defines how the component is created and destroyed. The following sections describe the four types of app components.
Activities
An activity is the entry point for interacting with the user. It represents a single screen with a user interface. For example, an email app might have one activity that shows a list of new emails, another activity to compose an email, and another activity for reading emails. Although the activities work together to form a cohesive user experience in the email app, each one is independent of the others. As such, a different app can start any one of these activities if the email app allows it. For example, a camera app can start the activity in the email app that composes new mail to allow the user to share a picture. An activity facilitates the following key interactions between system and app:
You implement an activity as a subclass of the Activity
class. For more information about the Activity
class, see the Activities developer guide.
Services
A service is a general-purpose entry point for keeping an app running in the background for all kinds of reasons. It is a component that runs in the background to perform long-running operations or to perform work for remote processes. A service does not provide a user interface. For example, a service might play music in the background while the user is in a different app, or it might fetch data over the network without blocking user interaction with an activity. Another component, such as an activity, can start the service and let it run or bind to it in order to interact with it. There are actually two very distinct semantics services tell the system about how to manage an app: Started services tell the system to keep them running until their work is completed. This could be to sync some data in the background or play music even after the user leaves the app. Syncing data in the background or playing music also represent two different types of started services that modify how the system handles them:
Bound services run because some other app (or the system) has said that it wants to make use of the service. This is basically the service providing an API to another process. The system thus knows there is a dependency between these processes, so if process A is bound to a service in process B, it knows that it needs to keep process B (and its service) running for A. Further, if process A is something the user cares about, then it also knows to treat process B as something the user also cares about. Because of their flexibility (for better or worse), services have turned out to be a really useful building block for all kinds of higher-level system concepts. Live wallpapers, notification listeners, screen savers, input methods, accessibility services, and many other core system features are all built as services that applications implement and the system binds to when they should be running.
A service is implemented as a subclass of Service
. For more information about the Service
class, see the Services developer guide.
Note: If your app targets Android 5.0 (API level 21) or later, use the JobScheduler
class to schedule actions. JobScheduler has the advantage of conserving battery by optimally scheduling jobs to reduce power consumption, and by working with the Doze API. For more information about using this class, see the JobScheduler
reference documentation.
Broadcast receivers
A broadcast receiver is a component that enables the system to deliver events to the app outside of a regular user flow, allowing the app to respond to system-wide broadcast announcements. Because broadcast receivers are another well-defined entry into the app, the system can deliver broadcasts even to apps that aren't currently running. So, for example, an app can schedule an alarm to post a notification to tell the user about an upcoming event... and by delivering that alarm to a BroadcastReceiver of the app, there is no need for the app to remain running until the alarm goes off. Many broadcasts originate from the system—for example, a broadcast announcing that the screen has turned off, the battery is low, or a picture was captured. Apps can also initiate broadcasts—for example, to let other apps know that some data has been downloaded to the device and is available for them to use. Although broadcast receivers don't display a user interface, they may create a status bar notification to alert the user when a broadcast event occurs. More commonly, though, a broadcast receiver is just a gateway to other components and is intended to do a very minimal amount of work. For instance, it might schedule a JobService
to perform some work based on the event with JobScheduler
A broadcast receiver is implemented as a subclass of BroadcastReceiver
and each broadcast is delivered as an Intent
object. For more information, see the BroadcastReceiver
class.
Content providers
A content provider manages a shared set of app data that you can store in the file system, in a SQLite database, on the web, or on any other persistent storage location that your app can access. Through the content provider, other apps can query or modify the data if the content provider allows it. For example, the Android system provides a content provider that manages the user's contact information. As such, any app with the proper permissions can query the content provider, such as ContactsContract.Data
, to read and write information about a particular person. It is tempting to think of a content provider as an abstraction on a database, because there is a lot of API and support built in to them for that common case. However, they have a different core purpose from a system-design perspective. To the system, a content provider is an entry point into an app for publishing named data items, identified by a URI scheme. Thus an app can decide how it wants to map the data it contains to a URI namespace, handing out those URIs to other entities which can in turn use them to access the data. There are a few particular things this allows the system to do in managing an app:
Content providers are also useful for reading and writing data that is private to your app and not shared.
A content provider is implemented as a subclass of ContentProvider
and must implement a standard set of APIs that enable other apps to perform transactions. For more information, see the Content Providers developer guide.
A unique aspect of the Android system design is that any app can start another app’s component. For example, if you want the user to capture a photo with the device camera, there's probably another app that does that and your app can use it instead of developing an activity to capture a photo yourself. You don't need to incorporate or even link to the code from the camera app. Instead, you can simply start the activity in the camera app that captures a photo. When complete, the photo is even returned to your app so you can use it. To the user, it seems as if the camera is actually a part of your app.
When the system starts a component, it starts the process for that app if it's not already running and instantiates the classes needed for the component. For example, if your app starts the activity in the camera app that captures a photo, that activity runs in the process that belongs to the camera app, not in your app's process. Therefore, unlike apps on most other systems, Android apps don't have a single entry point (there's no main()
function).
Because the system runs each app in a separate process with file permissions that restrict access to other apps, your app cannot directly activate a component from another app. However, the Android system can. To activate a component in another app, deliver a message to the system that specifies your intent to start a particular component. The system then activates the component for you.
Three of the four component types—activities, services, and broadcast receivers—are activated by an asynchronous message called an intent. Intents bind individual components to each other at runtime. You can think of them as the messengers that request an action from other components, whether the component belongs to your app or another.
An intent is created with an Intent
object, which defines a message to activate either a specific component (explicit intent) or a specific type of component (implicit intent).
For activities and services, an intent defines the action to perform (for example, to view or send something) and may specify the URI of the data to act on, among other things that the component being started might need to know. For example, an intent might convey a request for an activity to show an image or to open a web page. In some cases, you can start an activity to receive a result, in which case the activity also returns the result in an Intent
. For example, you can issue an intent to let the user pick a personal contact and have it returned to you. The return intent includes a URI pointing to the chosen contact.
For broadcast receivers, the intent simply defines the announcement being broadcast. For example, a broadcast to indicate the device battery is low includes only a known action string that indicates battery is low.
Unlike activities, services, and broadcast receivers, content providers are not activated by intents. Rather, they are activated when targeted by a request from a ContentResolver
. The content resolver handles all direct transactions with the content provider so that the component that's performing transactions with the provider doesn't need to and instead calls methods on the ContentResolver
object. This leaves a layer of abstraction between the content provider and the component requesting information (for security).
There are separate methods for activating each type of component:
Intent
to startActivity()
or startActivityForResult()
(when you want the activity to return a result).JobScheduler
class to schedule actions. For earlier Android versions, you can start a service (or give new instructions to an ongoing service) by passing an Intent
to startService()
. You can bind to the service by passing an Intent
to bindService()
.Intent
to methods such as sendBroadcast()
, sendOrderedBroadcast()
, or sendStickyBroadcast()
.query()
on a ContentResolver
.For more information about using intents, see the Intents and Intent Filters document. The following documents provide more information about activating specific components: Activities, Services, BroadcastReceiver
, and Content Providers.
Before the Android system can start an app component, the system must know that the component exists by reading the app's manifest file, AndroidManifest.xml
. Your app must declare all its components in this file, which must be at the root of the app project directory.
The manifest does a number of things in addition to declaring the app's components, such as the following:
The primary task of the manifest is to inform the system about the app's components. For example, a manifest file can declare an activity as follows:
...
In the
element, the android:icon
attribute points to resources for an icon that identifies the app.
In the
element, the android:name
attribute specifies the fully qualified class name of the Activity
subclass and the android:label
attribute specifies a string to use as the user-visible label for the activity.
You must declare all app components using the following elements:
elements for activities.
elements for services.
elements for broadcast receivers.
elements for content providers.Activities, services, and content providers that you include in your source but do not declare in the manifest are not visible to the system and, consequently, can never run. However, broadcast receivers can be either declared in the manifest or created dynamically in code as BroadcastReceiver
objects and registered with the system by calling registerReceiver()
.
For more about how to structure the manifest file for your app, see The AndroidManifest.xml File documentation.
As discussed above, in Activating components, you can use an Intent
to start activities, services, and broadcast receivers. You can use an Intent
by explicitly naming the target component (using the component class name) in the intent. You can also use an implicit intent, which describes the type of action to perform and, optionally, the data upon which you’d like to perform the action. The implicit intent allows the system to find a component on the device that can perform the action and start it. If there are multiple components that can perform the action described by the intent, the user selects which one to use.
Caution: If you use an intent to start a Service
, ensure that your app is secure by using an explicit intent. Using an implicit intent to start a service is a security hazard because you cannot be certain what service will respond to the intent, and the user cannot see which service starts. Beginning with Android 5.0 (API level 21), the system throws an exception if you call bindService()
with an implicit intent. Do not declare intent filters for your services.
The system identifies the components that can respond to an intent by comparing the intent received to the intent filters provided in the manifest file of other apps on the device.
When you declare an activity in your app's manifest, you can optionally include intent filters that declare the capabilities of the activity so it can respond to intents from other apps. You can declare an intent filter for your component by adding an
element as a child of the component's declaration element.
For example, if you build an email app with an activity for composing a new email, you can declare an intent filter to respond to "send" intents (in order to send a new email), as shown in the following example:
...
If another app creates an intent with the ACTION_SEND
action and passes it to startActivity()
, the system may start your activity so the user can draft and send an email.
For more about creating intent filters, see the Intents and Intent Filters document.
There are a variety of devices powered by Android and not all of them provide the same features and capabilities. To prevent your app from being installed on devices that lack features needed by your app, it's important that you clearly define a profile for the types of devices your app supports by declaring device and software requirements in your manifest file. Most of these declarations are informational only and the system does not read them, but external services such as Google Play do read them in order to provide filtering for users when they search for apps from their device.
For example, if your app requires a camera and uses APIs introduced in Android 2.1 (API Level 7), you must declare these as requirements in your manifest file as shown in the following example:
...
With the declarations shown in the example, devices that do not have a camera or have an Android version lower than 2.1 cannot install your app from Google Play. However, you can declare that your app uses the camera, but does not require it. In that case, your app must set the required
attribute to false
and check at runtime whether the device has a camera and disable any camera features as appropriate.
More information about how you can manage your app's compatibility with different devices is provided in the Device Compatibility document.
An Android app is composed of more than just code—it requires resources that are separate from the source code, such as images, audio files, and anything relating to the visual presentation of the app. For example, you can define animations, menus, styles, colors, and the layout of activity user interfaces with XML files. Using app resources makes it easy to update various characteristics of your app without modifying code. Providing sets of alternative resources enables you to optimize your app for a variety of device configurations, such as different languages and screen sizes.
For every resource that you include in your Android project, the SDK build tools define a unique integer ID, which you can use to reference the resource from your app code or from other resources defined in XML. For example, if your app contains an image file named logo.png
(saved in the res/drawable/
directory), the SDK tools generate a resource ID named R.drawable.logo
. This ID maps to an app-specific integer, which you can use to reference the image and insert it in your user interface.
One of the most important aspects of providing resources separate from your source code is the ability to provide alternative resources for different device configurations. For example, by defining UI strings in XML, you can translate the strings into other languages and save those strings in separate files. Then Android applies the appropriate language strings to your UI based on a language qualifier that you append to the resource directory's name (such as res/values-fr/
for French string values) and the user's language setting.
Android supports many different qualifiers for your alternative resources. The qualifier is a short string that you include in the name of your resource directories in order to define the device configuration for which those resources should be used. For example, you should create different layouts for your activities, depending on the device's screen orientation and size. When the device screen is in portrait orientation (tall), you might want a layout with buttons to be vertical, but when the screen is in landscape orientation (wide), the buttons could be aligned horizontally. To change the layout depending on the orientation, you can define two different layouts and apply the appropriate qualifier to each layout's directory name. Then, the system automatically applies the appropriate layout depending on the current device orientation.
For more about the different kinds of resources you can include in your application and how to create alternative resources for different device configurations, read Providing Resources. To learn more about best practices and designing robust, production-quality apps, see Guide to App Architecture.
If you like learning with videos and code tutorials, check out the Developing Android Apps with Kotlin Udacity course, or visit other pages in this online guide:
Intents and Intent Filters
How to use the Intent
APIs to activate app components, such as activities and services, and how to make your app components available for use by other apps.
Activities
How to create an instance of the Activity
class, which provides a distinct screen in your application with a user interface.
Providing Resources
How Android apps are structured to separate app resources from the app code, including how you can provide alternative resources for specific device configurations.
Device Compatibility
How Android works on different types of devices and an introduction to how you can optimize your app for each device or restrict your app's availability to different devices.
System Permissions
How Android restricts app access to certain APIs with a permission system that requires the user's consent for your app to use those APIs.
==========================================================
总结:
1.沙箱其实就是用来保护app的空间,linux保护app的数据的措施是,为每个app分配了一个用户id,并且为app中的每个file都设置了权限,只有拥有该用户id的才可以访问这些file。由此提供了权限控制。