Fundamental Concepts

Multi-Sandboxing is based on the Kernel & Features Specification (KF).

It allows an application code to be split into multiple parts:

• the main application, called the Kernel,

• zero or more applications called Features.

Therefore, a Kernel Application relates to the Kernel concept and a Sandboxed Application relates to the Feature concept.

Some fundamental points:

• The Kernel is mandatory. It is assumed to be reliable, trusted, and immutable.

• A Feature is an application “extension” managed by the Kernel.

• A Feature is fully controlled by the Kernel: it can be installed, started, stopped and uninstalled at any time independent of the system state (particularly, a Feature never depends on another Feature to be stopped).

• A Feature is optional, potentially untrusted, and possibly unreliable, yet it can be executed without jeopardizing the safety of the Kernel or other Features.

• Resource access (RAM, hardware peripherals, CPU time, …) are under control of the Kernel.

Note

For more details, refer to the Kernel & Features Specification (KF).

Classpath Processing

The MicroEJ Classpath of a Sandboxed Application is composed of both Application classpath and Kernel classpath entries. According to Class Spaces specification, a type exposed as Kernel API takes precedence over types loaded from classpath. A classpath entry is considered a Kernel classpath entry if it contains at least one type exposed as Kernel API. All other classpath entries are considered Application classpath entries.

Only *.[extension].list files declared in Kernel classpath entry are processed.