The project (ARC Virtual Machine) by Google A new launcher option for Chrome OS Android-applications. The key difference from the currently proposed ARC++ layer (Android Runtime for Chrome) is the use of a full-fledged virtual machine instead of a container. The technologies embedded in ARCVM are already being used in the subsystem. for start Linux-applications in Chrome OS.
Instead of a container isolated by namespaces, seccomp, alt syscall, SELinux and cgroups, for execution Android- ARCVM environment uses a virtual machine monitor based on the KVM hypervisor and at the settings level system image , which includes a stripped-down kernel and a minimal system environment. Input and output to the screen is organized by running an intermediate composite server inside the virtual machine, forwarding output, input events and clipboard operations between the virtual and main environments (In ARC ++ direct access to the DRM layer via the Render Node).
Google coming soon replace the current ARC++ subsystem with ARCVM, but in the long term, ARCVM is of interest in terms of unification with the launch subsystem Linux-applications and ensuring stricter isolation Android- environment (the container uses a kernel common with the main system and retains direct access to system calls and kernel interfaces, a vulnerability in which can be used to compromise the entire system from the container).
The use of ARCVM will also make it possible to allow users to install arbitrary Android- applications, not limited to linking to the Google Play catalog and without requiring the device to be switched to developer mode (in normal mode installation of only selected applications from Google Play). This feature is necessary for organizing development Android-applications in Chrome OS. It is now possible to install the environment in Chrome OS Android Studio, but in order to test the applications being developed, you need to enable Developer Mode.
Source: opennet.ru
