Assert plainly that Dalvik is not a boundary.
Certificates are for distinction, not "fake trustworthiness through
verifying cheap identities".
Clarify that UID + GID are what the kernel bases its protection on, not PID.
This is a fuzzy distinction on Android since (apart from sharedUserId and
magical system processes) there is a 1:1 mapping from process <-> UID. But
it's important to clarify what we mean.
Clarify up front about the staticness (staticity?) of permissions. It's
explained lower down, but experience shows people don't read that far down.
Get the rationale (bad UX --> bad security) right up top.
Change-Id: I56013bece58df1b6073d4ad0d22f3ee1b147d8c5
8daac143a8