Android sandboxing works in spite of the underlying security model, not because of it. It's also really selinux that does a lot of heavy lifting.