System and method for granular network access and accounting

The invention claimed is: 1. A method of separating network traffic, comprising: storing a first application in a first control group in a resource isolation environment, the first control group being associated with a first policy, the first policy setting constraints with respect to at least one of data usage, network connection times, networks used for connection, privacy, or power consumption; storing a copy of the first application in a second control group in the resource isolation environment for serving queries through the copy of the first application separately from queries served through the first application in the first control group, the second control group being associated with a second policy different than the first policy, the second policy setting constraints with respect to at least one of data usage, network connection times, networks used for connection, privacy, or power consumption; receiving, with one or more processors, a first query through the first application, the first query including a first request for content; determining, with the processor, that the content requested by the first query is designated to be controlled by the first policy associated with the first control group; serving, with the processor, the first query according to the constraints of the first policy; receiving, with the processor, a second query through the first application, the second query including a second request for content; determining, with the processor, that the content requested by the second query is designated to be controlled by the second policy associated with the second control group; forwarding the second request for content to the copy of the first application in the second control group; and serving, with the processor, the second query according to the constraints of the second policy. 2. The method of claim 1 , wherein the first application is a browsing client stack. 3. The method of claim 1 , wherein the first policy is one of a network access policy and an accounting policy. 4. The method of claim 3 , wherein serving the first query comprises calculating a cost associated with loading the content requested by the first request. 5. The method of claim 1 , wherein the resource isolation environment comprises a Linux container. 6. The method of claim 1 , wherein serving the first query comprises: determining an amount of data used for applications in the first control group in a given amount of time; and comparing the determined amount of data used to an allotted amount of data. 7. The method of claim 6 , further comprising limiting subsequent data usage for applications in the first control group based on the comparing. 8. The method of claim 1 , wherein serving the first query comprises tunneling traffic through a remote accounting server. 9. A system, comprising: a resource isolation environment including at least a first control group and a second control group, wherein each control group is associated with at least one policy; one or more processors in communication with the resource isolation environment, the one or more processors configured to: store a first application in the first control group in the resource isolation environment, the first control group being associated with a first policy, the first policy setting constraints with respect to at least one of data usage, network connection times, networks used for connection, privacy, or power consumption; store a copy of the first application in the second control group in the resource isolation environment for serving queries through the copy of the first application separately from queries served through the first application in the first control group, the second control group being associated with a second policy different than the first policy, the second policy setting constraints with respect to at least one of data usage, network connection times, networks used for connection, privacy, or power consumption; receive a first query through the first application, the first query including a first request for content; determine that the content requested by the first query is designated to be controlled by the first policy associated with the first control group; and serve the first query according to the constraints of the first policy; receive a second query through the first application, the second query including a second request for content; determine that the content requested by the second query is designated to be controlled by the second policy associated with the second control group; and serve the second query according to the constraints of the second policy. 10. The system of claim 9 , further comprising an accounting module programmed to perform calculations in connection with data usage for each control group. 11. The system of claim 10 , wherein the resource isolation environment, one or more processors, and accounting module reside on a mobile device. 12. The system of claim 9 , wherein the first application is a browsing client stack. 13. The system of claim 9 , wherein the first policy is one of a network access policy and an accounting policy. 14. The system of claim 13 , wherein serving the first query comprises calculating a cost associated with loading the content requested by the first request. 15. The system of claim 9 , wherein the resource isolation environment comprises a Linux container. 16. The system of claim 9 , wherein serving the first query comprises: determining an amount of data used for applications in the first control group in a given amount of time; and comparing the determined amount of data used to an allotted amount of data. 17. The system of claim 16 , wherein the one or more processors are further configured to limit subsequent data usage for applications in the first control group based on the comparing. 18. A non-transitory computer-readable medium storing instructions executable by a processor for performing a method of separating network traffic, the method comprising: storing a first application in a first control group in a resource isolation environment, the first control group being associated with a first policy, the first policy setting constraints with respect to at least one of data usage, network connection times, networks used for connection, privacy, or power consumption; storing a copy of the first application in a second control group in the resource isolation environment for serving queries through the copy of the first application separately from queries served through the first application in the first control group, the second control group being associated with a second policy different than the first policy, the second policy setting constraints with respect to at least one of data usage, network connection times, networks used for connection, privacy, or power consumption; receiving a first query through the first application, the first query including a first request for content; determining that the content requested by the first query is designated to be controlled by the first policy associated with the first control group; and serving the first query according to the constraints of the first policy, receiving a second query through the first application, the second query including a second request for content; determining that the content requested by the second query is designated to be controlled by the second policy associated with the second control group; forwarding the second request for content to the copy of the first application in the second cont