Difference between revisions of "Sandbox"

Latest revision as of 20:31, 19 September 2014

Apple's software based mandatory access control that was introduced in iOS 2.0. It is a higher level layer on top of the XNU implementation of the TrustedBSD MAC framework.

Problems

In addition to the new set of frameworks in 2.0, applications had to be tweaked to use the new sandbox.
For applications to run, they need to have a folder called _Codesign with a file inside called CodeResources
If a userland exploit was discovered in an App Store app, the CodeResources would become invalid when a file was injected.
The checks are not as hard on built in applications in the firmware [1] (only version.plist is checked to prevent a soft upgrade )

Exploits

The dependency on the CodeResources file makes it vulnerable to the Incomplete Codesign Exploit

@@ Line 1: / Line 1: @@
-Apple's software based [[Wikipedia:Hypervisor|Hypervisor]] that was introduced in [[iOS]] 2.0.
+Apple's software based [[Wikipedia:Mandatory access control|mandatory access control]] that was introduced in [[iOS]] 2.0. It is a higher level layer on top of the XNU implementation of the TrustedBSD MAC framework.
-== Problem's ==
+== Problems ==
 *In addition to the new set of frameworks in 2.0, applications had to be tweaked to use the new sandbox.
 *For applications to run, they need to have a folder called [[_Codesign]] with a file inside called [[CodeResources]]
@@ Line 11: / Line 11: @@
 == More Info ==
-http://iphonedevwiki.net/index.php/Seatbelt
+* [http://iphonedevwiki.net/index.php/Seatbelt Seatbelt article on iPhoneDevWiki]
+* [https://developer.apple.com/app-sandboxing/ Apple's articles about App Sandboxing for developers]

Difference between revisions of "Sandbox"

Latest revision as of 20:31, 19 September 2014

Problems

Exploits

More Info

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Miscellaneous

Tools