The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Sandbox"
(REALLY LIAM?) |
(adding links) |
||
(11 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
− | + | Apple's software based [[Wikipedia:Mandatory access control|mandatory access control]] that was introduced in [[iOS]] 2.0. It is a higher level layer on top of the XNU implementation of the TrustedBSD MAC framework. |
|
− | == |
+ | == Problems == |
+ | *In addition to the new set of frameworks in 2.0, applications had to be tweaked to use the new sandbox. |
||
− | *this made all [[App Store]]'s apps need updating to work on the new [[iOS]] |
||
+ | *For applications to run, they need to have a folder called [[_Codesign]] with a file inside called [[CodeResources]] |
||
+ | *If a [[userland]] exploit was discovered in an [[App Store]] app, the [[CodeResources]] would become invalid when a file was injected. |
||
+ | *The checks are not as hard on built in applications in the [[firmware]] [http://pastebin.com/6C55pTxf] (only version.plist is checked to prevent a [[soft upgrade]] ) |
||
+ | == Exploits == |
||
− | *for app's to run they needed to have a folder called [[_Codesign]] in it was a file called [[CodeResources]] |
||
+ | The dependency on the [[CodeResources]] file makes it vulnerable to the [[Incomplete Codesign Exploit]] |
||
− | *if a [[userland]] exploit was discovered in an [[App Store]] app the [[CodeResources]] would become invalid when a file was injected |
||
− | *the checks are not as hard on app's in the [[firmware]] [[http://pastebin.com/6C55pTxf]] (only version.plist is checked to prevent a [[soft_upgrade]] ) |
||
− | == |
+ | == More Info == |
+ | * [http://iphonedevwiki.net/index.php/Seatbelt Seatbelt article on iPhoneDevWiki] |
||
− | because of the dependancy on the [[CodeResources]] file it is vonrable to the [[Incomplete_Codesign_Exploit]] |
||
+ | * [https://developer.apple.com/app-sandboxing/ Apple's articles about App Sandboxing for developers] |
Latest revision as of 20:31, 19 September 2014
Apple's software based mandatory access control that was introduced in iOS 2.0. It is a higher level layer on top of the XNU implementation of the TrustedBSD MAC framework.
Problems
- In addition to the new set of frameworks in 2.0, applications had to be tweaked to use the new sandbox.
- For applications to run, they need to have a folder called _Codesign with a file inside called CodeResources
- If a userland exploit was discovered in an App Store app, the CodeResources would become invalid when a file was injected.
- The checks are not as hard on built in applications in the firmware [1] (only version.plist is checked to prevent a soft upgrade )
Exploits
The dependency on the CodeResources file makes it vulnerable to the Incomplete Codesign Exploit