1. buzios's Avatar
    I've installed firmware 2.1 on my iTouch and tried an app I've written to find out how much space each app installed via iTunes was using.

    My app used to work on 2.0.x firmware.
    With 2.1 I can only access my own directory.

    When I try to access any directory under "/private/var/mobile/Applications/" I get access denied error except for my own UUID.

    With 2.0.x you could access any "/private/var/mobile/Applications/UUID" and one app could erase all other installed apps.

    I don't know what Apple has done but my own directory has the same attributes as before:
    Owner: 501 (mobile)
    GroupOwner: 501 (mobile)
    Directory permissions: 755
    2008-09-10 03:33 PM
  2. bhz1's Avatar
    Maybe its because you would need to re-jailbreak since its a new firmware? You will need to wait until an appropriate jailbreak method is released for 2.1.
    2008-09-10 07:21 PM
  3. buzios's Avatar
    Maybe its because you would need to re-jailbreak since its a new firmware? You will need to wait until an appropriate jailbreak method is released for 2.1.
    No, it has nothing to do with jailbreaking.

    With firmware 2.0.x, (jailbroken or not) any application installed in "/private/var/mobile/Applications/UUID" with owner "mobile" had full access to "/private/var/mobile/Applications".

    In fact, a malicious app could erase all apps installed via iTunes.

    With firmware 2.1, an app has access only to it's own directory.
    Since my iPod is not jailbroken I am limited to "what I can see".

    The app I wrote worked OK with fw 2.0.x and "virgin" devices.
    It reported how much file system space was being used by each installed app.

    When installed on a device with fw 2.1 it can only show it's own directory.

    I've tried:
    opendir() / readdir() Unix API
    fts_open() / fts_read() Unix API
    [[NSFileManager defaultManager] contentsOfDirectoryAtPath: error:] Cocoa API

    The same result with all of them, access denied.

    I can list the first level content of "/private/var/mobile/Applications" and find out how many apps are installed.

    I can not go inside of each app directory to find the app name and compute space used.
    2008-09-10 10:02 PM
  4. cazlar's Avatar
    Apparently, it was always meant that sandbox apps shouldn't be able to see into other sandbox, just it wasn't enforced in 2.0.x, but is now.

    What I'm more interested in, if you install your app in /Applications, outside the sandbox, can it then see into the other apps?
    2008-09-13 10:39 AM
  5. Terrill's Avatar
    Wouldnt just plugging it up to the computer and going to my computer show you ?
    2008-09-13 11:44 PM
  6. NetMage's Avatar
    Can you see the updated rules in /usr/share/sandbox?
    Starlight Computer Wizardry
    Pocket-sized Development
    Follow me on twitter: @NetMage
    2008-09-15 01:29 AM
  7. buzios's Avatar
    What I'm more interested in, if you install your app in /Applications, outside the sandbox, can it then see into the other apps?
    Yes, if you install it in /Applications you have full access.

    My problem is that I was planning to release the app via AppStore
    2008-09-15 03:03 PM
  8. jdas's Avatar
    Taken from SandboxTemplate.sb:

    ; NOTE: Later rules override earlier rules.

    ; Private areas
    (deny file-write*
    (regex "^/private/var/mobile/Applications/.*$"))
    (deny file-read*
    (regex "^/private/var/mobile/Applications/.*$"))
    2008-09-19 12:57 AM
  9. tattoojack's Avatar
    Taken from SandboxTemplate.sb:

    so what if we just remove the part about the deny?
    2008-09-19 08:50 AM
  10. jdas's Avatar
    so what if we just remove the part about the deny?
    To do that, you would need SSH-level access to the device, and be able to tell the user to do that. Not possible for an App Store app to do by itself.
    2008-09-22 09:52 PM
LINK TO POST COPIED TO CLIPBOARD