问题
My installed App is signed with an Ad-hoc certificate. But it is designed only for jailbreak iPhones.
I try to directly read the SMS database in /var/mobile/Library/SMS/sms.db. But I found the app can't read it because the SandBox process denied the action. So my question is whether the SandBox is removed after the iPhone is jailbroken?
(And now I think the apps in /var/mobile/Applications/ are still restricted by the SandBox. The process of jailbreaking does not removed the SandBox in this directory?)
回答1:
Unfortunately, you guessed correctly. On a jailbroken device, apps installed to the normal location (/var/mobile/Applications/) are still sandboxed (* see comments below).
The jailbreak does not completely remove the sandbox.
It allows you to run code that's not signed by valid Apple certificates. It therefore also allows you to install your app to different locations.
If you install your app to /Applications/, however, it will be able to read /var/mobile/Library/SMS/sms.db, as I describe in this answer. As a system app, you'll be outside the sandbox.
This has nothing to do with Objective-C, or Cocoa Touch, versus C APIs. It wouldn't be much of a sandbox if all you had to do was use well-known C I/O calls to escape it.
See this other similar answer (to a closed question), for some related discussion.
Update: see saurik's comments in this online thread. The summary is that different jailbreaks (e.g. evasi0n, Absinthe, redsn0w) can affect the sandbox in different ways. Saurik's recommendation is certainly that they not be removed entirely.
回答2:
I had this same problem while trying to read from the iPhone's serial port a while ago. Your guess is correct, even after jailbreak the regular App store apps in /var/mobile/Applications/ are still subject to sandbox restrictions. System apps are not subject to these restrictions and are found in the /var/stash/Applications/ (or I think in iOS 6 there's an identifier in the path), this is where jailbreak apps from Cydia are installed to.
Update: With the Cydia app iFile I can open the /var/mobile/Library/SMS/sms.db database and view the contents. And the Mobile SMS app has no special Entitlements files, so I think you should have no problems reading the SMS database if you place your app in the System apps directory.
回答3:
There is actually a way around not being able to use sandbox accounts. If you reboot your jailbroken device and when the apple bootlogo is displayed you can hold down the volume up button to disable mobilesubstrate. This allows your device to start up like is was never jailbroken and sandbox is enabled. To go back to your jailbroken state just reboot. Simple as that!
来源:https://stackoverflow.com/questions/16026920/why-sandbox-in-ios-6-1-1-still-exists-for-app-even-after-i-have-jailbreak