iOS Development-sandbox (sandbox) mechanism

Apple's earnings the day before yesterday seems to be using iOS more than ever before, but everyone's iphone purchase channels are also various, some from the informal channel purchased iphone operating system has been jailbroken, jailbreak this thing and Android root brush is the same, Under normal circumstances, people use mobile phones are not a problem. However, some people always feel that iOS and Android all kinds of uncomfortable, need administrator privileges, but there are pros and cons, before someone bought Apple Brush machine is because the input method. Now the input method problem solved, or someone broke out, spend thousands of of the ocean to buy an iphone and then jailbreak, this kind of thing is very.

after an application is installed in an Android system, it is assigned a separate storage space (Security Sandbox), which stores bytecode files, resource files, and configuration files, assigns a unique ID to the application, and identifies the relevant files and resources for the application. The system enables an application to access only the files and resources of the application under normal circumstances by setting permissions. iOS operating system is similar, iOS is developed from Apple's next operating system, next is a Unix-like operating system, UNIX system restrictions on the file permissions are very strict, normal users commonly used operations are not root permissions, If the user's operation request is assigned permission, it can be executed naturally, otherwise it will not be allowed if root permission is required. The same is true for the application, allocating a space, and then only allowed permissions to access the content.

Here's a picture of the sandbox before Apple's official website:

The above figure is often said that each application has its own storage space, the application can not turn over their walls to access the contents of other storage space, the application requests the data must pass the permission detection, if not meet the conditions, will not be released. In fact, a simple understanding of each application is its own allocation space, for example, if 360 can access the content of QQ chat, then estimated pony Bankruptcy ~

Sandbox enablement process: ①sandbox_init to kernel mac Syscall TrustedBSD via libsandbox.dylib conversion to binary② The sandbox_init request Sandbox.kext extension (see here to think of the IIS extension),The extension installs the certificate for the current process and then returns the installation results. ③ If the installation succeeds, each process request is sent by trusted BSD to Sandbox.kext to match the certificate rules that were previously installed. If the certificate does not match, the installation fails. to see the demo path and type launched in the Xcode simulator, you can do the followingviewdidload Add a sentence:

    NSLog (@ "Path:%@", nshomedirectory ());

This time you will see a path that tests the resulting results:

Path:/users/User name/library/developer/coresimulator/devices/c53a5d69-dedd-4598-9297-79b811e14dad/data/containers/ data/application/0fcda696-03b4-4d8d-b99b-e94d1f843561

You cannot find this path by opening the Finder, you need to enter a command in the terminal to show hidden files:

command to show hidden files in Terminal: Defaults write Com.apple.finder appleshowallfiles-bool true

command to not show hidden files in Terminal: Defaults write Com.apple.finder Appleshowallfiles-bool false

Information for the simulator in Coresimulator:

The path is long, followed by the simulator model, the simulator's specific information:

You can then see the application information in data, and the directory information that an app includes:

The Documents directory stores the file data that is created in the program or browsed in the program, the default settings of the Library store program or other status information, and the caches directory under the library holds the cache file. The preferences directory under the library stores the preferences of the application, TMP saves the temporary files created and stored, the above path can also be obtained by the program to get the path Viewdidload add the following code:

   Get the Documents folder directory, NSDocumentDirectory get doucments folder directory, Nsuserdomainmask is obtained in the current application sandbox, all applications sandbox directory composed of data stored    in an array structure Nsarray *documentpath = Nssearchpathfordirectoriesindomains (Nsdocumentdirectory,nsuserdomainmask, YES);    NSLog (@ "Documents directory:%@", [Documentpath objectatindex:0]);        Cached cache directory    Nsarray *cachepath = Nssearchpathfordirectoriesindomains (Nscachesdirectory, Nsuserdomainmask, YES);    NSLog (@ "Cache directory:%@", [CachePath objectatindex:0]);        Library directory    Nsarray *domainpath = Nssearchpathfordirectoriesindomains (Nslibrarydirectory, Nsuserdomainmask, YES );    NSLog (@ "Repository directory:%@", [Domainpath objectatindex:0]);        Temporary file temp directory    NSLog (@ "temp file directory:%@", nstemporarydirectory ());

iOS Development-sandbox (sandbox) mechanism