|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Sandbox Patch
- fixes the sandbox problems caused by moving files
- access outside /private/var/mobile is allowed
- access to /private/var/mobile/Library/Preferences/com.apple is going through original evaluation
- access to other subdirs of private/var/mobile/Library/Preferences is granted
- everything else goes through original checks
- Can optionally be patched by the original Sandbox hook routine, the TST/BEQ instruction tuple becomes a MOVS/MOVS/BEQ tuple. This patch makes all ignore sandbox profiles.
__text:804028B0 PUSH {R4-R7,LR} <== function is hooked so that a new sb_evaluate() is used
__text:804028B2 ADD R7, SP, #0xC
__text:804028B4 PUSH.W {R8,R10,R11}
__text:804028B8 SUB SP, SP, #0x104
__text:804028BA MOV R10, R0
__text:804028BC LDR R0, [R3,#0x2C]
__text:804028BE MOV R11, R1
__text:804028C0 STR R2, [SP,#0x11C+var_114]
__text:804028C2 MOV R5, R3
__text:804028C4 LDR.W R8, [R1]
__text:804028C8 CBZ R0, loc_804028EE
__text:804028CA ADD.W R1, R3, #0x3C
__text:804028CE ADD.W R2, R3, #0x40
__text:804028D2 LDR.W R4, =(_sock_gettype+1)
__text:804028D6 MOVS R3, #0
__text:804028D8 BLX R4 ; _sock_gettype
__text:804028DA ...
__text:804028DC
__text:804028DE
__text:804028E2
__text:804028E4
__text:804028E6
For further info see https://github.com/comex/datautils0/blob/master/sandbox.S.
