问题描述
一旦iOS设备被越狱,我们就可以构建越狱应用程序(使用theos),并将其安装在 / Applications
目录中,其中预加载的应用程序以root权限运行。如果应用程序是使用Xcode构建的,一旦安装了它,它就会进入 / private / var / mobile / Applications /
文件夹,该文件夹应该强制使用Apple沙箱(在越狱之前)。
Once an iOS device is jailbroken, we can build jailbreak apps (with theos) and it gets installed in the /Applications
directory where the preloaded apps run with root privileges. If an app is built with Xcode, once it is installed, it gets into the /private/var/mobile/Applications/
folder, which is supposed to have Apple sandbox enforced (before jailbreak).
所以,我的问题是:
-
对于越狱设备,
/ private / var / mobile / Applications /
中的应用程序是以root权限执行还是使用mobile $ c执行$ c>用户权限?
For a jailbroken device, will the apps in
/private/var/mobile/Applications/
execute with root privileges or withmobile
user privileges?
对于Android,一旦生根,应用程序必须通过执行 su
命令。它也适用于iOS吗?
In case of Android, once rooted, the apps will have to gain root privileges by executing the su
command. Is it the case when it comes to iOS as well?
我想了解这两个开发之间的区别选项(Theos / Xcode)以及它如何影响我的应用程序可以执行的操作。
I would like to understand the difference between these two development options (Theos / Xcode) and how it affects what operations my app can perform.
推荐答案
不同意任何事情,但要进一步澄清......
Not disagreeing with anything H2CO3 said, but to add some further clarification ...
-
使用Xcode安装在
/ private / var / mobile / Applications /
(†)中的应用程序将以用户mobile
特权,即使在越狱手机上也是如此。
Apps installed in
/private/var/mobile/Applications/
(†) with Xcode will run with usermobile
privileges, even on jailbroken phones.
即使在越狱手机上,安装到 / private / var的应用也是如此/ mobile / Applications /
(†)将被沙盒几乎(‡),就像手机上的应用程序一样。因此,不读取其他(普通)应用程序的数据,即使这些文件归用户所有 mobile
。
Even on a jailbroken phone, apps installed to /private/var/mobile/Applications/
(†) will be sandboxed almost (‡) like apps on a jailed phone. So, no reading other (normal) apps' data, even if those files are owned by user mobile
.
为了更好地描述像Cydia这样的应用程序以root身份运行的过程,请。或者,只需将ssh插入手机,然后自己查看 /Applications/Cydia.app /
。
For a good description of the process that apps like Cydia use to run as root, see this answer. Or, just ssh into your phone, and take a look inside /Applications/Cydia.app/
yourself.
如果您只是复制/安装应用程序(不执行)至 / Applications /
,它不会被沙盒化,但仍会以 mobile
(UID = 501)权限运行:
If you simply copy/install an app (without doing what H2CO3 suggested) to /Applications/
, it won't be sandboxed, but it will still run with mobile
(UID=501) privileges:
iPhone5:~ root# cd /Applications
iPhone5:/Applications root# ls -altr ./HelloJB.app/
total 220
-rw-r--r-- 1 root wheel 711 Apr 3 20:36 entitlements.xml
-rw-r--r-- 1 root wheel 297 Apr 3 20:36 entitlements-daemon.xml
-rw-r--r-- 1 root wheel 7972 Apr 3 20:36 embedded.mobileprovision
-rw-r--r-- 1 root wheel 58755 Apr 3 20:36 date.zip
-rw-r--r-- 1 root wheel 485 Apr 3 20:36 ResourceRules.plist
-rw-r--r-- 1 root wheel 8 Apr 3 20:36 PkgInfo
-rw-r--r-- 1 root wheel 1226 Apr 3 20:36 Info.plist
-rw-r--r-- 1 root wheel 10960 Apr 3 20:36 Icon\@2x.png
-rw-r--r-- 1 root wheel 8328 Apr 3 20:36 Icon.png
-rw-r--r-- 1 root wheel 451 Apr 3 20:36 HelloJB.plist
-rwxr-xr-x 1 root wheel 61088 Apr 3 20:36 HelloJB*
-rwxr-xr-x 1 root wheel 42688 Apr 3 20:36 HelloDaemon*
drwxr-xr-x 2 root wheel 136 Apr 3 20:36 en.lproj/
drwxr-xr-x 2 root wheel 102 Apr 3 20:36 _CodeSignature/
drwxr-xr-x 4 root wheel 544 Apr 3 20:36 ./
drwxrwxr-x 54 root admin 1904 Apr 5 02:14 ../
iPhone5:/Applications root# ps -Aef | grep HelloJB
501 9412 1 0 0:00.00 ?? 0:00.33 /Applications/HelloJB.app/HelloJB
iPhone5:/Applications root# grep mobile /etc/passwd
mobile:*:501:501:Mobile User:/var/mobile:/bin/sh
(‡)这是一个。简而言之:它取决于。
(‡) Here's a good discussion, with input from Saurik, about how different jailbreaks may affect the sandbox. Long story short: it depends.
(†)更新:在最近的版本中iOS,第三方应用的位置已移至 / var / mobile / Containers
,稍后移至 / var / containers /
,但仍存在相同的基本沙箱问题。
(†) Update: in recent versions of iOS, the location of 3rd-party apps has been moved to /var/mobile/Containers
, and later to /var/containers/
, but the same basic sandbox issues remain.
这篇关于一旦越狱,iOS应用程序将以root权限运行吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!