iOS用户权限
[英]iOS User permissions
问题描述
On iphone, there are somethings that jailbreak phones can do while non-jailbreak ones can not. 
在iPhone上,越狱电话可以执行某些操作,而非越狱电话则无法执行。 I think there must be a list of permissions configured for the user and that list is changed in the jailbreak progress. 我认为必须为用户配置了权限列表,并且该列表在越狱过程中已更改。
Anyone can show me how to get that list of permissions (by code) or link me to any related documents? 任何人都可以向我展示如何获取该权限列表(按代码)或将我链接至任何相关文档?
1 个解决方案
解决方案1
6 已采纳 2014-06-05 12:57:40
Sandbox 沙盒
Some permissions are enforced by seatbelt (sandbox) profile "container" - it's default profile for all apps inside /var/mobile/Applications (up to iOS 7.x) or /var/mobile/Containers (since iOS 8) directory ie AppStore apps. 安全带(沙盒)配置文件“容器”强制执行某些权限-这是/var/mobile/Applications (自iOS 7以上版本)或/var/mobile/Containers (自iOS 8起)目录中所有应用的默认配置文件,即AppStore应用。 You can read about it here . 你可以在这里阅读。 It's probably outdated but should give you some idea about how it works. 它可能已过时,但应该让您对其工作原理有所了解。
As far as I know sandboxing is implemented as kernel extension. 据我所知,沙箱是作为内核扩展实现的。 It uses hooks to various system calls in order to check whether calling process has permissions to make the call. 它使用各种系统调用的挂钩,以检查调用过程是否具有进行调用的权限。
Jailbreak doesn't turn off sandbox, at least it shouldn't and it's not required for jailbreaking. 越狱不会关闭沙箱,至少它不应该关闭,而且越狱不是必需的。 Almost everything works as it is. 几乎所有东西都按原样工作。 There're some differences between jailbreaks, some versions clearly broke sandbox rules. 越狱之间存在一些差异,某些版本显然违反了沙箱规则。 For example, you could read files outside of your application directories that you would normally not able to. 例如,您可以读取应用程序目录之外的文件,而这些文件通常是无法读取的。
Sandboxing doesn't care about whether process has root access or not. 沙盒不在乎进程是否具有root用户访问权限。 It's a completely different security layer. 这是一个完全不同的安全层。 And it used not only for AppStore apps. 它不仅用于AppStore应用程序。 Many system daemons and apps has their own very strict sandbox profiles even though they execute as root . 即使许多系统后台驻留程序和应用程序都以root身份执行,也具有非常严格的沙箱配置文件。
Entitlements 权益
Entitlements are another way of granting permissions. 权利是授予权限的另一种方法。 Entitlements are like Android permissions but they are located inside app binary as binary property list and protected by code signature. 权限类似于Android权限,但它们位于应用程序二进制文件中,作为二进制属性列表,并受代码签名保护。 So you can't add anything you want. 因此,您无法添加任何想要的东西。 For AppStore apps that works even on jailbroken phones unless you install AppSync tweak which turns off code signature checks and should (I didn't test it myself but it should be possible) allow you to sign AppStore apps with any entitlements. 对于即使在越狱电话上也能运行的AppStore应用程序,除非您安装AppSync tweak可以关闭代码签名检查,并且应该(我本人没有对其进行测试,但应该可以)允许您使用任何权利对AppStore应用程序进行签名。
For other processes code signature checks are disabled by default so that you could write your own cydia tweaks/apps and sign them with any entitlements you want as long as they are located outside of "container" sandbox profile directory. 对于其他进程,默认情况下会禁用代码签名检查,以便您可以编写自己的cydia调整/应用程序,并使用所需的任何权利对它们进行签名,只要它们位于“容器”沙箱配置文件目录之外即可。
Entitlements are different from sandboxing. 权利不同于沙箱。 Checks for specific entitlements are not done in the kernel or some system daemon - the actual code you are calling does the check. 在内核或某些系统守护程序中没有检查特定的权限-您正在调用的实际代码进行检查。 For example, when you want to send an SMS message. 例如,当您要发送短信时。 You can do this by sending an XPC message that will be received by CommCenter daemon which implements all baseband related stuff in userland (that's how private ChatKit.framework does it). 您可以通过发送XPC消息来实现此目的,该消息将由CommCenter守护程序接收,该守护程序在用户域中实现所有与基带相关的内容(这就是私有ChatKit.framework工作方式)。 CommCenter then checks whether calling process has required entitlements before proceeding with request or denying the access. 然后,CommCenter在进行请求或拒绝访问之前检查呼叫过程是否具有必需的权利。 Many APIs actually use IPC to some system daemon to get the data. 实际上,许多API使用IPC来访问某些系统守护程序以获取数据。 CoreTelephony , for example, is just an IPC interface to CommCenter daemon. 例如, CoreTelephony只是CommCenter守护程序的IPC接口。 And to restrict the access the daemon checks entitlements of the process that intiated the request. 为了限制访问,守护程序会检查引发请求的进程的权利。
Code signature 代码签名
The name says it all. 这个名字说明了一切。 You can't execute anything you want. 您无法执行任何所需的操作。 AppStore apps must be signed with Apple certificate. AppStore应用程序必须使用Apple证书签名。 All system apps are signed and their hashes stored inside kernel so that you couldn't alter them in any way. 所有系统应用程序均已签名,并且其哈希存储在内核中,因此您无法以任何方式对其进行更改。
Code signature of course means that when iOS is asked to execute something it will check binary code signature before executing any code. 代码签名当然意味着当要求iOS执行某些操作时,它将在执行任何代码之前检查二进制代码签名。 But iOS uses another feature - all code pages are also signed and their signature is checked at runtime. 但是iOS使用另一项功能-所有代码页也都经过签名,并在运行时检查其签名。 When there is a page fault interrupt kernel will check code signature. 当出现页面错误时,中断内核将检查代码签名。
Jailbreak turns off almost all code signature checks. 越狱将关闭几乎所有代码签名检查。 There are no checks for non AppStore app processes. 没有检查非AppStore应用程序进程。 There are checks for AppStore apps which can be turned off with AppSync tweak from Cydia. 可以通过Cydia的AppSync调整关闭AppStore应用程序的检查。
One could ask, how is then Safari works. 有人会问,那么Safari如何运作。 It's JavaScript engine generates code at runtime. 它的JavaScript引擎在运行时生成代码。 Safari is signed with very special entitlement dynamic-codesigning that allows you to do such a thing. Safari具有非常特殊的授权dynamic-codesigning签名,可让您执行此操作。
UNIX permissions UNIX权限
An there is that of course. 当然有。 Jailbreak doesn't turn it off or alter in any way. 越狱不会将其关闭或以任何方式更改。 There are many users in iOS. iOS中有很多用户。 They're used for various system processes to make iOS more secure by restricting access to the stuff that the process actually needs. 它们用于各种系统进程,通过限制对进程实际需要的内容的访问来使iOS更加安全。 So that when vulnerability is found in such a process hacker couldn't do anything it wants. 这样,当在这样的过程中发现漏洞时,黑客将无法做任何事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.