Apple’s Sandboxing (“SeatBelt”) has remained terra incognita since Dionysus Balazakis’s seminal work. 5 years and 300 versions later, however, much as changed. The sandbox has become the linchpin of security in iOS, and the foundation of SIP in OS X 10.11 and later.
This talk explores the sandbox in detail, and fills in the gaps from the original work. In particular, we explore the implementations on *OS and OS X, and how they differ. This includes:
– Voluntary vs. non-voluntary confinement
– Sandbox profiles, both in scheme syntax and binary form
– The MACF syscalls hook, primarily ms_sandbox() APIs
– Sandboxd (OS X)
– ContainerManager (iOS)
– Entitlements
– Interaction with AMFI
All gleaned from reverse engineering, the techniques of which will be of course demonstrated alongside.