If you are using Internet Explorer, please remove blackberry.com from your compatibility view settings.

Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Native Development

Reply
Developer
BGmot
Posts: 1,068
Registered: ‎11-24-2011
My Device: PlayBook
My Carrier: x
Accepted Solution

Sandbox

How do you define 'sandbox' in 'Application executed on PlayBook' context? What exactly does it mean? Documentation gives list of folders that should be accessible by the App but I can easily read root / from my App.

Is there a list of all restrictions that 'sandbox' implies?

Thanks.

Please use plain text.
Developer
superdirt
Posts: 541
Registered: ‎05-17-2009
My Device: Not Specified

Re: Sandbox

What I know about sandboxing of non-root applications on BBX:

 

- One application cannot access the screen context of another application.

- The "app" and "data" folders of one application can only be accessed by that application.

 

Scott

Please use plain text.
Developer
peter9477
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: Sandbox

I'm not sure of a documented list, but here's what should be a fairly complete summary.

 

1. the term "sandbox" may not be rigorously defined, but generally would refer to the whole set of folders under the current directory when the app is launched, especially the data/ folder where they can write private data which no other app can access.

2. apps should generally not access anything outside their sandbox, except through the symlinks provided inside (there are certainly exceptions, such as native apps loading shared libraries)

3.apps *can* read lots of stuff outside the sandbox, and in theory everything out there should be adequately protected so you can't see stuff you're not supposed to (modulo root exploits) or write to anything except what's already available through your sandbox symlinks

4. you should access your app's static/read-only data through the app/ folder, not through its entry under /apps/

5. you should access your data through data/, not through your entry under /accounts/1000/appdata/

6. your stderr/stdout are redirected to logs/log and possibly other files depending on the runtime in question (e.g. AIR may have air-log and air-trace)

7. you may create folders/files under tmp/ but don't count on them persisting between runs of your app

8. you should access the shared folders through shared/ which is a symlink, rather than through /accounts/1000/shared, and your app must request the access_files permission to be able to do so (in either location)

 

I think that mostly answers your question.  The term "sandbox" doesn't refer to restrictions that are in place to prevent your app from accessing anything outside its runtime current directory, though best practices dictate that the app not do so except in the few exceptional cases where it must.


Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Please use plain text.
BlackBerry Technical Advisor (Retired)
davidcummings
Posts: 20
Registered: ‎10-27-2010
My Device: Bold 9800

Re: Sandbox

A general overview of sandboxing can be found at: http://docs.blackberry.com/en/admin/deliverables/27308/How_the_OS_protects_memory_1801132_11.jsp

 

There is also an overview of the application directories for AIR applications at: http://docs.blackberry.com/en/developers/deliverables/23959/File_system_layout_1585071_11.jsp

 

For the most part this also applies to native applications, other than the references to the AIR APIs to access each of the directories.

Please use plain text.