App sandbox (iOS)
Definition
The iOS isolation mechanism combining UNIX file permissions, signed entitlements, and TrustedBSD mandatory access control. Each app is confined to a container directory under /var/mobile/Containers. Access to resources outside the container requires an explicit entitlement granted by Apple at signing time.
Related terms
- APFS (Apple File System)
- The default file system on iOS devices since iOS 10.3. Features include 64-bit inode numbers, copy-on-write metadata, file-level encryption using per-file keys,...
- Data Protection classes (iOS)
- iOS encrypts each file under one of four protection classes that control when the file's encryption key is available: Complete (key available...
- ext4
- The fourth extended file system, the default Linux file system used for the userdata partition on most Android devices before widespread F2FS...
- F2FS (Flash-Friendly File System)
- A log-structured file system designed for NAND flash, used on the userdata partition of many modern Android devices including Samsung Galaxy and...
- UID-based sandbox (Android)
- Android's application isolation model in which each installed app receives a unique Linux user ID at install time. The app's private data...
Explained in
- Mobile Operating Systems and File SystemsThe iOS isolation mechanism combining UNIX file permissions, signed entitlements, and TrustedBSD mandatory access control. Each app is confined to a container...