New filesystem security on iOS 7

A few things caught my attention while analysing the new iOS 7 beta...

Usually, when an iOS beta comes out, the first thing I do is to analyse the filesystem, to check for new stuff, like applications, frameworks, system services, changes in the filesystem layout, etc.

Back in the days, I developed a tiny iOS app to display the content of the iOS filesystem.
It used to be on the AppStore, before Apple decided to remove it, for security reasons. I then made it available on GitHub, as an OpenSource project.

The app was running nice, displaying all iOS partitions, and filesystem hierarchy, permissions, file's contents...
It was really nice, from a developer's perspective, to see how the iOS filesystem was organised, to see how the sandboxing was made, etc...

So I ran it on the first iOS 7 beta...

The app ran just fine, but I was surprised to see that almost all directories on the root partition were empty.
Directories like «/Applications» (system apps), or «/tmp» were still browsable, but directories like «/System», «/Library» or «/var» were reported as empty folders...

The last one surprised me a lot, as «/var» is in fact a mount point were all the user data is stored, including third-party applications.

I first thought of a bug in my own code, but after a few tests, it's definitively not.

So iOS 7 adds some security layer in all filesystem operations, hiding everything related to the system to a third-party app.
It's not that those locations aren't accessible, in terms of filesystem permissions. They are simply hidden (I guess by the Foundation framework).

So as an example, let's take a look at the following code:

NSError * e;

NSLog( @"%@", [ [ NSFileManager defaultManager ] contentsOfDirectoryAtPath: @"/Applications/" error: &e ] );
NSLog( @"%@", e );

e = nil;

NSLog( @"%@", [ [ NSFileManager defaultManager ] contentsOfDirectoryAtPath: @"/System/" error: &e ] );
NSLog( @"%@", e );

Simple stuff. It will just log the contents of the «/System» and «/Applications» directories to the console, reporting a potential error, if any.

Previous to iOS 7, it just works. In both cases, it displays the directories content.
But on iOS 7, while the first case works as expected, the second one, asking for the contents of the «/System» directory, simply fails, with the following error:

Error
    Domain=NSCocoaErrorDomain
    Code=257
    "The operation couldn’t be completed. (Cocoa error 257.)"
    UserInfo=0x146397e0
    {
        NSUnderlyingError=0x14639720
        "The operation couldn’t be completed. Operation not permitted",
        NSFilePath=/System/,
        NSUserStringVariant=(Folder)
    }

Looks like I missed something from the keynote... : )

Comments

Author
B
Date
06/18/2013 04:23
What does it do if you use the regular C open function? They must have extended the Gatekeeper app container idea to iOS.
Author
Shashwat
Date
07/09/2013 10:07
Hey, so which all directories are accessible in iOS 7? Can we access the email attachment directories?
Author
Jean-David Gadina
Date
07/12/2013 13:09
@B: Same with opendir/readdir.
@ Shashwat: You can still list / and /Applications, but for the other directories, you screwed...
Author
Omar
Date
08/24/2013 22:54
Any thoughts on how one could still call programmatically to lock the device from within an app... Previously one could do it before using the GraphicsFramework but it was accessible in PrivateFrameworks folder...

Would love some of your thoughts of possible workarounds, especially frameworks that might be loaded in memory by the OS already?
Author
Arif Jinnah
Date
08/31/2013 15:17
How can I access Applications folder ?
As a pilot I have a periodically like once a month a folder to copy to application folder of Jeppesen FD app now I have already upgraded myself to ios 7 and have no idea how to do it.

Is there a way I can access so as to update my jeppfd app ?

Diskaid says not compatible as yet to ios 7