On my side, if I change the unsandboxed application to create a file in /tmp, and then create another symbolic link in /home/root to this file, then the sandboxed application can still access this symbolic link.
system("echo hello_everybody > /tmp/hello.txt");
system("ln -s /tmp/hello.txt /home/root/hello.txt");
system("chmod o+w /home/root/hello.txt");
system("/mnt/legato/system/bin/xattr set 'security.SMACK64' 'app.hello7rwx' /home/root/hello.txt");
So it seems we can still create the file in /tmp folder and use sandboxed application to access it.
hello7.adef:
sandboxed:true
start: manual
requires:
{
file:
{
[rw] /home/root/hello.txt /
}
}