App access to /tmp

On my side, if I change the unsandboxed application to create a file in /tmp, and then create another symbolic link in /home/root to this file, then the sandboxed application can still access this symbolic link.

	system("echo hello_everybody > /tmp/hello.txt");
	system("ln -s /tmp/hello.txt /home/root/hello.txt");
	system("chmod o+w /home/root/hello.txt");
	system("/mnt/legato/system/bin/xattr set 'security.SMACK64' 'app.hello7rwx' /home/root/hello.txt");

So it seems we can still create the file in /tmp folder and use sandboxed application to access it.

hello7.adef:


sandboxed:true
start: manual
requires:
{
   
    file:
	{
		
	[rw]   /home/root/hello.txt /
	
	}
}