Cannot Sandbox App

Hey! I have a Problem Sandboxing an App of mine!

I wrote an Mqtt app that connects to an external Mqtt Broker via cellular connection. When setting sandboxed: false in the .adef file it works fine and without problems.

When setting sandboxed to true and rebuilding the App it cannot connect to the broker anymore. I tried adding the “requires” section in the .adef but there were no apparent files in the log that need to be added.
I also used sbhelper to build and trace the app, this added a bunch of different files but it still doesn’t work in Sandboxed mode.

I also tried using strace -f but get Could not exec ‘strace’. No such file or directory in the log

Any tips?

You can refer to this sample to see how to use sandbox with cellular data

I had a look at the application you sent me and changed my App accordingly but i still can’t get it to work. I attached a version of the app with the same problem.Mqtt.rar (656.3 KB)

Can the sample work?

Ok after instaling the httpGet example i get the exact same problem. When Sandboxed i get “Cannot resolve Hostname”, but unsandboxed it works fine.
(I didn’t change anything in the sample app, except the sandbox state for testing)

It works for old fw of wp76, you might try some old fw for wp8548.

Also here says it works on wp77 R12:

Ok, but i have 0 interest in running it on an older Firmware.
Is there no way of knowing why exactly its working when unsandboxed and failing when sandboxed?

Is that you must use sandbox?

From the log, do you see SMACK issue like below?

Apr 15 15:21:34 swi-mdm9x28-wp user.info Legato:  INFO | httpGet[2472] | HTTP Get!
Apr 15 15:21:34 swi-mdm9x28-wp user.notice kernel: [  562.769934] audit: type=1400 audit(1586935294.631:9): lsm=SMACK fn=smack_inode_getattr action=denied subject="app.http_get_WP76" object="admin" requested=r pid=2472 comm="httpGet" path="pipe:[11977]" dev="pipefs" ino=11977
Apr 15 07:21:34 swi-mdm9x28-wp user.err Legato: =ERR= | httpGet[2472]/httpGetComponent T=main | httpGet.c GetUrl() 79 | curl_easy_perform() failed: Couldn't resolve host name

If so, you might need to change the /etc/resolv.conf
permission

It is not 100% needed i just would prefer to use it.

I just get:
Dec 28 13:33:33 swi-mdm9x15 user.info Legato: INFO | httpGet[13236] | HTTP Get!
Dec 28 13:33:33 swi-mdm9x15 user.info Legato: INFO | httpGet[13236]/httpGetComponent T=main | httpGet.c _httpGetComponent_COMPONENT_INIT() 133 | Requesting connection…
Dec 28 13:33:33 swi-mdm9x15 user.info Legato: INFO | httpGet[13236]/httpGetComponent T=main | httpGet.c ConnectionStateHandler() 110 | Interface rmnet0 connected.
Dec 28 13:33:53 swi-mdm9x15 user.err Legato: =ERR= | httpGet[13236]/httpGetComponent T=main | httpGet.c GetUrl() 77 | curl_easy_perform() failed: Couldn’t resolve host name

Can you check the content of resolv.conf file inside the application folder?

I’ve got thes 2:

nameserver 213.33.99.70
nameserver 80.120.17.70

Where is this file path?

Oh sorry,

root@swi-mdm9x15:/legato/systems/current/appsWriteable/httpGet/etc# cat resolv.conf
nameserver 213.33.99.70
nameserver 80.120.17.70

Is it ok the type this in console?

curl https://httpbin.org/get

root@swi-mdm9x15:/legato/systems/current/appsWriteable/httpGet/etc# curl https://httpbin.org/get
curl: (6) Could not resolve host: httpbin.org

root@swi-mdm9x15:/legato/systems/current/appsWriteable/httpGet/etc# cm data connect
Setting up profile 1
Connecting … ok
Checking if device ‘rmnet0’ is up … ok
Routing inet … ok
Updating /etc/resolv.conf … ok
Updating /etc/resolv.conf … ok
Testing connection … ^C
root@swi-mdm9x15:/legato/systems/current/appsWriteable/httpGet/etc# curl https://httpbin.org/get
{
“args”: {},
“headers”: {
“Accept”: “/”,
“Host”: “httpbin.org”,
“User-Agent”: “curl/7.58.0”,
“X-Amzn-Trace-Id”: “Root=1-5fe9ef99-1e3f8fe037955ec03e8ca987”
},
“origin”: “80.75.32.63”,
“url”: “https://httpbin.org/get
}

How about using real ip address inside the .c file?

using the real IP adress i am able to get a proper response with httpGet

Is it ok for you?

You can try other api to get ip address

Might try that, thanks!

Another method is using dns query by udp socket