Cannot Sandbox App

reinhard2 · December 28, 2020, 9:40am

Hey! I have a Problem Sandboxing an App of mine!

I wrote an Mqtt app that connects to an external Mqtt Broker via cellular connection. When setting sandboxed: false in the .adef file it works fine and without problems.

When setting sandboxed to true and rebuilding the App it cannot connect to the broker anymore. I tried adding the “requires” section in the .adef but there were no apparent files in the log that need to be added.
I also used sbhelper to build and trace the app, this added a bunch of different files but it still doesn’t work in Sandboxed mode.

I also tried using strace -f but get Could not exec ‘strace’. No such file or directory in the log

Any tips?

jyijyi · December 28, 2020, 9:48am

You can refer to this sample to see how to use sandbox with cellular data

reinhard2 · December 28, 2020, 10:28am

I had a look at the application you sent me and changed my App accordingly but i still can’t get it to work. I attached a version of the app with the same problem.Mqtt.rar (656.3 KB)

jyijyi · December 28, 2020, 11:20am

Can the sample work?

reinhard2 · December 28, 2020, 11:45am

Ok after instaling the httpGet example i get the exact same problem. When Sandboxed i get “Cannot resolve Hostname”, but unsandboxed it works fine.
(I didn’t change anything in the sample app, except the sandbox state for testing)

jyijyi · December 28, 2020, 1:07pm

It works for old fw of wp76, you might try some old fw for wp8548.

Also here says it works on wp77 R12:

reinhard2 · December 28, 2020, 1:36pm

Ok, but i have 0 interest in running it on an older Firmware.
Is there no way of knowing why exactly its working when unsandboxed and failing when sandboxed?

jyijyi · December 28, 2020, 2:27pm

Is that you must use sandbox?

From the log, do you see SMACK issue like below?

Apr 15 15:21:34 swi-mdm9x28-wp user.info Legato:  INFO | httpGet[2472] | HTTP Get!
Apr 15 15:21:34 swi-mdm9x28-wp user.notice kernel: [  562.769934] audit: type=1400 audit(1586935294.631:9): lsm=SMACK fn=smack_inode_getattr action=denied subject="app.http_get_WP76" object="admin" requested=r pid=2472 comm="httpGet" path="pipe:[11977]" dev="pipefs" ino=11977
Apr 15 07:21:34 swi-mdm9x28-wp user.err Legato: =ERR= | httpGet[2472]/httpGetComponent T=main | httpGet.c GetUrl() 79 | curl_easy_perform() failed: Couldn't resolve host name

If so, you might need to change the /etc/resolv.conf
permission

reinhard2 · December 28, 2020, 2:27pm

It is not 100% needed i just would prefer to use it.

I just get:
Dec 28 13:33:33 swi-mdm9x15 user.info Legato: INFO | httpGet[13236] | HTTP Get!
Dec 28 13:33:33 swi-mdm9x15 user.info Legato: INFO | httpGet[13236]/httpGetComponent T=main | httpGet.c _httpGetComponent_COMPONENT_INIT() 133 | Requesting connection…
Dec 28 13:33:33 swi-mdm9x15 user.info Legato: INFO | httpGet[13236]/httpGetComponent T=main | httpGet.c ConnectionStateHandler() 110 | Interface rmnet0 connected.
Dec 28 13:33:53 swi-mdm9x15 user.err Legato: =ERR= | httpGet[13236]/httpGetComponent T=main | httpGet.c GetUrl() 77 | curl_easy_perform() failed: Couldn’t resolve host name

jyijyi · December 28, 2020, 2:31pm

Can you check the content of resolv.conf file inside the application folder?

reinhard2 · December 28, 2020, 2:36pm

I’ve got thes 2:

nameserver 213.33.99.70
nameserver 80.120.17.70

jyijyi · December 28, 2020, 2:40pm

Where is this file path?

reinhard2 · December 28, 2020, 2:41pm

Oh sorry,

root@swi-mdm9x15:/legato/systems/current/appsWriteable/httpGet/etc# cat resolv.conf
nameserver 213.33.99.70
nameserver 80.120.17.70

jyijyi · December 28, 2020, 2:43pm

Is it ok the type this in console?

curl https://httpbin.org/get

reinhard2 · December 28, 2020, 2:46pm

root@swi-mdm9x15:/legato/systems/current/appsWriteable/httpGet/etc# curl https://httpbin.org/get
curl: (6) Could not resolve host: httpbin.org

root@swi-mdm9x15:/legato/systems/current/appsWriteable/httpGet/etc# cm data connect
Setting up profile 1
Connecting … ok
Checking if device ‘rmnet0’ is up … ok
Routing inet … ok
Updating /etc/resolv.conf … ok
Updating /etc/resolv.conf … ok
Testing connection … ^C
root@swi-mdm9x15:/legato/systems/current/appsWriteable/httpGet/etc# curl https://httpbin.org/get
{
“args”: {},
“headers”: {
“Accept”: “/”,
“Host”: “httpbin.org”,
“User-Agent”: “curl/7.58.0”,
“X-Amzn-Trace-Id”: “Root=1-5fe9ef99-1e3f8fe037955ec03e8ca987”
},
“origin”: “80.75.32.63”,
“url”: “https://httpbin.org/get”
}

jyijyi · December 28, 2020, 2:54pm

How about using real ip address inside the .c file?

reinhard2 · December 28, 2020, 3:04pm

using the real IP adress i am able to get a proper response with httpGet

jyijyi · December 28, 2020, 3:17pm

Is it ok for you?

You can try other api to get ip address

reinhard2 · December 28, 2020, 3:20pm

Might try that, thanks!

jyijyi · December 28, 2020, 3:24pm

Another method is using dns query by udp socket