Launching projects from SDK in sandboxed mode

(I originally posted that question here, where I was requested by @martyone to post it as a separate topic), so…

Does anyone know how to make SDK launch projects on the device in sandboxed mode? Because if I configure the project for Sailjail and the SDK launches it in non-sandboxed mode then the app doesn’t have access to features protected with permissions (Contacts, call log, etc.). This makes testing and debugging very uncomfortable.

Try by running it under the privileged process group with the help of SGID file permission. You can achieve that e.g. with Custom Process Step deployment step under the IDE or by modifying the RPM .spec(*) temporarily (just during development, not for distributed packages), changing the corresponding line under the %files section to something like

%attr(2755, root, privileged) /usr/bin/myapplication

(*) If your project is using the primary .yaml packaging specification, you should modify that instead, namely the Files block.

Note that the SGID permission bit will be ignored when C++ debugger is used. QML debugging should work as expected and similarly should QML Live work.

EDIT: QML Live relies on LD_PRELOAD, so it will not work when SGID is set.


Fantastic! Thank you very much for your help!

Hmmm. With a block like:

%attr(2755, root, privileged) /usr/bin/harbour-dwd

(tried various positions) I get neither QML live, nor do I get sandboxing.

Also tried.

%attr(2755, root, privileged) %{_bindir}/%{name}

and replacing %{_bindir}/%{name} No go. The macro expansion did work in the line above.

It’s not a real sandboxing, but at least it gives access to all the privileged stuff like contacts, etc.

Couldn’t archieve it with .yaml, so I modified .spec directly by replacing



%attr(2755, root, privileged) /usr/bin/MyApp

QML Live is indeed dead - it doesn’t detect connection and remains offline.

For me this works well on .yaml:

diff --git a/rpm/test.yaml b/rpm/test.yaml
index 14da2a8..f1e7b8b 100644
--- a/rpm/test.yaml
+++ b/rpm/test.yaml
@@ -33,7 +33,7 @@ Requires:
 # All installed files
-  - '%{_bindir}/%{name}'
+  - '%attr(2755, root, privileged) %{_bindir}/%{name}'
   - '%{_datadir}/%{name}'
   - '%{_datadir}/applications/%{name}.desktop'
   - '%{_datadir}/icons/hicolor/*/apps/%{name}.png'

Nope. I had tried that, although setting attr after should work as well? Trying it exactly the way you have here makes no diff. I made sure to run qmake and checked and double checked. Neither is the app running with QML live connections nor is it in a sandbox (ie. open the GPS pain in my app, immediate results. in sailjail, this is not the case.).

EDIT: I also removed all traces of the app, just in case. No. diff.

@martyone, thanks, this yaml modification works, too.

@poetaster Well, it’s not really a sandboxed mode, but in my case it gives access to privileged data while testing/debugging, which is what I needed. I’m developing an app accessing contacts and before I applied the above modification, I needed to deploy it from SDK, then stop it, then launch it from the device or via ssh (if I wanted to see qDebug or console.log output), or else it couldn’t access the contacts database. With this modification it has access to contacts right away, launched from the SDK. So for me it does its job.

Jeez, I think I’ve turned this on it’s head. I was looking for the Sailjail limits to be appllied. In my case, launching from the device does, of course, just that. But I was hoping for ‘within’ the SDK and with QML live debugging.

My problem is that the access to Location/Positioning has very odd delays and I wanted to see if I could counter that. In the end I’m better off editing the QML on the device and restarting the app. sigh. It’s a bit like old school html development (ducks and runs).

This is starting to be a little bit off topic, sorry about that. To me that sounds like there might be a bug somewhere. If you manage to isolate the problem into a minimal test case (i.e. an app which has only just enough functionality to demonstrate the bug and nothing else), please write a bug report about it.

Ok. I can reduce harbour-dwd to

I had filed a bug report,GPS location data not available in Sailjailed app - #8 by poetaster, but by setting PositionSource active (@karry ) I was able to get Position data. But, given location is on in advance, it is ‘immediately’ available when testing in the SDK. As soon as you start ‘normally’, accept sailjail, and navigate to it, it takes a very long time. I was about to rework the messages to reflect that, but could just start with the page as it is.

Never mind. I just made some minor change (message text) and it behaves more like I’d expect. It’s a bit confounding that, from the SDK (and also in 3.4 without sailjail) you see what appears to be the last known values? But, the delay doesn’t seem so abnormal anymore.

EDIT: on the other hand, debugging QML is a real pain. I’ll open another bug report.

Any idea why QML Live doesn’t work with @martyone 's modification? Is there any way to make it work?

Now I realized QML Live is likely broken because it relies on LD_PRELOAD, and that it ignored by executables with SUID/SGID set.

It might be possible to work it around by linking this standalone source in your app - include it as another source in your project during development, not for release builds. I haven’t tried whether it works, please tell us.

Hi, sorry for late reply. I’ve tried to test it but it couldn’t find neither of the includes: livenodeengine.h
nor remotereceiver.h. They don’t seem to be included in the SDK.

You need in your .spec and in your .pro. (Note: do not add link_pkgconfig to CONFIG!)