just my thinking, 3 ways to escape from sandbox on jailbreak device, to do file copying or execute super commands.
Way-1, Use MobileSubstrate to inject to root process, for example: locationd.
Way-2, signed your app with debug permission. and dynamicly inject code to other process.
Way-3, signed your app with sandbox associated entertitlements.
the "container" config file is loaded automatically, this is a problem.
[原]Escape From the iOS Sanbox on Jailbreak Device,布布扣,bubuko.com