bughz
/
TrollStore
mirror of https://github.com/opa334/TrollStore.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Always prefer the string in com.apple.private.security.container-required (if it exists) to the bundle identifier when creating a data container

This commit is contained in:
opa334 2023-11-28 12:17:35 +01:00
parent accf995dfc
commit a22414d34a
1 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
RootHelper/uicache.m
View File

@ -42,7 +42,7 @@ NSDictionary *constructGroupsContainersForEntitlements(NSDictionary *entitlement
return nil; return nil;
} }
BOOL constructContainerizationForEntitlements(NSDictionary *entitlements) { BOOL constructContainerizationForEntitlements(NSDictionary *entitlements, NSString **customContainerOut) {
NSNumber *noContainer = entitlements[@"com.apple.private.security.no-container"]; NSNumber *noContainer = entitlements[@"com.apple.private.security.no-container"];
if (noContainer && [noContainer isKindOfClass:[NSNumber class]]) { if (noContainer && [noContainer isKindOfClass:[NSNumber class]]) {
if (noContainer.boolValue) { if (noContainer.boolValue) {
@ -50,12 +50,15 @@ BOOL constructContainerizationForEntitlements(NSDictionary *entitlements) {
} }
} }
NSNumber *containerRequired = entitlements[@"com.apple.private.security.container-required"]; NSObject *containerRequired = entitlements[@"com.apple.private.security.container-required"];
if (containerRequired && [containerRequired isKindOfClass:[NSNumber class]]) { if (containerRequired && [containerRequired isKindOfClass:[NSNumber class]]) {
if (!containerRequired.boolValue) { if (!((NSNumber *)containerRequired).boolValue) {
return NO; return NO;
} }
} }
else if (containerRequired && [containerRequired isKindOfClass:[NSString class]]) {
*customContainerOut = (NSString *)containerRequired;
}
return YES; return YES;
} }
@ -97,8 +100,14 @@ void registerPath(NSString *path, BOOL unregister, BOOL forceSystem) {
if([immutableAppBundleIdentifiers() containsObject:appBundleID.lowercaseString]) return; if([immutableAppBundleIdentifiers() containsObject:appBundleID.lowercaseString]) return;
if (appBundleID && !unregister) { if (appBundleID && !unregister) {
MCMContainer *appContainer = [NSClassFromString(@"MCMAppDataContainer") containerWithIdentifier:appBundleID createIfNecessary:YES existed:nil error:nil]; NSString *appExecutablePath = [path stringByAppendingPathComponent:appInfoPlist[@"CFBundleExecutable"]];
NSString *containerPath = [appContainer url].path; NSDictionary *entitlements = dumpEntitlementsFromBinaryAtPath(appExecutablePath);
NSString *appDataContainerID = appBundleID;
BOOL appContainerized = constructContainerizationForEntitlements(entitlements, &appDataContainerID);
MCMContainer *appDataContainer = [NSClassFromString(@"MCMAppDataContainer") containerWithIdentifier:appDataContainerID createIfNecessary:YES existed:nil error:nil];
NSString *containerPath = [appDataContainer url].path;
BOOL isRemovableSystemApp = [[NSFileManager defaultManager] fileExistsAtPath:[@"/System/Library/AppSignatures" stringByAppendingPathComponent:appBundleID]]; BOOL isRemovableSystemApp = [[NSFileManager defaultManager] fileExistsAtPath:[@"/System/Library/AppSignatures" stringByAppendingPathComponent:appBundleID]];
BOOL registerAsUser = [path hasPrefix:@"/var/containers"] && !isRemovableSystemApp && !forceSystem; BOOL registerAsUser = [path hasPrefix:@"/var/containers"] && !isRemovableSystemApp && !forceSystem;
@ -107,12 +116,9 @@ void registerPath(NSString *path, BOOL unregister, BOOL forceSystem) {
// Add entitlements // Add entitlements
NSString *appExecutablePath = [path stringByAppendingPathComponent:appInfoPlist[@"CFBundleExecutable"]];
NSDictionary *entitlements = dumpEntitlementsFromBinaryAtPath(appExecutablePath);
if (entitlements) { if (entitlements) {
dictToRegister[@"Entitlements"] = entitlements; dictToRegister[@"Entitlements"] = entitlements;
} }
// Misc // Misc
@ -120,7 +126,6 @@ void registerPath(NSString *path, BOOL unregister, BOOL forceSystem) {
dictToRegister[@"CFBundleIdentifier"] = appBundleID; dictToRegister[@"CFBundleIdentifier"] = appBundleID;
dictToRegister[@"CodeInfoIdentifier"] = appBundleID; dictToRegister[@"CodeInfoIdentifier"] = appBundleID;
dictToRegister[@"CompatibilityState"] = @0; dictToRegister[@"CompatibilityState"] = @0;
BOOL appContainerized = constructContainerizationForEntitlements(entitlements);
dictToRegister[@"IsContainerized"] = @(appContainerized); dictToRegister[@"IsContainerized"] = @(appContainerized);
if (containerPath) { if (containerPath) {
dictToRegister[@"Container"] = containerPath; dictToRegister[@"Container"] = containerPath;
@ -172,15 +177,17 @@ void registerPath(NSString *path, BOOL unregister, BOOL forceSystem) {
NSString *pluginBundleID = [pluginInfoPlist objectForKey:@"CFBundleIdentifier"]; NSString *pluginBundleID = [pluginInfoPlist objectForKey:@"CFBundleIdentifier"];
if (!pluginBundleID) continue; if (!pluginBundleID) continue;
MCMContainer *pluginContainer = [NSClassFromString(@"MCMPluginKitPluginDataContainer") containerWithIdentifier:pluginBundleID createIfNecessary:YES existed:nil error:nil]; NSString *pluginExecutablePath = [pluginPath stringByAppendingPathComponent:pluginInfoPlist[@"CFBundleExecutable"]];
NSDictionary *pluginEntitlements = dumpEntitlementsFromBinaryAtPath(pluginExecutablePath);
NSString *pluginDataContainerID = pluginBundleID;
BOOL pluginContainerized = constructContainerizationForEntitlements(pluginEntitlements, &pluginDataContainerID);
MCMContainer *pluginContainer = [NSClassFromString(@"MCMPluginKitPluginDataContainer") containerWithIdentifier:pluginDataContainerID createIfNecessary:YES existed:nil error:nil];
NSString *pluginContainerPath = [pluginContainer url].path; NSString *pluginContainerPath = [pluginContainer url].path;
NSMutableDictionary *pluginDict = [NSMutableDictionary dictionary]; NSMutableDictionary *pluginDict = [NSMutableDictionary dictionary];
// Add entitlements // Add entitlements
NSString *pluginExecutablePath = [pluginPath stringByAppendingPathComponent:pluginInfoPlist[@"CFBundleExecutable"]];
NSDictionary *pluginEntitlements = dumpEntitlementsFromBinaryAtPath(pluginExecutablePath);
if (pluginEntitlements) { if (pluginEntitlements) {
pluginDict[@"Entitlements"] = pluginEntitlements; pluginDict[@"Entitlements"] = pluginEntitlements;
} }
@ -191,7 +198,7 @@ void registerPath(NSString *path, BOOL unregister, BOOL forceSystem) {
pluginDict[@"CFBundleIdentifier"] = pluginBundleID; pluginDict[@"CFBundleIdentifier"] = pluginBundleID;
pluginDict[@"CodeInfoIdentifier"] = pluginBundleID; pluginDict[@"CodeInfoIdentifier"] = pluginBundleID;
pluginDict[@"CompatibilityState"] = @0; pluginDict[@"CompatibilityState"] = @0;
BOOL pluginContainerized = constructContainerizationForEntitlements(pluginEntitlements);
pluginDict[@"IsContainerized"] = @(pluginContainerized); pluginDict[@"IsContainerized"] = @(pluginContainerized);
if (pluginContainerPath) { if (pluginContainerPath) {
pluginDict[@"Container"] = pluginContainerPath; pluginDict[@"Container"] = pluginContainerPath;