From a56bf738bd4dae2e6ea8761d0812689b66e82cc1 Mon Sep 17 00:00:00 2001
From: Dhinak G <17605561+dhinakg@users.noreply.github.com>
Date: Sat, 2 Dec 2023 23:45:41 -0500
Subject: [PATCH] Add in other restricted entitlements

---
 RootHelper/main.m | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/RootHelper/main.m b/RootHelper/main.m
index a07d769..6f99537 100644
--- a/RootHelper/main.m
+++ b/RootHelper/main.m
@@ -565,8 +565,8 @@ int signApp(NSString* appPath)
 		}
 	}
 
-	// On iOS 16+, any binary with get-task-allow requires developer mode to be enabled, so we will check
-	// while we're at it
+	// On iOS 16+, binaries with certain entitlements requires developer mode to be enabled, so we'll check
+	// while we're fixing entitlements
 	BOOL requiresDevMode = NO;
 
 	NSURL* fileURL;
@@ -615,9 +615,21 @@ int signApp(NSString* appPath)
 
 			// Developer mode does not exist before iOS 16
 			if (@available(iOS 16, *)){
-				NSObject *getTaskAllowO = entitlementsToUse[@"get-task-allow"];
-				if (getTaskAllowO && [getTaskAllowO isKindOfClass:[NSNumber class]]) {
-					requiresDevMode |= [(NSNumber *)getTaskAllowO boolValue];
+				if (!requiresDevMode) {
+					for (NSString* restrictedEntitlementKey in @[
+						@"get-task-allow", 
+						@"task_for_pid-allow", 
+						@"com.apple.system-task-ports",
+						@"com.apple.system-task-ports.control",
+						@"com.apple.system-task-ports.token.control",
+						@"com.apple.private.cs.debugger"
+					]) {
+						NSObject *restrictedEntitlement = entitlementsToUse[restrictedEntitlementKey];
+						if (restrictedEntitlement && [restrictedEntitlement isKindOfClass:[NSNumber class]]) {
+							requiresDevMode |= [(NSNumber *)restrictedEntitlement boolValue];
+							break;
+						}
+					}
 				}
 			}