Sync uicache with upstream

2023-11-28 12:02:31 +01:00 · 2023-11-28 12:02:31 +01:00 · accf995dfc
parent 1699abd9ab
commit accf995dfc
1 changed files with 94 additions and 119 deletions
--- a/RootHelper/uicache.m
+++ b/RootHelper/uicache.m
@ -11,33 +11,27 @@
 extern NSSet<NSString*>* immutableAppBundleIdentifiers(void);
 extern NSDictionary* dumpEntitlementsFromBinaryAtPath(NSString* binaryPath);

-NSDictionary* constructGroupsContainersForEntitlements(NSDictionary* entitlements, BOOL systemGroups)
-{
+NSDictionary *constructGroupsContainersForEntitlements(NSDictionary *entitlements, BOOL systemGroups) {
 	if (!entitlements) return nil;

 	NSString *entitlementForGroups;
 	Class mcmClass;
-	if(systemGroups)
-	{
+	if (systemGroups) {
 		entitlementForGroups = @"com.apple.security.system-groups";
 		mcmClass = [MCMSystemDataContainer class];
 	}
-	else
-	{
+	else {
 		entitlementForGroups = @"com.apple.security.application-groups";
 		mcmClass = [MCMSharedDataContainer class];
 	}

 	NSArray *groupIDs = entitlements[entitlementForGroups];
-	if(groupIDs && [groupIDs isKindOfClass:[NSArray class]])
-	{
+	if (groupIDs && [groupIDs isKindOfClass:[NSArray class]]) {
 		NSMutableDictionary *groupContainers = [NSMutableDictionary new];

-		for(NSString* groupID in groupIDs)
-		{
+		for (NSString *groupID in groupIDs) {
 			MCMContainer *container = [mcmClass containerWithIdentifier:groupID createIfNecessary:YES existed:nil error:nil];
-			if(container.url)
-			{
+			if (container.url) {
 				groupContainers[groupID] = container.url.path;
 			}
 		}
@ -48,22 +42,17 @@ NSDictionary* constructGroupsContainersForEntitlements(NSDictionary* entitlement
 	return nil;
 }

-BOOL constructContainerizationForEntitlements(NSDictionary* entitlements)
-{
+BOOL constructContainerizationForEntitlements(NSDictionary *entitlements) {
 	NSNumber *noContainer = entitlements[@"com.apple.private.security.no-container"];
-	if(noContainer && [noContainer isKindOfClass:[NSNumber class]])
-	{
-		if(noContainer.boolValue)
-		{
+	if (noContainer && [noContainer isKindOfClass:[NSNumber class]]) {
+		if (noContainer.boolValue) {
 			return NO;
 		}
 	}

 	NSNumber *containerRequired = entitlements[@"com.apple.private.security.container-required"];
-	if(containerRequired && [containerRequired isKindOfClass:[NSNumber class]])
-	{
-		if(!containerRequired.boolValue)
-		{
+	if (containerRequired && [containerRequired isKindOfClass:[NSNumber class]]) {
+		if (!containerRequired.boolValue) {
 			return NO;
 		}
 	}
@ -71,77 +60,75 @@ BOOL constructContainerizationForEntitlements(NSDictionary* entitlements)
 	return YES;
 }

-NSString* constructTeamIdentifierForEntitlements(NSDictionary* entitlements)
-{
+NSString *constructTeamIdentifierForEntitlements(NSDictionary *entitlements) {
 	NSString *teamIdentifier = entitlements[@"com.apple.developer.team-identifier"];
-	if(teamIdentifier && [teamIdentifier isKindOfClass:[NSString class]])
-	{
+	if (teamIdentifier && [teamIdentifier isKindOfClass:[NSString class]]) {
 		return teamIdentifier;
 	}
 	return nil;
 }

-NSDictionary* constructEnvironmentVariablesForContainerPath(NSString* containerPath)
-{
-	NSString* tmpDir = [containerPath stringByAppendingPathComponent:@"tmp"];
+NSDictionary *constructEnvironmentVariablesForContainerPath(NSString *containerPath, BOOL isContainerized) {
+	NSString *homeDir = isContainerized ? containerPath : @"/var/mobile";
+	NSString *tmpDir = isContainerized ? [containerPath stringByAppendingPathComponent:@"tmp"] : @"/var/tmp";
 	return @{
-		@"CFFIXED_USER_HOME" : containerPath,
-		@"HOME" : containerPath,
+		@"CFFIXED_USER_HOME" : homeDir,
+		@"HOME" : homeDir,
 		@"TMPDIR" : tmpDir
 	};
 }

-void registerPath(NSString* path, BOOL unregister, BOOL system)
-{
+void registerPath(NSString *path, BOOL unregister, BOOL forceSystem) {
 	if (!path) return;

 	LSApplicationWorkspace *workspace = [LSApplicationWorkspace defaultWorkspace];
-	if(unregister && ![[NSFileManager defaultManager] fileExistsAtPath:path])
-	{
+	if (unregister && ![[NSFileManager defaultManager] fileExistsAtPath:path]) {
 		LSApplicationProxy *app = [LSApplicationProxy applicationProxyForIdentifier:path];
-		if(app.bundleURL)
-		{
+		if (app.bundleURL) {
 			path = [app bundleURL].path;
 		}
 	}

-	path = [path stringByResolvingSymlinksInPath];
+	path = path.stringByResolvingSymlinksInPath.stringByStandardizingPath;

 	NSDictionary *appInfoPlist = [NSDictionary dictionaryWithContentsOfFile:[path stringByAppendingPathComponent:@"Info.plist"]];
 	NSString *appBundleID = [appInfoPlist objectForKey:@"CFBundleIdentifier"];

 	if([immutableAppBundleIdentifiers() containsObject:appBundleID.lowercaseString]) return;

-	if(appBundleID && !unregister)
-	{
+	if (appBundleID && !unregister) {
 		MCMContainer *appContainer = [NSClassFromString(@"MCMAppDataContainer") containerWithIdentifier:appBundleID createIfNecessary:YES existed:nil error:nil];
 		NSString *containerPath = [appContainer url].path;

+		BOOL isRemovableSystemApp = [[NSFileManager defaultManager] fileExistsAtPath:[@"/System/Library/AppSignatures" stringByAppendingPathComponent:appBundleID]];
+		BOOL registerAsUser = [path hasPrefix:@"/var/containers"] && !isRemovableSystemApp && !forceSystem;
+
 		NSMutableDictionary *dictToRegister = [NSMutableDictionary dictionary];

 		// Add entitlements

 		NSString *appExecutablePath = [path stringByAppendingPathComponent:appInfoPlist[@"CFBundleExecutable"]];
 		NSDictionary *entitlements = dumpEntitlementsFromBinaryAtPath(appExecutablePath);
-		if(entitlements)
-		{
+		if (entitlements) {
 			dictToRegister[@"Entitlements"] = entitlements;
 		}
 		
+
 		// Misc
 	
-		dictToRegister[@"ApplicationType"] = system ? @"System" : @"User";
+		dictToRegister[@"ApplicationType"] = registerAsUser ? @"User" : @"System";
 		dictToRegister[@"CFBundleIdentifier"] = appBundleID;
 		dictToRegister[@"CodeInfoIdentifier"] = appBundleID;
 		dictToRegister[@"CompatibilityState"] = @0;
-		if(containerPath)
-		{
+		BOOL appContainerized = constructContainerizationForEntitlements(entitlements);
+		dictToRegister[@"IsContainerized"] = @(appContainerized);
+		if (containerPath) {
 			dictToRegister[@"Container"] = containerPath;
-			dictToRegister[@"EnvironmentVariables"] = constructEnvironmentVariablesForContainerPath(containerPath);
+			dictToRegister[@"EnvironmentVariables"] = constructEnvironmentVariablesForContainerPath(containerPath, appContainerized);
 		}
-		dictToRegister[@"IsDeletable"] = @(![appBundleID isEqualToString:@"com.opa334.TrollStore"] && kCFCoreFoundationVersionNumber >= kCFCoreFoundationVersionNumber_iOS_15_0);
+		dictToRegister[@"IsDeletable"] = @(registerAsUser || isRemovableSystemApp);
 		dictToRegister[@"Path"] = path;
-		dictToRegister[@"IsContainerized"] = @(constructContainerizationForEntitlements(entitlements));
+		
 		dictToRegister[@"SignerOrganization"] = @"Apple Inc.";
 		dictToRegister[@"SignatureVersion"] = @132352;
 		dictToRegister[@"SignerIdentity"] = @"Apple iPhone OS Application Signing";
@ -162,14 +149,11 @@ void registerPath(NSString* path, BOOL unregister, BOOL system)
 		NSMutableDictionary *groupContainers = [NSMutableDictionary new];
 		[groupContainers addEntriesFromDictionary:appGroupContainers];
 		[groupContainers addEntriesFromDictionary:systemGroupContainers];
-		if(groupContainers.count)
-		{
-			if(appGroupContainers.count)
-			{
+		if (groupContainers.count) {
+			if (appGroupContainers.count) {
 				dictToRegister[@"HasAppGroupContainers"] = @YES;
 			}
-			if(systemGroupContainers.count)
-			{
+			if (systemGroupContainers.count) {
 				dictToRegister[@"HasSystemGroupContainers"] = @YES;
 			}
 			dictToRegister[@"GroupContainers"] = groupContainers.copy;
@ -181,8 +165,7 @@ void registerPath(NSString* path, BOOL unregister, BOOL system)
 		NSArray *plugins = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:pluginsPath error:nil];

 		NSMutableDictionary *bundlePlugins = [NSMutableDictionary dictionary];
-		for (NSString* pluginName in plugins)
-		{
+		for (NSString *pluginName in plugins) {
 			NSString *pluginPath = [pluginsPath stringByAppendingPathComponent:pluginName];

 			NSDictionary *pluginInfoPlist = [NSDictionary dictionaryWithContentsOfFile:[pluginPath stringByAppendingPathComponent:@"Info.plist"]];
@ -198,8 +181,7 @@ void registerPath(NSString* path, BOOL unregister, BOOL system)

 			NSString *pluginExecutablePath = [pluginPath stringByAppendingPathComponent:pluginInfoPlist[@"CFBundleExecutable"]];
 			NSDictionary *pluginEntitlements = dumpEntitlementsFromBinaryAtPath(pluginExecutablePath);
-			if(pluginEntitlements)
-			{
+			if (pluginEntitlements) {
 				pluginDict[@"Entitlements"] = pluginEntitlements;
 			}

@ -209,14 +191,14 @@ void registerPath(NSString* path, BOOL unregister, BOOL system)
 			pluginDict[@"CFBundleIdentifier"] = pluginBundleID;
 			pluginDict[@"CodeInfoIdentifier"] = pluginBundleID;
 			pluginDict[@"CompatibilityState"] = @0;
-			if(pluginContainerPath)
-			{
+			BOOL pluginContainerized = constructContainerizationForEntitlements(pluginEntitlements);
+			pluginDict[@"IsContainerized"] = @(pluginContainerized);
+			if (pluginContainerPath) {
 				pluginDict[@"Container"] = pluginContainerPath;
-				pluginDict[@"EnvironmentVariables"] = constructEnvironmentVariablesForContainerPath(pluginContainerPath);
+				pluginDict[@"EnvironmentVariables"] = constructEnvironmentVariablesForContainerPath(pluginContainerPath, pluginContainerized);
 			}
 			pluginDict[@"Path"] = pluginPath;
 			pluginDict[@"PluginOwnerBundleID"] = appBundleID;
-			pluginDict[@"IsContainerized"] = @(constructContainerizationForEntitlements(pluginEntitlements));
 			pluginDict[@"SignerOrganization"] = @"Apple Inc.";
 			pluginDict[@"SignatureVersion"] = @132352;
 			pluginDict[@"SignerIdentity"] = @"Apple iPhone OS Application Signing";
@ -231,14 +213,11 @@ void registerPath(NSString* path, BOOL unregister, BOOL system)
 			NSMutableDictionary *pluginGroupContainers = [NSMutableDictionary new];
 			[pluginGroupContainers addEntriesFromDictionary:pluginAppGroupContainers];
 			[pluginGroupContainers addEntriesFromDictionary:pluginSystemGroupContainers];
-			if(pluginGroupContainers.count)
-			{
-				if(pluginAppGroupContainers.count)
-				{
+			if (pluginGroupContainers.count) {
+				if (pluginAppGroupContainers.count) {
 					pluginDict[@"HasAppGroupContainers"] = @YES;
 				}
-				if(pluginSystemGroupContainers.count)
-				{
+				if (pluginSystemGroupContainers.count) {
 					pluginDict[@"HasSystemGroupContainers"] = @YES;
 				}
 				pluginDict[@"GroupContainers"] = pluginGroupContainers.copy;
@ -248,17 +227,13 @@ void registerPath(NSString* path, BOOL unregister, BOOL system)
 		}
 		[dictToRegister setObject:bundlePlugins forKey:@"_LSBundlePlugins"];

-		if(![workspace registerApplicationDictionary:dictToRegister])
-		{
+		if (![workspace registerApplicationDictionary:dictToRegister]) {
+			NSLog(@"Error: Unable to register %@", path);
+		}
+	} else {
+		NSURL *url = [NSURL fileURLWithPath:path];
+		if (![workspace unregisterApplication:url]) {
 			NSLog(@"Error: Unable to register %@", path);
 		}
 	}
-	else
-	{
-		NSURL* url = [NSURL fileURLWithPath:path];
-		if(![workspace unregisterApplication:url])
-		{
-			NSLog(@"Error: Unable to unregister %@", path);
-		}
-	}
 }