roothide
diff --git a/‎Application/Makefile‎
Lines changed: 2 additions & 2 deletions b/‎Application/Makefile‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎BaseBin/_external/basebin/.version‎
Lines changed: 1 addition & 1 deletion b/‎BaseBin/_external/basebin/.version‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎BaseBin/jailbreakd/src/main.m‎
Lines changed: 5 additions & 8 deletions b/‎BaseBin/jailbreakd/src/main.m‎
Lines changed: 5 additions & 8 deletions
diff --git a/‎BaseBin/jailbreakd/src/server.m‎
Lines changed: 7 additions & 1 deletion b/‎BaseBin/jailbreakd/src/server.m‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎BaseBin/launchdhook/src/roothider.m‎
Lines changed: 6 additions & 86 deletions b/‎BaseBin/launchdhook/src/roothider.m‎
Lines changed: 6 additions & 86 deletions
diff --git a/‎BaseBin/libjailbreak/src/jbserver.c‎
Lines changed: 1 addition & 1 deletion b/‎BaseBin/libjailbreak/src/jbserver.c‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎BaseBin/libjailbreak/src/roothider/common.h‎
Lines changed: 24 additions & 2 deletions b/‎BaseBin/libjailbreak/src/roothider/common.h‎
Lines changed: 24 additions & 2 deletions
@@ -24,10 +24,10 @@ build/Build/Products/Debug-iphoneos/Dopamine.app: FORCE
 endif
 	touch build/Build/Products/Debug-iphoneos/Dopamine.app/Dopamine.roothide
 	cp -a Dopamine/Resources/*.deb build/Build/Products/Debug-iphoneos/Dopamine.app/
-ifeq ($(PALEHIDE), 1)
+# ifeq ($(PALEHIDE), 1)
 	make -C Dopamine/Exploits/palera1n package
 	cp -ar Dopamine/Exploits/palera1n/.framework build/Build/Products/Debug-iphoneos/Dopamine.app/Frameworks/palera1n.framework
-endif
+# endif
 
 
 clean:
 
@@ -1 +1 @@
-2.4.5.19
+2.4.5.20
@@ -14,14 +14,10 @@
 int posix_spawnattr_setspecialport_np(posix_spawnattr_t *attr, mach_port_t new_port, int which);
 int posix_spawnattr_set_registered_ports_np(posix_spawnattr_t * __restrict attr, mach_port_t portarray[], uint32_t count);
 
-void setJetsamEnabled(bool enabled)
+void setJetsamLimit(uint32_t sizeInMB, bool is_fatal_limit)
 {
-	pid_t me = getpid();
-	int priorityToSet = -1;
-	if (enabled) {
-		priorityToSet = 10;
-	}
-	int rc = memorystatus_control(MEMORYSTATUS_CMD_SET_JETSAM_HIGH_WATER_MARK, me, priorityToSet, NULL, 0);
+	uint32_t cmd = is_fatal_limit ? MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT : MEMORYSTATUS_CMD_SET_JETSAM_HIGH_WATER_MARK;
+	int rc = memorystatus_control(cmd, getpid(), sizeInMB, NULL, 0);
 	if (rc < 0) { perror ("memorystatus_control"); exit(rc);}
 }
 
@@ -31,6 +27,8 @@ int main(int argc, char* argv[])
 {
 	crashreporter_start();
 
+	setJetsamLimit(50, false);
+
 #ifdef ENABLE_LOGS
 	enableXPCLog(JBLogDebugFunction, JBLogErrorFunction);
 	enableJBDLog(JBLogDebugFunction, JBLogErrorFunction);
@@ -39,7 +37,6 @@ int main(int argc, char* argv[])
 	JBLogDebug("Hello from jailbrakd! uid=%d pid=%d ppid=%d", getuid(), getpid(), getppid());
 
 	@autoreleasepool {
-		setJetsamEnabled(true);
 
 		mach_port_t *registeredPorts=NULL;
 		mach_msg_type_number_t registeredPortsCount = 0;
 
@@ -126,6 +126,12 @@ void jailbreakd_received_message(mach_port_t port)
 
 				case JBD_MSG_SYSTEMWIDE_LOG: {
 #ifdef ENABLE_LOGS
+					static char logFilePath[PATH_MAX] = {0};
+					static dispatch_once_t onceToken;
+					dispatch_once(&onceToken, ^{
+						JBLogGetLogFilePath("systemwide", NULL, logFilePath);
+					});
+
 					const char* progname = NULL;
 					const char* procpath = proc_get_path(clientPid,NULL);
 					if(procpath) {
@@ -134,7 +140,7 @@ void jailbreakd_received_message(mach_port_t port)
 					}
 					uint64_t tid = xpc_dictionary_get_uint64(message, "tid");
 					const char* log = xpc_dictionary_get_string(message, "log");
-					JBLogFunction(JBLogGetLogFilePath("systemwide", NULL, NULL), clientPid, tid, progname ? progname : "(null)", "%s", log);
+					JBLogFunction(logFilePath, clientPid, tid, progname ? progname : "(null)", "%s", log);
 					xpc_dictionary_set_int64(reply, "result", 0);
 #else
 					abort();
 
@@ -37,92 +37,10 @@ int sysctlbyname_hook(const char *name, void *oldp, size_t *oldlenp, void *newp,
 	return sysctlbyname_orig(name, oldp, oldlenp, newp, newlen);
 }
 
-xpc_object_t (*orig_xpc_dictionary_create_reply)(xpc_object_t original);
-xpc_object_t new_xpc_dictionary_create_reply(xpc_object_t original)
-{
-	xpc_object_t reply = orig_xpc_dictionary_create_reply(original);
-	if(reply && xpc_get_type(reply)==XPC_TYPE_DICTIONARY)
-	{
-		audit_token_t clientToken={0};
-		xpc_dictionary_get_audit_token(original, &clientToken);
-
-		if(isBlacklistedToken(&clientToken)) {
-			xpc_dictionary_set_value(reply, "roothide-blacklisted-process-request", original);
-		}
-	}
-
-	return reply;
-}
-
-int (*orig_xpc_pipe_routine_reply)(xpc_object_t reply);
-int new_xpc_pipe_routine_reply(xpc_object_t reply)
-{
-	if (xpc_get_type(reply) == XPC_TYPE_DICTIONARY)
-	{
-		xpc_object_t original = xpc_dictionary_get_value(reply, "roothide-blacklisted-process-request");
-		if (original)
-		{
-			xpc_dictionary_set_value(reply, "roothide-blacklisted-process-request", NULL);
-			
-			audit_token_t clientToken={0};
-			xpc_dictionary_get_audit_token(original, &clientToken);
-
-			const char* desc = NULL;
-			JBLogDebug("xpc reply to blacklisted app (%d) %s :\n%s", audit_token_to_pid(clientToken), proc_get_path(audit_token_to_pid(clientToken),NULL), (desc=xpc_copy_description(reply)));
-			if(desc) free((void*)desc);
-
-			uint64_t routine = xpc_dictionary_get_uint64(original, "routine");
-			uint64_t subsystem = xpc_dictionary_get_uint64(original, "subsystem");
-
-			/*if(subsystem==2 && routine==708) {
-				int error = xpc_dictionary_get_int64(reply, "error");
-				if(error == 1) {
-					const char* name = xpc_dictionary_get_string(original, "name");
-
-					xpc_dictionary_set_int64(reply, "error", 113);
-				}
-			}
-			else if(subsystem==6 && routine==301) {
-
-				int pid = xpc_dictionary_get_int64(original, "pid");
-				uint64_t outgsk = xpc_dictionary_get_uint64(original, "outgsk");
-				
-				xpc_object_t out = xpc_dictionary_get_value(reply, "out");
-				if(out && xpc_get_type(out)==XPC_TYPE_DICTIONARY) {
-
-					//fake WebContent Instance
-				}
-			}
-			else*/ if(subsystem==3 && routine==829) {
-				int error = xpc_dictionary_get_int64(reply, "error");
-				if(error == 0) {
-					const char* name = xpc_dictionary_get_string(reply, "name");
-					const char* bundle_identifier = xpc_dictionary_get_string(reply, "bundle_identifier");
-
-					const char* bundle = bundle_identifier ? bundle_identifier : name;
-
-					if(bundle) {
-						char client_identifier[255]={0};
-						proc_get_identifier(audit_token_to_pid(clientToken), client_identifier);
-						if(!string_has_prefix(bundle, client_identifier) && !string_has_prefix(bundle, "com.apple."))
-						{
-							JBLogDebug("hide coalition (%s) (%s) from blacklisted process(%d) %s", name, bundle_identifier, audit_token_to_pid(clientToken), proc_get_path(audit_token_to_pid(clientToken),NULL));
-					
-							xpc_dictionary_set_value(reply, "cid", NULL);
-							xpc_dictionary_set_value(reply, "name", NULL);
-							xpc_dictionary_set_value(reply, "bundle_identifier", NULL);
-							xpc_dictionary_set_value(reply, "resource-usage-blob", NULL);
-
-							xpc_dictionary_set_int64(reply, "error", 3);
-						}
-					}
-				}
-			}
-		}
-	}
-
-	return orig_xpc_pipe_routine_reply(reply);
-}
+extern xpc_object_t (*orig_xpc_dictionary_create_reply)(xpc_object_t original);
+extern xpc_object_t new_xpc_dictionary_create_reply(xpc_object_t original);
+extern int (*orig_xpc_pipe_routine_reply)(xpc_object_t reply);
+extern int new_xpc_pipe_routine_reply(xpc_object_t reply);
 
 void roothide_launchd_preinit()
 {
@@ -202,6 +120,8 @@ void roothide_launchd_postinit(bool firstLoad)
 		}
 	}
 
+	loadAppStoredIdentifiers();
+
 	MSHookFunction(&xpc_dictionary_create_reply, (void*)new_xpc_dictionary_create_reply, &orig_xpc_dictionary_create_reply);
 	MSHookFunction(&xpc_pipe_routine_reply, (void*)new_xpc_pipe_routine_reply, &orig_xpc_pipe_routine_reply);
 
 
@@ -8,7 +8,7 @@ int jbserver_received_xpc_message(struct jbserver_impl *server, xpc_object_t xms
 	if (xpc_get_type(xmsg) != XPC_TYPE_DICTIONARY) return -1;
 
 /**********************************************/
-	roothide_handler_jbserver_msg(xmsg);
+	roothide_handle_xpc_msg(xmsg);
 /*********************************************/
 
 	if (!xpc_dictionary_get_value(xmsg, "jb-domain")) return -1;
 
@@ -19,7 +19,7 @@ int proc_patch_csflags(pid_t pid);
 pid_t proc_get_ppid(pid_t pid);
 int proc_get_pidversion(pid_t pid);
 int proc_paused(pid_t pid, bool* paused);
-char* proc_get_path(pid_t pid, char* buffer[PATH_MAX]);
+char* proc_get_path(pid_t pid, char buffer[PATH_MAX]);
 char* proc_get_identifier(pid_t pid, char buffer[255]);
 
 uint64_t show_dyld_regions(mach_port_t task, bool more);
@@ -66,4 +66,26 @@ void hideDeveloperMode();
 void exec_set_patch(bool enabled);
 int exec_cmd_roothide_spawn(pid_t* pidp, const char* path, const posix_spawn_file_actions_t *fap, const posix_spawnattr_t *attrp, char *const argv[], char *const envp[]);
 
-void roothide_handler_jbserver_msg(xpc_object_t xmsg);
+void roothide_handle_xpc_msg(xpc_object_t xmsg);
+
+void loadAppStoredIdentifiers();
+
+bool is_safe_bundle_identifier(const char* identifier);
+bool is_sensitive_app_identifier(const char* identifier);
+bool is_apple_internal_identifier(const char* identifier);
+
+#define APPLE_INTERNAL_IDENTIFIERS @[\
+    @"com.apple.atrun",\
+    @"com.apple.kdumpd",\
+    @"com.apple.Terminal",\
+]
+
+//these apps may be signed with a (fake) certificate
+#define SENSITIVE_APP_IDENTIFIERS @[\
+    @"com.icraze.gtatracker",\
+    @"com.Alfie.TrollInstallerX",\
+    @"com.opa334.Dopamine",\
+    @"com.opa334.Dopamine.roothide",\
+    @"com.opa334.Dopamine-roothide",\
+]
+