From 45070d68fd412df7f729a5c8b6fc346d5efba39f Mon Sep 17 00:00:00 2001 From: "Jay Freeman (saurik)" Date: Mon, 17 Nov 2014 00:49:27 -0800 Subject: Generalize goal of Safe Mode to safify everything. --- Makefile | 2 +- Tweak.xm | 59 ++++++++++++++++++++++++++++++++++++++++------------------- 2 files changed, 41 insertions(+), 20 deletions(-) diff --git a/Makefile b/Makefile index 0eea910..4c64528 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -TARGET := iphone:7.0:2.0 +TARGET := iphone:7.1:2.0 ARCHS := armv6 arm64 PACKAGE_VERSION := $(shell ./version.sh) diff --git a/Tweak.xm b/Tweak.xm index f5b4816..2e85f78 100644 --- a/Tweak.xm +++ b/Tweak.xm @@ -314,25 +314,6 @@ static void AlertIfNeeded() { } %end -// notification widgets ("wee apps" or "bulletin board sections") are capable of crashing SpringBoard -// unfortunately, which ones are in use are stored in SpringBoard's defaults, so we need to turn them off - -%hook BBSectionInfo -- (BOOL) showsInNotificationCenter { - return NO; -} %end - - -// we don't want this state persisted back to disk, however: that is just really really irritating - -%hook BBServer -- (void) _writeBehaviorOverrides {} -- (void) _writeSectionOrder {} -- (void) _writeClearedSections {} -- (void) _writeSectionInfo {} -%end - - // on iOS 6.0, Apple split parts of SpringBoard into a daemon called backboardd, including app launches // in order to allow safe mode to propogate into applications, we need to then tell backboardd here // XXX: (all of this should be replaced, however, with per-process launchd-mediated exception handling) @@ -347,9 +328,49 @@ static void AlertIfNeeded() { return %orig(modified); } %end + +// this highly-general hook replaces all previous attempts to protect SpringBoard from spurious code +// the main purpose is to protect SpringBoard from non-Substrate "away view plug-ins" and "wee apps" + +const char *dylibs_[] = { + "/usr/lib", + "/System/Library/Frameworks", + "/System/Library/PrivateFrameworks", + "/System/Library/CoreServices", + "/System/Library/AccessibilityBundles", + NULL, +}; + +MSHook(void *, dlopen, const char *path, int mode) { + // we probably don't need this whitelist, but it has the nifty benefit of letting Cycript inject + // that said, older versions of iOS (before 3.1) will need a special case due to now shared cache + + for (const char **dylib = dylibs_; *dylib != NULL; ++dylib) { + size_t length(strlen(*dylib)); + if (strncmp(path, *dylib, length) != 0) + continue; + if (path[length] != '/') + continue; + goto load; + } + + // if the file is not on disk, and isn't already loaded (LC_ID_DYLIB), it is in the shared cache + // files loaded from the shared cache are "trusted". ones that don't exist are clearly harmless. + // this allows us to load most of the dynamic functionality of SpringBoard without going nuts ;P + + if (access(path, F_OK) == 0) + mode |= RTLD_NOLOAD; + + load: + return _dlopen(path, mode); +} + + %ctor { NSAutoreleasePool *pool([[NSAutoreleasePool alloc] init]); + MSHookFunction(&dlopen, MSHake(dlopen)); + // on iOS 6, backboardd is in charge of brightness, and freaks out when SpringBoard restarts :( // the result is that the device is super dark until we attempt to update the brightness here. -- cgit v1.2.3