From 075037108e2ceb8e531a4107966ea94ff86289de Mon Sep 17 00:00:00 2001
From: opa334 <opa334@users.noreply.github.com>
Date: Sun, 25 Feb 2024 03:02:44 +0100
Subject: [PATCH] This will have to do it for now... (arm64 CS_VALID issues)

---
 .../src/jbserver/jbdomain_systemwide.c        | 21 +++++++++++++++++++
 BaseBin/libjailbreak/src/jbclient_xpc.c       | 11 ++++++++++
 BaseBin/libjailbreak/src/jbclient_xpc.h       |  1 +
 BaseBin/libjailbreak/src/jbserver.h           |  1 +
 BaseBin/systemhook/src/common.c               |  4 ----
 BaseBin/systemhook/src/main.c                 |  8 +++++++
 6 files changed, 42 insertions(+), 4 deletions(-)

diff --git a/BaseBin/launchdhook/src/jbserver/jbdomain_systemwide.c b/BaseBin/launchdhook/src/jbserver/jbdomain_systemwide.c
index 00a10e953..7c4229931 100644
--- a/BaseBin/launchdhook/src/jbserver/jbdomain_systemwide.c
+++ b/BaseBin/launchdhook/src/jbserver/jbdomain_systemwide.c
@@ -232,6 +232,19 @@ static int systemwide_fork_fix(audit_token_t *parentToken, uint64_t childPid)
 	return 0;
 }
 
+static int systemwide_cs_revalidate(audit_token_t *callerToken)
+{
+	uint64_t callerPid = audit_token_to_pid(*callerToken);
+	if (callerPid > 0) {
+		uint64_t callerProc = proc_find(callerPid);
+		if (callerProc) {
+			proc_csflags_set(callerProc, CS_VALID);
+			return 0;
+		}
+	}
+	return -1;
+}
+
 struct jbserver_domain gSystemwideDomain = {
 	.permissionHandler = systemwide_domain_allowed,
 	.actions = {
@@ -289,6 +302,14 @@ struct jbserver_domain gSystemwideDomain = {
 				{ 0 },
 			},
 		},
+		// JBS_SYSTEMWIDE_CS_REVALIDATE
+		{
+			.handler = systemwide_cs_revalidate,
+			.args = (jbserver_arg[]) {
+				{ .name = "caller-token", .type = JBS_TYPE_CALLER_TOKEN, .out = false },
+				{ 0 },
+			},
+		},
 		{ 0 },
 	},
 };
\ No newline at end of file
diff --git a/BaseBin/libjailbreak/src/jbclient_xpc.c b/BaseBin/libjailbreak/src/jbclient_xpc.c
index 2441cde4c..17714ada4 100644
--- a/BaseBin/libjailbreak/src/jbclient_xpc.c
+++ b/BaseBin/libjailbreak/src/jbclient_xpc.c
@@ -262,6 +262,17 @@ int jbclient_fork_fix(uint64_t childPid)
 	return -1;
 }
 
+int jbclient_cs_revalidate(void)
+{
+	xpc_object_t xreply = jbserver_xpc_send(JBS_DOMAIN_SYSTEMWIDE, JBS_SYSTEMWIDE_CS_REVALIDATE, NULL);
+	if (xreply) {
+		int result = xpc_dictionary_get_int64(xreply, "result");
+		xpc_release(xreply);
+		return result;
+	}
+	return -1;
+}
+
 int jbclient_platform_set_process_debugged(uint64_t pid)
 {
 	xpc_object_t xargs = xpc_dictionary_create_empty();
diff --git a/BaseBin/libjailbreak/src/jbclient_xpc.h b/BaseBin/libjailbreak/src/jbclient_xpc.h
index 2e15adcad..18447c746 100644
--- a/BaseBin/libjailbreak/src/jbclient_xpc.h
+++ b/BaseBin/libjailbreak/src/jbclient_xpc.h
@@ -15,6 +15,7 @@ int jbclient_trust_binary(const char *binaryPath);
 int jbclient_trust_library(const char *libraryPath, void *addressInCaller);
 int jbclient_process_checkin(char **rootPathOut, char **bootUUIDOut, char **sandboxExtensionsOut);
 int jbclient_fork_fix(uint64_t childPid);
+int jbclient_cs_revalidate(void);
 int jbclient_platform_set_process_debugged(uint64_t pid);
 int jbclient_platform_stage_jailbreak_update(const char *updateTar);
 int jbclient_watchdog_intercept_userspace_panic(const char *panicMessage);
diff --git a/BaseBin/libjailbreak/src/jbserver.h b/BaseBin/libjailbreak/src/jbserver.h
index 3c1fe1117..a1d27ec27 100644
--- a/BaseBin/libjailbreak/src/jbserver.h
+++ b/BaseBin/libjailbreak/src/jbserver.h
@@ -51,6 +51,7 @@ enum {
     JBS_SYSTEMWIDE_TRUST_LIBRARY,
     JBS_SYSTEMWIDE_PROCESS_CHECKIN,
     JBS_SYSTEMWIDE_FORK_FIX,
+    JBS_SYSTEMWIDE_CS_REVALIDATE,
     // JBS_SYSTEMWIDE_LOCK_PAGE,
 };
 
diff --git a/BaseBin/systemhook/src/common.c b/BaseBin/systemhook/src/common.c
index 9cd2fa16c..009fbd795 100644
--- a/BaseBin/systemhook/src/common.c
+++ b/BaseBin/systemhook/src/common.c
@@ -229,10 +229,6 @@ kBinaryConfig configForBinary(const char* path, char *const argv[restrict])
 		"/System/Library/PrivateFrameworks/DataAccess.framework/Support/dataaccessd",
 		"/System/Library/PrivateFrameworks/IDSBlastDoorSupport.framework/XPCServices/IDSBlastDoorService.xpc/IDSBlastDoorService",
 		"/System/Library/PrivateFrameworks/MessagesBlastDoorSupport.framework/XPCServices/MessagesBlastDoorService.xpc/MessagesBlastDoorService",
-#ifndef __arm64e__
-		// Hooking anything in nesessionmanager on arm64 removes CS_VALID and breaks VPN functionality because the kernel checks for that
-		"/usr/libexec/nesessionmanager",
-#endif
 	};
 	size_t blacklistCount = sizeof(processBlacklist) / sizeof(processBlacklist[0]);
 	for (size_t i = 0; i < blacklistCount; i++)
diff --git a/BaseBin/systemhook/src/main.c b/BaseBin/systemhook/src/main.c
index 19d2c5401..0aad41c07 100644
--- a/BaseBin/systemhook/src/main.c
+++ b/BaseBin/systemhook/src/main.c
@@ -421,6 +421,14 @@ __attribute__((constructor)) static void initializer(void)
 				if (tweakLoaderHandle != NULL) {
 					dlclose(tweakLoaderHandle);
 					dopamine_fix_NSTask();
+
+#ifndef __arm64e__
+					// Feeable attempt at adding back CS_VALID
+					// If any hooks are applied after this, it is lost again
+					// Temporary workaround until a better solution for this problem is found
+					// This + the csops hook should resolve all cases unless a tweak does something really stupid
+					jbclient_cs_revalidate();
+#endif
 				}
 			}
 		}