proper realfs handling

src/payload/jailbreakd/bootstrap.c

@@ -17,6 +17,7 @@
 #include <sys/kern_memorystatus.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <removefile.h>
+#include <sys/snapshot.h>
 #include <copyfile.h>
 
 #include <sys/stat.h>
@@ -105,6 +106,18 @@ void bootstrap(xpc_object_t xrequest, xpc_object_t xreply, struct paleinfo* pinf
     ret = remount_func(&name);
     BOOTSTRAP_ASSURE(ret == 0, errno, "remount failed");
 
+    if ((pinfo->flags & palerain_option_ssv) == 0) {
+        char hash[97], snapshotName[150];
+        BOOTSTRAP_ASSURE(jailbreak_get_bmhash(hash) == 0, errno, "could not get boot-manifest-hash");
+        snprintf(snapshotName, 150, "com.apple.os.update-%s", hash);
+        int dirfd = open("/", O_RDONLY, 0);
+        ret = fs_snapshot_rename(dirfd, snapshotName, "orig-fs", 0);
+        if (ret != 0) {
+            BOOTSTRAP_ASSURE(errno == 2, errno, "fs_snapshot_rename failed");
+        }
+        close(dirfd);
+    }
+
     char tarPath[150];
     if (pinfo->flags & palerain_option_rootful) {
         tarPath[0] = '/';

src/payload/loader/prelaunchd.c

@@ -14,10 +14,12 @@
 #include <sys/wait.h>
 #include <errno.h>
 #include <string.h>
+#include <libjailbreak/libjailbreak.h>
 #include <APFS/APFS.h>
 #include <IOKit/IOKitLib.h>
 #include <sys/kern_memorystatus.h>
 #include <mount_args.h>
+#include <sys/snapshot.h>
 
 int prelaunchd(uint32_t payload_options, struct paleinfo* pinfo_p) {
     setvbuf(stderr, NULL, _IONBF, 0);
@@ -33,17 +35,19 @@ int prelaunchd(uint32_t payload_options, struct paleinfo* pinfo_p) {
 
     char dev_rootdev[32];
     snprintf(dev_rootdev, 32, "/dev/%s", pinfo_p->rootdev);
-    if ((pinfo_p->flags & palerain_option_rootful) && ((pinfo_p->flags & palerain_option_force_revert))) {
-        printf("will delete %s\n", dev_rootdev);
-        if (access(dev_rootdev, F_OK) == 0) {
-            int16_t role = 0;
-            CHECK_ERROR(APFSVolumeRole(dev_rootdev, &role, NULL), 0, "APFSVolumeRole(%s) Failed", dev_rootdev);
-            printf("found apfs volume role: 0x%04x\n", role);
-            if (role != APFS_VOL_ROLE_RECOVERY) {
-                fprintf(stderr, "BUG: SAFETY: deleting non-recovery volume is not allowed\n");
-                spin();
-            } else {
-                CHECK_ERROR(errno = APFSVolumeDelete(pinfo_p->rootdev), 1, "failed to delete fakefs");
+    if ((pinfo_p->flags & (palerain_option_rootful | palerain_option_force_revert)) == (palerain_option_rootful | palerain_option_force_revert)) {
+        if (pinfo_p->flags & palerain_option_ssv) {
+            printf("will delete %s\n", dev_rootdev);
+            if (access(dev_rootdev, F_OK) == 0) {
+                int16_t role = 0;
+                CHECK_ERROR(APFSVolumeRole(dev_rootdev, &role, NULL), 0, "APFSVolumeRole(%s) Failed", dev_rootdev);
+                printf("found apfs volume role: 0x%04x\n", role);
+                if (role != APFS_VOL_ROLE_RECOVERY) {
+                    fprintf(stderr, "BUG: SAFETY: deleting non-recovery volume is not allowed\n");
+                    spin();
+                } else {
+                    CHECK_ERROR(errno = APFSVolumeDelete(pinfo_p->rootdev), 1, "failed to delete fakefs");
+                }
             }
         }
     }

src/payload/loader/sysstatuscheck.c

@@ -11,6 +11,7 @@
 #include <alloca.h>
 #include <CoreFoundation/CoreFoundation.h>
 #include <sys/kern_memorystatus.h>
+#include <sys/snapshot.h>
 
 #define SB_PREF_PLIST_PATH "/var/mobile/Library/Preferences/com.apple.springboard.plist"
 #define CF_STRING_GET_CSTRING_PTR(cfStr, cPtr) do { \
@@ -147,7 +148,37 @@ int sysstatuscheck(uint32_t __unused payload_options, uint64_t pflags) {
         printf("generating ssh host key...\n");
         runCommand((char*[]){ "/cores/binpack/usr/bin/dropbearkey", "-f",  "/private/var/dropbear_rsa_host_key", "-t", "rsa", "-s", "4096", NULL });
     }
-    if ((pflags & palerain_option_force_revert)) remove_jailbreak_files(pflags);
+    if ((pflags & palerain_option_force_revert)) {
+        remove_jailbreak_files(pflags);
+        if ((pflags & (palerain_option_rootful | palerain_option_force_revert)) == (palerain_option_rootful | palerain_option_force_revert)) {
+            if ((pflags & (palerain_option_ssv)) == 0) {
+                struct utsname name;
+                uname(&name);
+                remount_rootfs(&name);
+                char hash[97], snapshotName[150];
+                int ret = jailbreak_get_bmhash(hash);
+                if (ret) {
+                    fprintf(stderr, "failed to get boot-manifest-hash\n");
+                    spin();
+                }
+                snprintf(snapshotName, 150, "com.apple.os.update-%s", hash);
+                int dirfd = open("/", O_RDONLY, 0);
+                ret = fs_snapshot_rename(dirfd, "orig-fs", snapshotName, 0);
+                if (ret != 0) {
+                    fprintf(stderr, "could not rename snapshot: %d: %s\n", errno, strerror(errno));
+                } else {
+                    printf("");
+                }
+                ret = fs_snapshot_revert(dirfd, snapshotName, 0);
+                if (ret != 0) {
+                    fprintf(stderr, "could not revert snapshot: %d: %s\n", errno, strerror(errno));
+                }
+                close(dirfd);
+                sync();
+                host_reboot(mach_host_self(), 0x1000);
+            }
+        }
+    }
     if (pflags & palerain_option_rootful) {
         remove_bogus_var_jb();
         unlink("/var/jb");

src/payload_dylib/pspawn.c

@@ -113,8 +113,9 @@ static int posix_spawn_hook(pid_t *restrict pid, const char *restrict path,
 
 	return spawn_hook_common_p(pid, path, file_actions, attrp, argv, envp, posix_spawn_orig_wrapper);
 }
+#define ENABLE_CONSOLE_HOOK
 
-#ifdef ENABLE_CONSOLE_HOOK
+//#ifdef ENABLE_CONSOLE_HOOK
 dev_t dev_console_d = 0;
 
 ssize_t (*write_orig)(int fildes, const void *buf, size_t nbyte);