Prevent some binaries from executing

palera1n · Jan 14, 2024 · ed3bfd9 · ed3bfd9
1 parent a583c9d
commit ed3bfd9
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 16 deletions.
diff --git a/src/payload/loader/load_etc_rc_d.c b/src/payload/loader/load_etc_rc_d.c
@@ -43,7 +43,9 @@ int load_etc_rc_d(uint64_t pflags) {
     struct dirent* d;
     while ((d = readdir(dir))) {
         if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, "..")) continue;
-        if (!strcmp(d->d_name, "libhooker") || !strcmp(d->d_name, "ellekit-loader")) continue;
+        if (!strcmp(d->d_name, "libhooker") 
+        || !strcmp(d->d_name, "ellekit-loader")
+        || !strcmp(d->d_name, "substitute-launcher")) continue;
         char path[PATH_MAX];
         snprintf(path, PATH_MAX, "%s/%s", etcRcD, d->d_name);
         struct stat st;

diff --git a/src/systemhook/common.c b/src/systemhook/common.c
@@ -431,6 +431,22 @@ int spawn_hook_common(pid_t *restrict pid, const char *restrict path,
 		return pspawn_orig(pid, path, file_actions, attrp, argv, envp);
 	}
 
+	if (
+		!strcmp(path, "/var/jb/etc/rc.d/ellekit-loader") ||
+		!strcmp(path, "/etc/rc.d/ellekit-loader") ||
+		!strcmp(path, "/var/jb/etc/rc.d/libhooker") ||
+		!strcmp(path, "/etc/rc.d/libhooker") ||
+		!strcmp(path, "/etc/rc.d/substitute-launcher") ||
+		!strcmp(path, "/usr/libexec/ellekit/loader") ||
+		!strcmp(path, "/var/jb/usr/libexec/ellekit/loader")
+	) { 
+		if (access(path, X_OK) == 0) {
+			path = "/cores/binpack/usr/bin/true";
+			argv = (char *const []) { "/cores/binpack/usr/bin/true", NULL };
+		}
+
+	}
+
 	kBinaryConfig binaryConfig = configForBinary(path, argv);
 
 #if 0

diff --git a/src/systemhook/main.c b/src/systemhook/main.c
@@ -395,6 +395,9 @@ bool shouldEnableTweaks(void)
 		return false;
 	}
 
+	if (getpid() == 1)
+		return false;
+
 	if (access(JB_ROOT_PATH("/basebin/.safe_mode"), F_OK) == 0) {
 		return false;
 	}
@@ -406,11 +409,11 @@ bool shouldEnableTweaks(void)
 		}
 	}
 
-	if (getenv("XPC_NULL_BOOTSTRAP")) {
+	if (getenv("XPC_NULL_BOOTSTRAP") || getenv("XPC_SERVICES_UNAVAILABLE")) {
 		return false;
 	}
 
-	/*const char *tweaksDisabledPathSuffixes[] = {
+	const char *tweaksDisabledPathSuffixes[] = {
 		// System binaries
 		"/usr/libexec/xpcproxy",
 
@@ -420,7 +423,7 @@ bool shouldEnableTweaks(void)
 	for (size_t i = 0; i < sizeof(tweaksDisabledPathSuffixes) / sizeof(const char*); i++)
 	{
 		if (stringEndsWith(gExecutablePath, tweaksDisabledPathSuffixes[i])) return false;
-	}*/
+	}
 
 	return true;
 }
@@ -454,8 +457,6 @@ __attribute__((constructor)) static void initializer(void)
 	unsandbox();
 	loadExecutablePath();
 
-	in_jailbreakd = (!strcmp(gExecutablePath, "/cores/usr/sbin/palera1nd"));
-
 #ifdef SYSTEMWIDE_IOSEXEC
 	for (int32_t i = 0; i < _dyld_image_count(); i++) {
 		const char* name = _dyld_get_image_name(i);
@@ -514,20 +515,22 @@ __attribute__((constructor)) static void initializer(void)
 			if (pflags & palerain_option_rootful) {
 				/* ellekit */
 				tweakLoaderPath = "/usr/lib/TweakLoader.dylib";
+
 				/* substitute */
-			if (access(tweakLoaderPath, F_OK) != 0)
-				tweakLoaderPath = "/usr/lib/substitute-loader.dylib";
-
-			if (access(tweakLoaderPath, F_OK) != 0)
-				tweakLoaderPath = "/usr/lib/TweakInject.dylib";
+				if (access(tweakLoaderPath, F_OK) != 0)
+					tweakLoaderPath = "/usr/lib/substitute-loader.dylib";
+
+				/* libhooker */
+				if (access(tweakLoaderPath, F_OK) != 0)
+					tweakLoaderPath = "/usr/lib/TweakInject.dylib";
 
 			} else {
-			/* ellekit */
-				tweakLoaderPath = "/var/jb/usr/lib/TweakLoader.dylib";
+				/* ellekit */
+					tweakLoaderPath = "/var/jb/usr/lib/TweakLoader.dylib";
 
-			/* libhooker */
-			if (access(tweakLoaderPath, F_OK) != 0)
-				tweakLoaderPath = "/var/jb/usr/lib/TweakInject.dylib";
+				/* libhooker */
+				if (access(tweakLoaderPath, F_OK) != 0)
+					tweakLoaderPath = "/var/jb/usr/lib/TweakInject.dylib";
 			}
 		if(access(tweakLoaderPath, F_OK) == 0)
 		{