turns out ldid can already do this...

asdfzxcvbn · Sep 19, 2024 · 91494bc · 91494bc
1 parent edd34f6
commit 91494bc
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 25 deletions.
diff --git a/cyan/logic.py b/cyan/logic.py
@@ -61,8 +61,8 @@ def main(parser: ArgumentParser) -> None:
       app.plist.change_minimum_version(args.m)
     if args.k is not None:
       app.change_icon(args.k, tmpdir)
-    if args.x is not None:  # `validate_inputs()` made it a dict
-      app.executable.merge_entitlements(args.x, tmpdir)
+    if args.x is not None:
+      app.executable.merge_entitlements(args.x)
 
     if args.remove_supported_devices:
       app.plist.remove_uisd()

diff --git a/cyan/tbhtypes/main_executable.py b/cyan/tbhtypes/main_executable.py
@@ -1,9 +1,6 @@
 import os
 import shutil
-import plistlib
 import subprocess
-from typing import Any
-from plistlib import dump as pdump
 
 from cyan import tbhutils
 from .executable import Executable
@@ -98,27 +95,12 @@ def inject(self, tweaks: dict[str, str], tmpdir: str) -> None:
       self.sign_with_entitlements(ENT_PATH)
       print("[*] restored entitlements")
 
-  def merge_entitlements(
-      self, entitlements: dict[str, Any], tmpdir: str
-  ) -> None:
-    ENT_PATH = f"{tmpdir}/new.entitlements"
-    existing: dict[str, Any]
-
-    if self.write_entitlements(ENT_PATH):  # has entitlements
-      with open(ENT_PATH, "rb") as f:
-        existing = plistlib.load(f)
-    else:
-      existing = {}
-
-    new = existing | entitlements
-    with open(ENT_PATH, "wb") as f2:
-      pdump(new, f2)
-
-    self.sign_with_entitlements(ENT_PATH)
-    print("[*] modified entitlement keys:", ", ".join(entitlements))
+  def merge_entitlements(self, entitlements: str) -> None:
+    self.sign_with_entitlements(entitlements)
+    print("[*] merged new entitlements")
 
   def sign_with_entitlements(self, entitlements: str) -> bool:
     return subprocess.run(
-      [self.ldid, f"-S{entitlements}", self.path]
+      [self.ldid, f"-S{entitlements}", "-M", self.path]
     ).returncode == 0
 
diff --git a/cyan/tbhutils.py b/cyan/tbhutils.py
@@ -75,7 +75,7 @@ def validate_inputs(args: Namespace) -> Optional[str]:
 
     try:
       with open(args.x, "rb") as f:
-        args.x = pload(f)
+        pload(f)
     except Exception:
       sys.exit("[!] couldn't parse given entitlements file")