Add support for AssetCache kern.hv_vmm_present spoofing

closes #5
closes acidanthera/bugtracker#1910

Changelog.md

@@ -3,6 +3,8 @@ RestrictEvents Changelog
 #### v1.0.6
 - Fixed memory view restrictions for `MacBookAir` and `MacBookPro10` not being correctly disabled
 - Disabled `The disk you inserted was not readable by this computer` message popup
+- Added Content Caching support for systems exposing `kern.hv_vmm_present` via `-revasset`
+- Lowered OS requirement for `-revsbvmm` to macOS 11.3
 
 #### v1.0.5
 - Added macOS 12 software update support with any Mac model via `-revsbvmm`

README.md

@@ -21,7 +21,8 @@ _Note_: Apple CPU identifier must be `0x0F01` for 8 core CPUs or higher and `0x0
 - `-revdbg` (or `-liludbgall`) to enable verbose logging (in DEBUG builds)
 - `-revbeta` (or `-lilubetaall`) to enable on macOS older than 10.8 or newer than 12
 - `-revproc` to enable verbose process logging (in DEBUG builds)
-- `-revsbvmm` to force VMM SB model, allowing `x86legacy` SB model on T2 Mac model for macOS 12
+- `-revsbvmm` to force VMM SB model, allowing OTA updates for unsupported models on macOS 11.3 or newer
+- `-revasset` to allow Content Caching when `sysctl kern.hv_vmm_present` returns `1` on macOS 11.3 or newer
 - `revnopatch=value` to disable patching for userspace processes of Memory/PCI UI, CPU renaming, and/or unreadable disk popups or no patching will happen. Accepted values are `all`, `mempci`, `cpuname`, `diskread`, `none` Defaults to `none`.
 - `revcpu=value` to enable (`1`, non-Intel default)/disable (`0`, Intel default) CPU brand string patching.
 - `revcpuname=value` custom CPU brand string (max 48 characters, 20 or less recommended, taken from CPUID otherwise)

RestrictEvents.xcodeproj/project.pbxproj

@@ -43,6 +43,7 @@
 		CE405ED21E49F9FC00AA0B3D /* kern_api.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = kern_api.hpp; sourceTree = "<group>"; };
 		CE405ED81E4A080700AA0B3D /* plugin_start.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = plugin_start.cpp; sourceTree = "<group>"; };
 		CE405EDA1E4A080F00AA0B3D /* plugin_start.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = plugin_start.hpp; sourceTree = "<group>"; };
+		CE6717F0278CC4DD00EB1CA1 /* SoftwareUpdate.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = SoftwareUpdate.hpp; sourceTree = "<group>"; };
 		CE7B69372704BDE600BC8A8A /* SoftwareUpdate.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SoftwareUpdate.cpp; sourceTree = "<group>"; };
 		CE8DA0CB2517DE74008C44E8 /* libkmod.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libkmod.a; path = ../Lilu/MacKernelSDK/Library/x86_64/libkmod.a; sourceTree = "<group>"; };
 		CEAAA50821FC976100683764 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
@@ -142,6 +143,7 @@
 			children = (
 				CEAAA50821FC976100683764 /* Info.plist */,
 				CE7B69372704BDE600BC8A8A /* SoftwareUpdate.cpp */,
+				CE6717F0278CC4DD00EB1CA1 /* SoftwareUpdate.hpp */,
 				CEAAA50921FC976100683764 /* RestrictEvents.cpp */,
 			);
 			path = RestrictEvents;

RestrictEvents/RestrictEvents.cpp

@@ -13,6 +13,8 @@
 #include <Headers/plugin_start.hpp>
 #include <Headers/kern_policy.hpp>
 
+#include "SoftwareUpdate.hpp"
+
 extern "C" {
 #include <i386/pmCPU.h>
 }
@@ -392,7 +394,7 @@ struct RestrictEventsPolicy {
 
 static RestrictEventsPolicy restrictEventsPolicy;
 
-void enableSoftwareUpdates(KernelPatcher &patcher);
+void rerouteHvVmm(KernelPatcher &patcher);
 
 PluginConfiguration ADDPR(config) {
 	xStringify(PRODUCT_NAME),
@@ -409,6 +411,8 @@ PluginConfiguration ADDPR(config) {
 	[]() {
 		DBGLOG("rev", "restriction policy plugin loaded");
 		verboseProcessLogging = checkKernelArgument("-revproc");
+		revassetIsSet = checkKernelArgument("-revasset");
+		revsbvmmIsSet = checkKernelArgument("-revsbvmm");
 		RestrictEventsPolicy::processDisableUIPatch();
 		restrictEventsPolicy.policy.registerPolicy();
 
@@ -442,7 +446,9 @@ PluginConfiguration ADDPR(config) {
 
 			needsCpuNamePatch = !(disableCpuNamePatching || disableAllPatching) == true ? RestrictEventsPolicy::needsCpuNamePatch() : false;
 			needsDiskArbitrationPatch = !(disableDiskArbitrationPatching || disableAllPatching) == true;
-			if (modelFindPatch != nullptr || needsCpuNamePatch || needsDiskArbitrationPatch || getKernelVersion() >= KernelVersion::Monterey) {
+			if (modelFindPatch != nullptr || needsCpuNamePatch || needsDiskArbitrationPatch ||
+				(getKernelVersion() >= KernelVersion::Monterey ||
+				(getKernelVersion() == KernelVersion::BigSur && getKernelMinorVersion() >= 4))) {
 				lilu.onPatcherLoadForce([](void *user, KernelPatcher &patcher) {
 					if (needsCpuNamePatch) RestrictEventsPolicy::calculatePatchedBrandString();
 					KernelPatcher::RouteRequest csRoute =
@@ -451,8 +457,10 @@ PluginConfiguration ADDPR(config) {
 						KernelPatcher::RouteRequest("_cs_validate_range", RestrictEventsPolicy::csValidateRange, orgCsValidateFunc);
 					if (!patcher.routeMultipleLong(KernelPatcher::KernelID, &csRoute, 1))
 						SYSLOG("rev", "failed to route cs validation pages");
-					if (getKernelVersion() >= KernelVersion::Monterey && checkKernelArgument("-revsbvmm"))
-						enableSoftwareUpdates(patcher);
+					if ((getKernelVersion() >= KernelVersion::Monterey ||
+						(getKernelVersion() == KernelVersion::BigSur && getKernelMinorVersion() >= 4)) &&
+						(revsbvmmIsSet || revassetIsSet))
+						rerouteHvVmm(patcher);
 				});
 			}
 		}

RestrictEvents/SoftwareUpdate.cpp

@@ -9,6 +9,8 @@
 #include <Headers/kern_api.hpp>
 #include <Headers/kern_user.hpp>
 
+#include "SoftwareUpdate.hpp"
+
 /**
  
  Non-Apple hardware or unsupported Apple hardware often has to be spoofed to gibraltar models to support new hardware and macOS versions.
@@ -200,15 +202,18 @@ static int my_sysctl_vmm_present(__unused struct sysctl_oid *oidp, __unused void
     char procname[64];
     proc_name(proc_pid(req->p), procname, sizeof(procname));
     // SYSLOG("supd", "\n\n\n\nsoftwareupdated vmm_present %d - >>> %s <<<<\n\n\n\n", arg2, procname);
-    if (strcmp(procname, "softwareupdated") == 0 || strcmp(procname, "com.apple.Mobile") == 0) {
-        int hv_vmm_present = 1;
-        return SYSCTL_OUT(req, &hv_vmm_present, sizeof(hv_vmm_present));
-    }
+    if (revsbvmmIsSet && (strcmp(procname, "softwareupdated") == 0 || strcmp(procname, "com.apple.Mobile") == 0)) {
+		int hv_vmm_present_on = 1;
+		return SYSCTL_OUT(req, &hv_vmm_present_on, sizeof(hv_vmm_present_on));
+    } else if (revassetIsSet && (strncmp(procname, "AssetCache",  sizeof("AssetCache")-1) == 0)) {
+		int hv_vmm_present_off = 0;
+		return SYSCTL_OUT(req, &hv_vmm_present_off, sizeof(hv_vmm_present_off));
+	}
 
     return FunctionCast(my_sysctl_vmm_present, org_sysctl_vmm_present)(oidp, arg1, arg2, req);
 }
 
-void enableSoftwareUpdates(KernelPatcher &patcher) {
+void rerouteHvVmm(KernelPatcher &patcher) {
     auto sysctl_children = reinterpret_cast<sysctl_oid_list *>(patcher.solveSymbol(KernelPatcher::KernelID, "_sysctl__children"));
     if (!sysctl_children) {
         SYSLOG("supd", "failed to resolve _sysctl__children");

RestrictEvents/SoftwareUpdate.hpp

@@ -0,0 +1,14 @@
+//
+//  SoftwareUpdate.hpp
+//  RestrictEvents
+//
+//  Copyright © 2022 vit9696. All rights reserved.
+//
+
+#ifndef SoftwareUpdate_h
+#define SoftwareUpdate_h
+
+extern bool revassetIsSet;
+extern bool revsbvmmIsSet;
+
+#endif /* SoftwareUpdate_h */