From d551df34edf0453fa68c43200953f56ea46c70d4 Mon Sep 17 00:00:00 2001
From: Mykola Grymalyuk <khronokernel@icloud.com>
Date: Wed, 3 May 2023 15:39:16 -0600
Subject: [PATCH] sys_patch_auto.py: Add RSR work around

---
 Build-Binary.command                          |  1 +
 CHANGELOG.md                                  |  2 +
 ....opencore-legacy-patcher.rsr-monitor.plist | 20 ++++++
 resources/constants.py                        |  4 ++
 resources/sys_patch/sys_patch_auto.py         | 64 ++++++++++++++++++-
 5 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 payloads/com.dortania.opencore-legacy-patcher.rsr-monitor.plist

diff --git a/Build-Binary.command b/Build-Binary.command
index 9e23a7ee9..f481b87a4 100755
--- a/Build-Binary.command
+++ b/Build-Binary.command
@@ -231,6 +231,7 @@ class CreateBinary:
 
         whitelist_files = [
             "com.dortania.opencore-legacy-patcher.auto-patch.plist",
+            "com.dortania.opencore-legacy-patcher.rsr-monitor.plist",
             "entitlements.plist",
             "launcher.sh",
             "OC-Patcher-TUI.icns",
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b2fde2552..bd2427244 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,8 @@
   - ex. M2 Macs and Hackintoshes
 - Implement minimum OS check for installer creation
   - Prevents vague errors when creating Ventura installers on Yosemite
+- Resolve WindowServer crashing with Rapid Security Response (RSR) installation
+  - Primarily applicable for Haswell iGPUs on 13.3.1 (a)
 - Backend changes:
   - macos_installer_handler.py:
     - Expand OS support for IA parsing in SUCatalog
diff --git a/payloads/com.dortania.opencore-legacy-patcher.rsr-monitor.plist b/payloads/com.dortania.opencore-legacy-patcher.rsr-monitor.plist
new file mode 100644
index 000000000..2a94cd019
--- /dev/null
+++ b/payloads/com.dortania.opencore-legacy-patcher.rsr-monitor.plist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>AssociatedBundleIdentifiers</key>
+	<string>com.dortania.opencore-legacy-patcher</string>
+	<key>Label</key>
+	<string>com.dortania.opencore-legacy-patcher.rsr-monitor</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>rm</string>
+		<string>-rf</string>
+		<string>/Library/Extensions/example.kext</string> <!-- Update kext to correct name -->
+	</array>
+	<key>WatchPaths</key>
+    <array>
+      <string>/System/Volumes/Preboot/UUID/cryptex1/OS.dmg</string> <!-- Update UUID to host's booted Preboot folder -->
+    </array>
+</dict>
+</plist>
diff --git a/resources/constants.py b/resources/constants.py
index a1a7253a4..38d90bc0e 100644
--- a/resources/constants.py
+++ b/resources/constants.py
@@ -238,6 +238,10 @@ class Constants:
     def auto_patch_launch_agent_path(self):
         return self.payload_path / Path("com.dortania.opencore-legacy-patcher.auto-patch.plist")
 
+    @property
+    def rsr_monitor_launch_daemon_path(self):
+        return self.payload_path / Path("com.dortania.opencore-legacy-patcher.rsr-monitor.plist")
+
     # ACPI
     @property
     def pci_ssdt_path(self):
diff --git a/resources/sys_patch/sys_patch_auto.py b/resources/sys_patch/sys_patch_auto.py
index e71d235cc..545c55a7a 100644
--- a/resources/sys_patch/sys_patch_auto.py
+++ b/resources/sys_patch/sys_patch_auto.py
@@ -312,9 +312,71 @@ class AutomaticSysPatch:
         utilities.process_status(utilities.elevated(["chmod", "644", "/Library/LaunchAgents/com.dortania.opencore-legacy-patcher.auto-patch.plist"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
         utilities.process_status(utilities.elevated(["chown", "root:wheel", "/Library/LaunchAgents/com.dortania.opencore-legacy-patcher.auto-patch.plist"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
 
+        # Copy over our launch daemon
+        if self._create_rsr_monitor_daemon() is True:
+            logging.info("- Copying rsr-monitor.plist Launch Daemon to /Library/LaunchDaemons/")
+            if Path("/Library/LaunchDaemons/com.dortania.opencore-legacy-patcher.rsr-monitor.plist").exists():
+                logging.info("- Deleting existing rsr-monitor.plist")
+                utilities.process_status(utilities.elevated(["rm", "/Library/LaunchDaemons/com.dortania.opencore-legacy-patcher.rsr-monitor.plist"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
+            if not Path("/Library/LaunchDaemons/").exists():
+                logging.info("- Creating /Library/LaunchDaemons/")
+                utilities.process_status(utilities.elevated(["mkdir", "-p", "/Library/LaunchDaemons/"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
+            utilities.process_status(utilities.elevated(["cp", self.constants.rsr_monitor_launch_daemon_path, "/Library/LaunchDaemons/"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
+
+            # Set the permissions on the com.dortania.opencore-legacy-patcher.rsr-monitor.plist
+            logging.info("- Setting permissions on rsr-monitor.plist")
+            utilities.process_status(utilities.elevated(["chmod", "644", "/Library/LaunchDaemons/com.dortania.opencore-legacy-patcher.rsr-monitor.plist"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
+            utilities.process_status(utilities.elevated(["chown", "root:wheel", "/Library/LaunchDaemons/com.dortania.opencore-legacy-patcher.rsr-monitor.plist"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
+
         # Making app alias
         # Simply an easy way for users to notice the app
         # If there's already an alias or exiting app, skip
         if not Path("/Applications/OpenCore-Patcher.app").exists():
             logging.info("- Making app alias")
-            utilities.process_status(utilities.elevated(["ln", "-s", "/Library/Application Support/Dortania/OpenCore-Patcher.app", "/Applications/OpenCore-Patcher.app"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
\ No newline at end of file
+            utilities.process_status(utilities.elevated(["ln", "-s", "/Library/Application Support/Dortania/OpenCore-Patcher.app", "/Applications/OpenCore-Patcher.app"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT))
+
+
+    def _create_rsr_monitor_daemon(self) -> bool:
+        # Get kext list in /Library/Extensions that have the 'GPUCompanionBundles' property
+        # This is used to determine if we need to run the RSRMonitor
+        logging.info("- Checking if RSRMonitor is needed")
+
+        cryptex_path = f"/System/Volumes/Preboot/{utilities.get_preboot_uuid()}/cryptex1/current/OS.dmg"
+        if not Path(cryptex_path).exists():
+            logging.info("- No OS.dmg, skipping RSRMonitor")
+            return False
+
+        kexts = []
+        for kext in Path("/Library/Extensions").glob("*.kext"):
+            if not Path(f"{kext}/Contents/Info.plist").exists():
+                continue
+            kext_plist = plistlib.load(open(f"{kext}/Contents/Info.plist", "rb"))
+            if "GPUCompanionBundles" not in kext_plist:
+                continue
+            logging.info(f"  - Found kext with GPUCompanionBundles: {kext.name}")
+            kexts.append(kext.name)
+
+        # If we have no kexts, we don't need to run the RSRMonitor
+        if not kexts:
+            logging.info("- No kexts found with GPUCompanionBundles, skipping RSRMonitor")
+            return False
+
+        # Load the RSRMonitor plist
+        rsr_monitor_plist = plistlib.load(open(self.constants.rsr_monitor_launch_daemon_path, "rb"))
+
+        arguments = ["rm", "-Rfv"]
+        arguments += [f"/Library/Extensions/{kext}" for kext in kexts]
+
+        # Add the arguments to the RSRMonitor plist
+        rsr_monitor_plist["ProgramArguments"] = arguments
+
+        # Next add monitoring for '/System/Volumes/Preboot/{UUID}/cryptex1/OS.dmg'
+        logging.info(f"  - Adding monitor: {cryptex_path}")
+        rsr_monitor_plist["WatchPaths"] = [
+            cryptex_path,
+        ]
+
+        # Write the RSRMonitor plist
+        plistlib.dump(rsr_monitor_plist, Path(self.constants.rsr_monitor_launch_daemon_path).open("wb"))
+
+        return True