With the merging of our Library Validation Exemption patch, we were able to finally remove the usage of amfi_get_out_of_my_way=0x1 argument allowing for far greater Secuirty. However an unintended consequence of this patch is we crash the Music.app in macOS Big Sur and older.
When running the binary directly:
dyld: Library not loaded: @executable_path/../Frameworks/libgnsdk_dsp.3.06.1.dylib
Referenced from: /System/Applications/Music.app/Contents/MacOS/Music
Reason: unsafe use of @executable_path in /System/Applications/Music.app/Contents/MacOS/Music with restricted binary (Codesign main executable with Library Validation to allow @ paths)
Below there will be more in-depth crash logs are provided. Currently only Music.app (iTunes in Mojave) are affected, all other apps seem to function without issue.
macOS Monterey does not experience this issue, reason for is that the application does not have a Frameworks folder/dylibs to load off local path. Instead likely residing within the dyld cache
Additional Notes
This issue with iTunes/Music.app was present with mologie's DisableLibraryValidation.kext back in Catalina and older:
The com.apple.security.libraryvalidation.plist solution used on Catalina does not experience the dylib load error, however is no longer functional in Big Sur and newer for unknown reasons.
Re-add amfi_get_out_of_my_way=0x1 in addition to _cs_require_lv
Application still crashed in the same way
Hints to potential issue with processes other than AMFI having issues with the _cs_require_lv patch
Disable _cs_restricted and _csproc_hardened_runtime in addition to _cs_require_lv
Same results
Temporary fixes
A "work-around" would be to simply revert our Library validation patch, however because of Security concerns this is very much not ideal. Recommended approach is provide an option in patcher settings to disable the _cs_require_lv patching and revert to amfi_get_out_of_my_way=0x1.
By default we should opt for the LV patch as this is for best security and even usability with 3rd party Applications without tcc usage. Update troubleshooting documentation accordingly.
[ ] Add AMFI option to Patcher Settings
[ ] Update documentation with Music.app troubleshooting
With the merging of our Library Validation Exemption patch, we were able to finally remove the usage of
amfi_get_out_of_my_way=0x1
argument allowing for far greater Secuirty. However an unintended consequence of this patch is we crash the Music.app in macOS Big Sur and older.When running the binary directly:
Below there will be more in-depth crash logs are provided. Currently only Music.app (iTunes in Mojave) are affected, all other apps seem to function without issue.
Frameworks
folder/dylibs to load off local path. Instead likely residing within the dyld cacheAdditional Notes
This issue with iTunes/Music.app was present with mologie's DisableLibraryValidation.kext back in Catalina and older:
The
com.apple.security.libraryvalidation.plist
solution used on Catalina does not experience the dylib load error, however is no longer functional in Big Sur and newer for unknown reasons.Failed Fixes
Some of the patches tested:
amfi_get_out_of_my_way=0x1
in addition to_cs_require_lv
_cs_require_lv
patch_cs_restricted
and_csproc_hardened_runtime
in addition to_cs_require_lv
Temporary fixes
A "work-around" would be to simply revert our Library validation patch, however because of Security concerns this is very much not ideal. Recommended approach is provide an option in patcher settings to disable the
_cs_require_lv
patching and revert toamfi_get_out_of_my_way=0x1
.By default we should opt for the LV patch as this is for best security and even usability with 3rd party Applications without tcc usage. Update troubleshooting documentation accordingly.
In-depth Crash Logs
Music.app Crash - macOS 11.6
Spoiler: Music.app Crash - macOS 11.6
``` Process: Music [492] Path: /System/Applications/Music.app/Contents/MacOS/Music Identifier: com.apple.Music Version: 1.1.6 (1.1.6) Build Info: MusicDesktop-1001006037000~4 Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: Music [492] User ID: 501 Date/Time: 2021-09-20 09:40:28.607 -0600 OS Version: macOS 11.6 (20G165) Report Version: 12 Anonymous UUID: EE6658C3-E521-BF39-08BC-488FBA6D78F9 Time Awake Since Boot: 120 seconds System Integrity Protection: disabled Crashed Thread: 0 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: DYLD, [0x1] Library missing Application Specific Information: dyld: launch, loading dependent libraries @executable_path/../Frameworks/libgnsdk_dsp.3.06.1.dylib Dyld Error Message: dyld: Using shared cache: 1FB62A50-25C7-3F72-8054-A70CD3CA5953 Library not loaded: @executable_path/../Frameworks/libgnsdk_dsp.3.06.1.dylib Referenced from: /System/Applications/Music.app/Contents/MacOS/Music Reason: unsafe use of @executable_path in /System/Applications/Music.app/Contents/MacOS/Music with restricted binary (Codesign main executable with Library Validation to allow @ paths) Binary Images: 0x10c73a000 - 0x10e265fff com.apple.Music (1.1.6 - 1.1.6) <7164E504-F5FC-3109-BB30-95D8EB5B36E7> /System/Applications/Music.app/Contents/MacOS/Music 0x10e5ea000 - 0x10e5f1fff com.apple.SkyLight (1.600.0 - 0) <668076CE-1C9D-3BE2-90FF-6D2E9CAB4466> /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/SkyLight 0x10e60c000 - 0x10e61bfff com.apple.opengl (17.3.1 - 17.3.1) <2F59064F-D6EF-35CD-9747-20A91DB3D5DF> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x11b672000 - 0x11b70dfff dyld (852.2) <0CC19410-FD43-39AE-A32A-50273F8303A4> /usr/lib/dyld 0x7fff20d95000 - 0x7fff20e12fff com.apple.SystemConfiguration (1.20 - 1.20) <8FEB39D4-ACD6-39F2-8D1B-A57CACD5628F> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x7fff21a57000 - 0x7fff220e8fff com.apple.audio.CoreAudio (5.0 - 5.0) <5EEA9225-4837-37F3-9105-941A5743169F> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x7fff220e9000 - 0x7fff22440fff com.apple.security (7.0 - 59754.140.13)iTunes.app Crash - macOS 10.14.6
Spoiler: iTunes.app Crash - macOS 10.14.6
``` Process: iTunes [387] Path: /Applications/iTunes.app/Contents/MacOS/iTunes Identifier: com.apple.iTunes Version: 12.9.5 (12.9.5) Build Info: iTunes-1200012009005005~9 Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: iTunes [387] User ID: 501 Date/Time: 2021-09-20 17:42:16.685 +0200 OS Version: Mac OS X 10.14.6 (18G9028) Report Version: 12 Anonymous UUID: 1D4EEA70-CD89-9F52-1FAC-482726AB57D2 Time Awake Since Boot: 26 seconds System Integrity Protection: disabled Crashed Thread: 0 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: DYLD, [0x1] Library missing Application Specific Information: dyld: launch, loading dependent libraries @executable_path/../Frameworks/libgnsdk_dsp.3.06.1.dylib Dyld Error Message: Library not loaded: @executable_path/../Frameworks/libgnsdk_dsp.3.06.1.dylib Referenced from: /Applications/iTunes.app/Contents/MacOS/iTunes Reason: unsafe use of @executable_path in /Applications/iTunes.app/Contents/MacOS/iTunes with restricted binary Binary Images: 0x10c6e2000 - 0x10e40cfe7 com.apple.iTunes (12.9.5 - 12.9.5) <91006EE5-C8C4-3A53-B7F7-69A3B2FD991A> /Applications/iTunes.app/Contents/MacOS/iTunes 0x11bfbd000 - 0x11c02770f dyld (655.1.1) <5C085E07-E51D-35EC-BE29-92A5782AA39F> /usr/lib/dyld 0x7fff2e895000 - 0x7fff2e899fff com.apple.agl (3.3.2 - AGL-3.3.2)