Setup NAC context with NACInit rather than relying on NACKeyEstablishment hook

[JJTech0130]

You kick off identityservicesd's internal NAC process with

[validationQueue _sendAbsintheValidationCertRequestIfNeededForSubsystem: 1]

and then wait for a hook to trigger on NACKeyEstablishment

If there is a good reason for this, I'd be interested to hear about this, since in my experience, NACInit is more reliable. Curious to see if there is some downside I missed.

Otherwise, you should be able to just call NACInit directly, so that you control the function calls and don't have to use a timeout to wait for the hook. NACInit is really simple to call (see the mac registration provider), though you do have to make a couple simple HTTP requests to Apple, maybe that is what you were trying to avoid?

[thatmarcel]

Yeah, my reason for not calling NACInit directly was so I didn't have to worry about exactly replicating the process / HTTP requests that it runs, and instead just leave it up to identityservicesd to do it 100% correctly.

(Another side benefit is that, if the offset finder finds wrong offsets, the chances of crashing the process might be lower, because our hook just doesn't get called, instead of us calling some random function. This can of course be solved by improving the offset finder, adding more sanity checks, or adding fixed offsets)

That said, looking at it again, the requests really don't seem that complicated so doing them ourselves probably makes sense, especially when, as you mentioned, it should increase reliability.