This article was migrated from medium.com for archival purposes and may be heavily outdated. Please keep that in mind!
Let's start by making this absolutely clear: I currently do not have any device jailbroken on iOS 11. I've lost my iPhone 6s on 11.1.2 during the Apple Signing Fuckup when I was forced to restore to 11.2, so LockWatch development for iOS 11 was done exclusively inside the iOS Simulator.
Recently, I've released LockWatch 1.0 on BigBoss, which was a huge success with over 2000 downloads in less than 12 hours, compared to about 1000 downloads on my own repo (https://repo.festival.tf) in a few months. However, shortly after release, reports surfaced that installed watch faces didn't show up in Settings on iOS 11.
My first assumption was that the iOS sandbox prevented access to files stored on the user partition. So I quickly put together a debug build that logs a few things into the system console. And even though I failed to upload the packages definition file (Packages.bz2), the first log that I received seemed pretty interesting.
Sandbox: SpringBoard(18328) System Policy: deny(1) file-map-executable
/private/var/mobile/Library/FESTIVAL/LockWatch/LockWatchKit.framework/LockWatchKit
SpringBoard Injection failed: 'dlopen(/Library/TweakInject/LockWatch.dylib, 9): Library not loaded: […] file system sandbox blocked mmap() of '/System/Library/Frameworks/LockWatchKit.framework/LockWatchKit''As you can see, LockWatch resources are stored in /private/var/mobile/Library/FESTIVAL/LockWatch, with a symbolic link from /private/var/mobile/Library/FESTIVAL/LockWatch/LockWatchKit.framework to /System/Library/Frameworks/LockWatchKit.framework. This needs to be done, because on iOS 10, space on the system partition is limited. Since iOS 11 (probably even 10.3), the file system is formatted in APFS, so the system and user partitions share the same container. No space limitations, except for your device's storage capacity.
So for the next debug build, I moved LockWatchKit to /System/Library/Frameworks, and the watch faces started to appear in Settings. However, the lock screen still appeared empty. So the next logs I received revealed what was going on:
Sandbox: SpringBoard(1200) System Policy: deny(1) file-map-executable /private/var/mobile/Library/FESTIVAL/LockWatch/Watch Faces/Simple.watchface/Simple
Error loading /var/mobile/Library/FESTIVAL/LockWatch/Watch Faces/Simple.watchface/Simple […] file system sandbox blocked mmap() of '/var/mobile/Library/FESTIVAL/LockWatch/Watch Faces/Simple.watchface/Simple'
[LockWatch] watch face with identifier ml.festival.Simple failed to loadThe logs clearly confirm my assumptions that the iOS Sandbox is the true cause of this. And this is where my opportunities end. I can't just move everything to the system partition because of the limited space on iOS 10. So how can we fix this?
WE probably can't. Only CoolStar can, as he is the developer of this so called "jailbreak". He is only one to correctly patch the iOS Sandbox (if it is actually possible on a jailbreak without a bypass for Kernel Patch Protection).
Or wait until Saurik and his "legendary team" releases a proper jailbreak. This one will probably have a proper KPP bypass, and thus, proper sandbox escapes. But until then, we need to wait.
– Sniper_GER