Grant the location permission to an iOS app. More permissions here: https://gist.github.com/kasnder/3eb32449512a4dba4a92949c8d337a92

grant_ios_location_permission.sh

#!/bin/bash

# Todo: This currently fails to replace an existing entry in the location permission database. Would be better add to the end of the clients.plist file.

# Usage:./grant_ios_location_permission.sh [bundleId]
# Example: ./grant_ios_location_permission.sh com.spotify.client

# Requirements:
# - iOS device with checkra1n jailbreak (tested on 14.8)
# - Installed `sqlite3` on iOS device from Cydia
# - iOS device plugged into computed and forwarded SSH port with `iproxy 2222 44`
# - Installed public ssh key on your device: `ssh-copy-id -p 2222 root@localhost`

if [ -z "$1" ]; then
    echo "Please pass bundleId"
    exit -1
fi

# Get bundleId from argument (e.g. cn.DGNorya.Norya)
bundleId=$1

# Create backup (-n makes sure to not overwrite existing backup)
ssh -T -p 2222 root@localhost "cp -n /private/var/root/Library/Caches/locationd/clients.plist ~/clients.backup.plist"

# Get path to executable from install logs
executable=`ssh -T -p 2222 root@localhost "cat /private/var/installd/Library/Logs/MobileInstallation/mobile_installation.log.* | grep 'Made container live for $bundleId at /private/var/containers/Bundle/Application/' | sort  | tail -n1"`
executable=${executable##*Made container live for $bundleId at }
executable=`ssh -T -p 2222 root@localhost "find $executable/*.app/ -maxdepth 1 -perm -111 -type f -exec readlink -f {} \;"`

# Download binary plist file
scp -P 2222 root@localhost:/private/var/root/Library/Caches/locationd/clients.plist ./clients.old.plist

# Cleanup if exists
rm ./clients.new.xml || true

# Add to downloaded binary plist file
n=0
echo "`plistutil -i ./clients.old.plist -o -`" | while read p ; do
  echo "$p" >> ./clients.new.xml
  if [[ "$p" =~ '<dict>' && $n = 0 ]]; then
    echo "<key>$bundleId</key>
  <dict>
      <key>Authorization</key>
      <integer>2</integer>
      <key>BundleId</key>
      <string>$bundleId</string>
      <key>Executable</key>
      <string>$executable</string>
      <key>Registered</key>
      <string>$executable</string>
      <key>SupportedAuthorizationMask</key>
      <integer>7</integer>
      <key>Whitelisted</key>
      <false/>
  </dict>" >> ./clients.new.xml
    n=1
  fi
done

# Convert plist back to binary
plistutil -i ./clients.new.xml -o ./clients.new.plist

echo "Created new clients configuration at ./clients.new.plist"
echo "Now copy this file to your device, as described here: https://kollnig.net/2022/01/app-research-circumventing-permissions/"

# Stop location service
#ssh -T -p 2222 root@localhost "launchctl unload /System/Library/LaunchDaemons/com.apple.locationd.plist"
#sleep 1

# Copy over new plist file
#scp -P 2222 ./clients.new.plist /private/var/root/Library/Caches/locationd/clients.plist

# Start location service
#ssh -T -p 2222 root@localhost "launchctl load /System/Library/LaunchDaemons/com.apple.locationd.plist"

# Cleanup
#rm ./clients.new.plist

thanks!!

Should I expect this to work for cli apps? I was hoping this would allow me to access perms such as location through cli apps.
It doesn't seem to be working on ios 14 and locationManager.authorizationStatus remains restricted.

I know I'm doing it right as it allows me to bypass the prompt in an app.
I'm on 14.4, fugu14.

Hm, locationd appends "com.apple.locationd.executable" ahead of executables and not apps?

Not sure! I think this is only aimed at regular apps. Other apps should have root access anyway?

Even with root access, locationd only allows access if they are in a .app bundle

Much, much, MUCH experimentation later - I've come with a suitable solution, check it out here
Thanks again!