[apple/xnu.git] / bsd / sys / csr.h

/*
 * Copyright (c) 2014 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#ifndef _SYS_CSR_H_
#define _SYS_CSR_H_

#include <stdint.h>
#include <sys/appleapiopts.h>
#include <sys/cdefs.h>

#ifdef __APPLE_API_PRIVATE

typedef uint32_t csr_config_t;
typedef uint32_t csr_op_t;

/* CSR configuration flags */
#define CSR_ALLOW_UNTRUSTED_KEXTS               (1 << 0)
#define CSR_ALLOW_UNRESTRICTED_FS               (1 << 1)
#define CSR_ALLOW_TASK_FOR_PID                  (1 << 2)
#define CSR_ALLOW_KERNEL_DEBUGGER               (1 << 3)
#define CSR_ALLOW_APPLE_INTERNAL                (1 << 4)
#define CSR_ALLOW_DESTRUCTIVE_DTRACE                    (1 << 5) /* name deprecated */
#define CSR_ALLOW_UNRESTRICTED_DTRACE                   (1 << 5)
#define CSR_ALLOW_UNRESTRICTED_NVRAM                    (1 << 6)
#define CSR_ALLOW_DEVICE_CONFIGURATION                  (1 << 7)
#define CSR_ALLOW_ANY_RECOVERY_OS                       (1 << 8)
#define CSR_ALLOW_UNAPPROVED_KEXTS                      (1 << 9)
#define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE    (1 << 10)
#define CSR_ALLOW_UNAUTHENTICATED_ROOT                  (1 << 11)

#define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
	                         CSR_ALLOW_UNRESTRICTED_FS | \
	                         CSR_ALLOW_TASK_FOR_PID | \
	                         CSR_ALLOW_KERNEL_DEBUGGER | \
	                         CSR_ALLOW_APPLE_INTERNAL | \
	                         CSR_ALLOW_UNRESTRICTED_DTRACE | \
	                         CSR_ALLOW_UNRESTRICTED_NVRAM | \
	                         CSR_ALLOW_DEVICE_CONFIGURATION | \
	                         CSR_ALLOW_ANY_RECOVERY_OS | \
	                         CSR_ALLOW_UNAPPROVED_KEXTS | \
	                         CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE | \
	                         CSR_ALLOW_UNAUTHENTICATED_ROOT)

#define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION | CSR_ALLOW_ANY_RECOVERY_OS)

/* Flags set by `csrutil disable`. */
#define CSR_DISABLE_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
	                   CSR_ALLOW_UNRESTRICTED_FS | \
	                   CSR_ALLOW_TASK_FOR_PID | \
	                   CSR_ALLOW_KERNEL_DEBUGGER | \
	                   CSR_ALLOW_APPLE_INTERNAL | \
	                   CSR_ALLOW_UNRESTRICTED_DTRACE | \
	                   CSR_ALLOW_UNRESTRICTED_NVRAM)

/* CSR capabilities that a booter can give to the system */
#define CSR_CAPABILITY_UNLIMITED                        (1 << 0)
#define CSR_CAPABILITY_CONFIG                           (1 << 1)
#define CSR_CAPABILITY_APPLE_INTERNAL                   (1 << 2)

#define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED | CSR_CAPABILITY_CONFIG | CSR_CAPABILITY_APPLE_INTERNAL)

#ifdef PRIVATE
/* Private system call interface between Libsyscall and xnu */

/* Syscall flavors */
enum csr_syscalls {
	CSR_SYSCALL_CHECK,
	CSR_SYSCALL_GET_ACTIVE_CONFIG,
};

#endif /* PRIVATE */

__BEGIN_DECLS

/* Syscalls */
int csr_check(csr_config_t mask);
int csr_get_active_config(csr_config_t *config);

__END_DECLS

#endif /* __APPLE_API_PRIVATE */

#endif /* _SYS_CSR_H_ */
Commit	Line	Data
fe8ab488 A	1	/*
	2	* Copyright (c) 2014 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
490019cf	5	*
fe8ab488 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
490019cf	14	*
fe8ab488 A	15	* Please obtain a copy of the License at
fe8ab488 A	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
490019cf	17	*
fe8ab488 A	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
490019cf	25	*
fe8ab488 A	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
	29	#ifndef _SYS_CSR_H_
	30	#define _SYS_CSR_H_
	31
	32	#include <stdint.h>
	33	#include <sys/appleapiopts.h>
	34	#include <sys/cdefs.h>
	35
	36	#ifdef __APPLE_API_PRIVATE
	37
	38	typedef uint32_t csr_config_t;
	39	typedef uint32_t csr_op_t;
	40
f427ee49	41	/* CSR configuration flags */
0a7de745 A	42	#define CSR_ALLOW_UNTRUSTED_KEXTS (1 << 0)
	43	#define CSR_ALLOW_UNRESTRICTED_FS (1 << 1)
	44	#define CSR_ALLOW_TASK_FOR_PID (1 << 2)
	45	#define CSR_ALLOW_KERNEL_DEBUGGER (1 << 3)
	46	#define CSR_ALLOW_APPLE_INTERNAL (1 << 4)
f427ee49 A	47	#define CSR_ALLOW_DESTRUCTIVE_DTRACE (1 << 5) /* name deprecated */
	48	#define CSR_ALLOW_UNRESTRICTED_DTRACE (1 << 5)
	49	#define CSR_ALLOW_UNRESTRICTED_NVRAM (1 << 6)
	50	#define CSR_ALLOW_DEVICE_CONFIGURATION (1 << 7)
	51	#define CSR_ALLOW_ANY_RECOVERY_OS (1 << 8)
	52	#define CSR_ALLOW_UNAPPROVED_KEXTS (1 << 9)
0a7de745	53	#define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE (1 << 10)
f427ee49	54	#define CSR_ALLOW_UNAUTHENTICATED_ROOT (1 << 11)
fe8ab488 A	55
fe8ab488 A	56	#define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS \| \
f427ee49 A	57	CSR_ALLOW_UNRESTRICTED_FS \| \
	58	CSR_ALLOW_TASK_FOR_PID \| \
	59	CSR_ALLOW_KERNEL_DEBUGGER \| \
	60	CSR_ALLOW_APPLE_INTERNAL \| \
	61	CSR_ALLOW_UNRESTRICTED_DTRACE \| \
	62	CSR_ALLOW_UNRESTRICTED_NVRAM \| \
	63	CSR_ALLOW_DEVICE_CONFIGURATION \| \
	64	CSR_ALLOW_ANY_RECOVERY_OS \| \
	65	CSR_ALLOW_UNAPPROVED_KEXTS \| \
	66	CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE \| \
	67	CSR_ALLOW_UNAUTHENTICATED_ROOT)
3e170ce0	68
813fb2f6	69	#define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION \| CSR_ALLOW_ANY_RECOVERY_OS)
3e170ce0	70
f427ee49 A	71	/* Flags set by `csrutil disable`. */
	72	#define CSR_DISABLE_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS \| \
	73	CSR_ALLOW_UNRESTRICTED_FS \| \
	74	CSR_ALLOW_TASK_FOR_PID \| \
	75	CSR_ALLOW_KERNEL_DEBUGGER \| \
	76	CSR_ALLOW_APPLE_INTERNAL \| \
	77	CSR_ALLOW_UNRESTRICTED_DTRACE \| \
	78	CSR_ALLOW_UNRESTRICTED_NVRAM)
	79
3e170ce0	80	/* CSR capabilities that a booter can give to the system */
f427ee49 A	81	#define CSR_CAPABILITY_UNLIMITED (1 << 0)
f427ee49 A	82	#define CSR_CAPABILITY_CONFIG (1 << 1)
0a7de745	83	#define CSR_CAPABILITY_APPLE_INTERNAL (1 << 2)
3e170ce0 A	84
3e170ce0 A	85	#define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED \| CSR_CAPABILITY_CONFIG \| CSR_CAPABILITY_APPLE_INTERNAL)
fe8ab488 A	86
	87	#ifdef PRIVATE
	88	/* Private system call interface between Libsyscall and xnu */
	89
	90	/* Syscall flavors */
3e170ce0 A	91	enum csr_syscalls {
	92	CSR_SYSCALL_CHECK,
	93	CSR_SYSCALL_GET_ACTIVE_CONFIG,
	94	};
fe8ab488 A	95
	96	#endif /* PRIVATE */
	97
	98	__BEGIN_DECLS
	99
fe8ab488 A	100	/* Syscalls */
	101	int csr_check(csr_config_t mask);
	102	int csr_get_active_config(csr_config_t *config);
fe8ab488 A	103
	104	__END_DECLS
	105
	106	#endif /* __APPLE_API_PRIVATE */
	107
	108	#endif /* _SYS_CSR_H_ */