xnu-6153.141.1.tar.gz

[apple/xnu.git] / bsd / kern / kern_csr.c

diff --git a/bsd/kern/kern_csr.c b/bsd/kern/kern_csr.c
index 15a5ede70ff7c03dde3ea5ff046e88bacf3a2377..6423d23ca336aa84dae8a309197468ab82dffbfe 100644 (file)
--- a/bsd/kern/kern_csr.c
+++ b/bsd/kern/kern_csr.c
@@ -63,8 +63,9 @@ int
 csr_check(csr_config_t mask)
 {
        boot_args *args = (boot_args *)PE_state.bootArgs;
-       if (mask & CSR_ALLOW_DEVICE_CONFIGURATION)
+       if (mask & CSR_ALLOW_DEVICE_CONFIGURATION) {
                return (args->flags & kBootArgsFlagCSRConfigMode) ? 0 : EPERM;
+       }
 
        csr_config_t config;
        int ret = csr_get_active_config(&config);
@@ -77,14 +78,16 @@ csr_check(csr_config_t mask)
        // CSR_ALLOW_UNTRUSTED_KEXTS as a proxy for "SIP is disabled" on the
        // grounds that you can do the same damage with a kernel debugger as
        // you can with an untrusted kext.
-       if ((config & (CSR_ALLOW_UNTRUSTED_KEXTS|CSR_ALLOW_APPLE_INTERNAL)) != 0)
+       if ((config & (CSR_ALLOW_UNTRUSTED_KEXTS | CSR_ALLOW_APPLE_INTERNAL)) != 0) {
                config |= CSR_ALLOW_KERNEL_DEBUGGER;
+       }
 
        ret = ((config & mask) == mask) ? 0 : EPERM;
        if (ret == EPERM) {
                // Override the return value if booted from the BaseSystem and the mask does not contain any flag that should always be enforced.
-               if (csr_allow_all && (mask & CSR_ALWAYS_ENFORCED_FLAGS) == 0)
+               if (csr_allow_all && (mask & CSR_ALWAYS_ENFORCED_FLAGS) == 0) {
                        ret = 0;
+               }
        }
 
        return ret;
@@ -104,12 +107,14 @@ syscall_csr_check(struct csrctl_args *args)
        csr_config_t mask = 0;
        int error = 0;
 
-       if (args->useraddr == 0 || args->usersize != sizeof(mask))
+       if (args->useraddr == 0 || args->usersize != sizeof(mask)) {
                return EINVAL;
+       }
 
        error = copyin(args->useraddr, &mask, sizeof(mask));
-       if (error)
+       if (error) {
                return error;
+       }
 
        return csr_check(mask);
 }
@@ -120,12 +125,14 @@ syscall_csr_get_active_config(struct csrctl_args *args)
        csr_config_t config = 0;
        int error = 0;
 
-       if (args->useraddr == 0 || args->usersize != sizeof(config))
+       if (args->useraddr == 0 || args->usersize != sizeof(config)) {
                return EINVAL;
+       }
 
        error = csr_get_active_config(&config);
-       if (error)
+       if (error) {
                return error;
+       }
 
        return copyout(&config, args->useraddr, sizeof(config));
 }
@@ -138,11 +145,11 @@ int
 csrctl(__unused proc_t p, struct csrctl_args *args, __unused int32_t *retval)
 {
        switch (args->op) {
-               case CSR_SYSCALL_CHECK:
-                       return syscall_csr_check(args);
-               case CSR_SYSCALL_GET_ACTIVE_CONFIG:
-                       return syscall_csr_get_active_config(args);
-               default:
-                       return ENOSYS;
+       case CSR_SYSCALL_CHECK:
+               return syscall_csr_check(args);
+       case CSR_SYSCALL_GET_ACTIVE_CONFIG:
+               return syscall_csr_get_active_config(args);
+       default:
+               return ENOSYS;
        }
 }