]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/sys/csr.h
xnu-6153.61.1.tar.gz
[apple/xnu.git] / bsd / sys / csr.h
index 602b6061b7953959090e677c3402417d2b185a52..7c083d46142f56b9aa9e3eb17b3a2d3b86e9b06a 100644 (file)
@@ -39,33 +39,37 @@ typedef uint32_t csr_config_t;
 typedef uint32_t csr_op_t;
 
 /* Rootless configuration flags */
-#define CSR_ALLOW_UNTRUSTED_KEXTS              (1 << 0)
-#define CSR_ALLOW_UNRESTRICTED_FS              (1 << 1)
-#define CSR_ALLOW_TASK_FOR_PID                 (1 << 2)
-#define CSR_ALLOW_KERNEL_DEBUGGER              (1 << 3)
-#define CSR_ALLOW_APPLE_INTERNAL               (1 << 4)
-#define CSR_ALLOW_DESTRUCTIVE_DTRACE   (1 << 5) /* name deprecated */
-#define CSR_ALLOW_UNRESTRICTED_DTRACE  (1 << 5)
-#define CSR_ALLOW_UNRESTRICTED_NVRAM   (1 << 6)
-#define CSR_ALLOW_DEVICE_CONFIGURATION (1 << 7)
-#define CSR_ALLOW_ANY_RECOVERY_OS      (1 << 8)
+#define CSR_ALLOW_UNTRUSTED_KEXTS               (1 << 0)
+#define CSR_ALLOW_UNRESTRICTED_FS               (1 << 1)
+#define CSR_ALLOW_TASK_FOR_PID                  (1 << 2)
+#define CSR_ALLOW_KERNEL_DEBUGGER               (1 << 3)
+#define CSR_ALLOW_APPLE_INTERNAL                (1 << 4)
+#define CSR_ALLOW_DESTRUCTIVE_DTRACE    (1 << 5) /* name deprecated */
+#define CSR_ALLOW_UNRESTRICTED_DTRACE   (1 << 5)
+#define CSR_ALLOW_UNRESTRICTED_NVRAM    (1 << 6)
+#define CSR_ALLOW_DEVICE_CONFIGURATION  (1 << 7)
+#define CSR_ALLOW_ANY_RECOVERY_OS       (1 << 8)
+#define CSR_ALLOW_UNAPPROVED_KEXTS      (1 << 9)
+#define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE    (1 << 10)
 
 #define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
-                         CSR_ALLOW_UNRESTRICTED_FS | \
-                         CSR_ALLOW_TASK_FOR_PID | \
-                         CSR_ALLOW_KERNEL_DEBUGGER | \
-                         CSR_ALLOW_APPLE_INTERNAL | \
-                         CSR_ALLOW_UNRESTRICTED_DTRACE | \
-                         CSR_ALLOW_UNRESTRICTED_NVRAM | \
-                         CSR_ALLOW_DEVICE_CONFIGURATION | \
-                         CSR_ALLOW_ANY_RECOVERY_OS)
+                        CSR_ALLOW_UNRESTRICTED_FS | \
+                        CSR_ALLOW_TASK_FOR_PID | \
+                        CSR_ALLOW_KERNEL_DEBUGGER | \
+                        CSR_ALLOW_APPLE_INTERNAL | \
+                        CSR_ALLOW_UNRESTRICTED_DTRACE | \
+                        CSR_ALLOW_UNRESTRICTED_NVRAM | \
+                        CSR_ALLOW_DEVICE_CONFIGURATION | \
+                        CSR_ALLOW_ANY_RECOVERY_OS | \
+                        CSR_ALLOW_UNAPPROVED_KEXTS | \
+                        CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE)
 
 #define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION | CSR_ALLOW_ANY_RECOVERY_OS)
 
 /* CSR capabilities that a booter can give to the system */
-#define CSR_CAPABILITY_UNLIMITED                               (1 << 0)
-#define CSR_CAPABILITY_CONFIG                                  (1 << 1)
-#define CSR_CAPABILITY_APPLE_INTERNAL                  (1 << 2)
+#define CSR_CAPABILITY_UNLIMITED                                (1 << 0)
+#define CSR_CAPABILITY_CONFIG                                   (1 << 1)
+#define CSR_CAPABILITY_APPLE_INTERNAL                   (1 << 2)
 
 #define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED | CSR_CAPABILITY_CONFIG | CSR_CAPABILITY_APPLE_INTERNAL)