typedef uint32_t csr_config_t;
typedef uint32_t csr_op_t;
-/* Rootless configuration flags */
+/* CSR configuration flags */
#define CSR_ALLOW_UNTRUSTED_KEXTS (1 << 0)
#define CSR_ALLOW_UNRESTRICTED_FS (1 << 1)
#define CSR_ALLOW_TASK_FOR_PID (1 << 2)
#define CSR_ALLOW_KERNEL_DEBUGGER (1 << 3)
#define CSR_ALLOW_APPLE_INTERNAL (1 << 4)
-#define CSR_ALLOW_DESTRUCTIVE_DTRACE (1 << 5) /* name deprecated */
-#define CSR_ALLOW_UNRESTRICTED_DTRACE (1 << 5)
-#define CSR_ALLOW_UNRESTRICTED_NVRAM (1 << 6)
-#define CSR_ALLOW_DEVICE_CONFIGURATION (1 << 7)
-#define CSR_ALLOW_ANY_RECOVERY_OS (1 << 8)
-#define CSR_ALLOW_UNAPPROVED_KEXTS (1 << 9)
+#define CSR_ALLOW_DESTRUCTIVE_DTRACE (1 << 5) /* name deprecated */
+#define CSR_ALLOW_UNRESTRICTED_DTRACE (1 << 5)
+#define CSR_ALLOW_UNRESTRICTED_NVRAM (1 << 6)
+#define CSR_ALLOW_DEVICE_CONFIGURATION (1 << 7)
+#define CSR_ALLOW_ANY_RECOVERY_OS (1 << 8)
+#define CSR_ALLOW_UNAPPROVED_KEXTS (1 << 9)
#define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE (1 << 10)
+#define CSR_ALLOW_UNAUTHENTICATED_ROOT (1 << 11)
#define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
- CSR_ALLOW_UNRESTRICTED_FS | \
- CSR_ALLOW_TASK_FOR_PID | \
- CSR_ALLOW_KERNEL_DEBUGGER | \
- CSR_ALLOW_APPLE_INTERNAL | \
- CSR_ALLOW_UNRESTRICTED_DTRACE | \
- CSR_ALLOW_UNRESTRICTED_NVRAM | \
- CSR_ALLOW_DEVICE_CONFIGURATION | \
- CSR_ALLOW_ANY_RECOVERY_OS | \
- CSR_ALLOW_UNAPPROVED_KEXTS | \
- CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE)
+ CSR_ALLOW_UNRESTRICTED_FS | \
+ CSR_ALLOW_TASK_FOR_PID | \
+ CSR_ALLOW_KERNEL_DEBUGGER | \
+ CSR_ALLOW_APPLE_INTERNAL | \
+ CSR_ALLOW_UNRESTRICTED_DTRACE | \
+ CSR_ALLOW_UNRESTRICTED_NVRAM | \
+ CSR_ALLOW_DEVICE_CONFIGURATION | \
+ CSR_ALLOW_ANY_RECOVERY_OS | \
+ CSR_ALLOW_UNAPPROVED_KEXTS | \
+ CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE | \
+ CSR_ALLOW_UNAUTHENTICATED_ROOT)
#define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION | CSR_ALLOW_ANY_RECOVERY_OS)
+/* Flags set by `csrutil disable`. */
+#define CSR_DISABLE_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
+ CSR_ALLOW_UNRESTRICTED_FS | \
+ CSR_ALLOW_TASK_FOR_PID | \
+ CSR_ALLOW_KERNEL_DEBUGGER | \
+ CSR_ALLOW_APPLE_INTERNAL | \
+ CSR_ALLOW_UNRESTRICTED_DTRACE | \
+ CSR_ALLOW_UNRESTRICTED_NVRAM)
+
/* CSR capabilities that a booter can give to the system */
-#define CSR_CAPABILITY_UNLIMITED (1 << 0)
-#define CSR_CAPABILITY_CONFIG (1 << 1)
+#define CSR_CAPABILITY_UNLIMITED (1 << 0)
+#define CSR_CAPABILITY_CONFIG (1 << 1)
#define CSR_CAPABILITY_APPLE_INTERNAL (1 << 2)
#define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED | CSR_CAPABILITY_CONFIG | CSR_CAPABILITY_APPLE_INTERNAL)
__BEGIN_DECLS
-#ifdef XNU_KERNEL_PRIVATE
-void csr_init(void);
-#endif
-
/* Syscalls */
int csr_check(csr_config_t mask);
int csr_get_active_config(csr_config_t *config);