]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/sys/csr.h
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-7195.50.7.100.1.tar.gz
[apple/xnu.git] / bsd / sys / csr.h
diff --git a/bsd/sys/csr.h b/bsd/sys/csr.h
index 7c083d46142f56b9aa9e3eb17b3a2d3b86e9b06a..ac35033926a491ab37e9bf5eb16f656933d4cc0f 100644 (file)
--- a/bsd/sys/csr.h
+++ b/bsd/sys/csr.h
@@ -38,37 +38,48 @@
 typedef uint32_t csr_config_t;
 typedef uint32_t csr_op_t;
 
 typedef uint32_t csr_config_t;
 typedef uint32_t csr_op_t;
 
-/* Rootless configuration flags */
+/* CSR configuration flags */
 #define CSR_ALLOW_UNTRUSTED_KEXTS               (1 << 0)
 #define CSR_ALLOW_UNRESTRICTED_FS               (1 << 1)
 #define CSR_ALLOW_TASK_FOR_PID                  (1 << 2)
 #define CSR_ALLOW_KERNEL_DEBUGGER               (1 << 3)
 #define CSR_ALLOW_APPLE_INTERNAL                (1 << 4)
 #define CSR_ALLOW_UNTRUSTED_KEXTS               (1 << 0)
 #define CSR_ALLOW_UNRESTRICTED_FS               (1 << 1)
 #define CSR_ALLOW_TASK_FOR_PID                  (1 << 2)
 #define CSR_ALLOW_KERNEL_DEBUGGER               (1 << 3)
 #define CSR_ALLOW_APPLE_INTERNAL                (1 << 4)
-#define CSR_ALLOW_DESTRUCTIVE_DTRACE    (1 << 5) /* name deprecated */
-#define CSR_ALLOW_UNRESTRICTED_DTRACE   (1 << 5)
-#define CSR_ALLOW_UNRESTRICTED_NVRAM    (1 << 6)
-#define CSR_ALLOW_DEVICE_CONFIGURATION  (1 << 7)
-#define CSR_ALLOW_ANY_RECOVERY_OS       (1 << 8)
-#define CSR_ALLOW_UNAPPROVED_KEXTS      (1 << 9)
+#define CSR_ALLOW_DESTRUCTIVE_DTRACE                    (1 << 5) /* name deprecated */
+#define CSR_ALLOW_UNRESTRICTED_DTRACE                   (1 << 5)
+#define CSR_ALLOW_UNRESTRICTED_NVRAM                    (1 << 6)
+#define CSR_ALLOW_DEVICE_CONFIGURATION                  (1 << 7)
+#define CSR_ALLOW_ANY_RECOVERY_OS                       (1 << 8)
+#define CSR_ALLOW_UNAPPROVED_KEXTS                      (1 << 9)
 #define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE    (1 << 10)
 #define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE    (1 << 10)
+#define CSR_ALLOW_UNAUTHENTICATED_ROOT                  (1 << 11)
 
 #define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
 
 #define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
-                        CSR_ALLOW_UNRESTRICTED_FS | \
-                        CSR_ALLOW_TASK_FOR_PID | \
-                        CSR_ALLOW_KERNEL_DEBUGGER | \
-                        CSR_ALLOW_APPLE_INTERNAL | \
-                        CSR_ALLOW_UNRESTRICTED_DTRACE | \
-                        CSR_ALLOW_UNRESTRICTED_NVRAM | \
-                        CSR_ALLOW_DEVICE_CONFIGURATION | \
-                        CSR_ALLOW_ANY_RECOVERY_OS | \
-                        CSR_ALLOW_UNAPPROVED_KEXTS | \
-                        CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE)
+                                CSR_ALLOW_UNRESTRICTED_FS | \
+                                CSR_ALLOW_TASK_FOR_PID | \
+                                CSR_ALLOW_KERNEL_DEBUGGER | \
+                                CSR_ALLOW_APPLE_INTERNAL | \
+                                CSR_ALLOW_UNRESTRICTED_DTRACE | \
+                                CSR_ALLOW_UNRESTRICTED_NVRAM | \
+                                CSR_ALLOW_DEVICE_CONFIGURATION | \
+                                CSR_ALLOW_ANY_RECOVERY_OS | \
+                                CSR_ALLOW_UNAPPROVED_KEXTS | \
+                                CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE | \
+                                CSR_ALLOW_UNAUTHENTICATED_ROOT)
 
 #define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION | CSR_ALLOW_ANY_RECOVERY_OS)
 
 
 #define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION | CSR_ALLOW_ANY_RECOVERY_OS)
 
+/* Flags set by `csrutil disable`. */
+#define CSR_DISABLE_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
+                          CSR_ALLOW_UNRESTRICTED_FS | \
+                          CSR_ALLOW_TASK_FOR_PID | \
+                          CSR_ALLOW_KERNEL_DEBUGGER | \
+                          CSR_ALLOW_APPLE_INTERNAL | \
+                          CSR_ALLOW_UNRESTRICTED_DTRACE | \
+                          CSR_ALLOW_UNRESTRICTED_NVRAM)
+
 /* CSR capabilities that a booter can give to the system */
 /* CSR capabilities that a booter can give to the system */
-#define CSR_CAPABILITY_UNLIMITED                                (1 << 0)
-#define CSR_CAPABILITY_CONFIG                                   (1 << 1)
+#define CSR_CAPABILITY_UNLIMITED                        (1 << 0)
+#define CSR_CAPABILITY_CONFIG                           (1 << 1)
 #define CSR_CAPABILITY_APPLE_INTERNAL                   (1 << 2)
 
 #define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED | CSR_CAPABILITY_CONFIG | CSR_CAPABILITY_APPLE_INTERNAL)
 #define CSR_CAPABILITY_APPLE_INTERNAL                   (1 << 2)
 
 #define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED | CSR_CAPABILITY_CONFIG | CSR_CAPABILITY_APPLE_INTERNAL)
@@ -86,10 +97,6 @@ enum csr_syscalls {
 
 __BEGIN_DECLS
 
 
 __BEGIN_DECLS
 
-#ifdef XNU_KERNEL_PRIVATE
-void csr_init(void);
-#endif
-
 /* Syscalls */
 int csr_check(csr_config_t mask);
 int csr_get_active_config(csr_config_t *config);
 /* Syscalls */
 int csr_check(csr_config_t mask);
 int csr_get_active_config(csr_config_t *config);
mirror of XNU