X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/eb6b6ca394357805f2bdba989abae309f718b4d8..f427ee49d309d8fc33ebf3042c3a775f2f530ded:/bsd/sys/csr.h?ds=sidebyside

diff --git a/bsd/sys/csr.h b/bsd/sys/csr.h
index 7c083d461..ac3503392 100644
--- a/bsd/sys/csr.h
+++ b/bsd/sys/csr.h
@@ -38,37 +38,48 @@
 typedef uint32_t csr_config_t;
 typedef uint32_t csr_op_t;
 
-/* Rootless configuration flags */
+/* CSR configuration flags */
 #define CSR_ALLOW_UNTRUSTED_KEXTS               (1 << 0)
 #define CSR_ALLOW_UNRESTRICTED_FS               (1 << 1)
 #define CSR_ALLOW_TASK_FOR_PID                  (1 << 2)
 #define CSR_ALLOW_KERNEL_DEBUGGER               (1 << 3)
 #define CSR_ALLOW_APPLE_INTERNAL                (1 << 4)
-#define CSR_ALLOW_DESTRUCTIVE_DTRACE    (1 << 5) /* name deprecated */
-#define CSR_ALLOW_UNRESTRICTED_DTRACE   (1 << 5)
-#define CSR_ALLOW_UNRESTRICTED_NVRAM    (1 << 6)
-#define CSR_ALLOW_DEVICE_CONFIGURATION  (1 << 7)
-#define CSR_ALLOW_ANY_RECOVERY_OS       (1 << 8)
-#define CSR_ALLOW_UNAPPROVED_KEXTS      (1 << 9)
+#define CSR_ALLOW_DESTRUCTIVE_DTRACE                    (1 << 5) /* name deprecated */
+#define CSR_ALLOW_UNRESTRICTED_DTRACE                   (1 << 5)
+#define CSR_ALLOW_UNRESTRICTED_NVRAM                    (1 << 6)
+#define CSR_ALLOW_DEVICE_CONFIGURATION                  (1 << 7)
+#define CSR_ALLOW_ANY_RECOVERY_OS                       (1 << 8)
+#define CSR_ALLOW_UNAPPROVED_KEXTS                      (1 << 9)
 #define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE    (1 << 10)
+#define CSR_ALLOW_UNAUTHENTICATED_ROOT                  (1 << 11)
 
 #define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
-	                 CSR_ALLOW_UNRESTRICTED_FS | \
-	                 CSR_ALLOW_TASK_FOR_PID | \
-	                 CSR_ALLOW_KERNEL_DEBUGGER | \
-	                 CSR_ALLOW_APPLE_INTERNAL | \
-	                 CSR_ALLOW_UNRESTRICTED_DTRACE | \
-	                 CSR_ALLOW_UNRESTRICTED_NVRAM | \
-	                 CSR_ALLOW_DEVICE_CONFIGURATION | \
-	                 CSR_ALLOW_ANY_RECOVERY_OS | \
-	                 CSR_ALLOW_UNAPPROVED_KEXTS | \
-	                 CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE)
+	                         CSR_ALLOW_UNRESTRICTED_FS | \
+	                         CSR_ALLOW_TASK_FOR_PID | \
+	                         CSR_ALLOW_KERNEL_DEBUGGER | \
+	                         CSR_ALLOW_APPLE_INTERNAL | \
+	                         CSR_ALLOW_UNRESTRICTED_DTRACE | \
+	                         CSR_ALLOW_UNRESTRICTED_NVRAM | \
+	                         CSR_ALLOW_DEVICE_CONFIGURATION | \
+	                         CSR_ALLOW_ANY_RECOVERY_OS | \
+	                         CSR_ALLOW_UNAPPROVED_KEXTS | \
+	                         CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE | \
+	                         CSR_ALLOW_UNAUTHENTICATED_ROOT)
 
 #define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION | CSR_ALLOW_ANY_RECOVERY_OS)
 
+/* Flags set by `csrutil disable`. */
+#define CSR_DISABLE_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
+	                   CSR_ALLOW_UNRESTRICTED_FS | \
+	                   CSR_ALLOW_TASK_FOR_PID | \
+	                   CSR_ALLOW_KERNEL_DEBUGGER | \
+	                   CSR_ALLOW_APPLE_INTERNAL | \
+	                   CSR_ALLOW_UNRESTRICTED_DTRACE | \
+	                   CSR_ALLOW_UNRESTRICTED_NVRAM)
+
 /* CSR capabilities that a booter can give to the system */
-#define CSR_CAPABILITY_UNLIMITED                                (1 << 0)
-#define CSR_CAPABILITY_CONFIG                                   (1 << 1)
+#define CSR_CAPABILITY_UNLIMITED                        (1 << 0)
+#define CSR_CAPABILITY_CONFIG                           (1 << 1)
 #define CSR_CAPABILITY_APPLE_INTERNAL                   (1 << 2)
 
 #define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED | CSR_CAPABILITY_CONFIG | CSR_CAPABILITY_APPLE_INTERNAL)
@@ -86,10 +97,6 @@ enum csr_syscalls {
 
 __BEGIN_DECLS
 
-#ifdef XNU_KERNEL_PRIVATE
-void csr_init(void);
-#endif
-
 /* Syscalls */
 int csr_check(csr_config_t mask);
 int csr_get_active_config(csr_config_t *config);