Version 3.7.6

- Added `SIP.SIPStatus.resultsFullyDisabled` to detect if SIP is actually fully disabled - Improved some comments and descriptions - Updated the demo playground
ITzTravelInTime · Jul 29, 2021 · afab6b8 · afab6b8
1 parent c1057e8
commit afab6b8
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 3 deletions.
diff --git a/Playgrounds/Demo.playground/Contents.swift b/Playgrounds/Demo.playground/Contents.swift
@@ -45,6 +45,8 @@ print("Is this program running on a macOS Recovery/Installer OS? \((Recovery.sta
 
 print("SIP raw status: 0x\(String(SIP.status, radix: 16) )")
 
+print("Is SIP fully disabled? \(SIP.status.resultsFullyDisabled ? "Yes" : "No")")
+
 if let status = SIP.status.resultsEnabled {
  print("Is SIP activated? \(status ? "Yes" : "No")")
 }else{

diff --git a/Sources/TINURecovery/SIP.swift b/Sources/TINURecovery/SIP.swift
@@ -75,7 +75,7 @@ open class SIP: SimulatableDetectable{
  return ret
  }
 
- ///A mask integer wth all the flags expected to be set for SIP to be on or off
+ ///A mask integer wth all the flags expected to be set for SIP by csrutil when sip is enabled or disabled using the system recovery
  public static var CSR_DISABLE_FLAGS: SIPIntegerFormat{
 
  return CSR_ALLOW_UNTRUSTED_KEXTS.rawValue | CSR_ALLOW_UNRESTRICTED_FS.rawValue | CSR_ALLOW_TASK_FOR_PID.rawValue | CSR_ALLOW_KERNEL_DEBUGGER.rawValue | CSR_ALLOW_APPLE_INTERNAL.rawValue | CSR_ALLOW_UNRESTRICTED_DTRACE.rawValue | CSR_ALLOW_UNRESTRICTED_NVRAM.rawValue
@@ -180,7 +180,7 @@ public extension SIP.SIPStatus{
  return (self & (~SIP.SIPBits.CSR_VALID_FLAGS)) != 0
  }
 
- ///Indicates if SIP is fully enabled, fully disabled or uses an undeterminated configuration
+ ///Indicates if SIP has enabled all the valus that csrutil will change when it sets the SIP enabled, or disabled or uses a mixed configuration
  var resultsEnabled: Bool!{
  let ref = (SIP.SIPBits.CSR_DISABLE_FLAGS & (~SIP.SIPBits.CSR_ALLOW_APPLE_INTERNAL.rawValue) )
  switch (self & ref) {
@@ -193,6 +193,19 @@ public extension SIP.SIPStatus{
  }
  }
 
+ ///Indicates if SIP has all the valus supported by the current OS all enabled
+ var resultsFullyDisabled: Bool{
+ let ref = SIP.SIPBits.CSR_VALID_FLAGS & (~SIP.SIPBits.CSR_ALLOW_APPLE_INTERNAL.rawValue)
+
+ switch self & ref {
+ case ref:
+ return true
+ default:
+ return false
+ }
+
+ }
+
  ///Returns the SIP configuration as an integer
  var detailedConfigurationInteger: SIP.SIPStatus{
  return self

diff --git a/Sources/TINURecovery/SIPUserDescriptions.swift b/Sources/TINURecovery/SIPUserDescriptions.swift
@@ -13,8 +13,10 @@ public extension SIP.SIPStatus{
  func statusStrig() -> String{
  var ret = ""
 
+ let fully = self.resultsFullyDisabled
+
  if let stat = self.resultsEnabled{
- ret += "SIP is \(stat ? "enabled" : "disabled")"
+ ret += "SIP is \(fully ? "fully " : "")\(stat ? "enabled" : "disabled")"
  }else{
  ret += "SIP status unknown"
  }

diff --git a/Sources/TINURecovery/Sandbox.swift b/Sources/TINURecovery/Sandbox.swift
@@ -10,6 +10,7 @@ import Foundation
 #if os(macOS)
 ///This class manages program sandbox detection code
 public final class Sandbox{
+
  ///Detects is the current program is running as sandboxed
  public static var isEnabled: Bool {
  //Uses a static value to avoid repeting the detection code for each call of the variable