-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcsrstat.c
147 lines (130 loc) · 4.78 KB
/
csrstat.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
/*
* Created: 23 August 2015
* Name...: csrstat.c
* Author.: Pike R. Alpha
* Edited.: 10 November 2018
* Author.: Joss Brown
* Purpose: Command line tool for El Capitan and greater to get the active SIP status.
*
* Compile with: cc csrstat.c -o csrstat
*
* Updates:
* -added full flags to output
* -added csrutil arguments to output
* -added CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE (xnu-4903.221.2)
*
* See also: https://github.com/opensource-apple/xnu/blob/master/bsd/sys/csr.h
*/
#include <time.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdbool.h>
#include <strings.h>
typedef uint32_t csr_config_t;
char *text = NULL;
double gVersion = 2.0;
csr_config_t config = 0;
/* Rootless configuration flags */
#define CSR_ALLOW_UNTRUSTED_KEXTS (1 << 0) // 1
#define CSR_ALLOW_UNRESTRICTED_FS (1 << 1) // 2
#define CSR_ALLOW_TASK_FOR_PID (1 << 2) // 4
#define CSR_ALLOW_KERNEL_DEBUGGER (1 << 3) // 8
#define CSR_ALLOW_APPLE_INTERNAL (1 << 4) // 16
#define CSR_ALLOW_UNRESTRICTED_DTRACE (1 << 5) // 32
#define CSR_ALLOW_UNRESTRICTED_NVRAM (1 << 6) // 64
#define CSR_ALLOW_DEVICE_CONFIGURATION (1 << 7) // 128
#define CSR_ALLOW_ANY_RECOVERY_OS (1 << 8) // 256
#define CSR_ALLOW_UNAPPROVED_KEXTS (1 << 9) // 512
#define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE (1 << 10) // 1024
#define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
CSR_ALLOW_UNRESTRICTED_FS | \
CSR_ALLOW_TASK_FOR_PID | \
CSR_ALLOW_KERNEL_DEBUGGER | \
CSR_ALLOW_APPLE_INTERNAL | \
CSR_ALLOW_UNRESTRICTED_DTRACE | \
CSR_ALLOW_UNRESTRICTED_NVRAM | \
CSR_ALLOW_DEVICE_CONFIGURATION | \
CSR_ALLOW_ANY_RECOVERY_OS | \
CSR_ALLOW_UNAPPROVED_KEXTS | \
CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE)
/* Syscalls */
extern int csr_get_active_config(csr_config_t *config);
//==============================================================================
char * _csr_check(int aMask, bool aFlipflag)
{
bool stat = false;
bool bit = (config & aMask);
if (aFlipflag)
{
if (bit)
{
sprintf(text, "%d (disabled)", bit);
}
else
{
sprintf(text, "%d (enabled)", bit);
}
}
else
{
if (bit)
{
sprintf(text, "%d (enabled)", bit);
}
else
{
sprintf(text, "%d (disabled)", bit);
}
}
return text;
}
//==============================================================================
int main(int argc, const char * argv[])
{
time_t t = time(NULL);
struct tm tm = *localtime(&t);
text = malloc(12);
bzero(text, 12);
// Syscall
csr_get_active_config(&config);
printf("csrstat v%.1f Copyright (c) 2015-2017 by Pike R. Alpha, 2017-%d by Joss Brown\n", gVersion, (tm.tm_year + 1900));
//
// Note: boot.efi is no longer using 0x67 but 0x77 for csrutil disabled!!!
//
printf("System Integrity Protection status: %s (0x%08x) ", (config == CSR_VALID_FLAGS) ? "\33[1mdisabled\33[0m": "enabled", config);
if (config)
{
if (config == CSR_ALLOW_APPLE_INTERNAL)
{
printf("(Apple Internal).");
}
else
{
printf("(Custom Configuration).");
}
}
printf("\n\nCurrent Configuration:\n");
printf("\tApple Internal\t\t\t%s\t[--no-internal]\t\tCSR_ALLOW_APPLE_INTERNAL\n", _csr_check(CSR_ALLOW_APPLE_INTERNAL, 0));
printf("\tKext Signing\t\t\t%s\t[--without kext]\tCSR_ALLOW_UNTRUSTED_KEXTS\n", _csr_check(CSR_ALLOW_UNTRUSTED_KEXTS, 1));
printf("\tDebugging Restrictions\t\t%s\t[--without debug]\tCSR_ALLOW_TASK_FOR_PID\n", _csr_check(CSR_ALLOW_TASK_FOR_PID, 1));
printf("\tFilesystem Protections\t\t%s\t[--without fs]\t\tCSR_ALLOW_UNRESTRICTED_FS\n", _csr_check(CSR_ALLOW_UNRESTRICTED_FS, 1));
printf("\tKernel Debugging Restrictions\t%s\t<n/a>\t\t\tCSR_ALLOW_KERNEL_DEBUGGER\n", _csr_check(CSR_ALLOW_KERNEL_DEBUGGER, 1));
printf("\tDTrace Restrictions\t\t%s\t[--without dtrace]\tCSR_ALLOW_UNRESTRICTED_DTRACE\n", _csr_check(CSR_ALLOW_UNRESTRICTED_DTRACE, 1));
printf("\tNVRAM Protections\t\t%s\t[--without nvram]\tCSR_ALLOW_UNRESTRICTED_NVRAM\n", _csr_check(CSR_ALLOW_UNRESTRICTED_NVRAM, 1));
printf("\tDevice Configuration\t\t%s\t<n/a>\t\t\tCSR_ALLOW_DEVICE_CONFIGURATION\n", _csr_check(CSR_ALLOW_DEVICE_CONFIGURATION, 0));
printf("\tBaseSystem Verification\t\t%s\t[--without basesystem]\tCSR_ALLOW_ANY_RECOVERY_OS\n", _csr_check(CSR_ALLOW_ANY_RECOVERY_OS, 1));
printf("\tUnapproved Kexts Restrictions\t%s\t<n/a>\t\t\tCSR_ALLOW_UNAPPROVED_KEXTS\n", _csr_check(CSR_ALLOW_UNAPPROVED_KEXTS, 1));
printf("\tExecutable Policy\t\t%s\t<n/a>\t\t\tCSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE\n", _csr_check(CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE, 1));
printf("\nBoot into Recovery Mode and modify with: 'csrutil enable [arguments]'\n");
printf("<Note: some flags are not accessible using the csrutil CLI.>\n");
if (config && (config != CSR_ALLOW_APPLE_INTERNAL))
{
printf("\nThis is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.\n");
}
if (text)
{
free(text);
}
exit(-1);
}