1/*
2 * Copyright (c) 2014 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29#ifndef _SYS_CSR_H_
30#define _SYS_CSR_H_
31
32#include <stdint.h>
33#include <sys/appleapiopts.h>
34#include <sys/cdefs.h>
35
36#ifdef __APPLE_API_PRIVATE
37
38typedef uint32_t csr_config_t;
39typedef uint32_t csr_op_t;
40
41/* CSR configuration flags */
42#define CSR_ALLOW_UNTRUSTED_KEXTS (1 << 0)
43#define CSR_ALLOW_UNRESTRICTED_FS (1 << 1)
44#define CSR_ALLOW_TASK_FOR_PID (1 << 2)
45#define CSR_ALLOW_KERNEL_DEBUGGER (1 << 3)
46#define CSR_ALLOW_APPLE_INTERNAL (1 << 4)
47#define CSR_ALLOW_DESTRUCTIVE_DTRACE (1 << 5) /* name deprecated */
48#define CSR_ALLOW_UNRESTRICTED_DTRACE (1 << 5)
49#define CSR_ALLOW_UNRESTRICTED_NVRAM (1 << 6)
50#define CSR_ALLOW_DEVICE_CONFIGURATION (1 << 7)
51#define CSR_ALLOW_ANY_RECOVERY_OS (1 << 8)
52#define CSR_ALLOW_UNAPPROVED_KEXTS (1 << 9)
53#define CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE (1 << 10)
54#define CSR_ALLOW_UNAUTHENTICATED_ROOT (1 << 11)
55
56#define CSR_VALID_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
57 CSR_ALLOW_UNRESTRICTED_FS | \
58 CSR_ALLOW_TASK_FOR_PID | \
59 CSR_ALLOW_KERNEL_DEBUGGER | \
60 CSR_ALLOW_APPLE_INTERNAL | \
61 CSR_ALLOW_UNRESTRICTED_DTRACE | \
62 CSR_ALLOW_UNRESTRICTED_NVRAM | \
63 CSR_ALLOW_DEVICE_CONFIGURATION | \
64 CSR_ALLOW_ANY_RECOVERY_OS | \
65 CSR_ALLOW_UNAPPROVED_KEXTS | \
66 CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE | \
67 CSR_ALLOW_UNAUTHENTICATED_ROOT)
68
69#define CSR_ALWAYS_ENFORCED_FLAGS (CSR_ALLOW_DEVICE_CONFIGURATION | CSR_ALLOW_ANY_RECOVERY_OS)
70
71/* Flags set by `csrutil disable`. */
72#define CSR_DISABLE_FLAGS (CSR_ALLOW_UNTRUSTED_KEXTS | \
73 CSR_ALLOW_UNRESTRICTED_FS | \
74 CSR_ALLOW_TASK_FOR_PID | \
75 CSR_ALLOW_KERNEL_DEBUGGER | \
76 CSR_ALLOW_APPLE_INTERNAL | \
77 CSR_ALLOW_UNRESTRICTED_DTRACE | \
78 CSR_ALLOW_UNRESTRICTED_NVRAM)
79
80/* CSR capabilities that a booter can give to the system */
81#define CSR_CAPABILITY_UNLIMITED (1 << 0)
82#define CSR_CAPABILITY_CONFIG (1 << 1)
83#define CSR_CAPABILITY_APPLE_INTERNAL (1 << 2)
84
85#define CSR_VALID_CAPABILITIES (CSR_CAPABILITY_UNLIMITED | CSR_CAPABILITY_CONFIG | CSR_CAPABILITY_APPLE_INTERNAL)
86
87#ifdef PRIVATE
88/* Private system call interface between Libsyscall and xnu */
89
90/* Syscall flavors */
91enum csr_syscalls {
92 CSR_SYSCALL_CHECK,
93 CSR_SYSCALL_GET_ACTIVE_CONFIG,
94};
95
96#endif /* PRIVATE */
97
98__BEGIN_DECLS
99
100/* Syscalls */
101int csr_check(csr_config_t mask);
102int csr_get_active_config(csr_config_t *config);
103
104__END_DECLS
105
106#endif /* __APPLE_API_PRIVATE */
107
108#endif /* _SYS_CSR_H_ */
109