SIP: Move to py_sip_xnu module

2026-04-14 12:48:18 +10:00 · 2022-12-12 10:26:40 -07:00
parent f4f4f3e1f3
commit 1f63dffd3f
5 changed files with 10 additions and 20 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@
 - Remove `Force Web Drivers` option
  - Avoids accidental use of non-Metal Web Drivers on Kepler GPUs
 - Resolve silent auto patcher crash when new OCLP version is available
+- Implement [`py_sip_xnu`](https://github.com/khronokernel/py_sip_xnu) module

 ## 0.5.2
 - Ventura Specific Updates:
--- a/gui/gui_main.py
+++ b/gui/gui_main.py
@@ -16,6 +16,7 @@ from pathlib import Path
 import binascii
 import hashlib
 from datetime import datetime
+import py_sip_xnu

 from resources import constants, defaults, install, installer, utilities, run, generate_smbios, updates, integrity_verification, global_settings, kdk_handler
 from resources.sys_patch import sys_patch_download, sys_patch_detect, sys_patch, sys_patch_auto
@@ -3344,7 +3345,7 @@ class wx_python_gui:
        )
        self.sip_label_2.Center(wx.HORIZONTAL)

-        self.sip_label_2_2 = wx.StaticText(self.frame_modal, label=f"Currently Booted SIP: {hex(utilities.csr_dump())}")
+        self.sip_label_2_2 = wx.StaticText(self.frame_modal, label=f"Currently Booted SIP: {hex(py_sip_xnu.SipXnu().get_sip_status().value)}")
        self.sip_label_2_2.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL))
        self.sip_label_2_2.SetPosition(
            wx.Point(self.sip_label_2.GetPosition().x, self.sip_label_2.GetPosition().y + self.sip_label_2.GetSize().height + 5)
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,3 +3,4 @@ pyobjc
 wxpython
 pyinstaller
 packaging
+py_sip_xnu
--- a/resources/sys_patch/sys_patch_detect.py
+++ b/resources/sys_patch/sys_patch_detect.py
@@ -7,6 +7,8 @@ from resources import constants, device_probe, utilities, amfi_detect
 from resources.sys_patch import sys_patch_helpers
 from data import model_array, os_data, sip_data, sys_patch_dict

+import py_sip_xnu
+
 class detect_root_patch:
    def __init__(self, model, versions):
        self.model = model
@@ -357,7 +359,7 @@ class detect_root_patch:
            "Settings: Kernel Debug Kit missing":          self.missing_kdk if self.constants.detected_os >= os_data.os_data.ventura.value else False,
            "Validation: Patching Possible":               self.verify_patch_allowed(),
            f"Validation: SIP is enabled (Required: {self.check_sip()[2]} or higher)":  self.sip_enabled,
-            f"Validation: Currently Booted SIP: ({hex(utilities.csr_dump())})":         self.sip_enabled,
+            f"Validation: Currently Booted SIP: ({hex(py_sip_xnu.SipXnu().get_sip_status().value)})":         self.sip_enabled,
            "Validation: SecureBootModel is enabled":      self.sbm_enabled,
            f"Validation: {'AMFI' if self.constants.host_is_hackintosh is True or self.get_amfi_level_needed() > 2 else 'Library Validation'} is enabled":                 self.amfi_enabled if self.amfi_must_disable is True else False,
            "Validation: FileVault is enabled":            self.fv_enabled,
--- a/resources/utilities.py
+++ b/resources/utilities.py
@@ -9,14 +9,14 @@ from pathlib import Path
 import os
 import binascii
 import argparse
-from ctypes import CDLL, c_uint, byref
 import time
 import atexit
 import requests
 import shutil
 import urllib.parse
+import py_sip_xnu

-from resources import constants, ioreg, amfi_detect
+from resources import constants, ioreg
 from data import sip_data, os_data

 SESSION = requests.Session()
@@ -102,24 +102,9 @@ def check_filesystem_type():
    filesystem_type = plistlib.loads(subprocess.run(["diskutil", "info", "-plist", "/"], stdout=subprocess.PIPE).stdout.decode().strip().encode())
    return filesystem_type["FilesystemType"]

-def csr_dump():
-    # Based off sip_config.py
-    # https://gist.github.com/pudquick/8b320be960e1654b908b10346272326b
-    # https://opensource.apple.com/source/xnu/xnu-7195.141.2/libsyscall/wrappers/csr.c.auto.html
-    # Far more reliable than parsing NVRAM's csr-active-config (ie. user can wipe it, boot.efi can strip bits)
-
-    # Note that 'csr_get_active_config' was not introduced until 10.11
-    try:
-        libsys = CDLL('/usr/lib/libSystem.dylib')
-        raw    = c_uint(0)
-        errmsg = libsys.csr_get_active_config(byref(raw))
-        return raw.value
-    except AttributeError:
-        return 0
-

 def csr_decode(os_sip):
-    sip_int = csr_dump()
+    sip_int = py_sip_xnu.SipXnu().get_sip_status().value
    for i,  current_sip_bit in enumerate(sip_data.system_integrity_protection.csr_values):
        if sip_int & (1 << i):
            sip_data.system_integrity_protection.csr_values[current_sip_bit] = True