Prep for SysPatch refactor

2026-06-15 03:46:28 +10:00 · 2021-06-09 17:26:49 -06:00
parent 2584c16d41
commit b0db4739ad
3 changed files with 102 additions and 0 deletions
@@ -376,6 +376,18 @@ class Constants:
        "CSR_ALLOW_UNAUTHENTICATED_ROOT":       False,  # 0x800 - Introduced in Big Sur     # noqa: E241
    }

+    root_patch_sip_big_sur = [
+        # Variables required to root patch in Big Sur and Monterey
+        "CSR_ALLOW_UNTRUSTED_KEXTS",
+        "CSR_ALLOW_UNRESTRICTED_FS",
+        "CSR_ALLOW_UNRESTRICTED_DTRACE",
+        "CSR_ALLOW_UNRESTRICTED_NVRAM",
+        "CSR_ALLOW_DEVICE_CONFIGURATION",
+        "CSR_ALLOW_UNAPPROVED_KEXTS",
+        "CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE",
+        "CSR_ALLOW_UNAUTHENTICATED_ROOT",
+    ]
+
    sbm_values = [
        "j137",
        "j680",
@@ -1151,6 +1151,15 @@ AddNvidiaAccel11 = [
    "IOSurface.kext",
 ]

+AddNvidiaBrightness = [
+    "GeForceGA.bundle",
+    "GeForceTesla.kext",
+    "GeForceTeslaGLDriver.bundle",
+    "GeForceTeslaVADriver.bundle",
+    "NVDANV50HalTesla.kext",
+    "NVDAResmanTesla.kext",
+]
+
 AddNvidiaKeplerAccel11 = [
    "GeForce.kext",
    "GeForceAIRPlugin.bundle",
@@ -1187,6 +1196,27 @@ AddAMDAccel11 = [
    "ATIRadeonX2000VADriver.bundle",
 ]

+AddAMDBrightness = [
+    "AMD2400Controller.kext",
+    "AMD2600Controller.kext",
+    "AMD3800Controller.kext",
+    "AMD4600Controller.kext",
+    "AMD4800Controller.kext",
+    "AMD5000Controller.kext",
+    "AMD6000Controller.kext",
+    "AMDLegacyFramebuffer.kext",
+    "AMDLegacySupport.kext",
+    "AMDRadeonVADriver.bundle",
+    "AMDRadeonVADriver2.bundle",
+    #"AMDRadeonX3000.kext",
+    #"AMDRadeonX3000GLDriver.bundle",
+    "AMDShared.bundle",
+    "ATIRadeonX2000.kext",
+    "ATIRadeonX2000GA.plugin",
+    "ATIRadeonX2000GLDriver.bundle",
+    "ATIRadeonX2000VADriver.bundle",
+]
+
 AddAMDAccel11TS2 = [
    "IOSurface.kext",
 ]
@@ -6,6 +6,7 @@ import math
 import plistlib
 import subprocess

+from Resources import Constants

 def hexswap(input_hex: str):
    hex_pairs = [input_hex[i : i + 2] for i in range(0, len(input_hex), 2)]
@@ -31,6 +32,52 @@ def check_recovery():
    else:
        return False

+def get_disk_path():
+    root_partition_info = plistlib.loads(subprocess.run("diskutil info -plist /".split(), stdout=subprocess.PIPE).stdout.decode().strip().encode())
+    root_mount_path = root_partition_info["DeviceIdentifier"]
+    root_mount_path = root_mount_path[:-2] if root_mount_path.count("s") > 1 else root_mount_path
+    return root_mount_path
+
+def csr_decode(csr_active_config):
+    if csr_active_config is None:
+        csr_active_config = b"\x00\x00\x00\x00"
+    sip_int = int.from_bytes(csr_active_config, byteorder="little")
+    i = 0
+    for current_sip_bit in Constants.Constants().csr_values:
+        if sip_int & (1 << i):
+            Constants.Constants().csr_values[current_sip_bit] = True
+        i = i + 1
+
+    # Can be adjusted to whatever OS needs patching
+    sip_needs_change = all(
+        Constants.Constants().csr_values[i]
+        for i in Constants.Constants().root_patch_sip_big_sur
+    )
+    if sip_needs_change is True:
+        return False
+    else:
+        return True
+
+def patching_status():
+    # Detection for Root Patching
+    sip_enabled = True  # System Integrity Protection
+    sbm_enabled = True  # Secure Boot Status (SecureBootModel)
+    amfi_enabled = True # Apple Mobile File Integrity
+    fv_enabled = True   # FileVault
+
+    if get_nvram("boot-args", decode=False) and "amfi_get_out_of_my_way=" in get_nvram("boot-args", decode=False):
+        amfi_enabled = False
+    if get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False) not in Constants.Constants().sbm_values:
+        sbm_enabled = False
+
+    if get_nvram("csr-active-config", decode=False) and csr_decode(get_nvram("csr-active-config", decode=False)) is False:
+        sip_enabled = False
+
+    fv_status: str = subprocess.run("fdesetup status".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT).stdout.decode()
+    if fv_status.startswith("FileVault is Off"):
+        fv_enabled = False
+
+    return sip_enabled, sbm_enabled, amfi_enabled, fv_enabled

 def cls():
    if check_recovery() == False:
@@ -38,6 +85,19 @@ def cls():
    else:
        print("\u001Bc")

+def get_nvram(variable: str, uuid: str = None, *, decode: bool = False):
+    if uuid != None:
+        uuid += ":"
+    else:
+        uuid = ""
+    result = subprocess.run(f"nvram -x {uuid}{variable}".split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE).stdout.strip()
+    if result:
+        value = plistlib.loads(result)[f"{uuid}{variable}"]
+        if decode:
+            value = value.strip(b"\0").decode()
+        return value
+    return None
+
 # def menu(title, prompt, menu_options, add_quit=True, auto_number=False, in_between=[], top_level=False):
 #     return_option = ["Q", "Quit", None] if top_level else ["B", "Back", None]
 #     if add_quit: menu_options.append(return_option)