From e962f2bb8f88898e5f0cd42df96ddb6a2208e902 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Tue, 4 Jan 2022 17:51:18 -0700 Subject: [PATCH] gui.py: Add SIP configuration --- data/sip_data.py | 96 +++++++++++++++++++++++++++++ gui/gui_main.py | 155 ++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 237 insertions(+), 14 deletions(-) diff --git a/data/sip_data.py b/data/sip_data.py index c79ba3637..814bf83a7 100644 --- a/data/sip_data.py +++ b/data/sip_data.py @@ -1,3 +1,4 @@ +from data import os_data class system_integrity_protection: csr_values = { # Source: macOS 11.4 (XNU's csr.h) @@ -17,6 +18,101 @@ class system_integrity_protection: "CSR_ALLOW_UNAUTHENTICATED_ROOT": False, # 0x800 - Allow Root Volume Mounting - Introduced in Big Sur # noqa: E241 } + csr_values_extended = { + "CSR_ALLOW_UNTRUSTED_KEXTS": { + "name": "CSR_ALLOW_UNTRUSTED_KEXTS", + "description": "Allows Unsigned Kexts", + "introduced": os_data.os_data.el_capitan.value, + "introduced_friendly": "El Capitan", + "value": 0x1, + }, + "CSR_ALLOW_UNRESTRICTED_FS": { + "name": "CSR_ALLOW_UNRESTRICTED_FS", + "description": "File System Access", + "introduced": os_data.os_data.el_capitan.value, + "introduced_friendly": "El Capitan", + "value": 0x2, + }, + "CSR_ALLOW_TASK_FOR_PID": { + "name": "CSR_ALLOW_TASK_FOR_PID", + "description": "Unrestricted task_for_pid()", + "introduced": os_data.os_data.el_capitan.value, + "introduced_friendly": "El Capitan", + "value": 0x4, + }, + "CSR_ALLOW_KERNEL_DEBUGGER": { + "name": "CSR_ALLOW_KERNEL_DEBUGGER", + "description": "Allow Kernel Debugger", + "introduced": os_data.os_data.el_capitan.value, + "introduced_friendly": "El Capitan", + "value": 0x8, + }, + "CSR_ALLOW_APPLE_INTERNAL": { + "name": "CSR_ALLOW_APPLE_INTERNAL", + "description": "Set AppleInternal Features", + "introduced": os_data.os_data.el_capitan.value, + "introduced_friendly": "El Capitan", + "value": 0x10, + }, + # "CSR_ALLOW_DESTRUCTIVE_DTRACE": { + # "name": "CSR_ALLOW_DESTRUCTIVE_DTRACE", + # "description": "Allow destructive DTrace", + # "deprecated": True, + # "introduced": os_data.os_data.el_capitan.value, + # "introduced_friendly": "El Capitan", + # "value": 0x20, + # }, + "CSR_ALLOW_UNRESTRICTED_DTRACE": { + "name": "CSR_ALLOW_UNRESTRICTED_DTRACE", + "description": "Unrestricted DTrace usage", + "introduced": os_data.os_data.el_capitan.value, + "introduced_friendly": "El Capitan", + "value": 0x20, + }, + "CSR_ALLOW_UNRESTRICTED_NVRAM": { + "name": "CSR_ALLOW_UNRESTRICTED_NVRAM", + "description": "Unrestricted NVRAM write", + "introduced": os_data.os_data.el_capitan.value, + "introduced_friendly": "El Capitan", + "value": 0x40, + }, + "CSR_ALLOW_DEVICE_CONFIGURATION": { + "name": "CSR_ALLOW_DEVICE_CONFIGURATION", + "description": "Allow custom DeviceTree (iOS)", + "introduced": os_data.os_data.el_capitan.value, + "introduced_friendly": "El Capitan", + "value": 0x80, + }, + "CSR_ALLOW_ANY_RECOVERY_OS": { + "name": "CSR_ALLOW_ANY_RECOVERY_OS", + "description": "Skip BaseSystem Verification", + "introduced": os_data.os_data.sierra.value, + "introduced_friendly": "Sierra", + "value": 0x100, + }, + "CSR_ALLOW_UNAPPROVED_KEXTS": { + "name": "CSR_ALLOW_UNAPPROVED_KEXTS", + "description": "Allow Unnotarized Kexts", + "introduced": os_data.os_data.high_sierra.value, + "introduced_friendly": "High Sierra", + "value": 0x200, + }, + "CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE": { + "name": "CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE", + "description": "Override Executable Policy", + "introduced": os_data.os_data.mojave.value, + "introduced_friendly": "Mojave", + "value": 0x400, + }, + "CSR_ALLOW_UNAUTHENTICATED_ROOT": { + "name": "CSR_ALLOW_UNAUTHENTICATED_ROOT", + "description": "Allow Root Volume Mounting", + "introduced": os_data.os_data.big_sur.value, + "introduced_friendly": "Big Sur", + "value": 0x800, + }, + } + root_patch_sip_mojave = [ # Variables required to root patch in Mojave and Catalina "CSR_ALLOW_UNTRUSTED_KEXTS", # 0x1 diff --git a/gui/gui_main.py b/gui/gui_main.py index d939acf86..b13c556f1 100644 --- a/gui/gui_main.py +++ b/gui/gui_main.py @@ -11,7 +11,7 @@ import os import wx.adv from resources import constants, defaults, build, install, installer, utilities, sys_patch_detect, sys_patch, run -from data import model_array, os_data, smbios_data +from data import model_array, os_data, smbios_data, sip_data from gui import menu_redirect class wx_python_gui: @@ -1547,17 +1547,17 @@ class wx_python_gui: self.opencore_checkbox.Bind(wx.EVT_CHECKBOX, self.oc_checkbox_click) self.opencore_checkbox.ToolTip = wx.ToolTip("""Enables OpenCore logging, can heavily impact boot times""") - # Checkbox: SIP - self.sip_checkbox = wx.CheckBox(self.frame, label="SIP") - self.sip_checkbox.SetValue(self.constants.sip_status) - self.sip_checkbox.SetPosition(wx.Point(self.opencore_checkbox.GetPosition().x , self.opencore_checkbox.GetPosition().y + self.opencore_checkbox.GetSize().height)) - self.sip_checkbox.Bind(wx.EVT_CHECKBOX, self.sip_checkbox_click) - self.sip_checkbox.ToolTip = wx.ToolTip("""Sets SIP, disable to allow root patching""") + # # Checkbox: SIP + # self.sip_checkbox = wx.CheckBox(self.frame, label="SIP") + # self.sip_checkbox.SetValue(self.constants.sip_status) + # self.sip_checkbox.SetPosition(wx.Point(self.opencore_checkbox.GetPosition().x , self.opencore_checkbox.GetPosition().y + self.opencore_checkbox.GetSize().height)) + # self.sip_checkbox.Bind(wx.EVT_CHECKBOX, self.sip_checkbox_click) + # self.sip_checkbox.ToolTip = wx.ToolTip("""Sets SIP, disable to allow root patching""") # Checkbox: SecureBootModel self.secureboot_checkbox = wx.CheckBox(self.frame, label="SecureBootModel") self.secureboot_checkbox.SetValue(self.constants.secure_status) - self.secureboot_checkbox.SetPosition(wx.Point(self.sip_checkbox.GetPosition().x , self.sip_checkbox.GetPosition().y + self.sip_checkbox.GetSize().height)) + self.secureboot_checkbox.SetPosition(wx.Point(self.opencore_checkbox.GetPosition().x , self.opencore_checkbox.GetPosition().y + self.opencore_checkbox.GetSize().height)) self.secureboot_checkbox.Bind(wx.EVT_CHECKBOX, self.secureboot_checkbox_click) self.secureboot_checkbox.ToolTip = wx.ToolTip("""Sets SecureBootModel, useful for models spoofing T2 Macs to get OTA updates""") @@ -1577,20 +1577,33 @@ class wx_python_gui: # Buttons + + # Button: SIP Settings + if self.constants.custom_sip_value: + sip_string = "Custom" + elif self.constants.sip_status: + sip_string = "Enabled" + else: + sip_string = "Disabled" + self.sip_button = wx.Button(self.frame, label=f"SIP Settings ({sip_string})", size=(155,30)) + self.sip_button.SetPosition(wx.Point(self.accel_checkbox.GetPosition().x , self.accel_checkbox.GetPosition().y + self.accel_checkbox.GetSize().height + 10)) + self.sip_button.Bind(wx.EVT_BUTTON, self.sip_config_menu) + self.sip_button.Center(wx.HORIZONTAL) + # Button: SMBIOS Settings - self.smbios_button = wx.Button(self.frame, label="SMBIOS Settings", size=(150,30)) - self.smbios_button.SetPosition(wx.Point(self.accel_checkbox.GetPosition().x , self.accel_checkbox.GetPosition().y + self.accel_checkbox.GetSize().height + 10)) + self.smbios_button = wx.Button(self.frame, label="SMBIOS Settings", size=(155,30)) + self.smbios_button.SetPosition(wx.Point(self.sip_button.GetPosition().x , self.sip_button.GetPosition().y + self.sip_button.GetSize().height)) self.smbios_button.Bind(wx.EVT_BUTTON, self.smbios_settings_menu) self.smbios_button.Center(wx.HORIZONTAL) # Button: Developer Settings - self.miscellaneous_button = wx.Button(self.frame, label="Developer Settings", size=(150,30)) + self.miscellaneous_button = wx.Button(self.frame, label="Developer Settings", size=(155,30)) self.miscellaneous_button.SetPosition(wx.Point(self.smbios_button.GetPosition().x , self.smbios_button.GetPosition().y + self.smbios_button.GetSize().height)) self.miscellaneous_button.Bind(wx.EVT_BUTTON, self.misc_settings_menu) self.miscellaneous_button.Centre(wx.HORIZONTAL) # Return to Main Menu - self.return_to_main_menu = wx.Button(self.frame, label="Return to Main Menu", size=(150,30)) + self.return_to_main_menu = wx.Button(self.frame, label="Return to Main Menu", size=(155,30)) self.return_to_main_menu.SetPosition( wx.Point( self.miscellaneous_button.GetPosition().x, @@ -1829,7 +1842,7 @@ class wx_python_gui: self.debug_button.Bind(wx.EVT_BUTTON, self.additional_info_menu) self.debug_button.SetPosition(wx.Point( self.set_writeflash_checkbox.GetPosition().x, - self.set_writeflash_checkbox.GetPosition().y + self.set_writeflash_checkbox.GetSize().height + 3)) + self.set_writeflash_checkbox.GetPosition().y + self.set_writeflash_checkbox.GetSize().height + 5)) self.debug_button.Center(wx.HORIZONTAL) # Button: return to main menu @@ -2137,4 +2150,118 @@ class wx_python_gui: self.return_to_main_menu_button.Center(wx.HORIZONTAL) # Set frame below return to main menu button - self.frame.SetSize(wx.Size(-1, self.return_to_main_menu_button.GetPosition().y + self.return_to_main_menu_button.GetSize().height + 40)) \ No newline at end of file + self.frame.SetSize(wx.Size(-1, self.return_to_main_menu_button.GetPosition().y + self.return_to_main_menu_button.GetSize().height + 40)) + + + def sip_config_menu(self, event=None): + # Implement individual checkbox for each bit in SIP + # Add label showing 'self.constants.custom_sip_value' + # custom_sip_value is equivlant to all enabled checkboxes + # Refresh label whenever checkbox is changed + + self.frame.DestroyChildren() + self.frame.SetSize(wx.Size(400, 600)) + + # Title: Configure SIP + self.configure_sip_title = wx.StaticText(self.frame, label="Configure SIP") + self.configure_sip_title.SetFont(wx.Font(18, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL)) + self.configure_sip_title.Center(wx.HORIZONTAL) + + # Label: Flip indivdual bits corresponding to XNU's csr.h + # If you're unfamiliar with how SIP works, do not touch this menu + self.sip_label = wx.StaticText(self.frame, label="Flip indivdual bits corresponding to") + self.sip_label.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL)) + self.sip_label.SetPosition( + wx.Point(-1, self.configure_sip_title.GetPosition().y + self.configure_sip_title.GetSize().height + 10) + ) + self.sip_label.Center(wx.HORIZONTAL) + self.sip_label.SetPosition( + wx.Point(self.sip_label.GetPosition().x - 25, -1) + ) + + # Hyperlink to the right of sip_label + import wx.lib.agw.hyperlink as hl + hl.HyperLinkCtrl( + self.frame, + -1, + "XNU's csr.h", + pos=(self.sip_label.GetPosition().x + self.sip_label.GetSize().width, self.sip_label.GetPosition().y), + URL="https://github.com/apple/darwin-xnu/blob/main/bsd/sys/csr.h" + ) + + # Label: By default, SIP is set to 0x00 (enabled) on newer Macs. + # For older Macs requiring root patching, we set SIP to (0xA03) + # This corresponds to the following bits: + # - 0x1 - CSR_ALLOW_UNTRUSTED_KEXTS + # - 0x2 - CSR_ALLOW_UNRESTRICTED_FS + # - 0x200 - CSR_ALLOW_UNAPPROVED_KEXTS + # - 0x800 - CSR_ALLOW_UNAUTHENTICATED_ROOT + + if self.constants.custom_sip_value is not None: + self.sip_value = int(self.constants.custom_sip_value, 16) + elif self.constants.sip_status is True: + self.sip_value = 0x00 + else: + self.sip_value = 0xa03 + + self.sip_label_2 = wx.StaticText(self.frame, label=f"Currently configured SIP: {hex(self.sip_value)}") + self.sip_label_2.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_BOLD)) + self.sip_label_2.SetPosition( + wx.Point(self.sip_label.GetPosition().x, self.sip_label.GetPosition().y + self.sip_label.GetSize().height + 10) + ) + self.sip_label_2.Center(wx.HORIZONTAL) + + self.sip_label_3 = wx.StaticText(self.frame, label="For older Macs requiring root patching, we set SIP to\n be partially disabled (0xa03) to allow root patching.") + self.sip_label_3.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL)) + self.sip_label_3.SetPosition( + wx.Point(self.sip_label_2.GetPosition().x, self.sip_label_2.GetPosition().y + self.sip_label_2.GetSize().height + 10) + ) + self.sip_label_3.Center(wx.HORIZONTAL) + + self.sip_label_4 = wx.StaticText(self.frame, label="This value (0xa03) corresponds to the following bits in csr.h:") + self.sip_label_4.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL)) + self.sip_label_4.SetPosition( + wx.Point(self.sip_label_3.GetPosition().x, self.sip_label_3.GetPosition().y + self.sip_label_3.GetSize().height + 5) + ) + self.sip_label_4.Center(wx.HORIZONTAL) + + self.sip_label_5 = wx.StaticText(self.frame, label=" 0x1 - CSR_ALLOW_UNTRUSTED_KEXTS\n 0x2 - CSR_ALLOW_UNRESTRICTED_FS\n 0x200 - CSR_ALLOW_UNAPPROVED_KEXTS\n 0x800 - CSR_ALLOW_UNAUTHENTICATED_ROOT") + self.sip_label_5.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL)) + self.sip_label_5.SetPosition( + wx.Point(self.sip_label_4.GetPosition().x, self.sip_label_4.GetPosition().y + self.sip_label_4.GetSize().height + 7) + ) + self.sip_label_5.Center(wx.HORIZONTAL) + + i = 0 + for sip_bit in sip_data.system_integrity_protection.csr_values_extended: + self.sip_checkbox = wx.CheckBox(self.frame, label=sip_data.system_integrity_protection.csr_values_extended[sip_bit]["name"]) + self.sip_checkbox.SetFont(wx.Font(12, wx.FONTFAMILY_DEFAULT, wx.FONTSTYLE_NORMAL, wx.FONTWEIGHT_NORMAL)) + self.sip_checkbox.SetToolTip(f'Description: {sip_data.system_integrity_protection.csr_values_extended[sip_bit]["description"]}\nValue: {hex(sip_data.system_integrity_protection.csr_values_extended[sip_bit]["value"])}\nIntroduced in: macOS {sip_data.system_integrity_protection.csr_values_extended[sip_bit]["introduced_friendly"]}') + self.sip_checkbox.SetPosition( + wx.Point(self.sip_label_5.GetPosition().x + 10, self.sip_label_5.GetPosition().y + self.sip_label_5.GetSize().height + 10 + i) + ) + i = i + 20 + self.sip_checkbox.Bind(wx.EVT_CHECKBOX, self.update_sip_value) + if self.sip_value & sip_data.system_integrity_protection.csr_values_extended[sip_bit]["value"] == sip_data.system_integrity_protection.csr_values_extended[sip_bit]["value"]: + self.sip_checkbox.SetValue(True) + + # Button: returns to the main menu + self.return_to_main_menu_button = wx.Button(self.frame, label="Return to Main Menu") + self.return_to_main_menu_button.SetPosition( + wx.Point(self.sip_checkbox.GetPosition().x, self.sip_checkbox.GetPosition().y + self.sip_checkbox.GetSize().height + 15) + ) + self.return_to_main_menu_button.Bind(wx.EVT_BUTTON, self.main_menu) + self.return_to_main_menu_button.Center(wx.HORIZONTAL) + + # Set the frame size + self.frame.SetSize(wx.Size(-1, self.return_to_main_menu_button.GetPosition().y + self.return_to_main_menu_button.GetSize().height + 40)) + + def update_sip_value(self, event): + dict = sip_data.system_integrity_protection.csr_values_extended[event.GetEventObject().GetLabel()] + if event.GetEventObject().GetValue() is True: + self.sip_value = self.sip_value + dict["value"] + else: + self.sip_value = self.sip_value - dict["value"] + self.constants.custom_sip_value = hex(self.sip_value) + self.sip_label_2.SetLabel(f"Currently configured SIP: {hex(self.sip_value)}") + self.sip_label_2.Center(wx.HORIZONTAL) \ No newline at end of file