Module for querying SIP status on XNU-based systems
Project description
py_sip_xnu
Python module for querying SIP status on XNU-based systems (primarily macOS) through exposed kernel APIs.
No reliance on csrutil
or NVRAM properties, allowing for more accurate and reliable results. Supporting both Intel and Apple Silicon systems.
Library returns a SIP object with the following properties:
value - int - raw value of SIP configuration
breakdown - object - holds each SIP key and its value
can_edit_root - bool - whether SIP allows editing of protected files
can_write_nvram - bool - whether SIP allows writing to NVRAM
can_load_arbitrary_kexts - bool - whether SIP allows loading of arbitrary kexts
If module accessed under Yosemite or earlier, sip_xnu
will treat SIP as disabled.
Project currently synced against macOS 13.0 (XNU 8792.41.9). Based off of pudquick's concept.
Python validated against 2.7 and 3.9.
Background
System Integrity Protection, generally abbreviated as SIP, is a security feature introduced in OS X El Capitan. The primary purpose of this setting was to control access to sensitive operations such as kernel extension loading, protected file write, task tracking, etc. SIP is part of the XNU kernel, and is a cumulation of several kernel flags into the CSR bitmask seen as SIP configuration.
The primary benefit of this library over manually invoking either csrutil
or reading nvram csr-active-config
is that we check with the kernel directly, and verify what macOS itself is using for SIP configuration. Contrast this with nvram
, boot.efi and XNU can reject SIP bits such as 0x10 (AppleInternal) during runtime without changing the exposed NVRAM value.
With csrutil
, this tool obfuscates much of SIP into a simple on/off state, when in reality SIP is a complex bitmask. Many developers will simply check the output of csrutil status
and assume SIP is either enabled or disabled, without properly probing specific bits for what the application may need. Using sip_xnu
allows for better probing and allows users to lower less of SIP for overall better system security.
- More information can be found here: System Integrity Protection: The misunderstood setting
Source for SIP configuration can be found in Apple's csr.h, and parsing logic from csr.c.
Installation
pip-based:
pip3 install py_sip_xnu
Manual:
python3 setup.py install
Usage
Invocation:
import py_sip_xnu
sip_config = py_sip_xnu.SipXnu().get_sip_status()
'''
sip_config = {
'value': 0,
'breakdown': {
'csr_allow_untrusted_kexts': False,
'csr_allow_unrestricted_fs': False,
'csr_allow_task_for_pid': False,
'csr_allow_kernel_debugger': False,
'csr_allow_apple_internal': False,
'csr_allow_unrestricted_dtrace': False,
'csr_allow_unrestricted_nvram': False,
'csr_allow_device_configuration': False,
'csr_allow_any_recovery_os': False,
'csr_allow_unapproved_kexts': False,
'csr_allow_executable_policy_override': False,
'csr_allow_unauthenticated_root': False
},
'can_edit_root': False,
'can_write_nvram': False,
'can_load_arbitrary_kexts': False
}
'''
License
BSD 3-Clause License
Copyright (c) 2022, Mykola Grymalyuk
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Hashes for py_sip_xnu-1.0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2db9f1697bf737e1d6b1b2d59e8fce6cecbe3d701133f929cdd06dd33221c904 |
|
MD5 | a26a269ab52b15e24bcdf3c85794feba |
|
BLAKE2b-256 | 694ed29c149199d98e79089f63dcf740f0dea44cf78e982b4e215fe710203e50 |
Hashes for py_sip_xnu-1.0.4-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2361f67e0d99490e1d50490ac2bdb2e475a4742c1d8d001bbec05a22abbd4d45 |
|
MD5 | f9d07626eb9dfb7e918e932018250948 |
|
BLAKE2b-256 | 373122899bd58c8fb91af4027900424da5923718caaa6c6610bae23197d0f6c7 |