. Re: API to determine status of System Integrity Protection?
. Re: API to determine status of System Integrity Protection?
- Subject: . Re: API to determine status of System Integrity Protection?
- From: Stephane Madrau <email@hidden>
- Date: Tue, 15 Sep 2015 08:37:04 +0200
2015-09-14 21:00 GMT+02:00 <email@hidden>:
>
> The open() API returns EPERM when you try to access something protected by
> SIP, but EACCES for normal permission errors. So, you could just try to
> write to create a file at /System/foo without root access using open(), and
> use the value returned by errno to determine whether SIP is enabled or not.
>
> Whether that is more or less ugly than parsing the output of csrutil, of
> course, is up to the reader. They’re both pretty non-ideal.
>
What's wrong with using csr_check() and csr_get_active_config(). That's
nothing else than what csrutil uses... Are these functions considered as
SPI ? They are in the kernel sources...
And using SPI shouldn be worse than parsing a shell tool output...
If these are ok, then this code should do it
https://github.com/Piker-Alpha/csrstat/blob/master/csrstat.c
--
Stéphane
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden