1*699cd480SApple OSS Distributions#!/bin/bash 2*699cd480SApple OSS Distributions 3*699cd480SApple OSS Distributions# 4*699cd480SApple OSS Distributions# kasan_install: set up a system to run the KASan kernel. Run with "--uninstall" 5*699cd480SApple OSS Distributions# to reverse the setup. 6*699cd480SApple OSS Distributions# 7*699cd480SApple OSS Distributions# Adds kcsuffix=kasan to boot-args. 8*699cd480SApple OSS Distributions# 9*699cd480SApple OSS Distributions 10*699cd480SApple OSS Distributions 11*699cd480SApple OSS Distributionsif [[ `whoami` != root ]] ; then 12*699cd480SApple OSS Distributions echo "Re-running with sudo" 13*699cd480SApple OSS Distributions sudo "$0" "$@" 14*699cd480SApple OSS Distributions exit $? 15*699cd480SApple OSS Distributionsfi 16*699cd480SApple OSS Distributions 17*699cd480SApple OSS Distributionssip_enabled() { 18*699cd480SApple OSS Distributions csrutil status |grep -q enabled 19*699cd480SApple OSS Distributions} 20*699cd480SApple OSS Distributions 21*699cd480SApple OSS Distributionsprompt() { 22*699cd480SApple OSS Distributions echo -n "$@ [y/N] " 23*699cd480SApple OSS Distributions read ans 24*699cd480SApple OSS Distributions case "$ans" in 25*699cd480SApple OSS Distributions [yY]*) return 0 ;; 26*699cd480SApple OSS Distributions *) return 1 ;; 27*699cd480SApple OSS Distributions esac 28*699cd480SApple OSS Distributions} 29*699cd480SApple OSS Distributions 30*699cd480SApple OSS Distributionskasan_install() { 31*699cd480SApple OSS Distributions 32*699cd480SApple OSS Distributions dobootargs=0 33*699cd480SApple OSS Distributions 34*699cd480SApple OSS Distributions echo -n "Checking KASan boot args... " 35*699cd480SApple OSS Distributions 36*699cd480SApple OSS Distributions bootargs=$(nvram boot-args | cut -f2) 37*699cd480SApple OSS Distributions cursuffix=$(echo $bootargs | sed -n 's/.*kcsuffix=\([^ ]\)/\1/p') 38*699cd480SApple OSS Distributions 39*699cd480SApple OSS Distributions if [[ "$cursuffix" == kasan ]] ; then 40*699cd480SApple OSS Distributions echo "already set." 41*699cd480SApple OSS Distributions elif [[ -n "$cursuffix" ]] ; then 42*699cd480SApple OSS Distributions prompt "custom kcsuffix ($cursuffix) is set. Overwrite?" && { 43*699cd480SApple OSS Distributions bootargs=$(echo "$bootargs" | sed 's/[ ]*kcsuffix=[^ ]*//') 44*699cd480SApple OSS Distributions dobootargs=1 45*699cd480SApple OSS Distributions } 46*699cd480SApple OSS Distributions else 47*699cd480SApple OSS Distributions prompt "not set. Modify?" && { 48*699cd480SApple OSS Distributions dobootargs=1 49*699cd480SApple OSS Distributions } 50*699cd480SApple OSS Distributions fi 51*699cd480SApple OSS Distributions 52*699cd480SApple OSS Distributions [[ $dobootargs -eq 1 ]] && { 53*699cd480SApple OSS Distributions echo -n "Adding boot arg kcsuffix=kasan... " 54*699cd480SApple OSS Distributions newlen=$(echo -n "$bootargs kcsuffix=kasan" |wc -c) 55*699cd480SApple OSS Distributions if [[ $newlen -ge 512 ]] ; then 56*699cd480SApple OSS Distributions echo "boot-args too long. Bailing." 57*699cd480SApple OSS Distributions exit 3 58*699cd480SApple OSS Distributions fi 59*699cd480SApple OSS Distributions 60*699cd480SApple OSS Distributions nvram boot-args="$bootargs kcsuffix=kasan" || exit $? 61*699cd480SApple OSS Distributions echo "done." 62*699cd480SApple OSS Distributions } 63*699cd480SApple OSS Distributions 64*699cd480SApple OSS Distributions} 65*699cd480SApple OSS Distributions 66*699cd480SApple OSS Distributions 67*699cd480SApple OSS Distributionskasan_uninstall() { 68*699cd480SApple OSS Distributions 69*699cd480SApple OSS Distributions echo -n "Removing boot args... " 70*699cd480SApple OSS Distributions 71*699cd480SApple OSS Distributions bootargs=$(nvram boot-args | cut -f2) 72*699cd480SApple OSS Distributions cursuffix=$(echo $bootargs | sed -n 's/.*kcsuffix=\([^ ]\)/\1/p') 73*699cd480SApple OSS Distributions 74*699cd480SApple OSS Distributions if [[ $cursuffix == "kasan" ]] ; then 75*699cd480SApple OSS Distributions prompt "remove kcsuffix=kasan?" && { 76*699cd480SApple OSS Distributions echo -n "Removing kcsuffix... " 77*699cd480SApple OSS Distributions bootargs=$(echo "$bootargs" | sed 's/[ ]*kcsuffix=[^ ]*//') 78*699cd480SApple OSS Distributions nvram boot-args="$bootargs" 79*699cd480SApple OSS Distributions echo "done." 80*699cd480SApple OSS Distributions } 81*699cd480SApple OSS Distributions else 82*699cd480SApple OSS Distributions echo "not set." 83*699cd480SApple OSS Distributions fi 84*699cd480SApple OSS Distributions 85*699cd480SApple OSS Distributions} 86*699cd480SApple OSS Distributions 87*699cd480SApple OSS Distributionscase "$1" in 88*699cd480SApple OSS Distributions *uninstall|*del*|*remove|*rm) 89*699cd480SApple OSS Distributions kasan_uninstall ;; 90*699cd480SApple OSS Distributions *) 91*699cd480SApple OSS Distributions kasan_install ;; 92*699cd480SApple OSS Distributionsesac 93