--- dyld/dyld-852.2/dyld3/shared-cache/FileUtils.cpp
+++ dyld/dyld-625.13/dyld3/shared-cache/FileUtils.cpp
@@ -47,7 +47,10 @@
 #include "FileUtils.h"
 #include "StringUtils.h"
 #include "Diagnostics.h"
-#include "JSONReader.h"
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
+extern "C" int rootless_check_trusted_fd(int fd) __attribute__((weak_import));
+#endif
 
 
 void iterateDirectoryTree(const std::string& pathPrefix, const std::string& path, bool (^dirFilter)(const std::string& path), void (^fileCallback)(const std::string& path, const struct stat&), bool processFiles, bool recurse)
@@ -60,7 +63,7 @@
     }
     while (dirent* entry = readdir(dir)) {
         struct stat statBuf;
-        std::string dirAndFile = path + (path.back() != '/' ? "/" : "") + entry->d_name;
+        std::string dirAndFile = path + "/" + entry->d_name;
         std::string fullDirAndFile = pathPrefix + dirAndFile;
          switch ( entry->d_type ) {
             case DT_REG:
@@ -131,6 +134,41 @@
     }
 
     return nullptr;
+}
+
+static bool sipIsEnabled()
+{
+    static bool             rootlessEnabled;
+    static dispatch_once_t  onceToken;
+    // Check to make sure file system protections are on at all
+    dispatch_once(&onceToken, ^{
+        rootlessEnabled = (csr_check(CSR_ALLOW_UNRESTRICTED_FS) != 0);
+    });
+    return rootlessEnabled;
+}
+
+bool isProtectedBySIP(const std::string& path)
+{
+    if ( !sipIsEnabled() )
+        return false;
+
+    return (rootless_check_trusted(path.c_str()) == 0);
+}
+
+bool isProtectedBySIP(int fd)
+{
+    if ( !sipIsEnabled() )
+        return false;
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200
+    return (rootless_check_trusted_fd(fd) == 0);
+#else
+    // fallback to using rootless_check_trusted
+    char realPath[MAXPATHLEN];
+    if ( fcntl(fd, F_GETPATH, realPath) == 0 )
+        return (rootless_check_trusted(realPath) == 0);
+    return false;
+#endif
 }
 
 bool fileExists(const std::string& path)