1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
//! [`EventAuthorizationJudgement`]
use std::ffi::OsStr;
use endpoint_sec_sys::{es_authorization_result_t, es_authorization_rule_class_t, es_event_authorization_judgement_t};
use crate::Process;
/// Notification that a process had it's right petition judged
#[doc(alias = "es_event_authorization_judgement_t")]
pub struct EventAuthorizationJudgement<'a> {
/// The raw reference.
pub(crate) raw: &'a es_event_authorization_judgement_t,
/// The version of the message.
pub(crate) version: u32,
}
impl<'a> EventAuthorizationJudgement<'a> {
/// Process that submitted the petition (XPC caller)
#[inline(always)]
pub fn instigator(&self) -> Process<'a> {
// Safety: 'a tied to self, object obtained through ES
Process::new(unsafe { self.raw.instigator.as_ref() }, self.version)
}
/// Process that created the petition
#[inline(always)]
pub fn petitioner(&self) -> Option<Process<'a>> {
Some(Process::new(
// Safety: 'a tied to self, object obtained through ES
unsafe { self.raw.petitioner.as_ref()? },
self.version,
))
}
/// The overall result of the petition. 0 indicates success.
///
/// Possible return codes are defined in Security framework "Authorization/Authorization.h"
#[inline(always)]
pub fn return_code(&self) -> i32 {
self.raw.return_code
}
/// Number of results.
#[inline(always)]
pub fn result_count(&self) -> usize {
self.raw.result_count
}
/// Iterator over the results
#[inline(always)]
pub fn rights<'event>(&'event self) -> AuthorizationJudgementResults<'event, 'a> {
AuthorizationJudgementResults::new(self)
}
}
// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
unsafe impl Send for EventAuthorizationJudgement<'_> {}
// Safety: safe to share across threads: does not contain any interior mutability nor depend on current thread state
unsafe impl Sync for EventAuthorizationJudgement<'_> {}
impl_debug_eq_hash_with_functions!(EventAuthorizationJudgement<'a> with version; instigator, petitioner, return_code, result_count);
/// Describes, for a single right, the class of that right and if it was granted
#[doc(alias = "es_authorization_result_t")]
pub struct AuthorizationResult<'a> {
/// The raw reference.
pub(crate) raw: &'a es_authorization_result_t,
}
impl<'a> AuthorizationResult<'a> {
/// The name of the right being considered
#[inline(always)]
pub fn right_name(&self) -> &'a OsStr {
// Safety: 'a tied to self, object obtained through ES
unsafe { self.raw.right_name.as_os_str() }
}
/// The class of the right being considered
///
/// The rule class determines how the operating system determines if it should be granted or not
#[inline(always)]
pub fn rule_class(&self) -> es_authorization_rule_class_t {
self.raw.rule_class
}
/// Indicates if the right was granted or not
#[inline(always)]
pub fn granted(&self) -> bool {
self.raw.granted
}
}
// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
unsafe impl Send for AuthorizationResult<'_> {}
impl_debug_eq_hash_with_functions!(AuthorizationResult<'a>; right_name, rule_class, granted);
/// Read the `idx` result of `raw`
///
/// # Safety
///
/// Must be called with a valid event for which `idx` is in range `0..raw.result_count`
unsafe fn read_nth_result(raw: &es_event_authorization_judgement_t, idx: usize) -> *const es_authorization_result_t {
raw.results.add(idx).cast_const()
}
/// See [`super::as_os_str()`] for lifetime and safety docs
unsafe fn make_result<'a>(result: *const es_authorization_result_t) -> AuthorizationResult<'a> {
assert!(!result.is_null());
AuthorizationResult {
raw: unsafe { &*result },
}
}
make_event_data_iterator!(
EventAuthorizationJudgement;
/// Iterator over the rights of an [`EventAuthorizationJudgement`]
AuthorizationJudgementResults with result_count (usize);
AuthorizationResult<'raw>;
read_nth_result,
make_result,
);