Available on macOS only.
Expand description
Safe bindings for the Endpoint Security Framework for Apple targets (macOS).
The sys module contains the raw bindings since several types are publicly exported from there.
At runtime, users should call version::set_runtime_version() before anything else, to indicate
on which macOS version the app is running on.
The entry point is the Client type, which is a wrapper around es_client_t,
with the Client::new() method.
After a Client has been created, events can be subscribed to
using Client::subscribe(). Each time Endpoint Security gets an event that is part of the
subscribptions for your client, it will call the handler that was given to Client::new() with
the message associated to the event. Note that AUTH events have an associated
deadline before which your handler must give a response else your client may be killed by macOS
to avoid stalling for the user.
Re-exports§
pub use endpoint_sec_sys as sys;
Modules§
- version
- Helper module to avoid implementing version detection in this crate and make testing easier by telling the crate its on a lower version than the real one.
Structs§
- Acl
macos_10_15_1 - ACL from Endpoint Security.
- Attribute
Values macos_14_0_0 - Iterator over the attribute values of an
EventOdAttributeSet - Audit
Token - A wrapper around an
audit_token_t. - Authorization
Judgement Results macos_14_0_0 - Iterator over the rights of an
EventAuthorizationJudgement - Authorization
Petition Rights macos_14_0_0 - Iterator over the rights of an
EventAuthorizationPetition - Authorization
Result macos_14_0_0 - Describes, for a single right, the class of that right and if it was granted
- BtmLaunch
Item macos_13_0_0 - A BTM launch item
- Client
- Wrapper around the opaque type that stores the ES client state.
- Event
Access macos_10_15_1 - View stat information of a file event.
- Event
Authentication macos_13_0_0 - An authentication was performed.
- Event
Authentication Auto Unlock macos_13_0_0 - Auto unlock authentication data
- Event
Authentication Od macos_13_0_0 - OpenDirectory authentication data
- Event
Authentication Token macos_13_0_0 - Token authentication data
- Event
Authentication Touch Id macos_13_0_0 - TouchID authentication data
- Event
Authorization Judgement macos_14_0_0 - Notification that a process had it’s right petition judged
- Event
Authorization Petition macos_14_0_0 - Notification that a process petitioned for certain authorization rights
- Event
BtmLaunch Item Add macos_13_0_0 - A launch item being made known to background task management.
- Event
BtmLaunch Item Remove macos_13_0_0 - A launch item being removed from background task management.
- EventCS
Invalidated macos_11_0_0 - Code signing status for process was invalidated event.
- Event
Chdir macos_10_15_1 - Change directories event.
- Event
Chroot macos_10_15_1 - Change the root directory for a process event.
- Event
Clone macos_10_15_1 - Clone a file event.
- Event
Close - Close a file descriptor event.
- Event
Copy File macos_12_0_0 - Copy a file using the
copyfile()system call. - Event
Create - Create a file system object event.
- Event
Delete ExtAttr macos_10_15_1 - Delete an extended attribute event.
- Event
Dup macos_10_15_1 - Duplicate a file descriptor event.
- Event
Exchange Data - Exchange data atomically between two files event.
- Event
Exec - A process execution event.
- Event
Exit - Terminate a process event.
- Event
Fcntl macos_10_15_1 - File control event.
- Event
File Provider Materialize - Materialize a file via the FileProvider framework event.
- Event
File Provider Update - Update file contents via the FileProvider framework event.
- Event
Fork - Fork a new process event.
- Event
FsGet Path macos_10_15_1 - Retrieve file system path based on FSID event.
- Event
GetAttrlist macos_10_15_1 - Retrieve file system attributes event.
- Event
GetExt Attr macos_10_15_1 - Retrieve an extended attribute event.
- Event
GetTask - Get a process’s task control port event.
- Event
GetTask Inspect macos_11_3_0 - Get a process’s task inspect port.
- Event
GetTask Name macos_11_0_0 - Get a process’s task name port
- Event
GetTask Read macos_11_3_0 - Get a process’s task read port.
- Event
IoKit Open - Open a connection to an I/O Kit IOService event.
- Event
Kext Load - Load a kernel extension event.
- Event
Kext Unload - Unload a kernel extension event.
- Event
Link - Link to a file event.
- Event
List ExtAttr macos_10_15_1 - List extended attributes of a file event.
- Event
Login Login macos_13_0_0 - Authenticated login event from
/usr/bin/login. - Event
Login Logout macos_13_0_0 - Authenticated logout event from
/usr/bin/login. - Event
Lookup - Lookup a file system object event.
- Event
LwSession Lock macos_13_0_0 - LoginWindow locked the screen of a session.
- Event
LwSession Login macos_13_0_0 - LoginWindow has logged in a user.
- Event
LwSession Logout macos_13_0_0 - LoginWindow has logged out a user.
- Event
LwSession Unlock macos_13_0_0 - LoginWindow unlocked the screen of a session.
- Event
Mmap - Memory map a file event.
- Event
Mount - Mount a file system event.
- Event
Mprotect - Control protection of pages event.
- Event
OdAttribute Set macos_14_0_0 - Notification that an attribute is being set.
- Event
OdAttribute Value Add macos_14_0_0 - Notification that an attribute value was added to a record.
- Event
OdAttribute Value Remove macos_14_0_0 - Notification that an attribute value was removed to a record.
- Event
OdCreate Group macos_14_0_0 - Notification that a group was created.
- Event
OdCreate User macos_14_0_0 - Notification that a user account was created.
- Event
OdDelete Group macos_14_0_0 - Notification that a group was deleted.
- Event
OdDelete User macos_14_0_0 - Notification that a user account was deleted.
- Event
OdDisable User macos_14_0_0 - Notification that a user account was disabled.
- Event
OdEnable User macos_14_0_0 - Notification that a user account was enabled.
- Event
OdGroup Add macos_14_0_0 - Notification that a member was added to a group.
- Event
OdGroup Remove macos_14_0_0 - Notification that a member was removed to a group.
- Event
OdGroup Set macos_14_0_0 - Notification that a group had it’s members initialised or replaced.
- Event
OdModify Password macos_14_0_0 - Notification that an account had its password modified.
- Event
Open - File system object open event.
- Event
Openssh Login macos_13_0_0 - OpenSSH login event.
- Event
Openssh Logout macos_13_0_0 - OpenSSH logout event.
- Event
Proc Check macos_10_15_4 - Access control check for retrieving process information.
- Event
Proc Suspend Resume macos_11_0_0 - One of
pid_suspend(),pid_resume()orpid_shutdown_sockets()is being called on a process. - Event
Profile Add macos_14_0_0 - Notification for Profiles installed on the system.
- Event
Profile Remove macos_14_0_0 - Notification for Profiles removed on the system.
- Event
PtyClose macos_10_15_4 - A pseudoterminal control device is being closed.
- Event
PtyGrant macos_10_15_4 - A pseudoterminal control device is being granted.
- Event
Read Dir macos_10_15_1 - Read directory entries event.
- Event
Read Link - Resolve a symbolic link event.
- Event
Remote Thread Create macos_11_0_0 - A process has attempted to create a thread in another process
- Event
Remount macos_11_0_0 - Remount a file system event.
- Event
Rename - Rename a file system object event.
- Event
Screensharing Attach macos_13_0_0 - Screen Sharing has attached from a graphical session..
- Event
Screensharing Detach macos_13_0_0 - Screen Sharing has detached from a graphical session..
- Event
Search Fs macos_11_0_0 - Access control check for searching a volume or a mounted file system event.
- Event
SetAcl macos_10_15_1 - Set a file ACL.
- Event
SetAttrlist - Set file system attributes event.
- Event
SetExt Attr - Set an extended attribute event.
- Event
SetFlags - Modify file flags information event.
- Event
SetMode - Modify file mode event.
- Event
SetOwner - Modify file owner information.
- Event
SetTime macos_10_15_1 - Modify the system time event.
- Event
Setegid macos_12_0_0 - A process has called
setegid(). - Event
Seteuid macos_12_0_0 - A process has called
seteuid(). - Event
Setgid macos_12_0_0 - A process has called
setgid(). - Event
Setregid macos_12_0_0 - A process has called
setregid(). - Event
Setreuid macos_12_0_0 - A process has called
setreuid(). - Event
Setuid macos_12_0_0 - A process has called
setuid(). - Event
Signal - Send a signal to a process event.
- Event
Stat macos_10_15_1 - View stat information of a file event.
- EventSu
macos_14_0_0 - A
supolicy decision event. - Event
Sudo macos_14_0_0 - A sudo event.
- Event
Trace macos_11_0_0 - Fired when one process attempts to attach to another process event.
- Event
Truncate - Truncate a file event.
- EventU
Times macos_10_15_1 - Change file access and modification times (e.g. via utimes(2))
- Event
Uipc Bind macos_10_15_1 - A UNIX-domain socket is about to be bound to a path.
- Event
Uipc Connect macos_10_15_1 - A UNIX-domain socket is about to be connected.
- Event
Unlink - Unlink a file system object event.
- Event
Unmount - Unmount a file system event.
- Event
Write - Write to a file event.
- Event
XpMalware Detected macos_13_0_0 - XProtect detected malware.
- Event
XpMalware Remediated macos_13_0_0 - XProtect remediated malware.
- Event
XpcConnect macos_14_0_0 - Notification for an XPC connection being established to a named service.
- Exec
Args - Iterator over the arguments of an
EventExec - Exec
Envs - Iterator over the environment of an
EventExec - ExecFds
- Iterator over the file descriptors of an
EventExec - Fd
macos_11_0_0 - Describe an open file descriptor.
- File
- Provides the stat information and path to a file that relates to a security event.
- Message
- A message from Endpoint Security.
- Muted
Path - See
endpoint_sec_sys::es_muted_path_t - Muted
Process - See
endpoint_sec_sys::es_muted_process_t - OdMember
Id macos_14_0_0 - The identity of a group member
- OdMember
IdArray macos_14_0_0 - An array of group member identities.
- OdMember
IdArray Names macos_14_0_0 - Iterator over the names in an
OdMemberIdArray - OdMember
IdArray Uuids macos_14_0_0 - Iterator over the uuids in an
OdMemberIdArray - Process
- Information related to a process.
- Profile
macos_14_0_0 - Structure describing a Profile event
- Reject
Info macos_14_0_0 - Provides context about failures in
EventSudo - SuArgs
macos_14_0_0 - Iterator over the arguments of an
EventSu - SuEnvs
macos_14_0_0 - Iterator over the environment of an
EventSu - Thread
macos_11_0_0 - Information related to a thread.
- Thread
State macos_11_0_0 - Describes machine-specific thread state as used by
thread_create_running()and other Mach API functions.
Enums§
- Action
- When a
Messageis received, it is associated with anAction - Action
Result - Result of the ES subsystem authorization process.
- Authentication
Data macos_13_0_0 - See
es_event_authentication_t_anon0 - Event
- Information related to an event.
- Event
Create Destination File - Represent a destination file for
EventCreate. - Event
Rename Destination File - Represent a destination file for
EventRename. - Expected
Response Type - Type of response function to use for this event.
- OdMember
IdArray Iters macos_14_0_0 - One of the possible iterator for
OdMemberIdArray - OdMember
IdValue macos_14_0_0 - A member identity.
- Time
Error - Error produced when trying to access
Message::deadline()or equivalent functions because computing the[Instant`] overflowed.