Crate endpoint_sec

Available on macOS only.

Safe bindings for the Endpoint Security Framework for Apple targets (macOS).

The sys module contains the raw bindings since several types are publicly exported from there.

At runtime, users should call version::set_runtime_version() before anything else, to indicate on which macOS version the app is running on.

The entry point is the Client type, which is a wrapper around es_client_t, with the Client::new() method.

After a Client has been created, events can be subscribed to using Client::subscribe(). Each time Endpoint Security gets an event that is part of the subscribptions for your client, it will call the handler that was given to Client::new() with the message associated to the event. Note that AUTH events have an associated deadline before which your handler must give a response else your client may be killed by macOS to avoid stalling for the user.

Re-exports

• pub use endpoint_sec_sys as sys;

Modules

• version
  Helper module to avoid implementing version detection in this crate and make testing easier by telling the crate its on a lower version than the real one.

Structs

• Aclmacos_10_15_1
  ACL from Endpoint Security.
• AttributeValuesmacos_14_0_0
  Iterator over the attribute values of an EventOdAttributeSet
• AuditToken
  A wrapper around an audit_token_t.
• AuthorizationJudgementResultsmacos_14_0_0
  Iterator over the rights of an EventAuthorizationJudgement
• AuthorizationPetitionRightsmacos_14_0_0
  Iterator over the rights of an EventAuthorizationPetition
• AuthorizationResultmacos_14_0_0
  Describes, for a single right, the class of that right and if it was granted
• BtmLaunchItemmacos_13_0_0
  A BTM launch item
• Client
  Wrapper around the opaque type that stores the ES client state.
• EventAccessmacos_10_15_1
  View stat information of a file event.
• EventAuthenticationmacos_13_0_0
  An authentication was performed.
• EventAuthenticationAutoUnlockmacos_13_0_0
  Auto unlock authentication data
• EventAuthenticationOdmacos_13_0_0
  OpenDirectory authentication data
• EventAuthenticationTokenmacos_13_0_0
  Token authentication data
• EventAuthenticationTouchIdmacos_13_0_0
  TouchID authentication data
• EventAuthorizationJudgementmacos_14_0_0
  Notification that a process had it’s right petition judged
• EventAuthorizationPetitionmacos_14_0_0
  Notification that a process petitioned for certain authorization rights
• EventBtmLaunchItemAddmacos_13_0_0
  A launch item being made known to background task management.
• EventBtmLaunchItemRemovemacos_13_0_0
  A launch item being removed from background task management.
• EventCSInvalidatedmacos_11_0_0
  Code signing status for process was invalidated event.
• EventChdirmacos_10_15_1
  Change directories event.
• EventChrootmacos_10_15_1
  Change the root directory for a process event.
• EventClonemacos_10_15_1
  Clone a file event.
• EventClose
  Close a file descriptor event.
• EventCopyFilemacos_12_0_0
  Copy a file using the copyfile() system call.
• EventCreate
  Create a file system object event.
• EventDeleteExtAttrmacos_10_15_1
  Delete an extended attribute event.
• EventDupmacos_10_15_1
  Duplicate a file descriptor event.
• EventExchangeData
  Exchange data atomically between two files event.
• EventExec
  A process execution event.
• EventExit
  Terminate a process event.
• EventFcntlmacos_10_15_1
  File control event.
• EventFileProviderMaterialize
  Materialize a file via the FileProvider framework event.
• EventFileProviderUpdate
  Update file contents via the FileProvider framework event.
• EventFork
  Fork a new process event.
• EventFsGetPathmacos_10_15_1
  Retrieve file system path based on FSID event.
• EventGetAttrlistmacos_10_15_1
  Retrieve file system attributes event.
• EventGetExtAttrmacos_10_15_1
  Retrieve an extended attribute event.
• EventGetTask
  Get a process’s task control port event.
• EventGetTaskInspectmacos_11_3_0
  Get a process’s task inspect port.
• EventGetTaskNamemacos_11_0_0
  Get a process’s task name port
• EventGetTaskReadmacos_11_3_0
  Get a process’s task read port.
• EventIoKitOpen
  Open a connection to an I/O Kit IOService event.
• EventKextLoad
  Load a kernel extension event.
• EventKextUnload
  Unload a kernel extension event.
• EventLink
  Link to a file event.
• EventListExtAttrmacos_10_15_1
  List extended attributes of a file event.
• EventLoginLoginmacos_13_0_0
  Authenticated login event from /usr/bin/login.
• EventLoginLogoutmacos_13_0_0
  Authenticated logout event from /usr/bin/login.
• EventLookup
  Lookup a file system object event.
• EventLwSessionLockmacos_13_0_0
  LoginWindow locked the screen of a session.
• EventLwSessionLoginmacos_13_0_0
  LoginWindow has logged in a user.
• EventLwSessionLogoutmacos_13_0_0
  LoginWindow has logged out a user.
• EventLwSessionUnlockmacos_13_0_0
  LoginWindow unlocked the screen of a session.
• EventMmap
  Memory map a file event.
• EventMount
  Mount a file system event.
• EventMprotect
  Control protection of pages event.
• EventOdAttributeSetmacos_14_0_0
  Notification that an attribute is being set.
• EventOdAttributeValueAddmacos_14_0_0
  Notification that an attribute value was added to a record.
• EventOdAttributeValueRemovemacos_14_0_0
  Notification that an attribute value was removed to a record.
• EventOdCreateGroupmacos_14_0_0
  Notification that a group was created.
• EventOdCreateUsermacos_14_0_0
  Notification that a user account was created.
• EventOdDeleteGroupmacos_14_0_0
  Notification that a group was deleted.
• EventOdDeleteUsermacos_14_0_0
  Notification that a user account was deleted.
• EventOdDisableUsermacos_14_0_0
  Notification that a user account was disabled.
• EventOdEnableUsermacos_14_0_0
  Notification that a user account was enabled.
• EventOdGroupAddmacos_14_0_0
  Notification that a member was added to a group.
• EventOdGroupRemovemacos_14_0_0
  Notification that a member was removed to a group.
• EventOdGroupSetmacos_14_0_0
  Notification that a group had it’s members initialised or replaced.
• EventOdModifyPasswordmacos_14_0_0
  Notification that an account had its password modified.
• EventOpen
  File system object open event.
• EventOpensshLoginmacos_13_0_0
  OpenSSH login event.
• EventOpensshLogoutmacos_13_0_0
  OpenSSH logout event.
• EventProcCheckmacos_10_15_4
  Access control check for retrieving process information.
• EventProcSuspendResumemacos_11_0_0
  One of pid_suspend(), pid_resume() or pid_shutdown_sockets() is being called on a process.
• EventProfileAddmacos_14_0_0
  Notification for Profiles installed on the system.
• EventProfileRemovemacos_14_0_0
  Notification for Profiles removed on the system.
• EventPtyClosemacos_10_15_4
  A pseudoterminal control device is being closed.
• EventPtyGrantmacos_10_15_4
  A pseudoterminal control device is being granted.
• EventReadDirmacos_10_15_1
  Read directory entries event.
• EventReadLink
  Resolve a symbolic link event.
• EventRemoteThreadCreatemacos_11_0_0
  A process has attempted to create a thread in another process
• EventRemountmacos_11_0_0
  Remount a file system event.
• EventRename
  Rename a file system object event.
• EventScreensharingAttachmacos_13_0_0
  Screen Sharing has attached from a graphical session..
• EventScreensharingDetachmacos_13_0_0
  Screen Sharing has detached from a graphical session..
• EventSearchFsmacos_11_0_0
  Access control check for searching a volume or a mounted file system event.
• EventSetAclmacos_10_15_1
  Set a file ACL.
• EventSetAttrlist
  Set file system attributes event.
• EventSetExtAttr
  Set an extended attribute event.
• EventSetFlags
  Modify file flags information event.
• EventSetMode
  Modify file mode event.
• EventSetOwner
  Modify file owner information.
• EventSetTimemacos_10_15_1
  Modify the system time event.
• EventSetegidmacos_12_0_0
  A process has called setegid().
• EventSeteuidmacos_12_0_0
  A process has called seteuid().
• EventSetgidmacos_12_0_0
  A process has called setgid().
• EventSetregidmacos_12_0_0
  A process has called setregid().
• EventSetreuidmacos_12_0_0
  A process has called setreuid().
• EventSetuidmacos_12_0_0
  A process has called setuid().
• EventSignal
  Send a signal to a process event.
• EventStatmacos_10_15_1
  View stat information of a file event.
• EventSumacos_14_0_0
  A su policy decision event.
• EventSudomacos_14_0_0
  A sudo event.
• EventTracemacos_11_0_0
  Fired when one process attempts to attach to another process event.
• EventTruncate
  Truncate a file event.
• EventUTimesmacos_10_15_1
  Change file access and modification times (e.g. via utimes(2))
• EventUipcBindmacos_10_15_1
  A UNIX-domain socket is about to be bound to a path.
• EventUipcConnectmacos_10_15_1
  A UNIX-domain socket is about to be connected.
• EventUnlink
  Unlink a file system object event.
• EventUnmount
  Unmount a file system event.
• EventWrite
  Write to a file event.
• EventXpMalwareDetectedmacos_13_0_0
  XProtect detected malware.
• EventXpMalwareRemediatedmacos_13_0_0
  XProtect remediated malware.
• EventXpcConnectmacos_14_0_0
  Notification for an XPC connection being established to a named service.
• ExecArgs
  Iterator over the arguments of an EventExec
• ExecEnvs
  Iterator over the environment of an EventExec
• ExecFds
  Iterator over the file descriptors of an EventExec
• Fdmacos_11_0_0
  Describe an open file descriptor.
• File
  Provides the stat information and path to a file that relates to a security event.
• Message
  A message from Endpoint Security.
• MutedPath
  See endpoint_sec_sys::es_muted_path_t
• MutedProcess
  See endpoint_sec_sys::es_muted_process_t
• OdMemberIdmacos_14_0_0
  The identity of a group member
• OdMemberIdArraymacos_14_0_0
  An array of group member identities.
• OdMemberIdArrayNamesmacos_14_0_0
  Iterator over the names in an OdMemberIdArray
• OdMemberIdArrayUuidsmacos_14_0_0
  Iterator over the uuids in an OdMemberIdArray
• Process
  Information related to a process.
• Profilemacos_14_0_0
  Structure describing a Profile event
• RejectInfomacos_14_0_0
  Provides context about failures in EventSudo
• SuArgsmacos_14_0_0
  Iterator over the arguments of an EventSu
• SuEnvsmacos_14_0_0
  Iterator over the environment of an EventSu
• Threadmacos_11_0_0
  Information related to a thread.
• ThreadStatemacos_11_0_0
  Describes machine-specific thread state as used by thread_create_running() and other Mach API functions.

Enums

• Action
  When a Message is received, it is associated with an Action
• ActionResult
  Result of the ES subsystem authorization process.
• AuthenticationDatamacos_13_0_0
  See es_event_authentication_t_anon0
• Event
  Information related to an event.
• EventCreateDestinationFile
  Represent a destination file for EventCreate.
• EventRenameDestinationFile
  Represent a destination file for EventRename.
• ExpectedResponseType
  Type of response function to use for this event.
• OdMemberIdArrayItersmacos_14_0_0
  One of the possible iterator for OdMemberIdArray
• OdMemberIdValuemacos_14_0_0
  A member identity.
• TimeError
  Error produced when trying to access Message::deadline() or equivalent functions because computing the [Instant`] overflowed.