Skip to main content

endpoint_sec/event/
event_profile_add.rs

1//! [`EventProfileAdd`]
2
3use std::ffi::OsStr;
4
5use endpoint_sec_sys::{es_event_profile_add_t, es_profile_source_t, es_profile_t};
6
7use crate::{AuditToken, Process};
8
9/// Notification for Profiles installed on the system.
10#[doc(alias = "es_event_profile_add_t")]
11pub struct EventProfileAdd<'a> {
12    /// The raw reference.
13    pub(crate) raw: &'a es_event_profile_add_t,
14    /// The version of the message.
15    pub(crate) version: u32,
16}
17
18impl<'a> EventProfileAdd<'a> {
19    /// Process that instigated the Profile install or update.
20    #[inline(always)]
21    pub fn instigator(&self) -> Option<Process<'a>> {
22        // Safety: 'a tied to self, object obtained through ES
23        let process = unsafe { self.raw.instigator()? };
24        Some(Process::new(process, self.version))
25    }
26
27    /// Audit token of the process that instigated this event.
28    pub fn instigator_token(&self) -> AuditToken {
29        #[cfg(feature = "macos_15_0_0")]
30        if self.version >= 8 {
31            return AuditToken(self.raw.instigator_token);
32        }
33
34        // On old versions, the process was always non-null, and we can get
35        // its token easily.
36        self.instigator().unwrap().audit_token()
37    }
38
39    /// `true` if the event is an update to an already installed profile.
40    #[inline(always)]
41    pub fn is_update(&self) -> bool {
42        self.raw.is_update
43    }
44
45    /// Profile install item.
46    #[inline(always)]
47    pub fn profile(&self) -> Profile<'a> {
48        Profile {
49            // Safety: 'a tied to self, object obtained through ES
50            raw: unsafe { self.raw.profile.as_ref() },
51        }
52    }
53}
54
55// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
56unsafe impl Send for EventProfileAdd<'_> {}
57// Safety: safe to share across threads: does not contain any interior mutability nor depend on current thread state
58unsafe impl Sync for EventProfileAdd<'_> {}
59
60impl_debug_eq_hash_with_functions!(EventProfileAdd<'a> with version; instigator, instigator_token, is_update, profile);
61
62/// Structure describing a Profile event
63#[doc(alias = "es_profile_t")]
64pub struct Profile<'a> {
65    /// The raw reference.
66    pub(crate) raw: &'a es_profile_t,
67}
68
69impl<'a> Profile<'a> {
70    /// Profile identifier.
71    #[inline(always)]
72    pub fn identifier(&self) -> &'a OsStr {
73        // Safety: lifetime matches that of message
74        unsafe { self.raw.identifier.as_os_str() }
75    }
76
77    /// Profile UUID.
78    #[inline(always)]
79    pub fn uuid(&self) -> &'a OsStr {
80        // Safety: lifetime matches that of message
81        unsafe { self.raw.uuid.as_os_str() }
82    }
83
84    /// Source of Profile installation (MDM/Manual Install)
85    #[inline(always)]
86    pub fn install_source(&self) -> es_profile_source_t {
87        self.raw.install_source
88    }
89
90    /// Profile organization name.
91    #[inline(always)]
92    pub fn organization(&self) -> &'a OsStr {
93        // Safety: lifetime matches that of message
94        unsafe { self.raw.organization.as_os_str() }
95    }
96
97    /// Profile display name.
98    #[inline(always)]
99    pub fn display_name(&self) -> &'a OsStr {
100        // Safety: lifetime matches that of message
101        unsafe { self.raw.display_name.as_os_str() }
102    }
103
104    /// Profile scope.
105    #[inline(always)]
106    pub fn scope(&self) -> &'a OsStr {
107        // Safety: lifetime matches that of message
108        unsafe { self.raw.scope.as_os_str() }
109    }
110}
111
112// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
113unsafe impl Send for Profile<'_> {}
114
115impl_debug_eq_hash_with_functions!(Profile<'a>; identifier, uuid, install_source, organization, display_name, scope);