Crate endpoint_sec
source ·Expand description
Safe bindings for the Endpoint Security Framework for Apple targets (macOS).
The sys
module contains the raw bindings since several types are publicly exported from there.
At runtime, users should call version::set_runtime_version()
before anything else, to indicate
on which macOS version the app is running on.
The entry point is the Client
type, which is a wrapper around es_client_t
,
with the Client::new()
method.
After a Client
has been created, events can be subscribed to
using Client::subscribe()
. Each time Endpoint Security gets an event that is part of the
subscribptions for your client, it will call the handler that was given to Client::new()
with
the message associated to the event. Note that AUTH
events have an associated
deadline before which your handler must give a response else your client may be killed by macOS
to avoid stalling for the user.
Re-exports§
pub use endpoint_sec_sys as sys;
Modules§
- Helper module to avoid implementing version detection in this crate and make testing easier by telling the crate its on a lower version than the real one.
Structs§
- Acl
macos_10_15_1
ACL from Endpoint Security. - AttributeValues
macos_14_0_0
Iterator over the attribute values of anEventOdAttributeSet
- A wrapper around an
audit_token_t
. - AuthorizationJudgementResults
macos_14_0_0
Iterator over the rights of anEventAuthorizationJudgement
- AuthorizationPetitionRights
macos_14_0_0
Iterator over the rights of anEventAuthorizationPetition
- AuthorizationResult
macos_14_0_0
Describes, for a single right, the class of that right and if it was granted - BtmLaunchItem
macos_13_0_0
A BTM launch item - Wrapper around the opaque type that stores the ES client state.
- EventAccess
macos_10_15_1
View stat information of a file event. - EventAuthentication
macos_13_0_0
An authentication was performed. - EventAuthenticationAutoUnlock
macos_13_0_0
Auto unlock authentication data - EventAuthenticationOd
macos_13_0_0
OpenDirectory authentication data - EventAuthenticationToken
macos_13_0_0
Token authentication data - EventAuthenticationTouchId
macos_13_0_0
TouchID authentication data - EventAuthorizationJudgement
macos_14_0_0
Notification that a process had it’s right petition judged - EventAuthorizationPetition
macos_14_0_0
Notification that a process petitioned for certain authorization rights - EventBtmLaunchItemAdd
macos_13_0_0
A launch item being made known to background task management. - EventBtmLaunchItemRemove
macos_13_0_0
A launch item being removed from background task management. - EventCSInvalidated
macos_11_0_0
Code signing status for process was invalidated event. - EventChdir
macos_10_15_1
Change directories event. - EventChroot
macos_10_15_1
Change the root directory for a process event. - EventClone
macos_10_15_1
Clone a file event. - Close a file descriptor event.
- EventCopyFile
macos_12_0_0
Copy a file using thecopyfile()
system call. - Create a file system object event.
- EventDeleteExtAttr
macos_10_15_1
Delete an extended attribute event. - EventDup
macos_10_15_1
Duplicate a file descriptor event. - Exchange data atomically between two files event.
- A process execution event.
- Terminate a process event.
- EventFcntl
macos_10_15_1
File control event. - Materialize a file via the FileProvider framework event.
- Update file contents via the FileProvider framework event.
- Fork a new process event.
- EventFsGetPath
macos_10_15_1
Retrieve file system path based on FSID event. - EventGetAttrlist
macos_10_15_1
Retrieve file system attributes event. - EventGetExtAttr
macos_10_15_1
Retrieve an extended attribute event. - Get a process’s task control port event.
- EventGetTaskInspect
macos_11_3_0
Get a process’s task inspect port. - EventGetTaskName
macos_11_0_0
Get a process’s task name port - EventGetTaskRead
macos_11_3_0
Get a process’s task read port. - Open a connection to an I/O Kit IOService event.
- Load a kernel extension event.
- Unload a kernel extension event.
- Link to a file event.
- EventListExtAttr
macos_10_15_1
List extended attributes of a file event. - EventLoginLogin
macos_13_0_0
Authenticated login event from/usr/bin/login
. - EventLoginLogout
macos_13_0_0
Authenticated logout event from/usr/bin/login
. - Lookup a file system object event.
- EventLwSessionLock
macos_13_0_0
LoginWindow locked the screen of a session. - EventLwSessionLogin
macos_13_0_0
LoginWindow has logged in a user. - EventLwSessionLogout
macos_13_0_0
LoginWindow has logged out a user. - EventLwSessionUnlock
macos_13_0_0
LoginWindow unlocked the screen of a session. - Memory map a file event.
- Mount a file system event.
- Control protection of pages event.
- EventOdAttributeSet
macos_14_0_0
Notification that an attribute is being set. - EventOdAttributeValueAdd
macos_14_0_0
Notification that an attribute value was added to a record. - EventOdAttributeValueRemove
macos_14_0_0
Notification that an attribute value was removed to a record. - EventOdCreateGroup
macos_14_0_0
Notification that a group was created. - EventOdCreateUser
macos_14_0_0
Notification that a user account was created. - EventOdDeleteGroup
macos_14_0_0
Notification that a group was deleted. - EventOdDeleteUser
macos_14_0_0
Notification that a user account was deleted. - EventOdDisableUser
macos_14_0_0
Notification that a user account was disabled. - EventOdEnableUser
macos_14_0_0
Notification that a user account was enabled. - EventOdGroupAdd
macos_14_0_0
Notification that a member was added to a group. - EventOdGroupRemove
macos_14_0_0
Notification that a member was removed to a group. - EventOdGroupSet
macos_14_0_0
Notification that a group had it’s members initialised or replaced. - EventOdModifyPassword
macos_14_0_0
Notification that an account had its password modified. - File system object open event.
- EventOpensshLogin
macos_13_0_0
OpenSSH login event. - EventOpensshLogout
macos_13_0_0
OpenSSH logout event. - EventProcCheck
macos_10_15_4
Access control check for retrieving process information. - EventProcSuspendResume
macos_11_0_0
One ofpid_suspend()
,pid_resume()
orpid_shutdown_sockets()
is being called on a process. - EventProfileAdd
macos_14_0_0
Notification for Profiles installed on the system. - EventProfileRemove
macos_14_0_0
Notification for Profiles removed on the system. - EventPtyClose
macos_10_15_4
A pseudoterminal control device is being closed. - EventPtyGrant
macos_10_15_4
A pseudoterminal control device is being granted. - EventReadDir
macos_10_15_1
Read directory entries event. - Resolve a symbolic link event.
- EventRemoteThreadCreate
macos_11_0_0
A process has attempted to create a thread in another process - EventRemount
macos_11_0_0
Remount a file system event. - Rename a file system object event.
- EventScreensharingAttach
macos_13_0_0
Screen Sharing has attached from a graphical session.. - EventScreensharingDetach
macos_13_0_0
Screen Sharing has detached from a graphical session.. - EventSearchFs
macos_11_0_0
Access control check for searching a volume or a mounted file system event. - EventSetAcl
macos_10_15_1
Set a file ACL. - Set file system attributes event.
- Set an extended attribute event.
- Modify file flags information event.
- Modify file mode event.
- Modify file owner information.
- EventSetTime
macos_10_15_1
Modify the system time event. - EventSetegid
macos_12_0_0
A process has calledsetegid()
. - EventSeteuid
macos_12_0_0
A process has calledseteuid()
. - EventSetgid
macos_12_0_0
A process has calledsetgid()
. - EventSetregid
macos_12_0_0
A process has calledsetregid()
. - EventSetreuid
macos_12_0_0
A process has calledsetreuid()
. - EventSetuid
macos_12_0_0
A process has calledsetuid()
. - Send a signal to a process event.
- EventStat
macos_10_15_1
View stat information of a file event. - EventSu
macos_14_0_0
Asu
policy decision event. - EventSudo
macos_14_0_0
A sudo event. - EventTrace
macos_11_0_0
Fired when one process attempts to attach to another process event. - Truncate a file event.
- EventUTimes
macos_10_15_1
Change file access and modification times (e.g. via utimes(2)) - EventUipcBind
macos_10_15_1
A UNIX-domain socket is about to be bound to a path. - EventUipcConnect
macos_10_15_1
A UNIX-domain socket is about to be connected. - Unlink a file system object event.
- Unmount a file system event.
- Write to a file event.
- EventXpMalwareDetected
macos_13_0_0
XProtect detected malware. - EventXpMalwareRemediated
macos_13_0_0
XProtect remediated malware. - EventXpcConnect
macos_14_0_0
Notification for an XPC connection being established to a named service. - Iterator over the arguments of an
EventExec
- Iterator over the environment of an
EventExec
- Iterator over the file descriptors of an
EventExec
- Describe an open file descriptor.
- Provides the stat information and path to a file that relates to a security event.
- A message from Endpoint Security.
- OdMemberId
macos_14_0_0
The identity of a group member - OdMemberIdArray
macos_14_0_0
An array of group member identities. - OdMemberIdArrayNames
macos_14_0_0
Iterator over the names in anOdMemberIdArray
- OdMemberIdArrayUuids
macos_14_0_0
Iterator over the uuids in anOdMemberIdArray
- Information related to a process.
- Profile
macos_14_0_0
Structure describing a Profile event - RejectInfo
macos_14_0_0
Provides context about failures inEventSudo
- SuArgs
macos_14_0_0
Iterator over the arguments of anEventSu
- SuEnvs
macos_14_0_0
Iterator over the environment of anEventSu
- Information related to a thread.
- Describes machine-specific thread state as used by
thread_create_running()
and other Mach API functions.
Enums§
- When a
Message
is received, it is associated with anAction
- Result of the ES subsystem authorization process.
- AuthenticationData
macos_13_0_0
- Information related to an event.
- Represent a destination file for
EventCreate
. - Represent a destination file for
EventRename
. - Type of response function to use for this event.
- OdMemberIdArrayIters
macos_14_0_0
One of the possible iterator forOdMemberIdArray
- OdMemberIdValue
macos_14_0_0
A member identity. - Error produced when trying to access
Message::deadline()
or equivalent functions because computing the[
Instant`] overflowed.