Struct Client

pub struct Client<'b> { /* private fields */ }

Available on macOS only.

Wrapper around the opaque type that stores the ES client state.

Note: this implementation ignores the return value of es_delete_client if you use Drop, use Client::delete() instead if you want to check it.

This type is neither Send nor Sync because the client must be released on the same thread it was created.

Implementations

impl Client<'_>

Public bindings to the underlying es_client_t API.

pub fn new<'b, F>(handler: F) -> Result<Client<'b>, NewClientError>

where F: Fn(&mut Client<'_>, Message) + RefUnwindSafe + 'b,

Creates a new Client.

Callers must respect the following requirement if they want this function to succeed:

• Have the necessary entitlement for Endpoint Security
• Have the user’s approval (TCC)
• Be running as root when launching the client (and while it is active)
• Not have previously reached the maximum number of connected clients

See es_new_client().

pub fn subscribe( &mut self, events: &[es_event_type_t], ) -> Result<(), ReturnError>

Subscribe the client to events, without removing previous subscriptions.

Panics

events can contain at most u32::MAX elements. This is a limitation of Apple’s API.

See es_subscribe.

pub fn unsubscribe( &mut self, events: &[es_event_type_t], ) -> Result<(), ReturnError>

Unsubscribe the client from events, without removing other subscriptions.

Panics

events can contain at most u32::MAX elements. This is a limitation of Apple’s API.

See es_unsubscribe.

pub fn unsubscribe_all(&mut self) -> Result<(), ReturnError>

Unsubscribe the client from all its current subscriptions.

See es_unsubscribe_all.

pub fn subscriptions(&mut self) -> Result<Vec<es_event_type_t>, ReturnError>

List current subscriptions of client.

See es_subscriptions.

pub fn respond_auth_result( &mut self, msg: &Message, resp: es_auth_result_t, cache: bool, ) -> Result<(), RespondError>

Respond to an auth event.

See es_respond_auth_result

pub fn respond_flags_result( &mut self, msg: &Message, authorized_flags: u32, cache: bool, ) -> Result<(), RespondError>

Respong to an auth event that needs a flag response.

See es_respond_flags_result

pub fn mute_process(&mut self, process: &AuditToken) -> Result<(), ReturnError>

Fully mute the given process.

See es_mute_process.

pub fn mute_process_events( &mut self, process: &AuditToken, events: &[es_event_type_t], ) -> Result<(), ReturnError>

Available on crate feature macos_12_0_0 only.

Mute only some events for the given process.

See es_mute_process_events.

Only available on macOS 12.0+.

pub fn unmute_process( &mut self, process: &AuditToken, ) -> Result<(), ReturnError>

Fully unmute the given process.

See es_unmute_process.

pub fn unmute_process_events( &mut self, process: &AuditToken, events: &[es_event_type_t], ) -> Result<(), ReturnError>

Available on crate feature macos_12_0_0 only.

Unmute only some events for the given process.

See es_unmute_process_events.

Only available on macOS 12.0+.

pub fn muted_processes(&mut self) -> Result<Vec<AuditToken>, ReturnError>

List muted processes.

The returned AuditToken are in the same state as they were passed in to Self::mute_process() and may not accuretly reflect the current state of the respective processes.

See es_muted_processes.

Deprecated in macOS 12.0+

pub fn muted_processes_events( &mut self, ) -> Result<Vec<MutedProcess>, ReturnError>

Available on crate feature macos_12_0_0 only.

List muted processes with additional informations

See es_muted_processes_events.

Only available on macOS 12.0+.

pub fn mute_path( &mut self, path: &OsStr, ty: es_mute_path_type_t, ) -> Result<(), ReturnError>

Mute a path for all event types.

See es_mute_path.

Note

The C function takes a const char * _Nonnull path, which means it expects a nul- terminated string. Since the functions to gather such paths give OsStrings (ex: Self::muted_paths_events), this method will truncate the given path to the first if it has one or add it itself if it does not (in which case there will be an allocation).

• If called on macOS 12.0+: uses es_mute_path().
• If called on macOS 10.15 or 11: uses es_mute_path_prefix() and es_mute_path_literal() accordingly.

pub fn mute_path_events( &mut self, path: &OsStr, ty: es_mute_path_type_t, events: &[es_event_type_t], ) -> Result<(), ReturnError>

Available on crate feature macos_12_0_0 only.

Mute a path for a subset of event types.

See es_mute_path_events.

Note

The C function takes a const char * _Nonnull path, which means it expects a nul- terminated string. Since the functions to gather such paths give OsStrings (ex: Self::muted_paths_events), this method will truncate the given path to the first \0 if it has one or add it itself if it does not (in which case there will be an allocation).

Only available on macOS 12.0+.

pub fn unmute_all_paths(&mut self) -> Result<(), ReturnError>

Unmute all paths for all events types.

See es_unmute_all_paths().

pub fn unmute_all_target_paths(&mut self) -> Result<(), ReturnError>

Available on crate feature macos_13_0_0 only.

Unmute all target paths.

See es_unmute_all_target_paths().

Only available on macOS 13.0+.

pub fn unmute_path( &mut self, path: &OsStr, ty: es_mute_path_type_t, ) -> Result<(), ReturnError>

Available on crate feature macos_12_0_0 only.

Unmute a path for all event types.

See es_unmute_path.

Note

The C function takes a const char * _Nonnull path, which means it expects a nul-terminated string. Since the functions to gather such paths give OsStrings (ex: Self::muted_paths_events), this method will truncate the given path to the first \0 if it has one or add it itself if it does not (in which case there will be an allocation).

Only available on macOS 12.0+.

pub fn unmute_path_events( &mut self, path: &OsStr, ty: es_mute_path_type_t, events: &[es_event_type_t], ) -> Result<(), ReturnError>

Available on crate feature macos_12_0_0 only.

Unmute a path for a subset of event types.

See es_unmute_path_events.

Note

The C function takes a const char * _Nonnull path, which means it expects a nul-terminated string. Since the functions to gather such paths give OsStrings (ex: Self::muted_paths_events), this method will truncate the given path to the first \0 if it has one or add it itself if it does not (in which case there will be an allocation).

Only available on macOS 12.0+.

pub fn muted_paths_events(&mut self) -> Result<Vec<MutedPath>, ReturnError>

Available on crate feature macos_12_0_0 only.

List all muted paths.

See es_muted_paths_events.

Only available on macOS 12.0+.

pub fn invert_muting( &mut self, mute_type: es_mute_inversion_type_t, ) -> Result<(), ReturnError>

Available on crate feature macos_13_0_0 only.

Invert the mute state of a given mute dimension.

See es_invert_muting()

Only available on macOS 13.0+.

pub fn muting_inverted( &mut self, mute_type: es_mute_inversion_type_t, ) -> Result<MuteInvertedType, MuteTypeError>

Available on crate feature macos_13_0_0 only.

Query mute inversion state

See es_muting_inverted()

Only available on macOS 13.0+.

pub fn clear_cache(&mut self) -> Result<(), ClearCacheError>

Clear all cached results for all clients.

See es_clear_cache().

pub fn delete(self) -> Result<(), ReturnError>

Delete a client and returns the result, whereas Drop ignores it.

See es_delete_client().

Trait Implementations

impl Drop for Client<'_>

fn drop(&mut self)

Note: this implementation ignores the return value of es_delete_client, use Client::delete() if you want to check it