Cradicle Explorer
darling-security
/ OSX / libsecurity_codesigning / lib / security_codesigning.d
security_codesigning.d
 1  /*
 2   * DTrace static providers at the Code Signing layer
 3   */
 4  #define int32_t int
 5  #define uint32_t unsigned
 6  #define mach_port_t uint32_t
 7  #define bool uint8_t
 8  #define off_t uint64_t
 9  
10  
11  /*
12   * Basic semantic events of the code signing subsystem
13   */
14  provider codesign {
15  	probe diskrep__create__macho(void *me, const char *path, const void *ctx);
16  	probe diskrep__create__bundle__path(void *me, const char *path, void *ctx, void *exec);
17  	probe diskrep__create__bundle__ref(void *me, void *cfbundle, void *ctx, void *exec);
18  	probe diskrep__create__file(void *me, const char *path);
19  	probe diskrep__create__cfm(void *me, const char *path);
20  	probe diskrep__create__slc(void *me, const char *path);
21  	probe diskrep__create__detached(void *me, void *orig, const char *source, void *glob);
22  	probe diskrep__create__kernel(void *me);
23  	probe diskrep__destroy(void *me);
24  
25  	probe static__create(void *me, void *host);
26  	probe dynamic__create(void *me, void *rep);
27  	
28  	probe static__cdhash(void *me, const void *cdhash, uint32_t length);
29  	probe static__attach__explicit(void *me, void *rep);
30  	probe static__attach__system(void *me, void *rep);
31  
32  	probe eval__dynamic__start(void *me, const char *path);
33  	probe eval__dynamic__end(void *me);
34  	probe eval__dynamic__root(void *me);
35  	
36  	probe eval__static__start(void *me, const char *path);
37  	probe eval__static__end(void *me);
38  	probe eval__static__reset(void *me);
39  	
40  	probe eval__static__executable__start(void *me, const char *path, uint32_t pages);
41  	probe eval__static__executable__fail(void *me, uint32_t badPage);
42  	probe eval__static__executable__end(void *me);
43  	probe eval__static__resources__start(void *me, const char *path, int count);
44  	probe eval__static__resources__end(void *me);
45  	
46  	probe eval__static__directory(void *me);
47  	probe eval__static__intreq__start(void *me, uint32_t reqType, void *target, int32_t nullError);
48  	probe eval__static__intreq__end(void *me);
49  	
50  	probe eval__static__signature__start(void *me, const char *path);
51  	probe eval__static__signature__adhoc(void *me);
52  	probe eval__static__signature__result(void *me, uint32_t result, uint32_t chainLength);
53  	probe eval__static__signature__expired(void *me);
54  	probe eval__static__signature__end(void *me);
55  
56  	probe eval__reqint__start(const void *reqdata, uint32_t reqlength);
57  	probe eval__reqint__end(const void *reqdata, uint32_t result);
58  	probe eval__reqint__op(uint32_t opcode, uint32_t offset);
59  	probe eval__reqint__unknown_false(uint32_t opcode);
60  	probe eval__reqint__unknown_skipped(uint32_t opcode);
61  	probe eval__reqint__fragment__load(const char *type, const char *name, const void *req);
62  	probe eval__reqint__fragment__hit(const char *type, const char *name);
63  	
64  	probe guest__hostingport(void *host, mach_port_t hostingPort);
65  	probe guest__locate__generic(void *host, uint32_t *guestPath, uint32_t guestPathLength, mach_port_t subport);
66  	probe guest__identify__process(void *guest, uint32_t guestPid, void *code);
67  	probe guest__cdhash__process(void *code, const void *cdhash, uint32_t length);
68  	probe guest__identify__generic(void *guest, uint32_t guestRef, void *code);
69  	probe guest__cdhash__generic(void *code, const void *cdhash, uint32_t length);
70  	
71  	probe allocate__validate(const char *path, uint32_t pid);
72  	probe allocate__arch(const char *arch, uint32_t size);
73  	probe allocate__archn(uint32_t cputype, uint32_t cpusubtype, uint32_t size);
74  	probe allocate__write(const char *arch, off_t offset, uint32_t length, uint32_t available);
75  	
76  	probe sign__dep__macho(void *me, const char *name, const void *requirement);
77  	probe sign__dep__interp(void *me, const char *name, const void *requirement);
78  
79  	probe load__antlr();
80  };
81  
82  
83  provider syspolicy {
84  	probe assess_api(const char *path, int type, uint64_t flags);
85  	
86  	probe assess__outcome__accept(const char *path, int type, const char *label, const void *cdhash);
87  	probe assess__outcome__deny(const char *path, int type, const char *label, const void *cdhash);
88  	probe assess__outcome__default(const char *path, int type, const char *label, const void *cdhash);
89  	probe assess__outcome__unsigned(const char *path, int type);
90  	probe assess__outcome__broken(const char *path, int type, bool exception_made);
91  
92  	probe recorder_mode(const char *path, int type, const char *label, const void *cdhash, int flags);
93  	probe recorder_mode_adhoc_path(const char *path, int type, const char *sig_path);	// path containing adhoc signature recorded
94  	
95  	probe assess_cache_hit();
96  	probe assess_local();
97  	probe assess_remote();
98  };