1/* 2 * DTrace static providers at the Code Signing layer 3 */ 4#define int32_t int 5#define uint32_t unsigned 6#define mach_port_t uint32_t 7 8 9/* 10 * Basic semantic events of the code signing subsystem 11 */ 12provider codesign { 13 probe diskrep__create__macho(void *me, const char *path, const void *ctx); 14 probe diskrep__create__bundle__path(void *me, const char *path, void *ctx, void *exec); 15 probe diskrep__create__bundle__ref(void *me, void *cfbundle, void *ctx, void *exec); 16 probe diskrep__create__file(void *me, const char *path); 17 probe diskrep__create__cfm(void *me, const char *path); 18 probe diskrep__create__slc(void *me, const char *path); 19 probe diskrep__create__detached(void *me, void *orig, const char *source, void *glob); 20 probe diskrep__create__kernel(void *me); 21 probe diskrep__destroy(void *me); 22 23 probe static__create(void *me, void *host); 24 probe dynamic__create(void *me, void *rep); 25 26 probe static__cdhash(void *me, const void *cdhash, uint32_t length); 27 probe static__attach__explicit(void *me, void *rep); 28 probe static__attach__system(void *me, void *rep); 29 30 probe eval__dynamic__start(void *me, const char *path); 31 probe eval__dynamic__end(void *me); 32 probe eval__dynamic__root(void *me); 33 34 probe eval__static__start(void *me, const char *path); 35 probe eval__static__end(void *me); 36 probe eval__static__reset(void *me); 37 38 probe eval__static__executable__start(void *me, const char *path, uint32_t pages); 39 probe eval__static__executable__fail(void *me, uint32_t badPage); 40 probe eval__static__executable__end(void *me); 41 probe eval__static__resources__start(void *me, const char *path, int count); 42 probe eval__static__resources__end(void *me); 43 44 probe eval__static__directory(void *me); 45 probe eval__static__intreq__start(void *me, uint32_t reqType, void *target, int32_t nullError); 46 probe eval__static__intreq__end(void *me); 47 48 probe eval__static__signature__start(void *me, const char *path); 49 probe eval__static__signature__adhoc(void *me); 50 probe eval__static__signature__result(void *me, uint32_t result, uint32_t chainLength); 51 probe eval__static__signature__expired(void *me); 52 probe eval__static__signature__end(void *me); 53 54 probe eval__reqint__start(const void *reqdata, uint32_t reqlength); 55 probe eval__reqint__end(const void *reqdata, uint32_t result); 56 probe eval__reqint__op(uint32_t opcode, uint32_t offset); 57 probe eval__reqint__unknown_false(uint32_t opcode); 58 probe eval__reqint__unknown_skipped(uint32_t opcode); 59 probe eval__reqint__fragment__load(const char *type, const char *name, const void *req); 60 probe eval__reqint__fragment__hit(const char *type, const char *name); 61 62 probe guest__hostingport(void *host, mach_port_t hostingPort); 63 probe guest__locate__generic(void *host, uint32_t *guestPath, uint32_t guestPathLength, mach_port_t subport); 64 probe guest__identify__process(void *guest, uint32_t guestPid, void *code); 65 probe guest__cdhash__process(void *code, const void *cdhash, uint32_t length); 66 probe guest__identify__generic(void *guest, uint32_t guestRef, void *code); 67 probe guest__cdhash__generic(void *code, const void *cdhash, uint32_t length); 68 69 probe allocate__validate(const char *path, uint32_t pid); 70 probe allocate__arch(const char *arch, uint32_t size); 71 probe allocate__archn(uint32_t cputype, uint32_t cpusubtype, uint32_t size); 72 probe allocate__write(const char *arch, off_t offset, uint32_t length, uint32_t available); 73 74 probe sign__dep__macho(void *me, const char *name, const void *requirement); 75 probe sign__dep__interp(void *me, const char *name, const void *requirement); 76 77 probe load__antlr(); 78}; 79 80 81provider syspolicy { 82 probe assess_api(const char *path, int type, uint64_t flags); 83 84 probe assess__outcome__accept(const char *path, int type, const char *label, const void *cdhash); 85 probe assess__outcome__deny(const char *path, int type, const char *label, const void *cdhash); 86 probe assess__outcome__default(const char *path, int type, const char *label, const void *cdhash); 87 probe assess__outcome__unsigned(const char *path, int type); 88 probe assess__outcome__broken(const char *path, int type, bool exception_made); 89 90 probe recorder_mode(const char *path, int type, const char *label, const void *cdhash, int flags); 91 probe recorder_mode_adhoc_path(const char *path, int type, const char *sig_path); // path containing adhoc signature recorded 92 93 probe assess_cache_hit(); 94 probe assess_local(); 95 probe assess_remote(); 96}; 97