OSX/libsecurity_codesigning/dtrace/reqint.d

   1 #!/usr/sbin/dtrace -q -s
   2
   3
   4 string opnames[unsigned];       /* common opcode names */
   5
   6
   7 dtrace:::BEGIN
   8 {
   9         printf("ready...\n");
  10         opnames[0] = "never";
  11         opnames[1] = "always";
  12         opnames[2] = "identifier...";
  13         opnames[3] = "anchor apple";
  14         opnames[4] = "anchor = ...";
  15         opnames[5] = "!legacy infokey!";
  16         opnames[6] = "AND";
  17         opnames[7] = "OR";
  18         opnames[8] = "cdhash";
  19         opnames[9] = "NOT";
  20         opnames[10] = "info[...]";
  21         opnames[11] = "cert[subject...]";
  22         opnames[12] = "anchor trusted...";
  23         opnames[13] = "anchor trusted...";
  24         opnames[14] = "cert[field...]";
  25         opnames[15] = "anchor apple generic";
  26         opnames[16] = "entitlement[...]";
  27         opnames[17] = "cert[policy...]";
  28         opnames[18] = "anchor NAMED";
  29         opnames[19] = "(NAMED)";
  30 }
  31
  32
  33 codesign*:::eval-reqint-start
  34 {
  35         printf("%8u %s[%d] START(%p,%d)\n",
  36                 timestamp, execname, pid,
  37                 arg0, arg1);
  38 }
  39
  40 codesign*:::eval-reqint-end
  41 {
  42         @eval[arg1] = count();
  43 }
  44
  45 codesign*:::eval-reqint-end
  46 / arg1 == 0 /
  47 {
  48         printf("%8u %s[%d] SUCCESS\n",
  49                 timestamp, execname, pid);
  50 }
  51
  52 codesign*:::eval-reqint-end
  53 / arg1 == 4294900246 /
  54 {
  55         printf("%8u %s[%d] FAIL\n",
  56                 timestamp, execname, pid);
  57 }
  58
  59 codesign*:::eval-reqint-end
  60 / arg1 != 4294900246 && arg1 != 0 /
  61 {
  62         printf("%8u %s[%d] FAIL(%d)\n",
  63                 timestamp, execname, pid,
  64                 arg1);
  65 }
  66
  67 codesign*:::eval-reqint-unknown*
  68 {
  69         printf("%8u %s[%d] %s(%d)\n",
  70                 timestamp, execname, pid, probename,
  71                 arg0);
  72 }
  73
  74 codesign*:::eval-reqint-fragment-load
  75 / arg2 != 0 /
  76 {
  77         printf("%8u %s[%d] frag-load(%s,%s,%p)\n",
  78                 timestamp, execname, pid,
  79                 copyinstr(arg0), copyinstr(arg1), arg2);
  80         @fragload[copyinstr(arg0), copyinstr(arg1)] = count();
  81         @fraguse[copyinstr(arg0), copyinstr(arg1)] = count();
  82 }
  83
  84 codesign*:::eval-reqint-fragment-load
  85 / arg2 == 0 /
  86 {
  87         printf("%8u %s[%d] frag-load(%s,%s,FAILED)\n",
  88                 timestamp, execname, pid,
  89                 copyinstr(arg0), copyinstr(arg1));
  90         @fragload[copyinstr(arg0), copyinstr(arg1)] = count();
  91         @fraguse[copyinstr(arg0), copyinstr(arg1)] = count();
  92 }
  93
  94 codesign*:::eval-reqint-fragment-hit
  95 {
  96         printf("%8u %s[%d] frag-hit(%s,%s)\n",
  97                 timestamp, execname, pid,
  98                 copyinstr(arg0), copyinstr(arg1));
  99         @fraguse[copyinstr(arg0), copyinstr(arg1)] = count();
 100 }
 101
 102
 103 /*
 104  * Trace opcodes as they're encountered and evaluated
 105  */
 106 codesign*:::eval-reqint-op
 107 {
 108         self->traced = 0;
 109         @opcodes[arg0] = count();
 110 }
 111
 112 codesign*:::eval-reqint-op
 113 / !self->traced /
 114 {
 115         printf("%8u %s[%d] %s\n", timestamp, execname, pid,
 116                 opnames[arg0]);
 117 }
 118
 119
 120 /*
 121  * Print out aggregates at the end
 122  */
 123 dtrace:::END
 124 {
 125         printf("\nREQUIREMENT EVALUATIONS:\n");
 126         printa("\t%d (%@d)\n", @eval);
 127
 128         printf("\nREQUIREMENT OPCODES EVALUATED:\n");
 129         printa("\t%5d (%@d)\n", @opcodes);
 130
 131         printf("\nFRAGMENTS LOADED:\n");
 132         printa("\t%s %s (%@d)\n", @fragload);
 133 }