OSX/libsecurity_codesigning/dtrace/sp-watch.d

   1 #!/usr/sbin/dtrace -qs
   2 #
   3 #
   4 #
   5 self unsigned char *cdhash;
   6
   7 syspolicy*:::assess-*
   8 {
   9         self->cdhash = 0;
  10 }
  11
  12 self string type;
  13 syspolicy*:::assess-outcome-* { self->type = "???"; }
  14 syspolicy*:::assess-outcome-* / arg1 == 1 / { self->type = "execute"; }
  15 syspolicy*:::assess-outcome-* / arg1 == 2 / { self->type = "install"; }
  16 syspolicy*:::assess-outcome-* / arg1 == 3 / { self->type = "open"; }
  17
  18 syspolicy*:::assess-outcome-accept
  19 {
  20         printf("accept %s %s;%s", self->type, copyinstr(arg0), copyinstr(arg2));
  21         self->cdhash = copyin(arg3, 20);
  22 }
  23
  24 syspolicy*:::assess-outcome-deny
  25 {
  26         printf("deny %s %s;%s", self->type, copyinstr(arg0), copyinstr(arg2));
  27         self->cdhash = copyin(arg3, 20);
  28 }
  29
  30 syspolicy*:::assess-outcome-default
  31 {
  32         printf("default %s %s;%s", self->type, copyinstr(arg0), copyinstr(arg2));
  33         self->cdhash = copyin(arg3, 20);
  34 }
  35
  36 syspolicy*:::assess-outcome-unsigned
  37 {
  38         printf("unsigned %s %s;", self->type, copyinstr(arg0));
  39 }
  40
  41 syspolicy*:::assess-*
  42 / self->cdhash /
  43 {
  44         printf(";%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x%02.2x",
  45                 self->cdhash[0], self->cdhash[1], self->cdhash[2], self->cdhash[3], self->cdhash[4],
  46                 self->cdhash[5], self->cdhash[6], self->cdhash[7], self->cdhash[8], self->cdhash[9],
  47                 self->cdhash[10], self->cdhash[11], self->cdhash[12], self->cdhash[13], self->cdhash[14],
  48                 self->cdhash[15], self->cdhash[16], self->cdhash[17], self->cdhash[18], self->cdhash[19]);
  49 }
  50
  51 syspolicy*:::assess-*
  52 {
  53         printf("\n");
  54 }