]> git.saurik.com Git - apple/securityd.git/blob - dtrace/securityd-watch.d
projects / apple / securityd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
securityd-36975.tar.gz
[apple/securityd.git] / dtrace / securityd-watch.d
1 #!/usr/sbin/dtrace -q -s
2
3
4 /*
5 * Tracking state
6 */
7 typedef uint32_t DTPort;
8 typedef uint64_t DTHandle;
9
10 DTHandle portmap[DTPort]; /* map client reply ports to connections */
11
12 struct connection {
13 DTPort replyport; /* reply port for client thread */
14 uint32_t client; /* client object for this connection */
15 };
16 struct connection connection[DTHandle]; /* indexed by connection handle */
17
18 /* should be a single self struct, but that doesn't work right... */
19 self string reqName; /* request name */
20 self DTHandle reqConnection; /* associated connection */
21 self DTHandle reqClient; /* associated client */
22
23 struct client {
24 pid_t pid; /* original client pid */
25 DTHandle session; /* session handle */
26 string name; /* abbreviated name */
27 string path; /* path to client process (regardless of guests) */
28 DTPort taskport; /* process task port */
29 };
30 struct client client[DTHandle]; /* indexed by client handle */
31
32 struct keychain {
33 string name; /* keychain path */
34 };
35 struct keychain keychain[DTHandle]; /* indexed by DbCommon handle */
36
37
38 /*
39 * Script management
40 */
41 :::BEGIN
42 {
43 /* fake data for unknown processes */
44 client[0].pid = 0;
45 client[0].session = 0;
46 client[0].name = "*UNKNOWN*";
47 client[0].path = "*UNKNOWN*";
48
49 printf("Ready...\n");
50 }
51
52
53 /*
54 * Translate thread id
55 */
56 uint32_t threads[DTHandle]; /* map tids to simple thread numbers */
57 uint32_t nextThread; /* next unused thread number */
58 self uint32_t mytid; /* translated tid */
59
60 securityd*::: /!threads[tid]/ { threads[tid] = ++nextThread; }
61 security_debug*::: /!threads[tid]/ { threads[tid] = ++nextThread; }
62
63 securityd*::: { self->mytid = threads[tid]; }
64 security_debug*::: { self->mytid = threads[tid]; }
65
66
67 /*
68 * Principal events
69 */
70 securityd*:::installmode
71 {
72 printf("%u SYSTEM INSTALLATION MODE SELECTED\n", timestamp);
73 }
74
75 securityd*:::initialized
76 {
77 printf("%u COMMENCING SERVICE as %s\n", timestamp, copyinstr(arg0));
78 }
79
80
81 /*
82 * Client management
83 */
84 securityd*:::client-connection-new
85 {
86 replymap[arg1] = arg0;
87 self->reqClient = arg2;
88 connection[arg0].client = self->reqClient;
89 self->reqConnection = arg0;
90 @total["Connections"] = count();
91 printf("%u T%d:connection-new(<%x>,port=%d,client=<%x>/%s(%d))\n",
92 timestamp, self->mytid, arg0, arg1,
93 arg2, client[arg2].name, client[arg2].pid);
94 }
95
96 securityd*:::client-connection-release
97 /connection[arg0].client/
98 {
99 printf("%u T%d:connection-release(<%x>,client=<%x>/%s(%d))\n",
100 timestamp, self->mytid, arg0,
101 connection[arg0].client,
102 client[connection[arg0].client].name,
103 client[connection[arg0].client].pid);
104 replymap[connection[arg0].replyport] = 0; /* clear from port map */
105 connection[arg0].replyport = 0;
106 connection[arg0].client = 0;
107 }
108
109 securityd*:::client-new
110 {
111 client[arg0].pid = arg1;
112 client[arg0].session = arg2;
113 client[arg0].path = copyinstr(arg3);
114 client[arg0].name = basename(client[arg0].path);
115 client[arg0].taskport = arg4;
116 self->reqClient = arg0;
117 @total["Processes"] = count();
118 printf("%u T%d:client-new(<%x>,%s(%d),session=<%x>,task=%d)\n",
119 timestamp, self->mytid, arg0,
120 client[arg0].path, client[arg0].pid,
121 client[arg0].session, client[arg0].taskport);
122 }
123
124 securityd*:::client-release
125 {
126 printf("%u T%d:client-release(<%x>,%s(%d))\n",
127 timestamp, self->mytid, arg0, client[arg0].path, arg1);
128 client[arg0].pid = 0;
129 }
130
131 securityd*:::client-change_session
132 {
133 printf("%u T%d:client-change_session(<%x>,new session=<%x>)\n",
134 timestamp, self->mytid, arg0, arg1);
135 client[arg0].pid = 0;
136 }
137
138
139 /*
140 * Client requests
141 */
142 uint32_t connections[DTHandle];
143 uint32_t nextConnection;
144 self uint32_t myConnection;
145
146 securityd*:::request-entry
147 /!connections[arg1]/
148 { connections[arg1] = ++nextConnection; }
149
150 securityd*:::request-entry
151 {
152 self->reqName = copyinstr(arg0);
153 self->reqConnection = arg1;
154 self->myConnection = connections[arg1];
155 self->reqClient = arg2;
156 this->client = client[self->reqClient];
157 }
158
159 securityd*:::request-entry
160 /this->client.pid/
161 {
162 printf("%u T%d:C%d:%s(%d)%s\n",
163 timestamp, self->mytid, self->myConnection, this->client.name, this->client.pid, self->reqName);
164 @request[client[self->reqClient].name, self->reqName] = count();
165 }
166
167 securityd*:::request-entry
168 /!this->client.pid/
169 {
170 printf("%u T%d:C%d:%s\n",
171 timestamp, self->mytid, self->myConnection, self->reqName);
172 }
173
174 securityd*:::request-entry
175 {
176 @requests[self->reqName] = count();
177 @total["Requests"] = count();
178 }
179
180 securityd*:::request-return
181 /self->reqConnection && arg0 == 0/
182 {
183 printf("%u T%d:C%d:return\n",
184 timestamp, self->mytid, self->myConnection);
185 }
186
187 securityd*:::request-return
188 /self->reqConnection && arg0 != 0/
189 {
190 printf("%u T%d:C%d:FAIL(%d)\n",
191 timestamp, self->mytid, self->myConnection, arg0);
192 }
193
194 securityd*:::request-return
195 {
196 self->reqConnection = 0;
197 self->reqClient = 0;
198 }
199
200
201 /*
202 * Sessions
203 */
204 securityd*:::session-*
205 {
206 printf("%u T%d:%s(<%x>,0x%x)\n", timestamp, self->mytid, probename, arg0, arg1);
207 }
208
209
210 /*
211 * Keychains
212 */
213 securityd*:::keychain-*
214 {
215 this->path = copyinstr(arg1);
216 printf("%u T%d:%s(<%x>,%s)\n", timestamp, self->mytid, probename, arg0, this->path);
217 @keychain[this->path, probename] = count();
218 }
219
220
221 /*
222 * Low-level port events
223 */
224 securityd*:::ports-*
225 {
226 printf("%u T%d:%s(%d)\n", timestamp, self->mytid, probename, arg0);
227 }
228
229
230 /*
231 * Code signing
232 */
233 securityd*:::guest-create
234 {
235 printf("%u T%d:guest-create(<%x>,host=<%x>,guest=<%x>,status=0x%x,flags=0x%x,path=%s)\n",
236 timestamp, self->mytid, arg0, arg1, arg2, arg3, arg4, copyinstr(arg5));
237 @total["Guests"] = count();
238 }
239
240 securityd*:::guest-change
241 {
242 printf("%u T%d:guest-change(<%x>,<%x>,status=0x%x)\n", timestamp, self->mytid, arg0, arg1, arg2);
243 }
244
245 securityd*:::guest-destroy
246 {
247 printf("%u T%d:guest-destroy(<%x>,<%x>)\n", timestamp, self->mytid, arg0, arg1);
248 }
249
250 securityd*:::host-register,
251 securityd*:::host-proxy
252 {
253 printf("%u T%d:%s(<%x>,port=%d)\n", timestamp, self->mytid, probename, arg0, arg1);
254 @total["Hosts"] = count();
255 }
256
257 securityd*:::host-unregister
258 {
259 printf("%u T%d:host-unregister(<%x>)\n", timestamp, self->mytid, arg0);
260 }
261
262
263 /*
264 * Child management
265 */
266 securityd*:::child-*
267 {
268 printf("%u T%d:%s(%d,%d)\n", timestamp, self->mytid, probename, arg0, arg1);
269 }
270
271
272 /*
273 * Power events
274 */
275 securityd*:::power-*
276 {
277 printf("%u T%d:POWER(%s)\n", timestamp, self->mytid, probename);
278 }
279
280
281 /*
282 * Authorization
283 */
284 securityd*:::auth-create
285 {
286 printf("%u T%d:%s ref(%#x) session(%#x)\n", timestamp, self->mytid, probename, arg1, arg0);
287 }
288
289 securityd*:::auth-allow,
290 securityd*:::auth-deny,
291 securityd*:::auth-user,
292 securityd*:::auth-rules,
293 securityd*:::auth-kofn,
294 securityd*:::auth-mechrule
295 {
296 printf("%u T%d:%s ref(%#x) rule(%s)\n", timestamp, self->mytid, probename, arg0, copyinstr(arg1));
297 }
298
299 securityd*:::auth-mech
300 {
301 printf("%u T%d:%s ref(%#x) (%s)\n", timestamp, self->mytid, probename, arg0, copyinstr(arg1));
302 }
303
304 securityd*:::auth-user-allowroot,
305 securityd*:::auth-user-allowsessionowner
306 {
307 printf("%u T%d:%s ref(%#x)\n", timestamp, self->mytid, probename, arg0);
308 }
309
310 securityd*:::auth-evalright
311 {
312 printf("%u T%d:%s ref(%#x) %s (%d)\n", timestamp, self->mytid, probename, arg0, copyinstr(arg1), arg2);
313 }
314
315
316 /*
317 * Miscellanea
318 */
319 securityd*:::entropy-collect
320 {
321 printf("%u T%d:entropy-collect()\n", timestamp, tid);
322 }
323
324 securityd*:::entropy-seed
325 {
326 printf("%u T%d:entropy-seed(%d)\n", timestamp, self->mytid, arg0);
327 }
328
329 securityd*:::entropy-save
330 {
331 printf("%u T%d:entropy-save(%s)\n", timestamp, self->mytid, copyinstr(arg0));
332 }
333
334 securityd*:::signal-*
335 {
336 printf("%u T%d:%s(%d)\n", timestamp, self->mytid, probename, arg0);
337 }
338
339
340 /*
341 * Integrate secdebug logs
342 */
343 security_debug*:::log
344 /execname == "securityd"/
345 {
346 printf("%u T%d:[%s]%s\n", timestamp, threads[tid],
347 copyinstr(arg0), copyinstr(arg1));
348 }
349
350 security_exception*:::throw-*
351 /execname == "securityd"/
352 {
353 printf("%u T%d:EXCEPTION(%p) THROWN %s(%d)\n", timestamp, threads[tid],
354 arg0, probename, arg1);
355 }
356
357
358 /*
359 * Wrapup
360 */
361 :::END
362 {
363 printa("%@8u %s\n", @total);
364 printf("\n Requests:\n");
365 printa("%@8u %s\n", @requests);
366 printf("\n Requests by client:\n");
367 printa("%@8u %s:%s\n", @request);
368 printf("\n Keychains by path and operation:\n");
369 printa("%@8u %s(%s)\n", @keychain);
370 }
mirror of securityd