Client

Overview

Create an Endpoint Security client with es_new_client(_:_:), then use this client to subscribe to event types of interest to your app or system extension. When Endpoint Security monitors an event your client subscribes to, it sends a message that describes the event to your client. When you no longer need the client, remove it with es_delete_client(_:).

The following code creates a client and handles any errors returned by es_new_client(_:_:). If client creation succeeds, the code subscribes the client to the ES_EVENT_TYPE_AUTH_EXEC event. The handler passed to es_new_client(_:_:) allows any such event to proceed.

// Create the client.
es_client_t *client = NULL;
es_new_client_result_t newClientResult =
es_new_client(&client,
              ^(es_client_t * client, const es_message_t * message) {
    switch (message->event_type) {
        case ES_EVENT_TYPE_AUTH_EXEC:
            es_respond_auth_result(client, message, ES_AUTH_RESULT_ALLOW, true);
            break;
        default:
            panic("Found unexpected event type: %i", message->event_type);
            break;
    }
});

// Handle any errors encountered while creating the client.
switch (newClientResult) {
    case ES_NEW_CLIENT_RESULT_SUCCESS:
        // Client created successfully; continue.
        break;
    case ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED:
        panic("Extension is missing entitlement.");
        break;
    case ES_NEW_CLIENT_RESULT_ERR_NOT_PRIVILEGED:
        panic ("Extension is not running as root.");
        break;
    case ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED:
        // Prompt user to perform Transparency, Consent,
        // and Control (TCC) approval.
        // This error is recoverable; the user can try again after
        // approving the TCC prompt.
        return YOUR_NEW_CLIENT_ERROR_CODE_PROMPT_TCC;
        break;
    case ES_NEW_CLIENT_RESULT_ERR_INVALID_ARGUMENT:
        panic ("Invalid argument to es_new_client(); client or handler was null.");
        break;
    case ES_NEW_CLIENT_RESULT_ERR_TOO_MANY_CLIENTS:
        panic ("Exceeded maximum number of simultaneously-connected ES clients.");
        break;
    case ES_NEW_CLIENT_RESULT_ERR_INTERNAL:
        panic ("Failed to connect to the Endpoint Security subsystem.");
        break;
}

// Subscribe the client to the ES_EVENT_TYPE_AUTH_EXEC event.
// When the client receives a message with this event type, it must authorize
// (allow or deny) the event.
es_event_type_t eventTypes[1] = { ES_EVENT_TYPE_AUTH_EXEC };
es_return_t subscribeResult = es_subscribe(client, eventTypes, sizeof(eventTypes));
if (subscribeResult != ES_RETURN_SUCCESS) {
    panic ("Client failed to subscribe to event."); 
}

Topics

Creating a Client

• es_new_client(_:_:)
• es_handler_block_t
• es_new_client_result_t

Destroying a Client

• es_delete_client(_:)

Subscribing to Events

• es_subscribe(_:_:_:)
• es_subscriptions(_:_:_:)
• es_unsubscribe(_:_:_:)
• es_event_type_t
• es_unsubscribe_all(_:)

Responding to Events

• es_respond_auth_result(_:_:_:_:)
• es_auth_result_t
• es_respond_flags_result(_:_:_:_:)
• es_respond_result_t

Managing Cached Results

• es_clear_cache(_:)
• es_clear_cache_result_t

Muting Events

• es_mute_process(_:_:)
• es_mute_process_events(_:_:_:_:)
• es_muted_processes_t
• es_release_muted_processes(_:)
• es_muted_processes_events(_:_:)
• es_mute_path(_:_:_:)
• es_mute_path_events(_:_:_:_:_:)
• es_mute_path_type_t
• es_muted_paths_events(_:_:)
• es_muted_paths_t
• es_release_muted_paths(_:)

Unmuting Events

• es_unmute_process(_:_:)
• es_unmute_process_events(_:_:_:_:)
• es_unmute_path(_:_:_:)
• es_unmute_path_events(_:_:_:_:_:)
• es_mute_path_type_t
• es_unmute_all_paths(_:)

Deprecated Functions

• es_muted_processes(_:_:_:)
• es_mute_path_literal(_:_:)
• es_mute_path_prefix(_:_:)

Supporting Types

• es_return_t

See Also

Event Monitoring

• Message
• Event Types