endpointsecurity

package
v0.6.12 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package endpointsecurity provides Go bindings for the EndpointSecurity framework.

Develop system extensions that enhance user security.

Endpoint Security is a C API for monitoring system events for potentially malicious activity. You can write your client in any language that supports native calls. Your client registers with Endpoint Security to authorize pending events, or receive notifications of events that already occurred. These events include process executions, mounting file systems, forking processes, and raising signals.

Event Monitoring

Entitlements

Type Aliases

  • EsStatfs: This typedef is no longer used, but exists for API backwards compatibility.

Enumerations

Code generated from Apple documentation. DO NOT EDIT.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EsExecArgCount added in v0.6.11 

func EsExecArgCount(event *EsEventExec) uint32

EsExecArgCount gets the number of arguments from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_arg_count(_:)

func EsExecEnvCount added in v0.6.11 

func EsExecEnvCount(event *EsEventExec) uint32

EsExecEnvCount gets the number of environment variables from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_env_count(_:)

func EsExecFdCount added in v0.6.11 

func EsExecFdCount(event *EsEventExec) uint32

EsExecFdCount gets the number of file descriptors from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_fd_count(_:)

func EsReleaseMessage added in v0.6.11 

func EsReleaseMessage(msg *EsMessage)

EsReleaseMessage releases a previously-retained message.

See: https://developer.apple.com/documentation/EndpointSecurity/es_release_message(_:)

func EsReleaseMutedPaths added in v0.6.11 

func EsReleaseMutedPaths(muted_paths *EsMutedPaths)

EsReleaseMutedPaths frees resources associated with a set of previously-retrieved muted paths.

See: https://developer.apple.com/documentation/EndpointSecurity/es_release_muted_paths(_:)

func EsReleaseMutedProcesses added in v0.6.11 

func EsReleaseMutedProcesses(muted_processes *EsMutedProcesses)

EsReleaseMutedProcesses frees resources associated with a set of previously-retrieved muted processes.

See: https://developer.apple.com/documentation/EndpointSecurity/es_release_muted_processes(_:)

func EsRetainMessage added in v0.6.11 

func EsRetainMessage(msg *EsMessage)

EsRetainMessage retains the given message, extending its lifetime until released.

See: https://developer.apple.com/documentation/EndpointSecurity/es_retain_message(_:)

func NewEsHandlerBlock added in v0.6.11 

func NewEsHandlerBlock(handler EsHandlerBlock) (objc.ID, func())

NewEsHandlerBlock wraps a Go EsHandlerBlock as an Objective-C block. The caller must defer the returned cleanup function.

Types

type EsActionType added in v0.5.1 

type EsActionType int32
const (
	// EsActionTypeAuth: The authentication action type.
	EsActionTypeAuth EsActionType = 0
	// EsActionTypeNotify: The notification action type.
	EsActionTypeNotify EsActionType = 1
)

func (EsActionType) String added in v0.5.1 

func (e EsActionType) String() string

type EsAddressType added in v0.5.1 

type EsAddressType int32
const (
	EsAddressTypeIpv4        EsAddressType = 1
	EsAddressTypeIpv6        EsAddressType = 2
	EsAddressTypeNamedSocket EsAddressType = 3
	EsAddressTypeNone        EsAddressType = 0
)

func (EsAddressType) String added in v0.5.1 

func (e EsAddressType) String() string

type EsAuthResult added in v0.5.1 

type EsAuthResult int32
const (
	// EsAuthResultAllow: The caller authorizes the event and allows it to continue.
	EsAuthResultAllow EsAuthResult = 0
	// EsAuthResultDeny: The caller denies authorization to the event and prevents it from continuing.
	EsAuthResultDeny EsAuthResult = 1
)

func (EsAuthResult) String added in v0.5.1 

func (e EsAuthResult) String() string

type EsAuthenticationType added in v0.5.1 

type EsAuthenticationType int32
const (
	EsAuthenticationTypeAutoUnlock EsAuthenticationType = 3
	EsAuthenticationTypeLast       EsAuthenticationType = 4
	EsAuthenticationTypeOd         EsAuthenticationType = 0
	EsAuthenticationTypeToken      EsAuthenticationType = 2
	EsAuthenticationTypeTouchid    EsAuthenticationType = 1
)

func (EsAuthenticationType) String added in v0.5.1 

func (e EsAuthenticationType) String() string

type EsAuthorizationResult added in v0.6.11 

type EsAuthorizationResult struct {
	Right_name EsStringToken
	Rule_class EsAuthorizationRuleClass
	Granted    bool
}

EsAuthorizationResult

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_authorization_result_t

type EsAuthorizationRuleClass added in v0.5.1 

type EsAuthorizationRuleClass int32
const (
	EsAuthorizationRuleClassAllow     EsAuthorizationRuleClass = 3
	EsAuthorizationRuleClassDeny      EsAuthorizationRuleClass = 4
	EsAuthorizationRuleClassInvalid   EsAuthorizationRuleClass = 6
	EsAuthorizationRuleClassMechanism EsAuthorizationRuleClass = 2
	EsAuthorizationRuleClassRule      EsAuthorizationRuleClass = 1
	EsAuthorizationRuleClassUnknown   EsAuthorizationRuleClass = 5
	EsAuthorizationRuleClassUser      EsAuthorizationRuleClass = 0
)

func (EsAuthorizationRuleClass) String added in v0.5.1 

func (e EsAuthorizationRuleClass) String() string

type EsAutoUnlockType added in v0.6.4 

type EsAutoUnlockType int32
const (
	EsAutoUnlockAuthPrompt    EsAutoUnlockType = 2
	EsAutoUnlockMachineUnlock EsAutoUnlockType = 1
)

func (EsAutoUnlockType) String added in v0.6.11 

func (e EsAutoUnlockType) String() string

type EsBtmItemType added in v0.5.1 

type EsBtmItemType int32
const (
	EsBtmItemTypeAgent     EsBtmItemType = 3
	EsBtmItemTypeApp       EsBtmItemType = 1
	EsBtmItemTypeDaemon    EsBtmItemType = 4
	EsBtmItemTypeLoginItem EsBtmItemType = 2
	EsBtmItemTypeUserItem  EsBtmItemType = 0
)

func (EsBtmItemType) String added in v0.5.1 

func (e EsBtmItemType) String() string

type EsBtmLaunchItem added in v0.6.11 

type EsBtmLaunchItem struct {
	Item_type EsBtmItemType
	Legacy    bool
	Managed   bool
	Uid       uint32
	Item_url  EsStringToken
	App_url   EsStringToken
}

EsBtmLaunchItem

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_btm_launch_item_t

type EsCdhash added in v0.6.4 

type EsCdhash = kernel.Pointer

See: https://developer.apple.com/documentation/EndpointSecurity/es_cdhash_t

type EsClearCacheResult added in v0.5.1 

type EsClearCacheResult int32
const (
	// EsClearCacheResultErrInternal: Communication with the Endpoint Security system failed.
	EsClearCacheResultErrInternal EsClearCacheResult = 1
	// EsClearCacheResultErrThrottle: Clearing the cache failed because the rate of calls was too high.
	EsClearCacheResultErrThrottle EsClearCacheResult = 2
	// EsClearCacheResultSuccess: Clearing the cache succeeded.
	EsClearCacheResultSuccess EsClearCacheResult = 0
)

func EsClearCache added in v0.6.11 

func EsClearCache(client *EsClient) EsClearCacheResult

EsClearCache clears all cached results for all clients.

See: https://developer.apple.com/documentation/EndpointSecurity/es_clear_cache(_:)

func (EsClearCacheResult) String added in v0.5.1 

func (e EsClearCacheResult) String() string

type EsClient added in v0.6.4 

type EsClient = kernel.Pointer

EsClient is an opaque type that stores the Endpoint Security client state.

See: https://developer.apple.com/documentation/EndpointSecurity/es_client_t

type EsCsValidationCategory added in v0.5.1 

type EsCsValidationCategory int32
const (
	EsCsValidationCategoryAppStore     EsCsValidationCategory = 4
	EsCsValidationCategoryDeveloperID  EsCsValidationCategory = 6
	EsCsValidationCategoryDevelopment  EsCsValidationCategory = 3
	EsCsValidationCategoryEnterprise   EsCsValidationCategory = 5
	EsCsValidationCategoryInvalid      EsCsValidationCategory = 0
	EsCsValidationCategoryLocalSigning EsCsValidationCategory = 7
	EsCsValidationCategoryNone         EsCsValidationCategory = 10
	EsCsValidationCategoryOopjit       EsCsValidationCategory = 9
	EsCsValidationCategoryPlatform     EsCsValidationCategory = 1
	EsCsValidationCategoryRosetta      EsCsValidationCategory = 8
	EsCsValidationCategoryTestflight   EsCsValidationCategory = 2
)

func (EsCsValidationCategory) String added in v0.5.1 

func (e EsCsValidationCategory) String() string

type EsDestinationType added in v0.5.1 

type EsDestinationType int32
const (
	// EsDestinationTypeExistingFile: The destination is an existing file.
	EsDestinationTypeExistingFile EsDestinationType = 0
	// EsDestinationTypeNewPath: The destination is a path to a new location.
	EsDestinationTypeNewPath EsDestinationType = 1
)

func (EsDestinationType) String added in v0.5.1 

func (e EsDestinationType) String() string

type EsEventAccess added in v0.6.11 

type EsEventAccess struct {
	Mode     int32   // The file access permission to check.
	Target   *EsFile // The file to check for access.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventAccess - A type for an event that indicates the checking of a file’s access permission.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_access_t

type EsEventAuthentication added in v0.6.11 

type EsEventAuthentication struct {
	Success bool
	Type    EsAuthenticationType
	Data    [8]byte
}

EsEventAuthentication

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_t

type EsEventAuthenticationAutoUnlock added in v0.6.11 

type EsEventAuthenticationAutoUnlock struct {
	Username EsStringToken
	Type     EsAutoUnlockType
}

EsEventAuthenticationAutoUnlock

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_auto_unlock_t

type EsEventAuthenticationOd added in v0.6.11 

type EsEventAuthenticationOd struct {
	Instigator       *EsProcess
	Record_type      EsStringToken
	Record_name      EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventAuthenticationOd

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_od_t

type EsEventAuthenticationToken added in v0.6.11 

type EsEventAuthenticationToken struct {
	Instigator         *EsProcess
	Pubkey_hash        EsStringToken
	Token_id           EsStringToken
	Kerberos_principal EsStringToken
	Instigator_token   [32]byte
}

EsEventAuthenticationToken

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_token_t

type EsEventAuthenticationTouchid added in v0.6.11 

type EsEventAuthenticationTouchid struct {
	Instigator       *EsProcess
	Touchid_mode     EsTouchidMode
	Has_uid          bool
	Instigator_token [32]byte
	Uid              [4]byte
}

EsEventAuthenticationTouchid

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_touchid_t

type EsEventAuthorizationJudgement added in v0.6.11 

type EsEventAuthorizationJudgement struct {
	Instigator       *EsProcess
	Petitioner       *EsProcess
	Return_code      int
	Result_count     uintptr
	Results          *EsAuthorizationResult
	Instigator_token [32]byte
	Petitioner_token [32]byte
}

EsEventAuthorizationJudgement

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authorization_judgement_t

type EsEventAuthorizationPetition added in v0.6.11 

type EsEventAuthorizationPetition struct {
	Instigator       *EsProcess
	Petitioner       *EsProcess
	Flags            uint32
	Right_count      uintptr
	Rights           *EsStringToken
	Instigator_token [32]byte
	Petitioner_token [32]byte
}

EsEventAuthorizationPetition

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authorization_petition_t

type EsEventBtmLaunchItemAdd added in v0.6.11 

type EsEventBtmLaunchItemAdd struct {
	Instigator       *EsProcess
	App              *EsProcess
	Item             *EsBtmLaunchItem
	Executable_path  EsStringToken
	Instigator_token *[32]byte
	App_token        *[32]byte
}

EsEventBtmLaunchItemAdd

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_btm_launch_item_add_t

type EsEventBtmLaunchItemRemove added in v0.6.11 

type EsEventBtmLaunchItemRemove struct {
	Instigator       *EsProcess
	App              *EsProcess
	Item             *EsBtmLaunchItem
	Instigator_token *[32]byte
	App_token        *[32]byte
}

EsEventBtmLaunchItemRemove

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_btm_launch_item_remove_t

type EsEventChdir added in v0.6.11 

type EsEventChdir struct {
	Target   *EsFile // The new current working directory.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventChdir - A type for an event that indicates a change to a process’s working directory.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_chdir_t

type EsEventChroot added in v0.6.11 

type EsEventChroot struct {
	Target   *EsFile // The new root directory.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventChroot - A type for an event that indicates a change to a process’s root directory.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_chroot_t

type EsEventClone added in v0.6.11 

type EsEventClone struct {
	Source      *EsFile       // The file to clone.
	Target_dir  *EsFile       // The directory that contains the cloned file.
	Target_name EsStringToken // The name of the newly cloned file.
	Reserved    uint8         // An unused field reserved for future use.

}

EsEventClone - A type for an event that indicates the cloning of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_clone_t

type EsEventClose added in v0.6.11 

type EsEventClose struct {
	Modified            bool    // A Boolean value that indicates whether the file has modifications.
	Target              *EsFile // The file to close.
	Reserved            uint8
	Was_mapped_writable bool
}

EsEventClose - A type for an event that indicates the closing of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_close_t

type EsEventCopyfile added in v0.6.11 

type EsEventCopyfile struct {
	Source      *EsFile       // The file to clone.
	Target_file *EsFile       // The file, if any, that exists at the target location.
	Target_dir  *EsFile       // The directory that contains the copied file.
	Target_name EsStringToken // The name of the newly copied file.
	Mode        uint16        // The mode argument of the system call.
	Flags       int32         // The flags argument of the system call.
	Reserved    uint8         // An unused field reserved for future use.

}

EsEventCopyfile - A type for an event that indicates the copying of a file by use of a system call.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_copyfile_t

type EsEventCreate added in v0.6.11 

type EsEventCreate struct {
	Destination_type EsDestinationType // The type of destination for the event, which can be either an existing file or information that describes a new file’s pending location.
	Destination      [32]byte          // The file system destination of the created file.
	Reserved2        uint8             // An unused field reserved for future use.
	Acl              unsafe.Pointer
	New_path         unsafe.Pointer
	Reserved         uint8
}

EsEventCreate - A type for an event that indicates the creation of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_create_t

type EsEventCsInvalidated added in v0.6.11 

type EsEventCsInvalidated struct {
	Reserved uint8 // An unused field reserved for future use.

}

EsEventCsInvalidated - A type for an event that indicates the invalidation of a process’ code signing status.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_cs_invalidated_t

type EsEventDeleteextattr added in v0.6.11 

type EsEventDeleteextattr struct {
	Target   *EsFile       // The file containing extended attributes to delete.
	Extattr  EsStringToken // The extended attribute to delete.
	Reserved uint8         // An unused field reserved for future use.

}

EsEventDeleteextattr - A type for an event that indicates the deletion of an extended attribute from a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_deleteextattr_t

type EsEventDup added in v0.6.11 

type EsEventDup struct {
	Target   *EsFile // The file that the duplicated file descriptor points to.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventDup - A type for an event that indicates the duplication of a file descriptor.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_dup_t

type EsEventExchangedata added in v0.6.11 

type EsEventExchangedata struct {
	File1    *EsFile // The first file involved in the data exchange.
	File2    *EsFile // The second file involved in the data exchange.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventExchangedata - A type for an event that indicates the exchange of data between two files.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_exchangedata_t

type EsEventExec added in v0.6.11 

type EsEventExec struct {
	Target           *EsProcess // The process to execute.
	Dyld_exec_path   EsStringToken
	Cwd              *EsFile
	Image_cpusubtype int32
	Image_cputype    int32
	Last_fd          int
	Reserved         uint8
	Script           *EsFile
}

EsEventExec - A type for an event that indicates the execution of a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_exec_t

type EsEventExit added in v0.6.11 

type EsEventExit struct {
	Stat     int   // The exit status of the process.
	Reserved uint8 // An unused field reserved for future use.

}

EsEventExit - A type for an event that indicates a process exiting.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_exit_t

type EsEventFcntl added in v0.6.11 

type EsEventFcntl struct {
	Target   *EsFile // The target file to modify.
	Cmd      int32   // The file descriptor modification command.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventFcntl - A type for an event that indicates the manipulation of a file descriptor.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_fcntl_t

type EsEventFileProviderMaterialize added in v0.6.11 

type EsEventFileProviderMaterialize struct {
	Instigator       *EsProcess // The process that instigated the event.
	Source           *EsFile    // The source file.
	Target           *EsFile    // The target fle.
	Instigator_token [32]byte
	Reserved         uint8 // An unused field reserved for future use.

}

EsEventFileProviderMaterialize - A type for an event that indicates the materialization of a file provider.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_file_provider_materialize_t

type EsEventFileProviderUpdate added in v0.6.11 

type EsEventFileProviderUpdate struct {
	Source      *EsFile       // The source file of the event.
	Target_path EsStringToken // The target path to update.
	Reserved    uint8         // An unused field reserved for future use.

}

EsEventFileProviderUpdate - A type for an event that indicates an update to a file provider.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_file_provider_update_t

type EsEventFork added in v0.6.11 

type EsEventFork struct {
	Child    *EsProcess // The forked child process.
	Reserved uint8      // An unused field reserved for future use.

}

EsEventFork - A type for an event that indicates the forking of a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_fork_t

type EsEventFsgetpath added in v0.6.11 

type EsEventFsgetpath struct {
	Target   *EsFile // The file-system path of the targeted file.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventFsgetpath - A type for an event that indicates the retrieval of a file-system path.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_fsgetpath_t

type EsEventGatekeeperUserOverride added in v0.6.11 

type EsEventGatekeeperUserOverride struct {
	File_type    EsGatekeeperUserOverrideFileType
	Sha256       *EsSha256
	Signing_info *EsSignedFileInfo
	File         [16]byte
}

EsEventGatekeeperUserOverride

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_gatekeeper_user_override_t

type EsEventGetTask added in v0.6.11 

type EsEventGetTask struct {
	Target   *EsProcess // The process targeted by this event.
	Type     EsGetTaskType
	Reserved uint8 // An unused field reserved for future use.

}

EsEventGetTask - A type for an event that indicates the retrieval of a task’s control port.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_get_task_t

type EsEventGetTaskInspect added in v0.6.11 

type EsEventGetTaskInspect struct {
	Target   *EsProcess // The process targeted by this event.
	Type     EsGetTaskType
	Reserved uint8 // An unused field reserved for future use.

}

EsEventGetTaskInspect - A type for an event that indicates the retrieval of a task’s inspect port.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_get_task_inspect_t

type EsEventGetTaskName added in v0.6.11 

type EsEventGetTaskName struct {
	Target   *EsProcess // The process targeted by this event.
	Type     EsGetTaskType
	Reserved uint8 // An unused field reserved for future use.

}

EsEventGetTaskName - A type for an event that indicates the retrieval of a task’s name port.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_get_task_name_t

type EsEventGetTaskRead added in v0.6.11 

type EsEventGetTaskRead struct {
	Target   *EsProcess // The process targeted by this event.
	Type     EsGetTaskType
	Reserved uint8 // An unused field reserved for future use.

}

EsEventGetTaskRead - A type for an event that indicates the retrieval of a task’s read port.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_get_task_read_t

type EsEventGetattrlist added in v0.6.11 

type EsEventGetattrlist struct {
	Attrlist kernel.Attrlist // The attributes to retrieve, such as volume, directory, file, and fork attributes.
	Target   *EsFile         // The file for which to retrieve attributes.
	Reserved uint8           // An unused field reserved for future use.

}

EsEventGetattrlist - A type for an event that indicates the retrieval of attributes from a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_getattrlist_t

type EsEventGetextattr added in v0.6.11 

type EsEventGetextattr struct {
	Target   *EsFile       // The file containing extended attributes to retrieve.
	Extattr  EsStringToken // The extended attribute to retrieve.
	Reserved uint8         // An unused field reserved for future use.

}

EsEventGetextattr - A type for an event that indicates the retrieval of an extended attribute from a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_getextattr_t

type EsEventID added in v0.6.11 

type EsEventID struct {
	Reserved uint8 // An opaque value.

}

EsEventID - An opaque identifier for events.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_id_t

type EsEventIokitOpen added in v0.6.11 

type EsEventIokitOpen struct {
	User_client_type   uint32        // The type of the IOKit client.
	User_client_class  EsStringToken // The name of the IOKit service client.
	Parent_registry_id uint64
	Parent_path        EsStringToken
	Reserved           uint8 // An unused field reserved for future use.

}

EsEventIokitOpen - A type for an event that indicates the opening of an IOKit device.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_iokit_open_t

type EsEventKextload added in v0.6.11 

type EsEventKextload struct {
	Identifier EsStringToken // A string identifying the kernel extension.
	Reserved   uint8         // An unused field reserved for future use.

}

EsEventKextload - A type for an event that indicates the loading of a kernel extension.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_kextload_t

type EsEventKextunload added in v0.6.11 

type EsEventKextunload struct {
	Identifier EsStringToken // A string identifying the kernel extension.
	Reserved   uint8         // An unused field reserved for future use.

}

EsEventKextunload - A type for an event that indicates the unloading of a Kernel Extension (KEXT).

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_kextunload_t 

type EsEventLink struct {
	Source          *EsFile       // The source file for the link.
	Target_dir      *EsFile       // The directory that contains the newly-created link.
	Target_filename EsStringToken // The file name of the symbolic link.
	Reserved        uint8         // An unused field reserved for future use.

}

EsEventLink - A type for an event that indicates the creation of a hard link.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_link_t

type EsEventListextattr added in v0.6.11 

type EsEventListextattr struct {
	Target   *EsFile // The file containing extended attributes to list.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventListextattr - A type for an event that indicates the retrieval of multiple extended attributes from a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_listextattr_t

type EsEventLoginLogin added in v0.6.11 

type EsEventLoginLogin struct {
	Success         bool
	Failure_message EsStringToken
	Username        EsStringToken
	Has_uid         bool
	Uid             [4]byte
}

EsEventLoginLogin

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_login_login_t

type EsEventLoginLogout added in v0.6.11 

type EsEventLoginLogout struct {
	Username EsStringToken
	Uid      uint32
}

EsEventLoginLogout

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_login_logout_t

type EsEventLookup added in v0.6.11 

type EsEventLookup struct {
	Source_dir      *EsFile       // The source directory to look up.
	Relative_target EsStringToken // The filename to look up.
	Reserved        uint8         // An unused field reserved for future use.

}

EsEventLookup - A type for an event that indicates the lookup of a file’s path.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lookup_t

type EsEventLwSessionLock added in v0.6.11 

type EsEventLwSessionLock struct {
	Username             EsStringToken
	Graphical_session_id EsGraphicalSessionID
}

EsEventLwSessionLock

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lw_session_lock_t

type EsEventLwSessionLogin added in v0.6.11 

type EsEventLwSessionLogin struct {
	Username             EsStringToken
	Graphical_session_id EsGraphicalSessionID
}

EsEventLwSessionLogin

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lw_session_login_t

type EsEventLwSessionLogout added in v0.6.11 

type EsEventLwSessionLogout struct {
	Username             EsStringToken
	Graphical_session_id EsGraphicalSessionID
}

EsEventLwSessionLogout

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lw_session_logout_t

type EsEventLwSessionUnlock added in v0.6.11 

type EsEventLwSessionUnlock struct {
	Username             EsStringToken
	Graphical_session_id EsGraphicalSessionID
}

EsEventLwSessionUnlock

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lw_session_unlock_t

type EsEventMmap added in v0.6.11 

type EsEventMmap struct {
	Protection     int32   // Options that affect the protection of mapped memory pages.
	Max_protection int32   // The maximum value you can use for protection flags.
	Flags          int32   // Flags that affect the behavior of the memory mapping operation.
	File_pos       uint64  // The offset into the memory-map file.
	Source         *EsFile // The file to map memory into.
	Reserved       uint8   // An unused field reserved for future use.

}

EsEventMmap - A type for an event that indicates the mapping of memory to a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_mmap_t

type EsEventMount added in v0.6.11 

type EsEventMount struct {
	Statfs      unsafe.Pointer // The statistics of the mounted file system.
	Disposition EsMountDisposition
	Reserved    uint8 // An unused field reserved for future use.

}

EsEventMount - A type for an event that indicates the mounting of a file system.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_mount_t

type EsEventMprotect added in v0.6.11 

type EsEventMprotect struct {
	Protection int32              // The protection to apply to the memory-mapped range.
	Address    kernel.User_addr_t // The starting memory address to protect.
	Size       kernel.User_size_t // The length of the address range to protect.
	Reserved   uint8              // An unused field reserved for future use.

}

EsEventMprotect - A type for an event that indicates a change to protection of memory-mapped pages.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_mprotect_t

type EsEventOdAttributeSet added in v0.6.11 

type EsEventOdAttributeSet struct {
	Instigator            *EsProcess
	Error_code            int
	Record_type           EsOdRecordType
	Record_name           EsStringToken
	Attribute_name        EsStringToken
	Attribute_value_count uintptr
	Attribute_values      *EsStringToken
	Node_name             EsStringToken
	Db_path               EsStringToken
	Instigator_token      [32]byte
}

EsEventOdAttributeSet

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_attribute_set_t

type EsEventOdAttributeValueAdd added in v0.6.11 

type EsEventOdAttributeValueAdd struct {
	Instigator       *EsProcess
	Error_code       int
	Record_type      EsOdRecordType
	Record_name      EsStringToken
	Attribute_name   EsStringToken
	Attribute_value  EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdAttributeValueAdd

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_attribute_value_add_t

type EsEventOdAttributeValueRemove added in v0.6.11 

type EsEventOdAttributeValueRemove struct {
	Instigator       *EsProcess
	Error_code       int
	Record_type      EsOdRecordType
	Record_name      EsStringToken
	Attribute_name   EsStringToken
	Attribute_value  EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdAttributeValueRemove

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_attribute_value_remove_t

type EsEventOdCreateGroup added in v0.6.11 

type EsEventOdCreateGroup struct {
	Instigator       *EsProcess
	Error_code       int
	Group_name       EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdCreateGroup

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_create_group_t

type EsEventOdCreateUser added in v0.6.11 

type EsEventOdCreateUser struct {
	Instigator       *EsProcess
	Error_code       int
	User_name        EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdCreateUser

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_create_user_t

type EsEventOdDeleteGroup added in v0.6.11 

type EsEventOdDeleteGroup struct {
	Instigator       *EsProcess
	Error_code       int
	Group_name       EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdDeleteGroup

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_delete_group_t

type EsEventOdDeleteUser added in v0.6.11 

type EsEventOdDeleteUser struct {
	Instigator       *EsProcess
	Error_code       int
	User_name        EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdDeleteUser

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_delete_user_t

type EsEventOdDisableUser added in v0.6.11 

type EsEventOdDisableUser struct {
	Instigator       *EsProcess
	Error_code       int
	User_name        EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdDisableUser

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_disable_user_t

type EsEventOdEnableUser added in v0.6.11 

type EsEventOdEnableUser struct {
	Instigator       *EsProcess
	Error_code       int
	User_name        EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdEnableUser

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_enable_user_t

type EsEventOdGroupAdd added in v0.6.11 

type EsEventOdGroupAdd struct {
	Instigator       *EsProcess
	Error_code       int
	Group_name       EsStringToken
	Member           *EsOdMemberID
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdGroupAdd

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_group_add_t

type EsEventOdGroupRemove added in v0.6.11 

type EsEventOdGroupRemove struct {
	Instigator       *EsProcess
	Error_code       int
	Group_name       EsStringToken
	Member           *EsOdMemberID
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdGroupRemove

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_group_remove_t

type EsEventOdGroupSet added in v0.6.11 

type EsEventOdGroupSet struct {
	Instigator       *EsProcess
	Error_code       int
	Group_name       EsStringToken
	Members          *EsOdMemberIDArray
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdGroupSet

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_group_set_t

type EsEventOdModifyPassword added in v0.6.11 

type EsEventOdModifyPassword struct {
	Instigator       *EsProcess
	Error_code       int
	Account_type     EsOdAccountType
	Account_name     EsStringToken
	Node_name        EsStringToken
	Db_path          EsStringToken
	Instigator_token [32]byte
}

EsEventOdModifyPassword

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_modify_password_t

type EsEventOpen added in v0.6.11 

type EsEventOpen struct {
	Fflag    int32   // The file-opening mask as applied by the kernel.
	File     *EsFile // The file to open.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventOpen - A type for an event that indicates the opening of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_open_t

type EsEventOpensshLogin added in v0.6.11 

type EsEventOpensshLogin struct {
	Success             bool
	Result_type         EsOpensshLoginResultType
	Source_address_type EsAddressType
	Source_address      EsStringToken
	Username            EsStringToken
	Has_uid             bool
	Uid                 [4]byte
}

EsEventOpensshLogin

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_openssh_login_t

type EsEventOpensshLogout added in v0.6.11 

type EsEventOpensshLogout struct {
	Source_address_type EsAddressType
	Source_address      EsStringToken
	Username            EsStringToken
	Uid                 uint32
}

EsEventOpensshLogout

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_openssh_logout_t

type EsEventProcCheck added in v0.6.11 

type EsEventProcCheck struct {
	Target   *EsProcess      // The process targeted by this event.
	Type     EsProcCheckType // The type of call number used to check the access on the target process.
	Flavor   int             // A representation of the information sought by a process based on the type member of [es_event_proc_check_t](<doc://com.apple.endpointsecurity/documentation/EndpointSecurity/es_event_proc_check_t>).
	Reserved uint8           // An unused field reserved for future use.

}

EsEventProcCheck - A type that indicates the call used and the data returned when a process checks on the access of the target process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_proc_check_t

type EsEventProcSuspendResume added in v0.6.11 

type EsEventProcSuspendResume struct {
	Target   *EsProcess              // The process targeted by this event.
	Type     EsProcSuspendResumeType // The type of event: suspend, resume, or socket shutdown.
	Reserved uint8                   // An unused field reserved for future use.

}

EsEventProcSuspendResume - A type for an event that indicates a call to suspend, resume, or shut down sockets for a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_proc_suspend_resume_t

type EsEventProfileAdd added in v0.6.11 

type EsEventProfileAdd struct {
	Instigator       *EsProcess
	Is_update        bool
	Profile          *EsProfile
	Instigator_token [32]byte
}

EsEventProfileAdd

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_profile_add_t

type EsEventProfileRemove added in v0.6.11 

type EsEventProfileRemove struct {
	Instigator       *EsProcess
	Profile          *EsProfile
	Instigator_token [32]byte
}

EsEventProfileRemove

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_profile_remove_t

type EsEventPtyClose added in v0.6.11 

type EsEventPtyClose struct {
	Dev      int32 // The major and minor numbers of the device.
	Reserved uint8 // An unused field reserved for future use.

}

EsEventPtyClose - A type for an event that indicates the closing of a pseudoterminal device.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_pty_close_t

type EsEventPtyGrant added in v0.6.11 

type EsEventPtyGrant struct {
	Dev      int32 // The major and minor numbers of the device.
	Reserved uint8 // An unused field reserved for future use.

}

EsEventPtyGrant - A type for an event that indicates the granting of a pseudoterminal device to a user.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_pty_grant_t

type EsEventReaddir added in v0.6.11 

type EsEventReaddir struct {
	Target   *EsFile // The directory from which to read contents.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventReaddir - A type for an event that indicates the reading of a file-system directory.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_readdir_t 

type EsEventReadlink struct {
	Source   *EsFile // The source file pointed to by the link.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventReadlink - A type for an event that indicates the reading of a symbolic link.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_readlink_t

type EsEventRemoteThreadCreate added in v0.6.11 

type EsEventRemoteThreadCreate struct {
	Target       *EsProcess     // The process targeted to spawn a new thread.
	Thread_state *EsThreadState // The new thread’s state.
	Reserved     uint8          // An unused field reserved for future use.

}

EsEventRemoteThreadCreate - A type for an event that indicates an attempt by one process to create a thread in another process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_remote_thread_create_t

type EsEventRemount added in v0.6.11 

type EsEventRemount struct {
	Statfs        unsafe.Pointer // The statistics of the remounted file system.
	Remount_flags uint64
	Disposition   EsMountDisposition
	Reserved      uint8 // An unused field reserved for future use.

}

EsEventRemount - A type for an event that indicates the unmounting of a file system.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_remount_t

type EsEventRename added in v0.6.11 

type EsEventRename struct {
	Source           *EsFile           // The source file to rename.
	Destination_type EsDestinationType // A property that indicates whether the destination is a new path or an existing file.
	Destination      [24]byte          // The destination of the rename operation.
	Reserved         uint8             // An unused field reserved for future use.
	New_path         unsafe.Pointer
}

EsEventRename - A type for an event that indicates the renaming of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_rename_t

type EsEventScreensharingAttach added in v0.6.11 

type EsEventScreensharingAttach struct {
	Success                 bool
	Source_address_type     EsAddressType
	Source_address          EsStringToken
	Viewer_appleid          EsStringToken
	Authentication_type     EsStringToken
	Authentication_username EsStringToken
	Session_username        EsStringToken
	Existing_session        bool
	Graphical_session_id    EsGraphicalSessionID
}

EsEventScreensharingAttach

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_screensharing_attach_t

type EsEventScreensharingDetach added in v0.6.11 

type EsEventScreensharingDetach struct {
	Source_address_type  EsAddressType
	Source_address       EsStringToken
	Viewer_appleid       EsStringToken
	Graphical_session_id EsGraphicalSessionID
}

EsEventScreensharingDetach

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_screensharing_detach_t

type EsEventSearchfs added in v0.6.11 

type EsEventSearchfs struct {
	Attrlist kernel.Attrlist // The attributes used to perform the file system search.
	Target   *EsFile         // The volume to search.
	Reserved uint8           // An unused field reserved for future use.

}

EsEventSearchfs - A type for an event that indicates searching a volume or mounted file system.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_searchfs_t

type EsEventSetacl added in v0.6.11 

type EsEventSetacl struct {
	Target       *EsFile      // The file containing the access control list to set or clear.
	Set_or_clear EsSetOrClear // The access control list action represented by the event, either setting or clearing values.
	Acl          [8]byte      // A union containing a settable access control list structure.
	Reserved     uint8        // An unused field reserved for future use.

}

EsEventSetacl - A type for an event that indicates the setting of a file’s access control list.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setacl_t

type EsEventSetattrlist added in v0.6.11 

type EsEventSetattrlist struct {
	Attrlist kernel.Attrlist // The attributes to set, such as volume, directory, file, and fork attributes.
	Target   *EsFile         // The source file of this event.
	Reserved uint8           // An unused field reserved for future use.

}

EsEventSetattrlist - A type for an event that indicates the setting of a file attribute.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setattrlist_t

type EsEventSetegid added in v0.6.11 

type EsEventSetegid struct {
	Egid     uint32 // The effective group ID.
	Reserved uint8  // An unused field reserved for future use.

}

EsEventSetegid - A type for an event that indicates the setting of a process’s effective group ID.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setegid_t

type EsEventSeteuid added in v0.6.11 

type EsEventSeteuid struct {
	Euid     uint32 // The effective user ID.
	Reserved uint8  // An unused field reserved for future use.

}

EsEventSeteuid - A type for an event that indicates the setting of a process’s effective user ID.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_seteuid_t

type EsEventSetextattr added in v0.6.11 

type EsEventSetextattr struct {
	Target   *EsFile       // The file containing extended attributes to set.
	Extattr  EsStringToken // The extended attribute.
	Reserved uint8         // An unused field reserved for future use.

}

EsEventSetextattr - A type for an event that indicates the setting of a file’s extended attribute.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setextattr_t

type EsEventSetflags added in v0.6.11 

type EsEventSetflags struct {
	Flags    uint32  // The flags to set on the file.
	Target   *EsFile // The source file of this event.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventSetflags - A type for an event that indicates the setting of a file’s flags.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setflags_t

type EsEventSetgid added in v0.6.11 

type EsEventSetgid struct {
	Gid      uint32 // The group ID.
	Reserved uint8  // An unused field reserved for future use.

}

EsEventSetgid - A type for an event that indicates the setting of a process’s group ID.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setgid_t

type EsEventSetmode added in v0.6.11 

type EsEventSetmode struct {
	Mode     uint16  // The mode to set on the file.
	Target   *EsFile // The source file of the event.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventSetmode - A type for an event that indicates the setting of a file’s mode.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setmode_t

type EsEventSetowner added in v0.6.11 

type EsEventSetowner struct {
	Uid      uint32  // The user identifier to set.
	Gid      uint32  // The group identifier to set.
	Target   *EsFile // The file with ownership metadata to set.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventSetowner - A type for an event that indicates the setting of a file’s owner.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setowner_t

type EsEventSetregid added in v0.6.11 

type EsEventSetregid struct {
	Rgid     uint32 // The real group ID.
	Egid     uint32 // The effective group ID.
	Reserved uint8  // An unused field reserved for future use.

}

EsEventSetregid - A type for an event that indicates the setting of a process’s real and effective group IDs.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setregid_t

type EsEventSetreuid added in v0.6.11 

type EsEventSetreuid struct {
	Ruid     uint32 // The real user ID.
	Euid     uint32 // The effective user ID.
	Reserved uint8  // An unused field reserved for future use.

}

EsEventSetreuid - A type for an event that indicates the setting of a process’s real and effective user IDs.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setreuid_t

type EsEventSettime added in v0.6.11 

type EsEventSettime struct {
	Reserved uint8 // An unused field reserved for future use.

}

EsEventSettime - A type for an event that indicates the modification of the system time.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_settime_t

type EsEventSetuid added in v0.6.11 

type EsEventSetuid struct {
	Uid      uint32 // The user ID.
	Reserved uint8  // An unused field reserved for future use.

}

EsEventSetuid - A type for an event that indicates the setting of a process’s user ID.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setuid_t

type EsEventSignal added in v0.6.11 

type EsEventSignal struct {
	Sig        int        // The signal number sent to the target process.
	Target     *EsProcess // The process that the signal targets.
	Instigator *EsProcess
	Reserved   uint8 // An unused field reserved for future use.

}

EsEventSignal - A type for an event that indicates the sending of a signal to a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_signal_t

type EsEventStat added in v0.6.11 

type EsEventStat struct {
	Target   *EsFile // The file with status to retrieve.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventStat - A type for an event that indicates the retrieval of a file’s status.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_stat_t

type EsEventSu added in v0.6.11 

type EsEventSu struct {
	Success         bool
	Failure_message EsStringToken
	From_uid        uint32
	From_username   EsStringToken
	Has_to_uid      bool
	To_username     EsStringToken
	Shell           EsStringToken
	Argc            uintptr
	Argv            *EsStringToken
	Env_count       uintptr
	Env             *EsStringToken
	To_uid          [4]byte
}

EsEventSu

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_su_t

type EsEventSudo added in v0.6.11 

type EsEventSudo struct {
	Success       bool
	Reject_info   *EsSudoRejectInfo
	Has_from_uid  bool
	From_username EsStringToken
	Has_to_uid    bool
	To_username   EsStringToken
	Command       EsStringToken
	From_uid      [4]byte
	To_uid        [4]byte
}

EsEventSudo

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_sudo_t

type EsEventTccModify added in v0.6.11 

type EsEventTccModify struct {
	Service           EsStringToken
	Identity          EsStringToken
	Identity_type     EsTccIdentityType // es_tcc_identity_type_t
	Update_type       EsTccEventType
	Instigator_token  [32]byte
	Instigator        *EsProcess
	Responsible_token *[32]byte
	Responsible       *EsProcess
	Right             EsTccAuthorizationRight  // ess_tcc_authorization_right_t
	Reason            EsTccAuthorizationReason // ess_tcc_authorization_reason_t

}

EsEventTccModify

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_tcc_modify_t

type EsEventTrace added in v0.6.11 

type EsEventTrace struct {
	Target   *EsProcess // The process receiving the attach.
	Reserved uint8      // An unused field reserved for future use.

}

EsEventTrace - A type for an event that indicates an attempt by one process to attach to another process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_trace_t

type EsEventTruncate added in v0.6.11 

type EsEventTruncate struct {
	Target   *EsFile // The source file of this event.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventTruncate - A type for an event that indicates the truncation of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_truncate_t

type EsEventType added in v0.5.1 

type EsEventType int32
const (
	// EsEventTypeAuthChdir: An identifier for a process that requests permission from the operating system to change the working directory for the process.
	EsEventTypeAuthChdir EsEventType = 50
	// EsEventTypeAuthChroot: An identifier for a process that requests permission from the operating system to change the root directory for the process.
	EsEventTypeAuthChroot EsEventType = 56
	// EsEventTypeAuthClone: An identifier for a process that requests permission from the operating system to clone a file.
	EsEventTypeAuthClone EsEventType = 60
	// EsEventTypeAuthCopyfile: An identifier for a process that requests permission from the operating system to copy a file.
	EsEventTypeAuthCopyfile EsEventType = 109
	// EsEventTypeAuthCreate: An identifier for a process that requests permission from the operating system to create a file.
	EsEventTypeAuthCreate EsEventType = 44
	// EsEventTypeAuthDeleteextattr: An identifier for a process that requests permission from the operating system to delete an extended attribute from a file.
	EsEventTypeAuthDeleteextattr EsEventType = 69
	// EsEventTypeAuthExchangedata: An identifier for a process that requests permission from the operating system to exchange data between two files.
	EsEventTypeAuthExchangedata EsEventType = 80
	// EsEventTypeAuthExec: An identifier for a process that requests permission from the operating system to execute another image.
	EsEventTypeAuthExec EsEventType = 0
	// EsEventTypeAuthFcntl: An identifier for a process that requests permission from the operating system to manipulate a file descriptor.
	EsEventTypeAuthFcntl EsEventType = 90
	// EsEventTypeAuthFileProviderMaterialize: An identifier for a process that requests permission for a file provider to return a reference to a file.
	EsEventTypeAuthFileProviderMaterialize EsEventType = 34
	// EsEventTypeAuthFileProviderUpdate: An identifier for a process that requests permission from the operating system to update a file.
	EsEventTypeAuthFileProviderUpdate EsEventType = 36
	// EsEventTypeAuthFsgetpath: An identifier for a process that requests permission from the operating system to retrieve a file system path.
	EsEventTypeAuthFsgetpath EsEventType = 71
	// EsEventTypeAuthGetTask: An identifier for a process that requests permission from the operating system to retrieve a process’s task control port.
	EsEventTypeAuthGetTask EsEventType = 87
	// EsEventTypeAuthGetTaskRead: An identifier for a process that requests permission from the operating system to retrieve a process’s task read port.
	EsEventTypeAuthGetTaskRead EsEventType = 100
	// EsEventTypeAuthGetattrlist: An identifier for a process that requests permission from the operating system to retrieve attributes from a file.
	EsEventTypeAuthGetattrlist EsEventType = 52
	// EsEventTypeAuthGetextattr: An identifier for a process that requests permission from the operating system to retrieve an extended attribute from a file.
	EsEventTypeAuthGetextattr EsEventType = 63
	// EsEventTypeAuthIokitOpen: An identifier for a process that requests permission from the operating system to open an IOKit device.
	EsEventTypeAuthIokitOpen EsEventType = 91
	// EsEventTypeAuthKextload: An identifier for a process that requests permission from the operating system to load a kernel extension (KEXT).
	EsEventTypeAuthKextload EsEventType = 2
	// EsEventTypeAuthLink: An identifier for a process that requests permission from the operating system to create a hard link.
	EsEventTypeAuthLink EsEventType = 42
	// EsEventTypeAuthListextattr: An identifier for a process that requests permission from the operating system to retrieve multiple extended attributes from a file.
	EsEventTypeAuthListextattr EsEventType = 65
	// EsEventTypeAuthMmap: An identifier for a process that requests permission from the operating system to map a file into memory.
	EsEventTypeAuthMmap EsEventType = 3
	// EsEventTypeAuthMount: An identifier for a process that requests permission from the operating system to mount a file system.
	EsEventTypeAuthMount EsEventType = 5
	// EsEventTypeAuthMprotect: An identifier for a process that requests permission from the operating system to change the protection of memory-mapped pages.
	EsEventTypeAuthMprotect EsEventType = 4
	// EsEventTypeAuthOpen: An identifier for a process that requests permission from the operating system to open a file.
	EsEventTypeAuthOpen EsEventType = 1
	// EsEventTypeAuthProcCheck: An identifier for a process that requests permission from the operating system to get information about a process.
	EsEventTypeAuthProcCheck EsEventType = 85
	// EsEventTypeAuthProcSuspendResume: An identifier for a process that requests permission from the operating system to suspend, resume, or shut down sockets for another process.
	EsEventTypeAuthProcSuspendResume EsEventType = 92
	// EsEventTypeAuthReaddir: An identifier for a process that requests permission from the operating system to read a file system directory.
	EsEventTypeAuthReaddir EsEventType = 67
	// EsEventTypeAuthReadlink: An identifier for a process that requests permission from the operating system to read a symbolic link.
	EsEventTypeAuthReadlink EsEventType = 38
	// EsEventTypeAuthRemount: An identifier for a process that requests permission from the operating system to mount a file system.
	EsEventTypeAuthRemount EsEventType = 98
	// EsEventTypeAuthRename: An identifier for a process that requests permission from the operating system to rename a file.
	EsEventTypeAuthRename EsEventType = 6
	// EsEventTypeAuthSearchfs: An identifier for a process that requests permission from the operating system to search a volume or mounted file system.
	EsEventTypeAuthSearchfs EsEventType = 88
	// EsEventTypeAuthSetacl: An identifier for a process that requests permission from the operating system to set a file’s access control list.
	EsEventTypeAuthSetacl EsEventType = 81
	// EsEventTypeAuthSetattrlist: An identifier for a process that requests permission from the operating system to set attributes of a file.
	EsEventTypeAuthSetattrlist EsEventType = 45
	// EsEventTypeAuthSetextattr: An identifier for a process that requests permission from the operating system to set an extended attribute of a file.
	EsEventTypeAuthSetextattr EsEventType = 46
	// EsEventTypeAuthSetflags: An identifier for a process that requests permission from the operating system to set a file’s flags.
	EsEventTypeAuthSetflags EsEventType = 47
	// EsEventTypeAuthSetmode: An identifier for a process that requests permission from the operating system to set a file’s mode.
	EsEventTypeAuthSetmode EsEventType = 48
	// EsEventTypeAuthSetowner: An identifier for a process that requests permission from the operating system to set a file’s owner.
	EsEventTypeAuthSetowner EsEventType = 49
	// EsEventTypeAuthSettime: An identifier for a process that requests permission from the operating system to modify the system time.
	EsEventTypeAuthSettime EsEventType = 74
	// EsEventTypeAuthSignal: An identifier for a process that requests permission from the operating system to send a signal to a process.
	EsEventTypeAuthSignal EsEventType = 7
	// EsEventTypeAuthTruncate: An identifier for a process that requests permission from the operating system to truncate a file.
	EsEventTypeAuthTruncate EsEventType = 40
	// EsEventTypeAuthUIPCBind: An identifier for a process that requests permission from the operating system to bind a UNIX domain socket.
	EsEventTypeAuthUIPCBind EsEventType = 77
	// EsEventTypeAuthUIPCConnect: An identifier for a process that requests permission from the operating system to connect a UNIX domain socket.
	EsEventTypeAuthUIPCConnect EsEventType = 79
	// EsEventTypeAuthUnlink: An identifier for a process that requests permission from the operating system to delete a file.
	EsEventTypeAuthUnlink EsEventType = 8
	// EsEventTypeAuthUtimes: An identifier for a process that requests permission from the operating system to change a file’s access or modification time.
	EsEventTypeAuthUtimes EsEventType = 58
	// EsEventTypeLast: A value that indicates the last member of the enumeration.
	EsEventTypeLast EsEventType = 157
	// EsEventTypeNotifyAccess: An identifier for a process that notifies endpoint security that it is checking a file’s access permission.
	EsEventTypeNotifyAccess                 EsEventType = 55
	EsEventTypeNotifyAuthentication         EsEventType = 111
	EsEventTypeNotifyAuthorizationJudgement EsEventType = 130
	EsEventTypeNotifyAuthorizationPetition  EsEventType = 129
	EsEventTypeNotifyBtmLaunchItemAdd       EsEventType = 124
	EsEventTypeNotifyBtmLaunchItemRemove    EsEventType = 125
	// EsEventTypeNotifyChdir: An identifier for a process that notifies endpoint security that it is changing the working directory for the process.
	EsEventTypeNotifyChdir EsEventType = 51
	// EsEventTypeNotifyChroot: An identifier for a process that notifies endpoint security that it is changing the root directory for the process.
	EsEventTypeNotifyChroot EsEventType = 57
	// EsEventTypeNotifyClone: An identifier for a process that notifies endpoint security that it is cloning a file.
	EsEventTypeNotifyClone EsEventType = 61
	// EsEventTypeNotifyClose: An identifier for a process that notifies endpoint security that it is closing a file.
	EsEventTypeNotifyClose EsEventType = 12
	// EsEventTypeNotifyCopyfile: An identifier for a process that notifies endpoint security that it is copying a file.
	EsEventTypeNotifyCopyfile EsEventType = 110
	// EsEventTypeNotifyCreate: An identifier for a process that notifies endpoint security that it is creating a file.
	EsEventTypeNotifyCreate EsEventType = 13
	// EsEventTypeNotifyCsInvalidated: An identifier for a process that notifies endpoint security that its code signing status is now invalid.
	EsEventTypeNotifyCsInvalidated EsEventType = 94
	// EsEventTypeNotifyDeleteextattr: An identifier for a process that notifies endpoint security that it is deleting an extended attribute from a file.
	EsEventTypeNotifyDeleteextattr EsEventType = 70
	// EsEventTypeNotifyDup: An identifier for a process that notifies endpoint security that it is duplicating a file descriptor.
	EsEventTypeNotifyDup EsEventType = 73
	// EsEventTypeNotifyExchangedata: An identifier for a process that notifies endpoint security that it is exchanging data between two files.
	EsEventTypeNotifyExchangedata EsEventType = 14
	// EsEventTypeNotifyExec: An identifier for a process that notifies endpoint security that it is executing an image.
	EsEventTypeNotifyExec EsEventType = 9
	// EsEventTypeNotifyExit: An identifier for a process that notifies endpoint security that it is exiting.
	EsEventTypeNotifyExit EsEventType = 15
	// EsEventTypeNotifyFcntl: An identifier for a process that notifies endpoint security that it is manipulating a file descriptor.
	EsEventTypeNotifyFcntl EsEventType = 62
	// EsEventTypeNotifyFileProviderMaterialize: An identifier for a process that notifies endpoint security that a file provider returned a reference to a file.
	EsEventTypeNotifyFileProviderMaterialize EsEventType = 35
	// EsEventTypeNotifyFileProviderUpdate: An identifier for a process that notifies endpoint security that it is updating a file.
	EsEventTypeNotifyFileProviderUpdate EsEventType = 37
	// EsEventTypeNotifyFork: An identifier for a process that notifies endpoint security that it is forking another process.
	EsEventTypeNotifyFork EsEventType = 11
	// EsEventTypeNotifyFsgetpath: An identifier for a process that notifies endpoint security that it is retrieving a file system path.
	EsEventTypeNotifyFsgetpath              EsEventType = 72
	EsEventTypeNotifyGatekeeperUserOverride EsEventType = 146
	// EsEventTypeNotifyGetTask: An identifier for a process that notifies endpoint security that it is retrieving the task control port for another process.
	EsEventTypeNotifyGetTask EsEventType = 16
	// EsEventTypeNotifyGetTaskInspect: An identifier for a process that notifies endpoint security that it is retrieving the task inspect port for another process.
	EsEventTypeNotifyGetTaskInspect EsEventType = 102
	// EsEventTypeNotifyGetTaskName: An identifier for a process that notifies endpoint security that it is retrieving the task name port for another process.
	EsEventTypeNotifyGetTaskName EsEventType = 95
	// EsEventTypeNotifyGetTaskRead: An identifier for a process that notifies endpoint security that it is retrieving the task read port for another process.
	EsEventTypeNotifyGetTaskRead EsEventType = 101
	// EsEventTypeNotifyGetattrlist: An identifier for a process that notifies endpoint security that it is retrieving attributes from a file.
	EsEventTypeNotifyGetattrlist EsEventType = 53
	// EsEventTypeNotifyGetextattr: An identifier for a process that notifies endpoint security that it is retrieving an extended attribute from a file.
	EsEventTypeNotifyGetextattr EsEventType = 64
	// EsEventTypeNotifyIokitOpen: An identifier for a process that notifies endpoint security that it is opening an IOKit device.
	EsEventTypeNotifyIokitOpen EsEventType = 24
	// EsEventTypeNotifyKextload: An identifier for a process that notifies endpoint security that it is loading a kernel extension (KEXT).
	EsEventTypeNotifyKextload EsEventType = 17
	// EsEventTypeNotifyKextunload: An identifier for a process that notifies endpoint security that it is unloading a kernel extension (KEXT).
	EsEventTypeNotifyKextunload EsEventType = 18
	// EsEventTypeNotifyLink: An identifier for a process that notifies endpoint security that it is creating a hard link.
	EsEventTypeNotifyLink EsEventType = 19
	// EsEventTypeNotifyListextattr: An identifier for a process that notifies endpoint security that it is retrieving multiple extended attributes from a file.
	EsEventTypeNotifyListextattr EsEventType = 66
	EsEventTypeNotifyLoginLogin  EsEventType = 122
	EsEventTypeNotifyLoginLogout EsEventType = 123
	// EsEventTypeNotifyLookup: An identifier for a process that notifies endpoint security that it is looking up a file’s path.
	EsEventTypeNotifyLookup          EsEventType = 43
	EsEventTypeNotifyLwSessionLock   EsEventType = 116
	EsEventTypeNotifyLwSessionLogin  EsEventType = 114
	EsEventTypeNotifyLwSessionLogout EsEventType = 115
	EsEventTypeNotifyLwSessionUnlock EsEventType = 117
	// EsEventTypeNotifyMmap: An identifier for a process that notifies endpoint security that it is mapping a file into memory.
	EsEventTypeNotifyMmap EsEventType = 20
	// EsEventTypeNotifyMount: An identifier for a process that notifies endpoint security that it is mounting a file system.
	EsEventTypeNotifyMount EsEventType = 22
	// EsEventTypeNotifyMprotect: An identifier for a process that notifies endpoint security that it is changing the protection of memory-mapped pages.
	EsEventTypeNotifyMprotect               EsEventType = 21
	EsEventTypeNotifyOdAttributeSet         EsEventType = 140
	EsEventTypeNotifyOdAttributeValueAdd    EsEventType = 138
	EsEventTypeNotifyOdAttributeValueRemove EsEventType = 139
	EsEventTypeNotifyOdCreateGroup          EsEventType = 142
	EsEventTypeNotifyOdCreateUser           EsEventType = 141
	EsEventTypeNotifyOdDeleteGroup          EsEventType = 144
	EsEventTypeNotifyOdDeleteUser           EsEventType = 143
	EsEventTypeNotifyOdDisableUser          EsEventType = 136
	EsEventTypeNotifyOdEnableUser           EsEventType = 137
	EsEventTypeNotifyOdGroupAdd             EsEventType = 132
	EsEventTypeNotifyOdGroupRemove          EsEventType = 133
	EsEventTypeNotifyOdGroupSet             EsEventType = 134
	EsEventTypeNotifyOdModifyPassword       EsEventType = 135
	// EsEventTypeNotifyOpen: An identifier for a process that notifies endpoint security that it is opening a file.
	EsEventTypeNotifyOpen          EsEventType = 10
	EsEventTypeNotifyOpensshLogin  EsEventType = 120
	EsEventTypeNotifyOpensshLogout EsEventType = 121
	// EsEventTypeNotifyProcCheck: An identifier for a process that notifies endpoint security that it is checking information about another process.
	EsEventTypeNotifyProcCheck EsEventType = 86
	// EsEventTypeNotifyProcSuspendResume: An identifier for a process that notifies endpoint security that it is suspending, resuming, or shutting down sockets for another process.
	EsEventTypeNotifyProcSuspendResume EsEventType = 93
	EsEventTypeNotifyProfileAdd        EsEventType = 126
	EsEventTypeNotifyProfileRemove     EsEventType = 127
	// EsEventTypeNotifyPtyClose: An identifier for a process that notifies endpoint security that it is closing a pseudoterminal device.
	EsEventTypeNotifyPtyClose EsEventType = 84
	// EsEventTypeNotifyPtyGrant: An identifier for a process that notifies endpoint security that it is granting a pseudoterminal device to a user.
	EsEventTypeNotifyPtyGrant EsEventType = 83
	// EsEventTypeNotifyReaddir: An identifier for a process that notifies endpoint security that it is reading a file system directory.
	EsEventTypeNotifyReaddir EsEventType = 68
	// EsEventTypeNotifyReadlink: An identifier for a process that notifies endpoint security that it is reading a symbolic link.
	EsEventTypeNotifyReadlink EsEventType = 39
	// EsEventTypeNotifyRemoteThreadCreate: An identifier for a process that notifies endpoint security that it is spawning a thread in another process.
	EsEventTypeNotifyRemoteThreadCreate EsEventType = 97
	// EsEventTypeNotifyRemount: An identifier for a process that notifies endpoint security that it is remounting a file system.
	EsEventTypeNotifyRemount EsEventType = 99
	// EsEventTypeNotifyRename: An identifier for a process that notifies endpoint security that it is renaming a file.
	EsEventTypeNotifyRename              EsEventType = 25
	EsEventTypeNotifyScreensharingAttach EsEventType = 118
	EsEventTypeNotifyScreensharingDetach EsEventType = 119
	// EsEventTypeNotifySearchfs: An identifier for a process that notifies endpoint security that it is searching a volume or mounted file system.
	EsEventTypeNotifySearchfs EsEventType = 89
	// EsEventTypeNotifySetacl: An identifier for a process that notifies endpoint security that it is setting a file’s access control list.
	EsEventTypeNotifySetacl EsEventType = 82
	// EsEventTypeNotifySetattrlist: An identifier for a process that notifies endpoint security that it is setting attributes of a file.
	EsEventTypeNotifySetattrlist EsEventType = 26
	// EsEventTypeNotifySetegid: An identifier for a process that notifies endpoint security that it is setting its effective group ID.
	EsEventTypeNotifySetegid EsEventType = 106
	// EsEventTypeNotifySeteuid: An identifier for a process that notifies endpoint security that it is setting its effective user ID.
	EsEventTypeNotifySeteuid EsEventType = 105
	// EsEventTypeNotifySetextattr: An identifier for a process that notifies endpoint security that it is setting an extended attribute of a file.
	EsEventTypeNotifySetextattr EsEventType = 27
	// EsEventTypeNotifySetflags: An identifier for a process that notifies endpoint security that it is setting a file’s flags.
	EsEventTypeNotifySetflags EsEventType = 28
	// EsEventTypeNotifySetgid: An identifier for a process that notifies endpoint security that it is setting its group ID.
	EsEventTypeNotifySetgid EsEventType = 104
	// EsEventTypeNotifySetmode: An identifier for a process that notifies endpoint security that it is setting a file’s mode.
	EsEventTypeNotifySetmode EsEventType = 29
	// EsEventTypeNotifySetowner: An identifier for a process that notifies endpoint security that it is setting a file’s owner.
	EsEventTypeNotifySetowner EsEventType = 30
	// EsEventTypeNotifySetregid: An identifier for a process that notifies endpoint security that it is setting its real and effective group IDs.
	EsEventTypeNotifySetregid EsEventType = 108
	// EsEventTypeNotifySetreuid: An identifier for a process that notifies endpoint security that it is setting its real and effective user IDs.
	EsEventTypeNotifySetreuid EsEventType = 107
	// EsEventTypeNotifySettime: An identifier for a process that notifies endpoint security that it is modifying the system time.
	EsEventTypeNotifySettime EsEventType = 75
	// EsEventTypeNotifySetuid: An identifier for a process that notifies endpoint security that it is setting its user ID.
	EsEventTypeNotifySetuid EsEventType = 103
	// EsEventTypeNotifySignal: An identifier for a process that notifies endpoint security that it is sending a signal to another process.
	EsEventTypeNotifySignal EsEventType = 31
	// EsEventTypeNotifyStat: An identifier for a process that notifies endpoint security that it is retrieving a file’s status.
	EsEventTypeNotifyStat      EsEventType = 54
	EsEventTypeNotifySu        EsEventType = 128
	EsEventTypeNotifySudo      EsEventType = 131
	EsEventTypeNotifyTccModify EsEventType = 147
	// EsEventTypeNotifyTrace: An identifier for a process that notifies endpoint security that it is attaching to another process.
	EsEventTypeNotifyTrace EsEventType = 96
	// EsEventTypeNotifyTruncate: An identifier for a process that notifies endpoint security that it is truncating a file.
	EsEventTypeNotifyTruncate EsEventType = 41
	// EsEventTypeNotifyUIPCBind: An identifier for a process that notifies endpoint security that it is binding a UNIX domain socket.
	EsEventTypeNotifyUIPCBind EsEventType = 76
	// EsEventTypeNotifyUIPCConnect: An identifier for a process that notifies endpoint security that it is connecting to a UNIX domain socket.
	EsEventTypeNotifyUIPCConnect EsEventType = 78
	// EsEventTypeNotifyUnlink: An identifier for a process that notifies endpoint security that it is deleting a file.
	EsEventTypeNotifyUnlink EsEventType = 32
	// EsEventTypeNotifyUnmount: An identifier for a process that notifies endpoint security that it is unmounting a file system.
	EsEventTypeNotifyUnmount EsEventType = 23
	// EsEventTypeNotifyUtimes: An identifier for a process that notifies endpoint security that it is changing a file’s access or modification time.
	EsEventTypeNotifyUtimes EsEventType = 59
	// EsEventTypeNotifyWrite: An identifier for a process that notifies endpoint security that it is writing data to a file.
	EsEventTypeNotifyWrite               EsEventType = 33
	EsEventTypeNotifyXPCConnect          EsEventType = 145
	EsEventTypeNotifyXpMalwareDetected   EsEventType = 112
	EsEventTypeNotifyXpMalwareRemediated EsEventType = 113
	EsEventTypeReserved0                 EsEventType = 148
	EsEventTypeReserved1                 EsEventType = 149
	EsEventTypeReserved2                 EsEventType = 150
	EsEventTypeReserved3                 EsEventType = 151
	EsEventTypeReserved4                 EsEventType = 152
	EsEventTypeReserved5                 EsEventType = 153
	EsEventTypeReserved6                 EsEventType = 154
	EsEventTypeReserved7                 EsEventType = 155
	EsEventTypeReserved8                 EsEventType = 156
)

func (EsEventType) String added in v0.5.1 

func (e EsEventType) String() string

type EsEventUipcBind added in v0.6.11 

type EsEventUipcBind struct {
	Dir      *EsFile       // The directory containing the socket file.
	Filename EsStringToken // The name of the socket file.
	Mode     uint16        // The mode of the socket file.
	Reserved uint8         // An unused field reserved for future use.

}

EsEventUipcBind - A type for an event that indicates the binding of a socket to a path.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_uipc_bind_t

type EsEventUipcConnect added in v0.6.11 

type EsEventUipcConnect struct {
	File     *EsFile // The socket file bound to the socket.
	Domain   int     // The communications domain of the socket.
	Type     int     // The type of the socket.
	Protocol int     // The protocol of the socket.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventUipcConnect - A type for an event that indicates the connection of a socket.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_uipc_connect_t 

type EsEventUnlink struct {
	Target     *EsFile // The file to unlink.
	Parent_dir *EsFile // The directory that contains the file to unlink.
	Reserved   uint8   // An unused field reserved for future use.

}

EsEventUnlink - A type for an event that indicates the deletion of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_unlink_t

type EsEventUnmount added in v0.6.11 

type EsEventUnmount struct {
	Statfs   unsafe.Pointer // The statistics of the unmounted file system.
	Reserved uint8          // An unused field reserved for future use.

}

EsEventUnmount - A type for an event that indicates the unmounting of a file system.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_unmount_t

type EsEventUtimes added in v0.6.11 

type EsEventUtimes struct {
	Target   *EsFile          // The file with time metadata to modify.
	Atime    syscall.Timespec // The new last-accessed time.
	Mtime    syscall.Timespec // The new last-modified time.
	Reserved uint8            // An unused field reserved for future use.

}

EsEventUtimes - A type for an event that indicates a change to a file’s access time or modification time.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_utimes_t

type EsEventWrite added in v0.6.11 

type EsEventWrite struct {
	Target   *EsFile // The source file of the event.
	Reserved uint8   // An unused field reserved for future use.

}

EsEventWrite - A type for an event that indicates the writing of data to a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_write_t

type EsEventXPCConnect added in v0.6.11 

type EsEventXPCConnect struct {
	Service_name        EsStringToken
	Service_domain_type EsXPCDomainType
}

EsEventXPCConnect

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_xpc_connect_t

type EsEventXpMalwareDetected added in v0.6.11 

type EsEventXpMalwareDetected struct {
	Signature_version   EsStringToken
	Malware_identifier  EsStringToken
	Incident_identifier EsStringToken
	Detected_path       EsStringToken
	Detected_executable EsStringToken
}

EsEventXpMalwareDetected

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_xp_malware_detected_t

type EsEventXpMalwareRemediated added in v0.6.11 

type EsEventXpMalwareRemediated struct {
	Signature_version              EsStringToken
	Malware_identifier             EsStringToken
	Incident_identifier            EsStringToken
	Action_type                    EsStringToken
	Success                        bool
	Result_description             EsStringToken
	Remediated_path                EsStringToken
	Remediated_process_audit_token *[32]byte
}

EsEventXpMalwareRemediated

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_xp_malware_remediated_t

type EsEvents added in v0.6.11 

type EsEvents [104]byte

EsEvents is a C union type. A C union of event-specific types.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_events_t

func (*EsEvents) Access added in v0.6.11 

func (u *EsEvents) Access() *EsEventAccess

Access returns the union interpreted as *EsEventAccess. The returned pointer aliases the receiver's memory.

func (*EsEvents) Authentication added in v0.6.11 

func (u *EsEvents) Authentication() *EsEventAuthentication

Authentication returns the union interpreted as *EsEventAuthentication. The returned pointer aliases the receiver's memory.

func (*EsEvents) Authorization_judgement added in v0.6.11 

func (u *EsEvents) Authorization_judgement() *EsEventAuthorizationJudgement

Authorization_judgement returns the union interpreted as *EsEventAuthorizationJudgement. The returned pointer aliases the receiver's memory.

func (*EsEvents) Authorization_petition added in v0.6.11 

func (u *EsEvents) Authorization_petition() *EsEventAuthorizationPetition

Authorization_petition returns the union interpreted as *EsEventAuthorizationPetition. The returned pointer aliases the receiver's memory.

func (*EsEvents) Btm_launch_item_add added in v0.6.11 

func (u *EsEvents) Btm_launch_item_add() *EsEventBtmLaunchItemAdd

Btm_launch_item_add returns the union interpreted as *EsEventBtmLaunchItemAdd. The returned pointer aliases the receiver's memory.

func (*EsEvents) Btm_launch_item_remove added in v0.6.11 

func (u *EsEvents) Btm_launch_item_remove() *EsEventBtmLaunchItemRemove

Btm_launch_item_remove returns the union interpreted as *EsEventBtmLaunchItemRemove. The returned pointer aliases the receiver's memory.

func (*EsEvents) Chdir added in v0.6.11 

func (u *EsEvents) Chdir() *EsEventChdir

Chdir returns the union interpreted as *EsEventChdir. The returned pointer aliases the receiver's memory.

func (*EsEvents) Chroot added in v0.6.11 

func (u *EsEvents) Chroot() *EsEventChroot

Chroot returns the union interpreted as *EsEventChroot. The returned pointer aliases the receiver's memory.

func (*EsEvents) Clone added in v0.6.11 

func (u *EsEvents) Clone() *EsEventClone

Clone returns the union interpreted as *EsEventClone. The returned pointer aliases the receiver's memory.

func (*EsEvents) Close added in v0.6.11 

func (u *EsEvents) Close() *EsEventClose

Close returns the union interpreted as *EsEventClose. The returned pointer aliases the receiver's memory.

func (*EsEvents) Copyfile added in v0.6.11 

func (u *EsEvents) Copyfile() *EsEventCopyfile

Copyfile returns the union interpreted as *EsEventCopyfile. The returned pointer aliases the receiver's memory.

func (*EsEvents) Create added in v0.6.11 

func (u *EsEvents) Create() *EsEventCreate

Create returns the union interpreted as *EsEventCreate. The returned pointer aliases the receiver's memory.

func (*EsEvents) Cs_invalidated added in v0.6.11 

func (u *EsEvents) Cs_invalidated() *EsEventCsInvalidated

Cs_invalidated returns the union interpreted as *EsEventCsInvalidated. The returned pointer aliases the receiver's memory.

func (*EsEvents) Deleteextattr added in v0.6.11 

func (u *EsEvents) Deleteextattr() *EsEventDeleteextattr

Deleteextattr returns the union interpreted as *EsEventDeleteextattr. The returned pointer aliases the receiver's memory.

func (*EsEvents) Dup added in v0.6.11 

func (u *EsEvents) Dup() *EsEventDup

Dup returns the union interpreted as *EsEventDup. The returned pointer aliases the receiver's memory.

func (*EsEvents) Exchangedata added in v0.6.11 

func (u *EsEvents) Exchangedata() *EsEventExchangedata

Exchangedata returns the union interpreted as *EsEventExchangedata. The returned pointer aliases the receiver's memory.

func (*EsEvents) Exec added in v0.6.11 

func (u *EsEvents) Exec() *EsEventExec

Exec returns the union interpreted as *EsEventExec. The returned pointer aliases the receiver's memory.

func (*EsEvents) Exit added in v0.6.11 

func (u *EsEvents) Exit() *EsEventExit

Exit returns the union interpreted as *EsEventExit. The returned pointer aliases the receiver's memory.

func (*EsEvents) Fcntl added in v0.6.11 

func (u *EsEvents) Fcntl() *EsEventFcntl

Fcntl returns the union interpreted as *EsEventFcntl. The returned pointer aliases the receiver's memory.

func (*EsEvents) File_provider_materialize added in v0.6.11 

func (u *EsEvents) File_provider_materialize() *EsEventFileProviderMaterialize

File_provider_materialize returns the union interpreted as *EsEventFileProviderMaterialize. The returned pointer aliases the receiver's memory.

func (*EsEvents) File_provider_update added in v0.6.11 

func (u *EsEvents) File_provider_update() *EsEventFileProviderUpdate

File_provider_update returns the union interpreted as *EsEventFileProviderUpdate. The returned pointer aliases the receiver's memory.

func (*EsEvents) Fork added in v0.6.11 

func (u *EsEvents) Fork() *EsEventFork

Fork returns the union interpreted as *EsEventFork. The returned pointer aliases the receiver's memory.

func (*EsEvents) Fsgetpath added in v0.6.11 

func (u *EsEvents) Fsgetpath() *EsEventFsgetpath

Fsgetpath returns the union interpreted as *EsEventFsgetpath. The returned pointer aliases the receiver's memory.

func (*EsEvents) Gatekeeper_user_override added in v0.6.11 

func (u *EsEvents) Gatekeeper_user_override() *EsEventGatekeeperUserOverride

Gatekeeper_user_override returns the union interpreted as *EsEventGatekeeperUserOverride. The returned pointer aliases the receiver's memory.

func (*EsEvents) Get_task added in v0.6.11 

func (u *EsEvents) Get_task() *EsEventGetTask

Get_task returns the union interpreted as *EsEventGetTask. The returned pointer aliases the receiver's memory.

func (*EsEvents) Get_task_inspect added in v0.6.11 

func (u *EsEvents) Get_task_inspect() *EsEventGetTaskInspect

Get_task_inspect returns the union interpreted as *EsEventGetTaskInspect. The returned pointer aliases the receiver's memory.

func (*EsEvents) Get_task_name added in v0.6.11 

func (u *EsEvents) Get_task_name() *EsEventGetTaskName

Get_task_name returns the union interpreted as *EsEventGetTaskName. The returned pointer aliases the receiver's memory.

func (*EsEvents) Get_task_read added in v0.6.11 

func (u *EsEvents) Get_task_read() *EsEventGetTaskRead

Get_task_read returns the union interpreted as *EsEventGetTaskRead. The returned pointer aliases the receiver's memory.

func (*EsEvents) Getattrlist added in v0.6.11 

func (u *EsEvents) Getattrlist() *EsEventGetattrlist

Getattrlist returns the union interpreted as *EsEventGetattrlist. The returned pointer aliases the receiver's memory.

func (*EsEvents) Getextattr added in v0.6.11 

func (u *EsEvents) Getextattr() *EsEventGetextattr

Getextattr returns the union interpreted as *EsEventGetextattr. The returned pointer aliases the receiver's memory.

func (*EsEvents) Iokit_open added in v0.6.11 

func (u *EsEvents) Iokit_open() *EsEventIokitOpen

Iokit_open returns the union interpreted as *EsEventIokitOpen. The returned pointer aliases the receiver's memory.

func (*EsEvents) Kextload added in v0.6.11 

func (u *EsEvents) Kextload() *EsEventKextload

Kextload returns the union interpreted as *EsEventKextload. The returned pointer aliases the receiver's memory.

func (*EsEvents) Kextunload added in v0.6.11 

func (u *EsEvents) Kextunload() *EsEventKextunload

Kextunload returns the union interpreted as *EsEventKextunload. The returned pointer aliases the receiver's memory. 

func (u *EsEvents) Link() *EsEventLink

Link returns the union interpreted as *EsEventLink. The returned pointer aliases the receiver's memory.

func (*EsEvents) Listextattr added in v0.6.11 

func (u *EsEvents) Listextattr() *EsEventListextattr

Listextattr returns the union interpreted as *EsEventListextattr. The returned pointer aliases the receiver's memory.

func (*EsEvents) Login_login added in v0.6.11 

func (u *EsEvents) Login_login() *EsEventLoginLogin

Login_login returns the union interpreted as *EsEventLoginLogin. The returned pointer aliases the receiver's memory.

func (*EsEvents) Login_logout added in v0.6.11 

func (u *EsEvents) Login_logout() *EsEventLoginLogout

Login_logout returns the union interpreted as *EsEventLoginLogout. The returned pointer aliases the receiver's memory.

func (*EsEvents) Lookup added in v0.6.11 

func (u *EsEvents) Lookup() *EsEventLookup

Lookup returns the union interpreted as *EsEventLookup. The returned pointer aliases the receiver's memory.

func (*EsEvents) Lw_session_lock added in v0.6.11 

func (u *EsEvents) Lw_session_lock() *EsEventLwSessionLock

Lw_session_lock returns the union interpreted as *EsEventLwSessionLock. The returned pointer aliases the receiver's memory.

func (*EsEvents) Lw_session_login added in v0.6.11 

func (u *EsEvents) Lw_session_login() *EsEventLwSessionLogin

Lw_session_login returns the union interpreted as *EsEventLwSessionLogin. The returned pointer aliases the receiver's memory.

func (*EsEvents) Lw_session_logout added in v0.6.11 

func (u *EsEvents) Lw_session_logout() *EsEventLwSessionLogout

Lw_session_logout returns the union interpreted as *EsEventLwSessionLogout. The returned pointer aliases the receiver's memory.

func (*EsEvents) Lw_session_unlock added in v0.6.11 

func (u *EsEvents) Lw_session_unlock() *EsEventLwSessionUnlock

Lw_session_unlock returns the union interpreted as *EsEventLwSessionUnlock. The returned pointer aliases the receiver's memory.

func (*EsEvents) Mmap added in v0.6.11 

func (u *EsEvents) Mmap() *EsEventMmap

Mmap returns the union interpreted as *EsEventMmap. The returned pointer aliases the receiver's memory.

func (*EsEvents) Mount added in v0.6.11 

func (u *EsEvents) Mount() *EsEventMount

Mount returns the union interpreted as *EsEventMount. The returned pointer aliases the receiver's memory.

func (*EsEvents) Mprotect added in v0.6.11 

func (u *EsEvents) Mprotect() *EsEventMprotect

Mprotect returns the union interpreted as *EsEventMprotect. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_attribute_set added in v0.6.11 

func (u *EsEvents) Od_attribute_set() *EsEventOdAttributeSet

Od_attribute_set returns the union interpreted as *EsEventOdAttributeSet. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_attribute_value_add added in v0.6.11 

func (u *EsEvents) Od_attribute_value_add() *EsEventOdAttributeValueAdd

Od_attribute_value_add returns the union interpreted as *EsEventOdAttributeValueAdd. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_attribute_value_remove added in v0.6.11 

func (u *EsEvents) Od_attribute_value_remove() *EsEventOdAttributeValueRemove

Od_attribute_value_remove returns the union interpreted as *EsEventOdAttributeValueRemove. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_create_group added in v0.6.11 

func (u *EsEvents) Od_create_group() *EsEventOdCreateGroup

Od_create_group returns the union interpreted as *EsEventOdCreateGroup. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_create_user added in v0.6.11 

func (u *EsEvents) Od_create_user() *EsEventOdCreateUser

Od_create_user returns the union interpreted as *EsEventOdCreateUser. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_delete_group added in v0.6.11 

func (u *EsEvents) Od_delete_group() *EsEventOdDeleteGroup

Od_delete_group returns the union interpreted as *EsEventOdDeleteGroup. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_delete_user added in v0.6.11 

func (u *EsEvents) Od_delete_user() *EsEventOdDeleteUser

Od_delete_user returns the union interpreted as *EsEventOdDeleteUser. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_disable_user added in v0.6.11 

func (u *EsEvents) Od_disable_user() *EsEventOdDisableUser

Od_disable_user returns the union interpreted as *EsEventOdDisableUser. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_enable_user added in v0.6.11 

func (u *EsEvents) Od_enable_user() *EsEventOdEnableUser

Od_enable_user returns the union interpreted as *EsEventOdEnableUser. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_group_add added in v0.6.11 

func (u *EsEvents) Od_group_add() *EsEventOdGroupAdd

Od_group_add returns the union interpreted as *EsEventOdGroupAdd. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_group_remove added in v0.6.11 

func (u *EsEvents) Od_group_remove() *EsEventOdGroupRemove

Od_group_remove returns the union interpreted as *EsEventOdGroupRemove. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_group_set added in v0.6.11 

func (u *EsEvents) Od_group_set() *EsEventOdGroupSet

Od_group_set returns the union interpreted as *EsEventOdGroupSet. The returned pointer aliases the receiver's memory.

func (*EsEvents) Od_modify_password added in v0.6.11 

func (u *EsEvents) Od_modify_password() *EsEventOdModifyPassword

Od_modify_password returns the union interpreted as *EsEventOdModifyPassword. The returned pointer aliases the receiver's memory.

func (*EsEvents) Open added in v0.6.11 

func (u *EsEvents) Open() *EsEventOpen

Open returns the union interpreted as *EsEventOpen. The returned pointer aliases the receiver's memory.

func (*EsEvents) Openssh_login added in v0.6.11 

func (u *EsEvents) Openssh_login() *EsEventOpensshLogin

Openssh_login returns the union interpreted as *EsEventOpensshLogin. The returned pointer aliases the receiver's memory.

func (*EsEvents) Openssh_logout added in v0.6.11 

func (u *EsEvents) Openssh_logout() *EsEventOpensshLogout

Openssh_logout returns the union interpreted as *EsEventOpensshLogout. The returned pointer aliases the receiver's memory.

func (*EsEvents) Proc_check added in v0.6.11 

func (u *EsEvents) Proc_check() *EsEventProcCheck

Proc_check returns the union interpreted as *EsEventProcCheck. The returned pointer aliases the receiver's memory.

func (*EsEvents) Proc_suspend_resume added in v0.6.11 

func (u *EsEvents) Proc_suspend_resume() *EsEventProcSuspendResume

Proc_suspend_resume returns the union interpreted as *EsEventProcSuspendResume. The returned pointer aliases the receiver's memory.

func (*EsEvents) Profile_add added in v0.6.11 

func (u *EsEvents) Profile_add() *EsEventProfileAdd

Profile_add returns the union interpreted as *EsEventProfileAdd. The returned pointer aliases the receiver's memory.

func (*EsEvents) Profile_remove added in v0.6.11 

func (u *EsEvents) Profile_remove() *EsEventProfileRemove

Profile_remove returns the union interpreted as *EsEventProfileRemove. The returned pointer aliases the receiver's memory.

func (*EsEvents) Pty_close added in v0.6.11 

func (u *EsEvents) Pty_close() *EsEventPtyClose

Pty_close returns the union interpreted as *EsEventPtyClose. The returned pointer aliases the receiver's memory.

func (*EsEvents) Pty_grant added in v0.6.11 

func (u *EsEvents) Pty_grant() *EsEventPtyGrant

Pty_grant returns the union interpreted as *EsEventPtyGrant. The returned pointer aliases the receiver's memory.

func (*EsEvents) Readdir added in v0.6.11 

func (u *EsEvents) Readdir() *EsEventReaddir

Readdir returns the union interpreted as *EsEventReaddir. The returned pointer aliases the receiver's memory. 

func (u *EsEvents) Readlink() *EsEventReadlink

Readlink returns the union interpreted as *EsEventReadlink. The returned pointer aliases the receiver's memory.

func (*EsEvents) Remote_thread_create added in v0.6.11 

func (u *EsEvents) Remote_thread_create() *EsEventRemoteThreadCreate

Remote_thread_create returns the union interpreted as *EsEventRemoteThreadCreate. The returned pointer aliases the receiver's memory.

func (*EsEvents) Remount added in v0.6.11 

func (u *EsEvents) Remount() *EsEventRemount

Remount returns the union interpreted as *EsEventRemount. The returned pointer aliases the receiver's memory.

func (*EsEvents) Rename added in v0.6.11 

func (u *EsEvents) Rename() *EsEventRename

Rename returns the union interpreted as *EsEventRename. The returned pointer aliases the receiver's memory.

func (*EsEvents) Screensharing_attach added in v0.6.11 

func (u *EsEvents) Screensharing_attach() *EsEventScreensharingAttach

Screensharing_attach returns the union interpreted as *EsEventScreensharingAttach. The returned pointer aliases the receiver's memory.

func (*EsEvents) Screensharing_detach added in v0.6.11 

func (u *EsEvents) Screensharing_detach() *EsEventScreensharingDetach

Screensharing_detach returns the union interpreted as *EsEventScreensharingDetach. The returned pointer aliases the receiver's memory.

func (*EsEvents) Searchfs added in v0.6.11 

func (u *EsEvents) Searchfs() *EsEventSearchfs

Searchfs returns the union interpreted as *EsEventSearchfs. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setacl added in v0.6.11 

func (u *EsEvents) Setacl() *EsEventSetacl

Setacl returns the union interpreted as *EsEventSetacl. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setattrlist added in v0.6.11 

func (u *EsEvents) Setattrlist() *EsEventSetattrlist

Setattrlist returns the union interpreted as *EsEventSetattrlist. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setegid added in v0.6.11 

func (u *EsEvents) Setegid() *EsEventSetegid

Setegid returns the union interpreted as *EsEventSetegid. The returned pointer aliases the receiver's memory.

func (*EsEvents) Seteuid added in v0.6.11 

func (u *EsEvents) Seteuid() *EsEventSeteuid

Seteuid returns the union interpreted as *EsEventSeteuid. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setextattr added in v0.6.11 

func (u *EsEvents) Setextattr() *EsEventSetextattr

Setextattr returns the union interpreted as *EsEventSetextattr. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setflags added in v0.6.11 

func (u *EsEvents) Setflags() *EsEventSetflags

Setflags returns the union interpreted as *EsEventSetflags. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setgid added in v0.6.11 

func (u *EsEvents) Setgid() *EsEventSetgid

Setgid returns the union interpreted as *EsEventSetgid. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setmode added in v0.6.11 

func (u *EsEvents) Setmode() *EsEventSetmode

Setmode returns the union interpreted as *EsEventSetmode. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setowner added in v0.6.11 

func (u *EsEvents) Setowner() *EsEventSetowner

Setowner returns the union interpreted as *EsEventSetowner. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setregid added in v0.6.11 

func (u *EsEvents) Setregid() *EsEventSetregid

Setregid returns the union interpreted as *EsEventSetregid. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setreuid added in v0.6.11 

func (u *EsEvents) Setreuid() *EsEventSetreuid

Setreuid returns the union interpreted as *EsEventSetreuid. The returned pointer aliases the receiver's memory.

func (*EsEvents) Settime added in v0.6.11 

func (u *EsEvents) Settime() *EsEventSettime

Settime returns the union interpreted as *EsEventSettime. The returned pointer aliases the receiver's memory.

func (*EsEvents) Setuid added in v0.6.11 

func (u *EsEvents) Setuid() *EsEventSetuid

Setuid returns the union interpreted as *EsEventSetuid. The returned pointer aliases the receiver's memory.

func (*EsEvents) Signal added in v0.6.11 

func (u *EsEvents) Signal() *EsEventSignal

Signal returns the union interpreted as *EsEventSignal. The returned pointer aliases the receiver's memory.

func (*EsEvents) Stat added in v0.6.11 

func (u *EsEvents) Stat() *EsEventStat

Stat returns the union interpreted as *EsEventStat. The returned pointer aliases the receiver's memory.

func (*EsEvents) Su added in v0.6.11 

func (u *EsEvents) Su() *EsEventSu

Su returns the union interpreted as *EsEventSu. The returned pointer aliases the receiver's memory.

func (*EsEvents) Sudo added in v0.6.11 

func (u *EsEvents) Sudo() *EsEventSudo

Sudo returns the union interpreted as *EsEventSudo. The returned pointer aliases the receiver's memory.

func (*EsEvents) Tcc_modify added in v0.6.11 

func (u *EsEvents) Tcc_modify() *EsEventTccModify

Tcc_modify returns the union interpreted as *EsEventTccModify. The returned pointer aliases the receiver's memory.

func (*EsEvents) Trace added in v0.6.11 

func (u *EsEvents) Trace() *EsEventTrace

Trace returns the union interpreted as *EsEventTrace. The returned pointer aliases the receiver's memory.

func (*EsEvents) Truncate added in v0.6.11 

func (u *EsEvents) Truncate() *EsEventTruncate

Truncate returns the union interpreted as *EsEventTruncate. The returned pointer aliases the receiver's memory.

func (*EsEvents) Uipc_bind added in v0.6.11 

func (u *EsEvents) Uipc_bind() *EsEventUipcBind

Uipc_bind returns the union interpreted as *EsEventUipcBind. The returned pointer aliases the receiver's memory.

func (*EsEvents) Uipc_connect added in v0.6.11 

func (u *EsEvents) Uipc_connect() *EsEventUipcConnect

Uipc_connect returns the union interpreted as *EsEventUipcConnect. The returned pointer aliases the receiver's memory. 

func (u *EsEvents) Unlink() *EsEventUnlink

Unlink returns the union interpreted as *EsEventUnlink. The returned pointer aliases the receiver's memory.

func (*EsEvents) Unmount added in v0.6.11 

func (u *EsEvents) Unmount() *EsEventUnmount

Unmount returns the union interpreted as *EsEventUnmount. The returned pointer aliases the receiver's memory.

func (*EsEvents) Utimes added in v0.6.11 

func (u *EsEvents) Utimes() *EsEventUtimes

Utimes returns the union interpreted as *EsEventUtimes. The returned pointer aliases the receiver's memory.

func (*EsEvents) Write added in v0.6.11 

func (u *EsEvents) Write() *EsEventWrite

Write returns the union interpreted as *EsEventWrite. The returned pointer aliases the receiver's memory.

func (*EsEvents) Xp_malware_detected added in v0.6.11 

func (u *EsEvents) Xp_malware_detected() *EsEventXpMalwareDetected

Xp_malware_detected returns the union interpreted as *EsEventXpMalwareDetected. The returned pointer aliases the receiver's memory.

func (*EsEvents) Xp_malware_remediated added in v0.6.11 

func (u *EsEvents) Xp_malware_remediated() *EsEventXpMalwareRemediated

Xp_malware_remediated returns the union interpreted as *EsEventXpMalwareRemediated. The returned pointer aliases the receiver's memory.

func (*EsEvents) Xpc_connect added in v0.6.11 

func (u *EsEvents) Xpc_connect() *EsEventXPCConnect

Xpc_connect returns the union interpreted as *EsEventXPCConnect. The returned pointer aliases the receiver's memory.

type EsFd added in v0.6.11 

type EsFd struct {
	Fd      int32  // The file descriptor number.
	Fdtype  uint32 // The file descriptor type, as a libproc type.
	Pipe    unsafe.Pointer
	Pipe_id uint64
}

EsFd - A structure that describes an open file descriptor.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_fd_t

func EsExecFd added in v0.6.11 

func EsExecFd(event *EsEventExec, index uint32) *EsFd

EsExecFd gets the file descriptor at the specified position from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_fd(_:_:)

type EsFile added in v0.6.11 

type EsFile struct {
	Path           EsStringToken // The file’s path.
	Path_truncated bool          // A Boolean value that indicates whether Endpoint Security truncated the path string.
	Stat           kernel.Stat   // The file’s metadata, such as file size, user and group identifiers, and access and modification dates.

}

EsFile - A type that represents a file related to an Endpoint Security event.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_file_t

type EsGatekeeperUserOverrideFileType added in v0.5.1 

type EsGatekeeperUserOverrideFileType int32
const (
	EsGatekeeperUserOverrideFileTypeFile EsGatekeeperUserOverrideFileType = 1
	EsGatekeeperUserOverrideFileTypePath EsGatekeeperUserOverrideFileType = 0
)

func (EsGatekeeperUserOverrideFileType) String added in v0.5.1 

func (e EsGatekeeperUserOverrideFileType) String() string

type EsGetTaskType added in v0.5.1 

type EsGetTaskType int32
const (
	EsGetTaskTypeExposeTask    EsGetTaskType = 1
	EsGetTaskTypeIdentityToken EsGetTaskType = 2
	EsGetTaskTypeTaskForPid    EsGetTaskType = 0
)

func (EsGetTaskType) String added in v0.5.1 

func (e EsGetTaskType) String() string

type EsGraphicalSessionID added in v0.6.4 

type EsGraphicalSessionID = uint32

See: https://developer.apple.com/documentation/EndpointSecurity/es_graphical_session_id_t

type EsHandlerBlock added in v0.6.4 

type EsHandlerBlock = func(*Es_client_t, *Es_message_t)

EsHandlerBlock is a block that handles a message received from Endpoint Security.

See: https://developer.apple.com/documentation/EndpointSecurity/es_handler_block_t

type EsMessage added in v0.6.11 

type EsMessage struct {
	Version        uint32           // The version of the Endpoint Security message.
	Time           syscall.Timespec // The time the event occurred, expressed as a Darwin time value.
	Mach_time      uint64           // The time the event occurred, as a Mach time value.
	Deadline       uint64           // The deadline by which your app must respond to the event.
	Process        *EsProcess       // The process that performed the action defined in a message.
	Seq_num        uint64           // The sequence number of the message.
	Action_type    EsActionType     // The type of action: authentication or notification.
	Event_type     EsEventType      // The type of the message’s event.
	Event          EsEvents         // The event that triggered this message.
	Thread         *EsThread        // The thread that took the action defined in a message.
	Global_seq_num uint64           // The global sequence number of the message.
	Action         [36]byte         // The action monitored by Endpoint Security.
	Opaque         uint64           // An opaque storage field.

}

EsMessage - A message from the Endpoint Security subsystem that describes a security event.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_message_t

type EsMountDisposition added in v0.5.1 

type EsMountDisposition int32
const (
	EsMountDispositionExternal EsMountDisposition = 0
	EsMountDispositionInternal EsMountDisposition = 1
	EsMountDispositionNetwork  EsMountDisposition = 2
	EsMountDispositionNullfs   EsMountDisposition = 4
	EsMountDispositionUnknown  EsMountDisposition = 5
	EsMountDispositionVirtual  EsMountDisposition = 3
)

func (EsMountDisposition) String added in v0.5.1 

func (e EsMountDisposition) String() string

type EsMuteInversionType added in v0.5.1 

type EsMuteInversionType int32
const (
	EsMuteInversionTypeLast       EsMuteInversionType = 3
	EsMuteInversionTypePath       EsMuteInversionType = 1
	EsMuteInversionTypeProcess    EsMuteInversionType = 0
	EsMuteInversionTypeTargetPath EsMuteInversionType = 2
)

func (EsMuteInversionType) String added in v0.5.1 

func (e EsMuteInversionType) String() string

type EsMuteInvertedReturn added in v0.6.4 

type EsMuteInvertedReturn int32
const (
	EsMuteInverted      EsMuteInvertedReturn = 0
	EsMuteInvertedError EsMuteInvertedReturn = 2
	EsMuteNotInverted   EsMuteInvertedReturn = 1
)

func EsMutingInverted added in v0.6.11 

func EsMutingInverted(client *EsClient, mute_type EsMuteInversionType) EsMuteInvertedReturn

EsMutingInverted.

See: https://developer.apple.com/documentation/EndpointSecurity/es_muting_inverted(_:_:)

func (EsMuteInvertedReturn) String added in v0.6.11 

func (e EsMuteInvertedReturn) String() string

type EsMutePathType added in v0.5.1 

type EsMutePathType int32
const (
	// EsMutePathTypeLiteral: A type for a path string used as a path literal.
	EsMutePathTypeLiteral EsMutePathType = 1
	// EsMutePathTypePrefix: A type for a path string used as a prefix.
	EsMutePathTypePrefix        EsMutePathType = 0
	EsMutePathTypeTargetLiteral EsMutePathType = 3
	EsMutePathTypeTargetPrefix  EsMutePathType = 2
)

func (EsMutePathType) String added in v0.5.1 

func (e EsMutePathType) String() string

type EsMutedPath added in v0.6.11 

type EsMutedPath struct {
	Type        EsMutePathType // The path type: prefix or literal.
	Event_count uintptr        // The number of elements in the muted events array.
	Path        EsStringToken  // The muted path.
	Events      *EsEventType   // An array containing the muted event types.

}

EsMutedPath - A structure that describes a path’s muted events.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_muted_path_t

type EsMutedPaths added in v0.6.11 

type EsMutedPaths struct {
	Count uintptr      // The number of elements in the paths array.
	Paths *EsMutedPath // An array containing the muted paths.

}

EsMutedPaths - A structure for a set of muted paths.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_muted_paths_t

type EsMutedProcess added in v0.6.11 

type EsMutedProcess struct {
	Audit_token [32]byte     // The audit token associated with a muted process.
	Event_count uintptr      // The number of elements in the muted events array.
	Events      *EsEventType // An array containing the muted event types.

}

EsMutedProcess - A structure that describes a process’s muted events.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_muted_process_t

type EsMutedProcesses added in v0.6.11 

type EsMutedProcesses struct {
	Count     uintptr         // The number of elements in the processes array.
	Processes *EsMutedProcess // An array containing the muted processes.

}

EsMutedProcesses - A structure for a set of muted processes.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_muted_processes_t

type EsNewClientResult added in v0.5.1 

type EsNewClientResult int32
const (
	// EsNewClientResultErrInternal: Communication with the Endpoint Security subsystem failed.
	EsNewClientResultErrInternal EsNewClientResult = 2
	// EsNewClientResultErrInvalidArgument: The attempt to create a new client contained one or more invalid arguments.
	EsNewClientResultErrInvalidArgument EsNewClientResult = 1
	// EsNewClientResultErrNotEntitled: The caller isn’t properly entitled to connect to Endpoint Security.
	EsNewClientResultErrNotEntitled EsNewClientResult = 3
	// EsNewClientResultErrNotPermitted: The caller isn’t permitted to connect to Endpoint Security.
	EsNewClientResultErrNotPermitted EsNewClientResult = 4
	// EsNewClientResultErrNotPrivileged: The caller isn’t running as root.
	EsNewClientResultErrNotPrivileged EsNewClientResult = 5
	// EsNewClientResultErrTooManyClients: The caller has reached the maximum allowed number of simultaneously connected clients.
	EsNewClientResultErrTooManyClients EsNewClientResult = 6
	// EsNewClientResultSuccess: Endpoint Security successfully created the new client.
	EsNewClientResultSuccess EsNewClientResult = 0
)

func EsNewClient added in v0.6.11 

func EsNewClient(client **Es_client_t, handler func(*Es_client_t, *Es_message_t)) EsNewClientResult

EsNewClient creates a new client instance and connects it to the Endpoint Security system.

See: https://developer.apple.com/documentation/EndpointSecurity/es_new_client(_:_:)

func (EsNewClientResult) String added in v0.5.1 

func (e EsNewClientResult) String() string

type EsOdAccountType added in v0.5.1 

type EsOdAccountType int32
const (
	EsOdAccountTypeComputer EsOdAccountType = 1
	EsOdAccountTypeUser     EsOdAccountType = 0
)

func (EsOdAccountType) String added in v0.5.1 

func (e EsOdAccountType) String() string

type EsOdMemberID added in v0.6.11 

type EsOdMemberID struct {
	Member_type  EsOdMemberType
	Member_value [16]byte
}

EsOdMemberID

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_od_member_id_t

type EsOdMemberIDArray added in v0.6.11 

type EsOdMemberIDArray struct {
	Member_type  EsOdMemberType
	Member_count uintptr
	Member_array [8]byte
}

EsOdMemberIDArray

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_od_member_id_array_t

type EsOdMemberType added in v0.5.1 

type EsOdMemberType int32
const (
	EsOdMemberTypeGroupUuid EsOdMemberType = 2
	EsOdMemberTypeUserName  EsOdMemberType = 0
	EsOdMemberTypeUserUuid  EsOdMemberType = 1
)

func (EsOdMemberType) String added in v0.5.1 

func (e EsOdMemberType) String() string

type EsOdRecordType added in v0.5.1 

type EsOdRecordType int32
const (
	EsOdRecordTypeGroup EsOdRecordType = 1
	EsOdRecordTypeUser  EsOdRecordType = 0
)

func (EsOdRecordType) String added in v0.5.1 

func (e EsOdRecordType) String() string

type EsOpensshLoginResultType added in v0.6.4 

type EsOpensshLoginResultType int32
const (
	EsOpensshAuthFailGssapi      EsOpensshLoginResultType = 8
	EsOpensshAuthFailHostbased   EsOpensshLoginResultType = 7
	EsOpensshAuthFailKbdint      EsOpensshLoginResultType = 5
	EsOpensshAuthFailNone        EsOpensshLoginResultType = 3
	EsOpensshAuthFailPasswd      EsOpensshLoginResultType = 4
	EsOpensshAuthFailPubkey      EsOpensshLoginResultType = 6
	EsOpensshAuthSuccess         EsOpensshLoginResultType = 2
	EsOpensshInvalidUser         EsOpensshLoginResultType = 9
	EsOpensshLoginExceedMaxtries EsOpensshLoginResultType = 0
	EsOpensshLoginRootDenied     EsOpensshLoginResultType = 1
)

func (EsOpensshLoginResultType) String added in v0.6.11 

func (e EsOpensshLoginResultType) String() string

type EsProcCheckType added in v0.5.1 

type EsProcCheckType int32
const (
	// EsProcCheckTypeDirtycontrol: A type of process check that uses the process’s dirty state.
	EsProcCheckTypeDirtycontrol EsProcCheckType = 0x8
	// EsProcCheckTypeKernmsgbuf: A type of process check that checks the message buffer.
	EsProcCheckTypeKernmsgbuf EsProcCheckType = 0x4
	// EsProcCheckTypeListpids: A type of process check that lists related process identifiers.
	EsProcCheckTypeListpids EsProcCheckType = 0x1
	// EsProcCheckTypePidfdinfo: A type of process check that gets file descriptor information.
	EsProcCheckTypePidfdinfo EsProcCheckType = 0x3
	// EsProcCheckTypePidfileportinfo: A type of process check that gets port information.
	EsProcCheckTypePidfileportinfo EsProcCheckType = 0x6
	// EsProcCheckTypePidinfo: A type of process check that gets basic process information.
	EsProcCheckTypePidinfo EsProcCheckType = 0x2
	// EsProcCheckTypePidrusage: A type of process check that gets a process’s resource usage information.
	EsProcCheckTypePidrusage EsProcCheckType = 0x9
	// EsProcCheckTypeSetcontrol: A type of process check that sets the process control state.
	EsProcCheckTypeSetcontrol EsProcCheckType = 0x5
	// EsProcCheckTypeTerminate: A type of process check that terninates a process.
	EsProcCheckTypeTerminate EsProcCheckType = 0x7
	// EsProcCheckTypeUdataInfo: A type of process check that involves a user data token.
	EsProcCheckTypeUdataInfo EsProcCheckType = 0xe
)

func (EsProcCheckType) String added in v0.5.1 

func (e EsProcCheckType) String() string

type EsProcSuspendResumeType added in v0.5.1 

type EsProcSuspendResumeType int32
const (
	// EsProcSuspendResumeTypeResume: An event type for process resumption events.
	EsProcSuspendResumeTypeResume EsProcSuspendResumeType = 1
	// EsProcSuspendResumeTypeShutdownSockets: An event type for process socket shutdown events.
	EsProcSuspendResumeTypeShutdownSockets EsProcSuspendResumeType = 3
	// EsProcSuspendResumeTypeSuspend: An event type for process suspension events.
	EsProcSuspendResumeTypeSuspend EsProcSuspendResumeType = 0
)

func (EsProcSuspendResumeType) String added in v0.5.1 

func (e EsProcSuspendResumeType) String() string

type EsProcess added in v0.6.11 

type EsProcess struct {
	Audit_token             [32]byte               // A token for use with Basic Security Module auditing functions.
	Ppid                    int32                  // The parent process identifier.
	Original_ppid           int32                  // The original parent process ID.
	Group_id                int32                  // The process group identifier.
	Session_id              int32                  // The identifier of the session that contains the process group.
	Codesigning_flags       uint32                 // The flags used to sign the process.
	Is_platform_binary      bool                   // A Boolean value that indicates whether the process is a platform binary.
	Is_es_client            bool                   // A Boolean value that indicates whether the process connects to the Endpoint Security subsystem.
	Cdhash                  EsCdhash               // The code directory hash value.
	Signing_id              EsStringToken          // The identifier used to sign the process.
	Team_id                 EsStringToken          // The team identifier used to sign the process.
	Executable              *EsFile                // The file containing the executed process.
	Tty                     *EsFile                // The TTY associated with the process sending the message.
	Start_time              kernel.Timeval         // The time the process started.
	Responsible_audit_token [32]byte               // The audit token of the process responsible for this process.
	Parent_audit_token      [32]byte               // The audit token of the parent process.
	Cs_validation_category  EsCsValidationCategory // es_cs_validation_category

}

EsProcess - A type that describes a process, as delivered by an Endpoint Security message.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_process_t

type EsProfile added in v0.6.11 

type EsProfile struct {
	Identifier     EsStringToken
	Uuid           EsStringToken
	Install_source EsProfileSource
	Organization   EsStringToken
	Display_name   EsStringToken
	Scope          EsStringToken
}

EsProfile

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_profile_t

type EsProfileSource added in v0.5.1 

type EsProfileSource int32
const (
	EsProfileSourceInstall EsProfileSource = 1
	EsProfileSourceManaged EsProfileSource = 0
)

func (EsProfileSource) String added in v0.5.1 

func (e EsProfileSource) String() string

type EsRespondResult added in v0.5.1 

type EsRespondResult int32
const (
	// EsRespondResultErrDuplicateResponse: The caller responded to a message that already received a response.
	EsRespondResultErrDuplicateResponse EsRespondResult = 4
	// EsRespondResultErrEventType: The caller performed an inappropriate response to the event.
	EsRespondResultErrEventType EsRespondResult = 5
	// EsRespondResultErrInternal: Communication with the Endpoint Security system failed.
	EsRespondResultErrInternal EsRespondResult = 2
	// EsRespondResultErrInvalidArgument: The caller provided one or more invalid arguments.
	EsRespondResultErrInvalidArgument EsRespondResult = 1
	// EsRespondResultNotFound: The system couldn’t find the message that the caller sent this response to.
	EsRespondResultNotFound EsRespondResult = 3
	// EsRespondResultSuccess: Endpoint Security successfully delivered the response.
	EsRespondResultSuccess EsRespondResult = 0
)

func EsRespondAuthResult added in v0.6.11 

func EsRespondAuthResult(client *EsClient, message *EsMessage, result EsAuthResult, cache bool) EsRespondResult

EsRespondAuthResult responds to an event that requires an authorization response.

See: https://developer.apple.com/documentation/EndpointSecurity/es_respond_auth_result(_:_:_:_:)

func EsRespondFlagsResult added in v0.6.11 

func EsRespondFlagsResult(client *EsClient, message *EsMessage, authorized_flags uint32, cache bool) EsRespondResult

EsRespondFlagsResult responds to an event that requires authorization flags as a response.

See: https://developer.apple.com/documentation/EndpointSecurity/es_respond_flags_result(_:_:_:_:)

func (EsRespondResult) String added in v0.5.1 

func (e EsRespondResult) String() string

type EsResult added in v0.6.11 

type EsResult struct {
	Result_type EsResultType // The type of the message’s result.
	Result      [32]byte     // The message’s result, as either an authorization result or flags.

}

EsResult - The result of the Endpoint Security subsystem authorization process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_result_t

type EsResultType added in v0.5.1 

type EsResultType int32
const (
	// EsResultTypeAuth: The authorization result type.
	EsResultTypeAuth EsResultType = 0
	// EsResultTypeFlags: The flags result type.
	EsResultTypeFlags EsResultType = 1
)

func (EsResultType) String added in v0.5.1 

func (e EsResultType) String() string

type EsReturn added in v0.5.1 

type EsReturn int32
const (
	// EsReturnError: The action failed with an error.
	EsReturnError EsReturn = 1
	// EsReturnSuccess: The action succeeded.
	EsReturnSuccess EsReturn = 0
)

func EsDeleteClient added in v0.6.11 

func EsDeleteClient(client *EsClient) EsReturn

EsDeleteClient destroys and disconnects a client instance from the Endpoint Security system.

See: https://developer.apple.com/documentation/EndpointSecurity/es_delete_client(_:)

func EsInvertMuting added in v0.6.11 

func EsInvertMuting(client *EsClient, mute_type EsMuteInversionType) EsReturn

EsInvertMuting.

See: https://developer.apple.com/documentation/EndpointSecurity/es_invert_muting(_:_:)

func EsMutePath added in v0.6.11 

func EsMutePath(client *EsClient, path string, type_ EsMutePathType) EsReturn

EsMutePath suppresses events from executables that match a given path.

See: https://developer.apple.com/documentation/EndpointSecurity/es_mute_path(_:_:_:)

func EsMutePathEvents added in v0.6.11 

func EsMutePathEvents(client *EsClient, path string, type_ EsMutePathType, events *EsEventType, event_count uintptr) EsReturn

EsMutePathEvents suppresses a subset of events from executables that match a given path.

See: https://developer.apple.com/documentation/EndpointSecurity/es_mute_path_events(_:_:_:_:_:)

func EsMuteProcess added in v0.6.11 

func EsMuteProcess(client *EsClient, audit_token *[32]byte) EsReturn

EsMuteProcess suppresses events from a given process.

See: https://developer.apple.com/documentation/EndpointSecurity/es_mute_process(_:_:)

func EsMuteProcessEvents added in v0.6.11 

func EsMuteProcessEvents(client *EsClient, audit_token *[32]byte, events *EsEventType, event_count uintptr) EsReturn

EsMuteProcessEvents suppresses a subset of events from a given process.

See: https://developer.apple.com/documentation/EndpointSecurity/es_mute_process_events(_:_:_:_:)

func EsMutedPathsEvents added in v0.6.11 

func EsMutedPathsEvents(client *EsClient, muted_paths **EsMutedPaths) EsReturn

EsMutedPathsEvents retrieve a list of all muted paths.

See: https://developer.apple.com/documentation/EndpointSecurity/es_muted_paths_events(_:_:)

func EsMutedProcessesEvents added in v0.6.11 

func EsMutedProcessesEvents(client *EsClient, muted_processes **EsMutedProcesses) EsReturn

EsMutedProcessesEvents retrieve a list of all muted processes.

See: https://developer.apple.com/documentation/EndpointSecurity/es_muted_processes_events(_:_:)

func EsSubscribe added in v0.6.11 

func EsSubscribe(client *EsClient, events *EsEventType, event_count uint32) EsReturn

EsSubscribe subscribes a client to a set of events.

See: https://developer.apple.com/documentation/EndpointSecurity/es_subscribe(_:_:_:)

func EsSubscriptions added in v0.6.11 

func EsSubscriptions(client *EsClient, count *uintptr, subscriptions *EsEventType) EsReturn

EsSubscriptions returns a list of the client’s subscriptions.

See: https://developer.apple.com/documentation/EndpointSecurity/es_subscriptions(_:_:_:)

func EsUnmuteAllPaths added in v0.6.11 

func EsUnmuteAllPaths(client *EsClient) EsReturn

EsUnmuteAllPaths restores event delivery from previously-muted paths.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_all_paths(_:)

func EsUnmuteAllTargetPaths added in v0.6.11 

func EsUnmuteAllTargetPaths(client *EsClient) EsReturn

EsUnmuteAllTargetPaths.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_all_target_paths(_:)

func EsUnmutePath added in v0.6.11 

func EsUnmutePath(client *EsClient, path string, type_ EsMutePathType) EsReturn

EsUnmutePath restores event delivery from a previously-muted path.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_path(_:_:_:)

func EsUnmutePathEvents added in v0.6.11 

func EsUnmutePathEvents(client *EsClient, path string, type_ EsMutePathType, events *EsEventType, event_count uintptr) EsReturn

EsUnmutePathEvents restores event delivery of a subset of events from a previously-muted path.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_path_events(_:_:_:_:_:)

func EsUnmuteProcess added in v0.6.11 

func EsUnmuteProcess(client *EsClient, audit_token *[32]byte) EsReturn

EsUnmuteProcess restores event delivery from a previously-muted process.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_process(_:_:)

func EsUnmuteProcessEvents added in v0.6.11 

func EsUnmuteProcessEvents(client *EsClient, audit_token *[32]byte, events *EsEventType, event_count uintptr) EsReturn

EsUnmuteProcessEvents restores event delivery of a subset of events from a previously-muted process.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_process_events(_:_:_:_:)

func EsUnsubscribe added in v0.6.11 

func EsUnsubscribe(client *EsClient, events *EsEventType, event_count uint32) EsReturn

EsUnsubscribe unsubscribes the provided client from a set of events.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unsubscribe(_:_:_:)

func EsUnsubscribeAll added in v0.6.11 

func EsUnsubscribeAll(client *EsClient) EsReturn

EsUnsubscribeAll unsubscribes a client from all events.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unsubscribe_all(_:)

func (EsReturn) String added in v0.5.1 

func (e EsReturn) String() string

type EsSetOrClear added in v0.6.4 

type EsSetOrClear int32
const (
	// EsClear: A case that indicates the event represents a clearing of the access control list.
	EsClear EsSetOrClear = 1
	// EsSet: A case that indicates the event represents a setting of access control list values.
	EsSet EsSetOrClear = 0
)

func (EsSetOrClear) String added in v0.6.11 

func (e EsSetOrClear) String() string

type EsSha256 added in v0.6.4 

type EsSha256 = kernel.Pointer

See: https://developer.apple.com/documentation/EndpointSecurity/es_sha256_t

type EsSignedFileInfo added in v0.6.11 

type EsSignedFileInfo struct {
	Cdhash     EsCdhash
	Signing_id EsStringToken
	Team_id    EsStringToken
}

EsSignedFileInfo

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_signed_file_info_t

type EsStatfs added in v0.6.4 

type EsStatfs = kernel.Pointer

EsStatfs is this typedef is no longer used, but exists for API backwards compatibility.

See: https://developer.apple.com/documentation/EndpointSecurity/es_statfs_t

type EsStringToken added in v0.6.11 

type EsStringToken struct {
	Length uintptr // The size of the data buffer, in bytes.
	Data   *byte   // The string data.

}

EsStringToken - A pointer to a null-terminated string, and the length in bytes of that string.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_string_token_t

func EsExecArg added in v0.6.11 

func EsExecArg(event *EsEventExec, index uint32) EsStringToken

EsExecArg gets the argument at the specified position from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_arg(_:_:)

func EsExecEnv added in v0.6.11 

func EsExecEnv(event *EsEventExec, index uint32) EsStringToken

EsExecEnv gets the environment variable at the specified position from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_env(_:_:)

type EsSudoPluginType added in v0.5.1 

type EsSudoPluginType int32
const (
	EsSudoPluginTypeApproval EsSudoPluginType = 5
	EsSudoPluginTypeAudit    EsSudoPluginType = 4
	EsSudoPluginTypeFrontEnd EsSudoPluginType = 1
	EsSudoPluginTypeIO       EsSudoPluginType = 3
	EsSudoPluginTypePolicy   EsSudoPluginType = 2
	EsSudoPluginTypeUnknown  EsSudoPluginType = 0
)

func (EsSudoPluginType) String added in v0.5.1 

func (e EsSudoPluginType) String() string

type EsSudoRejectInfo added in v0.6.11 

type EsSudoRejectInfo struct {
	Plugin_name     EsStringToken
	Plugin_type     EsSudoPluginType
	Failure_message EsStringToken
}

EsSudoRejectInfo

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_sudo_reject_info_t

type EsTccAuthorizationReason added in v0.5.1 

type EsTccAuthorizationReason int32
const (
	// EsTccAuthorizationReasonAppTypePolicy: A system process changed the authorization right
	EsTccAuthorizationReasonAppTypePolicy EsTccAuthorizationReason = 12
	// EsTccAuthorizationReasonEntitled: A system process changed the authorization right
	EsTccAuthorizationReasonEntitled EsTccAuthorizationReason = 11
	EsTccAuthorizationReasonError    EsTccAuthorizationReason = 1
	// EsTccAuthorizationReasonMdmPolicy: A system process changed the authorization right
	EsTccAuthorizationReasonMdmPolicy EsTccAuthorizationReason = 6
	// EsTccAuthorizationReasonMissingUsageString: A system process changed the authorization right
	EsTccAuthorizationReasonMissingUsageString EsTccAuthorizationReason = 8
	EsTccAuthorizationReasonNone               EsTccAuthorizationReason = 0
	// EsTccAuthorizationReasonPreflightUnknown: A system process changed the authorization right
	EsTccAuthorizationReasonPreflightUnknown EsTccAuthorizationReason = 10
	// EsTccAuthorizationReasonPromptCancel: A system process changed the authorization right
	EsTccAuthorizationReasonPromptCancel EsTccAuthorizationReason = 13
	// EsTccAuthorizationReasonPromptTimeout: A system process changed the authorization right
	EsTccAuthorizationReasonPromptTimeout EsTccAuthorizationReason = 9
	// EsTccAuthorizationReasonServiceOverridePolicy: A system process changed the authorization right
	EsTccAuthorizationReasonServiceOverridePolicy EsTccAuthorizationReason = 7
	// EsTccAuthorizationReasonServicePolicy: A system process changed the authorization right
	EsTccAuthorizationReasonServicePolicy EsTccAuthorizationReason = 5
	// EsTccAuthorizationReasonSystemSet: User changed the authorization right via Preferences
	EsTccAuthorizationReasonSystemSet   EsTccAuthorizationReason = 4
	EsTccAuthorizationReasonUserConsent EsTccAuthorizationReason = 2
	// EsTccAuthorizationReasonUserSet: User answered a prompt
	EsTccAuthorizationReasonUserSet EsTccAuthorizationReason = 3
)

func (EsTccAuthorizationReason) String added in v0.5.1 

func (e EsTccAuthorizationReason) String() string

type EsTccAuthorizationRight added in v0.5.1 

type EsTccAuthorizationRight int32
const (
	EsTccAuthorizationRightAddModifyAdded EsTccAuthorizationRight = 4
	EsTccAuthorizationRightAllowed        EsTccAuthorizationRight = 2
	EsTccAuthorizationRightDenied         EsTccAuthorizationRight = 0
	EsTccAuthorizationRightLearnMore      EsTccAuthorizationRight = 6
	EsTccAuthorizationRightLimited        EsTccAuthorizationRight = 3
	EsTccAuthorizationRightSessionPid     EsTccAuthorizationRight = 5
	EsTccAuthorizationRightUnknown        EsTccAuthorizationRight = 1
)

func (EsTccAuthorizationRight) String added in v0.5.1 

func (e EsTccAuthorizationRight) String() string

type EsTccEventType added in v0.5.1 

type EsTccEventType int32
const (
	EsTccEventTypeCreate  EsTccEventType = 1
	EsTccEventTypeDelete  EsTccEventType = 3
	EsTccEventTypeModify  EsTccEventType = 2
	EsTccEventTypeUnknown EsTccEventType = 0
)

func (EsTccEventType) String added in v0.5.1 

func (e EsTccEventType) String() string

type EsTccIdentityType added in v0.5.1 

type EsTccIdentityType int32
const (
	EsTccIdentityTypeBundleID             EsTccIdentityType = 0
	EsTccIdentityTypeExecutablePath       EsTccIdentityType = 1
	EsTccIdentityTypeFileProviderDomainID EsTccIdentityType = 3
	EsTccIdentityTypePolicyID             EsTccIdentityType = 2
)

func (EsTccIdentityType) String added in v0.5.1 

func (e EsTccIdentityType) String() string

type EsThread added in v0.6.11 

type EsThread struct {
	Thread_id uint64 // The unique identifier of the thread.

}

EsThread - A structure that represents a thread in a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_thread_t

type EsThreadState added in v0.6.11 

type EsThreadState struct {
	Flavor int     // An indication of the representation of the machine-specific thread state.
	State  EsToken // The machine-specific thread state.

}

EsThreadState - A description of a thread’s machine-specfiic state.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_thread_state_t

type EsToken added in v0.6.11 

type EsToken struct {
	Size uintptr // The size of the data buffer, in bytes.
	Data *uint8  // A data buffer.

}

EsToken - An arbitrary buffer of data with its size.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_token_t

type EsTouchidMode added in v0.5.1 

type EsTouchidMode int32
const (
	EsTouchidModeIdentification EsTouchidMode = 1
	EsTouchidModeVerification   EsTouchidMode = 0
)

func (EsTouchidMode) String added in v0.5.1 

func (e EsTouchidMode) String() string

type EsXPCDomainType added in v0.5.1 

type EsXPCDomainType int32
const (
	EsXPCDomainTypeGui       EsXPCDomainType = 8
	EsXPCDomainTypeManager   EsXPCDomainType = 6
	EsXPCDomainTypePid       EsXPCDomainType = 5
	EsXPCDomainTypePort      EsXPCDomainType = 7
	EsXPCDomainTypeSession   EsXPCDomainType = 4
	EsXPCDomainTypeSystem    EsXPCDomainType = 1
	EsXPCDomainTypeUser      EsXPCDomainType = 2
	EsXPCDomainTypeUserLogin EsXPCDomainType = 3
)

func (EsXPCDomainType) String added in v0.5.1 

func (e EsXPCDomainType) String() string

type Es_action_type_t added in v0.6.3 

type Es_action_type_t = EsActionType

Es_action_type_t is a C-name alias for EsActionType.

type Es_address_type_t added in v0.6.3 

type Es_address_type_t = EsAddressType

Es_address_type_t is a C-name alias for EsAddressType.

type Es_auth_result_t added in v0.6.3 

type Es_auth_result_t = EsAuthResult

Es_auth_result_t is a C-name alias for EsAuthResult.

type Es_authentication_type_t added in v0.6.3 

type Es_authentication_type_t = EsAuthenticationType

Es_authentication_type_t is a C-name alias for EsAuthenticationType.

type Es_authorization_result_t 

type Es_authorization_result_t = EsAuthorizationResult

Es_authorization_result_t is a type alias for EsAuthorizationResult for use in objc.Send[T] calls.

type Es_authorization_rule_class_t added in v0.6.3 

type Es_authorization_rule_class_t = EsAuthorizationRuleClass

Es_authorization_rule_class_t is a C-name alias for EsAuthorizationRuleClass.

type Es_auto_unlock_type_t added in v0.5.3 

type Es_auto_unlock_type_t = EsAutoUnlockType

Es_auto_unlock_type_t is a C-name alias for EsAutoUnlockType.

type Es_btm_item_type_t added in v0.6.3 

type Es_btm_item_type_t = EsBtmItemType

Es_btm_item_type_t is a C-name alias for EsBtmItemType.

type Es_btm_launch_item_t 

type Es_btm_launch_item_t = EsBtmLaunchItem

Es_btm_launch_item_t is a type alias for EsBtmLaunchItem for use in objc.Send[T] calls.

type Es_cdhash_t 

type Es_cdhash_t = EsCdhash

Es_cdhash_t is a C-name alias for EsCdhash.

type Es_clear_cache_result_t added in v0.6.3 

type Es_clear_cache_result_t = EsClearCacheResult

Es_clear_cache_result_t is a C-name alias for EsClearCacheResult.

type Es_client_t 

type Es_client_t = EsClient

Es_client_t is a C-name alias for EsClient.

type Es_cs_validation_category_t added in v0.6.3 

type Es_cs_validation_category_t = EsCsValidationCategory

Es_cs_validation_category_t is a C-name alias for EsCsValidationCategory.

type Es_destination_type_t added in v0.6.3 

type Es_destination_type_t = EsDestinationType

Es_destination_type_t is a C-name alias for EsDestinationType.

type Es_event_access_t 

type Es_event_access_t = EsEventAccess

Es_event_access_t is a type alias for EsEventAccess for use in objc.Send[T] calls.

type Es_event_authentication_auto_unlock_t 

type Es_event_authentication_auto_unlock_t = EsEventAuthenticationAutoUnlock

Es_event_authentication_auto_unlock_t is a type alias for EsEventAuthenticationAutoUnlock for use in objc.Send[T] calls.

type Es_event_authentication_od_t 

type Es_event_authentication_od_t = EsEventAuthenticationOd

Es_event_authentication_od_t is a type alias for EsEventAuthenticationOd for use in objc.Send[T] calls.

type Es_event_authentication_t 

type Es_event_authentication_t = EsEventAuthentication

Es_event_authentication_t is a type alias for EsEventAuthentication for use in objc.Send[T] calls.

type Es_event_authentication_token_t 

type Es_event_authentication_token_t = EsEventAuthenticationToken

Es_event_authentication_token_t is a type alias for EsEventAuthenticationToken for use in objc.Send[T] calls.

type Es_event_authentication_touchid_t 

type Es_event_authentication_touchid_t = EsEventAuthenticationTouchid

Es_event_authentication_touchid_t is a type alias for EsEventAuthenticationTouchid for use in objc.Send[T] calls.

type Es_event_authorization_judgement_t 

type Es_event_authorization_judgement_t = EsEventAuthorizationJudgement

Es_event_authorization_judgement_t is a type alias for EsEventAuthorizationJudgement for use in objc.Send[T] calls.

type Es_event_authorization_petition_t 

type Es_event_authorization_petition_t = EsEventAuthorizationPetition

Es_event_authorization_petition_t is a type alias for EsEventAuthorizationPetition for use in objc.Send[T] calls.

type Es_event_btm_launch_item_add_t 

type Es_event_btm_launch_item_add_t = EsEventBtmLaunchItemAdd

Es_event_btm_launch_item_add_t is a type alias for EsEventBtmLaunchItemAdd for use in objc.Send[T] calls.

type Es_event_btm_launch_item_remove_t 

type Es_event_btm_launch_item_remove_t = EsEventBtmLaunchItemRemove

Es_event_btm_launch_item_remove_t is a type alias for EsEventBtmLaunchItemRemove for use in objc.Send[T] calls.

type Es_event_chdir_t 

type Es_event_chdir_t = EsEventChdir

Es_event_chdir_t is a type alias for EsEventChdir for use in objc.Send[T] calls.

type Es_event_chroot_t 

type Es_event_chroot_t = EsEventChroot

Es_event_chroot_t is a type alias for EsEventChroot for use in objc.Send[T] calls.

type Es_event_clone_t 

type Es_event_clone_t = EsEventClone

Es_event_clone_t is a type alias for EsEventClone for use in objc.Send[T] calls.

type Es_event_close_t 

type Es_event_close_t = EsEventClose

Es_event_close_t is a type alias for EsEventClose for use in objc.Send[T] calls.

type Es_event_copyfile_t 

type Es_event_copyfile_t = EsEventCopyfile

Es_event_copyfile_t is a type alias for EsEventCopyfile for use in objc.Send[T] calls.

type Es_event_create_t 

type Es_event_create_t = EsEventCreate

Es_event_create_t is a type alias for EsEventCreate for use in objc.Send[T] calls.

type Es_event_cs_invalidated_t 

type Es_event_cs_invalidated_t = EsEventCsInvalidated

Es_event_cs_invalidated_t is a type alias for EsEventCsInvalidated for use in objc.Send[T] calls.

type Es_event_deleteextattr_t 

type Es_event_deleteextattr_t = EsEventDeleteextattr

Es_event_deleteextattr_t is a type alias for EsEventDeleteextattr for use in objc.Send[T] calls.

type Es_event_dup_t 

type Es_event_dup_t = EsEventDup

Es_event_dup_t is a type alias for EsEventDup for use in objc.Send[T] calls.

type Es_event_exchangedata_t 

type Es_event_exchangedata_t = EsEventExchangedata

Es_event_exchangedata_t is a type alias for EsEventExchangedata for use in objc.Send[T] calls.

type Es_event_exec_t 

type Es_event_exec_t = EsEventExec

Es_event_exec_t is a type alias for EsEventExec for use in objc.Send[T] calls.

type Es_event_exit_t 

type Es_event_exit_t = EsEventExit

Es_event_exit_t is a type alias for EsEventExit for use in objc.Send[T] calls.

type Es_event_fcntl_t 

type Es_event_fcntl_t = EsEventFcntl

Es_event_fcntl_t is a type alias for EsEventFcntl for use in objc.Send[T] calls.

type Es_event_file_provider_materialize_t 

type Es_event_file_provider_materialize_t = EsEventFileProviderMaterialize

Es_event_file_provider_materialize_t is a type alias for EsEventFileProviderMaterialize for use in objc.Send[T] calls.

type Es_event_file_provider_update_t 

type Es_event_file_provider_update_t = EsEventFileProviderUpdate

Es_event_file_provider_update_t is a type alias for EsEventFileProviderUpdate for use in objc.Send[T] calls.

type Es_event_fork_t 

type Es_event_fork_t = EsEventFork

Es_event_fork_t is a type alias for EsEventFork for use in objc.Send[T] calls.

type Es_event_fsgetpath_t 

type Es_event_fsgetpath_t = EsEventFsgetpath

Es_event_fsgetpath_t is a type alias for EsEventFsgetpath for use in objc.Send[T] calls.

type Es_event_gatekeeper_user_override_t 

type Es_event_gatekeeper_user_override_t = EsEventGatekeeperUserOverride

Es_event_gatekeeper_user_override_t is a type alias for EsEventGatekeeperUserOverride for use in objc.Send[T] calls.

type Es_event_get_task_inspect_t 

type Es_event_get_task_inspect_t = EsEventGetTaskInspect

Es_event_get_task_inspect_t is a type alias for EsEventGetTaskInspect for use in objc.Send[T] calls.

type Es_event_get_task_name_t 

type Es_event_get_task_name_t = EsEventGetTaskName

Es_event_get_task_name_t is a type alias for EsEventGetTaskName for use in objc.Send[T] calls.

type Es_event_get_task_read_t 

type Es_event_get_task_read_t = EsEventGetTaskRead

Es_event_get_task_read_t is a type alias for EsEventGetTaskRead for use in objc.Send[T] calls.

type Es_event_get_task_t 

type Es_event_get_task_t = EsEventGetTask

Es_event_get_task_t is a type alias for EsEventGetTask for use in objc.Send[T] calls.

type Es_event_getattrlist_t 

type Es_event_getattrlist_t = EsEventGetattrlist

Es_event_getattrlist_t is a type alias for EsEventGetattrlist for use in objc.Send[T] calls.

type Es_event_getextattr_t 

type Es_event_getextattr_t = EsEventGetextattr

Es_event_getextattr_t is a type alias for EsEventGetextattr for use in objc.Send[T] calls.

type Es_event_id_t 

type Es_event_id_t = EsEventID

Es_event_id_t is a type alias for EsEventID for use in objc.Send[T] calls.

type Es_event_iokit_open_t 

type Es_event_iokit_open_t = EsEventIokitOpen

Es_event_iokit_open_t is a type alias for EsEventIokitOpen for use in objc.Send[T] calls.

type Es_event_kextload_t 

type Es_event_kextload_t = EsEventKextload

Es_event_kextload_t is a type alias for EsEventKextload for use in objc.Send[T] calls.

type Es_event_kextunload_t 

type Es_event_kextunload_t = EsEventKextunload

Es_event_kextunload_t is a type alias for EsEventKextunload for use in objc.Send[T] calls. 

type Es_event_link_t = EsEventLink

Es_event_link_t is a type alias for EsEventLink for use in objc.Send[T] calls.

type Es_event_listextattr_t 

type Es_event_listextattr_t = EsEventListextattr

Es_event_listextattr_t is a type alias for EsEventListextattr for use in objc.Send[T] calls.

type Es_event_login_login_t 

type Es_event_login_login_t = EsEventLoginLogin

Es_event_login_login_t is a type alias for EsEventLoginLogin for use in objc.Send[T] calls.

type Es_event_login_logout_t 

type Es_event_login_logout_t = EsEventLoginLogout

Es_event_login_logout_t is a type alias for EsEventLoginLogout for use in objc.Send[T] calls.

type Es_event_lookup_t 

type Es_event_lookup_t = EsEventLookup

Es_event_lookup_t is a type alias for EsEventLookup for use in objc.Send[T] calls.

type Es_event_lw_session_lock_t 

type Es_event_lw_session_lock_t = EsEventLwSessionLock

Es_event_lw_session_lock_t is a type alias for EsEventLwSessionLock for use in objc.Send[T] calls.

type Es_event_lw_session_login_t 

type Es_event_lw_session_login_t = EsEventLwSessionLogin

Es_event_lw_session_login_t is a type alias for EsEventLwSessionLogin for use in objc.Send[T] calls.

type Es_event_lw_session_logout_t 

type Es_event_lw_session_logout_t = EsEventLwSessionLogout

Es_event_lw_session_logout_t is a type alias for EsEventLwSessionLogout for use in objc.Send[T] calls.

type Es_event_lw_session_unlock_t 

type Es_event_lw_session_unlock_t = EsEventLwSessionUnlock

Es_event_lw_session_unlock_t is a type alias for EsEventLwSessionUnlock for use in objc.Send[T] calls.

type Es_event_mmap_t 

type Es_event_mmap_t = EsEventMmap

Es_event_mmap_t is a type alias for EsEventMmap for use in objc.Send[T] calls.

type Es_event_mount_t 

type Es_event_mount_t = EsEventMount

Es_event_mount_t is a type alias for EsEventMount for use in objc.Send[T] calls.

type Es_event_mprotect_t 

type Es_event_mprotect_t = EsEventMprotect

Es_event_mprotect_t is a type alias for EsEventMprotect for use in objc.Send[T] calls.

type Es_event_od_attribute_set_t 

type Es_event_od_attribute_set_t = EsEventOdAttributeSet

Es_event_od_attribute_set_t is a type alias for EsEventOdAttributeSet for use in objc.Send[T] calls.

type Es_event_od_attribute_value_add_t 

type Es_event_od_attribute_value_add_t = EsEventOdAttributeValueAdd

Es_event_od_attribute_value_add_t is a type alias for EsEventOdAttributeValueAdd for use in objc.Send[T] calls.

type Es_event_od_attribute_value_remove_t 

type Es_event_od_attribute_value_remove_t = EsEventOdAttributeValueRemove

Es_event_od_attribute_value_remove_t is a type alias for EsEventOdAttributeValueRemove for use in objc.Send[T] calls.

type Es_event_od_create_group_t 

type Es_event_od_create_group_t = EsEventOdCreateGroup

Es_event_od_create_group_t is a type alias for EsEventOdCreateGroup for use in objc.Send[T] calls.

type Es_event_od_create_user_t 

type Es_event_od_create_user_t = EsEventOdCreateUser

Es_event_od_create_user_t is a type alias for EsEventOdCreateUser for use in objc.Send[T] calls.

type Es_event_od_delete_group_t 

type Es_event_od_delete_group_t = EsEventOdDeleteGroup

Es_event_od_delete_group_t is a type alias for EsEventOdDeleteGroup for use in objc.Send[T] calls.

type Es_event_od_delete_user_t 

type Es_event_od_delete_user_t = EsEventOdDeleteUser

Es_event_od_delete_user_t is a type alias for EsEventOdDeleteUser for use in objc.Send[T] calls.

type Es_event_od_disable_user_t 

type Es_event_od_disable_user_t = EsEventOdDisableUser

Es_event_od_disable_user_t is a type alias for EsEventOdDisableUser for use in objc.Send[T] calls.

type Es_event_od_enable_user_t 

type Es_event_od_enable_user_t = EsEventOdEnableUser

Es_event_od_enable_user_t is a type alias for EsEventOdEnableUser for use in objc.Send[T] calls.

type Es_event_od_group_add_t 

type Es_event_od_group_add_t = EsEventOdGroupAdd

Es_event_od_group_add_t is a type alias for EsEventOdGroupAdd for use in objc.Send[T] calls.

type Es_event_od_group_remove_t 

type Es_event_od_group_remove_t = EsEventOdGroupRemove

Es_event_od_group_remove_t is a type alias for EsEventOdGroupRemove for use in objc.Send[T] calls.

type Es_event_od_group_set_t 

type Es_event_od_group_set_t = EsEventOdGroupSet

Es_event_od_group_set_t is a type alias for EsEventOdGroupSet for use in objc.Send[T] calls.

type Es_event_od_modify_password_t 

type Es_event_od_modify_password_t = EsEventOdModifyPassword

Es_event_od_modify_password_t is a type alias for EsEventOdModifyPassword for use in objc.Send[T] calls.

type Es_event_open_t 

type Es_event_open_t = EsEventOpen

Es_event_open_t is a type alias for EsEventOpen for use in objc.Send[T] calls.

type Es_event_openssh_login_t 

type Es_event_openssh_login_t = EsEventOpensshLogin

Es_event_openssh_login_t is a type alias for EsEventOpensshLogin for use in objc.Send[T] calls.

type Es_event_openssh_logout_t 

type Es_event_openssh_logout_t = EsEventOpensshLogout

Es_event_openssh_logout_t is a type alias for EsEventOpensshLogout for use in objc.Send[T] calls.

type Es_event_proc_check_t 

type Es_event_proc_check_t = EsEventProcCheck

Es_event_proc_check_t is a type alias for EsEventProcCheck for use in objc.Send[T] calls.

type Es_event_proc_suspend_resume_t 

type Es_event_proc_suspend_resume_t = EsEventProcSuspendResume

Es_event_proc_suspend_resume_t is a type alias for EsEventProcSuspendResume for use in objc.Send[T] calls.

type Es_event_profile_add_t 

type Es_event_profile_add_t = EsEventProfileAdd

Es_event_profile_add_t is a type alias for EsEventProfileAdd for use in objc.Send[T] calls.

type Es_event_profile_remove_t 

type Es_event_profile_remove_t = EsEventProfileRemove

Es_event_profile_remove_t is a type alias for EsEventProfileRemove for use in objc.Send[T] calls.

type Es_event_pty_close_t 

type Es_event_pty_close_t = EsEventPtyClose

Es_event_pty_close_t is a type alias for EsEventPtyClose for use in objc.Send[T] calls.

type Es_event_pty_grant_t 

type Es_event_pty_grant_t = EsEventPtyGrant

Es_event_pty_grant_t is a type alias for EsEventPtyGrant for use in objc.Send[T] calls.

type Es_event_readdir_t 

type Es_event_readdir_t = EsEventReaddir

Es_event_readdir_t is a type alias for EsEventReaddir for use in objc.Send[T] calls. 

type Es_event_readlink_t = EsEventReadlink

Es_event_readlink_t is a type alias for EsEventReadlink for use in objc.Send[T] calls.

type Es_event_remote_thread_create_t 

type Es_event_remote_thread_create_t = EsEventRemoteThreadCreate

Es_event_remote_thread_create_t is a type alias for EsEventRemoteThreadCreate for use in objc.Send[T] calls.

type Es_event_remount_t 

type Es_event_remount_t = EsEventRemount

Es_event_remount_t is a type alias for EsEventRemount for use in objc.Send[T] calls.

type Es_event_rename_t 

type Es_event_rename_t = EsEventRename

Es_event_rename_t is a type alias for EsEventRename for use in objc.Send[T] calls.

type Es_event_screensharing_attach_t 

type Es_event_screensharing_attach_t = EsEventScreensharingAttach

Es_event_screensharing_attach_t is a type alias for EsEventScreensharingAttach for use in objc.Send[T] calls.

type Es_event_screensharing_detach_t 

type Es_event_screensharing_detach_t = EsEventScreensharingDetach

Es_event_screensharing_detach_t is a type alias for EsEventScreensharingDetach for use in objc.Send[T] calls.

type Es_event_searchfs_t 

type Es_event_searchfs_t = EsEventSearchfs

Es_event_searchfs_t is a type alias for EsEventSearchfs for use in objc.Send[T] calls.

type Es_event_setacl_t 

type Es_event_setacl_t = EsEventSetacl

Es_event_setacl_t is a type alias for EsEventSetacl for use in objc.Send[T] calls.

type Es_event_setattrlist_t 

type Es_event_setattrlist_t = EsEventSetattrlist

Es_event_setattrlist_t is a type alias for EsEventSetattrlist for use in objc.Send[T] calls.

type Es_event_setegid_t 

type Es_event_setegid_t = EsEventSetegid

Es_event_setegid_t is a type alias for EsEventSetegid for use in objc.Send[T] calls.

type Es_event_seteuid_t 

type Es_event_seteuid_t = EsEventSeteuid

Es_event_seteuid_t is a type alias for EsEventSeteuid for use in objc.Send[T] calls.

type Es_event_setextattr_t 

type Es_event_setextattr_t = EsEventSetextattr

Es_event_setextattr_t is a type alias for EsEventSetextattr for use in objc.Send[T] calls.

type Es_event_setflags_t 

type Es_event_setflags_t = EsEventSetflags

Es_event_setflags_t is a type alias for EsEventSetflags for use in objc.Send[T] calls.

type Es_event_setgid_t 

type Es_event_setgid_t = EsEventSetgid

Es_event_setgid_t is a type alias for EsEventSetgid for use in objc.Send[T] calls.

type Es_event_setmode_t 

type Es_event_setmode_t = EsEventSetmode

Es_event_setmode_t is a type alias for EsEventSetmode for use in objc.Send[T] calls.

type Es_event_setowner_t 

type Es_event_setowner_t = EsEventSetowner

Es_event_setowner_t is a type alias for EsEventSetowner for use in objc.Send[T] calls.

type Es_event_setregid_t 

type Es_event_setregid_t = EsEventSetregid

Es_event_setregid_t is a type alias for EsEventSetregid for use in objc.Send[T] calls.

type Es_event_setreuid_t 

type Es_event_setreuid_t = EsEventSetreuid

Es_event_setreuid_t is a type alias for EsEventSetreuid for use in objc.Send[T] calls.

type Es_event_settime_t 

type Es_event_settime_t = EsEventSettime

Es_event_settime_t is a type alias for EsEventSettime for use in objc.Send[T] calls.

type Es_event_setuid_t 

type Es_event_setuid_t = EsEventSetuid

Es_event_setuid_t is a type alias for EsEventSetuid for use in objc.Send[T] calls.

type Es_event_signal_t 

type Es_event_signal_t = EsEventSignal

Es_event_signal_t is a type alias for EsEventSignal for use in objc.Send[T] calls.

type Es_event_stat_t 

type Es_event_stat_t = EsEventStat

Es_event_stat_t is a type alias for EsEventStat for use in objc.Send[T] calls.

type Es_event_su_t 

type Es_event_su_t = EsEventSu

Es_event_su_t is a type alias for EsEventSu for use in objc.Send[T] calls.

type Es_event_sudo_t 

type Es_event_sudo_t = EsEventSudo

Es_event_sudo_t is a type alias for EsEventSudo for use in objc.Send[T] calls.

type Es_event_tcc_modify_t 

type Es_event_tcc_modify_t = EsEventTccModify

Es_event_tcc_modify_t is a type alias for EsEventTccModify for use in objc.Send[T] calls.

type Es_event_trace_t 

type Es_event_trace_t = EsEventTrace

Es_event_trace_t is a type alias for EsEventTrace for use in objc.Send[T] calls.

type Es_event_truncate_t 

type Es_event_truncate_t = EsEventTruncate

Es_event_truncate_t is a type alias for EsEventTruncate for use in objc.Send[T] calls.

type Es_event_type_t added in v0.6.3 

type Es_event_type_t = EsEventType

Es_event_type_t is a C-name alias for EsEventType.

type Es_event_uipc_bind_t 

type Es_event_uipc_bind_t = EsEventUipcBind

Es_event_uipc_bind_t is a type alias for EsEventUipcBind for use in objc.Send[T] calls.

type Es_event_uipc_connect_t 

type Es_event_uipc_connect_t = EsEventUipcConnect

Es_event_uipc_connect_t is a type alias for EsEventUipcConnect for use in objc.Send[T] calls. 

type Es_event_unlink_t = EsEventUnlink

Es_event_unlink_t is a type alias for EsEventUnlink for use in objc.Send[T] calls.

type Es_event_unmount_t 

type Es_event_unmount_t = EsEventUnmount

Es_event_unmount_t is a type alias for EsEventUnmount for use in objc.Send[T] calls.

type Es_event_utimes_t 

type Es_event_utimes_t = EsEventUtimes

Es_event_utimes_t is a type alias for EsEventUtimes for use in objc.Send[T] calls.

type Es_event_write_t 

type Es_event_write_t = EsEventWrite

Es_event_write_t is a type alias for EsEventWrite for use in objc.Send[T] calls.

type Es_event_xp_malware_detected_t 

type Es_event_xp_malware_detected_t = EsEventXpMalwareDetected

Es_event_xp_malware_detected_t is a type alias for EsEventXpMalwareDetected for use in objc.Send[T] calls.

type Es_event_xp_malware_remediated_t 

type Es_event_xp_malware_remediated_t = EsEventXpMalwareRemediated

Es_event_xp_malware_remediated_t is a type alias for EsEventXpMalwareRemediated for use in objc.Send[T] calls.

type Es_event_xpc_connect_t 

type Es_event_xpc_connect_t = EsEventXPCConnect

Es_event_xpc_connect_t is a type alias for EsEventXPCConnect for use in objc.Send[T] calls.

type Es_events_t added in v0.5.1 

type Es_events_t = EsEvents

Es_events_t is a type alias for EsEvents for use in objc.Send[T] calls.

type Es_fd_t 

type Es_fd_t = EsFd

Es_fd_t is a type alias for EsFd for use in objc.Send[T] calls.

type Es_file_t 

type Es_file_t = EsFile

Es_file_t is a type alias for EsFile for use in objc.Send[T] calls.

type Es_gatekeeper_user_override_file_type_t added in v0.6.3 

type Es_gatekeeper_user_override_file_type_t = EsGatekeeperUserOverrideFileType

Es_gatekeeper_user_override_file_type_t is a C-name alias for EsGatekeeperUserOverrideFileType.

type Es_get_task_type_t added in v0.6.3 

type Es_get_task_type_t = EsGetTaskType

Es_get_task_type_t is a C-name alias for EsGetTaskType.

type Es_graphical_session_id_t 

type Es_graphical_session_id_t = EsGraphicalSessionID

Es_graphical_session_id_t is a C-name alias for EsGraphicalSessionID.

type Es_handler_block_t 

type Es_handler_block_t = EsHandlerBlock

Es_handler_block_t is a C-name alias for EsHandlerBlock.

type Es_message_t 

type Es_message_t = EsMessage

Es_message_t is a type alias for EsMessage for use in objc.Send[T] calls.

type Es_mount_disposition_t added in v0.6.3 

type Es_mount_disposition_t = EsMountDisposition

Es_mount_disposition_t is a C-name alias for EsMountDisposition.

type Es_mute_inversion_type_t added in v0.6.3 

type Es_mute_inversion_type_t = EsMuteInversionType

Es_mute_inversion_type_t is a C-name alias for EsMuteInversionType.

type Es_mute_inverted_return_t added in v0.5.3 

type Es_mute_inverted_return_t = EsMuteInvertedReturn

Es_mute_inverted_return_t is a C-name alias for EsMuteInvertedReturn.

type Es_mute_path_type_t added in v0.6.3 

type Es_mute_path_type_t = EsMutePathType

Es_mute_path_type_t is a C-name alias for EsMutePathType.

type Es_muted_path_t 

type Es_muted_path_t = EsMutedPath

Es_muted_path_t is a type alias for EsMutedPath for use in objc.Send[T] calls.

type Es_muted_paths_t 

type Es_muted_paths_t = EsMutedPaths

Es_muted_paths_t is a type alias for EsMutedPaths for use in objc.Send[T] calls.

type Es_muted_process_t 

type Es_muted_process_t = EsMutedProcess

Es_muted_process_t is a type alias for EsMutedProcess for use in objc.Send[T] calls.

type Es_muted_processes_t 

type Es_muted_processes_t = EsMutedProcesses

Es_muted_processes_t is a type alias for EsMutedProcesses for use in objc.Send[T] calls.

type Es_new_client_result_t added in v0.6.3 

type Es_new_client_result_t = EsNewClientResult

Es_new_client_result_t is a C-name alias for EsNewClientResult.

type Es_od_account_type_t added in v0.6.3 

type Es_od_account_type_t = EsOdAccountType

Es_od_account_type_t is a C-name alias for EsOdAccountType.

type Es_od_member_id_array_t 

type Es_od_member_id_array_t = EsOdMemberIDArray

Es_od_member_id_array_t is a type alias for EsOdMemberIDArray for use in objc.Send[T] calls.

type Es_od_member_id_t 

type Es_od_member_id_t = EsOdMemberID

Es_od_member_id_t is a type alias for EsOdMemberID for use in objc.Send[T] calls.

type Es_od_member_type_t added in v0.6.3 

type Es_od_member_type_t = EsOdMemberType

Es_od_member_type_t is a C-name alias for EsOdMemberType.

type Es_od_record_type_t added in v0.6.3 

type Es_od_record_type_t = EsOdRecordType

Es_od_record_type_t is a C-name alias for EsOdRecordType.

type Es_openssh_login_result_type_t added in v0.5.3 

type Es_openssh_login_result_type_t = EsOpensshLoginResultType

Es_openssh_login_result_type_t is a C-name alias for EsOpensshLoginResultType.

type Es_proc_check_type_t added in v0.6.3 

type Es_proc_check_type_t = EsProcCheckType

Es_proc_check_type_t is a C-name alias for EsProcCheckType.

type Es_proc_suspend_resume_type_t added in v0.6.3 

type Es_proc_suspend_resume_type_t = EsProcSuspendResumeType

Es_proc_suspend_resume_type_t is a C-name alias for EsProcSuspendResumeType.

type Es_process_t 

type Es_process_t = EsProcess

Es_process_t is a type alias for EsProcess for use in objc.Send[T] calls.

type Es_profile_source_t added in v0.6.3 

type Es_profile_source_t = EsProfileSource

Es_profile_source_t is a C-name alias for EsProfileSource.

type Es_profile_t 

type Es_profile_t = EsProfile

Es_profile_t is a type alias for EsProfile for use in objc.Send[T] calls.

type Es_respond_result_t added in v0.6.3 

type Es_respond_result_t = EsRespondResult

Es_respond_result_t is a C-name alias for EsRespondResult.

type Es_result_t 

type Es_result_t = EsResult

Es_result_t is a type alias for EsResult for use in objc.Send[T] calls.

type Es_result_type_t added in v0.6.3 

type Es_result_type_t = EsResultType

Es_result_type_t is a C-name alias for EsResultType.

type Es_return_t added in v0.6.3 

type Es_return_t = EsReturn

Es_return_t is a C-name alias for EsReturn.

type Es_set_or_clear_t added in v0.5.3 

type Es_set_or_clear_t = EsSetOrClear

Es_set_or_clear_t is a C-name alias for EsSetOrClear.

type Es_sha256_t 

type Es_sha256_t = EsSha256

Es_sha256_t is a C-name alias for EsSha256.

type Es_signed_file_info_t 

type Es_signed_file_info_t = EsSignedFileInfo

Es_signed_file_info_t is a type alias for EsSignedFileInfo for use in objc.Send[T] calls.

type Es_statfs_t 

type Es_statfs_t = EsStatfs

Es_statfs_t is a C-name alias for EsStatfs.

type Es_string_token_t 

type Es_string_token_t = EsStringToken

Es_string_token_t is a type alias for EsStringToken for use in objc.Send[T] calls.

type Es_sudo_plugin_type_t added in v0.6.3 

type Es_sudo_plugin_type_t = EsSudoPluginType

Es_sudo_plugin_type_t is a C-name alias for EsSudoPluginType.

type Es_sudo_reject_info_t 

type Es_sudo_reject_info_t = EsSudoRejectInfo

Es_sudo_reject_info_t is a type alias for EsSudoRejectInfo for use in objc.Send[T] calls.

type Es_tcc_authorization_reason_t added in v0.6.3 

type Es_tcc_authorization_reason_t = EsTccAuthorizationReason

Es_tcc_authorization_reason_t is a C-name alias for EsTccAuthorizationReason.

type Es_tcc_authorization_right_t added in v0.6.3 

type Es_tcc_authorization_right_t = EsTccAuthorizationRight

Es_tcc_authorization_right_t is a C-name alias for EsTccAuthorizationRight.

type Es_tcc_event_type_t added in v0.6.3 

type Es_tcc_event_type_t = EsTccEventType

Es_tcc_event_type_t is a C-name alias for EsTccEventType.

type Es_tcc_identity_type_t added in v0.6.3 

type Es_tcc_identity_type_t = EsTccIdentityType

Es_tcc_identity_type_t is a C-name alias for EsTccIdentityType.

type Es_thread_state_t 

type Es_thread_state_t = EsThreadState

Es_thread_state_t is a type alias for EsThreadState for use in objc.Send[T] calls.

type Es_thread_t 

type Es_thread_t = EsThread

Es_thread_t is a type alias for EsThread for use in objc.Send[T] calls.

type Es_token_t 

type Es_token_t = EsToken

Es_token_t is a type alias for EsToken for use in objc.Send[T] calls.

type Es_touchid_mode_t added in v0.6.3 

type Es_touchid_mode_t = EsTouchidMode

Es_touchid_mode_t is a C-name alias for EsTouchidMode.

type Es_xpc_domain_type_t added in v0.5.3 

type Es_xpc_domain_type_t = EsXPCDomainType

Es_xpc_domain_type_t is a C-name alias for EsXPCDomainType.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.