I use sample code from [https://developer.apple.com/documentation/endpointsecurity/client?language=objc]
but replace ES_EVENT_TYPE_AUTH_EXEC to ES_EVENT_TYPE_AUTH_OPEN, this is the full code:
int main(int argc, const char** argv) {
@autoreleasepool {
es_client_t *client = NULL;
es_new_client_result_t newClientResult =
es_new_client(&client,
^(es_client_t * client, const es_message_t * message) {
switch (message->event_type) {
case ES_EVENT_TYPE_AUTH_OPEN:
printf("auth open\n");
es_respond_auth_result(client, message, ES_AUTH_RESULT_ALLOW, true);
break;
default:
panic("Found unexpected event type: %i", message->event_type);
break;
}
});
// Handle any errors encountered while creating the client.
switch (newClientResult) {
case ES_NEW_CLIENT_RESULT_SUCCESS:
// Client created successfully; continue.
break;
case ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED:
panic("Extension is missing entitlement.");
break;
case ES_NEW_CLIENT_RESULT_ERR_NOT_PRIVILEGED:
panic ("Extension is not running as root.");
break;
case ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED:
// Prompt user to perform Transparency, Consent,
// and Control (TCC) approval.
// This error is recoverable; the user can try again after
// approving the TCC prompt.
// return YOUR_NEW_CLIENT_ERROR_CODE_PROMPT_TCC;
break;
case ES_NEW_CLIENT_RESULT_ERR_INVALID_ARGUMENT:
panic ("Invalid argument to es_new_client(); client or handler was null.");
break;
case ES_NEW_CLIENT_RESULT_ERR_TOO_MANY_CLIENTS:
panic ("Exceeded maximum number of simultaneously-connected ES clients.");
break;
case ES_NEW_CLIENT_RESULT_ERR_INTERNAL:
panic ("Failed to connect to the Endpoint Security subsystem.");
break;
}
// Subscribe the client to the ES_EVENT_TYPE_AUTH_EXEC event.
// When the client receives a message with this event type, it must authorize
// (allow or deny) the event.
es_event_type_t eventTypes[1] = { ES_EVENT_TYPE_AUTH_OPEN };
es_return_t subscribeResult = es_subscribe(client, eventTypes, sizeof(eventTypes));
if (subscribeResult != ES_RETURN_SUCCESS) {
panic ("Client failed to subscribe to event.");
}
NSRunLoop *runLoop = [NSRunLoop currentRunLoop];
[runLoop run];
}
}
I run this code in xcode, then mouse cursor be a colorful circle and rotating, application exited after about 10 seconds, xcode print:
Message from debugger: Terminated due to signal 9
Program ended with exit code: 9
if I subscribe ES_EVENT_TYPE_NOTIFY_OPEN ES_EVENT_TYPE_NOTIFY_CLOSE, it works.
What can I do for fix this?
jiayi_wu_
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution