Post marked as solved
Click to stop watching this thread.
You have stopped watching this post. Click to start watching again.
contentPostList.repliessolved.tooltip
I have struggled enough to drive (collect data from multiple sources) pid, gid, uid, process name out from flow metadata 'sourceAppAuditToken'. I will be really glad if below code would save time for others. I have computed said parameters for NEAppProxyTCPFlow but same cvan be done for 'NEFilerFlow::sourceAppAuditToken':extension NEAppProxyTCPFlow{ private var sourceAppAuditTokenQ: audit_token_t? { guard let tokenData = self.metaData.sourceAppAuditToken, tokenData.count == MemoryLayout<audit_token_t>.size else { return nil } return tokenData.withUnsafeBytes { buf in buf.baseAddress!.assumingMemoryBound(to: audit_token_t.self).pointee } } var pid: pid_t { return audit_token_to_pid(sourceAppAuditTokenQ!) } var uid: uid_t { return audit_token_to_ruid(sourceAppAuditTokenQ!) } var gid: gid_t { return audit_token_to_rgid(sourceAppAuditTokenQ!) } var processPath: String? { var codeQ: SecCode? = nil var err = SecCodeCopyGuestWithAttributes(nil, [kSecGuestAttributeAudit: self.metaData.sourceAppAuditToken as Any] as NSDictionary, [], &codeQ) guard err == errSecSuccess else { return nil } let code = codeQ! var staticCodeQ: SecStaticCode? = nil err = SecCodeCopyStaticCode(code, [], &staticCodeQ) // Convert that to a static code. guard err == errSecSuccess else { return nil } let staticCode = staticCodeQ! var pathCodeQ: CFURL? err = SecCodeCopyPath(staticCode, SecCSFlags(rawValue: 0), &pathCodeQ); guard err == errSecSuccess else { return nil } let posixPath = CFURLCopyFileSystemPath(pathCodeQ, CFURLPathStyle.cfurlposixPathStyle); let posixPathStr: String = (posixPath! as NSString) as String //strdup(CFStringGetCStringPtr(posixPath, CFStringBuiltInEncodings.UTF8.rawValue)); return posixPathStr }}enjoy!!!