How to get thread id from es_message_t?

Privacy & Security General
blknit OP
Created Jun ’20
Replies 3
Boosts 0
Views 519
Participants 2
Right now I am going to build a service which using endpoint-security client api.

I see that I can get the the process id by pid_t pid = audit_token_to_pid(message->process->audit_token);. But I want to get the thread id of the process which try to access the file system. Is there any way I can get it?

Replies  3
Boosts  0
Views  519
Participants  2
Security Engineer OP
Apple
Jun ’20
We do not currently support this but can consider it. Can you please submit a radar request?

I would also be curious about your use case - what are you trying to do with this information?
2
blknit OP
Jun ’20
Thanks for your reply. I need the thread ID because in the before we manage the access request based on threads. So we allow/block by thread ID. right now I moved to EndpointSecurity I want to keep the mechanism as the same as the old one. Because we have some customer that already use it in a long time. I don't want to disturb them for this changes. I guess it may let them redesign their code which need make a lot of works. So please consider it. thanks so much.

BTW how to submit a radar request?
0
Security Engineer OP
Apple
Jun ’20
You can use the feedback assistant here: https://developer.apple.com/bug-reporting/

1
How to get thread id from es_message_t?
First post date Last post date
 
 
Q