Folks,
We had a kext, where I handled KAUTHVNODEREADATTRIBUTES using VNODE listener to capture CD/DVD activities.
Context:: We used to get an unique event for KAUTHVNODEREADATTRIBUTES, when a file / doc is copied to CDROM ( and the system creates an Alias )...
When I map this to ESEVENTTYPEAUTHGETATTRLIST, I get about 8 or so events in this auth type. File attributes are 1 or 0, except one more value ( it looks like pid )
How am I going to map to a single event?
The action we want to take is once per file/doc. But where can we get some detail about these events ( of same event type ), so we can isolate one from other ...
TAI,
We had a kext, where I handled KAUTHVNODEREADATTRIBUTES using VNODE listener to capture CD/DVD activities.
Context:: We used to get an unique event for KAUTHVNODEREADATTRIBUTES, when a file / doc is copied to CDROM ( and the system creates an Alias )...
When I map this to ESEVENTTYPEAUTHGETATTRLIST, I get about 8 or so events in this auth type. File attributes are 1 or 0, except one more value ( it looks like pid )
How am I going to map to a single event?
The action we want to take is once per file/doc. But where can we get some detail about these events ( of same event type ), so we can isolate one from other ...
TAI,
Pro