Hi,
We have been using kauth_listen_scope KAUTH_SCOPE_VNODE. We are planning to start implementing end point security. Earlier as a part of auth_allow, we were using certain parameters from vnode structure to allow or deny an operation. What will be the alternative now in endpoint security? Or is it possible to have a kernel extension just to fetch the vnode of the file from the endpoint security application? Or is there a better way to proceed?
Also is it possible to have kext and system extensions as a part of the same application?
Thanks
We have been using kauth_listen_scope KAUTH_SCOPE_VNODE. We are planning to start implementing end point security. Earlier as a part of auth_allow, we were using certain parameters from vnode structure to allow or deny an operation. What will be the alternative now in endpoint security? Or is it possible to have a kernel extension just to fetch the vnode of the file from the endpoint security application? Or is there a better way to proceed?
Also is it possible to have kext and system extensions as a part of the same application?
Thanks