Hi, I would like to know if there is another way to implement when inserting data before the read/write system call when SIP is turned on.
I've tried Endpoint Security, but it only receives notifications of read/write operations and does not allow me to insert the data I want before reading/writing.
(I first did this in kext via kauth_listen_scope, but it's been disabled since 10.15.)
Can anyone point me in the right direction? I'd appreciate it so much!
I would like to know if there is another way to implement when inserting data before the read/write system call
I don’t understand what you mean by “inserting data” in this context. Can you clarify your requirements?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I want to …
macOS has no facilities for getting your code to run on the I/O path like that.
Are you targeting files on a specific volume? Or do you want to be able to do this with any file on any volume?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I want to be able to do this with any file on any volume.
In that case I don’t think we have a solution for you. My only advice is that you file an enhancement request with a detailed discussion of your requirements.
Please post your bug number, just for the record.
I can still use
kauth_listen_scopefor this
To be clear, this was not an intended use case for Kauth [1], so it’s understandable that, say, Endpoint Security, doesn’t allow for it.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Quoting Technote 2127 Kernel Authorization:
[Kauth] allows third party kernel developers to authorize actions within the kernel, modify authorization decisions, and extend the kernel's authorization landscape. It can also be used as a notification mechanism.
