mirrors
/
OverSight
mirror of https://github.com/objective-see/OverSight.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improved parsing of log data, to improve detection(s)

This commit is contained in:
Patrick Wardle 2022-12-04 13:40:06 -10:00
parent bc629287de
commit dac55f007a
2 changed files with 1 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Application/Application/AVMonitor.m
View File

@ -222,7 +222,7 @@ extern os_log_t logHandle;
}
//audit token of item?
if(YES == [line hasPrefix:@"auditToken = "])
if(YES == [line containsString:@"<BSAuditToken:"])
{
//pid extraction regex
NSRegularExpression* regex = nil;

34
Application/Application/main.m
View File

@ -10,40 +10,6 @@
//FOR LOGGING:
// % log stream --level debug --predicate="subsystem='com.objective-see.oversight'"
/*
Server data changed for media domain: <STMediaStatusDomainData: 0x12db069e0> {
audioAttributions = <STActivityAttributionCatalog: 0x12db05cf0> {
};
cameraAttributions = <STListData: 0x12db05290> {
<STMediaStatusDomainCameraCaptureAttribution: 0x12da088c0> {
cameraDescriptor = <STMediaStatusDomainCameraDescriptor: 0x12da088e0; cameraIdentifier: EAB7A68F-EC2B-4487-AADF-D8A91C1CB782; eligibleForPrivacyIndicator: NO>;
activityAttribution = <STActivityAttribution: 0x12da08850> {
attributedEntity = <STAttributedEntity: 0x12da092a0> {
executableIdentity = <STExecutableIdentity: 0x12da08fc0> {
auditToken = <BSAuditToken: 0x12da092e0; AUID: 501; EUID: 501; EGID: 20; RUID: 501; RGID: 20; PID: 72414; ASID: 100004; PIDVersion: 445476>;
};
websiteNonNil = NO;
systemService = NO;
};
};
};
<STMediaStatusDomainCameraCaptureAttribution: 0x12db06370> {
cameraDescriptor = <STMediaStatusDomainCameraDescriptor: 0x12db06390; cameraIdentifier: EAB7A68F-EC2B-4487-AADF-D8A91C1CB782; eligibleForPrivacyIndicator: NO>;
activityAttribution = <STActivityAttribution: 0x12db056f0> {
attributedEntity = <STAttributedEntity: 0x12db04ed0> {
executableIdentity = <STExecutableIdentity: 0x12db04f10> {
auditToken = <BSAuditToken: 0x12db06470; AUID: 501; EUID: 501; EGID: 20; RUID: 501; RGID: 20; PID: 72396; ASID: 100004; PIDVersion: 445425>;
};
websiteNonNil = NO;
systemService = NO;
};
};
};
};
*/
@import Cocoa;
@import OSLog;