osquery-1/osquery/tables/system/darwin/acpi_tables.cpp

/*
 *  Copyright (c) 2014, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree. An additional grant 
 *  of patent rights can be found in the PATENTS file in the same directory.
 *
 */

#include <CoreFoundation/CoreFoundation.h>
#include <IOKit/IOKitLib.h>

#include <osquery/hash.h>
#include <osquery/tables.h>

#include "osquery/core/conversions.h"

namespace osquery {
namespace tables {

#define kIOACPIClassName_ "AppleACPIPlatformExpert"

void genACPITable(const void *key, const void *value, void *results) {
  Row r;

  r["name"] = stringFromCFString((CFStringRef)key);

  auto data = (CFDataRef)value;
  auto length = CFDataGetLength(data);
  r["length"] = INTEGER(length);
  r["md5"] =
      osquery::hashFromBuffer(HASH_TYPE_MD5, CFDataGetBytePtr(data), length);

  ((QueryData *)results)->push_back(r);
}

QueryData genACPITables(QueryContext& context) {
  QueryData results;

  auto matching = IOServiceMatching(kIOACPIClassName_);
  if (matching == nullptr) {
    // No ACPI platform expert service found.
    return {};
  }

  auto service = IOServiceGetMatchingService(kIOMasterPortDefault, matching);
  if (service == 0) {
    return {};
  }

  CFTypeRef table = IORegistryEntryCreateCFProperty(service, CFSTR("ACPI Tables"), kCFAllocatorDefault, 0);
  if (table == nullptr) {
    return {};
  }

  CFDictionaryApplyFunction((CFDictionaryRef)table, genACPITable, &results);

  IOObjectRelease(service);
  return results;
}
}
}
ACPI tables for OSX 2015-01-16 05:37:02 +00:00			`/*`
			`* Copyright (c) 2014, Facebook, Inc.`
			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD-style license found in the`
			`* LICENSE file in the root directory of this source tree. An additional grant`
			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*`
			`*/`

			`#include <CoreFoundation/CoreFoundation.h>`
			`#include <IOKit/IOKitLib.h>`

Update the md5 hashing callsites 2015-01-20 22:52:07 +00:00			`#include <osquery/hash.h>`
ACPI tables for OSX 2015-01-16 05:37:02 +00:00			`#include <osquery/tables.h>`

			`#include "osquery/core/conversions.h"`

			`namespace osquery {`
			`namespace tables {`

			`#define kIOACPIClassName_ "AppleACPIPlatformExpert"`

			`void genACPITable(const void key, const void value, void *results) {`
			`Row r;`

			`r["name"] = stringFromCFString((CFStringRef)key);`

			`auto data = (CFDataRef)value;`
			`auto length = CFDataGetLength(data);`
			`r["length"] = INTEGER(length);`
Update the md5 hashing callsites 2015-01-20 22:52:07 +00:00			`r["md5"] =`
			`osquery::hashFromBuffer(HASH_TYPE_MD5, CFDataGetBytePtr(data), length);`
ACPI tables for OSX 2015-01-16 05:37:02 +00:00
			`((QueryData *)results)->push_back(r);`
			`}`

			`QueryData genACPITables(QueryContext& context) {`
			`QueryData results;`

			`auto matching = IOServiceMatching(kIOACPIClassName_);`
			`if (matching == nullptr) {`
			`// No ACPI platform expert service found.`
			`return {};`
			`}`

			`auto service = IOServiceGetMatchingService(kIOMasterPortDefault, matching);`
			`if (service == 0) {`
			`return {};`
			`}`

			`CFTypeRef table = IORegistryEntryCreateCFProperty(service, CFSTR("ACPI Tables"), kCFAllocatorDefault, 0);`
			`if (table == nullptr) {`
			`return {};`
			`}`

			`CFDictionaryApplyFunction((CFDictionaryRef)table, genACPITable, &results);`

			`IOObjectRelease(service);`
			`return results;`
			`}`
			`}`
			`}`