hi all, If I have my custom extension, How do I restrict access of my extension only to my APP. I don't want to use remote setting. I want my APP to collect data and send to my server. any suggestions/ pointers?

I don’t understand this question. Can you describe more?

I have some APP specific data which I want to share with other applications. I created osquery extension, so that other applications can query my APP specific data. But i do not want to expose that data to anyone and everyone. I want to give access only to whitelisted applications. Does that help @seph

osquery doesn’t really have access controls, per se. But there are all the underlying OS permissions.

sephkolide osquery doesn’t really have access controls, per se. But there are all the underlying OS permissions. dipti: Agree. So if I understand correctly, extension withing itself runs as a process and listens on socket. To start with, I was trying to add some SSL handshake on socket, some process which has keys can only connect to socket of extension. But if i understand correctly, external process connects on unix socket of osqueryd and then osqueryd connects with extensions socket. i do not want to add that SSL configuration to complete osqueryd because there might be some other extensions loaded by osqueryd which does not need SSL. Do I make sense? sephkolide The part that confusions me, is how osquery fits in. How are applications using osquery to get this data at all? dipti: My extension does IPC with my process to fetch data. That all looks ok for now. You may assume that extension table has all required data. sephkolide Is there an osqueryi invocation? Is there an osqueryd running somewhere? How is the underlying data protected? If don’t want appX to access it, what’s preventing it from hitting the underlying API directly? dipti: nothing is preventing for now. That is my question, how do I prevent it :)

The extension runs on a process and communicates by socket, yes. But that’s lauched by osquery. (usually)

@Arun Thotta here this