github/santa
1
1
Fork 0
mirror of https://github.com/google/santa.git synced 2026-04-24 03:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

santad: Stop ignoring CSInfoPlistFailed (#204)

Browse Source 
It is too broad a check for the few false positive events we have seen.
This commit is contained in:
Tom Burgin
2017-09-14 12:45:07 -04:00
committed by GitHub
parent ff5a92772b
commit 1c95e8e25c
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Source/santad/SNTExecutionController.m
View File

@@ -106,11 +106,8 @@
NSError *csError;
MOLCodesignChecker *csInfo = [[MOLCodesignChecker alloc] initWithBinaryPath:binInfo.path
error:&csError];
// We specifically ignore CSInfoPlistFailed (-67030) as it sometimes appears spuriously
// when trying to validate a binary separately from its bundle.
if (csError && csError.code != errSecCSInfoPlistFailed) {
csInfo = nil;
}
// Ignore codesigning if there are any errors with the signature.
if (csError) csInfo = nil;
// Actually make the decision.
SNTCachedDecision *cd = [self.policyProcessor decisionForFileInfo:binInfo