Initial support for some scoped types (#1250)

* Add some scoped types to handle automatic releasing * style * comment typo
2026-04-24 03:00:12 -04:00 · 2023-12-05 18:51:07 -05:00
parent 2cbf15566a
commit e2e83a099c
10 changed files with 444 additions and 3 deletions
--- a/Source/common/BUILD
+++ b/Source/common/BUILD
@@ -60,6 +60,56 @@ santa_unit_test(
    ],
 )

+# This target shouldn't be used directly.
+# Use a more specific scoped type instead.
+objc_library(
+    name = "ScopedTypeRef",
+    hdrs = ["ScopedTypeRef.h"],
+    visibility = ["//Source/common:__pkg__"],
+)
+
+objc_library(
+    name = "ScopedCFTypeRef",
+    hdrs = ["ScopedCFTypeRef.h"],
+    deps = [
+        ":ScopedTypeRef",
+    ],
+)
+
+santa_unit_test(
+    name = "ScopedCFTypeRefTest",
+    srcs = ["ScopedCFTypeRefTest.mm"],
+    sdk_frameworks = [
+        "Security",
+    ],
+    deps = [
+        ":ScopedCFTypeRef",
+    ],
+)
+
+objc_library(
+    name = "ScopedIOObjectRef",
+    hdrs = ["ScopedIOObjectRef.h"],
+    sdk_frameworks = [
+        "IOKit",
+    ],
+    deps = [
+        ":ScopedTypeRef",
+    ],
+)
+
+santa_unit_test(
+    name = "ScopedIOObjectRefTest",
+    srcs = ["ScopedIOObjectRefTest.mm"],
+    sdk_frameworks = [
+        "IOKit",
+    ],
+    deps = [
+        ":ScopedIOObjectRef",
+        "//Source/santad:EndpointSecuritySerializerUtilities",
+    ],
+)
+
 objc_library(
    name = "BranchPrediction",
    hdrs = ["BranchPrediction.h"],
@@ -438,6 +488,8 @@ test_suite(
        ":SNTMetricSetTest",
        ":SNTRuleTest",
        ":SantaCacheTest",
+        ":ScopedCFTypeRefTest",
+        ":ScopedIOObjectRefTest",
    ],
    visibility = ["//:santa_package_group"],
 )
--- a/Source/common/ScopedCFTypeRef.h
+++ b/Source/common/ScopedCFTypeRef.h
@@ -0,0 +1,29 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__SCOPEDCFTYPEREF_H
+#define SANTA__COMMON__SCOPEDCFTYPEREF_H
+
+#include <CoreFoundation/CoreFoundation.h>
+
+#include "Source/common/ScopedTypeRef.h"
+
+namespace santa::common {
+
+template <typename CFT>
+using ScopedCFTypeRef = ScopedTypeRef<CFT, (CFT)NULL, CFRetain, CFRelease>;
+
+}  // namespace santa::common
+
+#endif
--- a/Source/common/ScopedCFTypeRefTest.mm
+++ b/Source/common/ScopedCFTypeRefTest.mm
@@ -0,0 +1,141 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/Security.h>
+#import <XCTest/XCTest.h>
+#include "XCTest/XCTest.h"
+
+#include "Source/common/ScopedCFTypeRef.h"
+
+using santa::common::ScopedCFTypeRef;
+
+@interface ScopedCFTypeRefTest : XCTestCase
+@end
+
+@implementation ScopedCFTypeRefTest
+
+- (void)testDefaultConstruction {
+  // Default construction creates wraps a NULL object
+  ScopedCFTypeRef<CFNumberRef> scopedRef;
+  XCTAssertFalse(scopedRef.Unsafe());
+}
+
+- (void)testOperatorBool {
+  // Operator bool is `false` when object is null
+  {
+    ScopedCFTypeRef<CFNumberRef> scopedNullRef;
+    XCTAssertFalse(scopedNullRef.Unsafe());
+    XCTAssertFalse(scopedNullRef);
+  }
+
+  // Operator bool is `true` when object is NOT null
+  {
+    int x = 123;
+    CFNumberRef numRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &x);
+
+    ScopedCFTypeRef<CFNumberRef> scopedNumRef = ScopedCFTypeRef<CFNumberRef>::Assume(numRef);
+    XCTAssertTrue(scopedNumRef.Unsafe());
+    XCTAssertTrue(scopedNumRef);
+  }
+}
+
+// Note that CFMutableArray is used for testing, even when subtypes aren't
+// needed, because it is never optimized into immortal constant values, unlike
+// other types.
+- (void)testAssume {
+  int want = 123;
+  int got = 0;
+  CFMutableArrayRef array = CFArrayCreateMutable(nullptr, /*capacity=*/0, &kCFTypeArrayCallBacks);
+
+  // Baseline state, initial retain count is 1 after object creation
+  XCTAssertEqual(1, CFGetRetainCount(array));
+
+  CFNumberRef numRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &want);
+  CFArrayAppendValue(array, numRef);
+  CFRelease(numRef);
+
+  XCTAssertEqual(1, CFArrayGetCount(array));
+
+  {
+    ScopedCFTypeRef<CFMutableArrayRef> scopedArray =
+      ScopedCFTypeRef<CFMutableArrayRef>::Assume(array);
+
+    // Ensure ownership was taken, and retain count remains unchanged
+    XCTAssertTrue(scopedArray.Unsafe());
+    XCTAssertEqual(1, CFGetRetainCount(scopedArray.Unsafe()));
+
+    // Make sure the object contains expected contents
+    CFMutableArrayRef ref = scopedArray.Unsafe();
+    XCTAssertEqual(1, CFArrayGetCount(ref));
+    XCTAssertTrue(
+      CFNumberGetValue((CFNumberRef)CFArrayGetValueAtIndex(ref, 0), kCFNumberIntType, &got));
+    XCTAssertEqual(want, got);
+  }
+}
+
+// Note that CFMutableArray is used for testing, even when subtypes aren't
+// needed, because it is never optimized into immortal constant values, unlike
+// other types.
+- (void)testRetain {
+  int want = 123;
+  int got = 0;
+  CFMutableArrayRef array = CFArrayCreateMutable(nullptr, /*capacity=*/0, &kCFTypeArrayCallBacks);
+
+  // Baseline state, initial retain count is 1 after object creation
+  XCTAssertEqual(1, CFGetRetainCount(array));
+
+  CFNumberRef numRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &want);
+  CFArrayAppendValue(array, numRef);
+  CFRelease(numRef);
+
+  XCTAssertEqual(1, CFArrayGetCount(array));
+
+  {
+    ScopedCFTypeRef<CFMutableArrayRef> scopedArray =
+      ScopedCFTypeRef<CFMutableArrayRef>::Retain(array);
+
+    // Ensure ownership was taken, and retain count was incremented
+    XCTAssertTrue(scopedArray.Unsafe());
+    XCTAssertEqual(2, CFGetRetainCount(scopedArray.Unsafe()));
+
+    // Make sure the object contains expected contents
+    CFMutableArrayRef ref = scopedArray.Unsafe();
+    XCTAssertEqual(1, CFArrayGetCount(ref));
+    XCTAssertTrue(
+      CFNumberGetValue((CFNumberRef)CFArrayGetValueAtIndex(ref, 0), kCFNumberIntType, &got));
+    XCTAssertEqual(want, got);
+  }
+
+  // The original `array` object should still be valid due to the extra retain.
+  // Ensure the retain count has decreased since `scopedArray` went out of scope
+  XCTAssertEqual(1, CFArrayGetCount(array));
+}
+
+- (void)testInto {
+  ScopedCFTypeRef<CFURLRef> scopedURLRef =
+    ScopedCFTypeRef<CFURLRef>::Assume(CFURLCreateWithFileSystemPath(
+      kCFAllocatorDefault, CFSTR("/usr/bin/true"), kCFURLPOSIXPathStyle, YES));
+
+  ScopedCFTypeRef<SecStaticCodeRef> scopedCodeRef;
+  XCTAssertFalse(scopedCodeRef);
+
+  SecStaticCodeCreateWithPath(scopedURLRef.Unsafe(), kSecCSDefaultFlags,
+                              scopedCodeRef.InitializeInto());
+
+  // Ensure the scoped object was initialized
+  XCTAssertTrue(scopedCodeRef);
+}
+
+@end
--- a/Source/common/ScopedIOObjectRef.h
+++ b/Source/common/ScopedIOObjectRef.h
@@ -0,0 +1,30 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__SCOPEDIOOBJECTREF_H
+#define SANTA__COMMON__SCOPEDIOOBJECTREF_H
+
+#include <IOKit/IOKitLib.h>
+
+#include "Source/common/ScopedTypeRef.h"
+
+namespace santa::common {
+
+template <typename IOT>
+using ScopedIOObjectRef =
+    ScopedTypeRef<IOT, (IOT)IO_OBJECT_NULL, IOObjectRetain, IOObjectRelease>;
+
+}
+
+#endif
--- a/Source/common/ScopedIOObjectRefTest.mm
+++ b/Source/common/ScopedIOObjectRefTest.mm
@@ -0,0 +1,104 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <IOKit/IOKitLib.h>
+#include <IOKit/usb/IOUSBLib.h>
+#import <XCTest/XCTest.h>
+
+#include "Source/common/ScopedIOObjectRef.h"
+#include "Source/santad/Logs/EndpointSecurity/Serializers/Utilities.h"
+
+using santa::common::ScopedIOObjectRef;
+using santa::santad::logs::endpoint_security::serializers::Utilities::GetDefaultIOKitCommsPort;
+
+@interface ScopedIOObjectRefTest : XCTestCase
+@end
+
+@implementation ScopedIOObjectRefTest
+
+- (void)testDefaultConstruction {
+  // Default construction creates wraps a NULL object
+  ScopedIOObjectRef<io_object_t> scopedRef;
+  XCTAssertFalse(scopedRef.Unsafe());
+}
+
+- (void)testOperatorBool {
+  // Operator bool is `false` when object is null
+  {
+    ScopedIOObjectRef<io_object_t> scopedNullRef;
+    XCTAssertFalse(scopedNullRef.Unsafe());
+    XCTAssertFalse(scopedNullRef);
+  }
+
+  // Operator bool is `true` when object is NOT null
+  {
+    CFMutableDictionaryRef matchingDict = IOServiceMatching(kIOUSBDeviceClassName);
+    XCTAssertNotEqual((CFMutableDictionaryRef)NULL, matchingDict);
+
+    io_service_t service = IOServiceGetMatchingService(GetDefaultIOKitCommsPort(), matchingDict);
+
+    ScopedIOObjectRef<io_service_t> scopedServiceRef =
+      ScopedIOObjectRef<io_service_t>::Assume(service);
+
+    XCTAssertTrue(scopedServiceRef.Unsafe());
+    XCTAssertTrue(scopedServiceRef);
+  }
+}
+
+- (void)testAssume {
+  CFMutableDictionaryRef matchingDict = IOServiceMatching(kIOUSBDeviceClassName);
+  XCTAssertNotEqual((CFMutableDictionaryRef)NULL, matchingDict);
+
+  io_service_t service = IOServiceGetMatchingService(GetDefaultIOKitCommsPort(), matchingDict);
+
+  // Baseline state, initial retain count is 1 after object creation
+  XCTAssertEqual(1, IOObjectGetUserRetainCount(service));
+  XCTAssertNotEqual(IO_OBJECT_NULL, service);
+
+  {
+    ScopedIOObjectRef<io_service_t> scopedIORef = ScopedIOObjectRef<io_service_t>::Assume(service);
+
+    // Ensure ownership was taken, and retain count remains unchanged
+    XCTAssertTrue(scopedIORef.Unsafe());
+    XCTAssertEqual(1, IOObjectGetUserRetainCount(scopedIORef.Unsafe()));
+    XCTAssertNotEqual(IO_OBJECT_NULL, scopedIORef.Unsafe());
+  }
+}
+
+- (void)testRetain {
+  CFMutableDictionaryRef matchingDict = IOServiceMatching(kIOUSBDeviceClassName);
+  XCTAssertNotEqual((CFMutableDictionaryRef)NULL, matchingDict);
+
+  io_service_t service = IOServiceGetMatchingService(GetDefaultIOKitCommsPort(), matchingDict);
+
+  // Baseline state, initial retain count is 1 after object creation
+  XCTAssertEqual(1, IOObjectGetUserRetainCount(service));
+  XCTAssertNotEqual(IO_OBJECT_NULL, service);
+
+  {
+    ScopedIOObjectRef<io_service_t> scopedIORef = ScopedIOObjectRef<io_service_t>::Retain(service);
+
+    // Ensure ownership was taken, and retain count was incremented
+    XCTAssertTrue(scopedIORef.Unsafe());
+    XCTAssertEqual(2, IOObjectGetUserRetainCount(scopedIORef.Unsafe()));
+    XCTAssertNotEqual(IO_OBJECT_NULL, scopedIORef.Unsafe());
+  }
+
+  // The original `service` object should still be valid due to the extra retain.
+  // Ensure the retain count has decreased since `scopedIORef` went out of scope.
+  XCTAssertEqual(1, IOObjectGetUserRetainCount(service));
+}
+
+@end
--- a/Source/common/ScopedTypeRef.h
+++ b/Source/common/ScopedTypeRef.h
@@ -0,0 +1,80 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__SCOPEDTYPEREF_H
+#define SANTA__COMMON__SCOPEDTYPEREF_H
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <assert.h>
+
+namespace santa::common {
+
+template <typename ElementT, ElementT InvalidV, auto RetainFunc,
+          auto ReleaseFunc>
+class ScopedTypeRef {
+ public:
+  ScopedTypeRef() : object_(InvalidV) {}
+
+  // Can be implemented safely, but not currently needed
+  ScopedTypeRef(ScopedTypeRef&& other) = delete;
+  ScopedTypeRef& operator=(ScopedTypeRef&& rhs) = delete;
+  ScopedTypeRef(const ScopedTypeRef& other) = delete;
+  ScopedTypeRef& operator=(const ScopedTypeRef& other) = delete;
+
+  // Take ownership of a given object
+  static ScopedTypeRef<ElementT, InvalidV, RetainFunc, ReleaseFunc> Assume(
+      ElementT object) {
+    return ScopedTypeRef<ElementT, InvalidV, RetainFunc, ReleaseFunc>(object);
+  }
+
+  // Retain and take ownership of a given object
+  static ScopedTypeRef<ElementT, InvalidV, RetainFunc, ReleaseFunc> Retain(
+      ElementT object) {
+    if (object) {
+      RetainFunc(object);
+    }
+    return ScopedTypeRef<ElementT, InvalidV, RetainFunc, ReleaseFunc>(object);
+  }
+
+  ~ScopedTypeRef() {
+    if (object_) {
+      ReleaseFunc(object_);
+      object_ = InvalidV;
+    }
+  }
+
+  explicit operator bool() { return object_ != InvalidV; }
+
+  ElementT Unsafe() { return object_; }
+
+  // This is to be used only to take ownership of objects that are created by
+  // pass-by-pointer create functions. The object must not already be valid.
+  // In non-opt builds, this is enforced by an assert that will terminate the
+  // process.
+  ElementT* InitializeInto() {
+    assert(object_ == InvalidV);
+    return &object_;
+  }
+
+ private:
+  // Not API.
+  // Use Assume or Retain static methods.
+  ScopedTypeRef(ElementT object) : object_(object) {}
+
+  ElementT object_;
+};
+
+}  // namespace santa::common
+
+#endif
--- a/Source/santad/BUILD
+++ b/Source/santad/BUILD
@@ -21,6 +21,9 @@ objc_library(
    name = "SNTRuleTable",
    srcs = ["DataLayer/SNTRuleTable.m"],
    hdrs = ["DataLayer/SNTRuleTable.h"],
+    sdk_dylibs = [
+        "EndpointSecurity",
+    ],
    deps = [
        ":SNTDatabaseTable",
        "//Source/common:Platform",
@@ -475,7 +478,6 @@ objc_library(
        "bsm",
    ],
    deps = [
-        ":EndpointSecurityEnrichedTypes",
        ":EndpointSecurityMessage",
        ":SNTDecisionCache",
        "//Source/common:SantaCache",
--- a/Source/santad/Logs/EndpointSecurity/Serializers/Utilities.h
+++ b/Source/santad/Logs/EndpointSecurity/Serializers/Utilities.h
@@ -59,6 +59,8 @@ NSString *MountFromName(NSString *path);
 es_file_t *GetAllowListTargetFile(
  const santa::santad::event_providers::endpoint_security::Message &msg);

+const mach_port_t GetDefaultIOKitCommsPort();
+
 }  // namespace santa::santad::logs::endpoint_security::serializers::Utilities

 #endif
--- a/Source/santad/Logs/EndpointSecurity/Serializers/Utilities.mm
+++ b/Source/santad/Logs/EndpointSecurity/Serializers/Utilities.mm
@@ -80,7 +80,7 @@ NSString *OriginalPathForTranslocation(const es_process_t *es_proc) {
  return [origURL path];
 }

-static inline const mach_port_t GetDefaultIOKitCommsPort() {
+const mach_port_t GetDefaultIOKitCommsPort() {
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
  return kIOMasterPortDefault;
--- a/Source/santad/SNTCompilerController.mm
+++ b/Source/santad/SNTCompilerController.mm
@@ -132,7 +132,8 @@ static constexpr std::string_view kIgnoredCompilerProcessPathPrefix = "/dev/";
  NSError *error = nil;
  SNTFileInfo *fi = [[SNTFileInfo alloc] initWithEndpointSecurityFile:targetFile error:&error];
  if (error) {
-    LOGD(@"Unable to create SNTFileInfo while attempting to create transitive rule. Event: %d | Path: %@ | Error: %@",
+    LOGD(@"Unable to create SNTFileInfo while attempting to create transitive rule. Event: %d | "
+         @"Path: %@ | Error: %@",
         (int)esMsg->event_type, @(targetFile->path.data), error);
    return;
  }