pread can return less than the chunk size (e.g. signal caught in the
middle) and hence we need to handle it. This change also cleans up the
hash function and makes it more performant.
- Use fcntl to disable cache and issue an advisory read
- Increase default chunk size from 4KB to 256KB
- Use pread to read from file descriptor, rather than make NSData objects
This is ~15% faster.
OSDictionary is not well-suited to our needs and locking is quite expensive.
This commit:
+ Replaces all uses of OSDictionary with a new SantaCache class, which
is a size-limited array hash table with per-bucket locking. It works with
uint64_t keys, which is perfect for our needs.
+ Adds a unit test for SantaCache.
+ Removes SantaCachedDecision and SantaPIDAndPPID, which only existed
because OSDictionary can only store OSObject subclasses.
+ Removes a lot of locking logic from SantaDecisionManager as the
locking is now handled inside SantaCache and is therefore and is
much more granular.
+ Removes the timed cache expiration for ALLOW decisions. This was
originally to ensure executions were logged regularly but as we're
logging all executions nowadays this is longer particularly useful.
SantaCache's configured load factor and hashing function may need tweaking
over-time but this is already a little faster and uses less memory
than what existed before.
Move common request generating and performing code into a common
superclass.
Add code to handle XSSI in JSON responses and support XSRF
tokens via headers.
Adds tests, finally.
Changes preflight hostname to be long instead of short
Sometimes the GUI isn't running. Sometimes the user is using SSH. Either way, printing a message to the TTY of the parent of the just denied process is user-friendly.
Previously SNTXPCConnection had two-way validation which, due to the method of
implementation, forced a client to connect to a server straight away. Once that
was removed, it meant invalidationHandlers aren't called if either end dies
before the connection is established.
This also puts back the acceptedHandler, which can be used to know when the
connection has finished being established (particularly useful on the server
side), updates the __weak stuff to use WEAKIFY/STRONGIFY macros (and now
actually switch them back to strong within each block) and make the
tests a lot better by using in-process anonymousListener's rather than
lots of mocking.
