* SNTConfigurator: use mobileconfigs
* use proper key groups
* remove state
* review updates
* review updates
* SNTConfigurator: Revert any out-of-band changes to the sync state file.
* SNTConfigurator move the file watcher to santad only
When enqueue'ing on the decision data queue, if the queue is full the new message will overwrite the oldest. In this scenario it's possible for that overwritten request to get stuck in an infinite loop - as far as the driver is concerned there's a request pending that the driver should be picking up and responding to but the daemon has never actually received the request. The only way out of this loop is for the file being executed to be written to. This change adds an expiration to pending requests (of 5s) so that if this scenario were to happen the pending request would be removed, breaking out of the inner decision loop to the outer loop where the request is sent to the daemon.
This change also removes a pointless dequeue in the log queue, it was intended to try and help reduce the queue size to get logs flowing again but it doesn't really help.
* sync: start reachability handler to retry to upload blocked event when initial upload fails
* fix indentation
* store related bundle events when server connection fails
* revert SNTBundleEventAction to BOOL
* go back to using SNTBundleEventAction in reply; make sure to send reply to avoid leaks
* fix indentation
* fix indentation
* Merged similar methods into one:
* SNTSyncdQueue addBundleEvents: and addEvent: became addEvents:isFromBundle:
* SNTSyncdQueue backoffForBundleHash: and backoffForEvent: became backoffForPrimaryHash:
* SNTCommandSyncManager postBundleEventsToSyncServer: and postEventToSyncServer: became postEventsToSyncServer:isFromBundle:
* fix style issue
* simplify condition
* stub code for bundle notifications with new rules info
* get bundle rule count info from each rule, rather than initial FCM message
* Replace string literals with constants
* only update pendingNotifications for whitelist rules
* use pre-existing string constants as dictionary keys
* Remove processed entries from the notifications dictionary after we're done with them.
* fix indentation
* replace kRuleBundleHash with kFileBundleHash
* enforce serial access to the whitelistNotifications dictionary
* clarify comment
* fix queue spelling and better comments
* temporarily gutted SNTCommandFileInfo. Added SNTCommand base class for all
of the SNTCommand* classes to inherit from. Changed commands so that they
are consistently instantiated before being run, with a common init method.
* Put most of SNTCommandFileInfo functionality back in
* follow symlinks
* added -r and --recursive flags and updated help text
* moved humanReadableFileType to SNTFileInfo
* added back JSON output
* Fixed bundle info. Grab directory color from ENV variable.
* fixed indentation, moved stuff around
* Added SNTCommandFileInfo * back as parameter to property getters so that rule getter
doesn't have to be a special case any more.
* fixed code review issues
* added SNTCommand.h and SNTCommand.m to project
* added SNTCommand.m to build phases
* removed trailing spaces
* fixed tests for SNTCommandFileInfo and added a few more
* fix end-of-line comment spacing to conform to style guide
* Use NSBundle instead of NSWorkspace to determine if path is a bundle.
* added autorelease pool inside recursive search loop to fix bug where file listing
would abruptly stop after so many files with mach header related keys.
* removed directory headers. don't separate entries with newline when printing single key. format output based on max key length.
* an attempt at speeding things up. also halfway fixed broken cert-index key.
* speedups via caching MOLCodeSignChecker & not using NSMutableString append*
* fix json ouput with cert-index, single key output, & cache SHA values
* reverted back to NSMutableString for building up output, since it seems slightly better
or at least no worse than using an NSMutableArray
* Don't print empty JSON objects
* fixed non-thread-safe JSON commas
* made the print dispatch group a property so it doesn't have to be passed around
* Fixed certIndex indexing bug & better error checking when parsing --cert-index argument
* prevent unsigned int overflow
* fixed logic tests broken by objc_setAssociatedObject with nil SNTFileInfo argument
* send error output to the serial print queue
* NSBundle bundleWithPath: returns an object even for non-bundle directories, so need to also check that there's a valid bundle identifier.
* Added TODO comment and fixed formatting issues
* added cached codeSignChecker property to SNTFileInfo
* rewrote SNTFileInfo's codesignChecker method to include an error reference parameter & removed @synchronized
* Removed caching of SHA values from SNTFileInfo
* use property getter/setter to access codesignCheckerError
* Change nil NSError ** arguments to NULL
* Don't try to create a new codesignChecker if there was previously an error
* Fix NSDirectoryEnumerator memory usage & don't retain self in rule getter.
The NSStrings grabbed from the directory enumerator needed a chance to be freed.
* fixed colon alignment
Change the signature of the set method in SantaCache so that it takes an
optional previous-value parameter (and a bool indicating that this value
has been provided). If previous-value is provided, set becomes a
compare-and-swap. Also provide 2 overloads for a cleaner interface, one
with and without the previous-value parameter.
Only calculate root FSID during daemon connection. If daemon is running
there must be a root filesystem. Also check return values just in case.
Check vnode_id has been determined in VnodeCallback and SantaDriverClient
methods so that it doesn't need to be checked anywhere else.
Split the kernel-land cache into 2 separate caches, one for the root
volume and one for secondary volumes. When an unmount happens, clear
the non-root cache to ensure no overlap with filesystem IDs.
The changes to bundle scanning mean this key isn't really necessary anymore - if a server supports bundles it tells the client during preflight, this in turn causes bundle hashes to be generated and these are used in place of the file hash when generating a detail URL. Keying bundles off the ID and version was never really a good idea anyway.
