When enqueue'ing on the decision data queue, if the queue is full the new message will overwrite the oldest. In this scenario it's possible for that overwritten request to get stuck in an infinite loop - as far as the driver is concerned there's a request pending that the driver should be picking up and responding to but the daemon has never actually received the request. The only way out of this loop is for the file being executed to be written to. This change adds an expiration to pending requests (of 5s) so that if this scenario were to happen the pending request would be removed, breaking out of the inner decision loop to the outer loop where the request is sent to the daemon.
This change also removes a pointless dequeue in the log queue, it was intended to try and help reduce the queue size to get logs flowing again but it doesn't really help.
Change the signature of the set method in SantaCache so that it takes an
optional previous-value parameter (and a bool indicating that this value
has been provided). If previous-value is provided, set becomes a
compare-and-swap. Also provide 2 overloads for a cleaner interface, one
with and without the previous-value parameter.
Only calculate root FSID during daemon connection. If daemon is running
there must be a root filesystem. Also check return values just in case.
Check vnode_id has been determined in VnodeCallback and SantaDriverClient
methods so that it doesn't need to be checked anywhere else.
Split the kernel-land cache into 2 separate caches, one for the root
volume and one for secondary volumes. When an unmount happens, clear
the non-root cache to ensure no overlap with filesystem IDs.
This is a generated xcconfig in the Rakefile which gets included by the project
to set the DEVELOPMENT_TEAM key to keep Xcode 8 happy. The development team is
figured based on the available “Mac Developer” certificate.
Also update the way SantaCache declares a ‘zero’ value, update the
OCMock pod and add a few missing includes.
1. Don't RemoveFromCache for advisory access by santad itself.
2. wakeup sleeping threads when removing from cache
3. Move the vnode type check earlier in the process for the vnode scope
* santa-driver: Log when client connects (we already log disconnect)
* santad: Move a couple of NSMutableDictionary uses over to NSCache, add type info.
SantaDriverClient was implemented to have static functions that call instance
methods passing appropriate arguments. While this works and is 'technically correct' (best kind),
it's a bit messy and hard to read.
+ Added check that per_bucket is >=1 and reduced max from 126 to 64.
+ Added note about cache reset above set method
+ Moved modulo into the hash function
OSDictionary is not well-suited to our needs and locking is quite expensive.
This commit:
+ Replaces all uses of OSDictionary with a new SantaCache class, which
is a size-limited array hash table with per-bucket locking. It works with
uint64_t keys, which is perfect for our needs.
+ Adds a unit test for SantaCache.
+ Removes SantaCachedDecision and SantaPIDAndPPID, which only existed
because OSDictionary can only store OSObject subclasses.
+ Removes a lot of locking logic from SantaDecisionManager as the
locking is now handled inside SantaCache and is therefore and is
much more granular.
+ Removes the timed cache expiration for ALLOW decisions. This was
originally to ensure executions were logged regularly but as we're
logging all executions nowadays this is longer particularly useful.
SantaCache's configured load factor and hashing function may need tweaking
over-time but this is already a little faster and uses less memory
than what existed before.
It turns out that the KAUTH_FILEOP_CLOSE action is not used when the kernel automatically closes file descriptors for exiting processes. Some things, like dd, don't close their file descriptors and let the kernel do it for them which we were previously missing.
Put a R/W lock around vnode_pid_map_ to prevent use-after-free.
Create SantaPIDAndPPID to use instead of creating and then scanning strings.
Also rename SantaMessage -> SantaCachedDecision, as that's what it is.
