* * Added Xcode project + pods
* Cleaned up unused SNTXPCUnprivilegedControlInterface MachServices id.
* Change santad's MachServices id to be compatible with the default SystemExtension namespace template.
* pods
* bazel
* switch MachService name for 10.15+
* build with SystemExensions framework
* build with Xcode 11
* launchd.plist fix
* use @available
* * Request SystemExtension activation on a background thread.
* Create a constant for the "com.google.santa.daemon" SystemExtension id.
Add helper to make declaring unit tests easier
Add unit_tests test_suite containing all unit tests
Fix reload rule
Update to workspace-relative header locations that were missed before
This necessitated fixing some warnings, updating the resource
locations inside some tests and updating the Travis config.
I'll send a follow-up PR shortly that adds the fuzzing targets and updates the Rakefile and documentation.
* add in-kernel filemod prefix filter
* byte lookup
* added pruning and tests
* clang-format
* add TODO
* don't need seen
* review updates
* reset filter on client connect
* DisconnectClient: reset filter
AddPrefix: when a branch is needed create the whole branch immediately
* don't use strlen in HasPrefix
use strnlen in AddPrefix
up max nodes to 1024
* use new[] and delete[] for the prune "stack"
revert clang-format changes to kernel tests
remove reset node count
* words
* count not size
Add transitive whitelisting.
Binaries may be identified with WHITELIST_COMPILER rules. Any executable they output will then be marked locally with a transitive whitelist rule and allowed to run if the TransitiveWhitelistingEnabled config key is true.
santa-driver: Switch to a struct for vnode IDs, holding both the filesystem ID and vnode ID.
Also drop the separate caches for root/non-root as this doesn't offer any benefit anymore.
* SantaCache: Add santactl command to print histogram of bucket distribution.
This currently only prints the distribution of the non-root cache. In the near future I'll unify the caches again which stops this being a problem.
* First draft, no UUID caching
* Cache UUID in SNTEventLog super class
* Add a configuration flag for UUID decoration
* Port from UUID to MachineID
* KVO complicance
* Remove extra newline I accidentally introduced
* Project: Update project to Xcode 9.1 and handle all the new warnings that entails.
* Project: Add library-validation and kill flags to codesigning options
* SNTConfigurator: use mobileconfigs
* use proper key groups
* remove state
* review updates
* review updates
* SNTConfigurator: Revert any out-of-band changes to the sync state file.
* SNTConfigurator move the file watcher to santad only
* sync: start reachability handler to retry to upload blocked event when initial upload fails
* fix indentation
* store related bundle events when server connection fails
* revert SNTBundleEventAction to BOOL
* go back to using SNTBundleEventAction in reply; make sure to send reply to avoid leaks
* fix indentation
* fix indentation
* Merged similar methods into one:
* SNTSyncdQueue addBundleEvents: and addEvent: became addEvents:isFromBundle:
* SNTSyncdQueue backoffForBundleHash: and backoffForEvent: became backoffForPrimaryHash:
* SNTCommandSyncManager postBundleEventsToSyncServer: and postEventToSyncServer: became postEventsToSyncServer:isFromBundle:
* fix style issue
* simplify condition
* temporarily gutted SNTCommandFileInfo. Added SNTCommand base class for all
of the SNTCommand* classes to inherit from. Changed commands so that they
are consistently instantiated before being run, with a common init method.
* Put most of SNTCommandFileInfo functionality back in
* follow symlinks
* added -r and --recursive flags and updated help text
* moved humanReadableFileType to SNTFileInfo
* added back JSON output
* Fixed bundle info. Grab directory color from ENV variable.
* fixed indentation, moved stuff around
* Added SNTCommandFileInfo * back as parameter to property getters so that rule getter
doesn't have to be a special case any more.
* fixed code review issues
* added SNTCommand.h and SNTCommand.m to project
* added SNTCommand.m to build phases
* removed trailing spaces
* fixed tests for SNTCommandFileInfo and added a few more
* fix end-of-line comment spacing to conform to style guide
* Use NSBundle instead of NSWorkspace to determine if path is a bundle.
* added autorelease pool inside recursive search loop to fix bug where file listing
would abruptly stop after so many files with mach header related keys.
* removed directory headers. don't separate entries with newline when printing single key. format output based on max key length.
* an attempt at speeding things up. also halfway fixed broken cert-index key.
* speedups via caching MOLCodeSignChecker & not using NSMutableString append*
* fix json ouput with cert-index, single key output, & cache SHA values
* reverted back to NSMutableString for building up output, since it seems slightly better
or at least no worse than using an NSMutableArray
* Don't print empty JSON objects
* fixed non-thread-safe JSON commas
* made the print dispatch group a property so it doesn't have to be passed around
* Fixed certIndex indexing bug & better error checking when parsing --cert-index argument
* prevent unsigned int overflow
* fixed logic tests broken by objc_setAssociatedObject with nil SNTFileInfo argument
* send error output to the serial print queue
* NSBundle bundleWithPath: returns an object even for non-bundle directories, so need to also check that there's a valid bundle identifier.
* Added TODO comment and fixed formatting issues
* added cached codeSignChecker property to SNTFileInfo
* rewrote SNTFileInfo's codesignChecker method to include an error reference parameter & removed @synchronized
* Removed caching of SHA values from SNTFileInfo
* use property getter/setter to access codesignCheckerError
* Change nil NSError ** arguments to NULL
* Don't try to create a new codesignChecker if there was previously an error
* Fix NSDirectoryEnumerator memory usage & don't retain self in rule getter.
The NSStrings grabbed from the directory enumerator needed a chance to be freed.
* fixed colon alignment
Split the kernel-land cache into 2 separate caches, one for the root
volume and one for secondary volumes. When an unmount happens, clear
the non-root cache to ensure no overlap with filesystem IDs.
