github/santa
1
1
Fork 0
mirror of https://github.com/google/santa.git synced 2026-04-24 03:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
894 Commits 2 Branches 101 Tags
1.11
Commit Graph

283 Commits

Author SHA1 Message Date
Tom Burgin
09655df8fc com.google.santa.daemon: reorder cleanup() (#448) 
* com.google.santa.daemon: reorder cleanup()

* version bump
 2020-02-26 15:13:51 -05:00
Tom Burgin
7504cd36e1 Simplify install scripts (#447) 
* installer to respect EnableSystemExtension

* conform
 2020-02-26 12:58:12 -05:00
Tom Burgin
ac07f5d54b santad: add prefixes on a background thread (#444) 
* add prefixes on a background thread

* version bump
 2020-02-21 16:54:42 -05:00
Tom Burgin
d116f7b01e santad: wait for driver connection before adding prefix filters (#443) 
* wait for driver connection before adding prefix filters

* version bump

* fix travis build
 2020-02-21 14:58:12 -05:00
Tom Burgin
63ca34bc54 santad: fix launch path and args for loading the system extension (#442) 
* missing /

* version bump

* that was close
 2020-02-20 20:01:42 -05:00
Tom Burgin
24854d4ad7 Config: EnableSystemExtension option (#438) 
* Config: add EnableSystemExtension option

* format

* i don't trust kvo

* review updates
 2020-02-18 17:48:06 -05:00
Russell Hancox
c05806916b santad: Add config flag to block all binaries with bad signatures. (#434) 
* santad: Add option to block all binaries with bad signatures.
 2020-02-10 13:45:22 -05:00
Russell Hancox
e48ce0cfe3 santad: Move signature fetching into SNTPolicyProcessor (#433) 
This also removes an unnecessary hash, checks code signatures on non-MachO files (which is rare but possible) and fixes a rare crash in EndpointSecurityManager
 2020-02-07 14:32:00 -05:00
Tom Burgin
d1d008af0a don't log TRUNCATE and don't log fileops from com.google.santa.daemon (#428) 
* don't log TRUNCATE and don't log fileops from com.google.santa.daemon

* review updates
 2019-12-20 14:00:16 -05:00
Tom Burgin
5db56e01f5 cleanup 10.14 -> 10.15 upgrade artifacts (#427) 
* cleanup 10.14 -> 10.15 upgrade artifacts

* exit exit

* exit exit
 2019-12-19 15:56:59 -05:00
Tom Burgin
726c49bec5 com.google.santa.daemon: handle es deadline (#426) 
* com.google.santa.daemon: deny execs that are about to exceed the es deadline

* update comment

* actually handle the deadline
 2019-12-16 13:03:20 -05:00
Tom Burgin
ae5db5dde7 com.google.santa.daemon: lookup the tty for deny decisions before posting the decision (#425) 2019-12-13 15:24:21 -05:00
Tom Burgin
70c8626016 fix com.google.santa.daemon path for critical system binary checking (#423) 2019-12-12 11:41:16 -05:00
Tom Burgin
436c472a49 es event provider: support transitive whitelisting (#422) 
* es event provider: support transitive whitelisting

* remove vector

* truncate check

* consistent log style

* review updates
 2019-12-12 11:30:05 -05:00
Tom Burgin
ed5be6b062 com.google.santa.daemon: async es message handling (#421) 
* fix Santa.xcodeproj

* com.google.santa.daemon: some es tweaks

* review updates
 2019-12-09 11:21:12 -05:00
Russell Hancox
c6e1bb5618 santad: Fix Apple-cert trust 2019-11-25 19:31:51 -05:00
Russell Hancox
b8f3122ee9 santad: Don't need macos_command_line_application anymore 2019-11-08 22:22:09 -05:00
Russell Hancox
25b75b0e1b santad: Re-work targets to avoid unnecessary postprocessing 2019-11-08 22:22:09 -05:00
Russell Hancox
cb01b77f84 Project: no longer need to move the embedded provisionprofile 2019-11-08 22:22:09 -05:00
Russell Hancox
61582a0324 Project: standardize Info.plist and entitlement paths 2019-11-08 22:22:09 -05:00
Russell Hancox
a17b5d51a4 Project: more BUILD file cleanups, remove commented provisioning_profile attrs 2019-11-08 22:22:09 -05:00
Russell Hancox
447ea8674b Project: run buildifier on all bazel files, fix typo (#405) 2019-11-08 22:22:09 -05:00
Russell Hancox
1870631150 Project: Update bazel rules for endpointsec (#403) 2019-11-08 22:22:09 -05:00
Russell Hancox
20ed1659c1 santad: Don't store rules for santad/launchd, keep in-mem (#402) 2019-11-08 22:22:09 -05:00
Tom Burgin
258de3efba handle all ACTION_RESPOND_* (#401) 2019-11-08 22:22:09 -05:00
Tom Burgin
394fd5fab9 add required santad entitlements (#400) 2019-11-08 22:22:09 -05:00
Russell Hancox
53b7ef86ed santad: Log file changes, use prefix trees (#398) 2019-11-08 22:22:09 -05:00
Russell Hancox
423479771e santad: Use args from endpointsecurity rather than using the sysctl (#396) 
This should be much more reliable and, in theory, faster.
 2019-11-08 22:22:09 -05:00
Tom Burgin
933271826b simplify santabundleservice xpc connection protocol (#397) 
* simplify santabundleservice xpc connection protocol

* fix BUILD deps

* fix BUILD deps

* know
 2019-11-08 22:22:09 -05:00
Russell Hancox
e58ec37881 santad: Fix BUILD after moving EventProviders (#394) 2019-11-08 22:22:09 -05:00
Russell Hancox
9db9fc6009 santad: Move event providers into a new group, make ES connection logic smarter (#392) 2019-11-08 22:22:09 -05:00
Russell Hancox
f38c030805 Add file IDs to messages (#391) 2019-11-08 22:22:09 -05:00
Tom Burgin
d8060d3af9 update component paths (#390) 2019-11-08 22:22:09 -05:00
Russell Hancox
34b4090b42 Project: fix some new Xcode11 warnings (#389) 2019-11-08 22:22:09 -05:00
Tom Burgin
c6ca3d64b3 add SNTEventProvider interface (#388) 
* Add SNTEventProvider interface

* execution controller test should use the event provider interface

* * Xcode project: Use manual signing
* SNTEndpointSecurityManager: Don't cache deny decisions
* Review updates

* review updates
 2019-11-08 22:22:09 -05:00
Tom Burgin
4913426631 * Added Xcode project + pods (#387) 
* * Added Xcode project + pods
* Cleaned up unused SNTXPCUnprivilegedControlInterface MachServices id.
* Change santad's MachServices id to be compatible with the default SystemExtension namespace template.

* pods

* bazel

* switch MachService name for 10.15+

* build with SystemExensions framework

* build with Xcode 11

* launchd.plist fix

* use @available

* * Request SystemExtension activation on a background thread.
* Create a constant for the "com.google.santa.daemon" SystemExtension id.
 2019-11-08 22:22:09 -05:00
ancdesign
7ef88d06a5 fix typo (inital -> intial) (#378) 2019-07-29 08:29:04 -04:00
Russell Hancox
bc82d7988b santad: Add /usr/lib/dyld to critical system binaries (#376) 
dyld is also authorized by santad and a bad cache eviction plus trustd/ocspd not running can result in deadlock.

Fixes #375, probably.
 2019-07-22 17:05:34 -04:00
Tom Burgin
e8826a2941 add licenses and default_visibility to each BUILD file (#345) 
* add licenses and default_visibility to each BUILD file

* remove default_visibility the bins are public

* oops
 2019-02-15 11:03:28 -05:00
Tom Burgin
ef040c1e7d resurrect action=BUNDLE logs (#344) 
They were lost in the refactoring of the logging utility 4a2cf9d722.
 2019-02-11 13:46:37 -05:00
Russell Hancox
dc692c8256 Project: Move tests with the code they're testing (#343) 
Add helper to make declaring unit tests easier
Add unit_tests test_suite containing all unit tests
Fix reload rule
Update to workspace-relative header locations that were missed before
 2019-02-06 15:09:09 -05:00
Russell Hancox
e9c7bfc087 Project: Make all imports workspace-relative, remove include attributes from all rules. (#339) 2019-01-22 14:24:11 -05:00
Russell Hancox
22c72625c8 Project: Split BUILD file into several. Part 1/3 (#338) 
* Project: Split BUILD file into several. Part 1/3

The tests fail in this PR because the rules need updating. I'll fix them in a follow-up PR.
 2019-01-22 12:06:48 -05:00
Russell Hancox
e6fcbf59df Proj: Convert to Bazel build, remove other build systems. (#326) 
This necessitated fixing some warnings, updating the resource
locations inside some tests and updating the Travis config.

I'll send a follow-up PR shortly that adds the fuzzing targets and updates the Rakefile and documentation.
 2018-12-14 11:57:32 -05:00
Tom Burgin
2695355dd2 add in-kernel filemod prefix filter (#313) 
* add in-kernel filemod prefix filter

* byte lookup

* added pruning and tests

* clang-format

* add TODO

* don't need seen

* review updates

* reset filter on client connect

* DisconnectClient: reset filter
AddPrefix: when a branch is needed create the whole branch immediately

* don't use strlen in HasPrefix
use strnlen in AddPrefix
up max nodes to 1024

* use new[] and delete[] for the prune "stack"
revert clang-format changes to kernel tests
remove reset node count

* words

* count not size
 2018-11-08 15:37:30 -05:00
Russell Hancox
91608d7366 santad: Document implicit rule ordering (#315) 
Also add a test to ensure this doesn't change one day without us noticing
 2018-11-02 12:12:19 -04:00
Tom Burgin
01df4623c7 santa-driver: add back the root and non-root caches (#302) 
* santa-driver: add back the root and non-root caches

* cachehistogram: clarify buckets and entries

* review changes
 2018-09-26 12:41:04 -04:00
Tom Burgin
c9cb91a22e ocspd also seems integral to cs validation (#301) 2018-09-26 08:45:39 -04:00
Russell Hancox
1f9d60aecc common: Allow transitive whitelisting to be controlled by sync servers. (#300) 
Also rename TransitiveWhitelistingEnabled -> EnableTransitiveWhitelisting and BundlesEnabled -> EnableBundles
 2018-09-26 08:43:31 -04:00
Tom Burgin
90b894b88a santad: add critical system binaries (#296) 
* santad: add critical system binaries

* review updates

* use a getter
 2018-09-20 17:17:12 -04:00