* * Added Xcode project + pods
* Cleaned up unused SNTXPCUnprivilegedControlInterface MachServices id.
* Change santad's MachServices id to be compatible with the default SystemExtension namespace template.
* pods
* bazel
* switch MachService name for 10.15+
* build with SystemExensions framework
* build with Xcode 11
* launchd.plist fix
* use @available
* * Request SystemExtension activation on a background thread.
* Create a constant for the "com.google.santa.daemon" SystemExtension id.
This necessitated fixing some warnings, updating the resource
locations inside some tests and updating the Travis config.
I'll send a follow-up PR shortly that adds the fuzzing targets and updates the Rakefile and documentation.
* SantaPrefixTree: Fix a threading bug.
Tests: Add logic tests for SantaPrefixTree.
* clean up
* don't ifdef so much
* more #define less #ifdef
* less lambda more of rah's ideas
* add in-kernel filemod prefix filter
* byte lookup
* added pruning and tests
* clang-format
* add TODO
* don't need seen
* review updates
* reset filter on client connect
* DisconnectClient: reset filter
AddPrefix: when a branch is needed create the whole branch immediately
* don't use strlen in HasPrefix
use strnlen in AddPrefix
up max nodes to 1024
* use new[] and delete[] for the prune "stack"
revert clang-format changes to kernel tests
remove reset node count
* words
* count not size
Add transitive whitelisting.
Binaries may be identified with WHITELIST_COMPILER rules. Any executable they output will then be marked locally with a transitive whitelist rule and allowed to run if the TransitiveWhitelistingEnabled config key is true.
This change does 2 major things:
1) Makes the test runnable from within Xcode, unloading any running
santad and santa-driver, loading the just-built driver from the same folder and
then running each test.
2) Makes each test responsible for declaring what should happen to
incoming requests from the driver, instead of keeping all of that
code near the top of the file. This makes each test much clearer in what
should be happening.
santa-driver: Switch to a struct for vnode IDs, holding both the filesystem ID and vnode ID.
Also drop the separate caches for root/non-root as this doesn't offer any benefit anymore.
* SantaCache: Add santactl command to print histogram of bucket distribution.
This currently only prints the distribution of the non-root cache. In the near future I'll unify the caches again which stops this being a problem.
* Project: Update project to Xcode 9.1 and handle all the new warnings that entails.
* Project: Add library-validation and kill flags to codesigning options
* temporarily gutted SNTCommandFileInfo. Added SNTCommand base class for all
of the SNTCommand* classes to inherit from. Changed commands so that they
are consistently instantiated before being run, with a common init method.
* Put most of SNTCommandFileInfo functionality back in
* follow symlinks
* added -r and --recursive flags and updated help text
* moved humanReadableFileType to SNTFileInfo
* added back JSON output
* Fixed bundle info. Grab directory color from ENV variable.
* fixed indentation, moved stuff around
* Added SNTCommandFileInfo * back as parameter to property getters so that rule getter
doesn't have to be a special case any more.
* fixed code review issues
* added SNTCommand.h and SNTCommand.m to project
* added SNTCommand.m to build phases
* removed trailing spaces
* fixed tests for SNTCommandFileInfo and added a few more
* fix end-of-line comment spacing to conform to style guide
* Use NSBundle instead of NSWorkspace to determine if path is a bundle.
* added autorelease pool inside recursive search loop to fix bug where file listing
would abruptly stop after so many files with mach header related keys.
* removed directory headers. don't separate entries with newline when printing single key. format output based on max key length.
* an attempt at speeding things up. also halfway fixed broken cert-index key.
* speedups via caching MOLCodeSignChecker & not using NSMutableString append*
* fix json ouput with cert-index, single key output, & cache SHA values
* reverted back to NSMutableString for building up output, since it seems slightly better
or at least no worse than using an NSMutableArray
* Don't print empty JSON objects
* fixed non-thread-safe JSON commas
* made the print dispatch group a property so it doesn't have to be passed around
* Fixed certIndex indexing bug & better error checking when parsing --cert-index argument
* prevent unsigned int overflow
* fixed logic tests broken by objc_setAssociatedObject with nil SNTFileInfo argument
* send error output to the serial print queue
* NSBundle bundleWithPath: returns an object even for non-bundle directories, so need to also check that there's a valid bundle identifier.
* Added TODO comment and fixed formatting issues
* added cached codeSignChecker property to SNTFileInfo
* rewrote SNTFileInfo's codesignChecker method to include an error reference parameter & removed @synchronized
* Removed caching of SHA values from SNTFileInfo
* use property getter/setter to access codesignCheckerError
* Change nil NSError ** arguments to NULL
* Don't try to create a new codesignChecker if there was previously an error
* Fix NSDirectoryEnumerator memory usage & don't retain self in rule getter.
The NSStrings grabbed from the directory enumerator needed a chance to be freed.
* fixed colon alignment
* santabs: Create Santa Bundle Service
* common: SNTXPCConnection add initClientWithServiceName:
* santad: add logic for blocked bundles
* SantaGUI: add ui elements and xpc connections to / from santabs
* santactl/sync: add api features for syncing bundle events
* santactl/bundleinfo: add bundleinfo command for debug builds
* common: prefer bundle hash over file hash for event urls
* common: remove syncBackoff property - this is now handled in santactl sync
* common: add properties to support the bundle event api
* common: find a bundle from a nested binary
* review updates
* sane bundle hash time outs
* post rebase updates
* post review updates
This is a generated xcconfig in the Rakefile which gets included by the project
to set the DEVELOPMENT_TEAM key to keep Xcode 8 happy. The development team is
figured based on the available “Mac Developer” certificate.
Also update the way SantaCache declares a ‘zero’ value, update the
OCMock pod and add a few missing includes.
* Partial Revert of "Project: Update project files for Xcode 8 (#105)"
Building with Xcode 8 (and specifically the 10.12 SDK) breaks logging on
10.12 and on top of that some tests don't pass while working perfectly
fine on 10.11. For now, we'll just continue building with 7.3.1.
* README: Add note about building with Xcode 7.3.1
OSDictionary is not well-suited to our needs and locking is quite expensive.
This commit:
+ Replaces all uses of OSDictionary with a new SantaCache class, which
is a size-limited array hash table with per-bucket locking. It works with
uint64_t keys, which is perfect for our needs.
+ Adds a unit test for SantaCache.
+ Removes SantaCachedDecision and SantaPIDAndPPID, which only existed
because OSDictionary can only store OSObject subclasses.
+ Removes a lot of locking logic from SantaDecisionManager as the
locking is now handled inside SantaCache and is therefore and is
much more granular.
+ Removes the timed cache expiration for ALLOW decisions. This was
originally to ensure executions were logged regularly but as we're
logging all executions nowadays this is longer particularly useful.
SantaCache's configured load factor and hashing function may need tweaking
over-time but this is already a little faster and uses less memory
than what existed before.
