The fileinfo tests didn't work on BigSur because of some path and binary changes.
Also, the embeddedPlist method didn't work on fat binaries, of which there are now
many, because of M1 machines. I think we didn't notice this before because we pull
the embedded plist from the first arch listed in the headers dict which generally
seemed to pick x86_64 first but with the arm64/arm64e option being added
that now appears first.
Also fixed some errors handling 32-bit segment/sections and added a test for this.
Added support for %hostname%, %uuid% and %serial% to eventDetailURLForEvent to provide additional system information for blocked events & updated documentation references for supported URL params.
This also removes an unnecessary hash, checks code signatures on non-MachO files (which is rare but possible) and fixes a rare crash in EndpointSecurityManager
* * Added Xcode project + pods
* Cleaned up unused SNTXPCUnprivilegedControlInterface MachServices id.
* Change santad's MachServices id to be compatible with the default SystemExtension namespace template.
* pods
* bazel
* switch MachService name for 10.15+
* build with SystemExensions framework
* build with Xcode 11
* launchd.plist fix
* use @available
* * Request SystemExtension activation on a background thread.
* Create a constant for the "com.google.santa.daemon" SystemExtension id.
Add helper to make declaring unit tests easier
Add unit_tests test_suite containing all unit tests
Fix reload rule
Update to workspace-relative header locations that were missed before
This necessitated fixing some warnings, updating the resource
locations inside some tests and updating the Travis config.
I'll send a follow-up PR shortly that adds the fuzzing targets and updates the Rakefile and documentation.
* add in-kernel filemod prefix filter
* byte lookup
* added pruning and tests
* clang-format
* add TODO
* don't need seen
* review updates
* reset filter on client connect
* DisconnectClient: reset filter
AddPrefix: when a branch is needed create the whole branch immediately
* don't use strlen in HasPrefix
use strnlen in AddPrefix
up max nodes to 1024
* use new[] and delete[] for the prune "stack"
revert clang-format changes to kernel tests
remove reset node count
* words
* count not size
Add transitive whitelisting.
Binaries may be identified with WHITELIST_COMPILER rules. Any executable they output will then be marked locally with a transitive whitelist rule and allowed to run if the TransitiveWhitelistingEnabled config key is true.
