* Remove use of entitlements field for santad
* Create a local keychain instead of using the system keychain and drop sudo from most of the build stages
This refactors the SNTFormat tests to use the SNTMetricSet to generate the
test data. This keeps the metric service and the SNTMetricSet in sync and
reduces repeated data.
Initial commit of santametricservice.
The santametricservice is an XPC helper service to write metrics. It consists of Formatters and Writers. This initial commit only has support for the rawJSON format and writing to a file.
This is a new daemon to be included. Docs and packaging will be updated in future PRs.
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Added types for recording and storing performance metrics.
This adds SNTMetricSet and various gauge and counter types to allow for
exporting metrics such as CPU,Memory usage and other properties that are useful
for tracking reliability and debugging.
This is the first commit of a series to add support for monitoring systems.
Co-authored-by: Kent Ma <tnek@google.com>
* Reorder init lists for -Wreorder-init-lists
* Add nullability annotations to the rest of EndpointSecurityTestUtil
* Added fake uses for -Wunused-variable
* Corrected signed/unsigned int conversions in SNTPrefixTree
* Explicitly convert implicit conversions in Santacache
* Set bazelrc to -Werror -Wall
* Include SNTEndpointSecurityManagerTest in the main test_suite and clean it up.
This commit (1) adds es_unsubscribe and es_delete_client to our ESF shim
to fix the test segfaulting, and (2) cleans up the unit tests themselves by
breaking out the timeout test from the regular unlink test
This adds a full functional test for starting up an SNTApplication
(with as few mocks as possible) and executing it with a directly
recorded & collected EndpointSecurity event.
This also fixes a potential race condition and segfault on Santa startup: due
to es_subscribe being called first, it's possible for an es event to arrive
before listenForDecisionRequests or listenForLogRequests are called,
causing the SNTEndpointSecurityManager callbacks to call a nil pointer.
This fixes transitive allowlisting when `EnableSysxCache` is turned on, reduces the deadline timer to fire 5s before the ES deadline, remaps our DEBUG logs to NOTICE so they can be more easily seen in Console and prevents transitive rules being created for paths under /dev/.
The fileinfo tests didn't work on BigSur because of some path and binary changes.
Also, the embeddedPlist method didn't work on fat binaries, of which there are now
many, because of M1 machines. I think we didn't notice this before because we pull
the embedded plist from the first arch listed in the headers dict which generally
seemed to pick x86_64 first but with the arm64/arm64e option being added
that now appears first.
Also fixed some errors handling 32-bit segment/sections and added a test for this.
