This includes:
* All of the code in Source/santa_driver containing the kernel extension
* The SNTDriverManager event provider
* All workflows in our CI related to testing if the driver builds
* Installation of the driver in install.sh. Note that code uninstalling existing instances of the driver is still intentionally kept present.
* Kernel extension-specific build rules
* Renames SNTKernelCommon to SNTCommon
* Driver version output from santactl version
* The [SNTConfigurator EnableSystemExtension] configuration key
* Initial protobuf support, maildir logging
Fix build issues in the integration test
Deduped some test code
Formatting
Address feedback from draft PR
Removed legacy labels. Updated docs.
Add in metrics. Fix protobuf logging test.
* Now use the Any proto for the LogBatch wrapper
* Changes based on PR feedback
* Added gauge metrics for spool dir
* Formatting
* Add event time to proto
* Fix build issue after rebase
* Update BUILD rules
* Updated language around protobuf logging to mark as beta
* Add a USB device blocking popup.
* Refactor SNTNotificationManager and SNTMessageWindowController to make
for generalized notification logic
* Add the configuration keys for custom block messages and resize window
* santad: only store events if there is a sync server configured
* SNTExecutionControllerTest stub sync server
Co-authored-by: Tom Burgin <bur@chromium.org>
* Conf: Delete and clean-up ASL conf, enable signaling on newsyslog.conf.
The ASL config is a remnant from when Santa did all logging via ASL before Apple deprecated ASL and replaced it with ULS, which doesn't allow redirecting messages to a file. The old config wasn't causing any problems except that it was handling battling newsyslog for rotation and had different parameters.
The signal change in the newsyslog.conf causes newsyslog to fallback on sending a (harmless) SIGHUP to syslogd, which has no effect on Santa except it also triggers a 10s sleep inside newsyslog between renaming the old file and beginning the compression, which is plenty of time for santad to notice the rename and start writing new logs to the newer file.
* USB mass storage blocking.
* Add the sync service and config key for enabling mass USB storage blocking
* Update docs with the sync service key
* Add ability to forcibly remount USBs with different flags
* update EndpointSecurityTestUtil and tests that use it to properly handle multiple ES clients
Remove the check for export metrics in santad
Metrics are always collected but only exported to a monitoring system when all of the necessary config options are set. Since they're always collected santactl metrics should always return metrics data.
* sync: move sync code from santactl dir to santasyncservice dir
* clang-format
* fix tests
* s/SNTCommandSync/SNTSync
* s/SNTCommandSync/SNTSync on content
