* WIP Clean syncs now leave non-transitive rules by default
* WIP Get existing tests compiling and passing
* Remove clean all sync server key. Basic tests.
* Add SNTConfiguratorTest, test deprecated key migration
* Revert changes to santactl status output
* Add new preflight response sync type key, lots of tests
* Rework configurator flow a bit so calls cannot be made out of order
* Comment clean sync states. Test all permutations.
* Update docs for new sync keys
* Doc updates as requested in PR
* Make santactl status always print out transitive rule status even when not using a sync service.
* Fix typo in SNTCommandRule.m.
* Updated JSON values to put transitive_rules in the daemon section.
* Add missing config keys
* Use more consistent wording
* More consistent whitespace
* Reorder constants to appropriate section groups
* Update docs/deployment/configuration.md
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
---------
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
* Ignore TID/SID rules for dev signed code
* Handle code paths from santactl
* Don't bother evaluating isProdSignedCallback if not necessary
* PR feedback. Link to docs.
* WIP add config support to filter logged entitlements
* Add EntitlementInfo proto message to store if entitlements were filtered
* Log cleanup
* Address PR feedback
* Address PR feedback
GoogleTest when built with GTEST_HAS_ABSL fails to convert these strings
to a `std::string_view`. Lets instead explicitly convert them to a
`std::string_view`.
Add support for logging when codesigning has become invalidated for a process.
This adds support to the Recorder to log when codesigning is invalidated as reported by the Endpoint Security Framework's
ES_EVENT_TYPE_NOTIFY_CS_INVALIDATED event.
* Fix issue preventing rule import / export from working.
* Removed unused --json option from help string.
* Document that import and export as taking a path argument.
Previously the sync command required root in order to establish a connection to santad with enough privilege to use the XPC methods for adding rules. Now that santasyncservice exists this requirement is no longer necessary and there is no risk in allowing unprivileged users to initiate a sync.
We still ensure that privileges are dropped, just in case someone does execute as root.
* Allow per-policy and per-rule FAA URL and button text
* Add format string support to the custom URL. Added SNTBlockMessageTest.
* Add event URL to TTY message.
* Allow rule specific policy to "clear" global to remove buttons for the rule
* Remove extra beta label for FAA
* Support new config (and sync config) option to override file access action.
* Adopt override action config in file access client
* Add sync service and file access client tests
* Require override action to be specific values. Add new sync setting to docs.
* WIP: UI: open cert modal, hookup silence checkbox. Add cert helper funcs.
* Popup dialog on file access violation. Support config-based and custom messages.
* Send message to TTY on file access rule violation
* TTYWriter Write now takes an es_process_t. Fix async data lifespan issue.
* Dedupe TTY message printing per process per rule
* Some minor swift beautification
* Remove main app from dock when showing file access dialog
* Update header docs
* Remove define guards for ObjC header file
* Update Source/common/CertificateHelpers.h
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Fix comment typo
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Use #import for ObjC headers
* Use #import for ObjC header
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* lint
* Comment use of escape sequences
---------
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Bump bazel and build_bazel_rules_apple versions
* Minor change in Source dir to trigger github build actions
* Declare some archives higher up due to deps changes
