sync: Permit XSRF header between sync stages/sessions (#1081)

Make the sync client content encoding a tunable.

This makes the sync client's content encoding a tunable so that it can be
compatible with more sync servers.

Removed the "backwards compatibility" config option.

---------

Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>

.allstar/binary_artifacts.yaml

@@ -0,0 +1,19 @@
+# Ignore reason: These crafted binaries are used in tests
+ignorePaths:
+- Fuzzing/common/MachOParse_corpus/ret0
+- Source/common/testdata/bad_pagezero
+- Source/common/testdata/missing_pagezero
+- Source/common/testdata/missing_pagezero
+- Source/common/testdata/missing_pagezero
+- Source/common/testdata/32bitplist
+- Source/common/testdata/BundleExample.app/Contents/MacOS/BundleExample
+- Source/common/testdata/DirectoryBundle/Contents/MacOS/DirectoryBundle
+- Source/common/testdata/DirectoryBundle/Contents/Resources/BundleExample.app/Contents/MacOS/BundleExample
+- Source/santad/testdata/binaryrules/badbinary
+- Source/santad/testdata/binaryrules/goodbinary
+- Source/santad/testdata/binaryrules/badcert
+- Source/santad/testdata/binaryrules/banned_teamid_allowed_binary
+- Source/santad/testdata/binaryrules/banned_teamid
+- Source/santad/testdata/binaryrules/goodcert
+- Source/santad/testdata/binaryrules/noop
+- Source/santad/testdata/binaryrules/rules.db

.bazelrc

@@ -0,0 +1,42 @@
+build --apple_generate_dsym --define=apple.propagate_embedded_extra_outputs=yes
+
+build --copt=-Werror
+build --copt=-Wall
+build --copt=-Wno-error=deprecated-declarations
+build --per_file_copt=.*\.mm\$@-std=c++17
+build --cxxopt=-std=c++17
+
+build --copt=-DSANTA_OPEN_SOURCE=1
+build --cxxopt=-DSANTA_OPEN_SOURCE=1
+
+# Many config options for sanitizers pulled from
+# https://github.com/protocolbuffers/protobuf/blob/main/.bazelrc
+build:san-common --strip=never
+build:san-common --copt="-Wno-macro-redefined"
+build:san-common --copt="-D_FORTIFY_SOURCE=0"
+build:san-common --copt="-O1"
+build:san-common --copt="-fno-omit-frame-pointer"
+
+build:asan --config=san-common
+build:asan --copt="-fsanitize=address"
+build:asan --copt="-DADDRESS_SANITIZER"
+build:asan --linkopt="-fsanitize=address"
+build:asan --test_env="ASAN_OPTIONS=log_path=/tmp/san_out"
+
+build:tsan --config=san-common
+build:tsan --copt="-fsanitize=thread"
+build:tsan --copt="-DTHREAD_SANITIZER=1"
+build:tsan --linkopt="-fsanitize=thread"
+build:tsan --test_env="TSAN_OPTIONS=log_path=/tmp/san_out:halt_on_error=true"
+
+build:ubsan --config=san-common
+build:ubsan --copt="-fsanitize=undefined"
+build:ubsan --copt="-DUNDEFINED_SANITIZER=1"
+build:ubsan --copt="-fno-sanitize=function" --copt="-fno-sanitize=vptr"
+build:ubsan --linkopt="-fsanitize=undefined"
+build:ubsan --test_env="UBSAN_OPTIONS=log_path=/tmp/san_out"
+
+build:fuzz --config=san-common
+build:fuzz --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:libfuzzer
+build:fuzz --@rules_fuzzing//fuzzing:cc_engine_instrumentation=libfuzzer
+build:fuzz --@rules_fuzzing//fuzzing:cc_engine_sanitizer=asan

.bazelversion

@@ -0,0 +1 @@
+5.3.0

.clang-format

@@ -0,0 +1,32 @@
+Language: ObjC
+BasedOnStyle: Google
+
+IndentWidth: 2
+ObjCBlockIndentWidth: 2
+ContinuationIndentWidth: 2
+
+# For ObjC, the line limit is 100
+ColumnLimit: 100
+
+# Allow short case statements to be on a single line
+AllowShortCaseLabelsOnASingleLine: true
+
+AllowShortLoopsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: Inline
+
+# Allow spaces in NSArray/NSDictionary literals @[ and @{
+SpacesInContainerLiterals: true
+
+# For pointers, always put the * next to the variable name.
+DerivePointerAlignment: false
+PointerAlignment: Right
+
+
+---
+Language: Cpp
+Standard: Cpp11
+
+BasedOnStyle: Google
+
+# For C++, the line limit is 80
+ColumnLimit: 80

.github/workflows/check-markdown.yml

@@ -0,0 +1,14 @@
+name: Check Markdown
+
+on:
+  pull_request:
+    paths:
+      - "**.md"
+
+jobs:
+  markdown-check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - uses: gaurav-nelson/github-action-markdown-link-check@v1
+    - run: "! git grep -EIn $'[ \t]+$' -- ':(exclude)*.patch'"

.github/workflows/ci.yml

@@ -0,0 +1,56 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - 'Source/**'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'Source/**'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run linters
+        run: ./Testing/lint.sh
+
+  build_userspace:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-11, macos-12]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build Userspace
+        run: bazel build --apple_generate_dsym -c opt :release --define=SANTA_BUILD_TYPE=adhoc
+
+  unit_tests:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-11, macos-12]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run All Tests
+        run: bazel test :unit_tests --define=SANTA_BUILD_TYPE=adhoc --test_output=errors
+
+  test_coverage:
+    runs-on: macos-11
+    steps:
+      - uses: actions/checkout@v3
+      - name: Generate test coverage
+        run: sh ./generate_cov.sh
+      - name: Coveralls
+        uses: coverallsapp/github-action@master
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          path-to-lcov: ./bazel-out/_coverage/_coverage_report.dat
+          flag-name: Unit

.github/workflows/continuous.yml

@@ -0,0 +1,13 @@
+name: continuous
+on:
+  schedule:
+    - cron: '0 10 * * *' # Every day at 10:00 UTC
+  workflow_dispatch:  # Allows you to run this workflow manually from the Actions tab
+
+jobs:
+  preqs:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Checks for flaky tests
+        run: bazel test --test_strategy=exclusive --test_output=errors --runs_per_test 50 -t- :unit_tests --define=SANTA_BUILD_TYPE=adhoc

.github/workflows/e2e.yml

@@ -0,0 +1,41 @@
+name: E2E
+
+on: workflow_dispatch
+
+jobs:
+  start_vm:
+    runs-on: e2e-host
+    steps:
+      - uses: actions/checkout@v3
+      - name: Start VM
+        run: python3 Testing/integration/actions/start_vm.py macOS_12.bundle.tar.gz
+
+  integration:
+    runs-on: e2e-vm
+    env:
+      VM_PASSWORD: ${{ secrets.VM_PASSWORD }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install configuration profile
+        run: bazel run //Testing/integration:install_profile -- Testing/integration/configs/default.mobileconfig
+      - name: Add homebrew to PATH
+        run: echo "/opt/homebrew/bin/" >> $GITHUB_PATH
+      - name: Build, install, and start moroz
+        run: |
+          bazel build @com_github_groob_moroz//cmd/moroz:moroz
+          cp bazel-bin/external/com_github_groob_moroz/cmd/moroz/moroz_/moroz /tmp/moroz
+          /tmp/moroz -configs="$GITHUB_WORKSPACE/Testing/integration/configs/moroz_default/global.toml" -use-tls=false &
+      - name: Build, install, and sync santa
+        run: |
+          bazel run :reload --define=SANTA_BUILD_TYPE=adhoc
+          bazel run //Testing/integration:allow_sysex
+          sudo santactl sync --debug
+      - name: Run integration test binaries
+        run: bazel test //Testing/integration:integration_tests
+      - name: Test config changes
+        run: ./Testing/integration/test_config_changes.sh
+      - name: Test sync server changes
+        run: ./Testing/integration/test_sync_changes.sh
+      - name: Poweroff
+        if: ${{ always() }}
+        run: sudo shutdown -h +1

.github/workflows/fuzz.yml

@@ -0,0 +1,35 @@
+name: Fuzzing
+
+on:
+  schedule:
+    - cron: '0 6 * * *' # Every day at 6:00 UTC
+  workflow_dispatch:  # Allows you to run this workflow manually from the Actions tab
+
+jobs:
+  start_vm:
+    runs-on: e2e-host
+    steps:
+      - uses: actions/checkout@v3
+      - name: Start VM
+        run: python3 Testing/integration/actions/start_vm.py macOS_13.bundle.tar.gz
+
+  fuzz:
+    runs-on: e2e-vm
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup libfuzzer
+        run: Fuzzing/install_libclang_fuzzer.sh
+      - name: Fuzz
+        run: |
+          for target in $(bazel query 'kind(fuzzing_launcher, //Fuzzing:all)'); do
+            bazel run --config=fuzz $target -- -- -max_len=32768 -runs=1000000 -timeout=5
+          done
+      - name: Upload crashes
+        uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: artifacts
+          path: /tmp/fuzzing/artifacts
+      - name: Poweroff VM
+        if: ${{ always() }}
+        run: sudo shutdown -h +1

.github/workflows/sanitizers.yml

@@ -0,0 +1,30 @@
+name: sanitizers
+on:
+  schedule:
+    - cron: '0 16 * * *'
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: macos-latest
+    strategy:
+      matrix:
+        sanitizer: [asan, tsan, ubsan]
+    steps:
+      - uses: actions/checkout@v3
+      - name: ${{ matrix.sanitizer }}
+        run: |
+          CLANG_VERSION=$(clang --version | head -n 1 | cut -d' ' -f 4)
+          DYLIB_PATH="$(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.${{ matrix.sanitizer }}_osx_dynamic.dylib"
+
+          bazel test --config=${{ matrix.sanitizer }} \
+            --test_strategy=exclusive --test_output=all \
+            --test_env=DYLD_INSERT_LIBRARIES=${DYLIB_PATH} \
+            --runs_per_test 5 -t- :unit_tests \
+            --define=SANTA_BUILD_TYPE=adhoc
+      - name: Upload logs
+        uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: logs
+          path: /tmp/san_out*

.gitignore

@@ -1,5 +1,20 @@
 .DS_Store
-Build
+*.profraw
+*.provisionprofile
+bazel-*
 Pods
-Santa.xcodeproj/xcuserdata
-Santa.xcodeproj/project.xcworkspace
+Santa.xcodeproj/*
+Santa.xcworkspace/*
+CoverageData/*
+*.tulsiconf-user
+xcuserdata
+tulsigen-*
+*.crt
+*.key
+*.pem
+*.p12
+*.keychain
+*.swp
+compile_commands.json
+.cache/
+.vscode/*

.pylintrc

@@ -0,0 +1,429 @@
+# This Pylint rcfile contains a best-effort configuration to uphold the
+# best-practices and style described in the Google Python style guide:
+#   https://google.github.io/styleguide/pyguide.html
+#
+# Its canonical open-source location is:
+#   https://google.github.io/styleguide/pylintrc
+
+[MASTER]
+
+# Files or directories to be skipped. They should be base names, not paths.
+ignore=third_party
+
+# Files or directories matching the regex patterns are skipped. The regex
+# matches against base names, not paths.
+ignore-patterns=
+
+# Pickle collected data for later comparisons.
+persistent=no
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Use multiple processes to speed up Pylint.
+jobs=4
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
+confidence=
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+#enable=
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once).You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use"--disable=all --enable=classes
+# --disable=W"
+disable=abstract-method,
+        apply-builtin,
+        arguments-differ,
+        attribute-defined-outside-init,
+        backtick,
+        bad-option-value,
+        basestring-builtin,
+        buffer-builtin,
+        c-extension-no-member,
+        consider-using-enumerate,
+        cmp-builtin,
+        cmp-method,
+        coerce-builtin,
+        coerce-method,
+        delslice-method,
+        div-method,
+        duplicate-code,
+        eq-without-hash,
+        execfile-builtin,
+        file-builtin,
+        filter-builtin-not-iterating,
+        fixme,
+        getslice-method,
+        global-statement,
+        hex-method,
+        idiv-method,
+        implicit-str-concat,
+        import-error,
+        import-self,
+        import-star-module-level,
+        inconsistent-return-statements,
+        input-builtin,
+        intern-builtin,
+        invalid-str-codec,
+        locally-disabled,
+        long-builtin,
+        long-suffix,
+        map-builtin-not-iterating,
+        misplaced-comparison-constant,
+        missing-function-docstring,
+        metaclass-assignment,
+        next-method-called,
+        next-method-defined,
+        no-absolute-import,
+        no-else-break,
+        no-else-continue,
+        no-else-raise,
+        no-else-return,
+        no-init,  # added
+        no-member,
+        no-name-in-module,
+        no-self-use,
+        nonzero-method,
+        oct-method,
+        old-division,
+        old-ne-operator,
+        old-octal-literal,
+        old-raise-syntax,
+        parameter-unpacking,
+        print-statement,
+        raising-string,
+        range-builtin-not-iterating,
+        raw_input-builtin,
+        rdiv-method,
+        reduce-builtin,
+        relative-import,
+        reload-builtin,
+        round-builtin,
+        setslice-method,
+        signature-differs,
+        standarderror-builtin,
+        suppressed-message,
+        sys-max-int,
+        too-few-public-methods,
+        too-many-ancestors,
+        too-many-arguments,
+        too-many-boolean-expressions,
+        too-many-branches,
+        too-many-instance-attributes,
+        too-many-locals,
+        too-many-nested-blocks,
+        too-many-public-methods,
+        too-many-return-statements,
+        too-many-statements,
+        trailing-newlines,
+        unichr-builtin,
+        unicode-builtin,
+        unnecessary-pass,
+        unpacking-in-except,
+        useless-else-on-loop,
+        useless-object-inheritance,
+        useless-suppression,
+        using-cmp-argument,
+        wrong-import-order,
+        xrange-builtin,
+        zip-builtin-not-iterating,
+
+
+[REPORTS]
+
+# Set the output format. Available formats are text, parseable, colorized, msvs
+# (visual studio) and html. You can also give a reporter class, eg
+# mypackage.mymodule.MyReporterClass.
+output-format=text
+
+# Tells whether to display a full report or only the messages
+reports=no
+
+# Python expression which should return a note less than 10 (10 is the highest
+# note). You have access to the variables errors warning, statement which
+# respectively contain the number of errors / warnings messages and the total
+# number of statements analyzed. This is used by the global evaluation report
+# (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details
+#msg-template=
+
+
+[BASIC]
+
+# Good variable names which should always be accepted, separated by a comma
+good-names=main,_
+
+# Bad variable names which should always be refused, separated by a comma
+bad-names=
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Include a hint for the correct naming format with invalid-name
+include-naming-hint=no
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+property-classes=abc.abstractproperty,cached_property.cached_property,cached_property.threaded_cached_property,cached_property.cached_property_with_ttl,cached_property.threaded_cached_property_with_ttl
+
+# Regular expression matching correct function names
+function-rgx=^(?:(?P<exempt>setUp|tearDown|setUpModule|tearDownModule)|(?P<camel_case>_?[A-Z][a-zA-Z0-9]*)|(?P<snake_case>_?[a-z][a-z0-9_]*))$
+
+# Regular expression matching correct variable names
+variable-rgx=^[a-z][a-z0-9_]*$
+
+# Regular expression matching correct constant names
+const-rgx=^(_?[A-Z][A-Z0-9_]*|__[a-z0-9_]+__|_?[a-z][a-z0-9_]*)$
+
+# Regular expression matching correct attribute names
+attr-rgx=^_{0,2}[a-z][a-z0-9_]*$
+
+# Regular expression matching correct argument names
+argument-rgx=^[a-z][a-z0-9_]*$
+
+# Regular expression matching correct class attribute names
+class-attribute-rgx=^(_?[A-Z][A-Z0-9_]*|__[a-z0-9_]+__|_?[a-z][a-z0-9_]*)$
+
+# Regular expression matching correct inline iteration names
+inlinevar-rgx=^[a-z][a-z0-9_]*$
+
+# Regular expression matching correct class names
+class-rgx=^_?[A-Z][a-zA-Z0-9]*$
+
+# Regular expression matching correct module names
+module-rgx=^(_?[a-z][a-z0-9_]*|__init__)$
+
+# Regular expression matching correct method names
+method-rgx=(?x)^(?:(?P<exempt>_[a-z0-9_]+__|runTest|setUp|tearDown|setUpTestCase|tearDownTestCase|setupSelf|tearDownClass|setUpClass|(test|assert)_*[A-Z0-9][a-zA-Z0-9_]*|next)|(?P<camel_case>_{0,2}[A-Z][a-zA-Z0-9_]*)|(?P<snake_case>_{0,2}[a-z][a-z0-9_]*))$
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=(__.*__|main|test.*|.*test|.*Test)$
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=10
+
+
+[TYPECHECK]
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager,contextlib2.contextmanager
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis. It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=optparse.Values,thread._local,_thread._local
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+
+[FORMAT]
+
+# Maximum number of characters on a single line.
+max-line-length=80
+
+# TODO(https://github.com/PyCQA/pylint/issues/3352): Direct pylint to exempt
+# lines made too long by directives to pytype.
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=(?x)(
+  ^\s*(\#\ )?<?https?://\S+>?$|
+  ^\s*(from\s+\S+\s+)?import\s+.+$)
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=yes
+
+# Maximum number of lines in a module
+max-module-lines=99999
+
+# String used as indentation unit.  The internal Google style guide mandates 2
+# spaces.  Google's externaly-published style guide says 4, consistent with
+# PEP 8.  Here, we use 2 spaces, for conformity with many open-sourced Google
+# projects (like TensorFlow).
+indent-string='  '
+
+# Number of spaces of indent required inside a hanging  or continued line.
+indent-after-paren=4
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=TODO
+
+
+[STRING]
+
+# This flag controls whether inconsistent-quotes generates a warning when the
+# character used as a quote delimiter is used inconsistently within a module.
+check-quote-consistency=yes
+
+
+[VARIABLES]
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# A regular expression matching the name of dummy variables (i.e. expectedly
+# not used).
+dummy-variables-rgx=^\*{0,2}(_$|unused_|dummy_)
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid to define new builtins when possible.
+additional-builtins=
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,_cb
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six,six.moves,past.builtins,future.builtins,functools
+
+
+[LOGGING]
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format
+logging-modules=logging,absl.logging,tensorflow.io.logging
+
+
+[SIMILARITIES]
+
+# Minimum lines number of a similarity.
+min-similarity-lines=4
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=no
+
+
+[SPELLING]
+
+# Spelling dictionary name. Available dictionaries: none. To make it working
+# install python-enchant package.
+spelling-dict=
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to indicated private dictionary in
+# --spelling-private-dict-file option instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[IMPORTS]
+
+# Deprecated modules which should not be used, separated by a comma
+deprecated-modules=regsub,
+                   TERMIOS,
+                   Bastion,
+                   rexec,
+                   sets
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled)
+import-graph=
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled)
+ext-import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled)
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant, absl
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+
+[CLASSES]
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,
+                      __new__,
+                      setUp
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,
+                  _fields,
+                  _replace,
+                  _source,
+                  _make
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls,
+                            class_
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=mcs
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "Exception"
+overgeneral-exceptions=StandardError,
+                       Exception,
+                       BaseException

BUILD

@@ -0,0 +1,200 @@
+load("@build_bazel_rules_apple//apple:versioning.bzl", "apple_bundle_version")
+load("//:helper.bzl", "run_command")
+
+package(default_visibility = ["//:santa_package_group"])
+
+licenses(["notice"])
+
+exports_files(["LICENSE"])
+
+# The version label for mac_* rules.
+apple_bundle_version(
+    name = "version",
+    build_label_pattern = ".*santa_{release}\\.{build}",
+    build_version = "{release}.{build}",
+    capture_groups = {
+        "release": "\\d{4}\\.\\d+",
+        "build": "\\d+",
+    },
+    fallback_build_label = "santa_9999.1.1",
+    short_version_string = "{release}",
+)
+
+# Used to detect release builds
+config_setting(
+    name = "release_build",
+    values = {"define": "SANTA_BUILD_TYPE=release"},
+    visibility = [":santa_package_group"],
+)
+
+# Adhoc signed - provisioning profiles are not used.
+# Used for CI runs and dev builds when SIP is disabled.
+config_setting(
+    name = "adhoc_build",
+    values = {"define": "SANTA_BUILD_TYPE=adhoc"},
+    visibility = [":santa_package_group"],
+)
+
+# Used to detect optimized builds
+config_setting(
+    name = "opt_build",
+    values = {"compilation_mode": "opt"},
+)
+
+package_group(
+    name = "santa_package_group",
+    packages = ["//..."],
+)
+
+################################################################################
+# Loading/Unloading/Reloading
+################################################################################
+run_command(
+    name = "unload",
+    cmd = """
+sudo launchctl unload /Library/LaunchDaemons/com.google.santad.plist 2>/dev/null
+sudo launchctl unload /Library/LaunchDaemons/com.google.santa.bundleservice.plist 2>/dev/null
+sudo launchctl unload /Library/LaunchDaemons/com.google.santa.metricservice.plist 2>/dev/null
+sudo launchctl unload /Library/LaunchDaemons/com.google.santa.syncservice.plist 2>/dev/null
+launchctl unload /Library/LaunchAgents/com.google.santa.plist 2>/dev/null
+""",
+)
+
+run_command(
+    name = "load",
+    cmd = """
+sudo launchctl load /Library/LaunchDaemons/com.google.santad.plist
+sudo launchctl load /Library/LaunchDaemons/com.google.santa.bundleservice.plist
+sudo launchctl load /Library/LaunchDaemons/com.google.santa.metricservice.plist
+sudo launchctl load /Library/LaunchDaemons/com.google.santa.syncservice.plist
+launchctl load /Library/LaunchAgents/com.google.santa.plist
+""",
+)
+
+run_command(
+    name = "reload",
+    srcs = [
+        "//Source/gui:Santa",
+    ],
+    cmd = """
+set -e
+
+rm -rf /tmp/bazel_santa_reload
+unzip -d /tmp/bazel_santa_reload \
+    $${BUILD_WORKSPACE_DIRECTORY}/bazel-out/*$(COMPILATION_MODE)*/bin/Source/gui/Santa.zip >/dev/null
+echo "You may be asked for your password for sudo"
+sudo BINARIES=/tmp/bazel_santa_reload CONF=$${BUILD_WORKSPACE_DIRECTORY}/Conf \
+    $${BUILD_WORKSPACE_DIRECTORY}/Conf/install.sh
+rm -rf /tmp/bazel_santa_reload
+echo "Time to stop being naughty"
+""",
+)
+
+################################################################################
+# Release rules - used to create a release tarball
+################################################################################
+genrule(
+    name = "release",
+    srcs = [
+        "//Source/gui:Santa",
+        "Conf/install.sh",
+        "Conf/uninstall.sh",
+        "Conf/com.google.santa.bundleservice.plist",
+        "Conf/com.google.santa.metricservice.plist",
+        "Conf/com.google.santa.syncservice.plist",
+        "Conf/com.google.santad.plist",
+        "Conf/com.google.santa.plist",
+        "Conf/com.google.santa.newsyslog.conf",
+        "Conf/Package/Distribution.xml",
+        "Conf/Package/notarization_tool.sh",
+        "Conf/Package/package_and_sign.sh",
+        "Conf/Package/postinstall",
+        "Conf/Package/preinstall",
+    ],
+    outs = ["santa-release.tar.gz"],
+    cmd = select({
+        "//conditions:default": """
+        echo "ERROR: Trying to create a release tarball without optimization."
+        echo "Please add '-c opt' flag to bazel invocation"
+        """,
+        ":opt_build": """
+      # Extract Santa.zip
+      for SRC in $(SRCS); do
+        if [ "$$(basename $${SRC})" == "Santa.zip" ]; then
+          mkdir -p $(@D)/binaries
+          unzip -q $${SRC} -d $(@D)/binaries >/dev/null
+        fi
+      done
+
+      # Copy config files
+      for SRC in $(SRCS); do
+        if [[ "$$(dirname $${SRC})" == *"Conf"* ]]; then
+          mkdir -p $(@D)/conf
+          cp -H $${SRC} $(@D)/conf/
+        fi
+      done
+
+      # Gather together the dSYMs. Throw an error if no dSYMs were found
+      for SRC in $(SRCS); do
+        case $${SRC} in
+          *santad.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santad.dSYM
+            ;;
+          *santactl.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santactl.dSYM
+            ;;
+          *santabundleservice.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santabundleservice.dSYM
+            ;;
+          *santametricservice.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santametricservice.dSYM
+            ;;
+          *santasyncservice.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santasyncservice.dSYM
+            ;;
+          *Santa.app.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/Santa.app.dSYM
+            ;;
+          *com.google.santa.daemon.systemextension.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/com.google.santa.daemon.systemextension.dSYM
+            ;;
+        esac
+      done
+
+      # Cause a build failure if the dSYMs are missing.
+      if [[ ! -d "$(@D)/dsym" ]]; then
+        echo "dsym dir missing: Did you forget to use --apple_generate_dsym?"
+        echo "This flag is required for the 'release' target."
+        exit 1
+      fi
+
+      # Update all the timestamps to now. Bazel avoids timestamps to allow
+      # builds to be hermetic and cacheable but for releases we want the
+      # timestamps to be more-or-less correct.
+      find $(@D)/{binaries,conf,dsym} -exec touch {} \\;
+
+      # Create final output tar
+      tar -C $(@D) -czpf $(@) binaries dsym conf
+    """,
+    }),
+    heuristic_label_expansion = 0,
+)
+
+test_suite(
+    name = "unit_tests",
+    tests = [
+        "//Source/common:unit_tests",
+        "//Source/gui:unit_tests",
+        "//Source/santactl:unit_tests",
+        "//Source/santad:unit_tests",
+        "//Source/santametricservice:unit_tests",
+        "//Source/santasyncservice:unit_tests",
+    ],
+)

CODEOWNERS

@@ -0,0 +1 @@
+* @google/macendpoints

CONTRIBUTING.md

@@ -1,31 +0,0 @@
-Want to contribute? Great! First, read this page (including the small print at the end).
-
-### Before you contribute
-Before we can use your code, you must sign the
-[Google Individual Contributor License Agreement](https://developers.google.com/open-source/cla/individual)
-(CLA), which you can do online. The CLA is necessary mainly because you own the
-copyright to your changes, even after your contribution becomes part of our
-codebase, so we need your permission to use and distribute your code. We also
-need to be sure of various other things—for instance that you'll tell us if you
-know that your code infringes on other people's patents. You don't have to sign
-the CLA until after you've submitted your code for review and a member has
-approved it, but you must do it before we can put your code into our codebase.
-
-Before you start working on a larger contribution, you should get in touch with
-us first through the [issue tracker](https://github.com/google/santa/issues)
-with your idea so that we can help out and possibly guide you. Coordinating up 
-front makes it much easier to avoid frustration later on.
-
-### Code reviews
-All submissions, including submissions by project members, require review. We
-use GitHub pull requests for this purpose. It's also a good idea to run the
-tests beforehand, which you can do with the following commands:
-
-```sh
-rake tests:logic
-rake tests:kernel  # only necessary if you're changing the kext code
-```
-
-### The small print
-Contributions made by corporations are covered by a different agreement than
-the one above, the [Software Grant and Corporate Contributor License Agreement](https://developers.google.com/open-source/cla/corporate).

CONTRIBUTING.md

@@ -0,0 +1 @@
+docs/development/contributing.md

Conf/Package/Distribution.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<installer-gui-script minSpecVersion="1">
+<title>Santa</title>
+<options customize="never" allow-external-scripts="no" hostArchitectures="x86_64,arm64" />
+
+<choices-outline>
+	<line choice="default" />
+</choices-outline>
+
+<choice id="default">
+    <pkg-ref id="com.google.santa"/>
+</choice>
+
+<pkg-ref id="com.google.santa">app.pkg</pkg-ref>
+
+</installer-gui-script>

Conf/Package/notarization_tool.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Example NOTARIZATION_TOOL wrapper.
+
+/usr/bin/xcrun altool --notarize-app "${2}" --primary-bundle-id "${4}" \
+  -u "${NOTARIZATION_USERNAME}" -p "${NOTARIZATION_PASSWORD}"

Conf/Package/package_and_sign.sh

@@ -0,0 +1,185 @@
+#!/bin/bash
+
+# This script signs all of Santa's components, verifies the signatures,
+# notarizes all of the components, staples them, packages them up, signs the
+# package, notarizes the package, puts the package in a DMG and notarizes the
+# DMG. It also outputs a single release tarball.
+# All of the following environment variables are required.
+
+# RELEASE_ROOT is a required environment variable that points to the root
+# of an extracted release tarball produced with the :release and :release_driver
+# rules in Santa's main BUILD file.
+[[ -n "${RELEASE_ROOT}" ]] || die "RELEASE_ROOT unset"
+
+# SIGNING_IDENTITY, SIGNING_TEAMID and SIGNING_KEYCHAIN are required environment
+# variables specifying the identity and keychain to pass to the codesign tool
+# and the team ID to use for verification.
+[[ -n "${SIGNING_IDENTITY}" ]] || die "SIGNING_IDENTITY unset"
+[[ -n "${SIGNING_TEAMID}" ]] || die "SIGNING_TEAMID unset"
+[[ -n "${SIGNING_KEYCHAIN}" ]] || die "SIGNING_KEYCHAIN unset"
+
+# INSTALLER_SIGNING_IDENTITY and INSTALLER_SIGNING_KEYCHAIN are required
+# environment variables specifying the identity and keychain to use when signing
+# the distribution package.
+[[ -n "${INSTALLER_SIGNING_IDENTITY}" ]] || die "INSTALLER_SIGNING_IDENTITY unset"
+[[ -n "${INSTALLER_SIGNING_KEYCHAIN}" ]] || die "INSTALLER_SIGNING_KEYCHAIN unset"
+
+# NOTARIZATION_TOOL is a required environment variable pointing to a wrapper
+# tool around the tool to use for notarization. The tool must take 2 flags:
+#    --file
+#        - pointing at a zip file containing the artifact to notarize
+#    --primary-bundle-id
+#        - specifying the CFBundleID of the artifact being notarized
+[[ -n "${NOTARIZATION_TOOL}" ]] || die "NOTARIZATION_TOOL unset"
+
+# ARTIFACTS_DIR is a required environment variable pointing at a directory to
+# place the output artifacts in.
+[[ -n "${ARTIFACTS_DIR}" ]] || die "ARTIFACTS_DIR unset"
+
+################################################################################
+
+function die {
+  echo "${@}"
+  exit 2
+}
+
+readonly INPUT_APP="${RELEASE_ROOT}/binaries/Santa.app"
+readonly INPUT_SYSX="${INPUT_APP}/Contents/Library/SystemExtensions/com.google.santa.daemon.systemextension"
+readonly INPUT_SANTACTL="${INPUT_APP}/Contents/MacOS/santactl"
+readonly INPUT_SANTABS="${INPUT_APP}/Contents/MacOS/santabundleservice"
+readonly INPUT_SANTAMS="${INPUT_APP}/Contents/MacOS/santametricservice"
+readonly INPUT_SANTASS="${INPUT_APP}/Contents/MacOS/santasyncservice"
+
+readonly RELEASE_NAME="santa-$(/usr/bin/defaults read "${INPUT_APP}/Contents/Info.plist" CFBundleShortVersionString)"
+
+readonly SCRATCH=$(/usr/bin/mktemp -d "${TMPDIR}/santa-"XXXXXX)
+readonly APP_PKG_ROOT="${SCRATCH}/app_pkg_root"
+readonly APP_PKG_SCRIPTS="${SCRATCH}/pkg_scripts"
+readonly ENTITLEMENTS="${SCRATCH}/entitlements"
+
+readonly SCRIPT_PATH="$(/usr/bin/dirname -- ${BASH_SOURCE[0]})"
+
+/bin/mkdir -p "${APP_PKG_ROOT}" "${APP_PKG_SCRIPTS}" "${ENTITLEMENTS}"
+
+readonly DMG_PATH="${ARTIFACTS_DIR}/${RELEASE_NAME}.dmg"
+readonly TAR_PATH="${ARTIFACTS_DIR}/${RELEASE_NAME}.tar.gz"
+
+# Sign all of binaries/bundles. Maintain inside-out ordering where necessary
+for ARTIFACT in "${INPUT_SANTACTL}" "${INPUT_SANTABS}" "${INPUT_SANTAMS}" "${INPUT_SANTASS}" "${INPUT_SYSX}" "${INPUT_APP}"; do
+  BN=$(/usr/bin/basename "${ARTIFACT}")
+  EN="${ENTITLEMENTS}/${BN}.entitlements"
+
+  echo "extracting ${BN} entitlements"
+  /usr/bin/codesign -d --entitlements "${EN}" "${ARTIFACT}"
+  if [[ -s "${EN}" ]]; then
+    EN="--entitlements ${EN}"
+  else
+    EN=""
+  fi
+
+  echo "codesigning ${BN}"
+  /usr/bin/codesign --sign "${SIGNING_IDENTITY}" --keychain "${SIGNING_KEYCHAIN}" \
+        ${EN} --timestamp --force --generate-entitlement-der \
+        --options library,kill,runtime "${ARTIFACT}"
+done
+
+# Notarize all the bundles
+for ARTIFACT in "${INPUT_SYSX}" "${INPUT_APP}"; do
+  BN=$(/usr/bin/basename "${ARTIFACT}")
+
+  echo "zipping ${BN}"
+  /usr/bin/zip -9r "${SCRATCH}/${BN}.zip" "${ARTIFACT}"
+
+  echo "notarizing ${BN}"
+  PBID=$(/usr/bin/defaults read "${ARTIFACT}/Contents/Info.plist" CFBundleIdentifier)
+  "${NOTARIZATION_TOOL}" --file "${SCRATCH}/${BN}.zip" --primary-bundle-id "${PBID}"
+done
+
+# Staple the App.
+for ARTIFACT in "${INPUT_APP}"; do
+  BN=$(/usr/bin/basename "${ARTIFACT}")
+
+  echo "stapling ${BN}"
+  /usr/bin/xcrun stapler staple "${ARTIFACT}"
+done
+
+# Ensure _CodeSignature/CodeResources files have 0644 permissions so they can
+# be verified without using sudo.
+/usr/bin/find "${RELEASE_ROOT}/binaries" -type f -name CodeResources -exec chmod 0644 {} \;
+/usr/bin/find "${RELEASE_ROOT}/binaries" -type d -exec chmod 0755 {} \;
+/usr/bin/find "${RELEASE_ROOT}/conf" -type f -name "com.google.santa*" -exec chmod 0644 {} \;
+
+echo "verifying signatures"
+/usr/bin/codesign -vv -R="certificate leaf[subject.OU] = ${SIGNING_TEAMID}" \
+  "${RELEASE_ROOT}/binaries/"* || die "bad signature"
+
+echo "creating fresh release tarball"
+/bin/mkdir -p "${SCRATCH}/tar_root/${RELEASE_NAME}"
+/bin/cp -r "${RELEASE_ROOT}/binaries" "${SCRATCH}/tar_root/${RELEASE_NAME}"
+/bin/cp -r "${RELEASE_ROOT}/conf" "${SCRATCH}/tar_root/${RELEASE_NAME}"
+/bin/cp -r "${RELEASE_ROOT}/dsym" "${SCRATCH}/tar_root/${RELEASE_NAME}"
+/usr/bin/tar -C "${SCRATCH}/tar_root" -czvf "${TAR_PATH}" "${RELEASE_NAME}" || die "failed to create release tarball"
+
+echo "creating app pkg"
+/bin/mkdir -p "${APP_PKG_ROOT}/Applications" \
+  "${APP_PKG_ROOT}/Library/LaunchAgents" \
+  "${APP_PKG_ROOT}/Library/LaunchDaemons" \
+  "${APP_PKG_ROOT}/private/etc/asl" \
+  "${APP_PKG_ROOT}/private/etc/newsyslog.d"
+/bin/cp -vXR "${RELEASE_ROOT}/binaries/Santa.app" "${APP_PKG_ROOT}/Applications/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santad.plist" "${APP_PKG_ROOT}/Library/LaunchDaemons/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.plist" "${APP_PKG_ROOT}/Library/LaunchAgents/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.bundleservice.plist" "${APP_PKG_ROOT}/Library/LaunchDaemons/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.metricservice.plist" "${APP_PKG_ROOT}/Library/LaunchDaemons/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.syncservice.plist" "${APP_PKG_ROOT}/Library/LaunchDaemons/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.asl.conf" "${APP_PKG_ROOT}/private/etc/asl/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.newsyslog.conf" "${APP_PKG_ROOT}/private/etc/newsyslog.d/"
+/bin/cp -vXL "${SCRIPT_PATH}/preinstall" "${APP_PKG_SCRIPTS}/"
+/bin/cp -vXL "${SCRIPT_PATH}/postinstall" "${APP_PKG_SCRIPTS}/"
+/bin/chmod +x "${APP_PKG_SCRIPTS}/"*
+
+# Disable bundle relocation.
+/usr/bin/pkgbuild --analyze --root "${APP_PKG_ROOT}" "${SCRATCH}/component.plist"
+/usr/bin/plutil -replace BundleIsRelocatable -bool NO "${SCRATCH}/component.plist"
+/usr/bin/plutil -replace BundleIsVersionChecked -bool NO "${SCRATCH}/component.plist"
+/usr/bin/plutil -replace BundleOverwriteAction -string upgrade "${SCRATCH}/component.plist"
+/usr/bin/plutil -replace ChildBundles -json "[]" "${SCRATCH}/component.plist"
+
+# Build app package
+/usr/bin/pkgbuild --identifier "com.google.santa" \
+  --version "$(echo "${RELEASE_NAME}" | cut -d - -f2)" \
+  --root "${APP_PKG_ROOT}" \
+  --component-plist "${SCRATCH}/component.plist" \
+  --scripts "${APP_PKG_SCRIPTS}" \
+  "${SCRATCH}/app.pkg"
+
+# Build signed distribution package
+echo "productbuild pkg"
+/bin/mkdir -p "${SCRATCH}/${RELEASE_NAME}"
+/usr/bin/productbuild \
+  --distribution "${SCRIPT_PATH}/Distribution.xml" \
+  --package-path "${SCRATCH}" \
+  --sign "${INSTALLER_SIGNING_IDENTITY}" --keychain "${INSTALLER_SIGNING_KEYCHAIN}" \
+  "${SCRATCH}/${RELEASE_NAME}/${RELEASE_NAME}.pkg"
+
+echo "verifying pkg signature"
+/usr/sbin/pkgutil --check-signature "${SCRATCH}/${RELEASE_NAME}/${RELEASE_NAME}.pkg" || die "bad pkg signature"
+
+echo "notarizing pkg"
+"${NOTARIZATION_TOOL}" --file "${SCRATCH}/${RELEASE_NAME}/${RELEASE_NAME}.pkg" \
+    --primary-bundle-id "com.google.santa"
+
+echo "stapling pkg"
+/usr/bin/xcrun stapler staple "${SCRATCH}/${RELEASE_NAME}/${RELEASE_NAME}.pkg" || die "failed to staple pkg"
+
+echo "wrapping pkg in dmg"
+/usr/bin/hdiutil create -fs HFS+ -format UDZO \
+    -volname "${RELEASE_NAME}" \
+    -ov -imagekey zlib-level=9 \
+    -srcfolder "${SCRATCH}/${RELEASE_NAME}/" "${DMG_PATH}" || die "failed to wrap pkg in dmg"
+
+echo "notarizing dmg"
+"${NOTARIZATION_TOOL}" --file "${DMG_PATH}" --primary-bundle-id "com.google.santa"
+
+echo "stapling dmg"
+/usr/bin/xcrun stapler staple "${DMG_PATH}" || die "failed to staple dmg"

Conf/Package/postinstall

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Load com.google.santa.daemon and com.google.santa.bundleservice
+# If a user is logged in, also load the GUI agent.
+# If the target volume is not /, do nothing
+
+[[ $3 != "/" ]] && exit 0
+
+# Restart syslogd to pick up ASL configuration change
+/usr/bin/killall -HUP syslogd
+
+# Create hopefully useful symlink for santactl
+mkdir -p /usr/local/bin
+/bin/ln -sf /Applications/Santa.app/Contents/MacOS/santactl /usr/local/bin/santactl
+
+# Remove the kext before com.google.santa.daemon loads if the SystemExtension is already present.
+/bin/launchctl list EQHXZ8M8AV.com.google.santa.daemon > /dev/null 2>&1 && rm -rf /Library/Extensions/santa-driver.kext
+
+# Load com.google.santa.daemon, its main has logic to handle loading the kext
+# or relaunching itself as a SystemExtension.
+/bin/launchctl load -w /Library/LaunchDaemons/com.google.santad.plist
+
+# Load com.google.santa.bundleservice
+/bin/launchctl load -w /Library/LaunchDaemons/com.google.santa.bundleservice.plist
+
+# Load com.google.santa.metricservice
+/bin/launchctl load -w /Library/LaunchDaemons/com.google.santa.metricservice.plist
+
+# Load com.google.santa.syncservice
+/bin/launchctl load -w /Library/LaunchDaemons/com.google.santa.syncservice.plist
+
+GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
+[[ -z "${GUI_USER}" ]] && exit 0
+
+/bin/launchctl asuser "${GUI_USER}" /bin/launchctl load /Library/LaunchAgents/com.google.santa.plist
+exit 0

Conf/Package/preinstall

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Unload the kernel extension, santad, sync client
+# If a user is logged in, also unload the GUI agent.
+# If the target volume is not /, do nothing
+
+[[ $3 != "/" ]] && exit 0
+
+/bin/launchctl remove com.google.santad || true
+/bin/launchctl remove com.google.santa.bundleservice || true
+/bin/launchctl remove com.google.santa.metricservice || true
+/bin/launchctl remove com.google.santa.syncservice || true
+
+/bin/sleep 1
+
+/sbin/kextunload -b com.google.santa-driver >/dev/null 2>&1 || true
+
+# Remove cruft from old Santa versions
+/bin/rm -f /usr/libexec/santad
+/bin/rm -f /usr/sbin/santactl
+/bin/launchctl remove com.google.santasync
+/bin/rm -f /Library/LaunchDaemons/com.google.santasync.plist
+/bin/rm -rf /Applications/Santa.app
+/bin/rm -rf /Library/Extensions/santa-driver.kext
+
+/bin/sleep 1
+
+GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
+[[ -z "${GUI_USER}" ]] && exit 0
+
+/bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santagui
+/bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santa
+exit 0

Conf/com.google.santa.asl.conf

@@ -1,2 +0,0 @@
-# Copy this file to /etc/asl to log all messages from santa-driver to the log file
-? [S= Message santa-driver:] file /var/log/santa.log claim only format="[$((Time)(utc.3))] $Message"

Conf/com.google.santa.bundleservice.plist

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>com.google.santa.bundleservice</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Applications/Santa.app/Contents/MacOS/santabundleservice</string>
+		<string>--syslog</string>
+	</array>
+	<key>MachServices</key>
+	<dict>
+		<key>com.google.santa.bundleservice</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<false/>
+	<key>KeepAlive</key>
+	<false/>
+	<key>ProcessType</key>
+	<string>Interactive</string>
+	<key>ThrottleInterval</key>
+	<integer>0</integer>
+</dict>
+</plist>

Conf/com.google.santa.metricservice.plist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>com.google.santa.metricservice</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Applications/Santa.app/Contents/MacOS/santametricservice</string>
+		<string>--syslog</string>
+	</array>
+	<key>MachServices</key>
+	<dict>
+		<key>com.google.santa.metricservice</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>KeepAlive</key>
+	<true/>
+</dict>
+</plist>

Conf/com.google.santa.newsyslog.conf

@@ -0,0 +1,2 @@
+# logfilename             [owner:group]       mode   count size(KiB) when   flags [/pid_file] # [sig_num]
+/var/db/santa/santa.log   root:wheel          644    10    25000     *      Z

Conf/com.google.santa.plist

@@ -3,16 +3,15 @@
 <plist version="1.0">
 <dict>
 				<key>Label</key>
-				<string>com.google.santagui</string>
+				<string>com.google.santa</string>
 				<key>ProgramArguments</key>
 				<array>
 					<string>/Applications/Santa.app/Contents/MacOS/Santa</string>
+					<string>--syslog</string>
 				</array>
-				<key>StandardOutPath</key>
-				<string>/var/log/santa.log</string>
-				<key>StandardErrorPath</key>
-				<string>/var/log/santa.log</string>
 				<key>RunAtLoad</key>
 				<true/>
+				<key>KeepAlive</key>
+				<true/>
 </dict>
 </plist>

Conf/com.google.santa.syncservice.plist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>com.google.santa.syncservice</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Applications/Santa.app/Contents/MacOS/santasyncservice</string>
+		<string>--syslog</string>
+	</array>
+	<key>MachServices</key>
+	<dict>
+		<key>com.google.santa.syncservice</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<false/>
+	<key>KeepAlive</key>
+	<false/>
+</dict>
+</plist>

Conf/com.google.santad.plist

@@ -1,29 +1,24 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-				<key>Label</key>
-				<string>com.google.santad</string>
-				<key>ProgramArguments</key>
-				<array>
-								<string>/usr/libexec/santad</string>
-				</array>
-				<key>MachServices</key>
-				<dict>
-								<key>SantaXPCNotifications</key>
-								<true/>
-								<key>SantaXPCControl</key>
-								<true/>
-				</dict>
-				<key>StandardOutPath</key>
-				<string>/var/log/santa.log</string>
-				<key>StandardErrorPath</key>
-				<string>/var/log/santa.log</string>
-				<key>RunAtLoad</key>
-				<true/>
-				<key>KeepAlive</key>
-				<true />
-				<key>ProcessType</key>
-				<string>Interactive</string>
+	<key>Label</key>
+	<string>com.google.santad</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Applications/Santa.app/Contents/Library/SystemExtensions/com.google.santa.daemon.systemextension/Contents/MacOS/com.google.santa.daemon</string>
+		<string>--syslog</string>
+	</array>
+	<key>MachServices</key>
+	<dict>
+		<key>com.google.santa.daemon</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>KeepAlive</key>
+	<true/>
+	<key>ProcessType</key>
+	<string>Interactive</string>
 </dict>
 </plist>

Conf/com.google.santasync.plist

@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-				<key>Label</key>
-				<string>com.google.santasync</string>
-				<key>ProgramArguments</key>
-				<array>
-								<string>/usr/sbin/santactl</string>
-								<string>sync</string>
-				</array>
-				<key>StandardErrorPath</key>
-				<string>/var/log/santa.log</string>
-				<key>ProcessType</key>
-				<string>Background</string>
-				<key>StartInterval</key>
-				<integer>600</integer>
-</dict>
-</plist>

Conf/config.plist

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<!-- Minimal Configuration -->
-	<key>ClientMode</key>
-	<integer>1</integer>
-
-	<!--  For documentation of other keys, see the following URL:
-  			https://github.com/google/santa/wiki/Configuration-Keys  -->
-</dict>
-</plist>

Conf/install.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+
+if [[ $EUID -ne 0 ]]; then
+  echo "This script must be run as root" 1>&2
+  exit 1
+fi
+
+if [[ -z "${BINARIES}" || -z "${CONF}" ]]; then
+  if [[ -d "binaries" ]]; then
+    BINARIES="${PWD}/binaries"
+    CONF="${PWD}/conf"
+  elif [[ -d "../binaries" ]]; then
+    BINARIES="${PWD}/../binaries"
+    CONF="${PWD}/../conf"
+  else
+    echo "Can't find binaries, run install.sh from inside the conf directory" 1>&2
+    exit 1
+  fi
+fi
+
+# Unload santad and scheduled sync job.
+/bin/launchctl remove com.google.santad >/dev/null 2>&1
+
+# Unload bundle service
+/bin/launchctl remove com.google.santa.bundleservice >/dev/null 2>&1
+
+# Unload metric service
+/bin/launchctl remove com.google.santa.metricservice >/dev/null 2>&1
+
+# Unload sync service
+/bin/launchctl remove com.google.santa.syncservice >/dev/null 2>&1
+
+# Unload kext.
+/sbin/kextunload -b com.google.santa-driver >/dev/null 2>&1
+
+# Determine if anyone is logged into the GUI
+GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
+
+# Unload GUI agent if someone is logged in.
+[[ -n "${GUI_USER}" ]] && \
+  /bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santagui
+[[ -n "$GUI_USER" ]] && \
+  /bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santa
+
+# Cleanup cruft from old versions
+/bin/launchctl remove com.google.santasync >/dev/null 2>&1
+/bin/rm /Library/LaunchDaemons/com.google.santasync.plist >/dev/null 2>&1
+/bin/rm /usr/libexec/santad >/dev/null 2>&1
+/bin/rm /usr/sbin/santactl >/dev/null 2>&1
+/bin/rm -rf /Applications/Santa.app 2>&1
+/bin/rm -rf /Library/Extensions/santa-driver.kext 2>&1
+/bin/rm /etc/asl/com.google.santa.asl.conf
+
+# Copy new files.
+/bin/mkdir -p /var/db/santa
+
+/bin/cp -r ${BINARIES}/Santa.app /Applications
+
+/bin/mkdir -p /usr/local/bin
+/bin/ln -s /Applications/Santa.app/Contents/MacOS/santactl /usr/local/bin 2>/dev/null
+
+/bin/cp ${CONF}/com.google.santa.plist /Library/LaunchAgents
+/bin/cp ${CONF}/com.google.santa.bundleservice.plist /Library/LaunchDaemons
+/bin/cp ${CONF}/com.google.santa.metricservice.plist /Library/LaunchDaemons
+/bin/cp ${CONF}/com.google.santa.syncservice.plist /Library/LaunchDaemons
+/bin/cp ${CONF}/com.google.santad.plist /Library/LaunchDaemons
+/bin/cp ${CONF}/com.google.santa.newsyslog.conf /etc/newsyslog.d/
+
+# Reload syslogd to pick up ASL configuration change.
+/usr/bin/killall -HUP syslogd
+
+# Load com.google.santa.daemon
+/bin/launchctl load /Library/LaunchDaemons/com.google.santad.plist
+
+# Load com.google.santa.bundleservice
+/bin/launchctl load /Library/LaunchDaemons/com.google.santa.bundleservice.plist
+
+# Load com.google.santa.metricservice
+/bin/launchctl load /Library/LaunchDaemons/com.google.santa.metricservice.plist
+
+# Load com.google.santa.syncservice
+/bin/launchctl load /Library/LaunchDaemons/com.google.santa.syncservice.plist
+
+# Load GUI agent if someone is logged in.
+[[ -z "${GUI_USER}" ]] && exit 0
+
+/bin/launchctl asuser "${GUI_USER}" /bin/launchctl load -w /Library/LaunchAgents/com.google.santa.plist
+exit 0

Conf/uninstall.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# Uninstalls Santa from the boot volume, clearing up everything but logs/configs.
+# Unloads the kernel extension, services, and deletes component files.
+# If a user is logged in, also unloads the GUI agent.
+
+[ "$EUID" != 0 ] && printf "%s\n" "This requires running as root/sudo." && exit 1
+
+# For macOS 10.15+ this will block up to 60 seconds
+/bin/launchctl list EQHXZ8M8AV.com.google.santa.daemon > /dev/null 2>&1 && /Applications/Santa.app/Contents/MacOS/Santa --unload-system-extension
+
+/bin/launchctl remove com.google.santad
+# remove helper XPC services
+/bin/launchctl remove com.google.santa.bundleservice
+/bin/launchctl remove com.google.santa.metricservice
+/bin/launchctl remove com.google.santa.syncservice
+sleep 1
+/sbin/kextunload -b com.google.santa-driver >/dev/null 2>&1
+user=$(/usr/bin/stat -f '%u' /dev/console)
+[[ -n "$user" ]] && /bin/launchctl asuser ${user} /bin/launchctl remove com.google.santagui
+[[ -n "$user" ]] && /bin/launchctl asuser ${user} /bin/launchctl remove com.google.santa
+# and to clean out the log config, although it won't write after wiping the binary
+/usr/bin/killall -HUP syslogd
+# delete artifacts on-disk
+/bin/rm -rf /Applications/Santa.app
+/bin/rm -rf /Library/Extensions/santa-driver.kext
+/bin/rm -f /Library/LaunchAgents/com.google.santagui.plist
+/bin/rm -f /Library/LaunchAgents/com.google.santa.plist
+/bin/rm -f /Library/LaunchDaemons/com.google.santad.plist
+/bin/rm -f /Library/LaunchDaemons/com.google.santa.bundleservice.plist
+/bin/rm -f /Library/LaunchDaemons/com.google.santa.metricservice.plist
+/bin/rm -f /Library/LaunchDaemons/com.google.santa.syncservice.plist
+/bin/rm -f /private/etc/asl/com.google.santa.asl.conf
+/bin/rm -f /private/etc/newsyslog.d/com.google.santa.newsyslog.conf
+/bin/rm -f /usr/local/bin/santactl # just a symlink
+
+#uncomment to remove the config file and all databases, log files
+#/bin/rm -rf /var/db/santa
+#/bin/rm -f /var/log/santa*
+exit 0

Fuzzing/BUILD

@@ -0,0 +1,11 @@
+load("fuzzing.bzl", "objc_fuzz_test")
+
+objc_fuzz_test(
+    name = "MachOParse",
+    srcs = ["common/MachOParse.mm"],
+    corpus = glob(["common/MachOParse_corpus/*"]),
+    linkopts = ["-lsqlite3"],
+    deps = [
+        "//Source/common:SNTFileInfo",
+    ],
+)

Fuzzing/common/MachOParse.mm

@@ -0,0 +1,40 @@
+#import <Foundation/Foundation.h>
+#include <libproc.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#import "Source/common/SNTFileInfo.h"
+
+int get_num_fds() {
+  return proc_pidinfo(getpid(), PROC_PIDLISTFDS, 0, NULL, 0) / PROC_PIDLISTFD_SIZE;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  static NSString *tmpPath =
+    [NSTemporaryDirectory() stringByAppendingPathComponent:[[NSUUID UUID] UUIDString]];
+
+  int num_fds_pre = get_num_fds();
+
+  @autoreleasepool {
+    NSData *input = [NSData dataWithBytesNoCopy:(void *)data length:size freeWhenDone:false];
+    [input writeToFile:tmpPath atomically:false];
+
+    NSError *error;
+    SNTFileInfo *fi = [[SNTFileInfo alloc] initWithResolvedPath:tmpPath error:&error];
+    if (!fi || error != nil) {
+      NSLog(@"Error: %@", error);
+      return -1;
+    }
+
+    // Mach-O Parsing
+    [fi architectures];
+    [fi isMissingPageZero];
+    [fi infoPlist];
+  }
+
+  if (num_fds_pre != get_num_fds()) {
+    abort();
+  }
+
+  return 0;
+}

Fuzzing/fuzzing.bzl

@@ -0,0 +1,20 @@
+"""Utilities for fuzzing Santa"""
+
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
+
+def objc_fuzz_test(name, srcs, deps, corpus, linkopts = [], **kwargs):
+    native.objc_library(
+        name = "%s_lib" % name,
+        srcs = srcs,
+        deps = deps,
+        **kwargs
+    )
+
+    cc_fuzz_test(
+        name = name,
+        deps = [
+            "%s_lib" % name,
+        ],
+        linkopts = linkopts,
+        corpus = corpus,
+    )

Fuzzing/install_libclang_fuzzer.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# Xcode doesn't include the fuzzer runtime, but the one LLVM ships is compatible with Apple clang.
+set -uexo pipefail
+
+CLANG_VERSION=$(clang --version | head -n 1 | cut -d' ' -f 4)
+DST_PATH="$(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a"
+
+if [ -f ${DST_PATH} ]; then
+  exit 0;
+fi
+
+curl -O -L https://github.com/llvm/llvm-project/releases/download/llvmorg-${CLANG_VERSION}/clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin.tar.xz
+tar xvf clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin.tar.xz clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a
+cp clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a ${DST_PATH}

Fuzzing/santacache/.gitignore

@@ -0,0 +1,3 @@
+santacache.dSYM
+santacache
+

Fuzzing/santacache/src/main.cpp

@@ -0,0 +1,43 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <SantaCache.h>
+
+#include <cstdint>
+#include <iostream>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data,
+                                      std::size_t size) {
+  static SantaCache<uint64_t, uint64_t> decision_cache(5000, 2);
+
+  std::uint64_t fields[2] = {};
+
+  if (size > 16) {
+    std::cout << "Invalid size! Start with -max_len=16\n";
+    return 1;
+  }
+
+  std::memcpy(fields, data, size);
+
+  decision_cache.set(fields[0], fields[1]);
+  auto returned_value = decision_cache.get(fields[0]);
+
+  if (returned_value != fields[1]) {
+    std::cout << fields[0] << ", " << fields[1] << " -> " << returned_value
+              << "\n";
+    return 1;
+  }
+
+  return 0;
+}

Fuzzing/santactl/santactl_fuzzer_seed_corpus/example01

@@ -0,0 +1,16 @@
+{
+  "rules": [
+    {
+      "rule_type": "BINARY",
+      "policy": "BLACKLIST",
+      "sha256": "2dc104631939b4bdf5d6bccab76e166e37fe5e1605340cf68dab919df58b8eda",
+      "custom_msg": "blacklist firefox"
+    },
+    {
+      "rule_type": "CERTIFICATE",
+      "policy": "BLACKLIST",
+      "sha256": "e7726cf87cba9e25139465df5bd1557c8a8feed5c7dd338342d8da0959b63c8d",
+      "custom_msg": "blacklist dash app certificate"
+    }
+  ]
+}

Fuzzing/santactl/src/main.mm

@@ -0,0 +1,62 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <cstdint>
+#include <iostream>
+#include <vector>
+
+#include <SNTRule.h>
+#include <SNTSyncConstants.h>
+#include <SNTSyncRuleDownload.h>
+#include <SNTSyncState.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, std::size_t size) {
+  NSData *buffer = [NSData dataWithBytes:static_cast<const void *>(data) length:size];
+  if (!buffer) {
+    return 0;
+  }
+
+  NSError *error;
+  NSDictionary *response = [NSJSONSerialization JSONObjectWithData:buffer options:0 error:&error];
+  if (!response) {
+    return 0;
+  }
+
+  if (![response isKindOfClass:[NSDictionary class]]) {
+    return 0;
+  }
+
+  if (![response objectForKey:kRules]) {
+    return 0;
+  }
+
+  SNTSyncState *state = [[SNTSyncState alloc] init];
+  if (!state) {
+    return 0;
+  }
+
+  SNTSyncRuleDownload *obj = [[SNTSyncRuleDownload alloc] initWithState:state];
+  if (!obj) {
+    return 0;
+  }
+
+  for (NSDictionary *ruleDict in response[kRules]) {
+    SNTRule *rule = [obj ruleFromDictionary:ruleDict];
+    if (rule) {
+      std::cerr << "Rule: " << [[rule description] UTF8String] << "\n";
+    }
+  }
+
+  return 0;
+}

Fuzzing/santad/santad_databaseRemoveEventsWithIDs_fuzzer_seed_corpus/example01

@@ -0,0 +1 @@
+К'.p▒└G╗М┐║ЙSЮ╝и▌РУерЭxt1iАЫШ9ы*H╩4R"═©$-├Уww╙+Р╝╘[┼иу╧oС┬ОwRpЗя≤х°е

Fuzzing/santad/src/checkCacheForVnodeID.mm

@@ -0,0 +1,59 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <cstdint>
+#include <iostream>
+
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
+#import "SNTCommandController.h"
+#import "SNTRule.h"
+#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTCommonEnums.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, std::size_t size) {
+  if (size > 16) {
+    std::cerr << "Invalid buffer size of " << size << " (should be <= 16)" << std::endl;
+
+    return 1;
+  }
+
+  SantaVnode vnodeID = {};
+  std::memcpy(&vnodeID, data, size);
+
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+  daemonConn.invalidationHandler = ^{
+    printf("An error occurred communicating with the daemon, is it running?\n");
+    exit(1);
+  };
+
+  [daemonConn resume];
+
+  [[daemonConn remoteObjectProxy]
+    checkCacheForVnodeID:vnodeID
+               withReply:^(SNTAction action) {
+                 if (action == SNTActionRespondAllow) {
+                   std::cerr << "File exists in [whitelist] kernel cache" << std::endl;
+                   ;
+                 } else if (action == SNTActionRespondDeny) {
+                   std::cerr << "File exists in [blacklist] kernel cache" << std::endl;
+                   ;
+                 } else if (action == SNTActionUnset) {
+                   std::cerr << "File does not exist in cache" << std::endl;
+                   ;
+                 }
+               }];
+
+  return 0;
+}

Fuzzing/santad/src/databaseRemoveEventsWithIDs.mm

@@ -0,0 +1,51 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <cstdint>
+#include <iostream>
+
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
+#import "SNTCommandController.h"
+#import "SNTRule.h"
+#import "SNTXPCControlInterface.h"
+
+#pragma pack(push, 1)
+
+#pragma pack(pop)
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, std::size_t size) {
+  auto *eventId = reinterpret_cast<const std::uint64_t *>(data);
+  std::size_t eventIdCount = size / sizeof(std::uint64_t);
+  if (eventIdCount == 0) {
+    return 0;
+  }
+
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+  daemonConn.invalidationHandler = ^{
+    printf("An error occurred communicating with the daemon, is it running?\n");
+    exit(1);
+  };
+
+  [daemonConn resume];
+
+  NSMutableSet *eventIds = [NSMutableSet setWithCapacity:eventIdCount];
+  for (std::size_t i = 0; i < eventIdCount; i++) {
+    auto id = [NSNumber numberWithInteger:eventId[i]];
+    [eventIds addObject:id];
+  }
+
+  [[daemonConn remoteObjectProxy] databaseRemoveEventsWithIDs:[eventIds allObjects]];
+  return 0;
+}

Fuzzing/santad/src/databaseRuleAddRules.mm

@@ -0,0 +1,73 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <cstdint>
+#include <iostream>
+
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
+#import "SNTCommandController.h"
+#import "SNTRule.h"
+#import "SNTXPCControlInterface.h"
+
+#pragma pack(push, 1)
+
+struct InputData {
+  std::uint32_t cleanSlate;
+  std::uint32_t state;
+  std::uint32_t type;
+  char hash[33];
+};
+
+#pragma pack(pop)
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, std::size_t size) {
+  if (size > sizeof(InputData)) {
+    std::cerr << "Invalid buffer size of " << size << " (should be <= " << sizeof(InputData) << ")"
+              << std::endl;
+
+    return 1;
+  }
+
+  InputData input_data = {};
+  std::memcpy(&input_data, data, size);
+
+  SNTRule *newRule = [[SNTRule alloc] init];
+  newRule.state = (SNTRuleState)input_data.state;
+  newRule.type = (SNTRuleType)input_data.type;
+  newRule.identifier = @(input_data.hash);
+  newRule.customMsg = @"";
+
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+  daemonConn.invalidationHandler = ^{
+    printf("An error occurred communicating with the daemon, is it running?\n");
+    exit(1);
+  };
+
+  [daemonConn resume];
+  [[daemonConn remoteObjectProxy]
+    databaseRuleAddRules:@[ newRule ]
+              cleanSlate:NO
+                   reply:^(NSError *error) {
+                     if (!error) {
+                       if (newRule.state == SNTRuleStateRemove) {
+                         printf("Removed rule for SHA-256: %s.\n", [newRule.identifier UTF8String]);
+                       } else {
+                         printf("Added rule for SHA-256: %s.\n", [newRule.identifier UTF8String]);
+                       }
+                     }
+                   }];
+
+  return 0;
+}

LICENSE

@@ -200,3 +200,13 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
+
+------------------
+
+Files: Testing/integration/VM/*
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Podfile

@@ -1,12 +0,0 @@
-platform :osx, "10.8"
-
-inhibit_all_warnings!
-
-target :santad do
-  pod 'FMDB'
-end
-
-target :LogicTests do
-  pod 'OCMock'
-  pod 'FMDB'
-end

Podfile.lock

@@ -1,17 +0,0 @@
-PODS:
-  - FMDB (2.4):
-    - FMDB/standard (= 2.4)
-  - FMDB/common (2.4)
-  - FMDB/standard (2.4):
-    - FMDB/common
-  - OCMock (3.1.1)
-
-DEPENDENCIES:
-  - FMDB
-  - OCMock
-
-SPEC CHECKSUMS:
-  FMDB: 0b2fa25e5264ef177973c0cb8c02c711107979aa
-  OCMock: f6cb8c162ab9d5620dddf411282c7b2c0ee78854
-
-COCOAPODS: 0.35.0

README.md

@@ -1,135 +1,150 @@
-Santa
-=====
+# Santa
 
-Santa is a binary whitelisting/blacklisting system for Mac OS X. It consists of
-a kernel extension that monitors for executions, a userland daemon that makes
-execution decisions based on the contents of a SQLite database, a GUI agent that
-notifies the user in case of a block decision and a command-line utility for
-managing the system and synchronizing the database with a server.
+[![license](https://img.shields.io/github/license/google/santa)](https://github.com/google/santa/blob/main/LICENSE)
+[![CI](https://github.com/google/santa/actions/workflows/ci.yml/badge.svg)](https://github.com/google/santa/actions/workflows/ci.yml)
+[![latest release](https://img.shields.io/github/v/release/google/santa.svg)](https://github.com/google/santa/releases/latest)
+[![latest release date](https://img.shields.io/github/release-date/google/santa.svg)](https://github.com/google/santa/releases/latest)
+[![downloads](https://img.shields.io/github/downloads/google/santa/latest/total)](https://github.com/google/santa/releases/latest)
 
-Santa is not yet a 1.0. We're writing more tests, fixing bugs, working on TODOs
-and finishing up a security audit.
+<p align="center">
+    <img src="https://raw.githubusercontent.com/google/santa/main/Source/gui/Resources/Images.xcassets/AppIcon.appiconset/santa-hat-icon-128.png" alt="Santa Icon" />
+</p>
 
-Santa is named because it keeps track of binaries that are naughty and nice.
+Santa is a binary authorization system for macOS. It consists of a system
+extension that monitors for executions, a daemon that makes execution decisions
+based on the contents of a local database, a GUI agent that notifies the user in
+case of a block decision and a command-line utility for managing the system and
+synchronizing the database with a server.
 
-Santa is a project of Google's Macintosh Operations Team.
+It is named Santa because it keeps track of binaries that are naughty or nice.
 
-Features
-========
+# Docs
 
-* Multiple modes: MONITOR and LOCKDOWN. In MONITOR mode all binaries except
-those marked as blacklisted will be allowed to run, whilst being logged and
-recorded in the database. In LOCKDOWN mode, only whitelisted binaries are
-allowed to run.
+The Santa docs are stored in the
+[Docs](https://github.com/google/santa/blob/main/docs) directory and published
+at https://santa.dev.
 
-* Codesign listing: Binaries can be whitelisted/blacklisted by their signing
-certificate, so you can trust/block all binaries by a given publisher. The
-binary will only be whitelisted by certificate if its signature validates
-correctly. However, a decision for a binary will override a decision for a
-certificate; i.e. you can whitelist a certificate while blacklisting a binary
-signed by that certificate or vice-versa.
+The docs include deployment options, details on how parts of Santa work and
+instructions for developing Santa itself.
 
-* In-kernel caching: whitelisted binaries are cached in the kernel so the
-processing required to make a request is only done if the binary
-isn't already cached.
+# Get Help
+
+If you have questions or otherwise need help getting started,
+the [santa-dev](https://groups.google.com/forum/#!forum/santa-dev) group is a
+great place.
+
+If you believe you have a bug, feel free to report [an
+issue](https://github.com/google/santa/issues) and we'll respond as soon as we
+can.
+
+If you believe you've found a vulnerability, please read the
+[security policy](https://github.com/google/santa/security/policy) for
+disclosure reporting.
+
+# Features
+
+* Multiple modes: In the default MONITOR mode, all binaries except those marked
+  as blocked will be allowed to run, whilst being logged and recorded in
+  the events database. In LOCKDOWN mode, only listed binaries are allowed to
+  run.
+
+* Event logging: When the kext is loaded, all binary launches are logged.  When
+  in either mode, all unknown or denied binaries are stored in the database to
+  enable later aggregation.
+
+* Certificate-based rules, with override levels: Instead of relying on a
+  binary's hash (or 'fingerprint'), executables can be allowed/blocked by their
+  signing certificate. You can therefore allow/block all binaries by a
+  given publisher that were signed with that cert across version updates. A
+  binary can only be allowed by its certificate if its signature validates
+  correctly but a rule for a binary's fingerprint will override a decision for
+  a certificate; i.e. you can allowlist a certificate while blocking a binary
+  signed with that certificate, or vice-versa.
+
+* Path-based rules (via NSRegularExpression/ICU): This allows a similar feature
+  to that found in Managed Client (the precursor to configuration profiles,
+  which used the same implementation mechanism), Application Launch
+  Restrictions via the mcxalr binary. This implementation carries the added
+  benefit of being configurable via regex, and not relying on LaunchServices.
+  As detailed in the wiki, when evaluating rules this holds the lowest
+  precedence.
+
+* Failsafe cert rules: You cannot put in a deny rule that would block the
+  certificate used to sign launchd, a.k.a. pid 1, and therefore all components
+  used in macOS. The binaries in every OS update (and in some cases entire new
+  versions) are therefore automatically allowed. This does not affect binaries
+  from Apple's App Store, which use various certs that change regularly for
+  common apps. Likewise, you cannot block Santa itself, and Santa uses a
+  distinct separate cert than other Google apps.
 
 * Userland components validate each other: each of the userland components (the
-daemon, the GUI agent and the command-line utility) communicate with each other
-using XPC and check that their signing certificates are identical before any
-communication is accepted.
+  daemon, the GUI agent and the command-line utility) communicate with each
+  other using XPC and check that their signing certificates are identical
+  before any communication is accepted.
 
-* Event logging: all executions processed by the userland agent are logged and
-all unknown or denied binaries are also stored in the database for upload to a
-server.
+* Caching: allowed binaries are cached so the processing required to make a
+  request is only done if the binary isn't already cached.
 
-* Kext uses only KPIs: the kernel extension only uses provided kernel
-programming interfaces to do its job. This means that the kext code should
-continue to work across OS versions.
+# Intentions and Expectations
 
-Known Issues
-============
+No single system or process will stop *all* attacks, or provide 100% security.
+Santa is written with the intention of helping protect users from themselves.
+People often download malware and trust it, giving the malware credentials, or
+allowing unknown software to exfiltrate more data about your system. As a
+centrally managed component, Santa can help stop the spread of malware among a
+large fleet of machines. Independently, Santa can aid in analyzing what is
+running on your computer.
 
-Santa is not yet a 1.0 and we have some known issues to be aware of:
+Santa is part of a defense-in-depth strategy, and you should continue to
+protect hosts in whatever other ways you see fit.
 
-* Potential race-condition: we currently have a single TODO in the kext code to
-investigate a potential race condition where a binary is executed and then very
-quickly modified between the kext getting the SHA-1 and the decision being made.
+# Security and Performance-Related Features
 
-* Kext communication security: the kext will only accept a connection from a
-single client at a time and said client must be running as root. We haven't yet
-found a good way to ensure the kext only accepts connections from a valid client,
-short of hardcoding the SHA-1 in the kext. This shouldn't present a huge problem
-as the daemon is loaded on boot-up by launchd, so any later attempts to connect
-will be blocked.
+# Known Issues
 
-* Database protection: the SQLite database is installed with permissions so that
-only the root user can read/write it. We're considering approaches to secure
-this further.
-
-* Sync client: the command-line client includes a command to synchronize with a
-management server, including the uploading of events that have occurred on the
-machine and to download new rules. We're still very heavily working on this
-server (which is AppEngine-based and will be open-sourced in the future), so the
-sync client code is unfinished. It does show the 'API' that we're expecting to
-use so if you'd like to write your own management server, feel free to look at
-how the client currently works (and suggest changes!)
+* Santa only blocks execution (execve and variants), it doesn't protect against
+  dynamic libraries loaded with dlopen, libraries on disk that have been
+  replaced, or libraries loaded using `DYLD_INSERT_LIBRARIES`.
 
 * Scripts: Santa is currently written to ignore any execution that isn't a
-binary. This is because after weighing the administration cost vs the benefit,
-we found it wasn't worthwhile. Additionally, a number of applications make use
-of temporary generated scripts, which we can't possibly whitelist and not doing
-so would cause problems. We're happy to revisit this (or at least make it an
-option) if it would be useful to others.
+  binary. This is because after weighing the administration cost vs the
+  benefit, we found it wasn't worthwhile. Additionally, a number of
+  applications make use of temporary generated scripts, which we can't possibly
+  allowlist and not doing so would cause problems. We're happy to revisit this
+  (or at least make it an option) if it would be useful to others.
 
-* Documentation: There currently isn't any.
+# Sync Servers
 
-* Tests: There aren't enough of them.
+* The `santactl` command-line client includes a flag to synchronize with a
+  management server, which uploads events that have occurred on the machine and
+  downloads new rules. There are several open-source servers you can sync with:
 
-Building
-========
+    * [Moroz](https://github.com/groob/moroz) - A simple golang server that
+      serves hardcoded rules from simple configuration files.
+    * [Rudolph](https://github.com/airbnb/rudolph) - An AWS-based serverless sync service
+      primarily built on API GW, DynamoDB, and Lambda components to reduce operational burden.
+      Rudolph is designed to be fast, easy-to-use, and cost-efficient.
+    * [Zentral](https://github.com/zentralopensource/zentral/wiki) - A
+      centralized service that pulls data from multiple sources and deploy
+      configurations to multiple services.
+    * [Zercurity](https://github.com/zercurity/zercurity) - A dockerized service
+      for managing and monitoring applications across a large fleet utilizing
+      Santa + Osquery.
 
-```sh
-git clone https://github.com/google/santa
-cd santa
+* Alternatively, `santactl` can configure rules locally (without a sync
+  server).
 
-# Build a debug build. This will install any necessary CocoaPods, create the
-# workspace and build, outputting the full log only if an error occurred.
-# If CocoaPods is not installed, you'll be prompted to install it.
-#
-# For other build/install/run options, run rake without any arguments
-rake build:debug
-```
+# Screenshots
 
-Note: the Xcode project is setup to use any installed "Mac Developer" certificate
-and for security-reasons parts of Santa will not operate properly if not signed.
+A tool like Santa doesn't really lend itself to screenshots, so here's a video
+instead.
 
-Kext Signing
-============
 
-10.9 requires a special Developer ID certificate to sign kernel extensions and
-if the kext is not signed with one of these special certificates a warning will
-be shown when loading the kext for the first time. In 10.10 this is a hard error
-and the kext will not load at all unless the machine is booted with a debug
-boot-arg.
+<p align="center"> <img src="https://thumbs.gfycat.com/MadFatalAmphiuma-small.gif" alt="Santa Block Video" /> </p>
 
-There are two possible solutions for this:
-
-1) Use a pre-built, pre-signed version of the kext that we supply. Each time
-changes are made to the kext code we will update the pre-built version that you
-can make use of. This doesn't prevent you from making changes to the non-kext
-parts of Santa and distributing those. If you make changes to the kext and make
-a pull request, we can merge them in and distribute a new version of the
-pre-signed kext.
-
-2) Apply for your own [kext signing certificate](https://developer.apple.com/contact/kext/).
-
-Contributing
-============
-
-Patches to this project are very much welcome. Please see the [CONTRIBUTING](https://github.com/google/santa/blob/master/CONTRIBUTING.md)
-file.
-
-Disclaimer
-==========
+# Contributing
+Patches to this project are very much welcome. Please see the
+[CONTRIBUTING](https://santa.dev/development/contributing) doc.
 
+# Disclaimer
 This is **not** an official Google product.

Rakefile

@@ -1,210 +0,0 @@
-require 'timeout'
-
-WORKSPACE       = 'Santa.xcworkspace'
-DEFAULT_SCHEME  = 'All'
-OUTPUT_PATH     = 'build'
-PLISTS          = ['Source/SantaGUI/Resources/Santa-Info.plist',
-                   'Source/santad/Resources/santad-Info.plist',
-                   'Source/santa-driver/Resources/santa-driver-Info.plist',
-                   'Source/santactl/Resources/santactl-Info.plist']
-XCODE_DEFAULTS  = "-workspace #{WORKSPACE} -scheme #{DEFAULT_SCHEME} -derivedDataPath #{OUTPUT_PATH} -parallelizeTargets"
-
-task :default do
-  system("rake -sT")
-end
-
-def run_and_output_on_fail(cmd)
-  output=`#{cmd} 2>&1`
-  if not $?.success?
-    raise output
-  end
-end
-
-def run_and_output_with_color(cmd)
-  output=`#{cmd} 2>&1`
-
-  has_output = false
-  output.scan(/((Test Suite|Test Case|Executed).*)$/) do |match|
-    has_output = true
-    out = match[0]
-    if out.include?("passed")
-      puts "\e[32m#{out}\e[0m"
-    elsif out.include?("failed")
-      puts "\e[31m#{out}\e[0m"
-    else
-      puts out
-    end
-  end
-
-  if not has_output
-    raise output
-  end
-end
-
-task :init do
-  unless File.exists?(WORKSPACE) and File.exists?('Pods')
-    puts "Workspace is missing, running 'pod install'"
-    system "pod install" or raise "CocoaPods is not installed. Install with 'sudo gem install cocoapods'"
-  end
-end
-
-task :remove_existing do
-  system 'sudo rm -rf /santa-driver.kext'
-  system 'sudo rm -rf /Applications/Santa.app'
-  system 'sudo rm /usr/libexec/santad'
-  system 'sudo rm /usr/sbin/santactl'
-end
-
-desc "Clean"
-task :clean => :init do
-  puts "Cleaning"
-  run_and_output_on_fail("xcodebuild #{XCODE_DEFAULTS} clean")
-  FileUtils.rm_rf(OUTPUT_PATH)
-end
-
-# Build
-namespace :build do
-  desc "Build: Debug"
-  task :debug do
-    Rake::Task['build:build'].invoke("Debug")
-  end
-
-  desc "Build: Release"
-  task :release do
-    Rake::Task['build:build'].invoke("Release")
-  end
-
-  task :build, [:configuration] => :init do |t, args|
-    config = args[:configuration]
-    puts "Building with configuration: #{config}"
-    run_and_output_on_fail("xcodebuild #{XCODE_DEFAULTS} -configuration #{config} build")
-  end
-end
-
-
-# Install
-namespace :install do
-  desc "Install: Debug"
-  task :debug do
-    Rake::Task['install:install'].invoke("Debug")
-  end
-
-  desc "Install: Release"
-  task :release do
-    Rake::Task['install:install'].invoke("Release")
-  end
-
-  task :install, [:configuration] do |t, args|
-    config = args[:configuration]
-    system 'sudo cp conf/com.google.santad.plist /Library/LaunchDaemons'
-    system 'sudo cp conf/com.google.santasync.plist /Library/LaunchDaemons'
-    system 'sudo cp conf/com.google.santagui.plist /Library/LaunchAgents'
-    system 'sudo cp conf/com.google.santa.asl.conf /etc/asl'
-    Rake::Task['build:build'].invoke(config)
-    puts "Installing with configuration: #{config}"
-    Rake::Task['remove_existing'].invoke()
-    system "sudo cp -r #{OUTPUT_PATH}/Products/#{config}/santa-driver.kext /"
-    system "sudo cp -r #{OUTPUT_PATH}/Products/#{config}/Santa.app /Applications"
-    system "sudo cp #{OUTPUT_PATH}/Products/#{config}/santad /usr/libexec"
-    system "sudo cp #{OUTPUT_PATH}/Products/#{config}/santactl /usr/sbin"
-  end
-end
-
-# Tests
-namespace :tests do
-  desc "Tests: Logic"
-  task :logic => [:init] do
-    puts "Running logic tests"
-    run_and_output_with_color("xcodebuild #{XCODE_DEFAULTS} test")
-  end
-
-  desc "Tests: Kernel"
-  task :kernel do
-    Rake::Task['unload'].invoke()
-    Rake::Task['install:debug'].invoke()
-    Rake::Task['load_kext'].invoke
-    timeout = 30
-    puts "Running kernel tests with a #{timeout} second timeout"
-    begin
-      Timeout::timeout(timeout) {
-        system "sudo #{OUTPUT_PATH}/Products/Debug/KernelTests"
-      }
-    rescue Timeout::Error
-      puts "ERROR: tests ran for longer than #{timeout} seconds and were killed."
-    end
-    Rake::Task['unload_kext'].execute
-  end
-end
-
-# Load/Unload
-task :unload_daemon do
-  puts "Unloading daemon"
-  system "sudo launchctl unload /Library/LaunchDaemons/com.google.santad.plist 2>/dev/null"
-end
-
-task :unload_kext do
-  puts "Unloading kernel extension"
-  system "sudo kextunload /santa-driver.kext 2>/dev/null"
-end
-
-task :unload_gui do
-  puts "Unloading GUI agent"
-  system "sudo killall Santa 2>/dev/null"
-end
-
-desc "Unload"
-task :unload => [:unload_daemon, :unload_kext, :unload_gui]
-
-task :load_daemon do
-  puts "Loading daemon"
-  system "sudo launchctl load /Library/LaunchDaemons/com.google.santad.plist"
-end
-
-task :load_kext do
-  puts "Loading kernel extension"
-  system "sudo kextload /santa-driver.kext"
-end
-
-task :load_gui do
-  puts "Loading GUI agent"
-  system "open /Applications/Santa.app"
-end
-
-desc "Load"
-task :load => [:load_kext, :load_daemon, :load_gui]
-
-namespace :reload do
-  desc "Reload: Debug"
-  task :debug do
-    Rake::Task['unload'].invoke()
-    Rake::Task['install:debug'].invoke()
-    Rake::Task['load'].invoke()
-  end
-
-  desc "Reload: Release"
-  task :release do
-    Rake::Task['unload'].invoke()
-    Rake::Task['install:release'].invoke()
-    Rake::Task['load'].invoke()
-  end
-end
-
-# Versioning
-desc "Update version, version should be of the form rake version[\\d{1,4}.\\d{1,2}(?:.\\d{1,2})?]"
-task :version, :version do |t, args|
-  response = args[:version]
-
-  unless response =~ /^\d{1,4}\.\d{1,2}(?:\.\d{1,2})?$/
-    raise "Version number must be of form: xxxx.xx[.xx]. E.g: rake version[1.0.2], rake version[1.7]"
-  end
-
-  system "sed -i -e 's/MODULE_VERSION = .*;/MODULE_VERSION = #{response};/g' Santa.xcodeproj/project.pbxproj"
-
-  PLISTS.each do |plist|
-    system "defaults write $PWD/#{plist} CFBundleVersion #{response}"
-    system "defaults write $PWD/#{plist} CFBundleShortVersionString #{response}"
-    system "plutil -convert xml1 $PWD/#{plist}"
-  end
-
-  puts "Updated version to #{response}"
-end

SECURITY.md

@@ -0,0 +1,12 @@
+# Reporting a Vulnerability
+
+If you believe you have found a security vulnerability, we would appreciate private disclosure
+so that we can work on a fix before disclosure. Any vulnerabilities reported to us will be
+disclosed publicly either when a new version with fixes is released or 90 days has passed,
+whichever comes first.
+
+To report vulnerabilities to us privately, please e-mail `santa-team@google.com`.
+If you want to encrypt your e-mail, you can use our GPG key `0x92AFE41DAB49BBB6`
+available on keyserver.ubuntu.com:
+
+`gpg --keyserver keyserver.ubuntu.com --recv-key 0x92AFE41DAB49BBB6`

Santa.xcodeproj/xcshareddata/xcschemes/All.xcscheme

@@ -1,69 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0510"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D91BCDC174E8AE600131A7D"
-               BuildableName = "All"
-               BlueprintName = "All"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-         <TestableReference
-            skipped = "NO">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D260DAB18B68E12002A0B55"
-               BuildableName = "LogicTests.xctest"
-               BlueprintName = "LogicTests"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </TestableReference>
-      </Testables>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/KernelTests.xcscheme

@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0600"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D0016A1192BCD3C005E7FCD"
-               BuildableName = "KernelTests"
-               BlueprintName = "KernelTests"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D0016A1192BCD3C005E7FCD"
-            BuildableName = "KernelTests"
-            BlueprintName = "KernelTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D0016A1192BCD3C005E7FCD"
-            BuildableName = "KernelTests"
-            BlueprintName = "KernelTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D0016A1192BCD3C005E7FCD"
-            BuildableName = "KernelTests"
-            BlueprintName = "KernelTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/Santa.xcscheme

@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0510"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D385DB5180DE4A900418BC6"
-               BuildableName = "Santa.app"
-               BlueprintName = "Santa"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D385DB5180DE4A900418BC6"
-            BuildableName = "Santa.app"
-            BlueprintName = "Santa"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D385DB5180DE4A900418BC6"
-            BuildableName = "Santa.app"
-            BlueprintName = "Santa"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D385DB5180DE4A900418BC6"
-            BuildableName = "Santa.app"
-            BlueprintName = "Santa"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/santa-driver.xcscheme

@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0510"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D91BCB3174E8A7E00131A7D"
-               BuildableName = "santa-driver.kext"
-               BlueprintName = "santa-driver"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/santactl.xcscheme

@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0510"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D35BD9D18FD71CE00921A21"
-               BuildableName = "santactl"
-               BlueprintName = "santactl"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D35BD9D18FD71CE00921A21"
-            BuildableName = "santactl"
-            BlueprintName = "santactl"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D35BD9D18FD71CE00921A21"
-            BuildableName = "santactl"
-            BlueprintName = "santactl"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D35BD9D18FD71CE00921A21"
-            BuildableName = "santactl"
-            BlueprintName = "santactl"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/santad.xcscheme

@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0510"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D9A7F3C1759330400035EB5"
-               BuildableName = "santad"
-               BlueprintName = "santad"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D9A7F3C1759330400035EB5"
-            BuildableName = "santad"
-            BlueprintName = "santad"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D9A7F3C1759330400035EB5"
-            BuildableName = "santad"
-            BlueprintName = "santad"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D9A7F3C1759330400035EB5"
-            BuildableName = "santad"
-            BlueprintName = "santad"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcworkspace/contents.xcworkspacedata

@@ -1 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?><Workspace version='1.0'><FileRef location='group:Santa.xcodeproj'/><FileRef location='group:Pods/Pods.xcodeproj'/></Workspace>

Source/SantaGUI/Resources/AboutWindow.xib

@@ -1,73 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="6250" systemVersion="13F34" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES">
-    <dependencies>
-        <deployment identifier="macosx"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="6250"/>
-    </dependencies>
-    <objects>
-        <customObject id="-2" userLabel="File's Owner" customClass="SNTAboutWindowController">
-            <connections>
-                <outlet property="window" destination="F0z-JX-Cv5" id="gIp-Ho-8D9"/>
-            </connections>
-        </customObject>
-        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
-        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
-        <window title="Santa" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" releasedWhenClosed="NO" visibleAtLaunch="NO" animationBehavior="default" id="F0z-JX-Cv5">
-            <windowStyleMask key="styleMask" titled="YES"/>
-            <rect key="contentRect" x="196" y="240" width="480" height="200"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="2560" height="1578"/>
-            <view key="contentView" id="se5-gp-TjO">
-                <rect key="frame" x="0.0" y="0.0" width="480" height="200"/>
-                <autoresizingMask key="autoresizingMask"/>
-                <subviews>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="BnL-ZS-kXw">
-                        <rect key="frame" x="199" y="140" width="83" height="40"/>
-                        <constraints>
-                            <constraint firstAttribute="height" constant="40" id="UK2-2L-lPx"/>
-                            <constraint firstAttribute="width" constant="79" id="lDf-D7-qlY"/>
-                        </constraints>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Santa" id="VVj-gU-bzy">
-                            <font key="font" size="34" name="HelveticaNeue-UltraLight"/>
-                            <color key="textColor" red="0.1869618941" green="0.1869618941" blue="0.1869618941" alpha="1" colorSpace="calibratedRGB"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" fixedFrame="YES" setsMaxLayoutWidthAtFirstLayout="YES" translatesAutoresizingMaskIntoConstraints="NO" id="uh6-q0-RzL">
-                        <rect key="frame" x="18" y="65" width="444" height="60"/>
-                        <textFieldCell key="cell" sendsActionOnEndEditing="YES" alignment="center" id="CcT-ul-1eA">
-                            <font key="font" metaFont="system"/>
-                            <string key="title">Santa is a binary whitelisting system for Mac OS X.
-
-There are no user-configurable settings.</string>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="Udo-BY-n7e">
-                        <rect key="frame" x="196" y="21" width="88" height="32"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="76" id="2Xc-ax-2bV"/>
-                        </constraints>
-                        <buttonCell key="cell" type="push" title="OK" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="uSw-o1-lWW">
-                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                            <font key="font" metaFont="system"/>
-                        </buttonCell>
-                        <connections>
-                            <action selector="orderOut:" target="-1" id="6oW-zI-zn5"/>
-                        </connections>
-                    </button>
-                </subviews>
-                <constraints>
-                    <constraint firstItem="BnL-ZS-kXw" firstAttribute="top" secondItem="se5-gp-TjO" secondAttribute="top" constant="20" symbolic="YES" id="Fj1-SG-mzF"/>
-                    <constraint firstAttribute="bottom" secondItem="Udo-BY-n7e" secondAttribute="bottom" constant="28" id="bpF-hC-haN"/>
-                    <constraint firstItem="BnL-ZS-kXw" firstAttribute="centerX" secondItem="Udo-BY-n7e" secondAttribute="centerX" constant="0.5" id="csK-2p-W94"/>
-                    <constraint firstItem="BnL-ZS-kXw" firstAttribute="centerX" secondItem="se5-gp-TjO" secondAttribute="centerX" id="kez-S0-6Gg"/>
-                </constraints>
-            </view>
-            <connections>
-                <outlet property="delegate" destination="-2" id="0bl-1N-AYu"/>
-            </connections>
-            <point key="canvasLocation" x="323" y="317"/>
-        </window>
-    </objects>
-</document>

Source/SantaGUI/Resources/MessageWindow.xib

@@ -1,202 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="6250" systemVersion="14B25" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES">
-    <dependencies>
-        <deployment identifier="macosx"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="6250"/>
-    </dependencies>
-    <objects>
-        <customObject id="-2" userLabel="File's Owner" customClass="SNTMessageWindowController">
-            <connections>
-                <outlet property="window" destination="9Bq-yh-54f" id="Uhs-WF-TV9"/>
-            </connections>
-        </customObject>
-        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
-        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
-        <window allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" showsToolbarButton="NO" visibleAtLaunch="NO" animationBehavior="none" id="9Bq-yh-54f" customClass="SNTMessageWindow">
-            <windowStyleMask key="styleMask" utility="YES"/>
-            <rect key="contentRect" x="167" y="107" width="550" height="275"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="2560" height="1577"/>
-            <view key="contentView" id="Iwq-Lx-rLv">
-                <rect key="frame" x="0.0" y="0.0" width="550" height="275"/>
-                <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
-                <subviews>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="t8c-Fx-e5h">
-                        <rect key="frame" x="234" y="210" width="83" height="40"/>
-                        <constraints>
-                            <constraint firstAttribute="height" constant="40" id="KoG-v6-GfK"/>
-                            <constraint firstAttribute="width" constant="79" id="oS3-CE-1vv"/>
-                        </constraints>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Santa" id="7YA-iB-Zma">
-                            <font key="font" size="34" name="HelveticaNeue-UltraLight"/>
-                            <color key="textColor" red="0.18696189413265307" green="0.18696189413265307" blue="0.18696189413265307" alpha="1" colorSpace="calibratedRGB"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" setsMaxLayoutWidthAtFirstLayout="YES" translatesAutoresizingMaskIntoConstraints="NO" id="cD5-Su-lXR">
-                        <rect key="frame" x="23" y="168" width="504" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="500" id="q9O-xW-hnS"/>
-                        </constraints>
-                        <textFieldCell key="cell" allowsUndo="NO" sendsActionOnEndEditing="YES" alignment="center" title="A message to the user goes here..." allowsEditingTextAttributes="YES" id="5tH-bG-UJA">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" red="0.40000000000000002" green="0.40000000000000002" blue="0.40000000000000002" alpha="1" colorSpace="calibratedRGB"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.attributedCustomMessage" id="NH1-gV-Cor">
-                                <dictionary key="options">
-                                    <string key="NSNullPlaceholder">The following application has been blocked from executing because its trustworthiness cannot be determined.</string>
-                                </dictionary>
-                            </binding>
-                        </connections>
-                    </textField>
-                    <imageView horizontalHuggingPriority="1000" verticalHuggingPriority="1000" horizontalCompressionResistancePriority="1000" verticalCompressionResistancePriority="1000" translatesAutoresizingMaskIntoConstraints="NO" id="GYD-v8-fqH">
-                        <rect key="frame" x="31" y="91" width="32" height="32"/>
-                        <imageCell key="cell" refusesFirstResponder="YES" alignment="left" imageScaling="proportionallyDown" image="NSBonjour" id="jKM-qY-7mp"/>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.bundleIcon" id="X4L-aD-P21">
-                                <dictionary key="options">
-                                    <bool key="NSConditionallySetsEnabled" value="NO"/>
-                                </dictionary>
-                            </binding>
-                        </connections>
-                    </imageView>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="d9e-Wv-Y5H">
-                        <rect key="frame" x="111" y="126" width="34" height="17"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Path" id="KgY-X1-ESG">
-                            <font key="font" metaFont="systemBold"/>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField horizontalHuggingPriority="1000" verticalHuggingPriority="1000" horizontalCompressionResistancePriority="1000" verticalCompressionResistancePriority="1000" translatesAutoresizingMaskIntoConstraints="NO" id="pc8-G9-4pJ">
-                        <rect key="frame" x="154" y="126" width="350" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="346" id="BYY-2q-Lmb"/>
-                        </constraints>
-                        <textFieldCell key="cell" selectable="YES" sendsActionOnEndEditing="YES" alignment="left" title="Binary Path" id="E7T-9h-ofr">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" white="0.0" alpha="0.5" colorSpace="deviceWhite"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.event.path" id="4Nh-Ue-aCb"/>
-                        </connections>
-                    </textField>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="KEB-eH-x2Y">
-                        <rect key="frame" x="96" y="99" width="46" height="17"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="SHA-1" id="eKN-Ic-5zy">
-                            <font key="font" metaFont="systemBold"/>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="PXc-xv-A28">
-                        <rect key="frame" x="155" y="99" width="88" height="17"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" sendsActionOnEndEditing="YES" title="Binary SHA-1" id="X4W-9e-eIu">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" white="0.0" alpha="0.5" colorSpace="deviceWhite"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.event.SHA1" id="KuE-WW-9av"/>
-                        </connections>
-                    </textField>
-                    <textField verticalHuggingPriority="750" verticalCompressionResistancePriority="499" translatesAutoresizingMaskIntoConstraints="NO" id="lvJ-Rk-UT5">
-                        <rect key="frame" x="78" y="72" width="66" height="17"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Publisher" id="yL9-yD-JXX">
-                            <font key="font" metaFont="systemBold"/>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <button toolTip="Show code signing certificate chain" translatesAutoresizingMaskIntoConstraints="NO" id="cJf-k6-OxS">
-                        <rect key="frame" x="322" y="75" width="10" height="10"/>
-                        <constraints>
-                            <constraint firstAttribute="height" constant="10" id="c3b-iv-bWa"/>
-                            <constraint firstAttribute="width" constant="10" id="fXl-na-Lwx"/>
-                        </constraints>
-                        <buttonCell key="cell" type="bevel" bezelStyle="regularSquare" image="NSFollowLinkFreestandingTemplate" imagePosition="overlaps" alignment="center" refusesFirstResponder="YES" imageScaling="proportionallyDown" inset="2" id="R72-Qy-Xbb">
-                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                            <font key="font" metaFont="system"/>
-                        </buttonCell>
-                        <connections>
-                            <action selector="showCertInfo:" target="-2" id="dB0-a3-X31"/>
-                            <binding destination="-2" name="hidden" keyPath="self.binaryCert" id="xpJ-jl-aUN">
-                                <dictionary key="options">
-                                    <string key="NSValueTransformerName">NSIsNil</string>
-                                </dictionary>
-                            </binding>
-                        </connections>
-                    </button>
-                    <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="BbV-3h-mmL">
-                        <rect key="frame" x="220" y="23" width="110" height="25"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="110" id="HdL-6x-X4f"/>
-                            <constraint firstAttribute="height" constant="22" id="YYm-GI-ojT"/>
-                        </constraints>
-                        <buttonCell key="cell" type="roundTextured" title="OK" bezelStyle="texturedRounded" alignment="center" refusesFirstResponder="YES" state="on" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="XR6-Xa-gP4">
-                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                            <font key="font" metaFont="system"/>
-                            <string key="keyEquivalent" base64-UTF8="YES">
-DQ
-</string>
-                            <modifierMask key="keyEquivalentModifierMask" shift="YES"/>
-                        </buttonCell>
-                        <connections>
-                            <action selector="closeWindow:" target="-2" id="qQq-gh-8lw"/>
-                        </connections>
-                    </button>
-                    <textField horizontalHuggingPriority="750" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="C3G-wL-u7w">
-                        <rect key="frame" x="154" y="72" width="159" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="height" constant="17" id="re0-7U-qcL"/>
-                        </constraints>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" allowsUndo="NO" sendsActionOnEndEditing="YES" title="Code signing information" placeholderString="" id="ztA-La-XgT">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" white="0.0" alpha="0.5" colorSpace="deviceWhite"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.binaryCert" id="eFt-oy-SXL">
-                                <dictionary key="options">
-                                    <string key="NSNullPlaceholder">Not code-signed</string>
-                                </dictionary>
-                            </binding>
-                        </connections>
-                    </textField>
-                </subviews>
-                <constraints>
-                    <constraint firstItem="d9e-Wv-Y5H" firstAttribute="leading" secondItem="Iwq-Lx-rLv" secondAttribute="leading" constant="113" id="3oY-g4-wHW"/>
-                    <constraint firstItem="BbV-3h-mmL" firstAttribute="top" secondItem="PXc-xv-A28" secondAttribute="bottom" priority="800" constant="52" id="42Z-62-hKo"/>
-                    <constraint firstItem="cD5-Su-lXR" firstAttribute="top" secondItem="t8c-Fx-e5h" secondAttribute="bottom" constant="25" id="4Hn-vu-fva"/>
-                    <constraint firstItem="C3G-wL-u7w" firstAttribute="top" secondItem="PXc-xv-A28" secondAttribute="bottom" constant="10" id="7Pr-bA-HgG"/>
-                    <constraint firstItem="PXc-xv-A28" firstAttribute="top" secondItem="pc8-G9-4pJ" secondAttribute="bottom" constant="10" id="8LX-e8-bKv"/>
-                    <constraint firstItem="pc8-G9-4pJ" firstAttribute="top" secondItem="d9e-Wv-Y5H" secondAttribute="top" id="94E-d6-Jrg"/>
-                    <constraint firstItem="pc8-G9-4pJ" firstAttribute="leading" secondItem="d9e-Wv-Y5H" secondAttribute="trailing" constant="13" id="A6N-gA-dt5"/>
-                    <constraint firstItem="KEB-eH-x2Y" firstAttribute="leading" secondItem="Iwq-Lx-rLv" secondAttribute="leading" constant="98" id="CYj-Gm-XZp"/>
-                    <constraint firstItem="PXc-xv-A28" firstAttribute="leading" secondItem="KEB-eH-x2Y" secondAttribute="trailing" constant="17" id="IGi-bx-nBP"/>
-                    <constraint firstItem="lvJ-Rk-UT5" firstAttribute="leading" secondItem="Iwq-Lx-rLv" secondAttribute="leading" constant="80" id="O3p-RO-0ZJ"/>
-                    <constraint firstItem="C3G-wL-u7w" firstAttribute="centerY" secondItem="cJf-k6-OxS" secondAttribute="centerY" constant="-1" id="R0U-iV-5Fx"/>
-                    <constraint firstAttribute="centerX" secondItem="t8c-Fx-e5h" secondAttribute="centerX" id="SHu-BF-01V"/>
-                    <constraint firstAttribute="centerX" secondItem="BbV-3h-mmL" secondAttribute="centerX" id="UAx-Xk-9DE"/>
-                    <constraint firstItem="KEB-eH-x2Y" firstAttribute="top" secondItem="PXc-xv-A28" secondAttribute="top" id="YiW-o8-HZ2"/>
-                    <constraint firstItem="BbV-3h-mmL" firstAttribute="top" secondItem="C3G-wL-u7w" secondAttribute="bottom" constant="25" id="Zxm-Pa-Ryj"/>
-                    <constraint firstItem="lvJ-Rk-UT5" firstAttribute="top" secondItem="C3G-wL-u7w" secondAttribute="top" id="adm-oT-FAf"/>
-                    <constraint firstAttribute="bottom" secondItem="BbV-3h-mmL" secondAttribute="bottom" constant="25" id="awW-Dh-Xl4"/>
-                    <constraint firstItem="GYD-v8-fqH" firstAttribute="leading" secondItem="Iwq-Lx-rLv" secondAttribute="leading" constant="31" id="btT-jY-NXw"/>
-                    <constraint firstItem="GYD-v8-fqH" firstAttribute="centerY" secondItem="KEB-eH-x2Y" secondAttribute="centerY" id="cOS-EE-Mw8"/>
-                    <constraint firstItem="C3G-wL-u7w" firstAttribute="leading" secondItem="lvJ-Rk-UT5" secondAttribute="trailing" constant="14" id="ewf-Pg-nRK"/>
-                    <constraint firstAttribute="centerX" secondItem="cD5-Su-lXR" secondAttribute="centerX" id="goV-ub-zwi"/>
-                    <constraint firstItem="t8c-Fx-e5h" firstAttribute="top" secondItem="Iwq-Lx-rLv" secondAttribute="top" constant="25" id="mY6-FP-uEK"/>
-                    <constraint firstItem="pc8-G9-4pJ" firstAttribute="top" secondItem="cD5-Su-lXR" secondAttribute="bottom" constant="25" id="pfg-1u-Yfj"/>
-                    <constraint firstItem="cJf-k6-OxS" firstAttribute="leading" secondItem="C3G-wL-u7w" secondAttribute="trailing" constant="11" id="sMW-KK-A28"/>
-                </constraints>
-            </view>
-        </window>
-    </objects>
-    <resources>
-        <image name="NSBonjour" width="32" height="32"/>
-        <image name="NSFollowLinkFreestandingTemplate" width="14" height="14"/>
-    </resources>
-</document>

Source/SantaGUI/Resources/Santa-Prefix.pch

@@ -1,3 +0,0 @@
-#ifdef __OBJC__
-  #import <Cocoa/Cocoa.h>
-#endif

Source/SantaGUI/SNTAppDelegate.m

@@ -1,83 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTAppDelegate.h"
-
-#import "SNTAboutWindowController.h"
-#import "SNTNotificationManager.h"
-#import "SNTXPCConnection.h"
-
-@interface SNTAppDelegate ()
-@property SNTAboutWindowController *aboutWindowController;
-@property SNTNotificationManager *notificationManager;
-@property SNTXPCConnection *listener;
-@end
-
-@implementation SNTAppDelegate
-
-#pragma mark App Delegate methods
-
-- (void)applicationDidFinishLaunching:(NSNotification *)aNotification {
-  [self setupMenu];
-  self.aboutWindowController = [[SNTAboutWindowController alloc] init];
-  self.notificationManager = [[SNTNotificationManager alloc] init];
-  [self createConnection];
-}
-
-- (BOOL)applicationShouldHandleReopen:(NSApplication *)sender hasVisibleWindows:(BOOL)flag {
-  [self.aboutWindowController showWindow:self];
-  return NO;
-}
-
-#pragma mark Connection handling
-
-- (void)createConnection {
-  __weak __typeof(self) weakSelf = self;
-
-  self.listener =
-      [[SNTXPCConnection alloc] initClientWithName:[SNTXPCNotifierInterface serviceId]
-                                           options:NSXPCConnectionPrivileged];
-  self.listener.exportedInterface = [SNTXPCNotifierInterface notifierInterface];
-  self.listener.exportedObject = self.notificationManager;
-  self.listener.rejectedHandler = ^{
-      [weakSelf performSelectorInBackground:@selector(attemptReconnection)
-                                 withObject:nil];
-  };
-  self.listener.invalidationHandler = self.listener.rejectedHandler;
-  [self.listener resume];
-}
-
-- (void)attemptReconnection {
-  // TODO(rah): Make this smarter.
-  sleep(10);
-  [self createConnection];
-}
-
-#pragma mark Menu Management
-
-- (void)setupMenu {
-  // Whilst the user will never see the menu, having one with the Copy and Select All options
-  // allows the shortcuts for these items to work, which is useful for being able to copy
-  // information from notifications. The mainMenu must have a nested menu for this to work properly.
-  NSMenu *mainMenu = [[NSMenu alloc] init];
-  NSMenu *editMenu = [[NSMenu alloc] init];
-  [editMenu addItemWithTitle:@"Copy" action:@selector(copy:) keyEquivalent:@"c"];
-  [editMenu addItemWithTitle:@"Select All" action:@selector(selectAll:) keyEquivalent:@"a"];
-  NSMenuItem *editMenuItem = [[NSMenuItem alloc] init];
-  [editMenuItem setSubmenu:editMenu];
-  [mainMenu addItem:editMenuItem];
-  [NSApp setMainMenu:mainMenu];
-}
-
-@end

Source/SantaGUI/SNTMessageWindowController.h

@@ -1,45 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-@class SNTNotificationMessage;
-
-@protocol SNTMessageWindowControllerDelegate
-- (void)windowDidClose;
-@end
-
-/// Controller for a single message window.
-@interface SNTMessageWindowController : NSWindowController
-
-- (instancetype)initWithEvent:(SNTNotificationMessage *)event;
-
-- (IBAction)showWindow:(id)sender;
-- (IBAction)closeWindow:(id)sender;
-- (IBAction)showCertInfo:(id)sender;
-
-/// The execution event that this window is for
-@property SNTNotificationMessage *event;
-
-/// The delegate to inform when the notification is dismissed
-@property(weak) id<SNTMessageWindowControllerDelegate> delegate;
-
-/// A 'friendly' string representing the certificate information
-@property(readonly) IBOutlet NSString *binaryCert;
-
-/// An optional message to display with this block.
-@property(readonly) IBOutlet NSAttributedString *attributedCustomMessage;
-
-/// If the binary is part of a bundle, this is the icon for that bundle
-@property(readonly) IBOutlet NSImage *bundleIcon;
-
-@end

Source/SantaGUI/SNTMessageWindowController.m

@@ -1,118 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTMessageWindowController.h"
-
-#import <SecurityInterface/SFCertificatePanel.h>
-
-#import "SNTBinaryInfo.h"
-#import "SNTCertificate.h"
-#import "SNTMessageWindow.h"
-#import "SNTNotificationMessage.h"
-
-@implementation SNTMessageWindowController
-
-- (instancetype)initWithEvent:(SNTNotificationMessage *)event {
-  self = [super initWithWindowNibName:@"MessageWindow"];
-  if (self) {
-    _event = event;
-    [self.window setMovableByWindowBackground:NO];
-    [self.window setLevel:NSPopUpMenuWindowLevel];
-    [self.window center];
-  }
-  return self;
-}
-
-- (IBAction)showWindow:(id)sender {
-  [(SNTMessageWindow *)self.window fadeIn:sender];
-}
-
-- (IBAction)closeWindow:(id)sender {
-  [(SNTMessageWindow *)self.window fadeOut:sender];
-}
-
-- (void)windowWillClose:(NSNotification *)notification {
-  if (self.delegate) [self.delegate windowDidClose];
-}
-
-- (IBAction)showCertInfo:(id)sender {
-  // SFCertificatePanel expects an NSArray of SecCertificateRef's
-  NSMutableArray *certArray = [NSMutableArray arrayWithCapacity:[self.event.certificates count]];
-  for (SNTCertificate *cert in self.event.certificates) {
-    [certArray addObject:(id)cert.certRef];
-  }
-
-  [[[SFCertificatePanel alloc] init] beginSheetForWindow:self.window
-                                           modalDelegate:nil
-                                          didEndSelector:nil
-                                             contextInfo:nil
-                                            certificates:certArray
-                                               showGroup:YES];
-}
-
-#pragma mark Generated properties
-
-+ (NSSet *)keyPathsForValuesAffectingValueForKey:(NSString *)key {
-  if (! [key isEqualToString:@"event"]) {
-    return [NSSet setWithObject:@"event"];
-  } else {
-    return nil;
-  }
-}
-
-- (NSString *)binaryCert {
-  SNTCertificate *leafCert = self.event.leafCertificate;
-
-  if (leafCert.commonName && leafCert.orgName) {
-    return [NSString stringWithFormat:@"%@ - %@", leafCert.commonName, leafCert.orgName];
-  } else if (leafCert.commonName) {
-    return leafCert.commonName;
-  } else if (leafCert.orgName) {
-    return leafCert.orgName;
-  } else {
-    return nil;
-  }
-}
-
-- (NSAttributedString *)attributedCustomMessage {
-  if (self.event.customMessage) {
-    NSString *htmlHeader = @"<html><head><style>"
-                           @"body {"
-                           @"  font-family: 'Lucida Grande', 'Helvetica', sans-serif;"
-                           @"  font-size: 13px;"
-                           @"  color: #666;"
-                           @"  text-align: center;"
-                           @"}"
-                           @"</style></head><body>";
-    NSString *htmlFooter = @"</body></html>";
-    NSString *fullHtml = [NSString stringWithFormat:@"%@%@%@", htmlHeader,
-                          self.event.customMessage, htmlFooter];
-    NSData *htmlData = [fullHtml dataUsingEncoding:NSUTF8StringEncoding];
-    NSAttributedString *returnStr = [[NSAttributedString alloc] initWithHTML:htmlData
-                                                          documentAttributes:NULL];
-    return returnStr;
-  } else {
-    return nil;
-  }
-}
-
-- (NSImage *)bundleIcon {
-  SNTBinaryInfo *bi = [[SNTBinaryInfo alloc] initWithPath:self.event.path];
-
-  if (!bi || !bi.bundle) return nil;
-
-  return [[NSWorkspace sharedWorkspace] iconForFile:bi.bundlePath];
-}
-
-@end

Source/SantaGUI/SNTNotificationManager.m

@@ -1,81 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTNotificationManager.h"
-
-#import "SNTNotificationMessage.h"
-
-@interface SNTNotificationManager ()
-/// The currently displayed notification
-@property SNTMessageWindowController *currentWindowController;
-
-/// The queue of pending notifications
-@property(readonly) NSMutableArray *pendingNotifications;
-@end
-
-@implementation SNTNotificationManager
-
-- (instancetype)init {
-  self = [super init];
-  if (self) {
-    _pendingNotifications = [[NSMutableArray alloc] init];
-  }
-  return self;
-}
-
-- (void)windowDidClose {
-  [self.pendingNotifications removeObject:self.currentWindowController];
-  self.currentWindowController = nil;
-
-  if ([self.pendingNotifications count]) {
-    self.currentWindowController = [self.pendingNotifications firstObject];
-    [self.currentWindowController showWindow:self];
-  } else {
-    [NSApp hide:self];
-  }
-}
-
-#pragma mark SNTNotifierXPC protocol methods
-
-- (void)postBlockNotification:(SNTNotificationMessage *)event {
-  // See if this binary is already in the list of pending notifications.
-  NSPredicate *predicate = [NSPredicate predicateWithFormat:@"event.SHA1==%@", event.SHA1];
-  if ([[self.pendingNotifications filteredArrayUsingPredicate:predicate] count]) return;
-
-  // Notifications arrive on a background thread but UI updates must happen on the main thread.
-  // This includes making windows.
-  [self performSelectorOnMainThread:@selector(postBlockNotificationMainThread:)
-                         withObject:event
-                      waitUntilDone:NO];
-}
-
-- (void)postBlockNotificationMainThread:(SNTNotificationMessage *)event {
-  // Create message window
-  SNTMessageWindowController *pendingMsg = [[SNTMessageWindowController alloc] initWithEvent:event];
-  pendingMsg.delegate = self;
-  [self.pendingNotifications addObject:pendingMsg];
-
-  // If a notification isn't currently being displayed, display the incoming one.
-  if (!self.currentWindowController) {
-    self.currentWindowController = pendingMsg;
-
-    [NSApp activateIgnoringOtherApps:YES];
-
-    // It's quite likely that we're currently on a background thread, and GUI code should always be
-    // on main thread. Open the window on the main thread so any code it runs is also.
-    [pendingMsg showWindow:nil];
-  }
-}
-
-@end

Source/common/BUILD

@@ -0,0 +1,410 @@
+load("//:helper.bzl", "santa_unit_test")
+load("@rules_cc//cc:defs.bzl", "cc_proto_library")
+
+package(
+    default_visibility = ["//:santa_package_group"],
+)
+
+licenses(["notice"])
+
+proto_library(
+    name = "santa_proto",
+    srcs = ["santa.proto"],
+    deps = [
+        "@com_google_protobuf//:any_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
+cc_proto_library(
+    name = "santa_cc_proto",
+    deps = [":santa_proto"],
+)
+
+# Note: Simple wrapper for a `cc_proto_library` target which cannot be directly
+# depended upon by an `objc_library` target.
+cc_library(
+    name = "santa_cc_proto_library_wrapper",
+    hdrs = ["santa_proto_include_wrapper.h"],
+    deps = [
+        ":santa_cc_proto",
+    ],
+)
+
+objc_library(
+    name = "SystemResources",
+    srcs = ["SystemResources.mm"],
+    hdrs = ["SystemResources.h"],
+    deps = [
+        ":SNTLogging",
+    ],
+)
+
+cc_library(
+    name = "SantaCache",
+    hdrs = ["SantaCache.h"],
+    deps = [":BranchPrediction"],
+)
+
+santa_unit_test(
+    name = "SantaCacheTest",
+    srcs = ["SantaCacheTest.mm"],
+    deps = [
+        ":SantaCache",
+    ],
+)
+
+objc_library(
+    name = "BranchPrediction",
+    hdrs = ["BranchPrediction.h"],
+)
+
+objc_library(
+    name = "SantaVnode",
+    hdrs = ["SantaVnode.h"],
+)
+
+objc_library(
+    name = "Platform",
+    hdrs = ["Platform.h"],
+)
+
+objc_library(
+    name = "String",
+    hdrs = ["String.h"],
+)
+
+objc_library(
+    name = "SantaVnodeHash",
+    srcs = ["SantaVnodeHash.mm"],
+    hdrs = ["SantaVnodeHash.h"],
+    deps = [
+        ":SantaCache",
+        ":SantaVnode",
+    ],
+)
+
+objc_library(
+    name = "SNTBlockMessage",
+    srcs = ["SNTBlockMessage.m"],
+    hdrs = ["SNTBlockMessage.h"],
+    deps = [
+        ":SNTConfigurator",
+        ":SNTLogging",
+        ":SNTStoredEvent",
+        ":SNTSystemInfo",
+    ],
+)
+
+objc_library(
+    name = "SNTBlockMessage_SantaGUI",
+    srcs = ["SNTBlockMessage.m"],
+    hdrs = ["SNTBlockMessage.h"],
+    defines = ["SANTAGUI"],
+    deps = [
+        ":SNTConfigurator",
+        ":SNTDeviceEvent",
+        ":SNTLogging",
+        ":SNTStoredEvent",
+        ":SNTSystemInfo",
+    ],
+)
+
+objc_library(
+    name = "SNTCachedDecision",
+    srcs = ["SNTCachedDecision.mm"],
+    hdrs = ["SNTCachedDecision.h"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SantaVnode",
+    ],
+)
+
+objc_library(
+    name = "SNTDeviceEvent",
+    srcs = ["SNTDeviceEvent.m"],
+    hdrs = ["SNTDeviceEvent.h"],
+    module_name = "santa_common_SNTDeviceEvent",
+    sdk_frameworks = [
+        "Foundation",
+    ],
+    deps = [
+        ":SNTCommonEnums",
+    ],
+)
+
+objc_library(
+    name = "SNTCommonEnums",
+    textual_hdrs = ["SNTCommonEnums.h"],
+)
+
+objc_library(
+    name = "SNTConfigurator",
+    srcs = ["SNTConfigurator.m"],
+    hdrs = ["SNTConfigurator.h"],
+    module_name = "santa_common_SNTConfigurator",
+    sdk_frameworks = [
+        "Foundation",
+    ],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTRule",
+        ":SNTStrengthify",
+        ":SNTSystemInfo",
+    ],
+)
+
+objc_library(
+    name = "SNTKVOManager",
+    srcs = ["SNTKVOManager.mm"],
+    hdrs = ["SNTKVOManager.h"],
+    deps = [
+        ":SNTLogging",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTKVOManagerTest",
+    srcs = ["SNTKVOManagerTest.mm"],
+    deps = [
+        ":SNTKVOManager",
+    ],
+)
+
+objc_library(
+    name = "SNTDropRootPrivs",
+    srcs = ["SNTDropRootPrivs.m"],
+    hdrs = ["SNTDropRootPrivs.h"],
+)
+
+objc_library(
+    name = "SNTFileInfo",
+    srcs = ["SNTFileInfo.m"],
+    hdrs = ["SNTFileInfo.h"],
+    deps = [
+        ":SNTLogging",
+        "@FMDB",
+        "@MOLCodesignChecker",
+    ],
+)
+
+objc_library(
+    name = "SNTLogging",
+    srcs = ["SNTLogging.m"],
+    hdrs = ["SNTLogging.h"],
+    deps = [":SNTConfigurator"],
+)
+
+objc_library(
+    name = "PrefixTree",
+    hdrs = ["PrefixTree.h"],
+    deps = [
+        ":SNTLogging",
+        "@com_google_absl//absl/synchronization",
+    ],
+)
+
+objc_library(
+    name = "Unit",
+    hdrs = ["Unit.h"],
+)
+
+objc_library(
+    name = "SNTRule",
+    srcs = ["SNTRule.m"],
+    hdrs = ["SNTRule.h"],
+    sdk_frameworks = [
+        "Foundation",
+    ],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTSyncConstants",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTRuleTest",
+    srcs = ["SNTRuleTest.m"],
+    deps = [":SNTRule"],
+)
+
+objc_library(
+    name = "SNTStoredEvent",
+    srcs = ["SNTStoredEvent.m"],
+    hdrs = ["SNTStoredEvent.h"],
+    deps = [
+        ":SNTCommonEnums",
+        "@MOLCertificate",
+    ],
+)
+
+cc_library(
+    name = "SNTStrengthify",
+    hdrs = ["SNTStrengthify.h"],
+)
+
+objc_library(
+    name = "SNTSyncConstants",
+    srcs = ["SNTSyncConstants.m"],
+    hdrs = ["SNTSyncConstants.h"],
+    sdk_frameworks = [
+        "Foundation",
+    ],
+)
+
+objc_library(
+    name = "SNTSystemInfo",
+    srcs = ["SNTSystemInfo.m"],
+    hdrs = ["SNTSystemInfo.h"],
+    sdk_frameworks = [
+        "Foundation",
+        "IOKit",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCBundleServiceInterface",
+    srcs = ["SNTXPCBundleServiceInterface.m"],
+    hdrs = ["SNTXPCBundleServiceInterface.h"],
+    deps = [
+        ":SNTStoredEvent",
+        "@MOLXPCConnection",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCMetricServiceInterface",
+    srcs = ["SNTXPCMetricServiceInterface.m"],
+    hdrs = ["SNTXPCMetricServiceInterface.h"],
+    deps = [
+        "@MOLXPCConnection",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCControlInterface",
+    srcs = ["SNTXPCControlInterface.m"],
+    hdrs = ["SNTXPCControlInterface.h"],
+    defines = select({
+        "//:adhoc_build": ["SANTAADHOC"],
+        "//conditions:default": None,
+    }),
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTConfigurator",
+        ":SNTRule",
+        ":SNTStoredEvent",
+        ":SNTXPCUnprivilegedControlInterface",
+        "@MOLCodesignChecker",
+        "@MOLXPCConnection",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCNotifierInterface",
+    srcs = ["SNTXPCNotifierInterface.m"],
+    hdrs = ["SNTXPCNotifierInterface.h"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTXPCBundleServiceInterface",
+    ],
+)
+
+objc_library(
+    name = "SNTMetricSet",
+    srcs = ["SNTMetricSet.m"],
+    hdrs = ["SNTMetricSet.h"],
+    deps = [":SNTCommonEnums"],
+)
+
+objc_library(
+    name = "SNTXPCSyncServiceInterface",
+    srcs = ["SNTXPCSyncServiceInterface.m"],
+    hdrs = ["SNTXPCSyncServiceInterface.h"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTStoredEvent",
+        "@MOLXPCConnection",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCUnprivilegedControlInterface",
+    srcs = ["SNTXPCUnprivilegedControlInterface.m"],
+    hdrs = ["SNTXPCUnprivilegedControlInterface.h"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTRule",
+        ":SNTStoredEvent",
+        ":SNTXPCBundleServiceInterface",
+        ":SantaVnode",
+        "@MOLCertificate",
+        "@MOLXPCConnection",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTFileInfoTest",
+    srcs = ["SNTFileInfoTest.m"],
+    resources = [
+        "testdata/32bitplist",
+        "testdata/bad_pagezero",
+        "testdata/missing_pagezero",
+    ],
+    structured_resources = glob([
+        "testdata/BundleExample.app/**",
+        "testdata/DirectoryBundle/**",
+    ]),
+    deps = [":SNTFileInfo"],
+)
+
+santa_unit_test(
+    name = "PrefixTreeTest",
+    srcs = ["PrefixTreeTest.mm"],
+    deps = [":PrefixTree"],
+)
+
+santa_unit_test(
+    name = "SNTMetricSetTest",
+    srcs = ["SNTMetricSetTest.m"],
+    deps = [":SNTMetricSet"],
+)
+
+santa_unit_test(
+    name = "SNTCachedDecisionTest",
+    srcs = ["SNTCachedDecisionTest.mm"],
+    deps = [
+        "//Source/common:SNTCachedDecision",
+        "//Source/common:TestUtils",
+        "@OCMock",
+    ],
+)
+
+test_suite(
+    name = "unit_tests",
+    tests = [
+        ":PrefixTreeTest",
+        ":SNTCachedDecisionTest",
+        ":SNTFileInfoTest",
+        ":SNTKVOManagerTest",
+        ":SNTMetricSetTest",
+        ":SNTRuleTest",
+        ":SantaCacheTest",
+    ],
+    visibility = ["//:santa_package_group"],
+)
+
+objc_library(
+    name = "TestUtils",
+    testonly = 1,
+    srcs = ["TestUtils.mm"],
+    hdrs = ["TestUtils.h"],
+    sdk_dylibs = [
+        "bsm",
+    ],
+    deps = [
+        ":SystemResources",
+        "@OCMock",
+        "@com_google_googletest//:gtest",
+    ],
+)

Source/common/BranchPrediction.h

@@ -0,0 +1,22 @@
+/// Copyright 2022 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__BRANCHPREDICTION_H
+#define SANTA__COMMON__BRANCHPREDICTION_H
+
+// Helpful macros to use when the the outcome is largely known
+#define likely(x) __builtin_expect(!!(x), 1)
+#define unlikely(x) __builtin_expect(!!(x), 0)
+
+#endif

Source/common/Platform.h

@@ -0,0 +1,34 @@
+/// Copyright 2022 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__PLATFORM_H
+#define SANTA__COMMON__PLATFORM_H
+
+#include <Availability.h>
+
+#if defined(MAC_OS_VERSION_12_0) && \
+    MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_12_0
+#define HAVE_MACOS_12 1
+#else
+#define HAVE_MACOS_12 0
+#endif
+
+#if defined(MAC_OS_VERSION_13_0) && \
+    MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_13_0
+#define HAVE_MACOS_13 1
+#else
+#define HAVE_MACOS_13 0
+#endif
+
+#endif

Source/common/PrefixTree.h

@@ -0,0 +1,302 @@
+/// Copyright 2022 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__PREFIXTREE_H
+#define SANTA__COMMON__PREFIXTREE_H
+
+#include <sys/syslimits.h>
+
+#include <optional>
+
+#import "Source/common/SNTLogging.h"
+#include "absl/synchronization/mutex.h"
+
+#if SANTA_PREFIX_TREE_DEBUG
+#define DEBUG_LOG LOGD
+#else
+#define DEBUG_LOG(format, ...)  // NOP
+#endif
+
+namespace santa::common {
+
+template <typename ValueT>
+class PrefixTree {
+ private:
+  // Forward declaration
+  enum class NodeType;
+  class TreeNode;
+
+ public:
+  PrefixTree(uint32_t max_depth = PATH_MAX)
+      : root_(new TreeNode()), max_depth_(max_depth), node_count_(0) {}
+
+  ~PrefixTree() { PruneLocked(root_); }
+
+  bool InsertPrefix(const char *s, ValueT value) {
+    absl::MutexLock lock(&lock_);
+    return InsertLocked(s, value, NodeType::kPrefix);
+  }
+
+  bool InsertLiteral(const char *s, ValueT value) {
+    absl::MutexLock lock(&lock_);
+    return InsertLocked(s, value, NodeType::kLiteral);
+  }
+
+  bool HasPrefix(const char *input) {
+    absl::ReaderMutexLock lock(&lock_);
+    return HasPrefixLocked(input);
+  }
+
+  std::optional<ValueT> LookupLongestMatchingPrefix(const char *input) {
+    if (!input) {
+      return std::nullopt;
+    }
+
+    absl::ReaderMutexLock lock(&lock_);
+    return LookupLongestMatchingPrefixLocked(input);
+  }
+
+  void Reset() {
+    absl::MutexLock lock(&lock_);
+    PruneLocked(root_);
+    root_ = new TreeNode();
+    node_count_ = 0;
+  }
+
+#if SANTA_PREFIX_TREE_DEBUG
+  void Print() {
+    char buf[max_depth_ + 1];
+    memset(buf, 0, sizeof(buf));
+
+    absl::ReaderMutexLock lock(&lock_);
+    PrintLocked(root_, buf, 0);
+  }
+
+  uint32_t NodeCount() {
+    absl::ReaderMutexLock lock(&lock_);
+    return node_count_;
+  }
+#endif
+
+ private:
+  ABSL_EXCLUSIVE_LOCKS_REQUIRED(lock_)
+  bool InsertLocked(const char *input, ValueT value, NodeType node_type) {
+    const char *p = input;
+    TreeNode *node = root_;
+
+    while (*p) {
+      uint8_t cur_byte = (uint8_t)*p;
+
+      TreeNode *child_node = node->children_[cur_byte];
+      if (!child_node) {
+        // Current node doesn't exist...
+        // Create the rest of the nodes in the tree for the given string
+
+        // Keep a pointer to where this new branch starts from. If the
+        // input length exceeds max_depth, the new branch will need to
+        // be pruned.
+        TreeNode *branch_start_node = node;
+        uint8_t branch_start_byte = (uint8_t)*p;
+
+        do {
+          TreeNode *new_node = new TreeNode();
+          node->children_[cur_byte] = new_node;
+          node = new_node;
+          node_count_++;
+
+          // Check current depth...
+          if (p - input >= max_depth_) {
+            // Attempted to add a string that exceeded max depth
+            // Prune tree from start of this new branch
+            PruneLocked(branch_start_node->children_[branch_start_byte]);
+            branch_start_node->children_[branch_start_byte] = nullptr;
+
+            return false;
+          }
+
+          cur_byte = (uint8_t) * ++p;
+        } while (*p);
+
+        node->node_type_ = node_type;
+        node->value_ = value;
+
+        return true;
+      } else if (*(p + 1) == '\0') {
+        // Current node exists and we're at the end of our input...
+        // Note: The current node's data will be overwritten
+
+        // Only increment node count if the previous node type wasn't already a
+        // prefix or literal type (in which case it was already counted)
+        if (child_node->node_type_ == NodeType::kInner) {
+          node_count_++;
+        }
+
+        child_node->node_type_ = node_type;
+        child_node->value_ = value;
+        return true;
+      }
+
+      node = child_node;
+      p++;
+    }
+
+    // Should only get here when input is an empty string
+    return false;
+  }
+
+  ABSL_SHARED_LOCKS_REQUIRED(lock_)
+  bool HasPrefixLocked(const char *input) {
+    TreeNode *node = root_;
+    const char *p = input;
+
+    while (*p) {
+      node = node->children_[(uint8_t)*p++];
+
+      if (!node) {
+        break;
+      }
+
+      if (node->node_type_ == NodeType::kPrefix ||
+          (*p == '\0' && node->node_type_ == NodeType::kLiteral)) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  ABSL_SHARED_LOCKS_REQUIRED(lock_)
+  std::optional<ValueT> LookupLongestMatchingPrefixLocked(const char *input) {
+    TreeNode *node = root_;
+    TreeNode *match = nullptr;
+    const char *p = input;
+
+    while (*p) {
+      node = node->children_[(uint8_t)*p++];
+
+      if (!node) {
+        break;
+      }
+
+      if (node->node_type_ == NodeType::kPrefix ||
+          (*p == '\0' && node->node_type_ == NodeType::kLiteral)) {
+        match = node;
+      }
+    }
+
+    return match ? std::make_optional<ValueT>(match->value_) : std::nullopt;
+  }
+
+  ABSL_EXCLUSIVE_LOCKS_REQUIRED(lock_)
+  void PruneLocked(TreeNode *target) {
+    if (!target) {
+      return;
+    }
+
+    // For deep trees, a recursive approach will generate too many stack frames.
+    // Since the depth of the tree is configurable, err on the side of caution
+    // and use a "stack" to walk the tree in a non-recursive manner.
+    TreeNode **stack = new TreeNode *[node_count_ + 1];
+    if (!stack) {
+      LOGE(@"Unable to prune tree!");
+      return;
+    }
+
+    uint32_t count = 0;
+
+    // Seed the "stack" with a starting node.
+    stack[count++] = target;
+
+    // Start at the target node and walk the tree to find and delete all the
+    // sub-nodes.
+    while (count) {
+      TreeNode *node = stack[--count];
+
+      for (int i = 0; i < 256; ++i) {
+        if (!node->children_[i]) {
+          continue;
+        }
+        stack[count++] = node->children_[i];
+      }
+
+      delete node;
+      --node_count_;
+    }
+
+    delete[] stack;
+  }
+
+#if SANTA_PREFIX_TREE_DEBUG
+  ABSL_SHARED_LOCKS_REQUIRED(lock_)
+  void PrintLocked(TreeNode *node, char *buf, uint32_t depth) {
+    for (size_t i = 0; i < 256; i++) {
+      TreeNode *cur_node = node->children_[i];
+      if (cur_node) {
+        buf[depth] = i;
+        if (cur_node->node_type_ != NodeType::kInner) {
+          printf("\t%s (type: %s)\n", buf,
+                 cur_node->node_type_ == NodeType::kPrefix ? "prefix" : "literal");
+        }
+        PrintLocked(cur_node, buf, depth + 1);
+        buf[depth] = '\0';
+      }
+    }
+  }
+#endif
+
+  enum class NodeType {
+    kInner = 0,
+    kPrefix,
+    kLiteral,
+  };
+
+  ///
+  ///  TreeNode is a wrapper class that represents one byte.
+  ///  1 node can represent a whole ASCII character.
+  ///  For example a pointer to the 'A' node will be stored at children[0x41].
+  ///  It takes 1-4 nodes to represent a UTF-8 encoded Unicode character.
+  ///
+  ///  The path for "/🤘" would look like this:
+  ///      children[0x2f] -> children[0xf0] -> children[0x9f] -> children[0xa4]
+  ///      -> children[0x98]
+  ///
+  ///  The path for "/dev" is:
+  ///      children[0x2f] -> children[0x64] -> children[0x65] -> children[0x76]
+  ///
+  ///  Lookups of children are O(1).
+  ///
+  ///  Having the nodes represented by a smaller width, such as a nibble (1/2
+  ///  byte), would drastically decrease the memory footprint but would double
+  ///  required dereferences.
+  ///
+  ///  TODO(bur): Potentially convert this into a full on radix tree.
+  ///
+  class TreeNode {
+   public:
+    TreeNode() : children_(), node_type_(NodeType::kInner) {}
+    ~TreeNode() = default;
+    TreeNode *children_[256];
+    PrefixTree::NodeType node_type_;
+    ValueT value_;
+  };
+
+  TreeNode *root_;
+  const uint32_t max_depth_;
+  uint32_t node_count_ ABSL_GUARDED_BY(lock_);
+  absl::Mutex lock_;
+};
+
+}  // namespace santa::common
+
+#endif

Source/common/PrefixTreeTest.mm

@@ -0,0 +1,224 @@
+/// Copyright 2022 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import <XCTest/XCTest.h>
+
+#define SANTA_PREFIX_TREE_DEBUG 1
+#include "Source/common/PrefixTree.h"
+
+using santa::common::PrefixTree;
+
+@interface PrefixTreeTest : XCTestCase
+@end
+
+@implementation PrefixTreeTest
+
+- (void)testBasic {
+  PrefixTree<int> tree;
+
+  XCTAssertFalse(tree.HasPrefix("/foo/bar/baz"));
+  XCTAssertFalse(tree.HasPrefix("/foo/bar.txt"));
+  XCTAssertFalse(tree.HasPrefix("/baz"));
+
+  XCTAssertTrue(tree.InsertPrefix("/foo", 12));
+  XCTAssertTrue(tree.InsertPrefix("/bar", 34));
+  XCTAssertTrue(tree.InsertLiteral("/foo/bar", 56));
+
+  // Re-inserting something that exists is allowed
+  XCTAssertTrue(tree.InsertLiteral("/foo", 78));
+  XCTAssertTrue(tree.InsertPrefix("/foo", 56));
+
+  XCTAssertTrue(tree.HasPrefix("/foo/bar/baz"));
+  XCTAssertTrue(tree.HasPrefix("/foo/bar.txt"));
+  XCTAssertFalse(tree.HasPrefix("/baz"));
+
+  // Empty strings are not supported
+  XCTAssertFalse(tree.InsertLiteral("", 0));
+  XCTAssertFalse(tree.InsertPrefix("", 0));
+}
+
+- (void)testHasPrefix {
+  PrefixTree<int> tree;
+
+  XCTAssertTrue(tree.InsertPrefix("/foo", 0));
+  XCTAssertTrue(tree.InsertLiteral("/bar", 0));
+  XCTAssertTrue(tree.InsertLiteral("/baz", 0));
+  XCTAssertTrue(tree.InsertLiteral("/qaz", 0));
+
+  // Check that a tree with a matching prefix is successful
+  XCTAssertTrue(tree.HasPrefix("/foo.txt"));
+
+  // This shouldn't succeed because `/bar` `/baz` and `qaz` are literals
+  XCTAssertFalse(tree.HasPrefix("/bar.txt"));
+  XCTAssertFalse(tree.HasPrefix("/baz.txt"));
+  XCTAssertFalse(tree.HasPrefix("/qaz.txt"));
+
+  // Now change `/bar` to a prefix type and retest HasPrefix
+  // `/bar.txt` should now succeed, but `/baz.txt` should still not pass
+  XCTAssertTrue(tree.InsertPrefix("/bar", 0));
+  XCTAssertTrue(tree.HasPrefix("/bar.txt"));
+  XCTAssertFalse(tree.HasPrefix("/baz.txt"));
+  XCTAssertFalse(tree.HasPrefix("/qaz.txt"));
+
+  // Insert a new prefix string to allow `/baz.txt` to have a valid prefix
+  XCTAssertTrue(tree.InsertPrefix("/b", 0));
+  XCTAssertTrue(tree.HasPrefix("/baz.txt"));
+  XCTAssertFalse(tree.HasPrefix("/qaz.txt"));
+
+  // An exact match on a literal allows HasPrefix to succeed
+  XCTAssertTrue(tree.InsertLiteral("/qaz.txt", 0));
+  XCTAssertTrue(tree.HasPrefix("/qaz.txt"));
+}
+
+- (void)testLookupLongestMatchingPrefix {
+  PrefixTree<int> tree;
+
+  XCTAssertTrue(tree.InsertPrefix("/foo", 12));
+  XCTAssertTrue(tree.InsertPrefix("/bar", 34));
+  XCTAssertTrue(tree.InsertPrefix("/foo/bar.txt", 56));
+
+  std::optional<int> value;
+
+  // Matching exact prefix
+  value = tree.LookupLongestMatchingPrefix("/foo");
+  XCTAssertEqual(value.value_or(0), 12);
+
+  // Ensure changing node type works as expected
+  // Literals must match exactly.
+  value = tree.LookupLongestMatchingPrefix("/foo/bar.txt.tmp");
+  XCTAssertEqual(value.value_or(0), 56);
+  XCTAssertTrue(tree.InsertLiteral("/foo/bar.txt", 90));
+  value = tree.LookupLongestMatchingPrefix("/foo/bar.txt.tmp");
+  XCTAssertEqual(value.value_or(0), 12);
+
+  // Inserting over an exiting node returns the new value
+  XCTAssertTrue(tree.InsertPrefix("/foo", 78));
+  value = tree.LookupLongestMatchingPrefix("/foo");
+  XCTAssertEqual(value.value_or(0), 78);
+
+  // No matching prefix
+  value = tree.LookupLongestMatchingPrefix("/asdf");
+  XCTAssertEqual(value.value_or(0), 0);
+}
+
+- (void)testNodeCounts {
+  const uint32_t maxDepth = 100;
+  PrefixTree<int> tree(100);
+
+  XCTAssertEqual(tree.NodeCount(), 0);
+
+  // Start with a small string
+  XCTAssertTrue(tree.InsertPrefix("asdf", 0));
+  XCTAssertEqual(tree.NodeCount(), 4);
+
+  // Add a couple more characters to the existing string
+  XCTAssertTrue(tree.InsertPrefix("asdfgh", 0));
+  XCTAssertEqual(tree.NodeCount(), 6);
+
+  // Inserting a string that exceeds max depth doesn't increase node count
+  XCTAssertFalse(tree.InsertPrefix(std::string(maxDepth + 10, 'A').c_str(), 0));
+  XCTAssertEqual(tree.NodeCount(), 6);
+
+  // Add a new string that is a prefix of an existing string
+  // This should increment the count by one since a new terminal node exists
+  XCTAssertTrue(tree.InsertPrefix("as", 0));
+  XCTAssertEqual(tree.NodeCount(), 7);
+
+  // Re-inserting onto an existing node shouldn't modify the count
+  tree.InsertLiteral("as", 0);
+  tree.InsertPrefix("as", 0);
+  XCTAssertEqual(tree.NodeCount(), 7);
+}
+
+- (void)testReset {
+  // Ensure resetting a tree removes all content
+  PrefixTree<int> tree;
+
+  tree.Reset();
+  XCTAssertEqual(tree.NodeCount(), 0);
+
+  XCTAssertTrue(tree.InsertPrefix("asdf", 0));
+  XCTAssertTrue(tree.InsertPrefix("qwerty", 0));
+
+  XCTAssertTrue(tree.HasPrefix("asdf"));
+  XCTAssertTrue(tree.HasPrefix("qwerty"));
+  XCTAssertEqual(tree.NodeCount(), 10);
+
+  tree.Reset();
+  XCTAssertFalse(tree.HasPrefix("asdf"));
+  XCTAssertFalse(tree.HasPrefix("qwerty"));
+  XCTAssertEqual(tree.NodeCount(), 0);
+}
+
+- (void)testComplexValues {
+  class Foo {
+   public:
+    Foo(int x) : x_(x) {}
+    int X() { return x_; }
+
+   private:
+    int x_;
+  };
+
+  PrefixTree<std::shared_ptr<Foo>> tree;
+
+  XCTAssertTrue(tree.InsertPrefix("foo", std::make_shared<Foo>(123)));
+  XCTAssertTrue(tree.InsertPrefix("bar", std::make_shared<Foo>(456)));
+
+  std::optional<std::shared_ptr<Foo>> value;
+  value = tree.LookupLongestMatchingPrefix("foo");
+  XCTAssertTrue(value.has_value() && value->get()->X() == 123);
+
+  value = tree.LookupLongestMatchingPrefix("bar");
+  XCTAssertTrue(value.has_value() && value->get()->X() == 456);
+
+  value = tree.LookupLongestMatchingPrefix("asdf");
+  XCTAssertFalse(value.has_value());
+}
+
+- (void)testThreading {
+  uint32_t count = 4096;
+  auto t = new PrefixTree<int>(count * (uint32_t)[NSUUID UUID].UUIDString.length);
+
+  __block NSMutableArray *UUIDs = [NSMutableArray arrayWithCapacity:count];
+  for (int i = 0; i < count; ++i) {
+    [UUIDs addObject:[NSUUID UUID].UUIDString];
+  }
+
+  __block _Atomic BOOL stop = NO;
+
+  // Create a bunch of background noise.
+  dispatch_async(dispatch_get_global_queue(0, 0), ^{
+    for (uint64_t i = 0; i < UINT64_MAX; ++i) {
+      dispatch_async(dispatch_get_global_queue(0, 0), ^{
+        t->HasPrefix([UUIDs[i % count] UTF8String]);
+      });
+      if (stop) return;
+    }
+  });
+
+  // Fill up the tree.
+  dispatch_apply(count, dispatch_get_global_queue(0, 0), ^(size_t i) {
+    XCTAssertEqual(t->InsertPrefix([UUIDs[i] UTF8String], 0), true);
+  });
+
+  // Make sure every leaf byte is found.
+  dispatch_apply(count, dispatch_get_global_queue(0, 0), ^(size_t i) {
+    XCTAssertTrue(t->HasPrefix([UUIDs[i] UTF8String]));
+  });
+
+  stop = YES;
+}
+
+@end

Source/common/SNTBinaryInfo.h

@@ -1,73 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-/// SNTBinaryInfo represents a binary on disk, providing access to details about that binary such as
-/// the SHA-1, the Info.plist and the Mach-O data.
-@interface SNTBinaryInfo : NSObject
-
-/// Designated initializer
-- (instancetype)initWithPath:(NSString *)path;
-
-/// Return SHA-1 hash of this binary
-- (NSString *)SHA1;
-
-/// Returns the type of Mach-O file:
-///  Dynamic Library, Kernel Extension, Fat Binary, Thin Binary
-- (NSString *)machoType;
-
-/// Returns the architectures included in this binary (e.g. x86_64, ppc)
-- (NSArray *)architectures;
-
-/// Returns YES if this file is a Mach-O file
-- (BOOL)isMachO;
-
-/// Returns YES if this file contains multiple architectures
-- (BOOL)isFat;
-
-/// Returns YES if this file is an executable Mach-O file
-- (BOOL)isExecutable;
-
-/// Returns YES if this file is a dynamic library
-- (BOOL)isDylib;
-
-/// Returns YES if this file is a kernel extension
-- (BOOL)isKext;
-
-/// Returns YES if this file is a script (e.g. it begins #!)
-- (BOOL)isScript;
-
-/// Returns an NSBundle if this file is part of a bundle.
-- (NSBundle *)bundle;
-
-/// Returns the path to the bundle this file is a part of, if any.
-- (NSString *)bundlePath;
-
-/// Returns either the Info.plist in the bundle this file is part of, or an embedded plist if there
-/// is one. In the odd case that a file has both an embedded Info.plist and is part of a bundle,
-/// the Info.plist from the bundle will be returned.
-- (NSDictionary *)infoPlist;
-
-/// Returns the CFBundleIdentifier from this file's Info.plist
-- (NSString *)bundleIdentifier;
-
-/// Returns the CFBundleName from this file's Info.plist
-- (NSString *)bundleName;
-
-/// Returns the CFBundleVersion from this file's Info.plist
-- (NSString *)bundleVersion;
-
-/// Returns the CFBundleShortVersionString from this file's Info.plist
-- (NSString *)bundleShortVersionString;
-
-@end

Source/common/SNTBinaryInfo.m

@@ -1,291 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTBinaryInfo.h"
-
-#import <CommonCrypto/CommonDigest.h>
-
-#include <mach-o/loader.h>
-#include <mach-o/swap.h>
-
-@interface SNTBinaryInfo ()
-@property NSString *path;
-@property NSData *fileData;
-@property NSBundle *bundleRef;
-@property NSDictionary *infoDict;
-@end
-
-@implementation SNTBinaryInfo
-
-- (instancetype)initWithPath:(NSString *)path {
-  self = [super init];
-
-  if (self) {
-    _path = path;
-
-    _fileData = [NSData dataWithContentsOfFile:path options:NSDataReadingMappedIfSafe error:nil];
-    if (!_fileData) return nil;
-  }
-
-  return self;
-}
-
-- (NSString *)SHA1 {
-  unsigned char sha1[CC_SHA1_DIGEST_LENGTH];
-  CC_SHA1([self.fileData bytes], (unsigned int)[self.fileData length], sha1);
-
-  // Convert the binary SHA into hex
-  NSMutableString *buf = [[NSMutableString alloc] initWithCapacity:CC_SHA1_DIGEST_LENGTH * 2];
-  for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; i++) {
-    [buf appendFormat:@"%02x", (unsigned char)sha1[i]];
-  }
-
-  return buf;
-}
-
-- (NSString *)machoType {
-  if ([self isDylib])   { return @"Dynamic Library"; }
-  if ([self isKext])    { return @"Kernel Extension"; }
-  if ([self isFat])     { return @"Fat Binary"; }
-  if ([self isMachO])   { return @"Thin Binary"; }
-  if ([self isScript])  { return @"Script"; }
-  return @"Unknown (not executable?)";
-}
-
-- (NSArray *)architectures {
-  if (![self isMachO]) return nil;
-
-  if ([self isFat]) {
-    NSMutableArray *ret = [[NSMutableArray alloc] init];
-
-    // Retrieve just the fat_header, if possible.
-    NSData *head = [self safeSubdataWithRange:NSMakeRange(0, sizeof(struct fat_header))];
-    if (!head) return nil;
-    struct fat_header *fat_header = (struct fat_header *)[head bytes];
-
-    // Get number of architectures in the binary
-    uint32_t narch = NSSwapBigIntToHost(fat_header->nfat_arch);
-
-    // Retrieve just the fat_arch's, make a mutable copy and if necessary swap the bytes
-    NSData *archs = [self safeSubdataWithRange:NSMakeRange(sizeof(struct fat_header),
-                                                           sizeof(struct fat_arch) * narch)];
-    if (!archs) return nil;
-    struct fat_arch *fat_archs = (struct fat_arch *)[archs bytes];
-
-    // For each arch, get the name of it's architecture
-    for (int i = 0; i < narch; ++i) {
-      [ret addObject:[self nameForCPUType:NSSwapBigIntToHost(fat_archs[i].cputype)]];
-    }
-    return ret;
-  } else {
-    struct mach_header *hdr = [self firstMachHeader];
-    return @[ [self nameForCPUType:hdr->cputype] ];
-  }
-  return nil;
-}
-
-- (BOOL)isDylib {
-  struct mach_header *mach_header = [self firstMachHeader];
-  if (!mach_header) return NO;
-  if (mach_header->filetype == MH_DYLIB ||
-      mach_header->filetype == MH_FVMLIB) {
-    return YES;
-  }
-
-  return NO;
-}
-
-- (BOOL)isKext {
-  struct mach_header *mach_header = [self firstMachHeader];
-  if (!mach_header) return NO;
-  if (mach_header->filetype == MH_KEXT_BUNDLE) {
-    return YES;
-  }
-
-  return NO;
-}
-
-- (BOOL)isMachO {
-  return ([self.fileData length] >= 160 &&
-          ([self isMachHeader:(struct mach_header *)[self.fileData bytes]] || [self isFat]));
-}
-
-- (BOOL)isFat {
-  return ([self isFatHeader:(struct fat_header *)[self.fileData bytes]]);
-}
-
-- (BOOL)isScript {
-  if ([self.fileData length] < 1) return NO;
-
-  char magic[2];
-  [self.fileData getBytes:&magic length:2];
-
-  return (strncmp("#!", magic, 2) == 0);
-}
-
-- (BOOL)isExecutable {
-  struct mach_header *mach_header = [self firstMachHeader];
-  if (!mach_header) return NO;
-  if (mach_header->filetype == MH_OBJECT ||
-      mach_header->filetype == MH_EXECUTE ||
-      mach_header->filetype == MH_PRELOAD) {
-    return YES;
-  }
-
-  return NO;
-}
-
-# pragma mark Bundle Information
-
-/**
- *  Try and determine the bundle that the represented executable is contained within, if any.
- *
- *  Rationale: An NSBundle has a method executablePath for discovering the main binary within a
- *  bundle but provides no way to get an NSBundle object when only the executablePath is known. Also,
- *  a bundle can contain multiple binaries within the MacOS folder and we want any of these to count
- *  as being part of the bundle.
- *
- *  This method relies on executable bundles being laid out as follows:
- *
- *@code
- *  Bundle.app/
- *     Contents/
- *        MacOS/
- *          executable
- *@endcode
- *
- *  If @c self.path is the full path to @c executable above, this method would return an
- *  NSBundle reference for Bundle.app.
- */
-- (NSBundle *)bundle {
-  if (self.bundleRef) return self.bundleRef;
-
-  NSArray *pathComponents = [self.path pathComponents];
-
-  // Check that the full path is at least 4-levels deep:
-  // e.g: /Calendar.app/Contents/MacOS/Calendar
-  if ([pathComponents count] < 4) return nil;
-
-  pathComponents = [pathComponents subarrayWithRange:NSMakeRange(0, [pathComponents count] - 3)];
-  self.bundleRef = [NSBundle bundleWithPath:[NSString pathWithComponents:pathComponents]];
-
-  // Clear the bundle if it doesn't have a bundle ID
-  if (![self.bundleRef objectForInfoDictionaryKey:@"CFBundleIdentifier"]) self.bundleRef = nil;
-
-  return self.bundleRef;
-}
-
-- (NSString *)bundlePath {
-  return [self.bundle bundlePath];
-}
-
-- (NSDictionary *)infoPlist {
-  if (self.infoDict) return self.infoDict;
-
-  if ([self bundle]) {
-    self.infoDict = [[self bundle] infoDictionary];
-    return self.infoDict;
-  }
-
-  NSURL *url = [NSURL fileURLWithPath:self.path isDirectory:NO];
-  self.infoDict =
-      (__bridge_transfer NSDictionary*)CFBundleCopyInfoDictionaryForURL((__bridge CFURLRef) url);
-  return self.infoDict;
-}
-
-- (NSString *)bundleIdentifier {
-  return [[self infoPlist] objectForKey:@"CFBundleIdentifier"];
-}
-
-- (NSString *)bundleName {
-  return [[self infoPlist] objectForKey:@"CFBundleName"];
-}
-
-- (NSString *)bundleVersion {
-  return [[self infoPlist] objectForKey:@"CFBundleVersion"];
-}
-
-- (NSString *)bundleShortVersionString {
-  return [[self infoPlist] objectForKey:@"CFBundleShortVersionString"];
-}
-
-# pragma mark Internal Methods
-
-/// Look through the file for the first mach_header. If the file is thin, this will be the
-/// header at the beginning of the file. If the file is fat, it will be the first
-/// architecture-specific header.
-- (struct mach_header *)firstMachHeader {
-  if (![self isMachO]) return NULL;
-
-  struct mach_header *mach_header = (struct mach_header *)[self.fileData bytes];
-  struct fat_header *fat_header = (struct fat_header *)[self.fileData bytes];
-
-  if ([self isFatHeader:fat_header]) {
-    // Get the bytes for the fat_arch
-    NSData *archHdr = [self safeSubdataWithRange:NSMakeRange(sizeof(struct fat_header),
-                                                             sizeof(struct fat_arch))];
-    if (!archHdr) return nil;
-    struct fat_arch *fat_arch = (struct fat_arch *)[archHdr bytes];
-
-    // Get bytes for first mach_header
-    NSData *machHdr = [self safeSubdataWithRange:NSMakeRange(NSSwapBigIntToHost(fat_arch->offset),
-                                                             sizeof(struct mach_header))];
-    if (!machHdr) return nil;
-    mach_header = (struct mach_header *)[machHdr bytes];
-  }
-
-  if ([self isMachHeader:mach_header]) {
-    return mach_header;
-  }
-
-  return NULL;
-}
-
-- (BOOL)isMachHeader:(struct mach_header *)header {
-  return (header->magic == MH_MAGIC || header->magic == MH_MAGIC_64 ||
-          header->magic == MH_CIGAM || header->magic == MH_CIGAM_64);
-}
-
-- (BOOL)isFatHeader:(struct fat_header *)header {
-  return (header->magic == FAT_MAGIC || header->magic == FAT_CIGAM);
-}
-
-/// Wrap subdataWithRange: in a @try/@catch, returning nil on exception.
-/// Useful for when the range is beyond the end of the file.
-- (NSData *)safeSubdataWithRange:(NSRange)range {
-  @try {
-    return [self.fileData subdataWithRange:range];
-  }
-  @catch (NSException *exception) {
-    return nil;
-  }
-}
-
-- (NSString *)nameForCPUType:(cpu_type_t)cpuType {
-  switch (cpuType) {
-    case CPU_TYPE_X86:
-      return @"i386";
-    case CPU_TYPE_X86_64:
-      return @"x86-64";
-    case CPU_TYPE_POWERPC:
-      return @"ppc";
-    case CPU_TYPE_POWERPC64:
-      return @"ppc64";
-    default:
-      return @"unknown";
-  }
-  return nil;
-}
-
-@end

Source/common/SNTBlockMessage.h

@@ -0,0 +1,52 @@
+/// Copyright 2016 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#ifdef SANTAGUI
+#import <Cocoa/Cocoa.h>
+#else
+#import <Foundation/Foundation.h>
+#endif
+
+@class SNTStoredEvent;
+
+@interface SNTBlockMessage : NSObject
+
+///
+///  Return a message suitable for presenting to the user.
+///
+///  In SantaGUI this will return an NSAttributedString with links and formatting included
+///  while for santad all HTML will be properly stripped.
+///
++ (NSAttributedString *)formatMessage:(NSString *)message;
+
+///
+///  Uses either the configured message depending on the event type or a custom message
+///  if the rule that blocked this file included one, formatted using
+///  +[SNTBlockMessage formatMessage].
+///
++ (NSAttributedString *)attributedBlockMessageForEvent:(SNTStoredEvent *)event
+                                         customMessage:(NSString *)customMessage;
+
+///
+///  Return a URL generated from the EventDetailURL configuration key
+///  after replacing templates in the URL with values from the event.
+///
++ (NSURL *)eventDetailURLForEvent:(SNTStoredEvent *)event;
+
+///
+///  Strip HTML from a string, replacing <br /> with newline.
+///
++ (NSString *)stringFromHTML:(NSString *)html;
+
+@end

Source/common/SNTBlockMessage.m

@@ -0,0 +1,154 @@
+/// Copyright 2016 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import "Source/common/SNTBlockMessage.h"
+
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTStoredEvent.h"
+#import "Source/common/SNTSystemInfo.h"
+
+@implementation SNTBlockMessage
+
++ (NSAttributedString *)formatMessage:(NSString *)message {
+  NSString *htmlHeader =
+    @"<html><head><style>"
+    @"body {"
+    @"  font-family: 'Lucida Grande', 'Helvetica', sans-serif;"
+    @"  font-size: 13px;"
+    @"  color: %@;"
+    @"  text-align: center;"
+    @"}"
+
+    // Supported in beta WebKit. Not sure if it is dynamic when used with NSAttributedString.
+    @"@media (prefers-color-scheme: dark) {"
+    @"  body {"
+    @"    color: #ddd;"
+    @"  }"
+    @"}"
+    @"</style></head><body>";
+
+  // Support Dark Mode. Note, the returned NSAttributedString is static and does not update when
+  // the OS switches modes.
+  NSString *mode = [NSUserDefaults.standardUserDefaults stringForKey:@"AppleInterfaceStyle"];
+  BOOL dark = [mode isEqualToString:@"Dark"];
+  htmlHeader = [NSString stringWithFormat:htmlHeader, dark ? @"#ddd" : @"#333"];
+
+  NSString *htmlFooter = @"</body></html>";
+
+  NSString *fullHTML = [NSString stringWithFormat:@"%@%@%@", htmlHeader, message, htmlFooter];
+
+#ifdef SANTAGUI
+  NSData *htmlData = [fullHTML dataUsingEncoding:NSUTF8StringEncoding];
+  return [[NSAttributedString alloc] initWithHTML:htmlData documentAttributes:NULL];
+#else
+  NSString *strippedHTML = [self stringFromHTML:fullHTML];
+  if (!strippedHTML) {
+    return [[NSAttributedString alloc] initWithString:@"This binary has been blocked."];
+  }
+  return [[NSAttributedString alloc] initWithString:strippedHTML];
+#endif
+}
+
++ (NSAttributedString *)attributedBlockMessageForEvent:(SNTStoredEvent *)event
+                                         customMessage:(NSString *)customMessage {
+  NSString *message;
+  if (customMessage.length) {
+    message = customMessage;
+  } else if (event.decision == SNTEventStateBlockUnknown) {
+    message = [[SNTConfigurator configurator] unknownBlockMessage];
+    if (!message) {
+      message = @"The following application has been blocked from executing<br />"
+                @"because its trustworthiness cannot be determined.";
+    }
+  } else {
+    message = [[SNTConfigurator configurator] bannedBlockMessage];
+    if (!message) {
+      message = @"The following application has been blocked from executing<br />"
+                @"because it has been deemed malicious.";
+    }
+  }
+  return [SNTBlockMessage formatMessage:message];
+}
+
++ (NSString *)stringFromHTML:(NSString *)html {
+  NSError *error;
+  NSXMLDocument *xml = [[NSXMLDocument alloc] initWithXMLString:html options:0 error:&error];
+
+  if (!xml && error.code == NSXMLParserEmptyDocumentError) {
+    html = [NSString stringWithFormat:@"<html><body>%@</body></html>", html];
+    xml = [[NSXMLDocument alloc] initWithXMLString:html options:0 error:&error];
+    if (!xml) return html;
+  }
+
+  // Strip any HTML tags out of the message. Also remove any content inside <style> tags and
+  // replace <br> elements with a newline.
+  NSString *stripXslt =
+    @"<?xml version='1.0' encoding='utf-8'?>"
+    @"<xsl:stylesheet version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform'"
+    @"                              xmlns:xhtml='http://www.w3.org/1999/xhtml'>"
+    @"<xsl:output method='text'/>"
+    @"<xsl:template match='br'><xsl:text>\n</xsl:text></xsl:template>"
+    @"<xsl:template match='style'/>"
+    @"</xsl:stylesheet>";
+  NSData *data = [xml objectByApplyingXSLTString:stripXslt arguments:NULL error:&error];
+  if (error || ![data isKindOfClass:[NSData class]]) {
+    return html;
+  }
+  return [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
+}
+
++ (NSURL *)eventDetailURLForEvent:(SNTStoredEvent *)event {
+  SNTConfigurator *config = [SNTConfigurator configurator];
+
+  NSString *hostname = [SNTSystemInfo longHostname];
+  NSString *uuid = [SNTSystemInfo hardwareUUID];
+  NSString *serial = [SNTSystemInfo serialNumber];
+  NSString *formatStr = config.eventDetailURL;
+  if (!formatStr.length) return nil;
+
+  if (event.fileSHA256) {
+    // This key is deprecated, use %file_identifier% or %bundle_or_file_identifier%
+    formatStr =
+      [formatStr stringByReplacingOccurrencesOfString:@"%file_sha%"
+                                           withString:event.fileBundleHash ?: event.fileSHA256];
+
+    formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%file_identifier%"
+                                                     withString:event.fileSHA256];
+    formatStr =
+      [formatStr stringByReplacingOccurrencesOfString:@"%bundle_or_file_identifier%"
+                                           withString:event.fileBundleHash ?: event.fileSHA256];
+  }
+  if (event.executingUser) {
+    formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%username%"
+                                                     withString:event.executingUser];
+  }
+  if (config.machineID) {
+    formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%machine_id%"
+                                                     withString:config.machineID];
+  }
+  if (hostname.length) {
+    formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%hostname%" withString:hostname];
+  }
+  if (uuid.length) {
+    formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%uuid%" withString:uuid];
+  }
+  if (serial.length) {
+    formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%serial%" withString:serial];
+  }
+
+  return [NSURL URLWithString:formatStr];
+}
+
+@end

Source/common/SNTCachedDecision.h

@@ -0,0 +1,45 @@
+/// Copyright 2015-2022 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import <EndpointSecurity/EndpointSecurity.h>
+#import <Foundation/Foundation.h>
+
+#import "Source/common/SNTCommonEnums.h"
+#import "Source/common/SantaVnode.h"
+
+@class MOLCertificate;
+
+///
+///  Store information about executions from decision making for later logging.
+///
+@interface SNTCachedDecision : NSObject
+
+- (instancetype)initWithEndpointSecurityFile:(const es_file_t *)esFile;
+
+@property SantaVnode vnodeId;
+@property SNTEventState decision;
+@property NSString *decisionExtra;
+@property NSString *sha256;
+
+@property NSString *certSHA256;
+@property NSString *certCommonName;
+@property NSArray<MOLCertificate *> *certChain;
+@property NSString *teamID;
+
+@property NSString *quarantineURL;
+
+@property NSString *customMsg;
+@property BOOL silentBlock;
+
+@end

Source/common/SNTCachedDecision.mm

@@ -1,4 +1,5 @@
-/// Copyright 2014 Google Inc. All rights reserved.
+
+/// Copyright 2015-2022 Google Inc. All rights reserved.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -12,11 +13,16 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTMessageWindowController.h"
-#import "SNTXPCNotifierInterface.h"
+#import "Source/common/SNTCachedDecision.h"
 
-/// Keeps track of pending notifications and ensures only one is presented to the user at a time.
-@interface SNTNotificationManager : NSObject<SNTMessageWindowControllerDelegate, SNTNotifierXPC>
+@implementation SNTCachedDecision
 
+- (instancetype)initWithEndpointSecurityFile:(const es_file_t *)esFile {
+  self = [super init];
+  if (self) {
+    _vnodeId = SantaVnode::VnodeForFile(esFile);
+  }
+  return self;
+}
 
 @end

Source/common/SNTCachedDecisionTest.mm

@@ -0,0 +1,36 @@
+/// Copyright 2022 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import <XCTest/XCTest.h>
+
+#import "Source/common/SNTCachedDecision.h"
+#include "Source/common/TestUtils.h"
+
+@interface SNTCachedDecisionTest : XCTestCase
+@end
+
+@implementation SNTCachedDecisionTest
+
+- (void)testSNTCachedDecisionInit {
+  // Ensure the vnodeId field is properly set from the es_file_t
+  struct stat sb = MakeStat();
+  es_file_t file = MakeESFile("foo", sb);
+
+  SNTCachedDecision *cd = [[SNTCachedDecision alloc] initWithEndpointSecurityFile:&file];
+
+  XCTAssertEqual(sb.st_ino, cd.vnodeId.fileid);
+  XCTAssertEqual(sb.st_dev, cd.vnodeId.fsid);
+}
+
+@end

Source/common/SNTCertificate.h

@@ -1,67 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-/// SNTCertificate wraps a @c SecCertificateRef to provide Objective-C accessors to
-/// commonly used certificate data. Accessors cache data for repeated access.
-@interface SNTCertificate : NSObject<NSSecureCoding>
-
-/// Initialize a SNTCertificate object with a valid SecCertificateRef. Designated initializer.
-- (instancetype)initWithSecCertificateRef:(SecCertificateRef)certRef;
-
-/// Initialize a SNTCertificate object with certificate data in DER format.
-/// Returns nil if |certData| is invalid.
-- (instancetype)initWithCertificateDataDER:(NSData *)certData;
-
-/// Initialize a SNTCertificate object with certificate data in PEM format.
-/// If multiple PEM certificates exist within the string, the first is used.
-/// Returns nil if |certData| is invalid.
-- (instancetype)initWithCertificateDataPEM:(NSString *)certData;
-
-/// Returns an array of SNTCertificate's for all of the certificates in |pemData|.
-+ (NSArray *)certificatesFromPEM:(NSString *)pemData;
-
-/// Access the underlying certificate ref.
-@property(readonly) SecCertificateRef certRef;
-
-/// SHA-1 hash of the certificate data.
-@property(readonly) NSString *SHA1;
-
-/// Certificate data.
-@property(readonly) NSData *certData;
-
-/// Common Name e.g: "Software Signing"
-@property(readonly) NSString *commonName;
-
-/// Country Name e.g: "US"
-@property(readonly) NSString *countryName;
-
-/// Organizational Name e.g: "Apple Inc."
-@property(readonly) NSString *orgName;
-
-/// Organizational Unit Name e.g: "Apple Software"
-@property(readonly) NSString *orgUnit;
-
-/// Issuer details, same fields as above.
-@property(readonly) NSString *issuerCommonName;
-@property(readonly) NSString *issuerCountryName;
-@property(readonly) NSString *issuerOrgName;
-@property(readonly) NSString *issuerOrgUnit;
-
-/// Validity Not Before
-@property(readonly) NSDate *validFrom;
-
-/// Validity Not After
-@property(readonly) NSDate *validUntil;
-
-@end

Source/common/SNTCertificate.m

@@ -1,336 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTCertificate.h"
-
-#import <CommonCrypto/CommonDigest.h>
-#import <Security/Security.h>
-
-@interface SNTCertificate ()
-/// A container for cached property values
-@property NSMutableDictionary *memoizedData;
-@end
-
-@implementation SNTCertificate
-
-static NSString *const kCertDataKey = @"certData";
-
-#pragma mark Init/Dealloc
-
-- (instancetype)initWithSecCertificateRef:(SecCertificateRef)certRef {
-  self = [super init];
-  if (self) {
-    _certRef = certRef;
-    CFRetain(_certRef);
-  }
-  return self;
-}
-
-- (instancetype)initWithCertificateDataDER:(NSData *)certData {
-  SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
-
-  if (cert) {
-    // Despite the header file claiming that SecCertificateCreateWithData will return NULL if
-    // |certData| doesn't contain a valid DER-encoded X509 cert, this isn't always true.
-    // radar://problem/16124651
-    // To workaround, check that the certificate serial number can be retrieved.
-    NSData *ser = CFBridgingRelease(SecCertificateCopySerialNumber(cert, NULL));
-    if (ser) {
-      self = [self initWithSecCertificateRef:cert];
-    } else {
-      self = nil;
-    }
-    CFRelease(cert);  // was retained in initWithSecCertificateRef
-  } else {
-    self = nil;
-  }
-
-  return self;
-}
-
-- (instancetype)initWithCertificateDataPEM:(NSString *)certData {
-  // Find the PEM and extract the base64-encoded DER data from within
-  NSScanner *scanner = [NSScanner scannerWithString:certData];
-  NSString *base64der;
-
-  // Locate and parse DER data into |base64der|
-  [scanner scanUpToString:@"-----BEGIN CERTIFICATE-----" intoString:NULL];
-  if (!([scanner scanString:@"-----BEGIN CERTIFICATE-----" intoString:NULL] &&
-        [scanner scanUpToString:@"-----END CERTIFICATE-----" intoString:&base64der] &&
-        [scanner scanString:@"-----END CERTIFICATE-----" intoString:NULL])) {
-    return nil;
-  }
-
-  // base64-decode the DER
-  SecTransformRef transform = SecDecodeTransformCreate(kSecBase64Encoding, NULL);
-  if (!transform) return nil;
-  NSData *input = [base64der dataUsingEncoding:NSUTF8StringEncoding];
-  NSData *output = nil;
-
-  if (SecTransformSetAttribute(transform,
-                             kSecTransformInputAttributeName,
-                             (__bridge CFDataRef)input,
-                             NULL)) {
-    output = CFBridgingRelease(SecTransformExecute(transform, NULL));
-  }
-  if (transform) CFRelease(transform);
-
-  return [self initWithCertificateDataDER:output];
-}
-
-+ (NSArray *)certificatesFromPEM:(NSString *)pemData {
-  NSScanner *scanner = [NSScanner scannerWithString:pemData];
-  NSMutableArray *certs = [[NSMutableArray alloc] init];
-
-  while (YES) {
-    NSString *curCert;
-
-    [scanner scanUpToString:@"-----BEGIN CERTIFICATE-----" intoString:NULL];
-    [scanner scanUpToString:@"-----END CERTIFICATE-----" intoString:&curCert];
-
-    // If there was no data, break.
-    if (!curCert) break;
-
-    curCert = [curCert stringByAppendingString:@"-----END CERTIFICATE-----"];
-    SNTCertificate *cert = [[SNTCertificate alloc] initWithCertificateDataPEM:curCert];
-
-    // If the data couldn't be turned into a valid SNTCertificate, continue.
-    if (!cert) continue;
-
-    [certs addObject:cert];
-  }
-
-  return certs;
-}
-
-- (instancetype)init {
-  [self doesNotRecognizeSelector:_cmd];
-  return nil;
-}
-
-- (void)dealloc {
-  if (_certRef) CFRelease(_certRef);
-}
-
-#pragma mark Equality & description
-
-- (BOOL)isEqual:(SNTCertificate *)other {
-  if (self == other) return YES;
-  if (![other isKindOfClass:[SNTCertificate class]]) return NO;
-
-  return [self.certData isEqual:other.certData];
-}
-
-- (NSUInteger)hash {
-  return [self.certData hash];
-}
-
-- (NSString *)description {
-  return [NSString stringWithFormat:@"/O=%@/OU=%@/CN=%@",
-          self.orgName,
-          self.orgUnit,
-          self.commonName];
-}
-
-#pragma mark NSSecureCoding
-
-+ (BOOL)supportsSecureCoding {
-  return YES;
-}
-
-- (void)encodeWithCoder:(NSCoder *)coder {
-  [coder encodeObject:self.certData forKey:kCertDataKey];
-}
-
-- (instancetype)initWithCoder:(NSCoder *)decoder {
-  NSData *certData = [decoder decodeObjectOfClass:[NSData class] forKey:kCertDataKey];
-  if ([certData length] == 0) return nil;
-  SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
-  self = [self initWithSecCertificateRef:cert];
-  if (cert) CFRelease(cert);
-  return self;
-}
-
-#pragma mark Private Accessors
-
-/// For a given selector, caches the value that selector would return on subsequent invocations,
-/// using the provided block to get the value on the first invocation.
-/// Assumes the selector's value will never change.
-- (id)memoizedSelector:(SEL)selector forBlock:(id (^)(void))block {
-  NSString *selName = NSStringFromSelector(selector);
-
-  if (!self.memoizedData) {
-    self.memoizedData = [NSMutableDictionary dictionary];
-  }
-
-  if (!self.memoizedData[selName]) {
-    id val = block();
-    if (val) {
-      self.memoizedData[selName] = val;
-    } else {
-      self.memoizedData[selName] = [NSNull null];
-    }
-  }
-
-  // Return the value if there is one, or nil if the value is NSNull
-  return self.memoizedData[selName] != [NSNull null] ? self.memoizedData[selName] : nil;
-}
-
-- (NSDictionary *)allCertificateValues {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return CFBridgingRelease(SecCertificateCopyValues(self.certRef, NULL, NULL));
-  }];
-}
-
-- (NSDictionary *)x509SubjectName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self allCertificateValues][(__bridge NSString *)kSecOIDX509V1SubjectName];
-  }];
-}
-
-- (NSDictionary *)x509IssuerName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self allCertificateValues][(__bridge NSString *)kSecOIDX509V1IssuerName];
-  }];
-}
-
-/// Retrieve the value with the specified label from the X509 dictionary provided
-/// @param desiredLabel The label you want, e.g: kSecOIDOrganizationName.
-/// @param dict The dictionary to look in (Subject or Issuer)
-/// @returns An @c NSString, the value for the specified label.
-- (NSString *)x509ValueForLabel:(NSString *)desiredLabel fromDictionary:(NSDictionary *)dict {
-  @try {
-    NSArray *valArray = dict[(__bridge NSString *)kSecPropertyKeyValue];
-
-    for (NSDictionary *curCertVal in valArray) {
-      NSString *valueLabel = curCertVal[(__bridge NSString *)kSecPropertyKeyLabel];
-      if ([valueLabel isEqual:desiredLabel]) {
-        return curCertVal[(__bridge NSString *)kSecPropertyKeyValue];
-      }
-    }
-    return nil;
-  }
-  @catch (NSException *exception) {
-    return nil;
-  }
-}
-
-/// Retrieve the specified date from the certificate's values and convert from a reference date
-/// to an NSDate object.
-/// @param key The identifier for the date: @c kSecOIDX509V1ValiditityNot{Before,After}
-/// @return An @c NSDate representing the date and time the certificate is valid from or expires.
-- (NSDate *)dateForX509Key:(NSString *)key {
-  NSDictionary *curCertVal = [self allCertificateValues][key];
-  NSNumber *value = curCertVal[(__bridge NSString *)kSecPropertyKeyValue];
-
-  NSTimeInterval interval = [value doubleValue];
-  if (interval) {
-    return [NSDate dateWithTimeIntervalSinceReferenceDate:interval];
-  }
-
-  return nil;
-}
-
-#pragma mark Public Accessors
-
-- (NSString *)SHA1 {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      NSMutableData *SHA1Buffer = [[NSMutableData alloc] initWithCapacity:CC_SHA1_DIGEST_LENGTH];
-
-      CC_SHA1([self.certData bytes], (CC_LONG)[self.certData length], [SHA1Buffer mutableBytes]);
-
-      const unsigned char *bytes = (const unsigned char *)[SHA1Buffer bytes];
-      return [NSString stringWithFormat:
-          @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
-          bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7], bytes[8],
-          bytes[9], bytes[10], bytes[11], bytes[12], bytes[13], bytes[14], bytes[15], bytes[16],
-          bytes[17], bytes[18], bytes[19]];
-  }];
-}
-
-- (NSData *)certData {
-  return CFBridgingRelease(SecCertificateCopyData(self.certRef));
-}
-
-- (NSString *)commonName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      CFStringRef commonName = NULL;
-      SecCertificateCopyCommonName(self.certRef, &commonName);
-      return CFBridgingRelease(commonName);
-  }];
-}
-
-- (NSString *)countryName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDCountryName
-                      fromDictionary:[self x509SubjectName]];
-  }];
-}
-
-- (NSString *)orgName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDOrganizationName
-                      fromDictionary:[self x509SubjectName]];
-  }];
-}
-
-- (NSString *)orgUnit {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDOrganizationalUnitName
-                      fromDictionary:[self x509SubjectName]];
-  }];
-}
-
-- (NSDate *)validFrom {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self dateForX509Key:(__bridge NSString *)kSecOIDX509V1ValidityNotBefore];
-  }];
-}
-
-- (NSDate *)validUntil {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self dateForX509Key:(__bridge NSString *)kSecOIDX509V1ValidityNotAfter];
-  }];
-}
-
-- (NSString *)issuerCommonName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDCommonName
-                      fromDictionary:[self x509IssuerName]];
-  }];
-}
-
-- (NSString *)issuerCountryName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDCountryName
-                      fromDictionary:[self x509IssuerName]];
-  }];
-}
-
-- (NSString *)issuerOrgName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDOrganizationName
-                      fromDictionary:[self x509IssuerName]];
-  }];
-}
-
-- (NSString *)issuerOrgUnit {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDOrganizationalUnitName
-                      fromDictionary:[self x509IssuerName]];
-  }];
-}
-
-
-@end

Source/common/SNTCodesignChecker.h

@@ -1,55 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-@class SNTCertificate;
-
-/// SNTCodesignChecker validates a binary (either on-disk or in memory) has been signed
-/// and if so allows for pulling out the certificates that were used to sign it.
-@interface SNTCodesignChecker : NSObject
-
-/// The SecStaticCodeRef that this SNTCodesignChecker is working around
-@property(readonly) SecStaticCodeRef codeRef;
-
-/// Returns a dictionary of raw signing information
-@property(readonly) NSDictionary *signingInformation;
-
-/// Returns an array of @c SNTCertificate objects representing the chain that signed this binary.
-@property(readonly) NSArray *certificates;
-
-/// Returns the leaf certificate that this binary was signed with
-@property(readonly) SNTCertificate *leafCertificate;
-
-/// Returns the on-disk path of this binary.
-@property(readonly) NSString *binaryPath;
-
-/// Initialize an @c SNTCodesignChecker with a SecStaticCodeRef
-/// Designated initializer.
-/// Takes ownership of @c codeRef.
-- (instancetype)initWithSecStaticCodeRef:(SecStaticCodeRef)codeRef;
-
-/// Initialize an @c SNTCodesignChecker with a binary on disk.
-/// Returns nil if @c binaryPath does not exist, is not a binary or is not codesigned.
-- (instancetype)initWithBinaryPath:(NSString *)binaryPath;
-
-/// Initialize an @c SNTCodesignChecker with the PID of a running process.
-- (instancetype)initWithPID:(pid_t)PID;
-
-/// Initialize an @c SNTCodesignChecker for the currently-running process.
-- (instancetype)initWithSelf;
-
-/// Returns true if the binary represented by @c otherChecker has signing information that matches
-/// this binary.
-- (BOOL)signingInformationMatches:(SNTCodesignChecker *)otherChecker;
-
-@end

Source/common/SNTCodesignChecker.m

@@ -1,190 +0,0 @@
-/// Copyright 2014 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTCodesignChecker.h"
-
-#import <Security/Security.h>
-
-#import "SNTCertificate.h"
-
-
-// kStaticSigningFlags are the flags used when validating signatures on disk.
-//
-// Don't validate resources but do validate nested code. Ignoring resources _dramatically_ speeds
-// up validation (see below) but does mean images, plists, etc will not be checked and modifying
-// these will not be considered invalid. To ensure any code inside the binary is still checked,
-// we check nested code.
-//
-// Timings with different flags:
-//   Checking Xcode 5.1.1 bundle:
-//      kSecCSDefaultFlags:                                   3.895s
-//      kSecCSDoNotValidateResources:                         0.013s
-//      kSecCSDoNotValidateResources | kSecCSCheckNestedCode: 0.013s
-//
-//   Checking Google Chrome 36.0.1985.143 bundle:
-//      kSecCSDefaultFlags:                                   0.529s
-//      kSecCSDoNotValidateResources:                         0.032s
-//      kSecCSDoNotValidateResources | kSecCSCheckNestedCode: 0.033s
-//
-const SecCSFlags kStaticSigningFlags = kSecCSDoNotValidateResources | kSecCSCheckNestedCode;
-
-// kSigningFlags are the flags used when validating signatures for running binaries.
-//
-// No special flags needed currently.
-const SecCSFlags kSigningFlags = kSecCSDefaultFlags;
-
-
-@implementation SNTCodesignChecker {
-  /// Array of @c SNTCertificate's representing the chain of certs this executable was signed with.
-  NSMutableArray *_certificates;
-}
-
-#pragma mark Init/dealloc
-
-- (instancetype)initWithSecStaticCodeRef:(SecStaticCodeRef)codeRef {
-  self = [super init];
-
-  if (self) {
-    // First check the signing is valid
-    if (CFGetTypeID(codeRef) == SecStaticCodeGetTypeID()) {
-      if (SecStaticCodeCheckValidity(codeRef, kStaticSigningFlags, NULL) != errSecSuccess) {
-        return nil;
-      }
-    } else if (CFGetTypeID(codeRef) == SecCodeGetTypeID()) {
-      if (SecCodeCheckValidity((SecCodeRef)codeRef, kSigningFlags, NULL) != errSecSuccess) {
-        return nil;
-      }
-    } else {
-      return nil;
-    }
-
-    // Get CFDictionary of signing information for binary
-    OSStatus status = errSecSuccess;
-    CFDictionaryRef signingDict = NULL;
-    status = SecCodeCopySigningInformation(codeRef, kSecCSSigningInformation, &signingDict);
-    _signingInformation = CFBridgingRelease(signingDict);
-    if (status != errSecSuccess) return nil;
-
-    // Get array of certificates.
-    NSArray *certs = _signingInformation[(id)kSecCodeInfoCertificates];
-    if (!certs) return nil;
-
-    // Wrap SecCertificateRef objects in SNTCertificate and put in a new NSArray
-    _certificates = [[NSMutableArray alloc] initWithCapacity:certs.count];
-    for (int i = 0; i < certs.count; ++i) {
-      SecCertificateRef certRef = (__bridge SecCertificateRef)certs[i];
-      SNTCertificate *newCert = [[SNTCertificate alloc] initWithSecCertificateRef:certRef];
-      [_certificates addObject:newCert];
-    }
-
-    _codeRef = codeRef;
-    CFRetain(_codeRef);
-  }
-
-  return self;
-}
-
-- (instancetype)initWithBinaryPath:(NSString *)binaryPath {
-  SecStaticCodeRef codeRef = NULL;
-
-  // Get SecStaticCodeRef for binary
-  if (SecStaticCodeCreateWithPath((__bridge CFURLRef)[NSURL fileURLWithPath:binaryPath
-                                                                isDirectory:NO],
-                                  kSecCSDefaultFlags,
-                                  &codeRef) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeRef];
-  } else {
-    self = nil;
-  }
-
-  if (codeRef) CFRelease(codeRef);
-  return self;
-}
-
-- (instancetype)initWithPID:(pid_t)PID {
-  SecCodeRef codeRef = NULL;
-  NSDictionary *attributes = @{(__bridge NSString *)kSecGuestAttributePid: @(PID)};
-
-  if (SecCodeCopyGuestWithAttributes(NULL,
-                                     (__bridge CFDictionaryRef)attributes,
-                                     kSecCSDefaultFlags,
-                                     &codeRef) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeRef];
-  } else {
-    self = nil;
-  }
-
-  if (codeRef) CFRelease(codeRef);
-  return self;
-}
-
-- (instancetype)initWithSelf {
-  SecCodeRef codeSelf = NULL;
-  if (SecCodeCopySelf(kSecCSDefaultFlags, &codeSelf) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeSelf];
-  } else {
-    self = nil;
-  }
-
-  if (codeSelf) CFRelease(codeSelf);
-  return self;
-}
-
-- (instancetype)init {
-  [self doesNotRecognizeSelector:_cmd];
-  return nil;
-}
-
-- (void)dealloc {
-  if (_codeRef) {
-    CFRelease(_codeRef);
-    _codeRef = NULL;
-  }
-}
-
-#pragma mark Description
-
-- (NSString *)description {
-  NSString *binarySource;
-  if (CFGetTypeID(self.codeRef) == SecStaticCodeGetTypeID()) {
-    binarySource = @"On-disk";
-  } else {
-    binarySource = @"In-memory";
-  }
-
-  return [NSString stringWithFormat:@"%@ binary, signed by %@, located at: %@",
-             binarySource,
-             self.leafCertificate.orgName,
-             self.binaryPath];
-}
-
-#pragma mark Public accessors
-
-- (SNTCertificate *)leafCertificate {
-  return [self.certificates firstObject];
-}
-
-- (NSString *)binaryPath {
-  CFURLRef path;
-  OSStatus status = SecCodeCopyPath(_codeRef, kSecCSDefaultFlags, &path);
-  NSURL *pathURL = CFBridgingRelease(path);
-  if (status != errSecSuccess) return nil;
-  return [pathURL path];
-}
-
-- (BOOL)signingInformationMatches:(SNTCodesignChecker *)otherChecker {
-  return [self.certificates isEqual:otherChecker.certificates];
-}
-
-@end

Source/common/SNTCodesignChecker.m.old

@@ -1,213 +0,0 @@
-#import "SNTCodesignChecker.h"
-
-#import <Security/Security.h>
-
-#import "SNTCertificate.h"
-
-
-// kStaticSigningFlags are the flags used when validating signatures on disk.
-//
-// Don't validate resources but do validate nested code. Ignoring resources _dramatically_ speeds
-// up validation (see below) but does mean images, plists, etc will not be checked and modifying
-// these will not be considered invalid. To ensure any code inside the binary is still checked,
-// we check nested code.
-//
-// Timings with different flags:
-//   Checking Xcode 5.1.1 bundle:
-//      kSecCSDefaultFlags:                                   3.895s
-//      kSecCSDoNotValidateResources:                         0.013s
-//      kSecCSDoNotValidateResources | kSecCSCheckNestedCode: 0.013s
-//
-//   Checking Google Chrome 36.0.1985.143 bundle:
-//      kSecCSDefaultFlags:                                   0.529s
-//      kSecCSDoNotValidateResources:                         0.032s
-//      kSecCSDoNotValidateResources | kSecCSCheckNestedCode: 0.033s
-//
-const SecCSFlags kStaticSigningFlags = kSecCSDoNotValidateResources | kSecCSCheckNestedCode;
-
-// kSigningFlags are the flags used when validating signatures for running binaries.
-//
-// No special flags needed currently.
-const SecCSFlags kSigningFlags = kSecCSDefaultFlags;
-
-
-@implementation SNTCodesignChecker
-
-#pragma mark Init/dealloc
-
-- (instancetype)initWithSecStaticCodeRef:(SecStaticCodeRef)codeRef {
-  self = [super init];
-
-  if (self) {
-    _codeRef = codeRef;
-    CFRetain(_codeRef);
-  }
-
-  return self;
-}
-
-- (instancetype)initWithBinaryPath:(NSString *)binaryPath {
-  SecStaticCodeRef codeRef = NULL;
-
-  // Get SecStaticCodeRef for binary
-  if (SecStaticCodeCreateWithPath((__bridge CFURLRef)[NSURL fileURLWithPath:binaryPath
-                                                                isDirectory:NO],
-                                  kSecCSDefaultFlags,
-                                  &codeRef) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeRef];
-  } else {
-    self = nil;
-  }
-
-  if (codeRef) CFRelease(codeRef);
-  return self;
-}
-
-- (instancetype)initWithPID:(pid_t)PID {
-  SecCodeRef codeRef = NULL;
-  NSDictionary *attributes = @{(__bridge NSString *)kSecGuestAttributePid: @(PID)};
-
-  if (SecCodeCopyGuestWithAttributes(NULL,
-                                     (__bridge CFDictionaryRef)attributes,
-                                     kSecCSDefaultFlags,
-                                     &codeRef) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeRef];
-  } else {
-    self = nil;
-  }
-
-  if (codeRef) CFRelease(codeRef);
-  return self;
-}
-
-- (instancetype)initWithSelf {
-  SecCodeRef codeSelf = NULL;
-  if (SecCodeCopySelf(kSecCSDefaultFlags, &codeSelf) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeSelf];
-  } else {
-    self = nil;
-  }
-
-  if (codeSelf) CFRelease(codeSelf);
-  return self;
-}
-
-- (instancetype)init {
-  [self doesNotRecognizeSelector:_cmd];
-  return nil;
-}
-
-- (void)dealloc {
-  if (_codeRef) CFRelease(_codeRef);
-}
-
-#pragma mark Validate
-
-- (OSStatus)validate {
-  return [self validateWithRequirement:NULL];
-}
-
-- (OSStatus)validateAppleAnchor {
-  SecRequirementRef req = NULL;
-  SecRequirementCreateWithString(CFSTR("anchor apple"), kSecCSDefaultFlags, &req);
-  return [self validateWithRequirement:req];
-}
-
-- (OSStatus)validateAppleAnchorGeneric {
-  SecRequirementRef req = NULL;
-  SecRequirementCreateWithString(CFSTR("anchor apple generic"), kSecCSDefaultFlags, &req);
-  return [self validateWithRequirement:req];
-}
-
-- (OSStatus)validateWithRequirement:(SecRequirementRef)requirement {
-  // Validate the binary and save the return code.
-  if (CFGetTypeID(self.codeRef) == SecStaticCodeGetTypeID()) {
-    return SecStaticCodeCheckValidity(self.codeRef, kStaticSigningFlags, requirement);
-  } else if (CFGetTypeID(self.codeRef) == SecCodeGetTypeID()) {
-    return SecCodeCheckValidity((SecCodeRef)self.codeRef, kSigningFlags, requirement);
-  } else {
-    return errSecCSSignatureNotVerifiable;
-  }
-}
-
-#pragma mark Description
-
-- (NSString *)description {
-  NSString *retStr;
-  if (CFGetTypeID(self.codeRef) == SecStaticCodeGetTypeID()) {
-    retStr = @"On-disk binary, ";
-  } else {
-    retStr = @"In-memory binary, ";
-  }
-
-  if ([self validate] == errSecSuccess) {
-    [retStr appendFormat:@"signed by %@, ", self.leafCertificate.orgName];
-  } else {
-    [retStr appendFormat:@"unsigned, "];
-  }
-
-  [retStr appendFormat:@"located at: %@", self.binaryPath];
-
-  return retStr;
-}
-
-#pragma mark Public accessors
-
-- (NSDictionary *)signingInformation {
-  static NSDictionary *signingInformation = nil;
-  static dispatch_once_t onceToken;
-  dispatch_once(&onceToken, ^{
-    // Get dictionary of signing information for binary
-    CFDictionaryRef signingDict = NULL;
-    SecCodeCopySigningInformation(self.codeRef, kSecCSSigningInformation, &signingDict);
-    signingInformation = CFBridgingRelease(signingDict);
-  });
-  return signingInformation;
-}
-
-- (NSArray *)certificates {
-  static NSArray *certificates = nil;
-  static dispatch_once_t onceToken;
-  dispatch_once(&onceToken, ^{
-    // Get array of certificates, wrap each one in a SNTCertificate and store in a new array.
-    NSArray *certs = self.signingInformation[(__bridge NSString *)kSecCodeInfoCertificates];
-
-    NSMutableArray *tempCerts = [[NSMutableArray alloc] initWithCapacity:certs.count];
-    for (id cert in certs) {
-      SNTCertificate *newCert =
-          [[SNTCertificate alloc] initWithSecCertificateRef:(SecCertificateRef)cert];
-      if (newCert) [tempCerts addObject:newCert];
-    }
-    certificates = [tempCerts copy];
-  });
-  return certificates;
-}
-
-- (SNTCertificate *)leafCertificate {
-  return [self.certificates firstObject];
-}
-
-- (NSString *)binaryPath {
-  CFURLRef path;
-  OSStatus status = SecCodeCopyPath(_codeRef, kSecCSDefaultFlags, &path);
-  NSURL *pathURL = CFBridgingRelease(path);
-  if (status != errSecSuccess) return nil;
-  return [pathURL path];
-}
-
-#pragma mark Comparisons
-
-- (BOOL)signingChainMatches:(SNTCodesignChecker *)otherChecker {
-  return [self.certificates isEqual:otherChecker.certificates];
-}
-
-- (BOOL)teamSigningMatches:(SNTCodesignChecker *)otherChecker {
-  SNTCertificate *myLeaf = [self.certificates firstObject];
-  SNTCertificate *otherLeaf = [otherChecker.certificates firstObject];
-
-  return ([myLeaf.orgUnit isEqual:otherLeaf.orgUnit] &&
-          [self validateAppleAnchorGeneric] &&
-          [otherChecker validateAppleAnchorGeneric]);
-}
-
-@end

Source/common/SNTCommonEnums.h

@@ -1,4 +1,4 @@
-/// Copyright 2014 Google Inc. All rights reserved.
+/// Copyright 2015-2022 Google Inc. All rights reserved.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -12,55 +12,147 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#ifndef SANTA__COMMON__COMMONENUMS_H
-#define SANTA__COMMON__COMMONENUMS_H
+#import <Foundation/Foundation.h>
 
-// These enums are used in various places throughout the Santa client code.
-// The integer values are also stored in the database and so shouldn't be changed.
+///
+///  These enums are used in various places throughout the Santa client code.
+///  The integer values are also stored in the database and so shouldn't be changed.
+///
 
-// Each enum contains an _UNKNOWN and a _MAX value, which the valid values must be between so that
-// the code can easily verify valid values.
+typedef NS_ENUM(NSInteger, SNTAction) {
+  SNTActionUnset,
 
-typedef enum {
-  RULETYPE_UNKNOWN,
+  // REQUESTS
+  // If an operation is awaiting a cache decision from a similar operation
+  // currently being processed, it will poll about every 5 ms for an answer.
+  SNTActionRequestBinary,
 
-  RULETYPE_BINARY   = 1,
-  RULETYPE_CERT     = 2,
+  // RESPONSES
+  SNTActionRespondAllow,
+  SNTActionRespondDeny,
+  SNTActionRespondAllowCompiler,
+};
 
-  RULETYPE_MAX
-} santa_ruletype_t;
+#define RESPONSE_VALID(x) \
+  (x == SNTActionRespondAllow || x == SNTActionRespondDeny || x == SNTActionRespondAllowCompiler)
 
-typedef enum {
-  RULESTATE_UNKNOWN,
+typedef NS_ENUM(NSInteger, SNTRuleType) {
+  SNTRuleTypeUnknown,
 
-  RULESTATE_WHITELIST        = 1,
-  RULESTATE_BLACKLIST        = 2,
-  RULESTATE_SILENT_BLACKLIST = 3,
-  RULESTATE_REMOVE           = 4,
+  SNTRuleTypeBinary = 1,
+  SNTRuleTypeCertificate = 2,
+  SNTRuleTypeTeamID = 3,
+};
 
-  RULESTATE_MAX
-} santa_rulestate_t;
+typedef NS_ENUM(NSInteger, SNTRuleState) {
+  SNTRuleStateUnknown,
 
-typedef enum {
-  CLIENTMODE_UNKNOWN,
+  SNTRuleStateAllow = 1,
+  SNTRuleStateBlock = 2,
+  SNTRuleStateSilentBlock = 3,
+  SNTRuleStateRemove = 4,
 
-  CLIENTMODE_MONITOR  = 1,
-  CLIENTMODE_LOCKDOWN = 2,
+  SNTRuleStateAllowCompiler = 5,
+  SNTRuleStateAllowTransitive = 6,
+};
 
-  CLIENTMODE_MAX
-} santa_clientmode_t;
+typedef NS_ENUM(NSInteger, SNTClientMode) {
+  SNTClientModeUnknown,
 
-typedef enum {
-  EVENTSTATE_UNKNOWN,
+  SNTClientModeMonitor = 1,
+  SNTClientModeLockdown = 2,
+};
 
-  EVENTSTATE_ALLOW_UNKNOWN     = 1,
-  EVENTSTATE_ALLOW_BINARY      = 2,
-  EVENTSTATE_ALLOW_CERTIFICATE = 3,
-  EVENTSTATE_BLOCK_UNKNOWN     = 4,
-  EVENTSTATE_BLOCK_BINARY      = 5,
-  EVENTSTATE_BLOCK_CERTIFICATE = 6,
+typedef NS_ENUM(NSInteger, SNTEventState) {
+  // Bits 0-15 bits store non-decision types
+  SNTEventStateUnknown = 0,
+  SNTEventStateBundleBinary = 1,
 
-  EVENTSTATE_MAX
-} santa_eventstate_t;
+  // Bits 16-23 store deny decision types
+  SNTEventStateBlockUnknown = 1 << 16,
+  SNTEventStateBlockBinary = 1 << 17,
+  SNTEventStateBlockCertificate = 1 << 18,
+  SNTEventStateBlockScope = 1 << 19,
+  SNTEventStateBlockTeamID = 1 << 20,
+  SNTEventStateBlockLongPath = 1 << 21,
 
-#endif  // SANTA__COMMON__COMMONENUMS_H
+  // Bits 24-31 store allow decision types
+  SNTEventStateAllowUnknown = 1 << 24,
+  SNTEventStateAllowBinary = 1 << 25,
+  SNTEventStateAllowCertificate = 1 << 26,
+  SNTEventStateAllowScope = 1 << 27,
+  SNTEventStateAllowCompiler = 1 << 28,
+  SNTEventStateAllowTransitive = 1 << 29,
+  SNTEventStateAllowPendingTransitive = 1 << 30,
+  SNTEventStateAllowTeamID = 1 << 31,
+
+  // Block and Allow masks
+  SNTEventStateBlock = 0xFF << 16,
+  SNTEventStateAllow = 0xFF << 24
+};
+
+typedef NS_ENUM(NSInteger, SNTRuleTableError) {
+  SNTRuleTableErrorEmptyRuleArray,
+  SNTRuleTableErrorInsertOrReplaceFailed,
+  SNTRuleTableErrorInvalidRule,
+  SNTRuleTableErrorRemoveFailed
+};
+
+// This enum type is used to indicate what should be done with the related bundle events that are
+// generated when an initiating blocked bundle event occurs.
+typedef NS_ENUM(NSInteger, SNTBundleEventAction) {
+  SNTBundleEventActionDropEvents,
+  SNTBundleEventActionStoreEvents,
+  SNTBundleEventActionSendEvents,
+};
+
+// Indicates where to store event logs.
+typedef NS_ENUM(NSInteger, SNTEventLogType) {
+  SNTEventLogTypeSyslog,
+  SNTEventLogTypeFilelog,
+  SNTEventLogTypeProtobuf,
+  SNTEventLogTypeNull,
+};
+
+// The return status of a sync.
+typedef NS_ENUM(NSInteger, SNTSyncStatusType) {
+  SNTSyncStatusTypeSuccess,
+  SNTSyncStatusTypePreflightFailed,
+  SNTSyncStatusTypeEventUploadFailed,
+  SNTSyncStatusTypeRuleDownloadFailed,
+  SNTSyncStatusTypePostflightFailed,
+  SNTSyncStatusTypeTooManySyncsInProgress,
+  SNTSyncStatusTypeMissingSyncBaseURL,
+  SNTSyncStatusTypeMissingMachineID,
+  SNTSyncStatusTypeDaemonTimeout,
+  SNTSyncStatusTypeSyncStarted,
+  SNTSyncStatusTypeUnknown,
+};
+
+typedef NS_ENUM(NSInteger, SNTSyncContentEncoding) {
+  SNTSyncContentEncodingNone,
+  SNTSyncContentEncodingDeflate,
+  SNTSyncContentEncodingGzip,
+};
+
+typedef NS_ENUM(NSInteger, SNTMetricFormatType) {
+  SNTMetricFormatTypeUnknown,
+  SNTMetricFormatTypeRawJSON,
+  SNTMetricFormatTypeMonarchJSON,
+};
+
+#ifdef __cplusplus
+enum class FileAccessPolicyDecision {
+  kNoPolicy,
+  kDenied,
+  kDeniedInvalidSignature,
+  kAllowed,
+  kAllowedReadAccess,
+  kAllowedAuditOnly,
+};
+#endif
+
+static const char *kSantaDPath =
+  "/Applications/Santa.app/Contents/Library/SystemExtensions/"
+  "com.google.santa.daemon.systemextension/Contents/MacOS/com.google.santa.daemon";
+static const char *kSantaAppPath = "/Applications/Santa.app";

Source/common/SNTConfigurator.h

@@ -1,4 +1,4 @@
-/// Copyright 2014 Google Inc. All rights reserved.
+/// Copyright 2015-2022 Google Inc. All rights reserved.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -12,50 +12,580 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#include "SNTCommonEnums.h"
+#import <Foundation/Foundation.h>
 
-/// Singleton that provides an interface for managing configuration values on disk
-/// n.b: This class is designed as a singleton but is not enforced.
+#import "Source/common/SNTCommonEnums.h"
+
+@class SNTRule;
+
+///
+///  Singleton that provides an interface for managing configuration values on disk
+///  @note This class is designed as a singleton but that is not strictly enforced.
+///  @note All properties are KVO compliant.
+///
 @interface SNTConfigurator : NSObject
 
-/// The operating mode
-@property santa_clientmode_t clientMode;
+#pragma mark - Daemon Settings
 
-/// If YES, debug logging is enabled
-@property(readonly) BOOL debugLogging;
+///
+///  The operating mode. Defaults to MONITOR.
+///
+@property(readonly, nonatomic) SNTClientMode clientMode;
 
-# pragma mark - Sync Settings
+///
+///  Set the operating mode as received from a sync server.
+///
+- (void)setSyncServerClientMode:(SNTClientMode)newMode;
 
-/// The base URL of the sync server
-@property(readonly) NSURL *syncBaseURL;
+///
+///  Enable Fail Close mode. Defaults to NO.
+///  This controls Santa's behavior when a failure occurs, such as an
+///  inability to read a file. By default, to prevent bugs or misconfiguration
+///  from rendering a machine inoperable Santa will fail open and allow
+///  execution. With this setting enabled, Santa will fail closed if the client
+///  is in LOCKDOWN mode, offering a higher level of security but with a higher
+///  potential for causing problems.
+///
+@property(readonly, nonatomic) BOOL failClosed;
 
-/// The machine owner
-@property(readonly) NSString *machineOwner;
+///
+///  A set of static rules that should always apply. These can be used as a
+///  fallback set of rules for management tools that should always be allowed to
+///  run even if a sync server does something unexpected. It can also be used
+///  as the sole source of rules, distributed with an MDM.
+///
+///  The value of this key should be an array containing dictionaries. Each
+///  dictionary should contain the same keys used for syncing, e.g:
+///
+///  <key>StaticRules</key>
+///  <array>
+///    <dict>
+///      <key>identifier</key>
+///      <string>binary sha256, certificate sha256, team ID</string>
+///      <key>rule_type</key>
+///      <string>BINARY</string>  (one of BINARY, CERTIFICATE or TEAMID)
+///      <key>policy</key>
+///      <string>BLOCKLIST</string>  (one of ALLOWLIST, ALLOWLIST_COMPILER, BLOCKLIST,
+///                                   SILENT_BLOCKLIST)
+///    </dict>
+///  </array>
+///
+///  The return of this property is a dictionary where the keys are the
+///  identifiers of each rule, with the SNTRule as a value
+///
+@property(readonly, nonatomic) NSDictionary<NSString *, SNTRule *> *staticRules;
 
-/// If set, this over-rides the default machine ID used for syncing
-@property(readonly) NSString *machineIDOverride;
+///
+///  The regex of allowed paths. Regexes are specified in ICU format.
+///
+///  The regex flags IXSM can be used, though the s (dotall) and m (multiline) flags are
+///  pointless as a path only ever has a single line.
+///  If the regex doesn't begin with ^ to match from the beginning of the line, it will be added.
+///
+@property(readonly, nonatomic) NSRegularExpression *allowedPathRegex;
 
-# pragma mark Server Auth Settings
+///
+///  Set the regex of allowed paths as received from a sync server.
+///
+- (void)setSyncServerAllowedPathRegex:(NSRegularExpression *)re;
 
-/// If set, this is valid PEM containing one or more certificates to be used to evaluate the
-/// server's SSL chain, overriding the list of trusted CAs distributed with the OS.
-@property(readonly) NSData *syncServerAuthRootsData;
+///
+///  The regex of blocked paths. Regexes are specified in ICU format.
+///
+///  The regex flags IXSM can be used, though the s (dotall) and m (multiline) flags are
+///  pointless as a path only ever has a single line.
+///  If the regex doesn't begin with ^ to match from the beginning of the line, it will be added.
+///
+@property(readonly, nonatomic) NSRegularExpression *blockedPathRegex;
 
-/// This property is the same as the above but is a file on disk containing the PEM data.
-@property(readonly) NSString *syncServerAuthRootsFile;
+///
+///  Set the regex of blocked paths as received from a sync server.
+///
+- (void)setSyncServerBlockedPathRegex:(NSRegularExpression *)re;
 
-# pragma mark Client Auth Settings
+///
+///  The regex of paths to log file changes for. Regexes are specified in ICU format.
+///
+///  The regex flags IXSM can be used, though the s (dotalL) and m (multiline) flags are
+///  pointless as a path only ever has a single line.
+///  If the regex doesn't begin with ^ to match from the beginning of the line, it will be added.
+///
+@property(readonly, nonatomic) NSRegularExpression *fileChangesRegex;
 
-/// If set, this is the Common Name of a certificate in the System keychain to be used for
-/// sync authentication. The corresponding private key must also be in the keychain.
-@property(readonly) NSString *syncClientAuthCertificateCn;
+///
+///  A list of ignore prefixes which are checked in-kernel.
+///  This is more performant than FileChangesRegex when ignoring whole directory trees.
+///
+///  For example adding a prefix of "/private/tmp/" will turn off file change log generation
+///  in-kernel for that entire tree. Since they are ignored by the kernel, they never reach santad
+///  and are not seen by the fileChangesRegex. Note the trailing "/", without it any file or
+///  directory starting with "/private/tmp" would be ignored.
+///
+///  By default "/." and "/dev/" are added.
+///
+///  Memory in the kernel is precious. A total of MAXPATHLEN (1024) nodes are allowed.
+///  Using all 1024 nodes will result in santa-driver allocating ~2MB of wired memory.
+///  An ASCII character uses 1 node. An UTF-8 encoded Unicode character uses 1-4 nodes.
+///  Prefixes are added to the running config in-order, one by one. The prefix will be ignored if
+///  (the running config's current size) + (the prefix's size) totals up to more than 1024 nodes.
+///  The running config is stored in a prefix tree.
+///  Prefixes that share prefixes are effectively de-duped; their shared node sized components only
+///  take up 1 node. For example these 3 prefixes all have a common prefix of "/private/".
+///  They will only take up 21 nodes instead of 39.
+///
+///  "/private/tmp/"
+///  "/private/var/"
+///  "/private/new/"
+///
+///                                                              -> [t] -> [m] -> [p] -> [/]
+///
+///  [/] -> [p] -> [r] -> [i] -> [v] -> [a] -> [t] -> [e] -> [/] -> [v] -> [a] -> [r] -> [/]
+///
+///                                                              -> [n] -> [e] -> [w] -> [/]
+///
+///  Prefixes with Unicode characters work similarly. Assuming a UTF-8 encoding these two prefixes
+///  are actually the same for the first 3 nodes. They take up 7 nodes instead of 10.
+///
+///  "/🤘"
+///  "/🖖"
+///
+///                          -> [0xa4] -> [0x98]
+///
+///  [/] -> [0xf0] -> [0x9f]
+///
+///                          -> [0x96] -> [0x96]
+///
+///  To disable file change logging completely add "/".
+///  TODO(bur): Make this default if no FileChangesRegex is set.
+///
+///  Filters are only applied on santad startup.
+///  TODO(bur): Support add / remove of filters while santad is running.
+///
+@property(readonly, nonatomic) NSArray *fileChangesPrefixFilters;
 
-/// If set, this is the Issuer Name of a certificate in the System keychain to be used for
-/// sync authentication. The corresponding private key must also be in the keychain.
-@property(readonly) NSString *syncClientAuthCertificateIssuer;
+///
+///  Enable __PAGEZERO protection, defaults to YES
+///  If this flag is set to NO, 32-bit binaries that are missing
+///  the __PAGEZERO segment will not be blocked.
+///
+@property(readonly, nonatomic) BOOL enablePageZeroProtection;
 
+///
+///  Enable bad signature protection, defaults to NO.
+///  When enabled, a binary that is signed but has a bad signature (cert revoked, binary
+///  tampered with, etc.) will be blocked regardless of client-mode unless a binary allowlist
+///  rule exists.
+///
+@property(readonly, nonatomic) BOOL enableBadSignatureProtection;
 
-/// Retrieve the initialized singleton configurator object
+///
+///  Defines how event logs are stored. Options are:
+///    SNTEventLogTypeSyslog "syslog": Sent to ASL or ULS (if built with the 10.12 SDK or later).
+///    SNTEventLogTypeFilelog "file": Sent to a file on disk. Use eventLogPath to specify a path.
+///    SNTEventLogTypeNull "null": Logs nothing
+///    SNTEventLogTypeProtobuf "protobuf": (BETA) Sent to a file on disk, using a maildir-like
+///      format. Use spoolDirectory to specify a path. Use spoolDirectoryFileSizeThresholdKB,
+///      spoolDirectorySizeThresholdMB and spoolDirectoryEventMaxFlushTimeSec to configure
+///      additional settings.
+///    Defaults to SNTEventLogTypeFilelog.
+///    For mobileconfigs use EventLogType as the key and syslog or filelog strings as the value.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) SNTEventLogType eventLogType;
+
+///
+/// Returns the raw value of the EventLogType configuration key instead of being
+/// converted to the SNTEventLogType enum. If the key is not set, the default log
+/// type is returned.
+///
+@property(readonly, nonatomic) NSString *eventLogTypeRaw;
+
+///
+///  If eventLogType is set to Filelog, eventLogPath will provide the path to save logs.
+///  Defaults to /var/db/santa/santa.log.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) NSString *eventLogPath;
+
+///
+///  If eventLogType is set to protobuf, spoolDirectory will provide the base path used for
+///  saving logs using a maildir-like format.
+///  Defaults to /var/db/santa/spool.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) NSString *spoolDirectory;
+
+///
+///  If eventLogType is set to protobuf, spoolDirectoryFileSizeThresholdKB sets the per-file size
+///  limit for files saved in the spoolDirectory.
+///  Defaults to 250.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) NSUInteger spoolDirectoryFileSizeThresholdKB;
+
+///
+///  If eventLogType is set to protobuf, spoolDirectorySizeThresholdMB sets the total size
+///  limit for all files saved in the spoolDirectory.
+///  Defaults to 100.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) NSUInteger spoolDirectorySizeThresholdMB;
+
+///
+///  If eventLogType is set to protobuf, spoolDirectoryEventMaxFlushTimeSec sets the maximum amount
+///  of time an event will be stored in memory before being written to disk.
+///  Defaults to 15.0.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) float spoolDirectoryEventMaxFlushTimeSec;
+
+///
+///  If set, contains the filesystem access policy configuration.
+///
+///  @note: The property fileAccessPolicyPlist will be ignored if
+///         fileAccessPolicy is set.
+///  @note: This property is KVO compliant.
+///
+@property(readonly, nonatomic) NSDictionary *fileAccessPolicy;
+
+///
+///  If set, contains the path to the filesystem access policy config plist.
+///
+///  @note: This property will be ignored if fileAccessPolicy is set.
+///  @note: This property is KVO compliant.
+///
+@property(readonly, nonatomic) NSString *fileAccessPolicyPlist;
+
+///
+///  If fileAccessPolicyPlist is set, fileAccessPolicyUpdateIntervalSec
+///  sets the number of seconds between times that the configuration file is
+///  re-read and policies reconstructed.
+///  Defaults to 600 seconds (10 minutes)
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) uint32_t fileAccessPolicyUpdateIntervalSec;
+
+///
+/// Enabling this appends the Santa machine ID to the end of each log line. If nothing
+/// has been overriden, this is the host's UUID.
+/// Defaults to NO.
+///
+@property(readonly, nonatomic) BOOL enableMachineIDDecoration;
+
+#pragma mark - GUI Settings
+
+///
+///  When silent mode is enabled, Santa will never show notifications for
+///  blocked processes.
+///
+///  This can be a very confusing experience for users, use with caution.
+///
+///  Defaults to NO.
+///
+@property(readonly, nonatomic) BOOL enableSilentMode;
+
+///
+///  When silent TTY mode is enabled, Santa will not emit TTY notifications for
+///  blocked processes.
+///
+///  Defaults to NO.
+///
+@property(readonly, nonatomic) BOOL enableSilentTTYMode;
+
+///
+/// The text to display when opening Santa.app.
+/// If unset, the default text will be displayed.
+///
+@property(readonly, nonatomic) NSString *aboutText;
+
+///
+///  The URL to open when the user clicks "More Info..." when opening Santa.app.
+///  If unset, the button will not be displayed.
+///
+@property(readonly, nonatomic) NSURL *moreInfoURL;
+
+///
+///  When the user gets a block notification, a button can be displayed which will
+///  take them to a web page with more information about that event.
+///
+///  This property contains a kind of format string to be turned into the URL to send them to.
+///  The following sequences will be replaced in the final URL:
+///
+///  %file_sha%    -- SHA-256 of the file that was blocked.
+///  %machine_id%  -- ID of the machine.
+///  %username%    -- executing user.
+///  %serial%      -- System's serial number.
+///  %uuid%        -- System's UUID.
+///  %hostname%    -- System's full hostname.
+///
+///  @note: This is not an NSURL because the format-string parsing is done elsewhere.
+///
+///  If this item isn't set, the Open Event button will not be displayed.
+///
+@property(readonly, nonatomic) NSString *eventDetailURL;
+
+///
+///  Related to the above property, this string represents the text to show on the button.
+///
+@property(readonly, nonatomic) NSString *eventDetailText;
+
+///
+///  In lockdown mode this is the message shown to the user when an unknown binary
+///  is blocked. If this message is not configured, a reasonable default is provided.
+///
+@property(readonly, nonatomic) NSString *unknownBlockMessage;
+
+///
+///  This is the message shown to the user when a binary is blocked because of a rule,
+///  if that rule doesn't provide a custom message. If this is not configured, a reasonable
+///  default is provided.
+///
+@property(readonly, nonatomic) NSString *bannedBlockMessage;
+
+///
+/// This is the message shown to the user when a USB storage device's mount is denied
+/// from the BlockUSB configuration setting. If not configured, a reasonable
+/// default is provided.
+///
+@property(readonly, nonatomic) NSString *bannedUSBBlockMessage;
+
+///
+/// This is the message shown to the user when a USB storage device's mount is forcibly
+/// remounted to a different set of permissions from the BlockUSB and RemountUSBMode
+/// configuration settings. If not configured, a reasonable default is provided.
+///
+@property(readonly, nonatomic) NSString *remountUSBBlockMessage;
+
+///
+///  The notification text to display when the client goes into MONITOR mode.
+///  Defaults to "Switching into Monitor mode"
+///
+@property(readonly, nonatomic) NSString *modeNotificationMonitor;
+
+///
+///  The notification text to display when the client goes into LOCKDOWN mode.
+///  Defaults to "Switching into Lockdown mode"
+///
+@property(readonly, nonatomic) NSString *modeNotificationLockdown;
+
+#pragma mark - Sync Settings
+
+///
+///  The base URL of the sync server.
+///
+@property(readonly, nonatomic) NSURL *syncBaseURL;
+
+///
+///  Proxy settings for syncing.
+///  This dictionary is passed directly to NSURLSession. The allowed keys
+///  are loosely documented at
+///  https://developer.apple.com/documentation/cfnetwork/global_proxy_settings_constants.
+///
+@property(readonly, nonatomic) NSDictionary *syncProxyConfig;
+
+///
+///  The machine owner.
+///
+@property(readonly, nonatomic) NSString *machineOwner;
+
+///
+///  The last date of a successful full sync.
+///
+@property(nonatomic) NSDate *fullSyncLastSuccess;
+
+///
+///  The last date of a successful rule sync.
+///
+@property(nonatomic) NSDate *ruleSyncLastSuccess;
+
+///
+///  If YES a clean sync is required.
+///
+@property(nonatomic) BOOL syncCleanRequired;
+
+#pragma mark - USB Settings
+
+///
+/// USB Mount Blocking. Defaults to false.
+///
+@property(nonatomic) BOOL blockUSBMount;
+
+///
+/// Comma-seperated `$ mount -o` arguments used for forced remounting of USB devices. Default
+/// to fully allow/deny without remounting if unset.
+///
+@property(nonatomic) NSArray<NSString *> *remountUSBMode;
+
+///
+///  If set, this over-rides the default machine ID used for syncing.
+///
+@property(readonly, nonatomic) NSString *machineID;
+
+///
+///  If YES, enables bundle detection for blocked events. This property is not stored on disk.
+///  Its value is set by a sync server that supports bundles. Defaults to NO.
+///
+@property BOOL enableBundles;
+
+#pragma mark Transitive Allowlist Settings
+
+///
+///  If YES, binaries marked with SNTRuleStateAllowCompiler rules are allowed to transitively
+///  allow any executables that they produce.  If NO, SNTRuleStateAllowCompiler rules are
+///  interpreted as if they were simply SNTRuleStateAllow rules.  Defaults to NO.
+///
+@property BOOL enableTransitiveRules;
+
+#pragma mark Server Auth Settings
+
+///
+///  If set, this is valid PEM containing one or more certificates to be used to evaluate the
+///  server's SSL chain, overriding the list of trusted CAs distributed with the OS.
+///
+@property(readonly, nonatomic) NSData *syncServerAuthRootsData;
+
+///
+///  This property is the same as the above but is a file on disk containing the PEM data.
+///
+@property(readonly, nonatomic) NSString *syncServerAuthRootsFile;
+
+#pragma mark Client Auth Settings
+
+///
+///  If set, this contains the location of a PKCS#12 certificate to be used for sync authentication.
+///
+@property(readonly, nonatomic) NSString *syncClientAuthCertificateFile;
+
+///
+///  Contains the password for the pkcs#12 certificate.
+///
+@property(readonly, nonatomic) NSString *syncClientAuthCertificatePassword;
+
+///
+///  If set, this is the Common Name of a certificate in the System keychain to be used for
+///  sync authentication. The corresponding private key must also be in the keychain.
+///
+@property(readonly, nonatomic) NSString *syncClientAuthCertificateCn;
+
+///
+///  If set, this is the Issuer Name of a certificate in the System keychain to be used for
+///  sync authentication. The corresponding private key must also be in the keychain.
+///
+@property(readonly, nonatomic) NSString *syncClientAuthCertificateIssuer;
+
+///
+///  If true, syncs will upload events when a clean sync is requested. Defaults to false.
+///
+@property(readonly, nonatomic) BOOL enableCleanSyncEventUpload;
+
+///
+///  If true, events will be uploaded for all executions, even those that are allowed.
+///  Use with caution, this generates a lot of events. Defaults to false.
+///
+@property(nonatomic) BOOL enableAllEventUpload;
+
+///
+///  If true, events will *not* be uploaded for ALLOW_UNKNOWN events for clients in Monitor mode.
+///
+@property(nonatomic) BOOL disableUnknownEventUpload;
+
+///
+///  If true, forks and exits will be logged. Defaults to false.
+///
+@property(readonly, nonatomic) BOOL enableForkAndExitLogging;
+
+///
+///  If true, ignore actions from other endpoint security clients. Defaults to false. This only
+///  applies when running as a sysx.
+///
+@property(readonly, nonatomic) BOOL ignoreOtherEndpointSecurityClients;
+
+///
+///  If true, debug logging will be enabled for all Santa components. Defaults to false.
+///  Passing --debug as an executable argument will enable debug logging for that specific
+///  component.
+///
+@property(readonly, nonatomic) BOOL enableDebugLogging;
+
+///
+///  If true, compressed requests from "santactl sync" will set "Content-Encoding" to "zlib"
+///  instead of the new default "deflate". If syncing with Upvote deployed at commit 0b4477d
+///  or below, set this option to true.
+///  Defaults to false.
+///
+@property(readonly, nonatomic) BOOL enableBackwardsCompatibleContentEncoding;
+
+///
+/// If set, "santactl sync" will use the supplied "Content-Encoding", possible
+/// settings include "gzip", "deflate", "none". If empty defaults to "deflate".
+///
+@property(readonly, nonatomic) SNTSyncContentEncoding syncClientContentEncoding;
+
+///
+///  Contains the FCM project name.
+///
+@property(readonly, nonatomic) NSString *fcmProject;
+
+///
+///  Contains the FCM project entity.
+///
+@property(readonly, nonatomic) NSString *fcmEntity;
+
+///
+///  Contains the FCM project API key.
+///
+@property(readonly, nonatomic) NSString *fcmAPIKey;
+
+///
+///  True if fcmProject, fcmEntity and fcmAPIKey are all set. Defaults to false.
+///
+@property(readonly, nonatomic) BOOL fcmEnabled;
+
+///
+/// True if metricsFormat and metricsURL are set. False otherwise.
+///
+@property(readonly, nonatomic) BOOL exportMetrics;
+
+///
+/// Format to export Metrics as.
+///
+@property(readonly, nonatomic) SNTMetricFormatType metricFormat;
+
+///
+/// URL describing where metrics are exported, defaults to nil.
+///
+@property(readonly, nonatomic) NSURL *metricURL;
+
+///
+/// Extra Metric Labels to add to the metrics payloads.
+///
+@property(readonly, nonatomic) NSDictionary *extraMetricLabels;
+
+///
+/// Duration in seconds of how often the metrics should be exported.
+///
+@property(readonly, nonatomic) NSUInteger metricExportInterval;
+
+///
+/// Duration in seconds for metrics export timeout. Defaults to 30;
+///
+@property(readonly, nonatomic) NSUInteger metricExportTimeout;
+
+///
+///  Retrieve an initialized singleton configurator object using the default file path.
+///
 + (instancetype)configurator;
 
+///
+///  Clear the sync server configuration from the effective configuration.
+///
+- (void)clearSyncState;
+
 @end

Source/common/SNTDeviceEvent.h

@@ -0,0 +1,27 @@
+/// Copyright 2022 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import <Foundation/Foundation.h>
+
+@interface SNTDeviceEvent : NSObject <NSSecureCoding>
+
+- (instancetype)initWithOnName:(NSString *)mntonname fromName:(NSString *)mntfromname;
+
+@property NSString *mntonname;
+@property NSString *mntfromname;
+@property NSArray<NSString *> *remountArgs;
+
+- (NSString *)readableRemountArgs;
+
+@end

Source/common/SNTDeviceEvent.m

@@ -0,0 +1,63 @@
+#import "Source/common/SNTDeviceEvent.h"
+
+@implementation SNTDeviceEvent
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wobjc-literal-conversion"
+
+#define ENCODE(obj, key) \
+  if (obj) [coder encodeObject:obj forKey:key]
+#define DECODE(cls, key) [decoder decodeObjectOfClass:[cls class] forKey:key]
+#define DECODEARRAY(cls, key)                                                             \
+  [decoder decodeObjectOfClasses:[NSSet setWithObjects:[NSArray class], [cls class], nil] \
+                          forKey:key]
+
+- (instancetype)initWithOnName:(NSString *)mntonname fromName:(NSString *)mntfromname {
+  self = [super init];
+  if (self) {
+    _mntonname = mntonname;
+    _mntfromname = mntfromname;
+  }
+  return self;
+}
+
++ (BOOL)supportsSecureCoding {
+  return YES;
+}
+
+- (void)encodeWithCoder:(NSCoder *)coder {
+  ENCODE(self.mntonname, @"mntonname");
+  ENCODE(self.mntfromname, @"mntfromname");
+  ENCODE(self.remountArgs, @"remountArgs");
+}
+
+- (instancetype)initWithCoder:(NSCoder *)decoder {
+  self = [super init];
+  if (self) {
+    _mntonname = DECODE(NSString, @"mntonname");
+    _mntfromname = DECODE(NSString, @"mntfromname");
+    _remountArgs = DECODEARRAY(NSString, @"remountArgs");
+  }
+  return self;
+}
+- (NSString *)description {
+  return [NSString stringWithFormat:@"SNTDeviceEvent '%@' -> '%@' (with permissions: [%@]",
+                                    self.mntfromname, self.mntonname,
+                                    [self.remountArgs componentsJoinedByString:@", "]];
+}
+
+- (NSString *)readableRemountArgs {
+  NSMutableArray<NSString *> *readable = [NSMutableArray array];
+  for (NSString *arg in self.remountArgs) {
+    if ([arg isEqualToString:@"rdonly"]) {
+      [readable addObject:@"read-only"];
+    } else if ([arg isEqualToString:@"noexec"]) {
+      [readable addObject:@"block executables"];
+    } else {
+      [readable addObject:arg];
+    }
+  }
+  return [readable componentsJoinedByString:@", "];
+}
+
+@end

Source/common/SNTDropRootPrivs.h

@@ -1,4 +1,4 @@
-/// Copyright 2014 Google Inc. All rights reserved.
+/// Copyright 2015 Google Inc. All rights reserved.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -12,6 +12,11 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-/// Simple function to check and drop root privileges.
-/// @return True if dropping was successful or unnecessary.
-BOOL DropRootPrivileges();
+#import <Foundation/Foundation.h>
+
+///
+///  Simple function to check and drop root privileges.
+///
+///  @return YES if dropping was successful or unnecessary.
+///
+BOOL DropRootPrivileges(void);

Source/common/SNTDropRootPrivs.m

@@ -1,4 +1,4 @@
-/// Copyright 2014 Google Inc. All rights reserved.
+/// Copyright 2015 Google Inc. All rights reserved.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -12,12 +12,13 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTDropRootPrivs.h"
+#import "Source/common/SNTDropRootPrivs.h"
 
 BOOL DropRootPrivileges() {
   if (getuid() == 0 || geteuid() == 0 || getgid() == 0 || getegid() == 0) {
-    if (setgid(-2) != 0 || setgroups(0, NULL) != 0 || setegid(-2) != 0 ||
-        setuid(-2) != 0 || seteuid(-2) != 0) {
+    uid_t nobody = (uid_t)-2;
+    if (setgid(nobody) != 0 || setgroups(0, NULL) != 0 || setegid(nobody) != 0 ||
+        setuid(nobody) != 0 || seteuid(nobody) != 0) {
       return false;
     }
 
@@ -27,4 +28,4 @@ BOOL DropRootPrivileges() {
   }
 
   return true;
-}
+}

Source/common/SNTFileInfo.h

@@ -0,0 +1,235 @@
+/// Copyright 2015-2022 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import <EndpointSecurity/EndpointSecurity.h>
+#import <Foundation/Foundation.h>
+
+@class MOLCodesignChecker;
+
+///
+///  Represents a binary on disk, providing access to details about that binary
+///  such as the SHA-1, SHA-256, Info.plist and the Mach-O data.
+///
+@interface SNTFileInfo : NSObject
+
+///
+///  Designated initializer.
+///
+///  @param path The path of the file this instance is to represent. The path will be
+///      converted to an absolute, standardized path if it isn't already.
+///  @param error If an error occurred and nil is returned, this will be a pointer to an NSError
+///      describing the problem.
+///
+- (instancetype)initWithPath:(NSString *)path error:(NSError **)error;
+
+///
+///  Convenience initializer.
+///
+///  @param esFile Pointer to an es_file_t provided by the EndpointSecurity framework.
+///      Assumes that the path is a resolved path.
+///
+- (instancetype)initWithEndpointSecurityFile:(const es_file_t *)esFile error:(NSError **)error;
+
+///
+///  Convenience initializer.
+///
+///  @param path The path to the file this instance is to represent. The path will be
+///      converted to an absolute, standardized path if it isn't already.
+///
+- (instancetype)initWithPath:(NSString *)path;
+
+///
+///  Initializer for already resolved paths.
+///
+///  @param path The path of the file this instance is to represent. The path will
+///      not be converted and will be used as is. If the path is not a regular file this method will
+///      return nil and fill in an error.
+///  @param error If an error occurred and nil is returned, this will be a pointer to an NSError
+///      describing the problem.
+///
+- (instancetype)initWithResolvedPath:(NSString *)path error:(NSError **)error;
+
+///
+///  @return Path of this file.
+///
+- (NSString *)path;
+
+///
+///  Hash this file with SHA-1 and SHA-256 simultaneously.
+///
+///  @param sha1 If not NULL, will be filled with the SHA-1 of the file.
+///  @param sha256 If not NULL, will be filled with the SHA-256 of the file.
+///
+- (void)hashSHA1:(NSString **)sha1 SHA256:(NSString **)sha256;
+
+///
+///  @return SHA-1 hash of this binary.
+///
+- (NSString *)SHA1;
+
+///
+///  @return SHA-256 hash of this binary.
+///
+- (NSString *)SHA256;
+
+///
+///  @return The architectures included in this binary (e.g. x86_64, ppc).
+///
+- (NSArray *)architectures;
+
+///
+///  @return YES if this file is a Mach-O file.
+///
+- (BOOL)isMachO;
+
+///
+///  @return YES if this file contains multiple architectures.
+///
+- (BOOL)isFat;
+
+///
+///  @return YES if this file is an executable Mach-O file.
+///
+- (BOOL)isExecutable;
+
+///
+///  @return YES if this file is a dynamic library.
+///
+- (BOOL)isDylib;
+
+///
+///  @return YES if this file is a bundle executable (QuickLook/Spotlight plugin, etc.)
+///
+- (BOOL)isBundle;
+
+///
+///  @return YES if this file is a kernel extension.
+///
+- (BOOL)isKext;
+
+///
+///  @return YES if this file is a script (e.g. it begins #!).
+///
+- (BOOL)isScript;
+
+///
+///  @return YES if this file is an XAR archive.
+///
+- (BOOL)isXARArchive;
+
+///
+///  @return YES if this file is a disk image.
+///
+- (BOOL)isDMG;
+
+///
+///  @return NSString describing the kind of file (executable, bundle, script, etc.)
+///
+- (NSString *)humanReadableFileType;
+
+///
+///  @return YES if this file has a bad/missing __PAGEZERO .
+///
+- (BOOL)isMissingPageZero;
+
+///
+///  If set to YES, the bundle* and infoPlist methods will search for and use the highest NSBundle
+///  found in the tree. Defaults to NO, which uses the first found bundle, if any.
+///
+///  @example:
+///      An SNTFileInfo object that represents
+///        /Applications/Photos.app/Contents/XPCServices/com.apple.Photos.librarychooserservice.xpc
+///      useAncestorBundle is set to YES
+///        /Applications/Photos.app will be used to get data backing all the bundle methods
+///
+///  @note: The NSBundle object backing the bundle* and infoPlist methods is cached once found.
+///         Setting the useAncestorBundle propery will clear this cache and force a re-search.
+///
+@property(nonatomic) BOOL useAncestorBundle;
+
+///
+///  @return An NSBundle if this file is part of a bundle.
+///
+- (NSBundle *)bundle;
+
+///
+///  @return The path to the bundle this file is a part of, if any.
+///
+- (NSString *)bundlePath;
+
+///
+///  @return Either the Info.plist in the bundle this file is part of, or an embedded plist if there
+///  is one. In the unlikely event that a file has both an embedded Info.plist and is part of a
+///  bundle, the embedded plist will be returned.
+///
+- (NSDictionary *)infoPlist;
+
+///
+///  @return the CFBundleIdentifier from this file's Info.plist.
+///
+- (NSString *)bundleIdentifier;
+
+///
+///  @return the CFBundleName from this file's Info.plist.
+///
+- (NSString *)bundleName;
+
+///
+///  @return the CFBundleVersion from this file's Info.plist.
+///
+- (NSString *)bundleVersion;
+
+///
+///  @return the CFBundleShortVersionString from this file's Info.plist.
+///
+- (NSString *)bundleShortVersionString;
+
+///
+///  @return LaunchServices quarantine data - download URL as an absolute string.
+///
+- (NSString *)quarantineDataURL;
+
+///
+///  @return LaunchServices quarantine data - referer URL as an absolute string.
+///
+- (NSString *)quarantineRefererURL;
+
+///
+///  @return LaunchServices quarantine data - agent bundle ID.
+///
+- (NSString *)quarantineAgentBundleID;
+
+///
+///  @return LaunchServices quarantine data - timestamp.
+///
+- (NSDate *)quarantineTimestamp;
+
+///
+///  @return The size of the file in bytes.
+///
+- (NSUInteger)fileSize;
+
+///
+///  @return The underlying file handle.
+///
+@property(readonly) NSFileHandle *fileHandle;
+
+///
+///  @return Returns an instance of MOLCodeSignChecker initialized with the file's binary path.
+///  Both the MOLCodesignChecker and any resulting NSError are cached and returned on subsequent
+///  calls.  You may pass in NULL for the error if you don't care to receive it.
+///
+- (MOLCodesignChecker *)codesignCheckerWithError:(NSError **)error;
+
+@end

Source/common/SNTFileInfo.m

@@ -0,0 +1,788 @@
+/// Copyright 2015-2022 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import "Source/common/SNTFileInfo.h"
+
+#import <CommonCrypto/CommonDigest.h>
+#import <MOLCodesignChecker/MOLCodesignChecker.h>
+#import <fmdb/FMDB.h>
+
+#include <mach-o/arch.h>
+#include <mach-o/loader.h>
+#include <mach-o/swap.h>
+#include <pwd.h>
+#include <sys/stat.h>
+#include <sys/xattr.h>
+
+#import "Source/common/SNTLogging.h"
+
+// Simple class to hold the data of a mach_header and the offset within the file
+// in which that header was found.
+@interface MachHeaderWithOffset : NSObject
+@property NSData *data;
+@property uint32_t offset;
+- (instancetype)initWithData:(NSData *)data offset:(uint32_t)offset;
+@end
+@implementation MachHeaderWithOffset
+- (instancetype)initWithData:(NSData *)data offset:(uint32_t)offset {
+  self = [super init];
+  if (self) {
+    _data = data;
+    _offset = offset;
+  }
+  return self;
+}
+@end
+
+@interface SNTFileInfo ()
+@property NSString *path;
+@property NSFileHandle *fileHandle;
+@property NSUInteger fileSize;
+@property NSString *fileOwnerHomeDir;
+@property NSString *sha256Storage;
+
+// Cached properties
+@property NSBundle *bundleRef;
+@property NSDictionary *infoDict;
+@property NSDictionary *quarantineDict;
+@property NSDictionary *cachedHeaders;
+@property MOLCodesignChecker *cachedCodesignChecker;
+@property(nonatomic) NSError *codesignCheckerError;
+@end
+
+@implementation SNTFileInfo
+
+extern NSString *const NSURLQuarantinePropertiesKey WEAK_IMPORT_ATTRIBUTE;
+
+- (instancetype)initWithResolvedPath:(NSString *)path error:(NSError **)error {
+  struct stat fileStat;
+  if (path.length) {
+    lstat(path.UTF8String, &fileStat);
+  }
+  return [self initWithResolvedPath:path stat:&fileStat error:error];
+}
+
+- (instancetype)initWithEndpointSecurityFile:(const es_file_t *)esFile error:(NSError **)error {
+  return [self initWithResolvedPath:@(esFile->path.data) stat:&esFile->stat error:error];
+}
+
+- (instancetype)initWithResolvedPath:(NSString *)path
+                                stat:(const struct stat *)fileStat
+                               error:(NSError **)error {
+  if (!fileStat) {
+    // This is a programming error. Bail.
+    LOGE(@"NULL stat buffer unsupported");
+    exit(EXIT_FAILURE);
+  }
+
+  self = [super init];
+  if (self) {
+    _path = path;
+    if (!_path.length) {
+      if (error) {
+        NSString *errStr = @"Unable to use empty path";
+        *error = [NSError errorWithDomain:@"com.google.santa.fileinfo"
+                                     code:270
+                                 userInfo:@{NSLocalizedDescriptionKey : errStr}];
+      }
+      return nil;
+    }
+
+    if (!((S_IFMT & fileStat->st_mode) == S_IFREG)) {
+      if (error) {
+        NSString *errStr = [NSString stringWithFormat:@"Non regular file: %s", strerror(errno)];
+        *error = [NSError errorWithDomain:@"com.google.santa.fileinfo"
+                                     code:290
+                                 userInfo:@{NSLocalizedDescriptionKey : errStr}];
+      }
+      return nil;
+    }
+
+    _fileSize = fileStat->st_size;
+
+    if (_fileSize == 0) return nil;
+
+    if (fileStat->st_uid != 0) {
+      struct passwd *pwd = getpwuid(fileStat->st_uid);
+      if (pwd) {
+        _fileOwnerHomeDir = @(pwd->pw_dir);
+      }
+    }
+
+    int fd = open([_path UTF8String], O_RDONLY | O_CLOEXEC);
+    if (fd < 0) {
+      if (error) {
+        NSString *errStr = [NSString stringWithFormat:@"Unable to open file: %s", strerror(errno)];
+        *error = [NSError errorWithDomain:@"com.google.santa.fileinfo"
+                                     code:280
+                                 userInfo:@{NSLocalizedDescriptionKey : errStr}];
+      }
+      return nil;
+    }
+    _fileHandle = [[NSFileHandle alloc] initWithFileDescriptor:fd closeOnDealloc:YES];
+  }
+
+  return self;
+}
+
+- (instancetype)initWithPath:(NSString *)path error:(NSError **)error {
+  NSBundle *bndl;
+  NSString *resolvedPath = [self resolvePath:path bundle:&bndl];
+  if (!resolvedPath.length) {
+    if (error) {
+      NSString *errStr = @"Unable to resolve empty path";
+      if (path) errStr = [@"Unable to resolve path: " stringByAppendingString:path];
+      *error = [NSError errorWithDomain:@"com.google.santa.fileinfo"
+                                   code:260
+                               userInfo:@{NSLocalizedDescriptionKey : errStr}];
+    }
+    return nil;
+  }
+  self = [self initWithResolvedPath:resolvedPath error:error];
+  if (self && bndl) _bundleRef = bndl;
+  return self;
+}
+
+- (instancetype)initWithPath:(NSString *)path {
+  return [self initWithPath:path error:NULL];
+}
+
+#pragma mark Hashing
+
+- (void)hashSHA1:(NSString **)sha1 SHA256:(NSString **)sha256 {
+  const int MAX_CHUNK_SIZE = 256 * 1024;  // 256 KB
+  const size_t chunkSize = _fileSize > MAX_CHUNK_SIZE ? MAX_CHUNK_SIZE : _fileSize;
+  char *chunk = malloc(chunkSize);
+
+  @try {
+    CC_SHA1_CTX c1;
+    CC_SHA256_CTX c256;
+
+    if (sha1) CC_SHA1_Init(&c1);
+    if (sha256) CC_SHA256_Init(&c256);
+
+    int fd = self.fileHandle.fileDescriptor;
+
+    fcntl(fd, F_RDAHEAD, 1);
+    struct radvisory radv;
+    radv.ra_offset = 0;
+    const int MAX_ADVISORY_READ = 10 * 1024 * 1024;
+    radv.ra_count = (int)_fileSize < MAX_ADVISORY_READ ? (int)_fileSize : MAX_ADVISORY_READ;
+    fcntl(fd, F_RDADVISE, &radv);
+    ssize_t bytesRead;
+
+    for (uint64_t offset = 0; offset < _fileSize;) {
+      bytesRead = pread(fd, chunk, chunkSize, offset);
+      if (bytesRead > 0) {
+        if (sha1) CC_SHA1_Update(&c1, chunk, (CC_LONG)bytesRead);
+        if (sha256) CC_SHA256_Update(&c256, chunk, (CC_LONG)bytesRead);
+        offset += bytesRead;
+      } else if (bytesRead == -1 && errno == EINTR) {
+        continue;
+      } else {
+        return;
+      }
+    }
+
+    // We turn off Read Ahead that we turned on
+    fcntl(fd, F_RDAHEAD, 0);
+    if (sha1) {
+      unsigned char digest[CC_SHA1_DIGEST_LENGTH];
+      CC_SHA1_Final(digest, &c1);
+      NSString *const SHA1FormatString =
+        @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x";
+      *sha1 = [[NSString alloc]
+        initWithFormat:SHA1FormatString, digest[0], digest[1], digest[2], digest[3], digest[4],
+                       digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
+                       digest[11], digest[12], digest[13], digest[14], digest[15], digest[16],
+                       digest[17], digest[18], digest[19]];
+    }
+    if (sha256) {
+      unsigned char digest[CC_SHA256_DIGEST_LENGTH];
+      CC_SHA256_Final(digest, &c256);
+      NSString *const SHA256FormatString =
+        @"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
+         "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x";
+
+      *sha256 = [[NSString alloc]
+        initWithFormat:SHA256FormatString, digest[0], digest[1], digest[2], digest[3], digest[4],
+                       digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
+                       digest[11], digest[12], digest[13], digest[14], digest[15], digest[16],
+                       digest[17], digest[18], digest[19], digest[20], digest[21], digest[22],
+                       digest[23], digest[24], digest[25], digest[26], digest[27], digest[28],
+                       digest[29], digest[30], digest[31]];
+    }
+  } @finally {
+    free(chunk);
+  }
+}
+
+- (NSString *)SHA1 {
+  NSString *sha1;
+  [self hashSHA1:&sha1 SHA256:NULL];
+  return sha1;
+}
+
+- (NSString *)SHA256 {
+  // Memoize the value
+  if (!self.sha256Storage) {
+    NSString *sha256;
+    [self hashSHA1:NULL SHA256:&sha256];
+    self.sha256Storage = sha256;
+  }
+  return self.sha256Storage;
+}
+
+#pragma mark File Type Info
+
+- (NSArray *)architectures {
+  return [self.machHeaders allKeys];
+}
+
+- (uint32_t)machFileType {
+  struct mach_header *mach_header = [self firstMachHeader];
+  if (mach_header) return mach_header->filetype;
+  return -1;
+}
+
+- (BOOL)isExecutable {
+  return [self machFileType] == MH_EXECUTE;
+}
+
+- (BOOL)isDylib {
+  return [self machFileType] == MH_DYLIB;
+}
+
+- (BOOL)isBundle {
+  return [self machFileType] == MH_BUNDLE;
+}
+
+- (BOOL)isKext {
+  return [self machFileType] == MH_KEXT_BUNDLE;
+}
+
+- (BOOL)isMachO {
+  return (self.machHeaders.count > 0);
+}
+
+- (BOOL)isFat {
+  return (self.machHeaders.count > 1);
+}
+
+- (BOOL)isScript {
+  const char *magic = (const char *)[[self safeSubdataWithRange:NSMakeRange(0, 2)] bytes];
+  return (magic && memcmp("#!", magic, 2) == 0);
+}
+
+- (BOOL)isXARArchive {
+  const char *magic = (const char *)[[self safeSubdataWithRange:NSMakeRange(0, 4)] bytes];
+  return (magic && memcmp("xar!", magic, 4) == 0);
+}
+
+- (BOOL)isDMG {
+  if (self.fileSize < 512) return NO;
+  NSUInteger last512 = self.fileSize - 512;
+  const char *magic = (const char *)[[self safeSubdataWithRange:NSMakeRange(last512, 4)] bytes];
+  return (magic && memcmp("koly", magic, 4) == 0);
+}
+
+- (NSString *)humanReadableFileType {
+  if ([self isExecutable]) return @"Executable";
+  if ([self isDylib]) return @"Dynamic Library";
+  if ([self isBundle]) return @"Bundle/Plugin";
+  if ([self isKext]) return @"Kernel Extension";
+  if ([self isScript]) return @"Script";
+  if ([self isXARArchive]) return @"XAR Archive";
+  if ([self isDMG]) return @"Disk Image";
+  return @"Unknown";
+}
+
+#pragma mark Page Zero
+
+- (BOOL)isMissingPageZero {
+  // This method only checks i386 arch because the kernel enforces this for other archs
+  // See bsd/kern/mach_loader.c, search for enforce_hard_pagezero.
+  MachHeaderWithOffset *x86Header =
+    self.machHeaders[[self nameForCPUType:CPU_TYPE_X86 cpuSubType:CPU_SUBTYPE_I386_ALL]];
+  if (!x86Header) return NO;
+
+  struct mach_header *mh = (struct mach_header *)[x86Header.data bytes];
+  if (mh->filetype != MH_EXECUTE) return NO;
+
+  NSRange range =
+    NSMakeRange(x86Header.offset + sizeof(struct mach_header), sizeof(struct segment_command));
+  NSData *lcData = [self safeSubdataWithRange:range];
+  if (!lcData) return NO;
+
+  // This code assumes the __PAGEZERO is always the first load-command in the file.
+  // Given that the macOS ABI says "the static linker creates a __PAGEZERO segment
+  // as the first segment of an executable file." this should be OK.
+  struct load_command *lc = (struct load_command *)[lcData bytes];
+  if (lc->cmd == LC_SEGMENT) {
+    struct segment_command *segment = (struct segment_command *)lc;
+    if (segment->vmaddr == 0 && segment->vmsize != 0 && segment->initprot == 0 &&
+        segment->maxprot == 0 && strcmp("__PAGEZERO", segment->segname) == 0) {
+      return NO;
+    }
+  }
+  return YES;
+}
+
+#pragma mark Bundle Information
+
+///
+///  Directories with a "Contents/Info.plist" entry can be mistaken as a bundle. To be considered an
+///  ancestor, the bundle must have a valid extension.
+///
+- (NSSet *)allowedAncestorExtensions {
+  static NSSet *set;
+  static dispatch_once_t onceToken;
+  dispatch_once(&onceToken, ^{
+    set = [NSSet setWithArray:@[
+      @"app",
+      @"bundle",
+      @"framework",
+      @"kext",
+      @"xctest",
+      @"xpc",
+    ]];
+  });
+  return set;
+}
+
+///
+///  Try and determine the bundle that the represented executable is contained within, if any.
+///
+///  Rationale: An NSBundle has a method executablePath for discovering the main binary within a
+///  bundle but provides no way to get an NSBundle object when only the executablePath is known.
+///  Also a bundle can contain multiple binaries within its subdirectories and we want any of these
+///  to count as being part of the bundle.
+///
+///  This method walks up the path until a bundle is found, if any.
+///
+///  @param ancestor YES this will return the highest NSBundle, with a valid extension, found in the
+///                  tree. NO will return the the lowest NSBundle, without validating the extension.
+///
+- (NSBundle *)findBundleWithAncestor:(BOOL)ancestor {
+  NSBundle *bundle;
+  NSMutableArray *pathComponents = [[self.path pathComponents] mutableCopy];
+
+  // Ignore the root path "/", for some reason this is considered a bundle.
+  while (pathComponents.count > 1) {
+    NSBundle *bndl = [NSBundle bundleWithPath:[NSString pathWithComponents:pathComponents]];
+    if ([bndl objectForInfoDictionaryKey:@"CFBundleIdentifier"]) {
+      if ((!ancestor && bndl.bundlePath.pathExtension.length) ||
+          [[self allowedAncestorExtensions] containsObject:bndl.bundlePath.pathExtension]) {
+        bundle = bndl;
+      }
+      if (!ancestor) break;
+    }
+    [pathComponents removeLastObject];
+  }
+  return bundle;
+}
+
+- (NSBundle *)bundle {
+  if (!self.bundleRef) {
+    self.bundleRef =
+      [self findBundleWithAncestor:self.useAncestorBundle] ?: (NSBundle *)[NSNull null];
+  }
+  return self.bundleRef == (NSBundle *)[NSNull null] ? nil : self.bundleRef;
+}
+
+- (NSString *)bundlePath {
+  return [self.bundle bundlePath];
+}
+
+- (void)setUseAncestorBundle:(BOOL)useAncestorBundle {
+  if (self.useAncestorBundle != useAncestorBundle) {
+    self.bundleRef = nil;
+    self.infoDict = nil;
+  }
+  _useAncestorBundle = useAncestorBundle;
+}
+
+- (NSDictionary *)infoPlist {
+  if (!self.infoDict) {
+    NSDictionary *d = [self embeddedPlist];
+    if (d) {
+      self.infoDict = d;
+      return self.infoDict;
+    }
+
+    d = self.bundle.infoDictionary;
+    if (d) {
+      self.infoDict = d;
+      return self.infoDict;
+    }
+
+    self.infoDict = (NSDictionary *)[NSNull null];
+  }
+  return self.infoDict == (NSDictionary *)[NSNull null] ? nil : self.infoDict;
+}
+
+- (NSString *)bundleIdentifier {
+  return [[self.infoPlist objectForKey:@"CFBundleIdentifier"] description];
+}
+
+- (NSString *)bundleName {
+  return [[self.infoPlist objectForKey:@"CFBundleDisplayName"] description]
+           ?: [[self.infoPlist objectForKey:@"CFBundleName"] description];
+}
+
+- (NSString *)bundleVersion {
+  return [[self.infoPlist objectForKey:@"CFBundleVersion"] description];
+}
+
+- (NSString *)bundleShortVersionString {
+  return [[self.infoPlist objectForKey:@"CFBundleShortVersionString"] description];
+}
+
+#pragma mark Quarantine Data
+
+- (NSString *)quarantineDataURL {
+  NSURL *dataURL = [self quarantineData][@"LSQuarantineDataURL"];
+  if (dataURL == (NSURL *)[NSNull null]) dataURL = nil;
+  return [dataURL absoluteString];
+}
+
+- (NSString *)quarantineRefererURL {
+  NSURL *originURL = [self quarantineData][@"LSQuarantineOriginURL"];
+  if (originURL == (NSURL *)[NSNull null]) originURL = nil;
+  return [originURL absoluteString];
+}
+
+- (NSString *)quarantineAgentBundleID {
+  NSString *agentBundle = [self quarantineData][@"LSQuarantineAgentBundleIdentifier"];
+  if (agentBundle == (NSString *)[NSNull null]) agentBundle = nil;
+  return agentBundle;
+}
+
+- (NSDate *)quarantineTimestamp {
+  NSDate *timeStamp = [self quarantineData][@"LSQuarantineTimeStamp"];
+  return timeStamp;
+}
+
+#pragma mark Internal Methods
+
+- (NSDictionary *)machHeaders {
+  if (self.cachedHeaders) return self.cachedHeaders;
+
+  // Sanity check file length
+  if (self.fileSize < sizeof(struct mach_header)) {
+    self.cachedHeaders = [NSDictionary dictionary];
+    return self.cachedHeaders;
+  }
+
+  NSMutableDictionary *machHeaders = [NSMutableDictionary dictionary];
+
+  NSData *machHeader =
+    [self parseSingleMachHeader:[self safeSubdataWithRange:NSMakeRange(0, 4096)]];
+  if (machHeader) {
+    struct mach_header *mh = (struct mach_header *)[machHeader bytes];
+    MachHeaderWithOffset *mhwo = [[MachHeaderWithOffset alloc] initWithData:machHeader offset:0];
+    machHeaders[[self nameForCPUType:mh->cputype cpuSubType:mh->cpusubtype]] = mhwo;
+  } else {
+    NSRange range = NSMakeRange(0, sizeof(struct fat_header));
+    NSData *fatHeader = [self safeSubdataWithRange:range];
+    struct fat_header *fh = (struct fat_header *)[fatHeader bytes];
+
+    if (fatHeader && (fh->magic == FAT_CIGAM || fh->magic == FAT_MAGIC)) {
+      int nfat_arch = OSSwapBigToHostInt32(fh->nfat_arch);
+      range = NSMakeRange(sizeof(struct fat_header), sizeof(struct fat_arch) * nfat_arch);
+      NSMutableData *fatArchs = [[self safeSubdataWithRange:range] mutableCopy];
+      if (fatArchs) {
+        struct fat_arch *fat_arch = (struct fat_arch *)[fatArchs mutableBytes];
+        for (int i = 0; i < nfat_arch; ++i) {
+          int offset = OSSwapBigToHostInt32(fat_arch[i].offset);
+          int size = OSSwapBigToHostInt32(fat_arch[i].size);
+          int cputype = OSSwapBigToHostInt(fat_arch[i].cputype);
+          int cpusubtype = OSSwapBigToHostInt(fat_arch[i].cpusubtype);
+
+          range = NSMakeRange(offset, size);
+          NSData *machHeader = [self parseSingleMachHeader:[self safeSubdataWithRange:range]];
+          if (machHeader) {
+            NSString *key = [self nameForCPUType:cputype cpuSubType:cpusubtype];
+            MachHeaderWithOffset *mhwo = [[MachHeaderWithOffset alloc] initWithData:machHeader
+                                                                             offset:offset];
+            machHeaders[key] = mhwo;
+          }
+        }
+      }
+    }
+  }
+
+  self.cachedHeaders = [machHeaders copy];
+  return self.cachedHeaders;
+}
+
+- (NSData *)parseSingleMachHeader:(NSData *)inputData {
+  if (inputData.length < sizeof(struct mach_header)) return nil;
+  struct mach_header *mh = (struct mach_header *)[inputData bytes];
+
+  if (mh->magic == MH_CIGAM || mh->magic == MH_CIGAM_64) {
+    NSMutableData *mutableInput = [inputData mutableCopy];
+    mh = (struct mach_header *)[mutableInput mutableBytes];
+    swap_mach_header(mh, NXHostByteOrder());
+  }
+
+  if (mh->magic == MH_MAGIC || mh->magic == MH_MAGIC_64) {
+    return [NSData dataWithBytes:mh length:sizeof(struct mach_header)];
+  }
+
+  return nil;
+}
+
+///
+///  Locate an embedded plist in the file
+///
+- (NSDictionary *)embeddedPlist {
+  // Look for an embedded Info.plist if there is one.
+  // This could (and used to) use CFBundleCopyInfoDictionaryForURL but that uses mmap to read
+  // the file and so can cause SIGBUS if the file is deleted/truncated while it's working.
+  MachHeaderWithOffset *mhwo = [[self.machHeaders allValues] firstObject];
+  if (!mhwo) return nil;
+
+  struct mach_header *mh = (struct mach_header *)mhwo.data.bytes;
+  if (mh->filetype != MH_EXECUTE) return self.infoDict;
+  BOOL is64 = (mh->magic == MH_MAGIC_64 || mh->magic == MH_CIGAM_64);
+  uint32_t ncmds = mh->ncmds;
+  uint32_t nsects = 0;
+  uint64_t offset = mhwo.offset;
+
+  uint32_t sz_header = is64 ? sizeof(struct mach_header_64) : sizeof(struct mach_header);
+  uint32_t sz_segment = is64 ? sizeof(struct segment_command_64) : sizeof(struct segment_command);
+  uint32_t sz_section = is64 ? sizeof(struct section_64) : sizeof(struct section);
+
+  offset += sz_header;
+
+  // Loop through the load commands looking for the segment named __TEXT
+  for (uint32_t i = 0; i < ncmds; ++i) {
+    NSData *cmdData = [self safeSubdataWithRange:NSMakeRange(offset, sz_segment)];
+    if (!cmdData) return nil;
+
+    if (((struct load_command *)[cmdData bytes])->cmdsize < sizeof(struct load_command)) {
+      return nil;
+    }
+
+    if (is64) {
+      struct segment_command_64 *lc = (struct segment_command_64 *)[cmdData bytes];
+      if (lc->cmd == LC_SEGMENT_64 && memcmp(lc->segname, "__TEXT", 6) == 0) {
+        nsects = lc->nsects;
+        offset += sz_segment;
+        break;
+      }
+      offset += lc->cmdsize;
+    } else {
+      struct segment_command *lc = (struct segment_command *)[cmdData bytes];
+      if (lc->cmd == LC_SEGMENT && memcmp(lc->segname, "__TEXT", 6) == 0) {
+        nsects = lc->nsects;
+        offset += sz_segment;
+        break;
+      }
+      offset += lc->cmdsize;
+    }
+  }
+
+  // Loop through the sections in the __TEXT segment looking for an __info_plist section.
+  for (uint32_t i = 0; i < nsects; ++i) {
+    NSData *sectData = [self safeSubdataWithRange:NSMakeRange(offset, sz_section)];
+    if (!sectData) return nil;
+    uint64_t sectoffset, sectsize = 0;
+    BOOL found = NO;
+    if (is64) {
+      struct section_64 *sect = (struct section_64 *)[sectData bytes];
+      if (sect && memcmp(sect->sectname, "__info_plist", 12) == 0 && sect->size < 2000000) {
+        sectoffset = sect->offset;
+        sectsize = sect->size;
+        found = YES;
+      }
+    } else {
+      struct section *sect = (struct section *)[sectData bytes];
+      if (sect && memcmp(sect->sectname, "__info_plist", 12) == 0 && sect->size < 2000000) {
+        sectoffset = sect->offset;
+        sectsize = sect->size;
+        found = YES;
+      }
+    }
+
+    if (found) {
+      NSData *plistData =
+        [self safeSubdataWithRange:NSMakeRange(mhwo.offset + sectoffset, sectsize)];
+      if (!plistData) return nil;
+      NSDictionary *plist;
+      plist = [NSPropertyListSerialization propertyListWithData:plistData
+                                                        options:NSPropertyListImmutable
+                                                         format:NULL
+                                                          error:NULL];
+      if (plist) return plist;
+    }
+    offset += sz_section;
+  }
+  return nil;
+}
+
+///
+///  Return the first mach_header in this file.
+///
+- (struct mach_header *)firstMachHeader {
+  return (struct mach_header *)([[[[self.machHeaders allValues] firstObject] data] bytes]);
+}
+
+///
+///  Extract a range of the file as an NSData, handling any exceptions.
+///  Returns nil if the requested range is outside of the range of the file.
+///
+- (NSData *)safeSubdataWithRange:(NSRange)range {
+  @try {
+    NSUInteger size;
+    if (__builtin_add_overflow(range.location, range.length, &size) || size > self.fileSize) {
+      return nil;
+    }
+    [self.fileHandle seekToFileOffset:range.location];
+    NSData *d = [self.fileHandle readDataOfLength:range.length];
+    if (d.length != range.length) return nil;
+    return d;
+  } @catch (NSException *e) {
+    return nil;
+  }
+}
+
+///
+///  Retrieve quarantine data for a file and caches the dictionary
+///  This method attempts to handle fetching the quarantine data even if the running user
+///  is not the one who downloaded the file.
+///
+- (NSDictionary *)quarantineData {
+  if (!self.quarantineDict && self.fileOwnerHomeDir && NSURLQuarantinePropertiesKey) {
+    self.quarantineDict = (NSDictionary *)[NSNull null];
+
+    NSURL *url = [NSURL fileURLWithPath:self.path];
+    NSDictionary *d = [url resourceValuesForKeys:@[ NSURLQuarantinePropertiesKey ] error:NULL];
+
+    if (d[NSURLQuarantinePropertiesKey]) {
+      d = d[NSURLQuarantinePropertiesKey];
+
+      if (d[@"LSQuarantineIsOwnedByCurrentUser"]) {
+        self.quarantineDict = d;
+      } else if (d[@"LSQuarantineEventIdentifier"]) {
+        NSMutableDictionary *quarantineDict = [d mutableCopy];
+
+        // If self.path is on a quarantine disk image, LSQuarantineDiskImageURL will point to the
+        // disk image and self.fileOwnerHomeDir will be incorrect (probably root).
+        NSString *fileOwnerHomeDir = self.fileOwnerHomeDir;
+        if (d[@"LSQuarantineDiskImageURL"]) {
+          struct stat fileStat;
+          stat([d[@"LSQuarantineDiskImageURL"] fileSystemRepresentation], &fileStat);
+          if (fileStat.st_uid != 0) {
+            struct passwd *pwd = getpwuid(fileStat.st_uid);
+            if (pwd) {
+              fileOwnerHomeDir = @(pwd->pw_dir);
+            }
+          }
+        }
+
+        NSURL *dbPath = [NSURL fileURLWithPathComponents:@[
+          fileOwnerHomeDir, @"Library", @"Preferences",
+          @"com.apple.LaunchServices.QuarantineEventsV2"
+        ]];
+        FMDatabase *db = [FMDatabase databaseWithPath:[dbPath absoluteString]];
+        db.logsErrors = NO;
+        if ([db open]) {
+          FMResultSet *rs = [db executeQuery:@"SELECT * FROM LSQuarantineEvent "
+                                             @"WHERE LSQuarantineEventIdentifier=?",
+                                             d[@"LSQuarantineEventIdentifier"]];
+          if ([rs next]) {
+            NSString *agentBundleID = [rs stringForColumn:@"LSQuarantineAgentBundleIdentifier"];
+            NSString *dataURLString = [rs stringForColumn:@"LSQuarantineDataURLString"];
+            NSString *originURLString = [rs stringForColumn:@"LSQuarantineOriginURLString"];
+            double timeStamp = [rs doubleForColumn:@"LSQuarantineTimeStamp"];
+
+            quarantineDict[@"LSQuarantineAgentBundleIdentifier"] = agentBundleID;
+            quarantineDict[@"LSQuarantineDataURL"] = [NSURL URLWithString:dataURLString];
+            quarantineDict[@"LSQuarantineOriginURL"] = [NSURL URLWithString:originURLString];
+            quarantineDict[@"LSQuarantineTimestamp"] =
+              [NSDate dateWithTimeIntervalSinceReferenceDate:timeStamp];
+
+            self.quarantineDict = quarantineDict;
+          }
+          [rs close];
+          [db close];
+        }
+      }
+    }
+  }
+  return (self.quarantineDict == (NSDictionary *)[NSNull null]) ? nil : self.quarantineDict;
+}
+
+///
+///  Return a human-readable string for a cpu_type_t.
+///
+- (NSString *)nameForCPUType:(cpu_type_t)cpuType cpuSubType:(cpu_subtype_t)cpuSubType {
+  const NXArchInfo *archInfo = NXGetArchInfoFromCpuType(cpuType, cpuSubType);
+  NSString *arch;
+  if (archInfo && archInfo->name) {
+    arch = @(archInfo->name);
+  } else {
+    arch = [NSString stringWithFormat:@"%i:%i", cpuType, cpuSubType];
+  }
+  return arch;
+}
+
+///
+///  Resolves a given path:
+///    + Follows symlinks
+///    + Converts relative paths to absolute
+///    + If path is a directory, checks to see if that directory is a bundle and if so
+///      returns the path to that bundles CFBundleExecutable and stores a reference to the
+///      bundle in the bundle out-param.
+///
+- (NSString *)resolvePath:(NSString *)path bundle:(NSBundle **)bundle {
+  // Convert to absolute, standardized path
+  path = [path stringByResolvingSymlinksInPath];
+  if (![path isAbsolutePath]) {
+    NSString *cwd = [[NSFileManager defaultManager] currentDirectoryPath];
+    path = [cwd stringByAppendingPathComponent:path];
+  }
+  path = [path stringByStandardizingPath];
+
+  // Determine if file exists.
+  // If path is actually a directory, check to see if it's a bundle and has a CFBundleExecutable.
+  BOOL directory;
+  if (![[NSFileManager defaultManager] fileExistsAtPath:path isDirectory:&directory]) {
+    return nil;
+  } else if (directory && ![path isEqualToString:@"/"]) {
+    NSBundle *bndl = [NSBundle bundleWithPath:path];
+    if (bundle) *bundle = bndl;
+    return [bndl executablePath];
+  } else {
+    return path;
+  }
+}
+
+///
+///  Cache and return a MOLCodeSignChecker for the given file.  If there was an error creating the
+///  code sign checker it will be returned in the passed-in error parameter.
+///
+- (MOLCodesignChecker *)codesignCheckerWithError:(NSError **)error {
+  if (!self.cachedCodesignChecker && !self.codesignCheckerError) {
+    NSError *e;
+    self.cachedCodesignChecker = [[MOLCodesignChecker alloc] initWithBinaryPath:self.path error:&e];
+    self.codesignCheckerError = e;
+  }
+  if (error) *error = self.codesignCheckerError;
+  return self.cachedCodesignChecker;
+}
+
+@end