Add missing EndpointSecurity dylib (#1315)

* Emit a log warning when overrides were applied

* Overrides now disabled in tests unless explicitly enabled

* Remove log message. Check for xctest instead of bazel env vars.

* Typo

.allstar/binary_artifacts.yaml

@@ -0,0 +1,19 @@
+# Ignore reason: These crafted binaries are used in tests
+ignorePaths:
+- Fuzzing/common/MachOParse_corpus/ret0
+- Source/common/testdata/bad_pagezero
+- Source/common/testdata/missing_pagezero
+- Source/common/testdata/missing_pagezero
+- Source/common/testdata/missing_pagezero
+- Source/common/testdata/32bitplist
+- Source/common/testdata/BundleExample.app/Contents/MacOS/BundleExample
+- Source/common/testdata/DirectoryBundle/Contents/MacOS/DirectoryBundle
+- Source/common/testdata/DirectoryBundle/Contents/Resources/BundleExample.app/Contents/MacOS/BundleExample
+- Source/santad/testdata/binaryrules/badbinary
+- Source/santad/testdata/binaryrules/goodbinary
+- Source/santad/testdata/binaryrules/badcert
+- Source/santad/testdata/binaryrules/banned_teamid_allowed_binary
+- Source/santad/testdata/binaryrules/banned_teamid
+- Source/santad/testdata/binaryrules/goodcert
+- Source/santad/testdata/binaryrules/noop
+- Source/santad/testdata/binaryrules/rules.db

.bazelrc

@@ -0,0 +1,47 @@
+build --apple_generate_dsym --define=apple.propagate_embedded_extra_outputs=yes
+
+build --copt=-Werror
+build --copt=-Wall
+build --copt=-Wno-error=deprecated-declarations
+# Disable -Wunknown-warning-option because deprecated-non-prototype
+# isn't recognized on older SDKs
+build --copt=-Wno-unknown-warning-option
+build --copt=-Wno-error=deprecated-non-prototype
+build --per_file_copt=.*\.mm\$@-std=c++17
+build --cxxopt=-std=c++17
+build --host_cxxopt=-std=c++17
+
+build --copt=-DSANTA_OPEN_SOURCE=1
+build --cxxopt=-DSANTA_OPEN_SOURCE=1
+
+# Many config options for sanitizers pulled from
+# https://github.com/protocolbuffers/protobuf/blob/main/.bazelrc
+build:san-common --strip=never
+build:san-common --copt="-Wno-macro-redefined"
+build:san-common --copt="-D_FORTIFY_SOURCE=0"
+build:san-common --copt="-O1"
+build:san-common --copt="-fno-omit-frame-pointer"
+
+build:asan --config=san-common
+build:asan --copt="-fsanitize=address"
+build:asan --copt="-DADDRESS_SANITIZER"
+build:asan --linkopt="-fsanitize=address"
+build:asan --test_env="ASAN_OPTIONS=log_path=/tmp/san_out"
+
+build:tsan --config=san-common
+build:tsan --copt="-fsanitize=thread"
+build:tsan --copt="-DTHREAD_SANITIZER=1"
+build:tsan --linkopt="-fsanitize=thread"
+build:tsan --test_env="TSAN_OPTIONS=log_path=/tmp/san_out:halt_on_error=true"
+
+build:ubsan --config=san-common
+build:ubsan --copt="-fsanitize=undefined"
+build:ubsan --copt="-DUNDEFINED_SANITIZER=1"
+build:ubsan --copt="-fno-sanitize=function" --copt="-fno-sanitize=vptr"
+build:ubsan --linkopt="-fsanitize=undefined"
+build:ubsan --test_env="UBSAN_OPTIONS=log_path=/tmp/san_out"
+
+build:fuzz --config=san-common
+build:fuzz --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:libfuzzer
+build:fuzz --@rules_fuzzing//fuzzing:cc_engine_instrumentation=libfuzzer
+build:fuzz --@rules_fuzzing//fuzzing:cc_engine_sanitizer=asan

.bazelversion

@@ -0,0 +1 @@
+6.3.2

.clang-format

@@ -0,0 +1,32 @@
+Language: ObjC
+BasedOnStyle: Google
+
+IndentWidth: 2
+ObjCBlockIndentWidth: 2
+ContinuationIndentWidth: 2
+
+# For ObjC, the line limit is 100
+ColumnLimit: 100
+
+# Allow short case statements to be on a single line
+AllowShortCaseLabelsOnASingleLine: true
+
+AllowShortLoopsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: Inline
+
+# Allow spaces in NSArray/NSDictionary literals @[ and @{
+SpacesInContainerLiterals: true
+
+# For pointers, always put the * next to the variable name.
+DerivePointerAlignment: false
+PointerAlignment: Right
+
+
+---
+Language: Cpp
+Standard: Cpp11
+
+BasedOnStyle: Google
+
+# For C++, the line limit is 80
+ColumnLimit: 80

.github/workflows/check-markdown.yml

@@ -0,0 +1,17 @@
+name: Check Markdown
+
+on:
+  pull_request:
+    paths:
+      - "**.md"
+
+jobs:
+  markdown-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Santa"
+        uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # ratchet:actions/checkout@master
+      - name: "Check for deadlinks"
+        uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # ratchet:gaurav-nelson/github-action-markdown-link-check@v1
+      - name: "Check for trailing whitespace and newlines"
+        run: "! git grep -EIn $'[ \t]+$' -- ':(exclude)*.patch'"

.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: CI
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - 'Source/**'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'Source/**'
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
+      - name: Run linters
+        run: ./Testing/lint.sh
+  build_userspace:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-11, macos-12, macos-13]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
+      - name: Build Userspace
+        run: bazel build --apple_generate_dsym -c opt :release --define=SANTA_BUILD_TYPE=adhoc
+  unit_tests:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-11, macos-12, macos-13]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
+      - name: Run All Tests
+        run: bazel test :unit_tests --define=SANTA_BUILD_TYPE=adhoc --test_output=errors
+  test_coverage:
+    runs-on: macos-11
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
+      - name: Generate test coverage
+        run: sh ./generate_cov.sh
+      - name: Coveralls
+        uses: coverallsapp/github-action@09b709cf6a16e30b0808ba050c7a6e8a5ef13f8d # ratchet:coverallsapp/github-action@master
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          path-to-lcov: ./bazel-out/_coverage/_coverage_report.dat
+          flag-name: Unit

.github/workflows/continuous.yml

@@ -0,0 +1,13 @@
+name: continuous
+on:
+  schedule:
+    - cron: '0 10 * * *' # Every day at 10:00 UTC
+  workflow_dispatch:  # Allows you to run this workflow manually from the Actions tab
+
+jobs:
+  preqs:
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Checks for flaky tests
+        run: bazel test --test_strategy=exclusive --test_output=errors --runs_per_test 50 -t- :unit_tests --define=SANTA_BUILD_TYPE=adhoc

.github/workflows/e2e.yml

@@ -0,0 +1,49 @@
+name: E2E
+
+on:
+  schedule:
+    - cron: '0 4 * * *' # Every day at 4:00 UTC (not to interfere with fuzzing)
+  workflow_dispatch:
+
+jobs:
+  start_vm:
+    runs-on: e2e-host
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
+      - name: Start VM
+        run: python3 Testing/integration/actions/start_vm.py macOS_14.bundle.tar.gz
+
+  integration:
+    runs-on: e2e-vm
+    env:
+      VM_PASSWORD: ${{ secrets.VM_PASSWORD }}
+    steps:
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
+      - name: Add homebrew to PATH
+        run: echo "/opt/homebrew/bin/" >> $GITHUB_PATH
+      - name: Install configuration profile
+        run: bazel run //Testing/integration:install_profile -- Testing/integration/configs/default.mobileconfig
+      - name: Build, install, and sync santa
+        run: |
+          bazel run :reload --define=SANTA_BUILD_TYPE=adhoc
+          bazel run //Testing/integration:allow_sysex
+      - name: Test config changes
+        run: ./Testing/integration/test_config_changes.sh
+      - name: Build, install, and start moroz
+        run: |
+          bazel build @com_github_groob_moroz//cmd/moroz:moroz
+          cp bazel-bin/external/com_github_groob_moroz/cmd/moroz/moroz_/moroz /tmp/moroz
+          /tmp/moroz -configs="$GITHUB_WORKSPACE/Testing/integration/configs/moroz_default/global.toml" -use-tls=false &
+          sudo santactl sync --debug
+      - name: Run integration test binaries
+        run: |
+          bazel test //Testing/integration:integration_tests
+          sleep 3
+          bazel run //Testing/integration:dismiss_santa_popup || true
+      - name: Test sync server changes
+        run: ./Testing/integration/test_sync_changes.sh
+      - name: Test USB blocking
+        run: ./Testing/integration/test_usb.sh
+      - name: Poweroff
+        if: ${{ always() }}
+        run: sudo shutdown -h +1

.github/workflows/fuzz.yml

@@ -0,0 +1,35 @@
+name: Fuzzing
+
+on:
+  schedule:
+    - cron: '0 6 * * *' # Every day at 6:00 UTC
+  workflow_dispatch:  # Allows you to run this workflow manually from the Actions tab
+
+jobs:
+  start_vm:
+    runs-on: e2e-host
+    steps:
+      - uses: actions/checkout@v3
+      - name: Start VM
+        run: python3 Testing/integration/actions/start_vm.py macOS_13.bundle.tar.gz
+
+  fuzz:
+    runs-on: e2e-vm
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup libfuzzer
+        run: Fuzzing/install_libclang_fuzzer.sh
+      - name: Fuzz
+        run: |
+          for target in $(bazel query 'kind(fuzzing_launcher, //Fuzzing:all)'); do
+            bazel run --config=fuzz $target -- -- -max_len=32768 -runs=1000000 -timeout=5
+          done
+      - name: Upload crashes
+        uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: artifacts
+          path: /tmp/fuzzing/artifacts
+      - name: Poweroff VM
+        if: ${{ always() }}
+        run: sudo shutdown -h +1

.github/workflows/sanitizers.yml

@@ -0,0 +1,30 @@
+name: sanitizers
+on:
+  schedule:
+    - cron: '0 16 * * *'
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: macos-latest
+    strategy:
+      matrix:
+        sanitizer: [asan, tsan, ubsan]
+    steps:
+      - uses: actions/checkout@v3
+      - name: ${{ matrix.sanitizer }}
+        run: |
+          CLANG_VERSION=$(clang --version | head -n 1 | cut -d' ' -f 4)
+          DYLIB_PATH="$(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.${{ matrix.sanitizer }}_osx_dynamic.dylib"
+
+          bazel test --config=${{ matrix.sanitizer }} \
+            --test_strategy=exclusive --test_output=all \
+            --test_env=DYLD_INSERT_LIBRARIES=${DYLIB_PATH} \
+            --runs_per_test 5 -t- :unit_tests \
+            --define=SANTA_BUILD_TYPE=adhoc
+      - name: Upload logs
+        uses: actions/upload-artifact@v1
+        if: failure()
+        with:
+          name: logs
+          path: /tmp/san_out*

.gitignore

@@ -1,8 +1,20 @@
 .DS_Store
-Build
-Dist
+*.profraw
+*.provisionprofile
+bazel-*
 Pods
-Santa.xcodeproj/xcuserdata
-Santa.xcodeproj/project.xcworkspace
-Santa.xcworkspace/xcuserdata
-Santa.xcworkspace/xcshareddata
+Santa.xcodeproj/*
+Santa.xcworkspace/*
+CoverageData/*
+*.tulsiconf-user
+xcuserdata
+tulsigen-*
+*.crt
+*.key
+*.pem
+*.p12
+*.keychain
+*.swp
+compile_commands.json
+.cache/
+.vscode/*

.pylintrc

@@ -0,0 +1,429 @@
+# This Pylint rcfile contains a best-effort configuration to uphold the
+# best-practices and style described in the Google Python style guide:
+#   https://google.github.io/styleguide/pyguide.html
+#
+# Its canonical open-source location is:
+#   https://google.github.io/styleguide/pylintrc
+
+[MASTER]
+
+# Files or directories to be skipped. They should be base names, not paths.
+ignore=third_party
+
+# Files or directories matching the regex patterns are skipped. The regex
+# matches against base names, not paths.
+ignore-patterns=
+
+# Pickle collected data for later comparisons.
+persistent=no
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Use multiple processes to speed up Pylint.
+jobs=4
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
+confidence=
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+#enable=
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once).You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use"--disable=all --enable=classes
+# --disable=W"
+disable=abstract-method,
+        apply-builtin,
+        arguments-differ,
+        attribute-defined-outside-init,
+        backtick,
+        bad-option-value,
+        basestring-builtin,
+        buffer-builtin,
+        c-extension-no-member,
+        consider-using-enumerate,
+        cmp-builtin,
+        cmp-method,
+        coerce-builtin,
+        coerce-method,
+        delslice-method,
+        div-method,
+        duplicate-code,
+        eq-without-hash,
+        execfile-builtin,
+        file-builtin,
+        filter-builtin-not-iterating,
+        fixme,
+        getslice-method,
+        global-statement,
+        hex-method,
+        idiv-method,
+        implicit-str-concat,
+        import-error,
+        import-self,
+        import-star-module-level,
+        inconsistent-return-statements,
+        input-builtin,
+        intern-builtin,
+        invalid-str-codec,
+        locally-disabled,
+        long-builtin,
+        long-suffix,
+        map-builtin-not-iterating,
+        misplaced-comparison-constant,
+        missing-function-docstring,
+        metaclass-assignment,
+        next-method-called,
+        next-method-defined,
+        no-absolute-import,
+        no-else-break,
+        no-else-continue,
+        no-else-raise,
+        no-else-return,
+        no-init,  # added
+        no-member,
+        no-name-in-module,
+        no-self-use,
+        nonzero-method,
+        oct-method,
+        old-division,
+        old-ne-operator,
+        old-octal-literal,
+        old-raise-syntax,
+        parameter-unpacking,
+        print-statement,
+        raising-string,
+        range-builtin-not-iterating,
+        raw_input-builtin,
+        rdiv-method,
+        reduce-builtin,
+        relative-import,
+        reload-builtin,
+        round-builtin,
+        setslice-method,
+        signature-differs,
+        standarderror-builtin,
+        suppressed-message,
+        sys-max-int,
+        too-few-public-methods,
+        too-many-ancestors,
+        too-many-arguments,
+        too-many-boolean-expressions,
+        too-many-branches,
+        too-many-instance-attributes,
+        too-many-locals,
+        too-many-nested-blocks,
+        too-many-public-methods,
+        too-many-return-statements,
+        too-many-statements,
+        trailing-newlines,
+        unichr-builtin,
+        unicode-builtin,
+        unnecessary-pass,
+        unpacking-in-except,
+        useless-else-on-loop,
+        useless-object-inheritance,
+        useless-suppression,
+        using-cmp-argument,
+        wrong-import-order,
+        xrange-builtin,
+        zip-builtin-not-iterating,
+
+
+[REPORTS]
+
+# Set the output format. Available formats are text, parseable, colorized, msvs
+# (visual studio) and html. You can also give a reporter class, eg
+# mypackage.mymodule.MyReporterClass.
+output-format=text
+
+# Tells whether to display a full report or only the messages
+reports=no
+
+# Python expression which should return a note less than 10 (10 is the highest
+# note). You have access to the variables errors warning, statement which
+# respectively contain the number of errors / warnings messages and the total
+# number of statements analyzed. This is used by the global evaluation report
+# (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details
+#msg-template=
+
+
+[BASIC]
+
+# Good variable names which should always be accepted, separated by a comma
+good-names=main,_
+
+# Bad variable names which should always be refused, separated by a comma
+bad-names=
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Include a hint for the correct naming format with invalid-name
+include-naming-hint=no
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+property-classes=abc.abstractproperty,cached_property.cached_property,cached_property.threaded_cached_property,cached_property.cached_property_with_ttl,cached_property.threaded_cached_property_with_ttl
+
+# Regular expression matching correct function names
+function-rgx=^(?:(?P<exempt>setUp|tearDown|setUpModule|tearDownModule)|(?P<camel_case>_?[A-Z][a-zA-Z0-9]*)|(?P<snake_case>_?[a-z][a-z0-9_]*))$
+
+# Regular expression matching correct variable names
+variable-rgx=^[a-z][a-z0-9_]*$
+
+# Regular expression matching correct constant names
+const-rgx=^(_?[A-Z][A-Z0-9_]*|__[a-z0-9_]+__|_?[a-z][a-z0-9_]*)$
+
+# Regular expression matching correct attribute names
+attr-rgx=^_{0,2}[a-z][a-z0-9_]*$
+
+# Regular expression matching correct argument names
+argument-rgx=^[a-z][a-z0-9_]*$
+
+# Regular expression matching correct class attribute names
+class-attribute-rgx=^(_?[A-Z][A-Z0-9_]*|__[a-z0-9_]+__|_?[a-z][a-z0-9_]*)$
+
+# Regular expression matching correct inline iteration names
+inlinevar-rgx=^[a-z][a-z0-9_]*$
+
+# Regular expression matching correct class names
+class-rgx=^_?[A-Z][a-zA-Z0-9]*$
+
+# Regular expression matching correct module names
+module-rgx=^(_?[a-z][a-z0-9_]*|__init__)$
+
+# Regular expression matching correct method names
+method-rgx=(?x)^(?:(?P<exempt>_[a-z0-9_]+__|runTest|setUp|tearDown|setUpTestCase|tearDownTestCase|setupSelf|tearDownClass|setUpClass|(test|assert)_*[A-Z0-9][a-zA-Z0-9_]*|next)|(?P<camel_case>_{0,2}[A-Z][a-zA-Z0-9_]*)|(?P<snake_case>_{0,2}[a-z][a-z0-9_]*))$
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=(__.*__|main|test.*|.*test|.*Test)$
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=10
+
+
+[TYPECHECK]
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager,contextlib2.contextmanager
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis. It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=optparse.Values,thread._local,_thread._local
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+
+[FORMAT]
+
+# Maximum number of characters on a single line.
+max-line-length=80
+
+# TODO(https://github.com/PyCQA/pylint/issues/3352): Direct pylint to exempt
+# lines made too long by directives to pytype.
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=(?x)(
+  ^\s*(\#\ )?<?https?://\S+>?$|
+  ^\s*(from\s+\S+\s+)?import\s+.+$)
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=yes
+
+# Maximum number of lines in a module
+max-module-lines=99999
+
+# String used as indentation unit.  The internal Google style guide mandates 2
+# spaces.  Google's externaly-published style guide says 4, consistent with
+# PEP 8.  Here, we use 2 spaces, for conformity with many open-sourced Google
+# projects (like TensorFlow).
+indent-string='  '
+
+# Number of spaces of indent required inside a hanging  or continued line.
+indent-after-paren=4
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=TODO
+
+
+[STRING]
+
+# This flag controls whether inconsistent-quotes generates a warning when the
+# character used as a quote delimiter is used inconsistently within a module.
+check-quote-consistency=yes
+
+
+[VARIABLES]
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# A regular expression matching the name of dummy variables (i.e. expectedly
+# not used).
+dummy-variables-rgx=^\*{0,2}(_$|unused_|dummy_)
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid to define new builtins when possible.
+additional-builtins=
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,_cb
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six,six.moves,past.builtins,future.builtins,functools
+
+
+[LOGGING]
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format
+logging-modules=logging,absl.logging,tensorflow.io.logging
+
+
+[SIMILARITIES]
+
+# Minimum lines number of a similarity.
+min-similarity-lines=4
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=no
+
+
+[SPELLING]
+
+# Spelling dictionary name. Available dictionaries: none. To make it working
+# install python-enchant package.
+spelling-dict=
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to indicated private dictionary in
+# --spelling-private-dict-file option instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[IMPORTS]
+
+# Deprecated modules which should not be used, separated by a comma
+deprecated-modules=regsub,
+                   TERMIOS,
+                   Bastion,
+                   rexec,
+                   sets
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled)
+import-graph=
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled)
+ext-import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled)
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant, absl
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+
+[CLASSES]
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,
+                      __new__,
+                      setUp
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,
+                  _fields,
+                  _replace,
+                  _source,
+                  _make
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls,
+                            class_
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=mcs
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "Exception"
+overgeneral-exceptions=StandardError,
+                       Exception,
+                       BaseException

.travis.yml

@@ -1,8 +0,0 @@
----
-language: objective-c
-
-before_install:
- - gem install cocoapods xcpretty
-
-script:
- - xcodebuild -workspace Santa.xcworkspace -scheme All build test CODE_SIGN_IDENTITY='' | xcpretty -sc && exit ${PIPESTATUS[0]}

BUILD

@@ -0,0 +1,200 @@
+load("@build_bazel_rules_apple//apple:versioning.bzl", "apple_bundle_version")
+load("//:helper.bzl", "run_command")
+
+package(default_visibility = ["//:santa_package_group"])
+
+licenses(["notice"])
+
+exports_files(["LICENSE"])
+
+# The version label for mac_* rules.
+apple_bundle_version(
+    name = "version",
+    build_label_pattern = ".*santa_{release}\\.{build}",
+    build_version = "{release}.{build}",
+    capture_groups = {
+        "release": "\\d{4}\\.\\d+",
+        "build": "\\d+",
+    },
+    fallback_build_label = "santa_9999.1.1",
+    short_version_string = "{release}",
+)
+
+# Used to detect release builds
+config_setting(
+    name = "release_build",
+    values = {"define": "SANTA_BUILD_TYPE=release"},
+    visibility = [":santa_package_group"],
+)
+
+# Adhoc signed - provisioning profiles are not used.
+# Used for CI runs and dev builds when SIP is disabled.
+config_setting(
+    name = "adhoc_build",
+    values = {"define": "SANTA_BUILD_TYPE=adhoc"},
+    visibility = [":santa_package_group"],
+)
+
+# Used to detect optimized builds
+config_setting(
+    name = "opt_build",
+    values = {"compilation_mode": "opt"},
+)
+
+package_group(
+    name = "santa_package_group",
+    packages = ["//..."],
+)
+
+################################################################################
+# Loading/Unloading/Reloading
+################################################################################
+run_command(
+    name = "unload",
+    cmd = """
+sudo launchctl unload /Library/LaunchDaemons/com.google.santad.plist 2>/dev/null
+sudo launchctl unload /Library/LaunchDaemons/com.google.santa.bundleservice.plist 2>/dev/null
+sudo launchctl unload /Library/LaunchDaemons/com.google.santa.metricservice.plist 2>/dev/null
+sudo launchctl unload /Library/LaunchDaemons/com.google.santa.syncservice.plist 2>/dev/null
+launchctl unload /Library/LaunchAgents/com.google.santa.plist 2>/dev/null
+""",
+)
+
+run_command(
+    name = "load",
+    cmd = """
+sudo launchctl load /Library/LaunchDaemons/com.google.santad.plist
+sudo launchctl load /Library/LaunchDaemons/com.google.santa.bundleservice.plist
+sudo launchctl load /Library/LaunchDaemons/com.google.santa.metricservice.plist
+sudo launchctl load /Library/LaunchDaemons/com.google.santa.syncservice.plist
+launchctl load /Library/LaunchAgents/com.google.santa.plist
+""",
+)
+
+run_command(
+    name = "reload",
+    srcs = [
+        "//Source/gui:Santa",
+    ],
+    cmd = """
+set -e
+
+rm -rf /tmp/bazel_santa_reload
+unzip -d /tmp/bazel_santa_reload \
+    $${BUILD_WORKSPACE_DIRECTORY}/bazel-out/*$(COMPILATION_MODE)*/bin/Source/gui/Santa.zip >/dev/null
+echo "You may be asked for your password for sudo"
+sudo BINARIES=/tmp/bazel_santa_reload CONF=$${BUILD_WORKSPACE_DIRECTORY}/Conf \
+    $${BUILD_WORKSPACE_DIRECTORY}/Conf/install.sh
+rm -rf /tmp/bazel_santa_reload
+echo "Time to stop being naughty"
+""",
+)
+
+################################################################################
+# Release rules - used to create a release tarball
+################################################################################
+genrule(
+    name = "release",
+    srcs = [
+        "//Source/gui:Santa",
+        "Conf/install.sh",
+        "Conf/uninstall.sh",
+        "Conf/com.google.santa.bundleservice.plist",
+        "Conf/com.google.santa.metricservice.plist",
+        "Conf/com.google.santa.syncservice.plist",
+        "Conf/com.google.santad.plist",
+        "Conf/com.google.santa.plist",
+        "Conf/com.google.santa.newsyslog.conf",
+        "Conf/Package/Distribution.xml",
+        "Conf/Package/notarization_tool.sh",
+        "Conf/Package/package_and_sign.sh",
+        "Conf/Package/postinstall",
+        "Conf/Package/preinstall",
+    ],
+    outs = ["santa-release.tar.gz"],
+    cmd = select({
+        "//conditions:default": """
+        echo "ERROR: Trying to create a release tarball without optimization."
+        echo "Please add '-c opt' flag to bazel invocation"
+        """,
+        ":opt_build": """
+      # Extract Santa.zip
+      for SRC in $(SRCS); do
+        if [ "$$(basename $${SRC})" == "Santa.zip" ]; then
+          mkdir -p $(@D)/binaries
+          unzip -q $${SRC} -d $(@D)/binaries >/dev/null
+        fi
+      done
+
+      # Copy config files
+      for SRC in $(SRCS); do
+        if [[ "$$(dirname $${SRC})" == *"Conf"* ]]; then
+          mkdir -p $(@D)/conf
+          cp -H $${SRC} $(@D)/conf/
+        fi
+      done
+
+      # Gather together the dSYMs. Throw an error if no dSYMs were found
+      for SRC in $(SRCS); do
+        case $${SRC} in
+          *santad.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santad.dSYM
+            ;;
+          *santactl.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santactl.dSYM
+            ;;
+          *santabundleservice.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santabundleservice.dSYM
+            ;;
+          *santametricservice.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santametricservice.dSYM
+            ;;
+          *santasyncservice.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/santasyncservice.dSYM
+            ;;
+          *Santa.app.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/Santa.app.dSYM
+            ;;
+          *com.google.santa.daemon.systemextension.dSYM*Info.plist)
+            mkdir -p $(@D)/dsym
+            cp -LR $$(dirname $$(dirname $${SRC})) $(@D)/dsym/com.google.santa.daemon.systemextension.dSYM
+            ;;
+        esac
+      done
+
+      # Cause a build failure if the dSYMs are missing.
+      if [[ ! -d "$(@D)/dsym" ]]; then
+        echo "dsym dir missing: Did you forget to use --apple_generate_dsym?"
+        echo "This flag is required for the 'release' target."
+        exit 1
+      fi
+
+      # Update all the timestamps to now. Bazel avoids timestamps to allow
+      # builds to be hermetic and cacheable but for releases we want the
+      # timestamps to be more-or-less correct.
+      find $(@D)/{binaries,conf,dsym} -exec touch {} \\;
+
+      # Create final output tar
+      tar -C $(@D) -czpf $(@) binaries dsym conf
+    """,
+    }),
+    heuristic_label_expansion = 0,
+)
+
+test_suite(
+    name = "unit_tests",
+    tests = [
+        "//Source/common:unit_tests",
+        "//Source/gui:unit_tests",
+        "//Source/santactl:unit_tests",
+        "//Source/santad:unit_tests",
+        "//Source/santametricservice:unit_tests",
+        "//Source/santasyncservice:unit_tests",
+    ],
+)

CODEOWNERS

@@ -0,0 +1 @@
+* @google/macendpoints

CONTRIBUTING.md

@@ -1,37 +0,0 @@
-Want to contribute? Great! First, read this page (including the small print at the end).
-
-### Before you contribute
-Before we can use your code, you must sign the
-[Google Individual Contributor License Agreement](https://developers.google.com/open-source/cla/individual)
-(CLA), which you can do online. The CLA is necessary mainly because you own the
-copyright to your changes, even after your contribution becomes part of our
-codebase, so we need your permission to use and distribute your code. We also
-need to be sure of various other things—for instance that you'll tell us if you
-know that your code infringes on other people's patents. You don't have to sign
-the CLA until after you've submitted your code for review and a member has
-approved it, but you must do it before we can put your code into our codebase.
-
-Before you start working on a larger contribution, you should get in touch with
-us first through the [issue tracker](https://github.com/google/santa/issues)
-with your idea so that we can help out and possibly guide you. Coordinating up 
-front makes it much easier to avoid frustration later on.
-
-### Code reviews
-All submissions, including submissions by project members, require review. We
-use GitHub pull requests for this purpose. It's also a good idea to run the
-tests beforehand, which you can do with the following commands:
-
-```sh
-rake tests:logic
-rake tests:kernel  # only necessary if you're changing the kext code
-```
-### Code Style
-
-All code submissions should try to match the surrounding code.  Wherever possible,
-code should adhere to either the
-[Google Objective-C Style Guide](http://google-styleguide.googlecode.com/svn/trunk/objcguide.xml)
-or the [Google C++ Style Guide](http://google-styleguide.googlecode.com/svn/trunk/cppguide.html).
-
-### The small print
-Contributions made by corporations are covered by a different agreement than
-the one above, the [Software Grant and Corporate Contributor License Agreement](https://developers.google.com/open-source/cla/corporate).

CONTRIBUTING.md

@@ -0,0 +1 @@
+docs/development/contributing.md

Conf/Package/Distribution.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<installer-gui-script minSpecVersion="1">
+<title>Santa</title>
+<options customize="never" allow-external-scripts="no" hostArchitectures="x86_64,arm64" />
+
+<choices-outline>
+	<line choice="default" />
+</choices-outline>
+
+<choice id="default">
+    <pkg-ref id="com.google.santa"/>
+</choice>
+
+<pkg-ref id="com.google.santa">app.pkg</pkg-ref>
+
+</installer-gui-script>

Conf/Package/Makefile

@@ -1,88 +0,0 @@
-#
-#  Package Makefile for Santa
-#  Requires TheLuggage (github.com/unixorn/luggage) to be installed
-#
-#  Will generate a package based on the latest release. You can replace
-#  the PACKAGE_VERSION variable with a specific variable instead if you wish.
-#
-
-LUGGAGE:=/usr/local/share/luggage/luggage.make
-include ${LUGGAGE}
-
-TITLE:=santa
-REVERSE_DOMAIN:=com.google
-
-# Get latest Release version using the GitHub API. Each release is bound to a
-# git tag, which should always be a semantic version number. The most recent
-# release is always first in the API result.
-PACKAGE_VERSION:=$(shell curl -fs https://api.github.com/repos/google/santa/releases |\
-	python -c 'import json, sys; print json.load(sys.stdin)[0]["tag_name"]' 2>/dev/null)
-
-# Get the download URL for the latest Release. Each release should have a
-# tarball named santa-$version.tar.bz2 containing all of the files associated
-# with that release. The tarball layout is:
-#
-#   santa-$version.tar.bz2
-#   +--santa-$version
-#         |-- binaries
-#         |    |-- santa-driver.kext
-#         |    |-- Santa.app
-#         |-- conf
-#         |    |-- install.sh
-#         |    |-- com.google.santad.plist
-#         |    |-- com.google.santasync.plist
-#         |    |-- com.google.santagui.plist
-#         |    +-- com.google.santa.asl.conf
-#         +--dsym
-#              |-- santa-driver.kext.dSYM
-#              |-- Santa.app.dSYM
-#              |-- santad.dSYM
-#              +-- santactl.dSYM
-PACKAGE_DOWNLOAD_URL:="https://github.com/google/santa/releases/download/${PACKAGE_VERSION}/santa-${PACKAGE_VERSION}.tar.bz2"
-
-PAYLOAD:=pack-Library-Extensions-santa-driver.kext \
-	pack-applications-Santa.app \
-	pack-Library-LaunchDaemons-com.google.santad.plist \
-	pack-Library-LaunchDaemons-com.google.santasync.plist \
-	pack-Library-LaunchAgents-com.google.santagui.plist \
-	pack-etc-asl-com.google.santa.asl.conf \
-	pack-script-preinstall \
-	pack-script-postinstall
-
-santa-driver.kext: download
-Santa.app: download
-com.google.santad.plist: download
-com.google.santagui.plist: download
-com.google.santasync.plist: download
-com.google.santa.asl.conf: download
-
-download:
-	$(if $(PACKAGE_VERSION),, $(error GitHub API returned unexpected result. Wait a while and try again))
-
-	@curl -fL ${PACKAGE_DOWNLOAD_URL} | tar xvj --strip=2
-	@rm -rf *.dSYM
-
-pack-etc-asl-com.google.santa.asl.conf: com.google.santa.asl.conf l_private_etc
-	@sudo mkdir -p ${WORK_D}/private/etc/asl
-	@sudo chown root:wheel ${WORK_D}/private/etc/asl
-	@sudo chmod 755 ${WORK_D}/private/etc/asl
-	@sudo install -m 644 -o root -g wheel com.google.santa.asl.conf ${WORK_D}/private/etc/asl
-
-pack-Library-Extensions-santa-driver.kext: santa-driver.kext l_Library
-	@sudo mkdir -p ${WORK_D}/Library/Extensions
-	@sudo ${DITTO} --noqtn santa-driver.kext ${WORK_D}/Library/Extensions/santa-driver.kext
-	@sudo chown -R root:wheel ${WORK_D}/Library/Extensions/santa-driver.kext
-	@sudo chmod -R 755 ${WORK_D}/Library/Extensions/santa-driver.kext
-
-clean: myclean
-
-myclean:
-	@rm -rf *.dSYM
-	@rm -rf Santa.app
-	@rm -rf santa-driver.kext
-	@rm -f config.plist
-	@rm -f com.google.santa.asl.conf
-	@rm -f com.google.santad.plist
-	@rm -f com.google.santagui.plist
-	@rm -f com.google.santasync.plist
-	@rm -f install.sh

Conf/Package/notarization_tool.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Example NOTARIZATION_TOOL wrapper.
+
+/usr/bin/xcrun notarytool submit "${2}" --wait \
+  --apple-id "${NOTARIZATION_USERNAME}" --password "${NOTARIZATION_PASSWORD}"

Conf/Package/package_and_sign.sh

@@ -0,0 +1,182 @@
+#!/bin/bash
+
+# This script signs all of Santa's components, verifies the signatures,
+# notarizes all of the components, staples them, packages them up, signs the
+# package, notarizes the package, puts the package in a DMG and notarizes the
+# DMG. It also outputs a single release tarball.
+# All of the following environment variables are required.
+
+# RELEASE_ROOT is a required environment variable that points to the root
+# of an extracted release tarball produced with the :release and :release_driver
+# rules in Santa's main BUILD file.
+[[ -n "${RELEASE_ROOT}" ]] || die "RELEASE_ROOT unset"
+
+# SIGNING_IDENTITY, SIGNING_TEAMID and SIGNING_KEYCHAIN are required environment
+# variables specifying the identity and keychain to pass to the codesign tool
+# and the team ID to use for verification.
+[[ -n "${SIGNING_IDENTITY}" ]] || die "SIGNING_IDENTITY unset"
+[[ -n "${SIGNING_TEAMID}" ]] || die "SIGNING_TEAMID unset"
+[[ -n "${SIGNING_KEYCHAIN}" ]] || die "SIGNING_KEYCHAIN unset"
+
+# INSTALLER_SIGNING_IDENTITY and INSTALLER_SIGNING_KEYCHAIN are required
+# environment variables specifying the identity and keychain to use when signing
+# the distribution package.
+[[ -n "${INSTALLER_SIGNING_IDENTITY}" ]] || die "INSTALLER_SIGNING_IDENTITY unset"
+[[ -n "${INSTALLER_SIGNING_KEYCHAIN}" ]] || die "INSTALLER_SIGNING_KEYCHAIN unset"
+
+# NOTARIZATION_TOOL is a required environment variable pointing to a wrapper
+# tool around the tool to use for notarization. The tool must take 2 flags:
+#    --file
+#        - pointing at a zip file containing the artifact to notarize
+[[ -n "${NOTARIZATION_TOOL}" ]] || die "NOTARIZATION_TOOL unset"
+
+# ARTIFACTS_DIR is a required environment variable pointing at a directory to
+# place the output artifacts in.
+[[ -n "${ARTIFACTS_DIR}" ]] || die "ARTIFACTS_DIR unset"
+
+################################################################################
+
+function die {
+  echo "${@}"
+  exit 2
+}
+
+readonly INPUT_APP="${RELEASE_ROOT}/binaries/Santa.app"
+readonly INPUT_SYSX="${INPUT_APP}/Contents/Library/SystemExtensions/com.google.santa.daemon.systemextension"
+readonly INPUT_SANTACTL="${INPUT_APP}/Contents/MacOS/santactl"
+readonly INPUT_SANTABS="${INPUT_APP}/Contents/MacOS/santabundleservice"
+readonly INPUT_SANTAMS="${INPUT_APP}/Contents/MacOS/santametricservice"
+readonly INPUT_SANTASS="${INPUT_APP}/Contents/MacOS/santasyncservice"
+
+readonly RELEASE_NAME="santa-$(/usr/bin/defaults read "${INPUT_APP}/Contents/Info.plist" CFBundleShortVersionString)"
+
+readonly SCRATCH=$(/usr/bin/mktemp -d "${TMPDIR}/santa-"XXXXXX)
+readonly APP_PKG_ROOT="${SCRATCH}/app_pkg_root"
+readonly APP_PKG_SCRIPTS="${SCRATCH}/pkg_scripts"
+readonly ENTITLEMENTS="${SCRATCH}/entitlements"
+
+readonly SCRIPT_PATH="$(/usr/bin/dirname -- ${BASH_SOURCE[0]})"
+
+/bin/mkdir -p "${APP_PKG_ROOT}" "${APP_PKG_SCRIPTS}" "${ENTITLEMENTS}"
+
+readonly DMG_PATH="${ARTIFACTS_DIR}/${RELEASE_NAME}.dmg"
+readonly TAR_PATH="${ARTIFACTS_DIR}/${RELEASE_NAME}.tar.gz"
+
+# Sign all of binaries/bundles. Maintain inside-out ordering where necessary
+for ARTIFACT in "${INPUT_SANTACTL}" "${INPUT_SANTABS}" "${INPUT_SANTAMS}" "${INPUT_SANTASS}" "${INPUT_SYSX}" "${INPUT_APP}"; do
+  BN=$(/usr/bin/basename "${ARTIFACT}")
+  EN="${ENTITLEMENTS}/${BN}.entitlements"
+
+  echo "extracting ${BN} entitlements"
+  /usr/bin/codesign -d --entitlements "${EN}" "${ARTIFACT}"
+  if [[ -s "${EN}" ]]; then
+    EN="--entitlements ${EN}"
+  else
+    EN=""
+  fi
+
+  echo "codesigning ${BN}"
+  /usr/bin/codesign --sign "${SIGNING_IDENTITY}" --keychain "${SIGNING_KEYCHAIN}" \
+        ${EN} --timestamp --force --generate-entitlement-der \
+        --options library,kill,runtime "${ARTIFACT}"
+done
+
+# Notarize all the bundles
+for ARTIFACT in "${INPUT_SYSX}" "${INPUT_APP}"; do
+  BN=$(/usr/bin/basename "${ARTIFACT}")
+
+  echo "zipping ${BN}"
+  /usr/bin/zip -9r "${SCRATCH}/${BN}.zip" "${ARTIFACT}"
+
+  echo "notarizing ${BN}"
+  PBID=$(/usr/bin/defaults read "${ARTIFACT}/Contents/Info.plist" CFBundleIdentifier)
+  "${NOTARIZATION_TOOL}" --file "${SCRATCH}/${BN}.zip"
+done
+
+# Staple the App.
+for ARTIFACT in "${INPUT_APP}"; do
+  BN=$(/usr/bin/basename "${ARTIFACT}")
+
+  echo "stapling ${BN}"
+  /usr/bin/xcrun stapler staple "${ARTIFACT}"
+done
+
+# Ensure _CodeSignature/CodeResources files have 0644 permissions so they can
+# be verified without using sudo.
+/usr/bin/find "${RELEASE_ROOT}/binaries" -type f -name CodeResources -exec chmod 0644 {} \;
+/usr/bin/find "${RELEASE_ROOT}/binaries" -type d -exec chmod 0755 {} \;
+/usr/bin/find "${RELEASE_ROOT}/conf" -type f -name "com.google.santa*" -exec chmod 0644 {} \;
+
+echo "verifying signatures"
+/usr/bin/codesign -vv -R="certificate leaf[subject.OU] = ${SIGNING_TEAMID}" \
+  "${RELEASE_ROOT}/binaries/"* || die "bad signature"
+
+echo "creating fresh release tarball"
+/bin/mkdir -p "${SCRATCH}/tar_root/${RELEASE_NAME}"
+/bin/cp -r "${RELEASE_ROOT}/binaries" "${SCRATCH}/tar_root/${RELEASE_NAME}"
+/bin/cp -r "${RELEASE_ROOT}/conf" "${SCRATCH}/tar_root/${RELEASE_NAME}"
+/bin/cp -r "${RELEASE_ROOT}/dsym" "${SCRATCH}/tar_root/${RELEASE_NAME}"
+/usr/bin/tar -C "${SCRATCH}/tar_root" -czvf "${TAR_PATH}" "${RELEASE_NAME}" || die "failed to create release tarball"
+
+echo "creating app pkg"
+/bin/mkdir -p "${APP_PKG_ROOT}/Applications" \
+  "${APP_PKG_ROOT}/Library/LaunchAgents" \
+  "${APP_PKG_ROOT}/Library/LaunchDaemons" \
+  "${APP_PKG_ROOT}/private/etc/asl" \
+  "${APP_PKG_ROOT}/private/etc/newsyslog.d"
+/bin/cp -vXR "${RELEASE_ROOT}/binaries/Santa.app" "${APP_PKG_ROOT}/Applications/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santad.plist" "${APP_PKG_ROOT}/Library/LaunchDaemons/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.plist" "${APP_PKG_ROOT}/Library/LaunchAgents/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.bundleservice.plist" "${APP_PKG_ROOT}/Library/LaunchDaemons/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.metricservice.plist" "${APP_PKG_ROOT}/Library/LaunchDaemons/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.syncservice.plist" "${APP_PKG_ROOT}/Library/LaunchDaemons/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.asl.conf" "${APP_PKG_ROOT}/private/etc/asl/"
+/bin/cp -vX "${RELEASE_ROOT}/conf/com.google.santa.newsyslog.conf" "${APP_PKG_ROOT}/private/etc/newsyslog.d/"
+/bin/cp -vXL "${SCRIPT_PATH}/preinstall" "${APP_PKG_SCRIPTS}/"
+/bin/cp -vXL "${SCRIPT_PATH}/postinstall" "${APP_PKG_SCRIPTS}/"
+/bin/chmod +x "${APP_PKG_SCRIPTS}/"*
+
+# Disable bundle relocation.
+/usr/bin/pkgbuild --analyze --root "${APP_PKG_ROOT}" "${SCRATCH}/component.plist"
+/usr/bin/plutil -replace BundleIsRelocatable -bool NO "${SCRATCH}/component.plist"
+/usr/bin/plutil -replace BundleIsVersionChecked -bool NO "${SCRATCH}/component.plist"
+/usr/bin/plutil -replace BundleOverwriteAction -string upgrade "${SCRATCH}/component.plist"
+/usr/bin/plutil -replace ChildBundles -json "[]" "${SCRATCH}/component.plist"
+
+# Build app package
+/usr/bin/pkgbuild --identifier "com.google.santa" \
+  --version "$(echo "${RELEASE_NAME}" | cut -d - -f2)" \
+  --root "${APP_PKG_ROOT}" \
+  --component-plist "${SCRATCH}/component.plist" \
+  --scripts "${APP_PKG_SCRIPTS}" \
+  "${SCRATCH}/app.pkg"
+
+# Build signed distribution package
+echo "productbuild pkg"
+/bin/mkdir -p "${SCRATCH}/${RELEASE_NAME}"
+/usr/bin/productbuild \
+  --distribution "${SCRIPT_PATH}/Distribution.xml" \
+  --package-path "${SCRATCH}" \
+  --sign "${INSTALLER_SIGNING_IDENTITY}" --keychain "${INSTALLER_SIGNING_KEYCHAIN}" \
+  "${SCRATCH}/${RELEASE_NAME}/${RELEASE_NAME}.pkg"
+
+echo "verifying pkg signature"
+/usr/sbin/pkgutil --check-signature "${SCRATCH}/${RELEASE_NAME}/${RELEASE_NAME}.pkg" || die "bad pkg signature"
+
+echo "notarizing pkg"
+"${NOTARIZATION_TOOL}" --file "${SCRATCH}/${RELEASE_NAME}/${RELEASE_NAME}.pkg"
+
+echo "stapling pkg"
+/usr/bin/xcrun stapler staple "${SCRATCH}/${RELEASE_NAME}/${RELEASE_NAME}.pkg" || die "failed to staple pkg"
+
+echo "wrapping pkg in dmg"
+/usr/bin/hdiutil create -fs HFS+ -format UDZO \
+    -volname "${RELEASE_NAME}" \
+    -ov -imagekey zlib-level=9 \
+    -srcfolder "${SCRATCH}/${RELEASE_NAME}/" "${DMG_PATH}" || die "failed to wrap pkg in dmg"
+
+echo "notarizing dmg"
+"${NOTARIZATION_TOOL}" --file "${DMG_PATH}"
+
+echo "stapling dmg"
+/usr/bin/xcrun stapler staple "${DMG_PATH}" || die "failed to staple dmg"

Conf/Package/postinstall

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Load the kernel extension, santad, sync client
+# Load com.google.santa.daemon and com.google.santa.bundleservice
 # If a user is logged in, also load the GUI agent.
 # If the target volume is not /, do nothing
 
@@ -9,20 +9,28 @@
 # Restart syslogd to pick up ASL configuration change
 /usr/bin/killall -HUP syslogd
 
-/sbin/kextload /Library/Extensions/santa-driver.kext
-
-sleep 1
-
-/bin/launchctl load -w /Library/LaunchDaemons/com.google.santad.plist
-/bin/launchctl load -w /Library/LaunchDaemons/com.google.santasync.plist
-
-sleep 1
-
 # Create hopefully useful symlink for santactl
-/bin/ln -s /Library/Extensions/santa-driver.kext/Contents/MacOS/santactl /usr/local/bin
+mkdir -p /usr/local/bin
+/bin/ln -sf /Applications/Santa.app/Contents/MacOS/santactl /usr/local/bin/santactl
 
-user=$(/usr/bin/stat -f '%u' /dev/console)
-[[ -z "$user" ]] && exit 0
-/bin/launchctl asuser ${user} /bin/launchctl load /Library/LaunchAgents/com.google.santagui.plist
+# Remove the kext before com.google.santa.daemon loads if the SystemExtension is already present.
+/bin/launchctl list EQHXZ8M8AV.com.google.santa.daemon > /dev/null 2>&1 && rm -rf /Library/Extensions/santa-driver.kext
 
+# Load com.google.santa.daemon, its main has logic to handle loading the kext
+# or relaunching itself as a SystemExtension.
+/bin/launchctl load -w /Library/LaunchDaemons/com.google.santad.plist
+
+# Load com.google.santa.bundleservice
+/bin/launchctl load -w /Library/LaunchDaemons/com.google.santa.bundleservice.plist
+
+# Load com.google.santa.metricservice
+/bin/launchctl load -w /Library/LaunchDaemons/com.google.santa.metricservice.plist
+
+# Load com.google.santa.syncservice
+/bin/launchctl load -w /Library/LaunchDaemons/com.google.santa.syncservice.plist
+
+GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
+[[ -z "${GUI_USER}" ]] && exit 0
+
+/bin/launchctl asuser "${GUI_USER}" /bin/launchctl load /Library/LaunchAgents/com.google.santa.plist
 exit 0

Conf/Package/preinstall

@@ -6,20 +6,28 @@
 
 [[ $3 != "/" ]] && exit 0
 
-/bin/launchctl remove com.google.santad
+/bin/launchctl remove com.google.santad || true
+/bin/launchctl remove com.google.santa.bundleservice || true
+/bin/launchctl remove com.google.santa.metricservice || true
+/bin/launchctl remove com.google.santa.syncservice || true
+
+/bin/sleep 1
+
+/sbin/kextunload -b com.google.santa-driver >/dev/null 2>&1 || true
+
+# Remove cruft from old Santa versions
+/bin/rm -f /usr/libexec/santad
+/bin/rm -f /usr/sbin/santactl
 /bin/launchctl remove com.google.santasync
+/bin/rm -f /Library/LaunchDaemons/com.google.santasync.plist
+/bin/rm -rf /Applications/Santa.app
+/bin/rm -rf /Library/Extensions/santa-driver.kext
 
-sleep 1
+/bin/sleep 1
 
-/sbin/kextunload -b com.google.santa-driver >/dev/null 2>&1
-
-# Remove files from old Santa install locations, if they still exist
-/bin/rm /usr/libexec/santad
-/bin/rm /usr/sbin/santactl
-
-sleep 1
-
-user=$(/usr/bin/stat -f '%u' /dev/console)
-[[ -n "$user" ]] && /bin/launchctl asuser ${user} /bin/launchctl remove com.google.santagui
+GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
+[[ -z "${GUI_USER}" ]] && exit 0
 
+/bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santagui
+/bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santa
 exit 0

Conf/com.google.santa.asl.conf

@@ -1,4 +0,0 @@
-# Copy this file to /etc/asl to log all messages from santa-driver to the log file
-? [S= Message santa-driver:] claim only
-? [S= Message santa-driver:] file /var/log/santa.log format="[$((Time)(utc.3))] $Message"
-> /var/log/santa.log mode=0644 rotate=seq compress file_max=5M all_max=100M

Conf/com.google.santa.bundleservice.plist

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>com.google.santa.bundleservice</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Applications/Santa.app/Contents/MacOS/santabundleservice</string>
+		<string>--syslog</string>
+	</array>
+	<key>MachServices</key>
+	<dict>
+		<key>com.google.santa.bundleservice</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<false/>
+	<key>KeepAlive</key>
+	<false/>
+	<key>ProcessType</key>
+	<string>Interactive</string>
+	<key>ThrottleInterval</key>
+	<integer>0</integer>
+</dict>
+</plist>

Conf/com.google.santa.metricservice.plist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>com.google.santa.metricservice</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Applications/Santa.app/Contents/MacOS/santametricservice</string>
+		<string>--syslog</string>
+	</array>
+	<key>MachServices</key>
+	<dict>
+		<key>com.google.santa.metricservice</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>KeepAlive</key>
+	<true/>
+</dict>
+</plist>

Conf/com.google.santa.newsyslog.conf

@@ -0,0 +1,2 @@
+# logfilename             [owner:group]       mode   count size(KiB) when   flags [/pid_file] # [sig_num]
+/var/db/santa/santa.log   root:wheel          644    10    25000     *      Z

Conf/com.google.santa.plist

@@ -3,12 +3,15 @@
 <plist version="1.0">
 <dict>
 				<key>Label</key>
-				<string>com.google.santagui</string>
+				<string>com.google.santa</string>
 				<key>ProgramArguments</key>
 				<array>
 					<string>/Applications/Santa.app/Contents/MacOS/Santa</string>
+					<string>--syslog</string>
 				</array>
 				<key>RunAtLoad</key>
 				<true/>
+				<key>KeepAlive</key>
+				<true/>
 </dict>
 </plist>

Conf/com.google.santa.syncservice.plist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>com.google.santa.syncservice</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Applications/Santa.app/Contents/MacOS/santasyncservice</string>
+		<string>--syslog</string>
+	</array>
+	<key>MachServices</key>
+	<dict>
+		<key>com.google.santa.syncservice</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<false/>
+	<key>KeepAlive</key>
+	<false/>
+</dict>
+</plist>

Conf/com.google.santad.plist

@@ -1,29 +1,24 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-				<key>Label</key>
-				<string>com.google.santad</string>
-				<key>ProgramArguments</key>
-				<array>
-					<string>/Library/Extensions/santa-driver.kext/Contents/MacOS/santad</string>
-				</array>
-				<key>MachServices</key>
-				<dict>
-					<key>SantaXPCNotifications</key>
-					<true/>
-					<key>SantaXPCControl</key>
-					<true/>
-				</dict>
-				<key>StandardOutPath</key>
-				<string>/var/log/santa.log</string>
-				<key>StandardErrorPath</key>
-				<string>/var/log/santa.log</string>
-				<key>RunAtLoad</key>
-				<true/>
-				<key>KeepAlive</key>
-				<true />
-				<key>ProcessType</key>
-				<string>Interactive</string>
+	<key>Label</key>
+	<string>com.google.santad</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Applications/Santa.app/Contents/Library/SystemExtensions/com.google.santa.daemon.systemextension/Contents/MacOS/com.google.santa.daemon</string>
+		<string>--syslog</string>
+	</array>
+	<key>MachServices</key>
+	<dict>
+		<key>com.google.santa.daemon</key>
+		<true/>
+	</dict>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>KeepAlive</key>
+	<true/>
+	<key>ProcessType</key>
+	<string>Interactive</string>
 </dict>
 </plist>

Conf/com.google.santasync.plist

@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-				<key>Label</key>
-				<string>com.google.santasync</string>
-				<key>ProgramArguments</key>
-				<array>
-					<string>/Library/Extensions/santa-driver.kext/Contents/MacOS/santactl</string>
-					<string>sync</string>
-				</array>
-				<key>StandardErrorPath</key>
-				<string>/var/log/santa.log</string>
-				<key>ProcessType</key>
-				<string>Background</string>
-				<key>StartInterval</key>
-				<integer>600</integer>
-</dict>
-</plist>

Conf/config.plist

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<!-- Minimal Configuration -->
-	<key>ClientMode</key>
-	<integer>1</integer>
-
-	<!--  For documentation of other keys, see the following URL:
-  			https://github.com/google/santa/wiki/Configuration-Keys  -->
-</dict>
-</plist>

Conf/install.sh

@@ -5,54 +5,84 @@ if [[ $EUID -ne 0 ]]; then
   exit 1
 fi
 
-if [[ -d "binaries" ]]; then
-  SOURCE="."
-elif [[ -d "../binaries" ]]; then
-  SOURCE=".."
-else
-  echo "Can't find binaries, run install.sh from inside the conf directory" 1>&2
-  exit 1
+if [[ -z "${BINARIES}" || -z "${CONF}" ]]; then
+  if [[ -d "binaries" ]]; then
+    BINARIES="${PWD}/binaries"
+    CONF="${PWD}/conf"
+  elif [[ -d "../binaries" ]]; then
+    BINARIES="${PWD}/../binaries"
+    CONF="${PWD}/../conf"
+  else
+    echo "Can't find binaries, run install.sh from inside the conf directory" 1>&2
+    exit 1
+  fi
 fi
 
-# Determine if anyone is logged into the GUI
-GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
-
 # Unload santad and scheduled sync job.
 /bin/launchctl remove com.google.santad >/dev/null 2>&1
-/bin/launchctl remove com.google.santasync >/dev/null 2>&1
+
+# Unload bundle service
+/bin/launchctl remove com.google.santa.bundleservice >/dev/null 2>&1
+
+# Unload metric service
+/bin/launchctl remove com.google.santa.metricservice >/dev/null 2>&1
+
+# Unload sync service
+/bin/launchctl remove com.google.santa.syncservice >/dev/null 2>&1
 
 # Unload kext.
 /sbin/kextunload -b com.google.santa-driver >/dev/null 2>&1
 
-# Unload GUI agent if someone is logged in.
-[[ -n "$GUI_USER" ]] && \
-  /bin/launchctl asuser ${GUI_USER} /bin/launchctl remove /Library/LaunchAgents/com.google.santagui.plist
+# Determine if anyone is logged into the GUI
+GUI_USER=$(/usr/bin/stat -f '%u' /dev/console)
 
-# Delete old files, if they still exist
-/bin/rm /usr/libexec/santad
-/bin/rm /usr/sbin/santactl
+# Unload GUI agent if someone is logged in.
+[[ -n "${GUI_USER}" ]] && \
+  /bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santagui
+[[ -n "$GUI_USER" ]] && \
+  /bin/launchctl asuser "${GUI_USER}" /bin/launchctl remove com.google.santa
+
+# Cleanup cruft from old versions
+/bin/launchctl remove com.google.santasync >/dev/null 2>&1
+/bin/rm /Library/LaunchDaemons/com.google.santasync.plist >/dev/null 2>&1
+/bin/rm /usr/libexec/santad >/dev/null 2>&1
+/bin/rm /usr/sbin/santactl >/dev/null 2>&1
+/bin/rm -rf /Applications/Santa.app 2>&1
+/bin/rm -rf /Library/Extensions/santa-driver.kext 2>&1
+/bin/rm /etc/asl/com.google.santa.asl.conf
 
 # Copy new files.
-/bin/cp -r ${SOURCE}/binaries/santa-driver.kext /Library/Extensions
-/bin/cp -r ${SOURCE}/binaries/Santa.app /Applications
-/bin/ln -s /Library/Extensions/santa-driver.kext/Contents/MacOS/santactl /usr/local/bin
+/bin/mkdir -p /var/db/santa
 
-/bin/cp ${SOURCE}/conf/com.google.{santad,santasync}.plist /Library/LaunchDaemons
-/bin/cp ${SOURCE}/conf/com.google.santagui.plist /Library/LaunchAgents
-/bin/cp ${SOURCE}/conf/com.google.santa.asl.conf /etc/asl/
+/bin/cp -r ${BINARIES}/Santa.app /Applications
+
+/bin/mkdir -p /usr/local/bin
+/bin/ln -s /Applications/Santa.app/Contents/MacOS/santactl /usr/local/bin 2>/dev/null
+
+/bin/cp ${CONF}/com.google.santa.plist /Library/LaunchAgents
+/bin/cp ${CONF}/com.google.santa.bundleservice.plist /Library/LaunchDaemons
+/bin/cp ${CONF}/com.google.santa.metricservice.plist /Library/LaunchDaemons
+/bin/cp ${CONF}/com.google.santa.syncservice.plist /Library/LaunchDaemons
+/bin/cp ${CONF}/com.google.santad.plist /Library/LaunchDaemons
+/bin/cp ${CONF}/com.google.santa.newsyslog.conf /etc/newsyslog.d/
 
 # Reload syslogd to pick up ASL configuration change.
 /usr/bin/killall -HUP syslogd
 
-# Load kext.
-/sbin/kextload /Library/Extensions/santa-driver.kext
-
-# Load santad and scheduled sync jobs.
+# Load com.google.santa.daemon
 /bin/launchctl load /Library/LaunchDaemons/com.google.santad.plist
-/bin/launchctl load /Library/LaunchDaemons/com.google.santasync.plist
+
+# Load com.google.santa.bundleservice
+/bin/launchctl load /Library/LaunchDaemons/com.google.santa.bundleservice.plist
+
+# Load com.google.santa.metricservice
+/bin/launchctl load /Library/LaunchDaemons/com.google.santa.metricservice.plist
+
+# Load com.google.santa.syncservice
+/bin/launchctl load /Library/LaunchDaemons/com.google.santa.syncservice.plist
 
 # Load GUI agent if someone is logged in.
-[[ -n "$GUI_USER" ]] && \
-  /bin/launchctl asuser ${GUI_USER} /bin/launchctl load /Library/LaunchAgents/com.google.santagui.plist
+[[ -z "${GUI_USER}" ]] && exit 0
 
+/bin/launchctl asuser "${GUI_USER}" /bin/launchctl load -w /Library/LaunchAgents/com.google.santa.plist
 exit 0

Conf/uninstall.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# Uninstalls Santa from the boot volume, clearing up everything but logs/configs.
+# Unloads the kernel extension, services, and deletes component files.
+# If a user is logged in, also unloads the GUI agent.
+
+[ "$EUID" != 0 ] && printf "%s\n" "This requires running as root/sudo." && exit 1
+
+# For macOS 10.15+ this will block up to 60 seconds
+/bin/launchctl list EQHXZ8M8AV.com.google.santa.daemon > /dev/null 2>&1 && /Applications/Santa.app/Contents/MacOS/Santa --unload-system-extension
+
+/bin/launchctl remove com.google.santad
+# remove helper XPC services
+/bin/launchctl remove com.google.santa.bundleservice
+/bin/launchctl remove com.google.santa.metricservice
+/bin/launchctl remove com.google.santa.syncservice
+sleep 1
+/sbin/kextunload -b com.google.santa-driver >/dev/null 2>&1
+user=$(/usr/bin/stat -f '%u' /dev/console)
+[[ -n "$user" ]] && /bin/launchctl asuser ${user} /bin/launchctl remove com.google.santagui
+[[ -n "$user" ]] && /bin/launchctl asuser ${user} /bin/launchctl remove com.google.santa
+# and to clean out the log config, although it won't write after wiping the binary
+/usr/bin/killall -HUP syslogd
+# delete artifacts on-disk
+/bin/rm -rf /Applications/Santa.app
+/bin/rm -rf /Library/Extensions/santa-driver.kext
+/bin/rm -f /Library/LaunchAgents/com.google.santagui.plist
+/bin/rm -f /Library/LaunchAgents/com.google.santa.plist
+/bin/rm -f /Library/LaunchDaemons/com.google.santad.plist
+/bin/rm -f /Library/LaunchDaemons/com.google.santa.bundleservice.plist
+/bin/rm -f /Library/LaunchDaemons/com.google.santa.metricservice.plist
+/bin/rm -f /Library/LaunchDaemons/com.google.santa.syncservice.plist
+/bin/rm -f /private/etc/asl/com.google.santa.asl.conf
+/bin/rm -f /private/etc/newsyslog.d/com.google.santa.newsyslog.conf
+/bin/rm -f /usr/local/bin/santactl # just a symlink
+
+#uncomment to remove the config file and all databases, log files
+#/bin/rm -rf /var/db/santa
+#/bin/rm -f /var/log/santa*
+exit 0

Fuzzing/BUILD

@@ -0,0 +1,11 @@
+load("fuzzing.bzl", "objc_fuzz_test")
+
+objc_fuzz_test(
+    name = "MachOParse",
+    srcs = ["common/MachOParse.mm"],
+    corpus = glob(["common/MachOParse_corpus/*"]),
+    linkopts = ["-lsqlite3"],
+    deps = [
+        "//Source/common:SNTFileInfo",
+    ],
+)

Fuzzing/common/MachOParse.mm

@@ -0,0 +1,40 @@
+#import <Foundation/Foundation.h>
+#include <libproc.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#import "Source/common/SNTFileInfo.h"
+
+int get_num_fds() {
+  return proc_pidinfo(getpid(), PROC_PIDLISTFDS, 0, NULL, 0) / PROC_PIDLISTFD_SIZE;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  static NSString *tmpPath =
+    [NSTemporaryDirectory() stringByAppendingPathComponent:[[NSUUID UUID] UUIDString]];
+
+  int num_fds_pre = get_num_fds();
+
+  @autoreleasepool {
+    NSData *input = [NSData dataWithBytesNoCopy:(void *)data length:size freeWhenDone:false];
+    [input writeToFile:tmpPath atomically:false];
+
+    NSError *error;
+    SNTFileInfo *fi = [[SNTFileInfo alloc] initWithResolvedPath:tmpPath error:&error];
+    if (!fi || error != nil) {
+      NSLog(@"Error: %@", error);
+      return -1;
+    }
+
+    // Mach-O Parsing
+    [fi architectures];
+    [fi isMissingPageZero];
+    [fi infoPlist];
+  }
+
+  if (num_fds_pre != get_num_fds()) {
+    abort();
+  }
+
+  return 0;
+}

Fuzzing/fuzzing.bzl

@@ -0,0 +1,20 @@
+"""Utilities for fuzzing Santa"""
+
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
+
+def objc_fuzz_test(name, srcs, deps, corpus, linkopts = [], **kwargs):
+    native.objc_library(
+        name = "%s_lib" % name,
+        srcs = srcs,
+        deps = deps,
+        **kwargs
+    )
+
+    cc_fuzz_test(
+        name = name,
+        deps = [
+            "%s_lib" % name,
+        ],
+        linkopts = linkopts,
+        corpus = corpus,
+    )

Fuzzing/install_libclang_fuzzer.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# Xcode doesn't include the fuzzer runtime, but the one LLVM ships is compatible with Apple clang.
+set -uexo pipefail
+
+CLANG_VERSION=$(clang --version | head -n 1 | cut -d' ' -f 4)
+DST_PATH="$(xcode-select -p)/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a"
+
+if [ -f ${DST_PATH} ]; then
+  exit 0;
+fi
+
+curl -O -L https://github.com/llvm/llvm-project/releases/download/llvmorg-${CLANG_VERSION}/clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin.tar.xz
+tar xvf clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin.tar.xz clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a
+cp clang+llvm-${CLANG_VERSION}-x86_64-apple-darwin/lib/clang/${CLANG_VERSION}/lib/darwin/libclang_rt.fuzzer_osx.a ${DST_PATH}

Fuzzing/santacache/.gitignore

@@ -0,0 +1,3 @@
+santacache.dSYM
+santacache
+

Fuzzing/santacache/src/main.cpp

@@ -0,0 +1,43 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <SantaCache.h>
+
+#include <cstdint>
+#include <iostream>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data,
+                                      std::size_t size) {
+  static SantaCache<uint64_t, uint64_t> decision_cache(5000, 2);
+
+  std::uint64_t fields[2] = {};
+
+  if (size > 16) {
+    std::cout << "Invalid size! Start with -max_len=16\n";
+    return 1;
+  }
+
+  std::memcpy(fields, data, size);
+
+  decision_cache.set(fields[0], fields[1]);
+  auto returned_value = decision_cache.get(fields[0]);
+
+  if (returned_value != fields[1]) {
+    std::cout << fields[0] << ", " << fields[1] << " -> " << returned_value
+              << "\n";
+    return 1;
+  }
+
+  return 0;
+}

Fuzzing/santactl/santactl_fuzzer_seed_corpus/example01

@@ -0,0 +1,16 @@
+{
+  "rules": [
+    {
+      "rule_type": "BINARY",
+      "policy": "BLACKLIST",
+      "sha256": "2dc104631939b4bdf5d6bccab76e166e37fe5e1605340cf68dab919df58b8eda",
+      "custom_msg": "blacklist firefox"
+    },
+    {
+      "rule_type": "CERTIFICATE",
+      "policy": "BLACKLIST",
+      "sha256": "e7726cf87cba9e25139465df5bd1557c8a8feed5c7dd338342d8da0959b63c8d",
+      "custom_msg": "blacklist dash app certificate"
+    }
+  ]
+}

Fuzzing/santactl/src/main.mm

@@ -0,0 +1,62 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <cstdint>
+#include <iostream>
+#include <vector>
+
+#include <SNTRule.h>
+#include <SNTSyncConstants.h>
+#include <SNTSyncRuleDownload.h>
+#include <SNTSyncState.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, std::size_t size) {
+  NSData *buffer = [NSData dataWithBytes:static_cast<const void *>(data) length:size];
+  if (!buffer) {
+    return 0;
+  }
+
+  NSError *error;
+  NSDictionary *response = [NSJSONSerialization JSONObjectWithData:buffer options:0 error:&error];
+  if (!response) {
+    return 0;
+  }
+
+  if (![response isKindOfClass:[NSDictionary class]]) {
+    return 0;
+  }
+
+  if (![response objectForKey:kRules]) {
+    return 0;
+  }
+
+  SNTSyncState *state = [[SNTSyncState alloc] init];
+  if (!state) {
+    return 0;
+  }
+
+  SNTSyncRuleDownload *obj = [[SNTSyncRuleDownload alloc] initWithState:state];
+  if (!obj) {
+    return 0;
+  }
+
+  for (NSDictionary *ruleDict in response[kRules]) {
+    SNTRule *rule = [obj ruleFromDictionary:ruleDict];
+    if (rule) {
+      std::cerr << "Rule: " << [[rule description] UTF8String] << "\n";
+    }
+  }
+
+  return 0;
+}

Fuzzing/santad/santad_databaseRemoveEventsWithIDs_fuzzer_seed_corpus/example01

@@ -0,0 +1 @@
+К'.p▒└G╗М┐║ЙSЮ╝и▌РУерЭxt1iАЫШ9ы*H╩4R"═©$-├Уww╙+Р╝╘[┼иу╧oС┬ОwRpЗя≤х°е

Fuzzing/santad/src/checkCacheForVnodeID.mm

@@ -0,0 +1,59 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <cstdint>
+#include <iostream>
+
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
+#import "SNTCommandController.h"
+#import "SNTRule.h"
+#import "SNTXPCControlInterface.h"
+#import "Source/common/SNTCommonEnums.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, std::size_t size) {
+  if (size > 16) {
+    std::cerr << "Invalid buffer size of " << size << " (should be <= 16)" << std::endl;
+
+    return 1;
+  }
+
+  SantaVnode vnodeID = {};
+  std::memcpy(&vnodeID, data, size);
+
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+  daemonConn.invalidationHandler = ^{
+    printf("An error occurred communicating with the daemon, is it running?\n");
+    exit(1);
+  };
+
+  [daemonConn resume];
+
+  [[daemonConn remoteObjectProxy]
+    checkCacheForVnodeID:vnodeID
+               withReply:^(SNTAction action) {
+                 if (action == SNTActionRespondAllow) {
+                   std::cerr << "File exists in [whitelist] kernel cache" << std::endl;
+                   ;
+                 } else if (action == SNTActionRespondDeny) {
+                   std::cerr << "File exists in [blacklist] kernel cache" << std::endl;
+                   ;
+                 } else if (action == SNTActionUnset) {
+                   std::cerr << "File does not exist in cache" << std::endl;
+                   ;
+                 }
+               }];
+
+  return 0;
+}

Fuzzing/santad/src/databaseRemoveEventsWithIDs.mm

@@ -0,0 +1,51 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <cstdint>
+#include <iostream>
+
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
+#import "SNTCommandController.h"
+#import "SNTRule.h"
+#import "SNTXPCControlInterface.h"
+
+#pragma pack(push, 1)
+
+#pragma pack(pop)
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, std::size_t size) {
+  auto *eventId = reinterpret_cast<const std::uint64_t *>(data);
+  std::size_t eventIdCount = size / sizeof(std::uint64_t);
+  if (eventIdCount == 0) {
+    return 0;
+  }
+
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+  daemonConn.invalidationHandler = ^{
+    printf("An error occurred communicating with the daemon, is it running?\n");
+    exit(1);
+  };
+
+  [daemonConn resume];
+
+  NSMutableSet *eventIds = [NSMutableSet setWithCapacity:eventIdCount];
+  for (std::size_t i = 0; i < eventIdCount; i++) {
+    auto id = [NSNumber numberWithInteger:eventId[i]];
+    [eventIds addObject:id];
+  }
+
+  [[daemonConn remoteObjectProxy] databaseRemoveEventsWithIDs:[eventIds allObjects]];
+  return 0;
+}

Fuzzing/santad/src/databaseRuleAddRules.mm

@@ -0,0 +1,74 @@
+/// Copyright 2018 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#include <cstdint>
+#include <iostream>
+
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
+#import "SNTCommandController.h"
+#import "SNTCommonEnums.h"
+#import "SNTRule.h"
+#import "SNTXPCControlInterface.h"
+
+#pragma pack(push, 1)
+
+struct InputData {
+  std::uint32_t cleanSlate;
+  std::uint32_t state;
+  std::uint32_t type;
+  char hash[33];
+};
+
+#pragma pack(pop)
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, std::size_t size) {
+  if (size > sizeof(InputData)) {
+    std::cerr << "Invalid buffer size of " << size << " (should be <= " << sizeof(InputData) << ")"
+              << std::endl;
+
+    return 1;
+  }
+
+  InputData input_data = {};
+  std::memcpy(&input_data, data, size);
+
+  SNTRule *newRule = [[SNTRule alloc] init];
+  newRule.state = (SNTRuleState)input_data.state;
+  newRule.type = (SNTRuleType)input_data.type;
+  newRule.identifier = @(input_data.hash);
+  newRule.customMsg = @"";
+
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+  daemonConn.invalidationHandler = ^{
+    printf("An error occurred communicating with the daemon, is it running?\n");
+    exit(1);
+  };
+
+  [daemonConn resume];
+  [[daemonConn remoteObjectProxy]
+    databaseRuleAddRules:@[ newRule ]
+             ruleCleanup:SNTRuleCleanupNone
+                   reply:^(NSError *error) {
+                     if (!error) {
+                       if (newRule.state == SNTRuleStateRemove) {
+                         printf("Removed rule for SHA-256: %s.\n", [newRule.identifier UTF8String]);
+                       } else {
+                         printf("Added rule for SHA-256: %s.\n", [newRule.identifier UTF8String]);
+                       }
+                     }
+                   }];
+
+  return 0;
+}

LICENSE

@@ -200,3 +200,4 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
+

Podfile

@@ -1,24 +0,0 @@
-platform :osx, "10.9"
-
-inhibit_all_warnings!
-
-target :santad do
-  pod 'FMDB'
-
-  post_install do |rep|
-    rep.project.targets.each do |target|
-      target.build_configurations.each do |config|
-        if config.name != 'Release' then
-          break
-        end
-        config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= ''
-        config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] <<= "NDEBUG=1"
-      end
-    end
-  end
-end
-
-target :LogicTests do
-  pod 'OCMock'
-  pod 'FMDB'
-end

Podfile.lock

@@ -1,17 +0,0 @@
-PODS:
-  - FMDB (2.5):
-    - FMDB/standard (= 2.5)
-  - FMDB/common (2.5)
-  - FMDB/standard (2.5):
-    - FMDB/common
-  - OCMock (3.1.2)
-
-DEPENDENCIES:
-  - FMDB
-  - OCMock
-
-SPEC CHECKSUMS:
-  FMDB: 96e8f1bcc1329e269330f99770ad4285d9003e52
-  OCMock: a10ea9f0a6e921651f96f78b6faee95ebc813b92
-
-COCOAPODS: 0.36.3

README.md

@@ -1,140 +1,148 @@
-Santa  [![Build Status](https://travis-ci.org/google/santa.png?branch=master)](https://travis-ci.org/google/santa)
-=====
+# Santa
 
-Santa is a binary whitelisting/blacklisting system for Mac OS X. It consists of
-a kernel extension that monitors for executions, a userland daemon that makes
-execution decisions based on the contents of a SQLite database, a GUI agent that
-notifies the user in case of a block decision and a command-line utility for
-managing the system and synchronizing the database with a server.
+[![license](https://img.shields.io/github/license/google/santa)](https://github.com/google/santa/blob/main/LICENSE)
+[![CI](https://github.com/google/santa/actions/workflows/ci.yml/badge.svg)](https://github.com/google/santa/actions/workflows/ci.yml)
+[![latest release](https://img.shields.io/github/v/release/google/santa.svg)](https://github.com/google/santa/releases/latest)
+[![latest release date](https://img.shields.io/github/release-date/google/santa.svg)](https://github.com/google/santa/releases/latest)
+[![downloads](https://img.shields.io/github/downloads/google/santa/latest/total)](https://github.com/google/santa/releases/latest)
 
-Santa is not yet a 1.0. We're writing more tests, fixing bugs, working on TODOs
-and finishing up a security audit.
+<p align="center">
+    <img src="./docs/images/santa-sleigh-256.png" height="128" alt="Santa Icon" />
+</p>
 
-Santa is named because it keeps track of binaries that are naughty and nice.
+Santa is a binary and file access authorization system for macOS. It consists of a system
+extension that monitors for executions, a daemon that makes execution decisions
+based on the contents of a local database, a GUI agent that notifies the user in
+case of a block decision and a command-line utility for managing the system and
+synchronizing the database with a server.
 
-Santa is a project of Google's Macintosh Operations Team.
+It is named Santa because it keeps track of binaries that are naughty or nice.
 
-Features
-========
+# Docs
 
-* Multiple modes: MONITOR and LOCKDOWN. In MONITOR mode all binaries except
-those marked as blacklisted will be allowed to run, whilst being logged and
-recorded in the database. In LOCKDOWN mode, only whitelisted binaries are
-allowed to run.
+The Santa docs are stored in the
+[Docs](https://github.com/google/santa/blob/main/docs) directory and published
+at https://santa.dev.
 
-* Codesign listing: Binaries can be whitelisted/blacklisted by their signing
-certificate, so you can trust/block all binaries by a given publisher. The
-binary will only be whitelisted by certificate if its signature validates
-correctly. However, a decision for a binary will override a decision for a
-certificate; i.e. you can whitelist a certificate while blacklisting a binary
-signed by that certificate or vice-versa.
+The docs include deployment options, details on how parts of Santa work and
+instructions for developing Santa itself.
 
-* In-kernel caching: whitelisted binaries are cached in the kernel so the
-processing required to make a request is only done if the binary
-isn't already cached.
+# Get Help
+
+If you have questions or otherwise need help getting started,
+the [santa-dev](https://groups.google.com/forum/#!forum/santa-dev) group is a
+great place.
+
+If you believe you have a bug, feel free to report [an
+issue](https://github.com/google/santa/issues) and we'll respond as soon as we
+can.
+
+If you believe you've found a vulnerability, please read the
+[security policy](https://github.com/google/santa/security/policy) for
+disclosure reporting.
+
+# Features
+
+* Multiple modes: In the default MONITOR mode, all binaries except those marked
+  as blocked will be allowed to run, whilst being logged and recorded in
+  the events database. In LOCKDOWN mode, only listed binaries are allowed to
+  run.
+
+* Event logging: When the system extension is loaded, all binary launches are logged. When in either mode, all unknown or denied binaries are stored in the database to enable later aggregation.
+
+* Certificate-based rules, with override levels: Instead of relying on a
+  binary's hash (or 'fingerprint'), executables can be allowed/blocked by their
+  signing certificate. You can therefore allow/block all binaries by a
+  given publisher that were signed with that cert across version updates. A
+  binary can only be allowed by its certificate if its signature validates
+  correctly but a rule for a binary's fingerprint will override a decision for
+  a certificate; i.e. you can allowlist a certificate while blocking a binary
+  signed with that certificate, or vice-versa.
+
+* Path-based rules (via NSRegularExpression/ICU): This allows a similar feature
+  to that found in Managed Client (the precursor to configuration profiles,
+  which used the same implementation mechanism), Application Launch
+  Restrictions via the mcxalr binary. This implementation carries the added
+  benefit of being configurable via regex, and not relying on LaunchServices.
+  As detailed in the wiki, when evaluating rules this holds the lowest
+  precedence.
+
+* Failsafe cert rules: You cannot put in a deny rule that would block the
+  certificate used to sign launchd, a.k.a. pid 1, and therefore all components
+  used in macOS. The binaries in every OS update (and in some cases entire new
+  versions) are therefore automatically allowed. This does not affect binaries
+  from Apple's App Store, which use various certs that change regularly for
+  common apps. Likewise, you cannot block Santa itself, and Santa uses a
+  distinct separate cert than other Google apps.
 
 * Userland components validate each other: each of the userland components (the
-daemon, the GUI agent and the command-line utility) communicate with each other
-using XPC and check that their signing certificates are identical before any
-communication is accepted.
+  daemon, the GUI agent and the command-line utility) communicate with each
+  other using XPC and check that their signing certificates are identical
+  before any communication is accepted.
 
-* Event logging: all executions processed by the userland agent are logged and
-all unknown or denied binaries are also stored in the database for upload to a
-server.
+* Caching: allowed binaries are cached so the processing required to make a
+  request is only done if the binary isn't already cached.
 
-* Kext uses only KPIs: the kernel extension only uses provided kernel
-programming interfaces to do its job. This means that the kext code should
-continue to work across OS versions.
+# Intentions and Expectations
 
-Intentions and Expectations
-===========================
-No single system or process will stop *all* attacks, or provide 100% security. Santa is written with the intention of helping protect users from themselves. People often download malware and trust it, giving the malware credentials, or allowing unknown software to exfiltrate more data about your system. As a centrally managed component, Santa can help stop the spread of malware among a larger fleet of machines. Additionally, Santa can aid in analyzing what is running in your fleet.
+No single system or process will stop *all* attacks, or provide 100% security.
+Santa is written with the intention of helping protect users from themselves.
+People often download malware and trust it, giving the malware credentials, or
+allowing unknown software to exfiltrate more data about your system. As a
+centrally managed component, Santa can help stop the spread of malware among a
+large fleet of machines. Independently, Santa can aid in analyzing what is
+running on your computer.
 
-Santa is part of a defense-in-depth strategy, and you should continue to protect hosts in whatever other ways you see fit.
+Santa is part of a defense-in-depth strategy, and you should continue to
+protect hosts in whatever other ways you see fit.
 
-Known Issues
-============
-Santa is not yet a 1.0 and we have some known issues to be aware of:
+# Security and Performance-Related Features
+
+# Known Issues
 
 * Santa only blocks execution (execve and variants), it doesn't protect against
-dynamic libraries loaded with dlopen, libraries on disk that have been replaced or
-libraries loaded using DYLD_INSERT_LIBRARIES. We are working on also protecting
-against these avenues of attack.
-
-* Kext communication security: the kext will only accept a connection from a
-single client at a time and said client must be running as root. We haven't yet
-found a good way to ensure the kext only accepts connections from a valid client.
-
-* Database protection: the SQLite database is installed with permissions so that
-only the root user can read/write it. We're considering approaches to secure
-this further.
-
-* Sync client: the command-line client includes a command to synchronize with a
-management server, including the uploading of events that have occurred on the
-machine and to download new rules. We're still very heavily working on this
-server (which is AppEngine-based and will be open-sourced in the future), so the
-sync client code is unfinished. It does show the 'API' that we're expecting to
-use so if you'd like to write your own management server, feel free to look at
-how the client currently works (and suggest changes!)
+  dynamic libraries loaded with dlopen, libraries on disk that have been
+  replaced, or libraries loaded using `DYLD_INSERT_LIBRARIES`.
 
 * Scripts: Santa is currently written to ignore any execution that isn't a
-binary. This is because after weighing the administration cost vs the benefit,
-we found it wasn't worthwhile. Additionally, a number of applications make use
-of temporary generated scripts, which we can't possibly whitelist and not doing
-so would cause problems. We're happy to revisit this (or at least make it an
-option) if it would be useful to others.
+  binary. This is because after weighing the administration cost vs the
+  benefit, we found it wasn't worthwhile. Additionally, a number of
+  applications make use of temporary generated scripts, which we can't possibly
+  allowlist and not doing so would cause problems. We're happy to revisit this
+  (or at least make it an option) if it would be useful to others.
 
-* Documentation: There currently isn't any.
+# Sync Servers
 
-* Tests: There aren't enough of them.
+* The `santactl` command-line client includes a flag to synchronize with a
+  management server, which uploads events that have occurred on the machine and
+  downloads new rules. There are several open-source servers you can sync with:
 
-Building
-========
-```sh
-git clone https://github.com/google/santa
-cd santa
+    * [Moroz](https://github.com/groob/moroz) - A simple golang server that
+      serves hardcoded rules from simple configuration files.
+    * [Rudolph](https://github.com/airbnb/rudolph) - An AWS-based serverless sync service
+      primarily built on API GW, DynamoDB, and Lambda components to reduce operational burden.
+      Rudolph is designed to be fast, easy-to-use, and cost-efficient.
+    * [Zentral](https://github.com/zentralopensource/zentral/wiki) - A
+      centralized service that pulls data from multiple sources and deploy
+      configurations to multiple services.
+    * [Zercurity](https://github.com/zercurity/zercurity) - A dockerized service
+      for managing and monitoring applications across a large fleet utilizing
+      Santa + Osquery.
 
-# Build a debug build. This will install any necessary CocoaPods, create the
-# workspace and build, outputting the full log only if an error occurred.
-# If CocoaPods is not installed, you'll be prompted to install it.
-#
-# For other build/install/run options, run rake without any arguments
-rake build:debug
-```
+* Alternatively, `santactl` can configure rules locally (without a sync
+  server).
 
-Note: the Xcode project is setup to use any installed "Mac Developer" certificate
-and for security-reasons parts of Santa will not operate properly if not signed.
+# Screenshots
 
-Kext Signing
-============
-10.9 requires a special Developer ID certificate to sign kernel extensions and
-if the kext is not signed with one of these special certificates a warning will
-be shown when loading the kext for the first time. In 10.10 this is a hard error
-and the kext will not load at all unless the machine is booted with a debug
-boot-arg.
-
-There are two possible solutions for this, for distribution purposes:
-
-1) Use a [pre-built, pre-signed version](https://github.com/google/santa/releases)
-of the kext that we supply. Each time changes are made to the kext code we will
-update the pre-built version that you can make use of. This doesn't prevent you
-from making changes to the non-kext parts of Santa and distributing those.
-If you make changes to the kext and make a pull request, we can merge them in
-and distribute a new version of the pre-signed kext.
-
-2) Apply for your own [kext signing certificate](https://developer.apple.com/contact/kext/).
-Apple will only grant this for broad distribution within an organization, they
-won't issue them just for testing purposes.
-
-If you just want to locally test changes to the kext code, you should enable
-kext-dev mode, instructions for which can be found on the Apple developer site.
+A tool like Santa doesn't really lend itself to screenshots, so here's a video
+instead.
 
 
-Contributing
-============
-Patches to this project are very much welcome. Please see the [CONTRIBUTING](https://github.com/google/santa/blob/master/CONTRIBUTING.md)
-file.
+<p align="center"> <img src="./docs/images/santa-block.gif" alt="Santa Block Video" /> </p>
 
-Disclaimer
-==========
+# Contributing
+Patches to this project are very much welcome. Please see the
+[CONTRIBUTING](https://santa.dev/development/contributing) doc.
+
+# Disclaimer
 This is **not** an official Google product.

Rakefile

@@ -1,193 +0,0 @@
-require 'timeout'
-
-WORKSPACE           = 'Santa.xcworkspace'
-DEFAULT_SCHEME      = 'All'
-OUTPUT_PATH         = 'Build'
-DIST_PATH           = 'Dist'
-BINARIES            = ['Santa.app', 'santa-driver.kext']
-XCPRETTY_DEFAULTS   = '-sc'
-XCODEBUILD_DEFAULTS = "-workspace #{WORKSPACE} -derivedDataPath #{OUTPUT_PATH} -parallelizeTargets"
-
-task :default do
-  system("rake -sT")
-end
-
-def xcodebuild(opts)
-  if system "xcodebuild #{XCODEBUILD_DEFAULTS} #{opts} | " \
-      "xcpretty #{XCPRETTY_DEFAULTS} && " \
-      "exit ${PIPESTATUS[0]}"
-    puts "\e[32mPass\e[0m"
-  else
-    raise "\e[31mFail\e[0m"
-  end
-end
-
-task :init do
-  unless File.exists?(WORKSPACE) and File.exists?('Pods')
-    puts "Pods missing, running 'pod install'"
-    system "pod install" or raise "CocoaPods is not installed. Install with 'sudo gem install cocoapods'"
-  end
-  unless system 'xcpretty -v >/dev/null 2>&1'
-    puts "xcpretty is not installed. Install with 'sudo gem install xcpretty'"
-  end
-end
-
-task :remove_existing do
-  system 'sudo rm -rf /Library/Extensions/santa-driver.kext'
-  system 'sudo rm -rf /Applications/Santa.app'
-end
-
-desc "Clean"
-task :clean => :init do
-  puts "Cleaning"
-  xcodebuild("-scheme All clean")
-  FileUtils.rm_rf(OUTPUT_PATH)
-  FileUtils.rm_rf(DIST_PATH)
-end
-
-# Build
-namespace :build do
-  desc "Build: Debug"
-  task :debug do
-    Rake::Task['build:build'].invoke("Debug")
-  end
-
-  desc "Build: Release"
-  task :release do
-    Rake::Task['build:build'].invoke("Release")
-  end
-
-  task :build, [:configuration] => :init do |t, args|
-    config = args[:configuration]
-    puts "Building with configuration: #{config}"
-    xcodebuild("-scheme All -configuration #{config} build")
-  end
-end
-
-
-# Install
-namespace :install do
-  desc "Install: Debug"
-  task :debug do
-    Rake::Task['install:install'].invoke("Debug")
-  end
-
-  desc "Install: Release"
-  task :release do
-    Rake::Task['install:install'].invoke("Release")
-  end
-
-  task :install, [:configuration] do |t, args|
-    config = args[:configuration]
-    system 'sudo cp conf/com.google.santad.plist /Library/LaunchDaemons'
-    system 'sudo cp conf/com.google.santasync.plist /Library/LaunchDaemons'
-    system 'sudo cp conf/com.google.santagui.plist /Library/LaunchAgents'
-    system 'sudo cp conf/com.google.santa.asl.conf /etc/asl'
-    Rake::Task['build:build'].invoke(config)
-    puts "Installing with configuration: #{config}"
-    Rake::Task['remove_existing'].invoke()
-    system "sudo cp -r #{OUTPUT_PATH}/Products/#{config}/santa-driver.kext /Library/Extensions"
-    system "sudo cp -r #{OUTPUT_PATH}/Products/#{config}/Santa.app /Applications"
-  end
-end
-
-# Dist
-task :dist do
-  desc "Create distribution folder"
-
-  Rake::Task['build:build'].invoke("Release")
-
-  FileUtils.rm_rf(DIST_PATH)
-
-  FileUtils.mkdir_p("#{DIST_PATH}/binaries")
-  FileUtils.mkdir_p("#{DIST_PATH}/conf")
-  FileUtils.mkdir_p("#{DIST_PATH}/dsym")
-
-  BINARIES.each do |x|
-    FileUtils.cp_r("#{OUTPUT_PATH}/Products/Release/#{x}", "#{DIST_PATH}/binaries")
-    FileUtils.cp_r("#{OUTPUT_PATH}/Products/Release/#{x}.dSYM", "#{DIST_PATH}/dsym")
-  end
-
-  Dir.glob("Conf/*") {|x| File.directory?(x) or FileUtils.cp(x, "#{DIST_PATH}/conf")}
-
-  puts "Distribution folder created"
-end
-
-# Tests
-namespace :tests do
-  desc "Tests: Logic"
-  task :logic => [:init] do
-    puts "Running logic tests"
-    xcodebuild("-scheme LogicTests test")
-  end
-
-  desc "Tests: Kernel"
-  task :kernel do
-    Rake::Task['unload'].invoke()
-    Rake::Task['install:debug'].invoke()
-    Rake::Task['load_kext'].invoke
-    timeout = 30
-    puts "Running kernel tests with a #{timeout} second timeout"
-    begin
-      Timeout::timeout(timeout) {
-        system "sudo #{OUTPUT_PATH}/Products/Debug/KernelTests"
-      }
-    rescue Timeout::Error
-      puts "ERROR: tests ran for longer than #{timeout} seconds and were killed."
-    end
-    Rake::Task['unload_kext'].execute
-  end
-end
-
-# Load/Unload
-task :unload_daemon do
-  puts "Unloading daemon"
-  system "sudo launchctl unload /Library/LaunchDaemons/com.google.santad.plist 2>/dev/null"
-end
-
-task :unload_kext do
-  puts "Unloading kernel extension"
-  system "sudo kextunload -b com.google.santa-driver 2>/dev/null"
-end
-
-task :unload_gui do
-  puts "Unloading GUI agent"
-  system "sudo killall Santa 2>/dev/null"
-end
-
-desc "Unload"
-task :unload => [:unload_daemon, :unload_kext, :unload_gui]
-
-task :load_daemon do
-  puts "Loading daemon"
-  system "sudo launchctl load /Library/LaunchDaemons/com.google.santad.plist"
-end
-
-task :load_kext do
-  puts "Loading kernel extension"
-  system "sudo kextload /Library/Extensions/santa-driver.kext"
-end
-
-task :load_gui do
-  puts "Loading GUI agent"
-  system "open /Applications/Santa.app"
-end
-
-desc "Load"
-task :load => [:load_kext, :load_daemon, :load_gui]
-
-namespace :reload do
-  desc "Reload: Debug"
-  task :debug do
-    Rake::Task['unload'].invoke()
-    Rake::Task['install:debug'].invoke()
-    Rake::Task['load'].invoke()
-  end
-
-  desc "Reload: Release"
-  task :release do
-    Rake::Task['unload'].invoke()
-    Rake::Task['install:release'].invoke()
-    Rake::Task['load'].invoke()
-  end
-end

SECURITY.md

@@ -0,0 +1,14 @@
+# Reporting a Vulnerability
+
+If you believe you have found a security vulnerability, we would appreciate a private report
+so that we can work on and release a fix before public disclosure. Any vulnerabilities reported to us will be
+disclosed publicly either when a new version with fixes is released or 90 days has passed,
+whichever comes first.
+
+To report vulnerabilities to us privately, either:
+
+1) Report the vulnerability [through GitHub](https://github.com/google/santa/security/advisories/new).
+
+2) E-mail `santa-team@google.com`. If you want to encrypt your e-mail, you can use our GPG key `0x92AFE41DAB49BBB6` available on keyserver.ubuntu.com:
+
+    `gpg --keyserver keyserver.ubuntu.com --recv-key 0x92AFE41DAB49BBB6`

Santa.xcodeproj/xcshareddata/xcschemes/All.xcscheme

@@ -1,78 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0620"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D91BCDC174E8AE600131A7D"
-               BuildableName = "All"
-               BlueprintName = "All"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-         <TestableReference
-            skipped = "NO">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D260DAB18B68E12002A0B55"
-               BuildableName = "LogicTests.xctest"
-               BlueprintName = "LogicTests"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </TestableReference>
-      </Testables>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D91BCDC174E8AE600131A7D"
-            BuildableName = "All"
-            BlueprintName = "All"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/KernelTests.xcscheme

@@ -1,88 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0620"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D0016A1192BCD3C005E7FCD"
-               BuildableName = "KernelTests"
-               BlueprintName = "KernelTests"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D0016A1192BCD3C005E7FCD"
-            BuildableName = "KernelTests"
-            BlueprintName = "KernelTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D0016A1192BCD3C005E7FCD"
-            BuildableName = "KernelTests"
-            BlueprintName = "KernelTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D0016A1192BCD3C005E7FCD"
-            BuildableName = "KernelTests"
-            BlueprintName = "KernelTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/LogicTests.xcscheme

@@ -1,96 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0620"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "NO"
-            buildForArchiving = "NO"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D260DAB18B68E12002A0B55"
-               BuildableName = "LogicTests.xctest"
-               BlueprintName = "LogicTests"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-         <TestableReference
-            skipped = "NO">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D260DAB18B68E12002A0B55"
-               BuildableName = "LogicTests.xctest"
-               BlueprintName = "LogicTests"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </TestableReference>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D260DAB18B68E12002A0B55"
-            BuildableName = "LogicTests.xctest"
-            BlueprintName = "LogicTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D260DAB18B68E12002A0B55"
-            BuildableName = "LogicTests.xctest"
-            BlueprintName = "LogicTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D260DAB18B68E12002A0B55"
-            BuildableName = "LogicTests.xctest"
-            BlueprintName = "LogicTests"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/Santa.xcscheme

@@ -1,88 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0620"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D385DB5180DE4A900418BC6"
-               BuildableName = "Santa.app"
-               BlueprintName = "Santa"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D385DB5180DE4A900418BC6"
-            BuildableName = "Santa.app"
-            BlueprintName = "Santa"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D385DB5180DE4A900418BC6"
-            BuildableName = "Santa.app"
-            BlueprintName = "Santa"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D385DB5180DE4A900418BC6"
-            BuildableName = "Santa.app"
-            BlueprintName = "Santa"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/santa-driver.xcscheme

@@ -1,68 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0620"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D91BCB3174E8A7E00131A7D"
-               BuildableName = "santa-driver.kext"
-               BlueprintName = "santa-driver"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D91BCB3174E8A7E00131A7D"
-            BuildableName = "santa-driver.kext"
-            BlueprintName = "santa-driver"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/santactl.xcscheme

@@ -1,88 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0620"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D35BD9D18FD71CE00921A21"
-               BuildableName = "santactl"
-               BlueprintName = "santactl"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D35BD9D18FD71CE00921A21"
-            BuildableName = "santactl"
-            BlueprintName = "santactl"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D35BD9D18FD71CE00921A21"
-            BuildableName = "santactl"
-            BlueprintName = "santactl"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D35BD9D18FD71CE00921A21"
-            BuildableName = "santactl"
-            BlueprintName = "santactl"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcodeproj/xcshareddata/xcschemes/santad.xcscheme

@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0620"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "0D9A7F3C1759330400035EB5"
-               BuildableName = "santad"
-               BlueprintName = "santad"
-               ReferencedContainer = "container:Santa.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D9A7F3C1759330400035EB5"
-            BuildableName = "santad"
-            BlueprintName = "santad"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      debugAsWhichUser = "root"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D9A7F3C1759330400035EB5"
-            BuildableName = "santad"
-            BlueprintName = "santad"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "0D9A7F3C1759330400035EB5"
-            BuildableName = "santad"
-            BlueprintName = "santad"
-            ReferencedContainer = "container:Santa.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

Santa.xcworkspace/contents.xcworkspacedata

@@ -1 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?><Workspace version='1.0'><FileRef location='group:Santa.xcodeproj'/><FileRef location='group:Pods/Pods.xcodeproj'/></Workspace>

Source/SantaGUI/Resources/AboutWindow.xib

@@ -1,93 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="6254" systemVersion="14D136" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES">
-    <dependencies>
-        <deployment identifier="macosx"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="6254"/>
-    </dependencies>
-    <objects>
-        <customObject id="-2" userLabel="File's Owner" customClass="SNTAboutWindowController">
-            <connections>
-                <outlet property="moreInfoButton" destination="SRu-Kf-vu5" id="Vj2-9Q-05d"/>
-                <outlet property="window" destination="F0z-JX-Cv5" id="gIp-Ho-8D9"/>
-            </connections>
-        </customObject>
-        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
-        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
-        <window title="Santa" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" releasedWhenClosed="NO" visibleAtLaunch="NO" animationBehavior="default" id="F0z-JX-Cv5">
-            <windowStyleMask key="styleMask" titled="YES" closable="YES"/>
-            <rect key="contentRect" x="196" y="240" width="480" height="200"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="2560" height="1577"/>
-            <view key="contentView" id="se5-gp-TjO">
-                <rect key="frame" x="0.0" y="0.0" width="480" height="200"/>
-                <autoresizingMask key="autoresizingMask"/>
-                <subviews>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="BnL-ZS-kXw">
-                        <rect key="frame" x="199" y="140" width="83" height="40"/>
-                        <constraints>
-                            <constraint firstAttribute="height" constant="40" id="UK2-2L-lPx"/>
-                            <constraint firstAttribute="width" constant="79" id="lDf-D7-qlY"/>
-                        </constraints>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Santa" id="VVj-gU-bzy">
-                            <font key="font" size="34" name="HelveticaNeue-UltraLight"/>
-                            <color key="textColor" red="0.1869618941" green="0.1869618941" blue="0.1869618941" alpha="1" colorSpace="calibratedRGB"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" fixedFrame="YES" setsMaxLayoutWidthAtFirstLayout="YES" translatesAutoresizingMaskIntoConstraints="NO" id="uh6-q0-RzL">
-                        <rect key="frame" x="18" y="65" width="444" height="60"/>
-                        <textFieldCell key="cell" sendsActionOnEndEditing="YES" alignment="center" id="CcT-ul-1eA">
-                            <font key="font" metaFont="system"/>
-                            <string key="title">Santa is an application whitelisting system for Mac OS X.
-
-There are no user-configurable settings.</string>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="SRu-Kf-vu5">
-                        <rect key="frame" x="130" y="21" width="111" height="32"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="99" id="JHv-2J-QSe"/>
-                        </constraints>
-                        <buttonCell key="cell" type="push" title="More Info..." bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="6fe-ju-aET">
-                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                            <font key="font" metaFont="system"/>
-                        </buttonCell>
-                        <connections>
-                            <action selector="openMoreInfoURL:" target="-2" id="dps-TN-rkS"/>
-                        </connections>
-                    </button>
-                    <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="Udo-BY-n7e">
-                        <rect key="frame" x="240" y="21" width="111" height="32"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="99" id="2Xc-ax-2bV"/>
-                        </constraints>
-                        <buttonCell key="cell" type="push" title="Dismiss" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="uSw-o1-lWW">
-                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                            <font key="font" metaFont="system"/>
-                            <string key="keyEquivalent" base64-UTF8="YES">
-DQ
-</string>
-                        </buttonCell>
-                        <connections>
-                            <action selector="orderOut:" target="-1" id="6oW-zI-zn5"/>
-                        </connections>
-                    </button>
-                </subviews>
-                <constraints>
-                    <constraint firstItem="Udo-BY-n7e" firstAttribute="leading" secondItem="se5-gp-TjO" secondAttribute="leading" priority="900" constant="191" id="1T4-DB-Dz8"/>
-                    <constraint firstItem="SRu-Kf-vu5" firstAttribute="leading" secondItem="se5-gp-TjO" secondAttribute="leading" constant="136" id="Ake-nU-qhW"/>
-                    <constraint firstItem="BnL-ZS-kXw" firstAttribute="top" secondItem="se5-gp-TjO" secondAttribute="top" constant="20" symbolic="YES" id="Fj1-SG-mzF"/>
-                    <constraint firstAttribute="bottom" secondItem="Udo-BY-n7e" secondAttribute="bottom" constant="28" id="bpF-hC-haN"/>
-                    <constraint firstAttribute="bottom" secondItem="SRu-Kf-vu5" secondAttribute="bottom" constant="28" id="fCB-02-SEt"/>
-                    <constraint firstItem="BnL-ZS-kXw" firstAttribute="centerX" secondItem="se5-gp-TjO" secondAttribute="centerX" id="kez-S0-6Gg"/>
-                    <constraint firstItem="Udo-BY-n7e" firstAttribute="leading" secondItem="SRu-Kf-vu5" secondAttribute="trailing" constant="11" id="sYO-yY-w9w"/>
-                </constraints>
-            </view>
-            <connections>
-                <outlet property="delegate" destination="-2" id="0bl-1N-AYu"/>
-            </connections>
-            <point key="canvasLocation" x="323" y="317"/>
-        </window>
-    </objects>
-</document>

Source/SantaGUI/Resources/MessageWindow.xib

@@ -1,289 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="6254" systemVersion="14D136" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES">
-    <dependencies>
-        <deployment identifier="macosx"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="6254"/>
-    </dependencies>
-    <objects>
-        <customObject id="-2" userLabel="File's Owner" customClass="SNTMessageWindowController">
-            <connections>
-                <outlet property="openEventButton" destination="7ua-5a-uSd" id="9s4-ZA-Vlo"/>
-                <outlet property="window" destination="9Bq-yh-54f" id="Uhs-WF-TV9"/>
-            </connections>
-        </customObject>
-        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
-        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
-        <window allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" showsToolbarButton="NO" visibleAtLaunch="NO" animationBehavior="none" id="9Bq-yh-54f" customClass="SNTMessageWindow">
-            <windowStyleMask key="styleMask" utility="YES"/>
-            <rect key="contentRect" x="167" y="107" width="497" height="356"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="2560" height="1600"/>
-            <view key="contentView" id="Iwq-Lx-rLv">
-                <rect key="frame" x="0.0" y="0.0" width="497" height="356"/>
-                <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
-                <subviews>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="t8c-Fx-e5h">
-                        <rect key="frame" x="207" y="286" width="83" height="40"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Santa" id="7YA-iB-Zma">
-                            <font key="font" size="34" name="HelveticaNeue-UltraLight"/>
-                            <color key="textColor" red="0.18696189413265307" green="0.18696189413265307" blue="0.18696189413265307" alpha="1" colorSpace="calibratedRGB"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" setsMaxLayoutWidthAtFirstLayout="YES" translatesAutoresizingMaskIntoConstraints="NO" id="cD5-Su-lXR">
-                        <rect key="frame" x="22" y="239" width="454" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="450" id="XgJ-EV-tBa"/>
-                        </constraints>
-                        <textFieldCell key="cell" allowsUndo="NO" sendsActionOnEndEditing="YES" alignment="center" title="A message to the user goes here..." allowsEditingTextAttributes="YES" id="5tH-bG-UJA">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" red="0.40000000000000002" green="0.40000000000000002" blue="0.40000000000000002" alpha="1" colorSpace="calibratedRGB"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.attributedCustomMessage" id="376-sj-4Q1"/>
-                        </connections>
-                    </textField>
-                    <textField horizontalCompressionResistancePriority="250" verticalCompressionResistancePriority="1000" setsMaxLayoutWidthAtFirstLayout="YES" translatesAutoresizingMaskIntoConstraints="NO" id="pc8-G9-4pJ">
-                        <rect key="frame" x="165" y="192" width="294" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="290" id="xVR-j3-dLw"/>
-                        </constraints>
-                        <textFieldCell key="cell" selectable="YES" sendsActionOnEndEditing="YES" alignment="left" title="Binary Path" id="E7T-9h-ofr">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" white="0.0" alpha="0.5" colorSpace="deviceWhite"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.event.filePath" id="qfp-sR-Nmu"/>
-                        </connections>
-                    </textField>
-                    <textField horizontalCompressionResistancePriority="250" verticalCompressionResistancePriority="1000" setsMaxLayoutWidthAtFirstLayout="YES" translatesAutoresizingMaskIntoConstraints="NO" id="PXc-xv-A28">
-                        <rect key="frame" x="165" y="142" width="294" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="290" id="4hh-R2-86s"/>
-                        </constraints>
-                        <textFieldCell key="cell" lineBreakMode="charWrapping" selectable="YES" sendsActionOnEndEditing="YES" title="Part of SHA-256" id="X4W-9e-eIu">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" white="0.0" alpha="0.5" colorSpace="deviceWhite"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.shortenedHash" id="xgu-71-9ZT"/>
-                        </connections>
-                    </textField>
-                    <textField horizontalCompressionResistancePriority="250" verticalCompressionResistancePriority="1000" setsMaxLayoutWidthAtFirstLayout="YES" translatesAutoresizingMaskIntoConstraints="NO" id="C3G-wL-u7w">
-                        <rect key="frame" x="165" y="167" width="294" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="290" id="Dem-wH-KHm"/>
-                        </constraints>
-                        <textFieldCell key="cell" selectable="YES" allowsUndo="NO" sendsActionOnEndEditing="YES" title="Code signing information" placeholderString="" id="ztA-La-XgT">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" white="0.0" alpha="0.5" colorSpace="deviceWhite"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.publisherInfo" id="CEI-Cu-7pC">
-                                <dictionary key="options">
-                                    <string key="NSNullPlaceholder">Not code-signed</string>
-                                </dictionary>
-                            </binding>
-                        </connections>
-                    </textField>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="oFj-ol-xpL">
-                        <rect key="frame" x="8" y="92" width="120" height="17"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="User" id="1ut-uT-hQD">
-                            <font key="font" metaFont="systemBold"/>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="eQb-0a-76J">
-                        <rect key="frame" x="8" y="117" width="120" height="17"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="Parent" id="gze-4A-1w5">
-                            <font key="font" metaFont="systemBold"/>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="lvJ-Rk-UT5">
-                        <rect key="frame" x="8" y="167" width="120" height="17"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="Publisher" id="yL9-yD-JXX">
-                            <font key="font" metaFont="systemBold"/>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="d9e-Wv-Y5H">
-                        <rect key="frame" x="8" y="192" width="120" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="116" id="Kqd-nX-7df"/>
-                        </constraints>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="Path" id="KgY-X1-ESG">
-                            <font key="font" metaFont="systemBold"/>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="KEB-eH-x2Y">
-                        <rect key="frame" x="8" y="142" width="120" height="17"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="Identifier" id="eKN-Ic-5zy">
-                            <font key="font" metaFont="systemBold"/>
-                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                    </textField>
-                    <textField horizontalCompressionResistancePriority="250" verticalCompressionResistancePriority="1000" translatesAutoresizingMaskIntoConstraints="NO" id="h6f-PY-cc0">
-                        <rect key="frame" x="165" y="92" width="294" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="290" id="on6-pj-m2k"/>
-                        </constraints>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Executing User" id="HRT-Be-ePf">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" white="0.0" alpha="0.5" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.event.executingUser" id="IcM-Lt-xTT">
-                                <dictionary key="options">
-                                    <string key="NSNullPlaceholder">Unknown</string>
-                                </dictionary>
-                            </binding>
-                        </connections>
-                    </textField>
-                    <box horizontalHuggingPriority="750" title="Line" boxType="custom" borderType="line" titlePosition="noTitle" translatesAutoresizingMaskIntoConstraints="NO" id="4Li-ul-zIi">
-                        <rect key="frame" x="146" y="92" width="1" height="117"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="1" id="0o1-Jh-epf"/>
-                        </constraints>
-                        <color key="borderColor" white="0.0" alpha="0.17999999999999999" colorSpace="calibratedWhite"/>
-                        <color key="fillColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
-                        <font key="titleFont" metaFont="system"/>
-                    </box>
-                    <button toolTip="Show code signing certificate chain" translatesAutoresizingMaskIntoConstraints="NO" id="cJf-k6-OxS" userLabel="Publisher Certs">
-                        <rect key="frame" x="40" y="168" width="15" height="15"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="15" id="QTm-Iv-m5p"/>
-                            <constraint firstAttribute="height" constant="15" id="YwG-0s-jop"/>
-                        </constraints>
-                        <buttonCell key="cell" type="bevel" bezelStyle="regularSquare" image="NSInfo" imagePosition="overlaps" alignment="center" refusesFirstResponder="YES" imageScaling="proportionallyDown" inset="2" id="R72-Qy-Xbb">
-                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                            <font key="font" metaFont="system"/>
-                        </buttonCell>
-                        <connections>
-                            <action selector="showCertInfo:" target="-2" id="dB0-a3-X31"/>
-                            <binding destination="-2" name="hidden" keyPath="self.publisherInfo" id="fFR-f3-Oiw">
-                                <dictionary key="options">
-                                    <string key="NSValueTransformerName">NSIsNil</string>
-                                </dictionary>
-                            </binding>
-                        </connections>
-                    </button>
-                    <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="BbV-3h-mmL">
-                        <rect key="frame" x="256" y="33" width="110" height="25"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="110" id="6Uh-Bd-N64"/>
-                            <constraint firstAttribute="height" constant="22" id="GH6-nw-6rD"/>
-                        </constraints>
-                        <buttonCell key="cell" type="roundTextured" title="Dismiss" bezelStyle="texturedRounded" alignment="center" refusesFirstResponder="YES" state="on" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="XR6-Xa-gP4">
-                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                            <font key="font" metaFont="system"/>
-                            <string key="keyEquivalent" base64-UTF8="YES">
-DQ
-</string>
-                            <modifierMask key="keyEquivalentModifierMask" shift="YES"/>
-                        </buttonCell>
-                        <connections>
-                            <action selector="closeWindow:" target="-2" id="qQq-gh-8lw"/>
-                        </connections>
-                    </button>
-                    <button verticalHuggingPriority="750" horizontalCompressionResistancePriority="1000" translatesAutoresizingMaskIntoConstraints="NO" id="7ua-5a-uSd">
-                        <rect key="frame" x="132" y="33" width="112" height="25"/>
-                        <constraints>
-                            <constraint firstAttribute="width" priority="900" constant="112" id="Pec-Pa-4aZ"/>
-                        </constraints>
-                        <buttonCell key="cell" type="roundTextured" title="Open Event..." bezelStyle="texturedRounded" alignment="center" refusesFirstResponder="YES" state="on" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="X1b-TF-1TL">
-                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
-                            <font key="font" metaFont="system"/>
-                            <string key="keyEquivalent" base64-UTF8="YES">
-DQ
-</string>
-                            <modifierMask key="keyEquivalentModifierMask" command="YES"/>
-                        </buttonCell>
-                        <connections>
-                            <action selector="openEventDetails:" target="-2" id="VhL-ql-rCV"/>
-                        </connections>
-                    </button>
-                    <textField horizontalCompressionResistancePriority="250" verticalCompressionResistancePriority="1000" translatesAutoresizingMaskIntoConstraints="NO" id="f1p-GL-O3o">
-                        <rect key="frame" x="165" y="117" width="294" height="17"/>
-                        <constraints>
-                            <constraint firstAttribute="width" constant="290" id="h3Y-mO-38F"/>
-                        </constraints>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Parent Name" id="ieo-WK-aDD">
-                            <font key="font" metaFont="system"/>
-                            <color key="textColor" white="0.0" alpha="0.5" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                        </textFieldCell>
-                        <connections>
-                            <binding destination="-2" name="value" keyPath="self.event.parentName" id="arL-Mc-4xj">
-                                <dictionary key="options">
-                                    <string key="NSNullPlaceholder">Unknown</string>
-                                </dictionary>
-                            </binding>
-                        </connections>
-                    </textField>
-                </subviews>
-                <constraints>
-                    <constraint firstItem="f1p-GL-O3o" firstAttribute="centerY" secondItem="eQb-0a-76J" secondAttribute="centerY" id="2Aq-1E-Ybz"/>
-                    <constraint firstItem="BbV-3h-mmL" firstAttribute="leading" secondItem="Iwq-Lx-rLv" secondAttribute="leading" priority="500" constant="193" id="2uo-Cm-Tfp"/>
-                    <constraint firstItem="h6f-PY-cc0" firstAttribute="top" secondItem="f1p-GL-O3o" secondAttribute="bottom" constant="8" id="496-VQ-Fx5"/>
-                    <constraint firstItem="eQb-0a-76J" firstAttribute="leading" secondItem="lvJ-Rk-UT5" secondAttribute="trailing" constant="-116" id="6Q5-Oo-1cI"/>
-                    <constraint firstItem="BbV-3h-mmL" firstAttribute="top" secondItem="oFj-ol-xpL" secondAttribute="bottom" constant="35" id="7K6-bY-Rn6"/>
-                    <constraint firstItem="C3G-wL-u7w" firstAttribute="leading" secondItem="4Li-ul-zIi" secondAttribute="trailing" constant="20" id="ALv-0v-szi"/>
-                    <constraint firstItem="f1p-GL-O3o" firstAttribute="top" secondItem="PXc-xv-A28" secondAttribute="bottom" constant="8" id="E6D-7P-17g"/>
-                    <constraint firstItem="cJf-k6-OxS" firstAttribute="centerY" secondItem="C3G-wL-u7w" secondAttribute="centerY" id="FdL-ZZ-Vbe"/>
-                    <constraint firstItem="t8c-Fx-e5h" firstAttribute="top" secondItem="Iwq-Lx-rLv" secondAttribute="top" constant="30" id="FuB-GX-0jg"/>
-                    <constraint firstItem="oFj-ol-xpL" firstAttribute="bottom" secondItem="4Li-ul-zIi" secondAttribute="bottom" id="G0I-O2-S91"/>
-                    <constraint firstItem="lvJ-Rk-UT5" firstAttribute="leading" secondItem="cJf-k6-OxS" secondAttribute="trailing" constant="-45" id="GD2-Ka-deo"/>
-                    <constraint firstItem="h6f-PY-cc0" firstAttribute="centerY" secondItem="oFj-ol-xpL" secondAttribute="centerY" id="GXI-pT-FM1"/>
-                    <constraint firstItem="oFj-ol-xpL" firstAttribute="leading" secondItem="Iwq-Lx-rLv" secondAttribute="leading" constant="10" id="IwX-ja-ZIs"/>
-                    <constraint firstItem="d9e-Wv-Y5H" firstAttribute="top" secondItem="4Li-ul-zIi" secondAttribute="top" id="JY4-N1-j8e"/>
-                    <constraint firstItem="oFj-ol-xpL" firstAttribute="leading" secondItem="d9e-Wv-Y5H" secondAttribute="leading" priority="999" id="MVr-jY-GDj"/>
-                    <constraint firstItem="pc8-G9-4pJ" firstAttribute="top" secondItem="cD5-Su-lXR" secondAttribute="bottom" constant="30" id="Nsl-zf-poH"/>
-                    <constraint firstItem="pc8-G9-4pJ" firstAttribute="leading" secondItem="4Li-ul-zIi" secondAttribute="trailing" constant="20" id="SCl-Ky-VmT"/>
-                    <constraint firstItem="d9e-Wv-Y5H" firstAttribute="centerY" secondItem="pc8-G9-4pJ" secondAttribute="centerY" id="SLv-F7-w5k"/>
-                    <constraint firstItem="7ua-5a-uSd" firstAttribute="top" secondItem="oFj-ol-xpL" secondAttribute="bottom" constant="35" id="Scq-zQ-Sao"/>
-                    <constraint firstItem="4Li-ul-zIi" firstAttribute="leading" secondItem="KEB-eH-x2Y" secondAttribute="trailing" constant="20" id="Seb-c0-MUL"/>
-                    <constraint firstAttribute="centerX" secondItem="cD5-Su-lXR" secondAttribute="centerX" id="V0a-Py-iEc"/>
-                    <constraint firstItem="oFj-ol-xpL" firstAttribute="leading" secondItem="lvJ-Rk-UT5" secondAttribute="leading" priority="999" id="Z6G-l9-G4a"/>
-                    <constraint firstItem="oFj-ol-xpL" firstAttribute="top" secondItem="eQb-0a-76J" secondAttribute="bottom" constant="8" id="abm-cM-PN0"/>
-                    <constraint firstItem="4Li-ul-zIi" firstAttribute="leading" secondItem="eQb-0a-76J" secondAttribute="trailing" constant="20" id="b0B-3w-grH"/>
-                    <constraint firstItem="KEB-eH-x2Y" firstAttribute="leading" secondItem="oFj-ol-xpL" secondAttribute="leading" priority="999" id="b5A-M7-ZsD"/>
-                    <constraint firstItem="KEB-eH-x2Y" firstAttribute="centerY" secondItem="PXc-xv-A28" secondAttribute="centerY" id="cHe-pZ-0Oq"/>
-                    <constraint firstItem="cD5-Su-lXR" firstAttribute="top" secondItem="t8c-Fx-e5h" secondAttribute="bottom" constant="30" id="dYg-zP-wh2"/>
-                    <constraint firstItem="h6f-PY-cc0" firstAttribute="leading" secondItem="4Li-ul-zIi" secondAttribute="trailing" constant="20" id="eSz-lz-Fdh"/>
-                    <constraint firstItem="f1p-GL-O3o" firstAttribute="leading" secondItem="4Li-ul-zIi" secondAttribute="trailing" constant="20" id="fGd-YS-phP"/>
-                    <constraint firstAttribute="centerX" secondItem="t8c-Fx-e5h" secondAttribute="centerX" id="h3d-Kc-q88"/>
-                    <constraint firstItem="BbV-3h-mmL" firstAttribute="leading" secondItem="7ua-5a-uSd" secondAttribute="trailing" constant="12" id="ioO-NJ-Jqo"/>
-                    <constraint firstItem="C3G-wL-u7w" firstAttribute="centerY" secondItem="lvJ-Rk-UT5" secondAttribute="centerY" id="jfs-YI-7Ae"/>
-                    <constraint firstItem="lvJ-Rk-UT5" firstAttribute="trailing" secondItem="KEB-eH-x2Y" secondAttribute="trailing" id="jlD-Lo-abc"/>
-                    <constraint firstItem="4Li-ul-zIi" firstAttribute="leading" secondItem="oFj-ol-xpL" secondAttribute="trailing" constant="20" id="kOG-Cj-hFG"/>
-                    <constraint firstItem="oFj-ol-xpL" firstAttribute="trailing" secondItem="lvJ-Rk-UT5" secondAttribute="trailing" id="lse-kg-lA2"/>
-                    <constraint firstItem="eQb-0a-76J" firstAttribute="top" secondItem="KEB-eH-x2Y" secondAttribute="bottom" constant="8" id="m2z-1O-ifB"/>
-                    <constraint firstItem="d9e-Wv-Y5H" firstAttribute="trailing" secondItem="KEB-eH-x2Y" secondAttribute="trailing" id="pdq-a6-Y73"/>
-                    <constraint firstAttribute="centerX" secondItem="7ua-5a-uSd" secondAttribute="centerX" constant="61" id="phL-j9-rPq"/>
-                    <constraint firstItem="4Li-ul-zIi" firstAttribute="leading" secondItem="lvJ-Rk-UT5" secondAttribute="trailing" constant="20" id="qKi-KT-jzJ"/>
-                    <constraint firstItem="C3G-wL-u7w" firstAttribute="bottom" secondItem="PXc-xv-A28" secondAttribute="top" constant="-8" id="snd-8T-LjC"/>
-                    <constraint firstItem="4Li-ul-zIi" firstAttribute="leading" secondItem="d9e-Wv-Y5H" secondAttribute="trailing" constant="20" id="stz-Vm-Kxo"/>
-                    <constraint firstItem="PXc-xv-A28" firstAttribute="leading" secondItem="4Li-ul-zIi" secondAttribute="trailing" constant="20" id="tAa-1s-xVZ"/>
-                    <constraint firstItem="d9e-Wv-Y5H" firstAttribute="width" secondItem="eQb-0a-76J" secondAttribute="width" id="u4p-1B-x5B"/>
-                    <constraint firstAttribute="bottom" secondItem="BbV-3h-mmL" secondAttribute="bottom" constant="35" id="ukF-FH-DE8"/>
-                    <constraint firstItem="pc8-G9-4pJ" firstAttribute="bottom" secondItem="C3G-wL-u7w" secondAttribute="top" constant="-8" id="zst-nc-VqA"/>
-                </constraints>
-            </view>
-            <point key="canvasLocation" x="112.5" y="308"/>
-        </window>
-    </objects>
-    <resources>
-        <image name="NSInfo" width="32" height="32"/>
-    </resources>
-</document>

Source/SantaGUI/Resources/Santa-Prefix.pch

@@ -1,3 +0,0 @@
-#ifdef __OBJC__
-  #import <Cocoa/Cocoa.h>
-#endif

Source/SantaGUI/SNTAppDelegate.m

@@ -1,107 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTAppDelegate.h"
-
-#import "SNTAboutWindowController.h"
-#import "SNTConfigurator.h"
-#import "SNTFileWatcher.h"
-#import "SNTNotificationManager.h"
-#import "SNTXPCConnection.h"
-
-@interface SNTAppDelegate ()
-@property SNTAboutWindowController *aboutWindowController;
-@property SNTFileWatcher *configFileWatcher;
-@property SNTNotificationManager *notificationManager;
-@property SNTXPCConnection *listener;
-@end
-
-@implementation SNTAppDelegate
-
-#pragma mark App Delegate methods
-
-- (void)applicationDidFinishLaunching:(NSNotification *)aNotification {
-  [self setupMenu];
-
-  self.configFileWatcher = [[SNTFileWatcher alloc] initWithFilePath:kDefaultConfigFilePath
-                                                            handler:^{
-      [[SNTConfigurator configurator] reloadConfigData];
-  }];
-
-  self.notificationManager = [[SNTNotificationManager alloc] init];
-
-  NSNotificationCenter *workspaceNotifications = [[NSWorkspace sharedWorkspace] notificationCenter];
-  [workspaceNotifications addObserver:self
-                             selector:@selector(killConnection)
-                                 name:NSWorkspaceSessionDidResignActiveNotification
-                               object:nil];
-  [workspaceNotifications addObserver:self
-                             selector:@selector(createConnection)
-                                 name:NSWorkspaceSessionDidBecomeActiveNotification
-                               object:nil];
-
-  [self createConnection];
-}
-
-- (BOOL)applicationShouldHandleReopen:(NSApplication *)sender hasVisibleWindows:(BOOL)flag {
-  self.aboutWindowController = [[SNTAboutWindowController alloc] init];
-  [self.aboutWindowController showWindow:self];
-  return NO;
-}
-
-#pragma mark Connection handling
-
-- (void)createConnection {
-  __weak __typeof(self) weakSelf = self;
-
-  self.listener = [[SNTXPCConnection alloc] initClientWithName:[SNTXPCNotifierInterface serviceId]
-                                                       options:NSXPCConnectionPrivileged];
-  self.listener.exportedInterface = [SNTXPCNotifierInterface notifierInterface];
-  self.listener.exportedObject = self.notificationManager;
-  self.listener.rejectedHandler = ^{
-      [weakSelf attemptReconnection];
-  };
-  self.listener.invalidationHandler = self.listener.rejectedHandler;
-  [self.listener resume];
-}
-
-- (void)killConnection {
-  self.listener.invalidationHandler = nil;
-  [self.listener invalidate];
-  self.listener = nil;
-}
-
-- (void)attemptReconnection {
-  // TODO(rah): Make this smarter.
-  sleep(10);
-  [self performSelectorOnMainThread:@selector(createConnection) withObject:nil waitUntilDone:NO];
-}
-
-#pragma mark Menu Management
-
-- (void)setupMenu {
-  // Whilst the user will never see the menu, having one with the Copy and Select All options
-  // allows the shortcuts for these items to work, which is useful for being able to copy
-  // information from notifications. The mainMenu must have a nested menu for this to work properly.
-  NSMenu *mainMenu = [[NSMenu alloc] init];
-  NSMenu *editMenu = [[NSMenu alloc] init];
-  [editMenu addItemWithTitle:@"Copy" action:@selector(copy:) keyEquivalent:@"c"];
-  [editMenu addItemWithTitle:@"Select All" action:@selector(selectAll:) keyEquivalent:@"a"];
-  NSMenuItem *editMenuItem = [[NSMenuItem alloc] init];
-  [editMenuItem setSubmenu:editMenu];
-  [mainMenu addItem:editMenuItem];
-  [NSApp setMainMenu:mainMenu];
-}
-
-@end

Source/SantaGUI/SNTMessageWindowController.h

@@ -1,63 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-@class SNTStoredEvent;
-
-@protocol SNTMessageWindowControllerDelegate
-- (void)windowDidClose;
-@end
-
-///
-///  Controller for a single message window.
-///
-@interface SNTMessageWindowController : NSWindowController
-
-- (instancetype)initWithEvent:(SNTStoredEvent *)event andMessage:(NSString *)message;
-
-- (IBAction)showWindow:(id)sender;
-- (IBAction)closeWindow:(id)sender;
-- (IBAction)showCertInfo:(id)sender;
-
-///
-///  The execution event that this window is for
-///
-@property SNTStoredEvent *event;
-
-///
-///  The custom message to display for this event
-///
-@property(copy) NSString *customMessage;
-
-///
-///  The delegate to inform when the notification is dismissed
-///
-@property(weak) id<SNTMessageWindowControllerDelegate> delegate;
-
-///
-///  A 'friendly' string representing the certificate information
-///
-@property(readonly, nonatomic) NSString *publisherInfo;
-
-///
-///  An optional message to display with this block.
-///
-@property(readonly, nonatomic) NSAttributedString *attributedCustomMessage;
-
-///
-///  Reference to the "Open Event" button in the XIB. Used to either remove the button
-///  if it isn't needed or set its title if it is.
-///
-@property IBOutlet NSButton *openEventButton;
-
-@end

Source/SantaGUI/SNTMessageWindowController.m

@@ -1,148 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTMessageWindowController.h"
-
-#import <SecurityInterface/SFCertificatePanel.h>
-
-#import "SNTCertificate.h"
-#import "SNTConfigurator.h"
-#import "SNTFileInfo.h"
-#import "SNTMessageWindow.h"
-#import "SNTStoredEvent.h"
-
-@implementation SNTMessageWindowController
-
-- (instancetype)initWithEvent:(SNTStoredEvent *)event andMessage:(NSString *)message {
-  self = [super initWithWindowNibName:@"MessageWindow"];
-  if (self) {
-    _event = event;
-    _customMessage = (message != (NSString *)[NSNull null] ? message : nil);
-  }
-  return self;
-}
-
-- (void)loadWindow {
-  [super loadWindow];
-  [self.window setLevel:NSPopUpMenuWindowLevel];
-  [self.window setMovableByWindowBackground:YES];
-
-  if (![[SNTConfigurator configurator] eventDetailURL]) {
-    [self.openEventButton removeFromSuperview];
-  } else {
-    NSString *eventDetailText = [[SNTConfigurator configurator] eventDetailText];
-    if (eventDetailText) {
-      [self.openEventButton setTitle:eventDetailText];
-    }
-  }
-}
-
-- (IBAction)showWindow:(id)sender {
-  [(SNTMessageWindow *)self.window fadeIn:sender];
-}
-
-- (IBAction)closeWindow:(id)sender {
-  [(SNTMessageWindow *)self.window fadeOut:sender];
-}
-
-- (void)windowWillClose:(NSNotification *)notification {
-  if (self.delegate) [self.delegate windowDidClose];
-}
-
-- (IBAction)showCertInfo:(id)sender {
-  // SFCertificatePanel expects an NSArray of SecCertificateRef's
-  NSMutableArray *certArray = [NSMutableArray arrayWithCapacity:[self.event.signingChain count]];
-  for (SNTCertificate *cert in self.event.signingChain) {
-    [certArray addObject:(id)cert.certRef];
-  }
-
-  [[[SFCertificatePanel alloc] init] beginSheetForWindow:self.window
-                                           modalDelegate:nil
-                                          didEndSelector:nil
-                                             contextInfo:nil
-                                            certificates:certArray
-                                               showGroup:YES];
-}
-
-- (IBAction)openEventDetails:(id)sender {
-  SNTConfigurator *config = [SNTConfigurator configurator];
-
-  NSString *formatStr = config.eventDetailURL;
-  formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%file_sha%"
-                                                   withString:self.event.fileSHA256];
-  formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%username%"
-                                                   withString:self.event.executingUser];
-  formatStr = [formatStr stringByReplacingOccurrencesOfString:@"%machine_id%"
-                                                   withString:config.machineID];
-
-  [self closeWindow:sender];
-  [[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:formatStr]];
-}
-
-#pragma mark Generated properties
-
-+ (NSSet *)keyPathsForValuesAffectingValueForKey:(NSString *)key {
-  if (![key isEqualToString:@"event"]) {
-    return [NSSet setWithObject:@"event"];
-  } else {
-    return nil;
-  }
-}
-
-- (NSString *)shortenedHash {
-  return [self.event.fileSHA256 substringWithRange:NSMakeRange(0, 10)];
-}
-
-- (NSString *)publisherInfo {
-  SNTCertificate *leafCert = [self.event.signingChain firstObject];
-
-  if (leafCert.commonName && leafCert.orgName) {
-    return [NSString stringWithFormat:@"%@ - %@", leafCert.orgName, leafCert.commonName];
-  } else if (leafCert.commonName) {
-    return leafCert.commonName;
-  } else if (leafCert.orgName) {
-    return leafCert.orgName;
-  } else {
-    return nil;
-  }
-}
-
-- (NSAttributedString *)attributedCustomMessage {
-  NSString *htmlHeader = @"<html><head><style>"
-                         @"body {"
-                         @"  font-family: 'Lucida Grande', 'Helvetica', sans-serif;"
-                         @"  font-size: 13px;"
-                         @"  color: #AAA;"
-                         @"  text-align: center;"
-                         @"}"
-                         @"</style></head><body>";
-  NSString *htmlFooter = @"</body></html>";
-
-  NSString *message;
-  if ([self.customMessage length] > 0) {
-    message = self.customMessage;
-  } else {
-    message = @"The following application has been blocked from executing<br />"
-              @"because its trustworthiness cannot be determined.";
-  }
-
-  NSString *fullHTML = [NSString stringWithFormat:@"%@%@%@", htmlHeader, message, htmlFooter];
-
-  NSData *htmlData = [fullHTML dataUsingEncoding:NSUTF8StringEncoding];
-  NSAttributedString *returnStr = [[NSAttributedString alloc] initWithHTML:htmlData
-                                                        documentAttributes:NULL];
-  return returnStr;
-}
-
-@end

Source/SantaGUI/SNTNotificationManager.m

@@ -1,96 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTNotificationManager.h"
-
-#import "SNTStoredEvent.h"
-
-@interface SNTNotificationManager ()
-///
-///  The currently displayed notification
-///
-@property SNTMessageWindowController *currentWindowController;
-
-///
-///  The queue of pending notifications
-///
-@property(readonly) NSMutableArray *pendingNotifications;
-@end
-
-@implementation SNTNotificationManager
-
-- (instancetype)init {
-  self = [super init];
-  if (self) {
-    _pendingNotifications = [[NSMutableArray alloc] init];
-  }
-  return self;
-}
-
-- (void)windowDidClose {
-  [self.pendingNotifications removeObject:self.currentWindowController];
-  self.currentWindowController = nil;
-
-  if ([self.pendingNotifications count]) {
-    self.currentWindowController = [self.pendingNotifications firstObject];
-    [self.currentWindowController showWindow:self];
-  } else {
-    [NSApp hide:self];
-  }
-}
-
-#pragma mark SNTNotifierXPC protocol methods
-
-- (void)postBlockNotification:(SNTStoredEvent *)event withCustomMessage:(NSString *)message {
-  // See if this binary is already in the list of pending notifications.
-  NSPredicate *predicate =
-      [NSPredicate predicateWithFormat:@"event.fileSHA256==%@", event.fileSHA256];
-  if ([[self.pendingNotifications filteredArrayUsingPredicate:predicate] count]) return;
-
-  if (!event) {
-    NSLog(@"Error: Missing event object in message received from daemon!");
-    return;
-  }
-  if (!message) message = (NSString *)[NSNull null];
-
-  // Notifications arrive on a background thread but UI updates must happen on the main thread.
-  // This includes making windows.
-  [self performSelectorOnMainThread:@selector(postBlockNotificationMainThread:)
-                         withObject:@{ @"event": event, @"custommsg": message }
-                      waitUntilDone:NO];
-}
-
-- (void)postBlockNotificationMainThread:(NSDictionary *)dict {
-  SNTStoredEvent *event = dict[@"event"];
-  NSString *msg = dict[@"custommsg"];
-
-  // Create message window
-  SNTMessageWindowController *pendingMsg = [[SNTMessageWindowController alloc] initWithEvent:event
-                                                                                  andMessage:msg];
-  pendingMsg.delegate = self;
-  [self.pendingNotifications addObject:pendingMsg];
-
-  // If a notification isn't currently being displayed, display the incoming one.
-  if (!self.currentWindowController) {
-    self.currentWindowController = pendingMsg;
-
-    [NSApp activateIgnoringOtherApps:YES];
-
-    // It's quite likely that we're currently on a background thread, and GUI code should always be
-    // on main thread. Open the window on the main thread so any code it runs is also.
-    [pendingMsg showWindow:nil];
-  }
-}
-
-@end

Source/common/BUILD

@@ -0,0 +1,531 @@
+load("@rules_cc//cc:defs.bzl", "cc_proto_library")
+load("//:helper.bzl", "santa_unit_test")
+
+package(
+    default_visibility = ["//:santa_package_group"],
+)
+
+licenses(["notice"])
+
+proto_library(
+    name = "santa_proto",
+    srcs = ["santa.proto"],
+    deps = [
+        "//Source/santad/ProcessTree:process_tree_proto",
+        "@com_google_protobuf//:any_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
+cc_proto_library(
+    name = "santa_cc_proto",
+    deps = [":santa_proto"],
+)
+
+# Note: Simple wrapper for a `cc_proto_library` target which cannot be directly
+# depended upon by an `objc_library` target.
+cc_library(
+    name = "santa_cc_proto_library_wrapper",
+    hdrs = ["santa_proto_include_wrapper.h"],
+    deps = [
+        ":santa_cc_proto",
+    ],
+)
+
+objc_library(
+    name = "SystemResources",
+    srcs = ["SystemResources.mm"],
+    hdrs = ["SystemResources.h"],
+    deps = [
+        ":SNTLogging",
+    ],
+)
+
+objc_library(
+    name = "SNTDeepCopy",
+    srcs = ["SNTDeepCopy.m"],
+    hdrs = ["SNTDeepCopy.h"],
+)
+
+cc_library(
+    name = "SantaCache",
+    hdrs = ["SantaCache.h"],
+    deps = [":BranchPrediction"],
+)
+
+santa_unit_test(
+    name = "SantaCacheTest",
+    srcs = ["SantaCacheTest.mm"],
+    deps = [
+        ":SantaCache",
+    ],
+)
+
+# This target shouldn't be used directly.
+# Use a more specific scoped type instead.
+objc_library(
+    name = "ScopedTypeRef",
+    hdrs = ["ScopedTypeRef.h"],
+    visibility = ["//Source/common:__pkg__"],
+)
+
+objc_library(
+    name = "ScopedCFTypeRef",
+    hdrs = ["ScopedCFTypeRef.h"],
+    deps = [
+        ":ScopedTypeRef",
+    ],
+)
+
+santa_unit_test(
+    name = "ScopedCFTypeRefTest",
+    srcs = ["ScopedCFTypeRefTest.mm"],
+    sdk_frameworks = [
+        "Security",
+    ],
+    deps = [
+        ":ScopedCFTypeRef",
+    ],
+)
+
+objc_library(
+    name = "ScopedIOObjectRef",
+    hdrs = ["ScopedIOObjectRef.h"],
+    sdk_frameworks = [
+        "IOKit",
+    ],
+    deps = [
+        ":ScopedTypeRef",
+    ],
+)
+
+santa_unit_test(
+    name = "ScopedIOObjectRefTest",
+    srcs = ["ScopedIOObjectRefTest.mm"],
+    sdk_frameworks = [
+        "IOKit",
+    ],
+    deps = [
+        ":ScopedIOObjectRef",
+        "//Source/santad:EndpointSecuritySerializerUtilities",
+    ],
+)
+
+objc_library(
+    name = "BranchPrediction",
+    hdrs = ["BranchPrediction.h"],
+)
+
+objc_library(
+    name = "SantaVnode",
+    hdrs = ["SantaVnode.h"],
+)
+
+objc_library(
+    name = "Platform",
+    hdrs = ["Platform.h"],
+)
+
+objc_library(
+    name = "String",
+    hdrs = ["String.h"],
+)
+
+objc_library(
+    name = "SantaVnodeHash",
+    srcs = ["SantaVnodeHash.mm"],
+    hdrs = ["SantaVnodeHash.h"],
+    deps = [
+        ":SantaCache",
+        ":SantaVnode",
+    ],
+)
+
+objc_library(
+    name = "CertificateHelpers",
+    srcs = ["CertificateHelpers.m"],
+    hdrs = ["CertificateHelpers.h"],
+    deps = [
+        "@MOLCertificate",
+    ],
+)
+
+objc_library(
+    name = "SNTBlockMessage",
+    srcs = ["SNTBlockMessage.m"],
+    hdrs = ["SNTBlockMessage.h"],
+    deps = [
+        ":SNTConfigurator",
+        ":SNTFileAccessEvent",
+        ":SNTLogging",
+        ":SNTStoredEvent",
+        ":SNTSystemInfo",
+    ],
+)
+
+objc_library(
+    name = "SNTBlockMessage_SantaGUI",
+    srcs = ["SNTBlockMessage.m"],
+    hdrs = ["SNTBlockMessage.h"],
+    defines = ["SANTAGUI"],
+    deps = [
+        ":SNTConfigurator",
+        ":SNTFileAccessEvent",
+        ":SNTLogging",
+        ":SNTStoredEvent",
+        ":SNTSystemInfo",
+    ],
+)
+
+objc_library(
+    name = "SNTCachedDecision",
+    srcs = ["SNTCachedDecision.mm"],
+    hdrs = ["SNTCachedDecision.h"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SantaVnode",
+    ],
+)
+
+objc_library(
+    name = "SNTDeviceEvent",
+    srcs = ["SNTDeviceEvent.m"],
+    hdrs = ["SNTDeviceEvent.h"],
+    module_name = "santa_common_SNTDeviceEvent",
+    sdk_frameworks = [
+        "Foundation",
+    ],
+    deps = [
+        ":SNTCommonEnums",
+    ],
+)
+
+objc_library(
+    name = "SNTFileAccessEvent",
+    srcs = ["SNTFileAccessEvent.m"],
+    hdrs = ["SNTFileAccessEvent.h"],
+    module_name = "santa_common_SNTFileAccessEvent",
+    sdk_frameworks = [
+        "Foundation",
+    ],
+    deps = [
+        ":CertificateHelpers",
+        "@MOLCertificate",
+    ],
+)
+
+objc_library(
+    name = "SNTCommonEnums",
+    textual_hdrs = ["SNTCommonEnums.h"],
+)
+
+objc_library(
+    name = "SNTConfigurator",
+    srcs = ["SNTConfigurator.m"],
+    hdrs = ["SNTConfigurator.h"],
+    module_name = "santa_common_SNTConfigurator",
+    sdk_frameworks = [
+        "Foundation",
+    ],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTRule",
+        ":SNTStrengthify",
+        ":SNTSystemInfo",
+    ],
+)
+
+objc_library(
+    name = "SNTKVOManager",
+    srcs = ["SNTKVOManager.mm"],
+    hdrs = ["SNTKVOManager.h"],
+    deps = [
+        ":SNTLogging",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTKVOManagerTest",
+    srcs = ["SNTKVOManagerTest.mm"],
+    deps = [
+        ":SNTKVOManager",
+    ],
+)
+
+objc_library(
+    name = "SNTDropRootPrivs",
+    srcs = ["SNTDropRootPrivs.m"],
+    hdrs = ["SNTDropRootPrivs.h"],
+)
+
+objc_library(
+    name = "SNTFileInfo",
+    srcs = ["SNTFileInfo.m"],
+    hdrs = ["SNTFileInfo.h"],
+    deps = [
+        ":SNTLogging",
+        ":SantaVnode",
+        "@FMDB",
+        "@MOLCodesignChecker",
+    ],
+)
+
+objc_library(
+    name = "SNTLogging",
+    srcs = ["SNTLogging.m"],
+    hdrs = ["SNTLogging.h"],
+    deps = [":SNTConfigurator"],
+)
+
+objc_library(
+    name = "PrefixTree",
+    hdrs = ["PrefixTree.h"],
+    deps = [
+        ":SNTLogging",
+        "@com_google_absl//absl/synchronization",
+    ],
+)
+
+objc_library(
+    name = "Unit",
+    hdrs = ["Unit.h"],
+)
+
+objc_library(
+    name = "SNTRule",
+    srcs = ["SNTRule.m"],
+    hdrs = ["SNTRule.h"],
+    sdk_frameworks = [
+        "Foundation",
+    ],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTSyncConstants",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTRuleTest",
+    srcs = ["SNTRuleTest.m"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTRule",
+        ":SNTSyncConstants",
+    ],
+)
+
+objc_library(
+    name = "SNTRuleIdentifiers",
+    srcs = ["SNTRuleIdentifiers.m"],
+    hdrs = ["SNTRuleIdentifiers.h"],
+)
+
+objc_library(
+    name = "SNTStoredEvent",
+    srcs = ["SNTStoredEvent.m"],
+    hdrs = ["SNTStoredEvent.h"],
+    deps = [
+        ":SNTCommonEnums",
+        "@MOLCertificate",
+    ],
+)
+
+cc_library(
+    name = "SNTStrengthify",
+    hdrs = ["SNTStrengthify.h"],
+)
+
+objc_library(
+    name = "SNTSyncConstants",
+    srcs = ["SNTSyncConstants.m"],
+    hdrs = ["SNTSyncConstants.h"],
+    sdk_frameworks = [
+        "Foundation",
+    ],
+)
+
+objc_library(
+    name = "SNTSystemInfo",
+    srcs = ["SNTSystemInfo.m"],
+    hdrs = ["SNTSystemInfo.h"],
+    sdk_frameworks = [
+        "Foundation",
+        "IOKit",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCBundleServiceInterface",
+    srcs = ["SNTXPCBundleServiceInterface.m"],
+    hdrs = ["SNTXPCBundleServiceInterface.h"],
+    deps = [
+        ":SNTStoredEvent",
+        "@MOLXPCConnection",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCMetricServiceInterface",
+    srcs = ["SNTXPCMetricServiceInterface.m"],
+    hdrs = ["SNTXPCMetricServiceInterface.h"],
+    deps = [
+        "@MOLXPCConnection",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCControlInterface",
+    srcs = ["SNTXPCControlInterface.m"],
+    hdrs = ["SNTXPCControlInterface.h"],
+    defines = select({
+        "//:adhoc_build": ["SANTAADHOC"],
+        "//conditions:default": None,
+    }),
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTConfigurator",
+        ":SNTRule",
+        ":SNTRuleIdentifiers",
+        ":SNTStoredEvent",
+        ":SNTXPCUnprivilegedControlInterface",
+        "@MOLCodesignChecker",
+        "@MOLXPCConnection",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCNotifierInterface",
+    srcs = ["SNTXPCNotifierInterface.m"],
+    hdrs = ["SNTXPCNotifierInterface.h"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTXPCBundleServiceInterface",
+    ],
+)
+
+objc_library(
+    name = "SNTMetricSet",
+    srcs = ["SNTMetricSet.m"],
+    hdrs = ["SNTMetricSet.h"],
+    deps = [":SNTCommonEnums"],
+)
+
+objc_library(
+    name = "SNTXPCSyncServiceInterface",
+    srcs = ["SNTXPCSyncServiceInterface.m"],
+    hdrs = ["SNTXPCSyncServiceInterface.h"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTStoredEvent",
+        "@MOLXPCConnection",
+    ],
+)
+
+objc_library(
+    name = "SNTXPCUnprivilegedControlInterface",
+    srcs = ["SNTXPCUnprivilegedControlInterface.m"],
+    hdrs = ["SNTXPCUnprivilegedControlInterface.h"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTRule",
+        ":SNTRuleIdentifiers",
+        ":SNTStoredEvent",
+        ":SNTXPCBundleServiceInterface",
+        ":SantaVnode",
+        "@MOLCertificate",
+        "@MOLXPCConnection",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTFileInfoTest",
+    srcs = ["SNTFileInfoTest.m"],
+    resources = [
+        "testdata/32bitplist",
+        "testdata/bad_pagezero",
+        "testdata/missing_pagezero",
+    ],
+    structured_resources = glob([
+        "testdata/BundleExample.app/**",
+        "testdata/DirectoryBundle/**",
+    ]),
+    deps = [":SNTFileInfo"],
+)
+
+santa_unit_test(
+    name = "PrefixTreeTest",
+    srcs = ["PrefixTreeTest.mm"],
+    deps = [":PrefixTree"],
+)
+
+santa_unit_test(
+    name = "SNTMetricSetTest",
+    srcs = ["SNTMetricSetTest.m"],
+    deps = [":SNTMetricSet"],
+)
+
+santa_unit_test(
+    name = "SNTCachedDecisionTest",
+    srcs = ["SNTCachedDecisionTest.mm"],
+    deps = [
+        "//Source/common:SNTCachedDecision",
+        "//Source/common:TestUtils",
+        "@OCMock",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTBlockMessageTest",
+    srcs = ["SNTBlockMessageTest.m"],
+    deps = [
+        ":SNTBlockMessage",
+        ":SNTConfigurator",
+        ":SNTFileAccessEvent",
+        ":SNTStoredEvent",
+        ":SNTSystemInfo",
+        "@OCMock",
+    ],
+)
+
+santa_unit_test(
+    name = "SNTConfiguratorTest",
+    srcs = ["SNTConfiguratorTest.m"],
+    deps = [
+        ":SNTCommonEnums",
+        ":SNTConfigurator",
+        "@OCMock",
+    ],
+)
+
+test_suite(
+    name = "unit_tests",
+    tests = [
+        ":PrefixTreeTest",
+        ":SNTBlockMessageTest",
+        ":SNTCachedDecisionTest",
+        ":SNTConfiguratorTest",
+        ":SNTFileInfoTest",
+        ":SNTKVOManagerTest",
+        ":SNTMetricSetTest",
+        ":SNTRuleTest",
+        ":SantaCacheTest",
+        ":ScopedCFTypeRefTest",
+        ":ScopedIOObjectRefTest",
+    ],
+    visibility = ["//:santa_package_group"],
+)
+
+objc_library(
+    name = "TestUtils",
+    testonly = 1,
+    srcs = ["TestUtils.mm"],
+    hdrs = ["TestUtils.h"],
+    sdk_dylibs = [
+        "bsm",
+    ],
+    deps = [
+        ":SystemResources",
+        "@OCMock",
+        "@com_google_googletest//:gtest",
+    ],
+)

Source/common/BranchPrediction.h

@@ -0,0 +1,22 @@
+/// Copyright 2022 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__BRANCHPREDICTION_H
+#define SANTA__COMMON__BRANCHPREDICTION_H
+
+// Helpful macros to use when the the outcome is largely known
+#define likely(x) __builtin_expect(!!(x), 1)
+#define unlikely(x) __builtin_expect(!!(x), 0)
+
+#endif

Source/common/CertificateHelpers.h

@@ -0,0 +1,43 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import <Foundation/Foundation.h>
+#import <MOLCertificate/MOLCertificate.h>
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
+
+/**
+  Return a string representing publisher info from the provided certs
+
+  @param certs A certificate chain
+  @param teamID A team ID to be displayed for apps from the App Store
+
+  @return A string that tries to be more helpful to users by extracting
+  appropriate information from the certificate chain.
+*/
+NSString *Publisher(NSArray<MOLCertificate *> *certs, NSString *teamID);
+
+/**
+  Return an array of the underlying SecCertificateRef's for the given array
+  of MOLCertificates.
+
+  @param certs An array of MOLCertificates
+
+  @return An array of SecCertificateRefs. WARNING: If the refs need to be used
+  for a long time be careful to properly CFRetain/CFRelease the returned items.
+*/
+NSArray<id> *CertificateChain(NSArray<MOLCertificate *> *certs);
+
+__END_DECLS

Source/common/CertificateHelpers.m

@@ -0,0 +1,42 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import "Source/common/CertificateHelpers.h"
+
+#include <Security/SecCertificate.h>
+
+NSString *Publisher(NSArray<MOLCertificate *> *certs, NSString *teamID) {
+  MOLCertificate *leafCert = [certs firstObject];
+
+  if ([leafCert.commonName isEqualToString:@"Apple Mac OS Application Signing"]) {
+    return [NSString stringWithFormat:@"App Store (Team ID: %@)", teamID];
+  } else if (leafCert.commonName && leafCert.orgName) {
+    return [NSString stringWithFormat:@"%@ - %@", leafCert.orgName, leafCert.commonName];
+  } else if (leafCert.commonName) {
+    return leafCert.commonName;
+  } else if (leafCert.orgName) {
+    return leafCert.orgName;
+  } else {
+    return nil;
+  }
+}
+
+NSArray<id> *CertificateChain(NSArray<MOLCertificate *> *certs) {
+  NSMutableArray *certArray = [NSMutableArray arrayWithCapacity:[certs count]];
+  for (MOLCertificate *cert in certs) {
+    [certArray addObject:(id)cert.certRef];
+  }
+
+  return certArray;
+}

Source/common/Platform.h

@@ -0,0 +1,34 @@
+/// Copyright 2022 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__PLATFORM_H
+#define SANTA__COMMON__PLATFORM_H
+
+#include <Availability.h>
+
+#if defined(MAC_OS_VERSION_12_0) && \
+    MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_12_0
+#define HAVE_MACOS_12 1
+#else
+#define HAVE_MACOS_12 0
+#endif
+
+#if defined(MAC_OS_VERSION_13_0) && \
+    MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_VERSION_13_0
+#define HAVE_MACOS_13 1
+#else
+#define HAVE_MACOS_13 0
+#endif
+
+#endif

Source/common/PrefixTree.h

@@ -0,0 +1,302 @@
+/// Copyright 2022 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#ifndef SANTA__COMMON__PREFIXTREE_H
+#define SANTA__COMMON__PREFIXTREE_H
+
+#include <sys/syslimits.h>
+
+#include <optional>
+
+#import "Source/common/SNTLogging.h"
+#include "absl/synchronization/mutex.h"
+
+#if SANTA_PREFIX_TREE_DEBUG
+#define DEBUG_LOG LOGD
+#else
+#define DEBUG_LOG(format, ...)  // NOP
+#endif
+
+namespace santa::common {
+
+template <typename ValueT>
+class PrefixTree {
+ private:
+  // Forward declaration
+  enum class NodeType;
+  class TreeNode;
+
+ public:
+  PrefixTree(uint32_t max_depth = PATH_MAX)
+      : root_(new TreeNode()), max_depth_(max_depth), node_count_(0) {}
+
+  ~PrefixTree() { PruneLocked(root_); }
+
+  bool InsertPrefix(const char *s, ValueT value) {
+    absl::MutexLock lock(&lock_);
+    return InsertLocked(s, value, NodeType::kPrefix);
+  }
+
+  bool InsertLiteral(const char *s, ValueT value) {
+    absl::MutexLock lock(&lock_);
+    return InsertLocked(s, value, NodeType::kLiteral);
+  }
+
+  bool HasPrefix(const char *input) {
+    absl::ReaderMutexLock lock(&lock_);
+    return HasPrefixLocked(input);
+  }
+
+  std::optional<ValueT> LookupLongestMatchingPrefix(const char *input) {
+    if (!input) {
+      return std::nullopt;
+    }
+
+    absl::ReaderMutexLock lock(&lock_);
+    return LookupLongestMatchingPrefixLocked(input);
+  }
+
+  void Reset() {
+    absl::MutexLock lock(&lock_);
+    PruneLocked(root_);
+    root_ = new TreeNode();
+    node_count_ = 0;
+  }
+
+  uint32_t NodeCount() {
+    absl::ReaderMutexLock lock(&lock_);
+    return node_count_;
+  }
+
+#if SANTA_PREFIX_TREE_DEBUG
+  void Print() {
+    char buf[max_depth_ + 1];
+    memset(buf, 0, sizeof(buf));
+
+    absl::ReaderMutexLock lock(&lock_);
+    PrintLocked(root_, buf, 0);
+  }
+#endif
+
+ private:
+  ABSL_EXCLUSIVE_LOCKS_REQUIRED(lock_)
+  bool InsertLocked(const char *input, ValueT value, NodeType node_type) {
+    const char *p = input;
+    TreeNode *node = root_;
+
+    while (*p) {
+      uint8_t cur_byte = (uint8_t)*p;
+
+      TreeNode *child_node = node->children_[cur_byte];
+      if (!child_node) {
+        // Current node doesn't exist...
+        // Create the rest of the nodes in the tree for the given string
+
+        // Keep a pointer to where this new branch starts from. If the
+        // input length exceeds max_depth, the new branch will need to
+        // be pruned.
+        TreeNode *branch_start_node = node;
+        uint8_t branch_start_byte = (uint8_t)*p;
+
+        do {
+          TreeNode *new_node = new TreeNode();
+          node->children_[cur_byte] = new_node;
+          node = new_node;
+          node_count_++;
+
+          // Check current depth...
+          if (p - input >= max_depth_) {
+            // Attempted to add a string that exceeded max depth
+            // Prune tree from start of this new branch
+            PruneLocked(branch_start_node->children_[branch_start_byte]);
+            branch_start_node->children_[branch_start_byte] = nullptr;
+
+            return false;
+          }
+
+          cur_byte = (uint8_t) * ++p;
+        } while (*p);
+
+        node->node_type_ = node_type;
+        node->value_ = value;
+
+        return true;
+      } else if (*(p + 1) == '\0') {
+        // Current node exists and we're at the end of our input...
+        // Note: The current node's data will be overwritten
+
+        // Only increment node count if the previous node type wasn't already a
+        // prefix or literal type (in which case it was already counted)
+        if (child_node->node_type_ == NodeType::kInner) {
+          node_count_++;
+        }
+
+        child_node->node_type_ = node_type;
+        child_node->value_ = value;
+        return true;
+      }
+
+      node = child_node;
+      p++;
+    }
+
+    // Should only get here when input is an empty string
+    return false;
+  }
+
+  ABSL_SHARED_LOCKS_REQUIRED(lock_)
+  bool HasPrefixLocked(const char *input) {
+    TreeNode *node = root_;
+    const char *p = input;
+
+    while (*p) {
+      node = node->children_[(uint8_t)*p++];
+
+      if (!node) {
+        break;
+      }
+
+      if (node->node_type_ == NodeType::kPrefix ||
+          (*p == '\0' && node->node_type_ == NodeType::kLiteral)) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  ABSL_SHARED_LOCKS_REQUIRED(lock_)
+  std::optional<ValueT> LookupLongestMatchingPrefixLocked(const char *input) {
+    TreeNode *node = root_;
+    TreeNode *match = nullptr;
+    const char *p = input;
+
+    while (*p) {
+      node = node->children_[(uint8_t)*p++];
+
+      if (!node) {
+        break;
+      }
+
+      if (node->node_type_ == NodeType::kPrefix ||
+          (*p == '\0' && node->node_type_ == NodeType::kLiteral)) {
+        match = node;
+      }
+    }
+
+    return match ? std::make_optional<ValueT>(match->value_) : std::nullopt;
+  }
+
+  ABSL_EXCLUSIVE_LOCKS_REQUIRED(lock_)
+  void PruneLocked(TreeNode *target) {
+    if (!target) {
+      return;
+    }
+
+    // For deep trees, a recursive approach will generate too many stack frames.
+    // Since the depth of the tree is configurable, err on the side of caution
+    // and use a "stack" to walk the tree in a non-recursive manner.
+    TreeNode **stack = new TreeNode *[node_count_ + 1];
+    if (!stack) {
+      LOGE(@"Unable to prune tree!");
+      return;
+    }
+
+    uint32_t count = 0;
+
+    // Seed the "stack" with a starting node.
+    stack[count++] = target;
+
+    // Start at the target node and walk the tree to find and delete all the
+    // sub-nodes.
+    while (count) {
+      TreeNode *node = stack[--count];
+
+      for (int i = 0; i < 256; ++i) {
+        if (!node->children_[i]) {
+          continue;
+        }
+        stack[count++] = node->children_[i];
+      }
+
+      delete node;
+      --node_count_;
+    }
+
+    delete[] stack;
+  }
+
+#if SANTA_PREFIX_TREE_DEBUG
+  ABSL_SHARED_LOCKS_REQUIRED(lock_)
+  void PrintLocked(TreeNode *node, char *buf, uint32_t depth) {
+    for (size_t i = 0; i < 256; i++) {
+      TreeNode *cur_node = node->children_[i];
+      if (cur_node) {
+        buf[depth] = i;
+        if (cur_node->node_type_ != NodeType::kInner) {
+          printf("\t%s (type: %s)\n", buf,
+                 cur_node->node_type_ == NodeType::kPrefix ? "prefix" : "literal");
+        }
+        PrintLocked(cur_node, buf, depth + 1);
+        buf[depth] = '\0';
+      }
+    }
+  }
+#endif
+
+  enum class NodeType {
+    kInner = 0,
+    kPrefix,
+    kLiteral,
+  };
+
+  ///
+  ///  TreeNode is a wrapper class that represents one byte.
+  ///  1 node can represent a whole ASCII character.
+  ///  For example a pointer to the 'A' node will be stored at children[0x41].
+  ///  It takes 1-4 nodes to represent a UTF-8 encoded Unicode character.
+  ///
+  ///  The path for "/🤘" would look like this:
+  ///      children[0x2f] -> children[0xf0] -> children[0x9f] -> children[0xa4]
+  ///      -> children[0x98]
+  ///
+  ///  The path for "/dev" is:
+  ///      children[0x2f] -> children[0x64] -> children[0x65] -> children[0x76]
+  ///
+  ///  Lookups of children are O(1).
+  ///
+  ///  Having the nodes represented by a smaller width, such as a nibble (1/2
+  ///  byte), would drastically decrease the memory footprint but would double
+  ///  required dereferences.
+  ///
+  ///  TODO(bur): Potentially convert this into a full on radix tree.
+  ///
+  class TreeNode {
+   public:
+    TreeNode() : children_(), node_type_(NodeType::kInner) {}
+    ~TreeNode() = default;
+    TreeNode *children_[256];
+    PrefixTree::NodeType node_type_;
+    ValueT value_;
+  };
+
+  TreeNode *root_;
+  const uint32_t max_depth_;
+  uint32_t node_count_ ABSL_GUARDED_BY(lock_);
+  absl::Mutex lock_;
+};
+
+}  // namespace santa::common
+
+#endif

Source/common/PrefixTreeTest.mm

@@ -0,0 +1,224 @@
+/// Copyright 2022 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import <XCTest/XCTest.h>
+
+#define SANTA_PREFIX_TREE_DEBUG 1
+#include "Source/common/PrefixTree.h"
+
+using santa::common::PrefixTree;
+
+@interface PrefixTreeTest : XCTestCase
+@end
+
+@implementation PrefixTreeTest
+
+- (void)testBasic {
+  PrefixTree<int> tree;
+
+  XCTAssertFalse(tree.HasPrefix("/foo/bar/baz"));
+  XCTAssertFalse(tree.HasPrefix("/foo/bar.txt"));
+  XCTAssertFalse(tree.HasPrefix("/baz"));
+
+  XCTAssertTrue(tree.InsertPrefix("/foo", 12));
+  XCTAssertTrue(tree.InsertPrefix("/bar", 34));
+  XCTAssertTrue(tree.InsertLiteral("/foo/bar", 56));
+
+  // Re-inserting something that exists is allowed
+  XCTAssertTrue(tree.InsertLiteral("/foo", 78));
+  XCTAssertTrue(tree.InsertPrefix("/foo", 56));
+
+  XCTAssertTrue(tree.HasPrefix("/foo/bar/baz"));
+  XCTAssertTrue(tree.HasPrefix("/foo/bar.txt"));
+  XCTAssertFalse(tree.HasPrefix("/baz"));
+
+  // Empty strings are not supported
+  XCTAssertFalse(tree.InsertLiteral("", 0));
+  XCTAssertFalse(tree.InsertPrefix("", 0));
+}
+
+- (void)testHasPrefix {
+  PrefixTree<int> tree;
+
+  XCTAssertTrue(tree.InsertPrefix("/foo", 0));
+  XCTAssertTrue(tree.InsertLiteral("/bar", 0));
+  XCTAssertTrue(tree.InsertLiteral("/baz", 0));
+  XCTAssertTrue(tree.InsertLiteral("/qaz", 0));
+
+  // Check that a tree with a matching prefix is successful
+  XCTAssertTrue(tree.HasPrefix("/foo.txt"));
+
+  // This shouldn't succeed because `/bar` `/baz` and `qaz` are literals
+  XCTAssertFalse(tree.HasPrefix("/bar.txt"));
+  XCTAssertFalse(tree.HasPrefix("/baz.txt"));
+  XCTAssertFalse(tree.HasPrefix("/qaz.txt"));
+
+  // Now change `/bar` to a prefix type and retest HasPrefix
+  // `/bar.txt` should now succeed, but `/baz.txt` should still not pass
+  XCTAssertTrue(tree.InsertPrefix("/bar", 0));
+  XCTAssertTrue(tree.HasPrefix("/bar.txt"));
+  XCTAssertFalse(tree.HasPrefix("/baz.txt"));
+  XCTAssertFalse(tree.HasPrefix("/qaz.txt"));
+
+  // Insert a new prefix string to allow `/baz.txt` to have a valid prefix
+  XCTAssertTrue(tree.InsertPrefix("/b", 0));
+  XCTAssertTrue(tree.HasPrefix("/baz.txt"));
+  XCTAssertFalse(tree.HasPrefix("/qaz.txt"));
+
+  // An exact match on a literal allows HasPrefix to succeed
+  XCTAssertTrue(tree.InsertLiteral("/qaz.txt", 0));
+  XCTAssertTrue(tree.HasPrefix("/qaz.txt"));
+}
+
+- (void)testLookupLongestMatchingPrefix {
+  PrefixTree<int> tree;
+
+  XCTAssertTrue(tree.InsertPrefix("/foo", 12));
+  XCTAssertTrue(tree.InsertPrefix("/bar", 34));
+  XCTAssertTrue(tree.InsertPrefix("/foo/bar.txt", 56));
+
+  std::optional<int> value;
+
+  // Matching exact prefix
+  value = tree.LookupLongestMatchingPrefix("/foo");
+  XCTAssertEqual(value.value_or(0), 12);
+
+  // Ensure changing node type works as expected
+  // Literals must match exactly.
+  value = tree.LookupLongestMatchingPrefix("/foo/bar.txt.tmp");
+  XCTAssertEqual(value.value_or(0), 56);
+  XCTAssertTrue(tree.InsertLiteral("/foo/bar.txt", 90));
+  value = tree.LookupLongestMatchingPrefix("/foo/bar.txt.tmp");
+  XCTAssertEqual(value.value_or(0), 12);
+
+  // Inserting over an exiting node returns the new value
+  XCTAssertTrue(tree.InsertPrefix("/foo", 78));
+  value = tree.LookupLongestMatchingPrefix("/foo");
+  XCTAssertEqual(value.value_or(0), 78);
+
+  // No matching prefix
+  value = tree.LookupLongestMatchingPrefix("/asdf");
+  XCTAssertEqual(value.value_or(0), 0);
+}
+
+- (void)testNodeCounts {
+  const uint32_t maxDepth = 100;
+  PrefixTree<int> tree(100);
+
+  XCTAssertEqual(tree.NodeCount(), 0);
+
+  // Start with a small string
+  XCTAssertTrue(tree.InsertPrefix("asdf", 0));
+  XCTAssertEqual(tree.NodeCount(), 4);
+
+  // Add a couple more characters to the existing string
+  XCTAssertTrue(tree.InsertPrefix("asdfgh", 0));
+  XCTAssertEqual(tree.NodeCount(), 6);
+
+  // Inserting a string that exceeds max depth doesn't increase node count
+  XCTAssertFalse(tree.InsertPrefix(std::string(maxDepth + 10, 'A').c_str(), 0));
+  XCTAssertEqual(tree.NodeCount(), 6);
+
+  // Add a new string that is a prefix of an existing string
+  // This should increment the count by one since a new terminal node exists
+  XCTAssertTrue(tree.InsertPrefix("as", 0));
+  XCTAssertEqual(tree.NodeCount(), 7);
+
+  // Re-inserting onto an existing node shouldn't modify the count
+  tree.InsertLiteral("as", 0);
+  tree.InsertPrefix("as", 0);
+  XCTAssertEqual(tree.NodeCount(), 7);
+}
+
+- (void)testReset {
+  // Ensure resetting a tree removes all content
+  PrefixTree<int> tree;
+
+  tree.Reset();
+  XCTAssertEqual(tree.NodeCount(), 0);
+
+  XCTAssertTrue(tree.InsertPrefix("asdf", 0));
+  XCTAssertTrue(tree.InsertPrefix("qwerty", 0));
+
+  XCTAssertTrue(tree.HasPrefix("asdf"));
+  XCTAssertTrue(tree.HasPrefix("qwerty"));
+  XCTAssertEqual(tree.NodeCount(), 10);
+
+  tree.Reset();
+  XCTAssertFalse(tree.HasPrefix("asdf"));
+  XCTAssertFalse(tree.HasPrefix("qwerty"));
+  XCTAssertEqual(tree.NodeCount(), 0);
+}
+
+- (void)testComplexValues {
+  class Foo {
+   public:
+    Foo(int x) : x_(x) {}
+    int X() { return x_; }
+
+   private:
+    int x_;
+  };
+
+  PrefixTree<std::shared_ptr<Foo>> tree;
+
+  XCTAssertTrue(tree.InsertPrefix("foo", std::make_shared<Foo>(123)));
+  XCTAssertTrue(tree.InsertPrefix("bar", std::make_shared<Foo>(456)));
+
+  std::optional<std::shared_ptr<Foo>> value;
+  value = tree.LookupLongestMatchingPrefix("foo");
+  XCTAssertTrue(value.has_value() && value->get()->X() == 123);
+
+  value = tree.LookupLongestMatchingPrefix("bar");
+  XCTAssertTrue(value.has_value() && value->get()->X() == 456);
+
+  value = tree.LookupLongestMatchingPrefix("asdf");
+  XCTAssertFalse(value.has_value());
+}
+
+- (void)testThreading {
+  uint32_t count = 4096;
+  auto t = new PrefixTree<int>(count * (uint32_t)[NSUUID UUID].UUIDString.length);
+
+  __block NSMutableArray *UUIDs = [NSMutableArray arrayWithCapacity:count];
+  for (int i = 0; i < count; ++i) {
+    [UUIDs addObject:[NSUUID UUID].UUIDString];
+  }
+
+  __block _Atomic BOOL stop = NO;
+
+  // Create a bunch of background noise.
+  dispatch_async(dispatch_get_global_queue(0, 0), ^{
+    for (uint64_t i = 0; i < UINT64_MAX; ++i) {
+      dispatch_async(dispatch_get_global_queue(0, 0), ^{
+        t->HasPrefix([UUIDs[i % count] UTF8String]);
+      });
+      if (stop) return;
+    }
+  });
+
+  // Fill up the tree.
+  dispatch_apply(count, dispatch_get_global_queue(0, 0), ^(size_t i) {
+    XCTAssertEqual(t->InsertPrefix([UUIDs[i] UTF8String], 0), true);
+  });
+
+  // Make sure every leaf byte is found.
+  dispatch_apply(count, dispatch_get_global_queue(0, 0), ^(size_t i) {
+    XCTAssertTrue(t->HasPrefix([UUIDs[i] UTF8String]));
+  });
+
+  stop = YES;
+}
+
+@end

Source/common/SNTBlockMessage.h

@@ -0,0 +1,59 @@
+/// Copyright 2016 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#ifdef SANTAGUI
+#import <Cocoa/Cocoa.h>
+#else
+#import <Foundation/Foundation.h>
+#endif
+
+#import "Source/common/SNTFileAccessEvent.h"
+#import "Source/common/SNTStoredEvent.h"
+
+@class SNTStoredEvent;
+
+@interface SNTBlockMessage : NSObject
+
+///
+///  Return a message suitable for presenting to the user.
+///
+///  In SantaGUI this will return an NSAttributedString with links and formatting included
+///  while for santad all HTML will be properly stripped.
+///
++ (NSAttributedString *)formatMessage:(NSString *)message;
+
+///
+///  Uses either the configured message depending on the event type or a custom message
+///  if the rule that blocked this file included one, formatted using
+///  +[SNTBlockMessage formatMessage].
+///
++ (NSAttributedString *)attributedBlockMessageForEvent:(SNTStoredEvent *)event
+                                         customMessage:(NSString *)customMessage;
+
++ (NSAttributedString *)attributedBlockMessageForFileAccessEvent:(SNTFileAccessEvent *)event
+                                                   customMessage:(NSString *)customMessage;
+
+///
+///  Return a URL generated from the EventDetailURL configuration key
+///  after replacing templates in the URL with values from the event.
+///
++ (NSURL *)eventDetailURLForEvent:(SNTStoredEvent *)event customURL:(NSString *)url;
++ (NSURL *)eventDetailURLForFileAccessEvent:(SNTFileAccessEvent *)event customURL:(NSString *)url;
+
+///
+///  Strip HTML from a string, replacing <br /> with newline.
+///
++ (NSString *)stringFromHTML:(NSString *)html;
+
+@end

Source/common/SNTBlockMessage.m

@@ -0,0 +1,248 @@
+/// Copyright 2016 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import "Source/common/SNTBlockMessage.h"
+
+#import "Source/common/SNTConfigurator.h"
+#import "Source/common/SNTFileAccessEvent.h"
+#import "Source/common/SNTLogging.h"
+#import "Source/common/SNTStoredEvent.h"
+#import "Source/common/SNTSystemInfo.h"
+
+@implementation SNTBlockMessage
+
++ (NSAttributedString *)formatMessage:(NSString *)message {
+  NSString *htmlHeader =
+    @"<html><head><style>"
+    @"body {"
+    @"  font-family: 'Lucida Grande', 'Helvetica', sans-serif;"
+    @"  font-size: 13px;"
+    @"  color: %@;"
+    @"  text-align: center;"
+    @"}"
+
+    // Supported in beta WebKit. Not sure if it is dynamic when used with NSAttributedString.
+    @"@media (prefers-color-scheme: dark) {"
+    @"  body {"
+    @"    color: #ddd;"
+    @"  }"
+    @"}"
+    @"</style></head><body>";
+
+  // Support Dark Mode. Note, the returned NSAttributedString is static and does not update when
+  // the OS switches modes.
+  NSString *mode = [NSUserDefaults.standardUserDefaults stringForKey:@"AppleInterfaceStyle"];
+  BOOL dark = [mode isEqualToString:@"Dark"];
+  htmlHeader = [NSString stringWithFormat:htmlHeader, dark ? @"#ddd" : @"#333"];
+
+  NSString *htmlFooter = @"</body></html>";
+
+  NSString *fullHTML = [NSString stringWithFormat:@"%@%@%@", htmlHeader, message, htmlFooter];
+
+#ifdef SANTAGUI
+  NSData *htmlData = [fullHTML dataUsingEncoding:NSUTF8StringEncoding];
+  return [[NSAttributedString alloc] initWithHTML:htmlData documentAttributes:NULL];
+#else
+  NSString *strippedHTML = [self stringFromHTML:fullHTML];
+  if (!strippedHTML) {
+    return [[NSAttributedString alloc] initWithString:@"This binary has been blocked."];
+  }
+  return [[NSAttributedString alloc] initWithString:strippedHTML];
+#endif
+}
+
++ (NSAttributedString *)attributedBlockMessageForEvent:(SNTStoredEvent *)event
+                                         customMessage:(NSString *)customMessage {
+  NSString *message;
+  if (customMessage.length) {
+    message = customMessage;
+  } else if (event.decision == SNTEventStateBlockUnknown) {
+    message = [[SNTConfigurator configurator] unknownBlockMessage];
+    if (!message) {
+      message = @"The following application has been blocked from executing<br />"
+                @"because its trustworthiness cannot be determined.";
+    }
+  } else {
+    message = [[SNTConfigurator configurator] bannedBlockMessage];
+    if (!message) {
+      message = @"The following application has been blocked from executing<br />"
+                @"because it has been deemed malicious.";
+    }
+  }
+  return [SNTBlockMessage formatMessage:message];
+}
+
++ (NSAttributedString *)attributedBlockMessageForFileAccessEvent:(SNTFileAccessEvent *)event
+                                                   customMessage:(NSString *)customMessage {
+  NSString *message = customMessage;
+  if (!message.length) {
+    message = [[SNTConfigurator configurator] fileAccessBlockMessage];
+    if (!message.length) {
+      message = @"Access to a file has been denied.";
+    }
+  }
+  return [SNTBlockMessage formatMessage:message];
+}
+
++ (NSString *)stringFromHTML:(NSString *)html {
+  NSError *error;
+  NSXMLDocument *xml = [[NSXMLDocument alloc] initWithXMLString:html options:0 error:&error];
+
+  if (!xml && error.code == NSXMLParserEmptyDocumentError) {
+    html = [NSString stringWithFormat:@"<html><body>%@</body></html>", html];
+    xml = [[NSXMLDocument alloc] initWithXMLString:html options:0 error:&error];
+    if (!xml) return html;
+  }
+
+  // Strip any HTML tags out of the message. Also remove any content inside <style> tags and
+  // replace <br> elements with a newline.
+  NSString *stripXslt =
+    @"<?xml version='1.0' encoding='utf-8'?>"
+    @"<xsl:stylesheet version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform'"
+    @"                              xmlns:xhtml='http://www.w3.org/1999/xhtml'>"
+    @"<xsl:output method='text'/>"
+    @"<xsl:template match='br'><xsl:text>\n</xsl:text></xsl:template>"
+    @"<xsl:template match='style'/>"
+    @"</xsl:stylesheet>";
+  NSData *data = [xml objectByApplyingXSLTString:stripXslt arguments:NULL error:&error];
+  if (error || ![data isKindOfClass:[NSData class]]) {
+    return html;
+  }
+  return [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
+}
+
++ (NSString *)replaceFormatString:(NSString *)str
+                         withDict:(NSDictionary<NSString *, NSString * (^)()> *)replacements {
+  __block NSString *formatStr = str;
+
+  [replacements
+    enumerateKeysAndObjectsUsingBlock:^(NSString *key, NSString * (^computeValue)(), BOOL *stop) {
+      NSString *value = computeValue();
+      if (value) {
+        formatStr = [formatStr stringByReplacingOccurrencesOfString:key withString:value];
+      }
+    }];
+
+  return formatStr;
+}
+
+// Returns either the generated URL for the passed in event, or an NSURL from the passed in custom
+// URL string. If the custom URL string is the string "null", nil will be returned. If no custom
+// URL is passed and there is no configured EventDetailURL template, nil will be returned.
+// The following "format strings" will be replaced in the URL, if they are present:
+//
+//   %file_identifier%           - The SHA-256 of the binary being executed.
+//   %bundle_or_file_identifier% - The hash of the bundle containing this file or the file itself,
+//                                 if no bundle hash is present.
+//   %username%                  - The executing user's name.
+//   %machine_id%                - The configured machine ID for this host.
+//   %hostname%                  - The machine's FQDN.
+//   %uuid%                      - The machine's UUID.
+//   %serial%                    - The machine's serial number.
+//
++ (NSURL *)eventDetailURLForEvent:(SNTStoredEvent *)event customURL:(NSString *)url {
+  SNTConfigurator *config = [SNTConfigurator configurator];
+
+  NSString *formatStr = url;
+  if (!formatStr.length) {
+    formatStr = config.eventDetailURL;
+    if (!formatStr.length) {
+      return nil;
+    }
+  }
+
+  if ([formatStr isEqualToString:@"null"]) {
+    return nil;
+  }
+
+  // Disabling clang-format. See comment in `eventDetailURLForFileAccessEvent:customURL:`
+  // clang-format off
+  NSDictionary<NSString *, NSString * (^)()> *kvReplacements =
+    [NSDictionary dictionaryWithObjectsAndKeys:
+      // This key is deprecated, use %file_identifier% or %bundle_or_file_identifier%
+      ^{ return event.fileSHA256 ? event.fileBundleHash ?: event.fileSHA256 : nil; },
+                                                 @"%file_sha%",
+      ^{ return event.fileSHA256; },             @"%file_identifier%",
+      ^{ return event.fileSHA256 ? event.fileBundleHash ?: event.fileSHA256 : nil; },
+                                                 @"%bundle_or_file_identifier%",
+      ^{ return event.executingUser; },          @"%username%",
+      ^{ return config.machineID; },             @"%machine_id%",
+      ^{ return [SNTSystemInfo longHostname]; }, @"%hostname%",
+      ^{ return [SNTSystemInfo hardwareUUID]; }, @"%uuid%",
+      ^{ return [SNTSystemInfo serialNumber]; }, @"%serial%",
+      nil];
+  // clang-format on
+
+  formatStr = [SNTBlockMessage replaceFormatString:formatStr withDict:kvReplacements];
+
+  NSURL *u = [NSURL URLWithString:formatStr];
+  if (!u) {
+    LOGW(@"Unable to generate event detail URL for string '%@'", formatStr);
+  }
+
+  return u;
+}
+
+// Returns either the generated URL for the passed in event, or an NSURL from the passed in custom
+// URL string. If the custom URL string is the string "null", nil will be returned. If no custom
+// URL is passed and there is no configured EventDetailURL template, nil will be returned.
+// The following "format strings" will be replaced in the URL, if they are present:
+//
+//   %rule_version%    - The version of the rule that was violated.
+//   %rule_name%       - The name of the rule that was violated.
+//   %file_identifier% - The SHA-256 of the binary being executed.
+//   %accessed_path%   - The path accessed by the binary.
+//   %username%        - The executing user's name.
+//   %machine_id%      - The configured machine ID for this host.
+//   %hostname%        - The machine's FQDN.
+//   %uuid%            - The machine's UUID.
+//   %serial%          - The machine's serial number.
+//
++ (NSURL *)eventDetailURLForFileAccessEvent:(SNTFileAccessEvent *)event customURL:(NSString *)url {
+  if (!url.length || [url isEqualToString:@"null"]) {
+    return nil;
+  }
+
+  SNTConfigurator *config = [SNTConfigurator configurator];
+
+  // Clang format goes wild here. If you use the container literal syntax `@{}` with a block value
+  // type, it seems to break the clang format on/off functionality and breaks formatting for the
+  // remainder of the file.
+  // Using `dictionaryWithObjectsAndKeys` and disabling clang format as a workaround.
+  // clang-format off
+  NSDictionary<NSString *, NSString * (^)()> *kvReplacements =
+    [NSDictionary dictionaryWithObjectsAndKeys:
+      ^{ return event.ruleVersion; },            @"%rule_version%",
+      ^{ return event.ruleName; },               @"%rule_name%",
+      ^{ return event.fileSHA256; },             @"%file_identifier%",
+      ^{ return event.accessedPath; },           @"%accessed_path%",
+      ^{ return event.executingUser; },          @"%username%",
+      ^{ return config.machineID; },             @"%machine_id%",
+      ^{ return [SNTSystemInfo longHostname]; }, @"%hostname%",
+      ^{ return [SNTSystemInfo hardwareUUID]; }, @"%uuid%",
+      ^{ return [SNTSystemInfo serialNumber]; }, @"%serial%",
+      nil];
+  // clang-format on
+
+  NSString *formatStr = [SNTBlockMessage replaceFormatString:url withDict:kvReplacements];
+
+  NSURL *u = [NSURL URLWithString:formatStr];
+  if (!u) {
+    LOGW(@"Unable to generate event detail URL for string '%@'", formatStr);
+  }
+
+  return u;
+}
+
+@end

Source/common/SNTBlockMessageTest.m

@@ -0,0 +1,95 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import <OCMock/OCMock.h>
+#import <XCTest/XCTest.h>
+
+#import "Source/common/SNTBlockMessage.h"
+#import "Source/common/SNTConfigurator.h"
+#include "Source/common/SNTFileAccessEvent.h"
+#include "Source/common/SNTStoredEvent.h"
+#import "Source/common/SNTSystemInfo.h"
+
+@interface SNTBlockMessageTest : XCTestCase
+@property id mockConfigurator;
+@property id mockSystemInfo;
+@end
+
+@implementation SNTBlockMessageTest
+
+- (void)setUp {
+  self.mockConfigurator = OCMClassMock([SNTConfigurator class]);
+  OCMStub([self.mockConfigurator configurator]).andReturn(self.mockConfigurator);
+  OCMStub([self.mockConfigurator machineID]).andReturn(@"my_mid");
+
+  self.mockSystemInfo = OCMClassMock([SNTSystemInfo class]);
+  OCMStub([self.mockSystemInfo longHostname]).andReturn(@"my_hn");
+  OCMStub([self.mockSystemInfo hardwareUUID]).andReturn(@"my_u");
+  OCMStub([self.mockSystemInfo serialNumber]).andReturn(@"my_s");
+}
+
+- (void)testEventDetailURLForEvent {
+  SNTStoredEvent *se = [[SNTStoredEvent alloc] init];
+
+  se.fileSHA256 = @"my_fi";
+  se.executingUser = @"my_un";
+
+  NSString *url = @"http://"
+                  @"localhost?fs=%file_sha%&fi=%file_identifier%&bfi=%bundle_or_file_identifier%&"
+                  @"un=%username%&mid=%machine_id%&hn=%hostname%&u=%uuid%&s=%serial%";
+  NSString *wantUrl =
+    @"http://"
+    @"localhost?fs=my_fi&fi=my_fi&bfi=my_fi&bfi=my_fi&un=my_un&mid=my_mid&hn=my_hn&u=my_u&s=my_s";
+
+  NSURL *gotUrl = [SNTBlockMessage eventDetailURLForEvent:se customURL:url];
+
+  // Set fileBundleHash and test again for newly expected values
+  se.fileBundleHash = @"my_fbh";
+
+  wantUrl = @"http://"
+            @"localhost?fs=my_fbh&fi=my_fi&bfi=my_fbh&un=my_un&mid=my_mid&hn=my_hn&u=my_u&s=my_s";
+
+  gotUrl = [SNTBlockMessage eventDetailURLForEvent:se customURL:url];
+
+  XCTAssertEqualObjects(gotUrl.absoluteString, wantUrl);
+
+  XCTAssertNil([SNTBlockMessage eventDetailURLForEvent:se customURL:nil]);
+  XCTAssertNil([SNTBlockMessage eventDetailURLForEvent:se customURL:@"null"]);
+}
+
+- (void)testEventDetailURLForFileAccessEvent {
+  SNTFileAccessEvent *fae = [[SNTFileAccessEvent alloc] init];
+
+  fae.ruleVersion = @"my_rv";
+  fae.ruleName = @"my_rn";
+  fae.fileSHA256 = @"my_fi";
+  fae.accessedPath = @"my_ap";
+  fae.executingUser = @"my_un";
+
+  NSString *url = @"http://"
+                  @"localhost?rv=%rule_version%&rn=%rule_name%&fi=%file_identifier%&ap=%accessed_"
+                  @"path%&un=%username%&mid=%machine_id%&hn=%hostname%&u=%uuid%&s=%serial%";
+  NSString *wantUrl =
+    @"http://"
+    @"localhost?rv=my_rv&rn=my_rn&fi=my_fi&ap=my_ap&un=my_un&mid=my_mid&hn=my_hn&u=my_u&s=my_s";
+
+  NSURL *gotUrl = [SNTBlockMessage eventDetailURLForFileAccessEvent:fae customURL:url];
+
+  XCTAssertEqualObjects(gotUrl.absoluteString, wantUrl);
+
+  XCTAssertNil([SNTBlockMessage eventDetailURLForFileAccessEvent:fae customURL:nil]);
+  XCTAssertNil([SNTBlockMessage eventDetailURLForFileAccessEvent:fae customURL:@"null"]);
+}
+
+@end

Source/common/SNTCachedDecision.h

@@ -0,0 +1,53 @@
+/// Copyright 2015-2022 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import <EndpointSecurity/EndpointSecurity.h>
+#import <Foundation/Foundation.h>
+
+#import "Source/common/SNTCommonEnums.h"
+#import "Source/common/SantaVnode.h"
+
+@class MOLCertificate;
+
+///
+///  Store information about executions from decision making for later logging.
+///
+@interface SNTCachedDecision : NSObject
+
+- (instancetype)init;
+- (instancetype)initWithEndpointSecurityFile:(const es_file_t *)esFile;
+- (instancetype)initWithVnode:(SantaVnode)vnode NS_DESIGNATED_INITIALIZER;
+
+@property SantaVnode vnodeId;
+@property SNTEventState decision;
+@property SNTClientMode decisionClientMode;
+@property NSString *decisionExtra;
+@property NSString *sha256;
+
+@property NSString *certSHA256;
+@property NSString *certCommonName;
+@property NSArray<MOLCertificate *> *certChain;
+@property NSString *teamID;
+@property NSString *signingID;
+@property NSString *cdhash;
+@property NSDictionary *entitlements;
+@property BOOL entitlementsFiltered;
+
+@property NSString *quarantineURL;
+
+@property NSString *customMsg;
+@property NSString *customURL;
+@property BOOL silentBlock;
+
+@end

Source/common/SNTCachedDecision.mm

@@ -1,4 +1,5 @@
-/// Copyright 2015 Google Inc. All rights reserved.
+
+/// Copyright 2015-2022 Google Inc. All rights reserved.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -12,26 +13,24 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#import "SNTAboutWindowController.h"
+#import "Source/common/SNTCachedDecision.h"
 
-#import "SNTConfigurator.h"
-
-@implementation SNTAboutWindowController
+@implementation SNTCachedDecision
 
 - (instancetype)init {
-  return [super initWithWindowNibName:@"AboutWindow"];
+  return [self initWithVnode:(SantaVnode){}];
 }
 
-- (void)loadWindow {
-  [super loadWindow];
-  if (![[SNTConfigurator configurator] moreInfoURL]) {
-    [self.moreInfoButton removeFromSuperview];
+- (instancetype)initWithEndpointSecurityFile:(const es_file_t *)esFile {
+  return [self initWithVnode:SantaVnode::VnodeForFile(esFile)];
+}
+
+- (instancetype)initWithVnode:(SantaVnode)vnode {
+  self = [super init];
+  if (self) {
+    _vnodeId = vnode;
   }
-}
-
-- (IBAction)openMoreInfoURL:(id)sender {
-  [[NSWorkspace sharedWorkspace] openURL:[[SNTConfigurator configurator] moreInfoURL]];
-  [self close];
+  return self;
 }
 
 @end

Source/common/SNTCachedDecisionTest.mm

@@ -0,0 +1,36 @@
+/// Copyright 2022 Google Inc. All rights reserved.
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///    http://www.apache.org/licenses/LICENSE-2.0
+///
+///    Unless required by applicable law or agreed to in writing, software
+///    distributed under the License is distributed on an "AS IS" BASIS,
+///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+///    See the License for the specific language governing permissions and
+///    limitations under the License.
+
+#import <XCTest/XCTest.h>
+
+#import "Source/common/SNTCachedDecision.h"
+#include "Source/common/TestUtils.h"
+
+@interface SNTCachedDecisionTest : XCTestCase
+@end
+
+@implementation SNTCachedDecisionTest
+
+- (void)testSNTCachedDecisionInit {
+  // Ensure the vnodeId field is properly set from the es_file_t
+  struct stat sb = MakeStat();
+  es_file_t file = MakeESFile("foo", sb);
+
+  SNTCachedDecision *cd = [[SNTCachedDecision alloc] initWithEndpointSecurityFile:&file];
+
+  XCTAssertEqual(sb.st_ino, cd.vnodeId.fileid);
+  XCTAssertEqual(sb.st_dev, cd.vnodeId.fsid);
+}
+
+@end

Source/common/SNTCertificate.h

@@ -1,111 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-///
-///  SNTCertificate wraps a @c SecCertificateRef to provide Objective-C accessors to
-///  commonly used certificate data. Accessors cache data for repeated access.
-///
-@interface SNTCertificate : NSObject<NSSecureCoding>
-
-///
-///  Initialize a SNTCertificate object with a valid SecCertificateRef. Designated initializer.
-///
-///  @param certRef valid SecCertificateRef, which will be retained.
-///
-- (instancetype)initWithSecCertificateRef:(SecCertificateRef)certRef;
-
-///
-///  Initialize a SNTCertificate object with certificate data in DER format.
-///
-///  @param certData DER-encoded certificate data.
-///  @return initialized SNTCertificate or nil if certData is not a DER-encoded certificate.
-///
-- (instancetype)initWithCertificateDataDER:(NSData *)certData;
-
-///
-///  Initialize a SNTCertificate object with certificate data in PEM format.
-///  If multiple PEM certificates exist within the string, the first is used.
-///
-///  @param certData PEM-encoded certificate data.
-///  @return initialized SNTCertifcate or nil if certData is not a PEM-encoded certificate.
-///
-- (instancetype)initWithCertificateDataPEM:(NSString *)certData;
-
-///
-///  Returns an array of SNTCertificate's for all of the certificates in @c pemData.
-///
-///  @param pemData PEM-encoded certificates.
-///  @return array of SNTCertificate objects.
-///
-+ (NSArray *)certificatesFromPEM:(NSString *)pemData;
-
-///
-///  Access the underlying certificate ref.
-///
-@property(readonly, nonatomic) SecCertificateRef certRef;
-
-///
-///  SHA-1 hash of the certificate data.
-///
-@property(readonly, nonatomic) NSString *SHA1;
-
-///
-///  SHA-256 hash of the certificate data.
-///
-@property(readonly, nonatomic) NSString *SHA256;
-
-///
-///  Certificate data.
-///
-@property(readonly, nonatomic) NSData *certData;
-
-///
-///  Common Name e.g: "Software Signing"
-///
-@property(readonly, nonatomic) NSString *commonName;
-
-///
-///  Country Name e.g: "US"
-///
-@property(readonly, nonatomic) NSString *countryName;
-
-///
-///  Organizational Name e.g: "Apple Inc."
-///
-@property(readonly, nonatomic) NSString *orgName;
-
-///
-///  Organizational Unit Name e.g: "Apple Software"
-///
-@property(readonly, nonatomic) NSString *orgUnit;
-
-///
-///  Issuer details, same fields as above.
-///
-@property(readonly, nonatomic) NSString *issuerCommonName;
-@property(readonly, nonatomic) NSString *issuerCountryName;
-@property(readonly, nonatomic) NSString *issuerOrgName;
-@property(readonly, nonatomic) NSString *issuerOrgUnit;
-
-///
-///  Validity Not Before
-///
-@property(readonly, nonatomic) NSDate *validFrom;
-
-///
-///  Validity Not After
-///
-@property(readonly, nonatomic) NSDate *validUntil;
-
-@end

Source/common/SNTCertificate.m

@@ -1,361 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTCertificate.h"
-
-#import <CommonCrypto/CommonDigest.h>
-#import <Security/Security.h>
-
-@interface SNTCertificate ()
-///  A container for cached property values
-@property NSMutableDictionary *memoizedData;
-@end
-
-@implementation SNTCertificate
-
-static NSString *const kCertDataKey = @"certData";
-
-#pragma mark Init/Dealloc
-
-- (instancetype)initWithSecCertificateRef:(SecCertificateRef)certRef {
-  self = [super init];
-  if (self) {
-    _certRef = certRef;
-    CFRetain(_certRef);
-  }
-  return self;
-}
-
-- (instancetype)initWithCertificateDataDER:(NSData *)certData {
-  SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
-
-  if (cert) {
-    // Despite the header file claiming that SecCertificateCreateWithData will return NULL if
-    // @c certData doesn't contain a valid DER-encoded X509 cert, this isn't always true.
-    // radar://problem/16124651
-    // To workaround, check that the certificate serial number can be retrieved. According to
-    // RFC5280, the serial number field is required.
-    NSData *ser = CFBridgingRelease(SecCertificateCopySerialNumber(cert, NULL));
-    if (ser) {
-      self = [self initWithSecCertificateRef:cert];
-    } else {
-      self = nil;
-    }
-    CFRelease(cert);  // was retained in initWithSecCertificateRef
-  } else {
-    self = nil;
-  }
-
-  return self;
-}
-
-- (instancetype)initWithCertificateDataPEM:(NSString *)certData {
-  // Find the PEM and extract the base64-encoded DER data from within
-  NSScanner *scanner = [NSScanner scannerWithString:certData];
-  NSString *base64der;
-
-  // Locate and parse DER data into |base64der|
-  [scanner scanUpToString:@"-----BEGIN CERTIFICATE-----" intoString:NULL];
-  if (!([scanner scanString:@"-----BEGIN CERTIFICATE-----" intoString:NULL] &&
-        [scanner scanUpToString:@"-----END CERTIFICATE-----" intoString:&base64der] &&
-        [scanner scanString:@"-----END CERTIFICATE-----" intoString:NULL])) {
-    return nil;
-  }
-
-  // base64-decode the DER
-  SecTransformRef transform = SecDecodeTransformCreate(kSecBase64Encoding, NULL);
-  if (!transform) return nil;
-  NSData *input = [base64der dataUsingEncoding:NSUTF8StringEncoding];
-  NSData *output = nil;
-
-  if (SecTransformSetAttribute(transform,
-                               kSecTransformInputAttributeName,
-                               (__bridge CFDataRef)input,
-                               NULL)) {
-    output = CFBridgingRelease(SecTransformExecute(transform, NULL));
-  }
-  if (transform) CFRelease(transform);
-
-  return [self initWithCertificateDataDER:output];
-}
-
-+ (NSArray *)certificatesFromPEM:(NSString *)pemData {
-  NSScanner *scanner = [NSScanner scannerWithString:pemData];
-  NSMutableArray *certs = [[NSMutableArray alloc] init];
-
-  while (YES) {
-    NSString *curCert;
-
-    [scanner scanUpToString:@"-----BEGIN CERTIFICATE-----" intoString:NULL];
-    [scanner scanUpToString:@"-----END CERTIFICATE-----" intoString:&curCert];
-
-    // If there was no data, break.
-    if (!curCert) break;
-
-    curCert = [curCert stringByAppendingString:@"-----END CERTIFICATE-----"];
-    SNTCertificate *cert = [[SNTCertificate alloc] initWithCertificateDataPEM:curCert];
-
-    // If the data couldn't be turned into a valid SNTCertificate, continue.
-    if (!cert) continue;
-
-    [certs addObject:cert];
-  }
-
-  return certs;
-}
-
-- (instancetype)init {
-  [self doesNotRecognizeSelector:_cmd];
-  return nil;
-}
-
-- (void)dealloc {
-  if (_certRef) CFRelease(_certRef);
-}
-
-#pragma mark Equality & description
-
-- (BOOL)isEqual:(id)other {
-  if (self == other) return YES;
-  if (![other isKindOfClass:[SNTCertificate class]]) return NO;
-
-  SNTCertificate *o = other;
-  return [self.certData isEqual:o.certData];
-}
-
-- (NSUInteger)hash {
-  return [self.certData hash];
-}
-
-- (NSString *)description {
-  return
-      [NSString stringWithFormat:@"/O=%@/OU=%@/CN=%@", self.orgName, self.orgUnit, self.commonName];
-}
-
-#pragma mark NSSecureCoding
-
-+ (BOOL)supportsSecureCoding {
-  return YES;
-}
-
-- (void)encodeWithCoder:(NSCoder *)coder {
-  [coder encodeObject:self.certData forKey:kCertDataKey];
-}
-
-- (instancetype)initWithCoder:(NSCoder *)decoder {
-  NSData *certData = [decoder decodeObjectOfClass:[NSData class] forKey:kCertDataKey];
-  if ([certData length] == 0) return nil;
-  SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
-  self = [self initWithSecCertificateRef:cert];
-  if (cert) CFRelease(cert);
-  return self;
-}
-
-#pragma mark Private Accessors
-
-///
-/// For a given selector, caches the value that selector would return on subsequent invocations,
-/// using the provided block to get the value on the first invocation.
-/// Assumes the selector's value will never change.
-///
-- (id)memoizedSelector:(SEL)selector forBlock:(id (^)(void))block {
-  NSString *selName = NSStringFromSelector(selector);
-
-  if (!self.memoizedData) {
-    self.memoizedData = [NSMutableDictionary dictionary];
-  }
-
-  if (!self.memoizedData[selName]) {
-    id val = block();
-    if (val) {
-      self.memoizedData[selName] = val;
-    } else {
-      self.memoizedData[selName] = [NSNull null];
-    }
-  }
-
-  // Return the value if there is one, or nil if the value is NSNull
-  return self.memoizedData[selName] != [NSNull null] ? self.memoizedData[selName] : nil;
-}
-
-- (NSDictionary *)allCertificateValues {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return CFBridgingRelease(SecCertificateCopyValues(self.certRef, NULL, NULL));
-  }];
-}
-
-- (NSDictionary *)x509SubjectName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self allCertificateValues][(__bridge NSString *)kSecOIDX509V1SubjectName];
-  }];
-}
-
-- (NSDictionary *)x509IssuerName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self allCertificateValues][(__bridge NSString *)kSecOIDX509V1IssuerName];
-  }];
-}
-
-///
-///  Retrieve the value with the specified label from the X509 dictionary provided
-///
-///  @param desiredLabel The label you want, e.g: kSecOIDOrganizationName.
-///  @param dict The dictionary to look in (Subject or Issuer)
-///  @return An @c NSString, the value for the specified label.
-///
-- (NSString *)x509ValueForLabel:(NSString *)desiredLabel fromDictionary:(NSDictionary *)dict {
-  @try {
-    NSArray *valArray = dict[(__bridge NSString *)kSecPropertyKeyValue];
-
-    for (NSDictionary *curCertVal in valArray) {
-      NSString *valueLabel = curCertVal[(__bridge NSString *)kSecPropertyKeyLabel];
-      if ([valueLabel isEqual:desiredLabel]) {
-        return curCertVal[(__bridge NSString *)kSecPropertyKeyValue];
-      }
-    }
-    return nil;
-  }
-  @catch (NSException *e) {
-    return nil;
-  }
-}
-
-///
-/// Retrieve the specified date from the certificate's values and convert from a reference date
-/// to an NSDate object.
-///
-/// @param key The identifier for the date: @c kSecOIDX509V1ValiditityNot{Before,After}
-/// @return An @c NSDate representing the date and time the certificate is valid from or expires.
-///
-- (NSDate *)dateForX509Key:(NSString *)key {
-  NSDictionary *curCertVal = [self allCertificateValues][key];
-  NSNumber *value = curCertVal[(__bridge NSString *)kSecPropertyKeyValue];
-
-  NSTimeInterval interval = [value doubleValue];
-  if (interval) {
-    return [NSDate dateWithTimeIntervalSinceReferenceDate:interval];
-  }
-
-  return nil;
-}
-
-#pragma mark Public Accessors
-
-- (NSString *)SHA1 {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      NSMutableData *SHA1Buffer = [[NSMutableData alloc] initWithCapacity:CC_SHA1_DIGEST_LENGTH];
-
-      CC_SHA1([self.certData bytes], (CC_LONG)[self.certData length], [SHA1Buffer mutableBytes]);
-
-    const unsigned char *bytes = (const unsigned char *)[SHA1Buffer bytes];
-    NSMutableString *hexDigest = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 2];
-    for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; i++) {
-      [hexDigest appendFormat:@"%02x", bytes[i]];
-    }
-
-    return hexDigest;
-  }];
-}
-
-- (NSString *)SHA256 {
-  return [self memoizedSelector:_cmd forBlock:^id{
-    NSMutableData *SHA256Buffer = [[NSMutableData alloc] initWithCapacity:CC_SHA256_DIGEST_LENGTH];
-
-    CC_SHA256([self.certData bytes], (CC_LONG)[self.certData length], [SHA256Buffer mutableBytes]);
-
-    const unsigned char *bytes = (const unsigned char *)[SHA256Buffer bytes];
-    NSMutableString *hexDigest = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH * 2];
-    for (int i = 0; i < CC_SHA256_DIGEST_LENGTH; i++) {
-      [hexDigest appendFormat:@"%02x", bytes[i]];
-    }
-
-    return hexDigest;
-  }];
-}
-
-- (NSData *)certData {
-  return CFBridgingRelease(SecCertificateCopyData(self.certRef));
-}
-
-- (NSString *)commonName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      CFStringRef commonName = NULL;
-      SecCertificateCopyCommonName(self.certRef, &commonName);
-      return CFBridgingRelease(commonName);
-  }];
-}
-
-- (NSString *)countryName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDCountryName
-                      fromDictionary:[self x509SubjectName]];
-  }];
-}
-
-- (NSString *)orgName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDOrganizationName
-                      fromDictionary:[self x509SubjectName]];
-  }];
-}
-
-- (NSString *)orgUnit {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDOrganizationalUnitName
-                      fromDictionary:[self x509SubjectName]];
-  }];
-}
-
-- (NSDate *)validFrom {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self dateForX509Key:(__bridge NSString *)kSecOIDX509V1ValidityNotBefore];
-  }];
-}
-
-- (NSDate *)validUntil {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self dateForX509Key:(__bridge NSString *)kSecOIDX509V1ValidityNotAfter];
-  }];
-}
-
-- (NSString *)issuerCommonName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDCommonName
-                      fromDictionary:[self x509IssuerName]];
-  }];
-}
-
-- (NSString *)issuerCountryName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDCountryName
-                      fromDictionary:[self x509IssuerName]];
-  }];
-}
-
-- (NSString *)issuerOrgName {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDOrganizationName
-                      fromDictionary:[self x509IssuerName]];
-  }];
-}
-
-- (NSString *)issuerOrgUnit {
-  return [self memoizedSelector:_cmd forBlock:^id{
-      return [self x509ValueForLabel:(__bridge NSString *)kSecOIDOrganizationalUnitName
-                      fromDictionary:[self x509IssuerName]];
-  }];
-}
-
-
-@end

Source/common/SNTCodesignChecker.h

@@ -1,90 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-@class SNTCertificate;
-
-///
-///  SNTCodesignChecker validates a binary (either on-disk or in memory) has been signed
-///  and if so allows for pulling out the certificates that were used to sign it.
-///
-@interface SNTCodesignChecker : NSObject
-
-///
-///  The SecStaticCodeRef that this SNTCodesignChecker is working around
-///
-@property(readonly) SecStaticCodeRef codeRef;
-
-///
-///  Returns a dictionary of raw signing information
-///
-@property(readonly) NSDictionary *signingInformation;
-
-///
-///  Returns an array of @c SNTCertificate objects representing the chain that signed this binary.
-///
-@property(readonly) NSArray *certificates;
-
-///
-///  Returns the leaf certificate that this binary was signed with
-///
-@property(readonly, nonatomic) SNTCertificate *leafCertificate;
-
-///
-///  Returns the on-disk path of this binary.
-///
-@property(readonly, nonatomic) NSString *binaryPath;
-
-///
-///  Designated initializer
-///  Takes ownership of the codeRef reference.
-///
-///  @param codeRef a SecStaticCodeRef or SecCodeRef representing a binary.
-///  @return an initialized SNTCodesignChecker if the binary is validly signed, nil otherwise.
-///
-- (instancetype)initWithSecStaticCodeRef:(SecStaticCodeRef)codeRef;
-
-///
-///  Convenience initializer for a binary on disk.
-///
-///  @param binaryPath A binary file on disk
-///  @return an initialized SNTCodesignChecker if file is a binary and is signed, nil otherwise.
-///
-- (instancetype)initWithBinaryPath:(NSString *)binaryPath;
-
-///
-///  Convenience initializer for a binary that is running, by its process ID.
-///
-///  @param PID Id of a running process.
-///  @return an initialized SNTCodesignChecker if binary is signed, nil otherwise.
-///
-- (instancetype)initWithPID:(pid_t)PID;
-
-///
-///  Convenience initializer for the currently running process.
-///
-///  @return an initialized SNTCodesignChecker if current binary is signed, nil otherwise.
-///
-- (instancetype)initWithSelf;
-
-///
-///  Compares the signatures of the binaries represented by this SNTCodesignChecker and
-///  @c otherChecker.
-///
-///  If both binaries are correctly signed and the leaf signatures are identical.
-///
-///  @return YES if both binaries are signed with the same leaf certificate.
-///
-- (BOOL)signingInformationMatches:(SNTCodesignChecker *)otherChecker;
-
-@end

Source/common/SNTCodesignChecker.m

@@ -1,193 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTCodesignChecker.h"
-
-#import <Security/Security.h>
-
-#import "SNTCertificate.h"
-
-/**
- *  kStaticSigningFlags are the flags used when validating signatures on disk.
- *
- *  Don't validate resources but do validate nested code. Ignoring resources _dramatically_ speeds
- *  up validation (see below) but does mean images, plists, etc will not be checked and modifying
- *  these will not be considered invalid. To ensure any code inside the binary is still checked,
- *  we check nested code.
- *
- *  Timings with different flags:
- *    Checking Xcode 5.1.1 bundle:
- *       kSecCSDefaultFlags:                                   3.895s
- *       kSecCSDoNotValidateResources:                         0.013s
- *       kSecCSDoNotValidateResources | kSecCSCheckNestedCode: 0.013s
- *
- *    Checking Google Chrome 36.0.1985.143 bundle:
- *       kSecCSDefaultFlags:                                   0.529s
- *       kSecCSDoNotValidateResources:                         0.032s
- *       kSecCSDoNotValidateResources | kSecCSCheckNestedCode: 0.033s
- */
-static const SecCSFlags kStaticSigningFlags = kSecCSDoNotValidateResources | kSecCSCheckNestedCode;
-
-/**
- *  kSigningFlags are the flags used when validating signatures for running binaries.
- *
- *  No special flags needed currently.
- */
-static const SecCSFlags kSigningFlags = kSecCSDefaultFlags;
-
-@interface SNTCodesignChecker ()
-/// Array of @c SNTCertificate's representing the chain of certs this executable was signed with.
-@property NSMutableArray *certificates;
-@end
-
-@implementation SNTCodesignChecker
-
-#pragma mark Init/dealloc
-
-- (instancetype)initWithSecStaticCodeRef:(SecStaticCodeRef)codeRef {
-  self = [super init];
-
-  if (self) {
-    // First check the signing is valid
-    if (CFGetTypeID(codeRef) == SecStaticCodeGetTypeID()) {
-      if (SecStaticCodeCheckValidity(codeRef, kStaticSigningFlags, NULL) != errSecSuccess) {
-        return nil;
-      }
-    } else if (CFGetTypeID(codeRef) == SecCodeGetTypeID()) {
-      if (SecCodeCheckValidity((SecCodeRef)codeRef, kSigningFlags, NULL) != errSecSuccess) {
-        return nil;
-      }
-    } else {
-      return nil;
-    }
-
-    // Get CFDictionary of signing information for binary
-    OSStatus status = errSecSuccess;
-    CFDictionaryRef signingDict = NULL;
-    status = SecCodeCopySigningInformation(codeRef, kSecCSSigningInformation, &signingDict);
-    _signingInformation = CFBridgingRelease(signingDict);
-    if (status != errSecSuccess) return nil;
-
-    // Get array of certificates.
-    NSArray *certs = _signingInformation[(id)kSecCodeInfoCertificates];
-    if (!certs) return nil;
-
-    // Wrap SecCertificateRef objects in SNTCertificate and put in a new NSArray
-    NSMutableArray *mutableCerts = [[NSMutableArray alloc] initWithCapacity:certs.count];
-    for (NSUInteger i = 0; i < certs.count; ++i) {
-      SecCertificateRef certRef = (__bridge SecCertificateRef)certs[i];
-      SNTCertificate *newCert = [[SNTCertificate alloc] initWithSecCertificateRef:certRef];
-      [mutableCerts addObject:newCert];
-    }
-    _certificates = [mutableCerts copy];
-
-    _codeRef = codeRef;
-    CFRetain(_codeRef);
-  }
-
-  return self;
-}
-
-- (instancetype)initWithBinaryPath:(NSString *)binaryPath {
-  SecStaticCodeRef codeRef = NULL;
-
-  // Get SecStaticCodeRef for binary
-  if (SecStaticCodeCreateWithPath(
-          (__bridge CFURLRef)[NSURL fileURLWithPath:binaryPath isDirectory:NO],
-          kSecCSDefaultFlags,
-          &codeRef) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeRef];
-  } else {
-    self = nil;
-  }
-
-  if (codeRef) CFRelease(codeRef);
-  return self;
-}
-
-- (instancetype)initWithPID:(pid_t)PID {
-  SecCodeRef codeRef = NULL;
-  NSDictionary *attributes = @{ (__bridge NSString *)kSecGuestAttributePid : @(PID) };
-
-  if (SecCodeCopyGuestWithAttributes(
-          NULL,
-          (__bridge CFDictionaryRef)attributes,
-          kSecCSDefaultFlags,
-          &codeRef) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeRef];
-  } else {
-    self = nil;
-  }
-
-  if (codeRef) CFRelease(codeRef);
-  return self;
-}
-
-- (instancetype)initWithSelf {
-  SecCodeRef codeSelf = NULL;
-  if (SecCodeCopySelf(kSecCSDefaultFlags, &codeSelf) == errSecSuccess) {
-    self = [self initWithSecStaticCodeRef:codeSelf];
-  } else {
-    self = nil;
-  }
-
-  if (codeSelf) CFRelease(codeSelf);
-  return self;
-}
-
-- (instancetype)init {
-  [self doesNotRecognizeSelector:_cmd];
-  return nil;
-}
-
-- (void)dealloc {
-  if (_codeRef) {
-    CFRelease(_codeRef);
-    _codeRef = NULL;
-  }
-}
-
-#pragma mark Description
-
-- (NSString *)description {
-  NSString *binarySource;
-  if (CFGetTypeID(self.codeRef) == SecStaticCodeGetTypeID()) {
-    binarySource = @"On-disk";
-  } else {
-    binarySource = @"In-memory";
-  }
-
-  return [NSString stringWithFormat:@"%@ binary, signed by %@, located at: %@",
-              binarySource, self.leafCertificate.orgName, self.binaryPath];
-}
-
-#pragma mark Public accessors
-
-- (SNTCertificate *)leafCertificate {
-  return [self.certificates firstObject];
-}
-
-- (NSString *)binaryPath {
-  CFURLRef path;
-  OSStatus status = SecCodeCopyPath(self.codeRef, kSecCSDefaultFlags, &path);
-  NSURL *pathURL = CFBridgingRelease(path);
-  if (status != errSecSuccess) return nil;
-  return [pathURL path];
-}
-
-- (BOOL)signingInformationMatches:(SNTCodesignChecker *)otherChecker {
-  return [self.certificates isEqual:otherChecker.certificates];
-}
-
-@end

Source/common/SNTCommonEnums.h

@@ -1,4 +1,4 @@
-/// Copyright 2015 Google Inc. All rights reserved.
+/// Copyright 2015-2022 Google Inc. All rights reserved.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -12,61 +12,187 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#ifndef SANTA__COMMON__COMMONENUMS_H
-#define SANTA__COMMON__COMMONENUMS_H
+#import <Foundation/Foundation.h>
 
 ///
 ///  These enums are used in various places throughout the Santa client code.
 ///  The integer values are also stored in the database and so shouldn't be changed.
 ///
 
-typedef enum {
-  RULETYPE_UNKNOWN,
+typedef NS_ENUM(NSInteger, SNTAction) {
+  SNTActionUnset,
 
-  RULETYPE_BINARY   = 1,
-  RULETYPE_CERT     = 2,
+  // REQUESTS
+  // If an operation is awaiting a cache decision from a similar operation
+  // currently being processed, it will poll about every 5 ms for an answer.
+  SNTActionRequestBinary,
 
-  RULETYPE_MAX
-} santa_ruletype_t;
+  // RESPONSES
+  SNTActionRespondAllow,
+  SNTActionRespondDeny,
+  SNTActionRespondAllowCompiler,
+};
 
-typedef enum {
-  RULESTATE_UNKNOWN,
+#define RESPONSE_VALID(x) \
+  (x == SNTActionRespondAllow || x == SNTActionRespondDeny || x == SNTActionRespondAllowCompiler)
 
-  RULESTATE_WHITELIST        = 1,
-  RULESTATE_BLACKLIST        = 2,
-  RULESTATE_SILENT_BLACKLIST = 3,
-  RULESTATE_REMOVE           = 4,
+// Supported Rule Types
+//
+// Note: These enum values should be in order of decreasing precedence as
+// evaluated by Santa. When adding new enum values, leave some space so that
+// additional rules can be added without violating this. The ordering isn't
+// strictly necessary but improves readability and may preemptively prevent
+// issues should SQLite behavior change.
+typedef NS_ENUM(NSInteger, SNTRuleType) {
+  SNTRuleTypeUnknown = 0,
 
-  RULESTATE_MAX
-} santa_rulestate_t;
+  SNTRuleTypeCDHash = 500,
+  SNTRuleTypeBinary = 1000,
+  SNTRuleTypeSigningID = 2000,
+  SNTRuleTypeCertificate = 3000,
+  SNTRuleTypeTeamID = 4000,
+};
 
-typedef enum {
-  CLIENTMODE_UNKNOWN,
+typedef NS_ENUM(NSInteger, SNTRuleState) {
+  SNTRuleStateUnknown,
 
-  CLIENTMODE_MONITOR  = 1,
-  CLIENTMODE_LOCKDOWN = 2,
+  SNTRuleStateAllow = 1,
+  SNTRuleStateBlock = 2,
+  SNTRuleStateSilentBlock = 3,
+  SNTRuleStateRemove = 4,
 
-  CLIENTMODE_MAX
-} santa_clientmode_t;
+  SNTRuleStateAllowCompiler = 5,
+  SNTRuleStateAllowTransitive = 6,
+};
 
-typedef enum {
-  EVENTSTATE_UNKNOWN,
+typedef NS_ENUM(NSInteger, SNTClientMode) {
+  SNTClientModeUnknown,
 
-  EVENTSTATE_ALLOW_UNKNOWN     = 1,
-  EVENTSTATE_ALLOW_BINARY      = 2,
-  EVENTSTATE_ALLOW_CERTIFICATE = 3,
-  EVENTSTATE_ALLOW_SCOPE       = 4,
+  SNTClientModeMonitor = 1,
+  SNTClientModeLockdown = 2,
+};
 
-  EVENTSTATE_BLOCK_UNKNOWN     = 5,
-  EVENTSTATE_BLOCK_BINARY      = 6,
-  EVENTSTATE_BLOCK_CERTIFICATE = 7,
-  EVENTSTATE_BLOCK_SCOPE       = 8,
+typedef NS_ENUM(uint64_t, SNTEventState) {
+  // Bits 0-15 bits store non-decision types
+  SNTEventStateUnknown = 0,
+  SNTEventStateBundleBinary = 1,
 
-  EVENTSTATE_MAX
-} santa_eventstate_t;
+  // Bits 16-39 store deny decision types
+  SNTEventStateBlockUnknown = 1ULL << 16,
+  SNTEventStateBlockBinary = 1ULL << 17,
+  SNTEventStateBlockCertificate = 1ULL << 18,
+  SNTEventStateBlockScope = 1ULL << 19,
+  SNTEventStateBlockTeamID = 1ULL << 20,
+  SNTEventStateBlockLongPath = 1ULL << 21,
+  SNTEventStateBlockSigningID = 1ULL << 22,
+  SNTEventStateBlockCDHash = 1ULL << 23,
 
-static const char *kKextPath = "/Library/Extensions/santa-driver.kext";
-static const char *kSantaDPath = "/Library/Extensions/santa-driver.kext/Contents/MacOS/santad";
-static const char *kSantaCtlPath = "/Library/Extensions/santa-driver.kext/Contents/MacOS/santactl";
+  // Bits 40-63 store allow decision types
+  SNTEventStateAllowUnknown = 1ULL << 40,
+  SNTEventStateAllowBinary = 1ULL << 41,
+  SNTEventStateAllowCertificate = 1ULL << 42,
+  SNTEventStateAllowScope = 1ULL << 43,
+  SNTEventStateAllowCompiler = 1ULL << 44,
+  SNTEventStateAllowTransitive = 1ULL << 45,
+  SNTEventStateAllowPendingTransitive = 1ULL << 46,
+  SNTEventStateAllowTeamID = 1ULL << 47,
+  SNTEventStateAllowSigningID = 1ULL << 48,
+  SNTEventStateAllowCDHash = 1ULL << 49,
 
-#endif  // SANTA__COMMON__COMMONENUMS_H
+  // Block and Allow masks
+  SNTEventStateBlock = 0xFFFFFFULL << 16,
+  SNTEventStateAllow = 0xFFFFFFULL << 40,
+};
+
+typedef NS_ENUM(NSInteger, SNTRuleTableError) {
+  SNTRuleTableErrorEmptyRuleArray,
+  SNTRuleTableErrorInsertOrReplaceFailed,
+  SNTRuleTableErrorInvalidRule,
+  SNTRuleTableErrorRemoveFailed
+};
+
+// This enum type is used to indicate what should be done with the related bundle events that are
+// generated when an initiating blocked bundle event occurs.
+typedef NS_ENUM(NSInteger, SNTBundleEventAction) {
+  SNTBundleEventActionDropEvents,
+  SNTBundleEventActionStoreEvents,
+  SNTBundleEventActionSendEvents,
+};
+
+// Indicates where to store event logs.
+typedef NS_ENUM(NSInteger, SNTEventLogType) {
+  SNTEventLogTypeSyslog,
+  SNTEventLogTypeFilelog,
+  SNTEventLogTypeProtobuf,
+  SNTEventLogTypeJSON,
+  SNTEventLogTypeNull,
+};
+
+// The return status of a sync.
+typedef NS_ENUM(NSInteger, SNTSyncStatusType) {
+  SNTSyncStatusTypeSuccess,
+  SNTSyncStatusTypePreflightFailed,
+  SNTSyncStatusTypeEventUploadFailed,
+  SNTSyncStatusTypeRuleDownloadFailed,
+  SNTSyncStatusTypePostflightFailed,
+  SNTSyncStatusTypeTooManySyncsInProgress,
+  SNTSyncStatusTypeMissingSyncBaseURL,
+  SNTSyncStatusTypeMissingMachineID,
+  SNTSyncStatusTypeDaemonTimeout,
+  SNTSyncStatusTypeSyncStarted,
+  SNTSyncStatusTypeUnknown,
+};
+
+typedef NS_ENUM(NSInteger, SNTSyncContentEncoding) {
+  SNTSyncContentEncodingNone,
+  SNTSyncContentEncodingDeflate,
+  SNTSyncContentEncodingGzip,
+};
+
+typedef NS_ENUM(NSInteger, SNTMetricFormatType) {
+  SNTMetricFormatTypeUnknown,
+  SNTMetricFormatTypeRawJSON,
+  SNTMetricFormatTypeMonarchJSON,
+};
+
+typedef NS_ENUM(NSInteger, SNTOverrideFileAccessAction) {
+  SNTOverrideFileAccessActionNone,
+  SNTOverrideFileAccessActionAuditOnly,
+  SNTOverrideFileAccessActionDiable,
+};
+
+typedef NS_ENUM(NSInteger, SNTDeviceManagerStartupPreferences) {
+  SNTDeviceManagerStartupPreferencesNone,
+  SNTDeviceManagerStartupPreferencesUnmount,
+  SNTDeviceManagerStartupPreferencesForceUnmount,
+  SNTDeviceManagerStartupPreferencesRemount,
+  SNTDeviceManagerStartupPreferencesForceRemount,
+};
+
+typedef NS_ENUM(NSInteger, SNTSyncType) {
+  SNTSyncTypeNormal,
+  SNTSyncTypeClean,
+  SNTSyncTypeCleanAll,
+};
+
+typedef NS_ENUM(NSInteger, SNTRuleCleanup) {
+  SNTRuleCleanupNone,
+  SNTRuleCleanupAll,
+  SNTRuleCleanupNonTransitive,
+};
+
+#ifdef __cplusplus
+enum class FileAccessPolicyDecision {
+  kNoPolicy,
+  kDenied,
+  kDeniedInvalidSignature,
+  kAllowed,
+  kAllowedReadAccess,
+  kAllowedAuditOnly,
+};
+#endif
+
+static const char *kSantaDPath =
+  "/Applications/Santa.app/Contents/Library/SystemExtensions/"
+  "com.google.santa.daemon.systemextension/Contents/MacOS/com.google.santa.daemon";
+static const char *kSantaAppPath = "/Applications/Santa.app";

Source/common/SNTConfigurator.h

@@ -1,4 +1,4 @@
-/// Copyright 2015 Google Inc. All rights reserved.
+/// Copyright 2015-2022 Google Inc. All rights reserved.
 ///
 /// Licensed under the Apache License, Version 2.0 (the "License");
 /// you may not use this file except in compliance with the License.
@@ -12,31 +12,310 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-#include "SNTCommonEnums.h"
+#import <Foundation/Foundation.h>
+
+#import "Source/common/SNTCommonEnums.h"
+
+@class SNTRule;
 
 ///
 ///  Singleton that provides an interface for managing configuration values on disk
 ///  @note This class is designed as a singleton but that is not strictly enforced.
+///  @note All properties are KVO compliant.
 ///
 @interface SNTConfigurator : NSObject
 
-///  Default config file path
-extern NSString * const kDefaultConfigFilePath;
-
 #pragma mark - Daemon Settings
 
 ///
-///  The operating mode.
+///  The operating mode. Defaults to MONITOR.
 ///
-@property(nonatomic) santa_clientmode_t clientMode;
+@property(readonly, nonatomic) SNTClientMode clientMode;
 
 ///
-///  Whether or not to log all events, even for whitelisted binaries.
+///  Set the operating mode as received from a sync server.
 ///
-@property(nonatomic) BOOL logAllEvents;
+- (void)setSyncServerClientMode:(SNTClientMode)newMode;
+
+///
+///  Enable Fail Close mode. Defaults to NO.
+///  This controls Santa's behavior when a failure occurs, such as an
+///  inability to read a file and as a default response when deadlines
+///  are about to expire. By default, to prevent bugs or misconfiguration
+///  from rendering a machine inoperable Santa will fail open and allow
+///  execution. With this setting enabled, Santa will fail closed if the client
+///  is in LOCKDOWN mode, offering a higher level of security but with a higher
+///  potential for causing problems.
+///
+@property(readonly, nonatomic) BOOL failClosed;
+
+///
+///  A set of static rules that should always apply. These can be used as a
+///  fallback set of rules for management tools that should always be allowed to
+///  run even if a sync server does something unexpected. It can also be used
+///  as the sole source of rules, distributed with an MDM.
+///
+///  The value of this key should be an array containing dictionaries. Each
+///  dictionary should contain the same keys used for syncing, e.g:
+///
+///  <key>StaticRules</key>
+///  <array>
+///    <dict>
+///      <key>identifier</key>
+///      <string>binary sha256, certificate sha256, team ID</string>
+///      <key>rule_type</key>
+///      <string>BINARY</string>  (one of BINARY, CERTIFICATE or TEAMID)
+///      <key>policy</key>
+///      <string>BLOCKLIST</string>  (one of ALLOWLIST, ALLOWLIST_COMPILER, BLOCKLIST,
+///                                   SILENT_BLOCKLIST)
+///    </dict>
+///  </array>
+///
+///  The return of this property is a dictionary where the keys are the
+///  identifiers of each rule, with the SNTRule as a value
+///
+@property(readonly, nonatomic) NSDictionary<NSString *, SNTRule *> *staticRules;
+
+///
+///  The regex of allowed paths. Regexes are specified in ICU format.
+///
+///  The regex flags IXSM can be used, though the s (dotall) and m (multiline) flags are
+///  pointless as a path only ever has a single line.
+///  If the regex doesn't begin with ^ to match from the beginning of the line, it will be added.
+///
+@property(readonly, nonatomic) NSRegularExpression *allowedPathRegex;
+
+///
+///  Set the regex of allowed paths as received from a sync server.
+///
+- (void)setSyncServerAllowedPathRegex:(NSRegularExpression *)re;
+
+///
+///  The regex of blocked paths. Regexes are specified in ICU format.
+///
+///  The regex flags IXSM can be used, though the s (dotall) and m (multiline) flags are
+///  pointless as a path only ever has a single line.
+///  If the regex doesn't begin with ^ to match from the beginning of the line, it will be added.
+///
+@property(readonly, nonatomic) NSRegularExpression *blockedPathRegex;
+
+///
+///  Set the regex of blocked paths as received from a sync server.
+///
+- (void)setSyncServerBlockedPathRegex:(NSRegularExpression *)re;
+
+///
+///  The regex of paths to log file changes for. Regexes are specified in ICU format.
+///
+///  The regex flags IXSM can be used, though the s (dotalL) and m (multiline) flags are
+///  pointless as a path only ever has a single line.
+///  If the regex doesn't begin with ^ to match from the beginning of the line, it will be added.
+///
+@property(readonly, nonatomic) NSRegularExpression *fileChangesRegex;
+
+///
+///  A list of ignore prefixes which are checked in-kernel.
+///  This is more performant than FileChangesRegex when ignoring whole directory trees.
+///
+///  For example adding a prefix of "/private/tmp/" will turn off file change log generation
+///  in-kernel for that entire tree. Since they are ignored by the kernel, they never reach santad
+///  and are not seen by the fileChangesRegex. Note the trailing "/", without it any file or
+///  directory starting with "/private/tmp" would be ignored.
+///
+///  By default "/." and "/dev/" are added.
+///
+///  Memory in the kernel is precious. A total of MAXPATHLEN (1024) nodes are allowed.
+///  Using all 1024 nodes will result in santa-driver allocating ~2MB of wired memory.
+///  An ASCII character uses 1 node. An UTF-8 encoded Unicode character uses 1-4 nodes.
+///  Prefixes are added to the running config in-order, one by one. The prefix will be ignored if
+///  (the running config's current size) + (the prefix's size) totals up to more than 1024 nodes.
+///  The running config is stored in a prefix tree.
+///  Prefixes that share prefixes are effectively de-duped; their shared node sized components only
+///  take up 1 node. For example these 3 prefixes all have a common prefix of "/private/".
+///  They will only take up 21 nodes instead of 39.
+///
+///  "/private/tmp/"
+///  "/private/var/"
+///  "/private/new/"
+///
+///                                                              -> [t] -> [m] -> [p] -> [/]
+///
+///  [/] -> [p] -> [r] -> [i] -> [v] -> [a] -> [t] -> [e] -> [/] -> [v] -> [a] -> [r] -> [/]
+///
+///                                                              -> [n] -> [e] -> [w] -> [/]
+///
+///  Prefixes with Unicode characters work similarly. Assuming a UTF-8 encoding these two prefixes
+///  are actually the same for the first 3 nodes. They take up 7 nodes instead of 10.
+///
+///  "/🤘"
+///  "/🖖"
+///
+///                          -> [0xa4] -> [0x98]
+///
+///  [/] -> [0xf0] -> [0x9f]
+///
+///                          -> [0x96] -> [0x96]
+///
+///  To disable file change logging completely add "/".
+///  TODO(bur): Make this default if no FileChangesRegex is set.
+///
+///  Filters are only applied on santad startup.
+///  TODO(bur): Support add / remove of filters while santad is running.
+///
+@property(readonly, nonatomic) NSArray *fileChangesPrefixFilters;
+
+///
+///  Enable __PAGEZERO protection, defaults to YES
+///  If this flag is set to NO, 32-bit binaries that are missing
+///  the __PAGEZERO segment will not be blocked.
+///
+@property(readonly, nonatomic) BOOL enablePageZeroProtection;
+
+///
+///  Enable bad signature protection, defaults to NO.
+///  When enabled, a binary that is signed but has a bad signature (cert revoked, binary
+///  tampered with, etc.) will be blocked regardless of client-mode unless a binary allowlist
+///  rule exists.
+///
+@property(readonly, nonatomic) BOOL enableBadSignatureProtection;
+
+///
+///  Defines how event logs are stored. Options are:
+///    SNTEventLogTypeSyslog "syslog": Sent to ASL or ULS (if built with the 10.12 SDK or later).
+///    SNTEventLogTypeFilelog "file": Sent to a file on disk. Use eventLogPath to specify a path.
+///    SNTEventLogTypeNull "null": Logs nothing
+///    SNTEventLogTypeProtobuf "protobuf": (BETA) Sent to a file on disk, using a maildir-like
+///      format. Use spoolDirectory to specify a path. Use spoolDirectoryFileSizeThresholdKB,
+///      spoolDirectorySizeThresholdMB and spoolDirectoryEventMaxFlushTimeSec to configure
+///      additional settings.
+///    Defaults to SNTEventLogTypeFilelog.
+///    For mobileconfigs use EventLogType as the key and syslog or filelog strings as the value.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) SNTEventLogType eventLogType;
+
+///
+/// Returns the raw value of the EventLogType configuration key instead of being
+/// converted to the SNTEventLogType enum. If the key is not set, the default log
+/// type is returned.
+///
+@property(readonly, nonatomic) NSString *eventLogTypeRaw;
+
+///
+///  If eventLogType is set to Filelog, eventLogPath will provide the path to save logs.
+///  Defaults to /var/db/santa/santa.log.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) NSString *eventLogPath;
+
+///
+///  If eventLogType is set to protobuf, spoolDirectory will provide the base path used for
+///  saving logs using a maildir-like format.
+///  Defaults to /var/db/santa/spool.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) NSString *spoolDirectory;
+
+///
+///  If eventLogType is set to protobuf, spoolDirectoryFileSizeThresholdKB sets the per-file size
+///  limit for files saved in the spoolDirectory.
+///  Defaults to 250.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) NSUInteger spoolDirectoryFileSizeThresholdKB;
+
+///
+///  If eventLogType is set to protobuf, spoolDirectorySizeThresholdMB sets the total size
+///  limit for all files saved in the spoolDirectory.
+///  Defaults to 100.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) NSUInteger spoolDirectorySizeThresholdMB;
+
+///
+///  If eventLogType is set to protobuf, spoolDirectoryEventMaxFlushTimeSec sets the maximum amount
+///  of time an event will be stored in memory before being written to disk.
+///  Defaults to 15.0.
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) float spoolDirectoryEventMaxFlushTimeSec;
+
+///
+///  If set, contains the filesystem access policy configuration.
+///
+///  @note: The property fileAccessPolicyPlist will be ignored if
+///         fileAccessPolicy is set.
+///  @note: This property is KVO compliant.
+///
+@property(readonly, nonatomic) NSDictionary *fileAccessPolicy;
+
+///
+///  If set, contains the path to the filesystem access policy config plist.
+///
+///  @note: This property will be ignored if fileAccessPolicy is set.
+///  @note: This property is KVO compliant.
+///
+@property(readonly, nonatomic) NSString *fileAccessPolicyPlist;
+
+///
+///  This is the message shown to the user when access to a file is blocked
+///  by a binary due to some rule in the current File Access policy if that rule
+///  doesn't provide a custom message. If this is not configured, a reasonable
+///  default is provided.
+///
+///  @note: This property is KVO compliant.
+///
+@property(readonly, nonatomic) NSString *fileAccessBlockMessage;
+
+///
+///  If fileAccessPolicyPlist is set, fileAccessPolicyUpdateIntervalSec
+///  sets the number of seconds between times that the configuration file is
+///  re-read and policies reconstructed.
+///  Defaults to 600 seconds (10 minutes)
+///
+///  @note: This property is KVO compliant, but should only be read once at santad startup.
+///
+@property(readonly, nonatomic) uint32_t fileAccessPolicyUpdateIntervalSec;
+
+///
+/// Enabling this appends the Santa machine ID to the end of each log line. If nothing
+/// has been overridden, this is the host's UUID.
+/// Defaults to NO.
+///
+@property(readonly, nonatomic) BOOL enableMachineIDDecoration;
 
 #pragma mark - GUI Settings
 
+///
+///  When silent mode is enabled, Santa will never show notifications for
+///  blocked processes.
+///
+///  This can be a very confusing experience for users, use with caution.
+///
+///  Defaults to NO.
+///
+@property(readonly, nonatomic) BOOL enableSilentMode;
+
+///
+///  When silent TTY mode is enabled, Santa will not emit TTY notifications for
+///  blocked processes.
+///
+///  Defaults to NO.
+///
+@property(readonly, nonatomic) BOOL enableSilentTTYMode;
+
+///
+/// The text to display when opening Santa.app.
+/// If unset, the default text will be displayed.
+///
+@property(readonly, nonatomic) NSString *aboutText;
+
 ///
 ///  The URL to open when the user clicks "More Info..." when opening Santa.app.
 ///  If unset, the button will not be displayed.
@@ -46,12 +325,16 @@ extern NSString * const kDefaultConfigFilePath;
 ///
 ///  When the user gets a block notification, a button can be displayed which will
 ///  take them to a web page with more information about that event.
+///
 ///  This property contains a kind of format string to be turned into the URL to send them to.
 ///  The following sequences will be replaced in the final URL:
 ///
 ///  %file_sha%    -- SHA-256 of the file that was blocked.
 ///  %machine_id%  -- ID of the machine.
 ///  %username%    -- executing user.
+///  %serial%      -- System's serial number.
+///  %uuid%        -- System's UUID.
+///  %hostname%    -- System's full hostname.
 ///
 ///  @note: This is not an NSURL because the format-string parsing is done elsewhere.
 ///
@@ -64,6 +347,45 @@ extern NSString * const kDefaultConfigFilePath;
 ///
 @property(readonly, nonatomic) NSString *eventDetailText;
 
+///
+///  In lockdown mode this is the message shown to the user when an unknown binary
+///  is blocked. If this message is not configured, a reasonable default is provided.
+///
+@property(readonly, nonatomic) NSString *unknownBlockMessage;
+
+///
+///  This is the message shown to the user when a binary is blocked because of a rule,
+///  if that rule doesn't provide a custom message. If this is not configured, a reasonable
+///  default is provided.
+///
+@property(readonly, nonatomic) NSString *bannedBlockMessage;
+
+///
+/// This is the message shown to the user when a USB storage device's mount is denied
+/// from the BlockUSB configuration setting. If not configured, a reasonable
+/// default is provided.
+///
+@property(readonly, nonatomic) NSString *bannedUSBBlockMessage;
+
+///
+/// This is the message shown to the user when a USB storage device's mount is forcibly
+/// remounted to a different set of permissions from the BlockUSB and RemountUSBMode
+/// configuration settings. If not configured, a reasonable default is provided.
+///
+@property(readonly, nonatomic) NSString *remountUSBBlockMessage;
+
+///
+///  The notification text to display when the client goes into MONITOR mode.
+///  Defaults to "Switching into Monitor mode"
+///
+@property(readonly, nonatomic) NSString *modeNotificationMonitor;
+
+///
+///  The notification text to display when the client goes into LOCKDOWN mode.
+///  Defaults to "Switching into Lockdown mode"
+///
+@property(readonly, nonatomic) NSString *modeNotificationLockdown;
+
 #pragma mark - Sync Settings
 
 ///
@@ -71,16 +393,121 @@ extern NSString * const kDefaultConfigFilePath;
 ///
 @property(readonly, nonatomic) NSURL *syncBaseURL;
 
+///
+///  Proxy settings for syncing.
+///  This dictionary is passed directly to NSURLSession. The allowed keys
+///  are loosely documented at
+///  https://developer.apple.com/documentation/cfnetwork/global_proxy_settings_constants.
+///
+@property(readonly, nonatomic) NSDictionary *syncProxyConfig;
+
+///
+///  Extra headers to include in all requests made during syncing.
+///  Keys and values must all be strings, any other type will be silently ignored.
+///  Some headers cannot be set through this key, including:
+///
+///    * Content-Encoding
+///    * Content-Length
+///    * Content-Type
+///    * Connection
+///    * Host
+///    * Proxy-Authenticate
+///    * Proxy-Authorization
+///    * WWW-Authenticate
+///
+///  The header "Authorization" is also documented by Apple to be one that will
+///  be ignored but this is not really the case, at least at present. If you
+///  are able to use a different header for this that would be safest but if not
+///  using Authorization /should/ be fine.
+///
+@property(readonly, nonatomic) NSDictionary *syncExtraHeaders;
+
 ///
 ///  The machine owner.
 ///
 @property(readonly, nonatomic) NSString *machineOwner;
 
+///
+///  The last date of a successful full sync.
+///
+@property(nonatomic) NSDate *fullSyncLastSuccess;
+
+///
+///  The last date of a successful rule sync.
+///
+@property(nonatomic) NSDate *ruleSyncLastSuccess;
+
+///
+///  Type of sync required (e.g. normal, clean, etc.).
+///
+@property(nonatomic) SNTSyncType syncTypeRequired;
+
+#pragma mark - USB Settings
+
+///
+/// USB Mount Blocking. Defaults to false.
+///
+@property(nonatomic) BOOL blockUSBMount;
+
+///
+/// Comma-separated `$ mount -o` arguments used for forced remounting of USB devices. Default
+/// to fully allow/deny without remounting if unset.
+///
+@property(nonatomic) NSArray<NSString *> *remountUSBMode;
+
+///
+/// If set, defines the action that should be taken on existing USB mounts when
+/// Santa starts up.
+///
+/// Supported values are:
+///   * "Unmount": Unmount mass storage devices
+///   * "ForceUnmount": Force unmount mass storage devices
+///
+///
+/// Note: Existing mounts with mount flags that are a superset of RemountUSBMode
+/// are unaffected and left mounted.
+///
+@property(readonly, nonatomic) SNTDeviceManagerStartupPreferences onStartUSBOptions;
+
+///
+/// If set, will override the action taken when a file access rule violation
+/// occurs. This setting will apply across all rules in the file access policy.
+///
+/// Possible values are
+///   * "AuditOnly": When a rule is violated, it will be logged, but the access
+///     will not be blocked
+///   * "Disable": No access will be logged or blocked.
+///
+/// If not set, no override will take place and the file acces spolicy will
+/// apply as configured.
+///
+@property(readonly, nonatomic) SNTOverrideFileAccessAction overrideFileAccessAction;
+
+///
+///  Set the action that will override file access policy config action
+///
+- (void)setSyncServerOverrideFileAccessAction:(NSString *)action;
+
 ///
 ///  If set, this over-rides the default machine ID used for syncing.
 ///
 @property(readonly, nonatomic) NSString *machineID;
 
+///
+///  If YES, enables bundle detection for blocked events. This property is not stored on disk.
+///  Its value is set by a sync server that supports bundles. Defaults to NO.
+///
+@property BOOL enableBundles;
+
+#pragma mark Transitive Allowlist Settings
+
+///
+///  If YES, binaries marked with SNTRuleStateAllowCompiler rules are allowed to transitively
+///  allow any executables that they produce.  If NO, SNTRuleStateAllowCompiler rules are
+///  interpreted as if they were simply SNTRuleStateAllow rules.  Defaults to NO.
+///
+@property BOOL enableTransitiveRules;
+
 #pragma mark Server Auth Settings
 
 ///
@@ -118,21 +545,130 @@ extern NSString * const kDefaultConfigFilePath;
 ///
 @property(readonly, nonatomic) NSString *syncClientAuthCertificateIssuer;
 
+///
+///  If true, syncs will upload events when a clean sync is requested. Defaults to false.
+///
+@property(readonly, nonatomic) BOOL enableCleanSyncEventUpload;
+
+///
+///  If true, events will be uploaded for all executions, even those that are allowed.
+///  Use with caution, this generates a lot of events. Defaults to false.
+///
+@property(nonatomic) BOOL enableAllEventUpload;
+
+///
+///  If true, events will *not* be uploaded for ALLOW_UNKNOWN events for clients in Monitor mode.
+///
+@property(nonatomic) BOOL disableUnknownEventUpload;
+
+///
+///  If true, forks and exits will be logged. Defaults to false.
+///
+@property(readonly, nonatomic) BOOL enableForkAndExitLogging;
+
+///
+///  If true, ignore actions from other endpoint security clients. Defaults to false. This only
+///  applies when running as a sysx.
+///
+@property(readonly, nonatomic) BOOL ignoreOtherEndpointSecurityClients;
+
+///
+///  If true, debug logging will be enabled for all Santa components. Defaults to false.
+///  Passing --debug as an executable argument will enable debug logging for that specific
+///  component.
+///
+@property(readonly, nonatomic) BOOL enableDebugLogging;
+
+///
+///  If true, compressed requests from "santactl sync" will set "Content-Encoding" to "zlib"
+///  instead of the new default "deflate". If syncing with Upvote deployed at commit 0b4477d
+///  or below, set this option to true.
+///  Defaults to false.
+///
+@property(readonly, nonatomic) BOOL enableBackwardsCompatibleContentEncoding;
+
+///
+/// If set, "santactl sync" will use the supplied "Content-Encoding", possible
+/// settings include "gzip", "deflate", "none". If empty defaults to "deflate".
+///
+@property(readonly, nonatomic) SNTSyncContentEncoding syncClientContentEncoding;
+
+///
+///  Contains the FCM project name.
+///
+@property(readonly, nonatomic) NSString *fcmProject;
+
+///
+///  Contains the FCM project entity.
+///
+@property(readonly, nonatomic) NSString *fcmEntity;
+
+///
+///  Contains the FCM project API key.
+///
+@property(readonly, nonatomic) NSString *fcmAPIKey;
+
+///
+///  True if fcmProject, fcmEntity and fcmAPIKey are all set. Defaults to false.
+///
+@property(readonly, nonatomic) BOOL fcmEnabled;
+
+///
+/// True if metricsFormat and metricsURL are set. False otherwise.
+///
+@property(readonly, nonatomic) BOOL exportMetrics;
+
+///
+/// Format to export Metrics as.
+///
+@property(readonly, nonatomic) SNTMetricFormatType metricFormat;
+
+///
+/// URL describing where metrics are exported, defaults to nil.
+///
+@property(readonly, nonatomic) NSURL *metricURL;
+
+///
+/// Extra Metric Labels to add to the metrics payloads.
+///
+@property(readonly, nonatomic) NSDictionary *extraMetricLabels;
+
+///
+/// Duration in seconds of how often the metrics should be exported.
+///
+@property(readonly, nonatomic) NSUInteger metricExportInterval;
+
+///
+/// Duration in seconds for metrics export timeout. Defaults to 30;
+///
+@property(readonly, nonatomic) NSUInteger metricExportTimeout;
+
+///
+/// List of prefix strings for which individual entitlement keys with a matching
+/// prefix should not be logged.
+///
+@property(readonly, nonatomic) NSArray<NSString *> *entitlementsPrefixFilter;
+
+///
+/// List of TeamIDs for which entitlements should not be logged. Use the string
+/// "platform" to refer to platform binaries.
+///
+@property(readonly, nonatomic) NSArray<NSString *> *entitlementsTeamIDFilter;
+
+///
+/// List of enabled process annotations.
+/// This property is not KVO compliant.
+///
+@property(readonly, nonatomic) NSArray<NSString *> *enabledProcessAnnotations;
+
 ///
 ///  Retrieve an initialized singleton configurator object using the default file path.
 ///
 + (instancetype)configurator;
 
 ///
-///  Designated initializer.
+///  Clear the sync server configuration from the effective configuration.
 ///
-///  @param filePath The path to the file to use as a backing store.
-///
-- (instancetype)initWithFilePath:(NSString *)filePath;
-
-///
-///  Re-read config data from disk.
-///
-- (void)reloadConfigData;
+- (void)clearSyncState;
 
 @end

Source/common/SNTConfiguratorTest.m

@@ -0,0 +1,102 @@
+/// Copyright 2024 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import <Foundation/Foundation.h>
+#import <XCTest/XCTest.h>
+
+#import "Source/common/SNTCommonEnums.h"
+#import "Source/common/SNTConfigurator.h"
+
+@interface SNTConfigurator (Testing)
+- (instancetype)initWithSyncStateFile:(NSString *)syncStateFilePath
+            syncStateAccessAuthorizer:(BOOL (^)(void))syncStateAccessAuthorizer;
+
+@property NSDictionary *syncState;
+@end
+
+@interface SNTConfiguratorTest : XCTestCase
+@property NSFileManager *fileMgr;
+@property NSString *testDir;
+@end
+
+@implementation SNTConfiguratorTest
+
+- (void)setUp {
+  self.fileMgr = [NSFileManager defaultManager];
+  self.testDir =
+    [NSString stringWithFormat:@"%@santa-configurator-%d", NSTemporaryDirectory(), getpid()];
+
+  XCTAssertTrue([self.fileMgr createDirectoryAtPath:self.testDir
+                        withIntermediateDirectories:YES
+                                         attributes:nil
+                                              error:nil]);
+}
+
+- (void)tearDown {
+  XCTAssertTrue([self.fileMgr removeItemAtPath:self.testDir error:nil]);
+}
+
+- (void)runMigrationTestsWithSyncState:(NSDictionary *)syncStatePlist
+                              verifier:(void (^)(SNTConfigurator *))verifierBlock {
+  NSString *syncStatePlistPath =
+    [NSString stringWithFormat:@"%@/test-sync-state.plist", self.testDir];
+
+  XCTAssertTrue([syncStatePlist writeToFile:syncStatePlistPath atomically:YES]);
+
+  SNTConfigurator *cfg = [[SNTConfigurator alloc] initWithSyncStateFile:syncStatePlistPath
+                                              syncStateAccessAuthorizer:^{
+                                                // Allow all access to the test plist
+                                                return YES;
+                                              }];
+
+  NSLog(@"sync state: %@", cfg.syncState);
+
+  verifierBlock(cfg);
+
+  XCTAssertTrue([self.fileMgr removeItemAtPath:syncStatePlistPath error:nil]);
+}
+
+- (void)testInitMigratesSyncStateKeys {
+  // SyncCleanRequired = YES
+  [self runMigrationTestsWithSyncState:@{@"SyncCleanRequired" : [NSNumber numberWithBool:YES]}
+                              verifier:^(SNTConfigurator *cfg) {
+                                XCTAssertEqual(cfg.syncState.count, 1);
+                                XCTAssertNil(cfg.syncState[@"SyncCleanRequired"]);
+                                XCTAssertNotNil(cfg.syncState[@"SyncTypeRequired"]);
+                                XCTAssertEqual([cfg.syncState[@"SyncTypeRequired"] integerValue],
+                                               SNTSyncTypeClean);
+                                XCTAssertEqual(cfg.syncState.count, 1);
+                              }];
+
+  // SyncCleanRequired = NO
+  [self runMigrationTestsWithSyncState:@{@"SyncCleanRequired" : [NSNumber numberWithBool:NO]}
+                              verifier:^(SNTConfigurator *cfg) {
+                                XCTAssertEqual(cfg.syncState.count, 1);
+                                XCTAssertNil(cfg.syncState[@"SyncCleanRequired"]);
+                                XCTAssertNotNil(cfg.syncState[@"SyncTypeRequired"]);
+                                XCTAssertEqual([cfg.syncState[@"SyncTypeRequired"] integerValue],
+                                               SNTSyncTypeNormal);
+                                XCTAssertEqual(cfg.syncState.count, 1);
+                              }];
+
+  // Empty state
+  [self runMigrationTestsWithSyncState:@{}
+                              verifier:^(SNTConfigurator *cfg) {
+                                XCTAssertEqual(cfg.syncState.count, 0);
+                                XCTAssertNil(cfg.syncState[@"SyncCleanRequired"]);
+                                XCTAssertNil(cfg.syncState[@"SyncTypeRequired"]);
+                              }];
+}
+
+@end

Source/common/SNTDeepCopy.h

@@ -0,0 +1,27 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import <Foundation/Foundation.h>
+
+@interface NSArray (SNTDeepCopy)
+
+- (instancetype)sntDeepCopy;
+
+@end
+
+@interface NSDictionary (SNTDeepCopy)
+
+- (instancetype)sntDeepCopy;
+
+@end

Source/common/SNTDeepCopy.m

@@ -0,0 +1,53 @@
+/// Copyright 2023 Google LLC
+///
+/// Licensed under the Apache License, Version 2.0 (the "License");
+/// you may not use this file except in compliance with the License.
+/// You may obtain a copy of the License at
+///
+///     https://www.apache.org/licenses/LICENSE-2.0
+///
+/// Unless required by applicable law or agreed to in writing, software
+/// distributed under the License is distributed on an "AS IS" BASIS,
+/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+/// See the License for the specific language governing permissions and
+/// limitations under the License.
+
+#import "Source/common/SNTDeepCopy.h"
+
+@implementation NSArray (SNTDeepCopy)
+
+- (instancetype)sntDeepCopy {
+  NSMutableArray<__kindof NSObject *> *deepCopy = [NSMutableArray arrayWithCapacity:self.count];
+  for (id object in self) {
+    if ([object respondsToSelector:@selector(sntDeepCopy)]) {
+      [deepCopy addObject:[object sntDeepCopy]];
+    } else if ([object respondsToSelector:@selector(copyWithZone:)]) {
+      [deepCopy addObject:[object copy]];
+    } else {
+      [deepCopy addObject:object];
+    }
+  }
+  return deepCopy;
+}
+
+@end
+
+@implementation NSDictionary (SNTDeepCopy)
+
+- (instancetype)sntDeepCopy {
+  NSMutableDictionary<__kindof NSObject *, __kindof NSObject *> *deepCopy =
+    [NSMutableDictionary dictionary];
+  for (id key in self) {
+    id value = self[key];
+    if ([value respondsToSelector:@selector(sntDeepCopy)]) {
+      deepCopy[key] = [value sntDeepCopy];
+    } else if ([value respondsToSelector:@selector(copyWithZone:)]) {
+      deepCopy[key] = [value copy];
+    } else {
+      deepCopy[key] = value;
+    }
+  }
+  return deepCopy;
+}
+
+@end