log deny because of dirty vnode (#267)

* log dirty vnode blocks

* review update

.travis.yml

@@ -4,7 +4,7 @@ cache:
   - bundler
   - cocoapods
 sudo: false
-osx_image: xcode7
+osx_image: xcode9.3
 
 before_install:
  - gem install cocoapods xcpretty

Docs/deployment/configuration.md

@@ -35,6 +35,8 @@ Two configuration methods can be used to control Santa: a local configuration pr
 | MachineOwnerKey               | String     | The key to use on MachineOwnerPlist.     |
 | MachineIDPlist                | String     | The path to a plist that contains the MachineOwnerKey / value pair. |
 | MachineIDKey                  | String     | The key to use on MachineIDPlist.        |
+| EventLogType                  | String     | Defines how event logs are stored. Options are 1) syslog: Sent to ASL or ULS (if built with the 10.12 SDK or later). 2) filelog: Sent to a file on disk. Use EventLogPath to specify a path. Defaults to filelog      |
+| EventLogPath                  | String     | If EventLogType is set to filelog, EventLogPath will provide the path to save logs. Defaults to /var/db/santa/santa.log. If you change this value ensure you also update com.google.santa.newsyslog.conf with the new path.        |
 
 *overridable by the sync server: run `santactl status` to check the current running config
 

Podfile

@@ -5,16 +5,19 @@ inhibit_all_warnings!
 target :Santa do
   pod 'MOLCertificate'
   pod 'MOLCodesignChecker'
+  pod 'MOLXPCConnection'
 end
 
 target :santad do
   pod 'FMDB'
   pod 'MOLCertificate'
   pod 'MOLCodesignChecker'
+  pod 'MOLXPCConnection'
   target :santabs do
     pod 'FMDB'
     pod 'MOLCertificate'
     pod 'MOLCodesignChecker'
+    pod 'MOLXPCConnection'
   end
 end
 
@@ -24,6 +27,7 @@ target :santactl do
   pod 'MOLCertificate'
   pod 'MOLCodesignChecker'
   pod 'MOLFCMClient', '~> 1.3'
+  pod 'MOLXPCConnection'
 end
 
 target :LogicTests do
@@ -31,6 +35,7 @@ target :LogicTests do
   pod 'MOLAuthenticatingURLSession'
   pod 'MOLCertificate'
   pod 'MOLCodesignChecker'
+  pod 'MOLXPCConnection'
   pod 'OCMock'
 end
 

Podfile.lock

@@ -9,6 +9,8 @@ PODS:
     - MOLCertificate (~> 1.8)
   - MOLFCMClient (1.7):
     - MOLAuthenticatingURLSession (~> 2.4)
+  - MOLXPCConnection (1.1):
+    - MOLCodesignChecker (~> 1.9)
   - OCMock (3.4.1)
 
 DEPENDENCIES:
@@ -17,6 +19,7 @@ DEPENDENCIES:
   - MOLCertificate
   - MOLCodesignChecker
   - MOLFCMClient (~> 1.3)
+  - MOLXPCConnection
   - OCMock
 
 SPEC CHECKSUMS:
@@ -25,8 +28,9 @@ SPEC CHECKSUMS:
   MOLCertificate: c999513316d511c69f290fbf313dfe8dca4ad592
   MOLCodesignChecker: b0d5db9d2f9bd94e0fd093891a5d40e5ad77cbc0
   MOLFCMClient: ee45348909351f232e2759c580329072ae7e02d4
+  MOLXPCConnection: de9d5535928f59766a768384e411077b83ec2f9c
   OCMock: 2cd0716969bab32a2283ff3a46fd26a8c8b4c5e3
 
-PODFILE CHECKSUM: acd378b3727c923d912e09812da344f7375c14fe
+PODFILE CHECKSUM: ddca043a7ace9ec600c108621c56d13a50d17236
 
 COCOAPODS: 1.4.0

README.md

@@ -98,11 +98,11 @@ only the root user can read/write it. We're considering approaches to secure
 this further.
 
 * Sync client: The `santactl` command-line client includes a flag to synchronize with a management server, which uploads events that have occurred on the
-machine and downloads new rules. We're still very heavily working on this
-server (which is AppEngine-based and will be open-sourced in the future), so the
-sync client code is unfinished. It does show the 'API' that we're expecting to
-use so if you'd like to write your own management server, feel free to look at
-how the client currently works (and suggest changes!)
+machine and downloads new rules. There are several open-source servers you can sync with:
+
+    * [Upvote](https://github.com/google/upvote) - An AppEngine-based server that implements social voting to make managing a large fleet easier.
+    * [Moroz](https://github.com/groob/moroz) - A simple golang server that serves hardcoded rules from simple configuration files.
+    * [Zentral](https://github.com/zentralopensource/zentral/wiki) - A centralized service that pulls data from multiple sources and deploy configurations to multiple services.
 
 * Scripts: Santa is currently written to ignore any execution that isn't a
 binary. This is because after weighing the administration cost vs the benefit,
@@ -126,8 +126,6 @@ A tool like Santa doesn't really lend itself to screenshots, so here's a video i
 
 Building
 ========
-Firstly, make sure you're using Xcode 7.3.1 as currently we do not support
-building with Xcode 8.
 
 ```sh
 git clone https://github.com/google/santa

Santa.xcodeproj/project.pbxproj

@@ -47,7 +47,6 @@
 		0D35BDA218FD71CE00921A21 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D35BDA118FD71CE00921A21 /* main.m */; };
 		0D35BDAC18FD7CFD00921A21 /* SNTCommandController.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D35BDAB18FD7CFD00921A21 /* SNTCommandController.m */; };
 		0D35BDB518FD84F600921A21 /* SNTCommandSync.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D35BDB418FD84F600921A21 /* SNTCommandSync.m */; };
-		0D35BDC418FDA5D100921A21 /* SNTXPCConnection.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D6FDC9518C93A020044685C /* SNTXPCConnection.m */; };
 		0D377C2A17A071B7008453DB /* SNTEventTable.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D377C2917A071B7008453DB /* SNTEventTable.m */; };
 		0D37C10F18F6029A0069BC61 /* SNTDatabaseTable.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D37C10E18F6029A0069BC61 /* SNTDatabaseTable.m */; };
 		0D385DC4180DE4A900418BC6 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D385DC3180DE4A900418BC6 /* main.m */; };
@@ -56,7 +55,6 @@
 		0D385DF1180DE51600418BC6 /* SNTAppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D385DEB180DE51600418BC6 /* SNTAppDelegate.m */; };
 		0D385DF2180DE51600418BC6 /* SNTMessageWindowController.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D385DED180DE51600418BC6 /* SNTMessageWindowController.m */; };
 		0D385DF3180DE51600418BC6 /* SNTNotificationManager.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D385DEF180DE51600418BC6 /* SNTNotificationManager.m */; };
-		0D3AFBE718FB32CB0087BCEE /* SNTXPCConnectionTest.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D3AFBE618FB32CB0087BCEE /* SNTXPCConnectionTest.m */; };
 		0D3AFBEB18FB48E70087BCEE /* SNTDatabaseTable.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D37C10E18F6029A0069BC61 /* SNTDatabaseTable.m */; };
 		0D3AFBEC18FB48E70087BCEE /* SNTEventTable.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D377C2917A071B7008453DB /* SNTEventTable.m */; };
 		0D3AFBEE18FB4C6C0087BCEE /* SNTApplication.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DB8ACC0185662DC00FEF9C7 /* SNTApplication.m */; };
@@ -75,8 +73,6 @@
 		0D63DD5C1906FCB400D346C4 /* SNTDatabaseController.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D63DD5B1906FCB400D346C4 /* SNTDatabaseController.m */; };
 		0D63DD5E1906FCB400D346C4 /* SNTDatabaseController.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D63DD5B1906FCB400D346C4 /* SNTDatabaseController.m */; };
 		0D668E8118D1121700E29A8B /* SNTMessageWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D668E8018D1121700E29A8B /* SNTMessageWindow.m */; };
-		0D6FDC9618C93A020044685C /* SNTXPCConnection.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D6FDC9518C93A020044685C /* SNTXPCConnection.m */; };
-		0D6FDC9718C93A020044685C /* SNTXPCConnection.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D6FDC9518C93A020044685C /* SNTXPCConnection.m */; };
 		0D7D01871774F93A005DBAB4 /* SNTDriverManager.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D7D01861774F93A005DBAB4 /* SNTDriverManager.m */; };
 		0D827E6519DF392E006EC811 /* SNTConfigurator.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D42D2B719D2042900955F08 /* SNTConfigurator.m */; };
 		0D827E6719DF3C74006EC811 /* SNTCommandStatus.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D827E6619DF3C74006EC811 /* SNTCommandStatus.m */; };
@@ -109,7 +105,6 @@
 		0DC5D871192160180078A5C0 /* SNTCommandSyncLogUpload.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DC5D870192160180078A5C0 /* SNTCommandSyncLogUpload.m */; };
 		0DC765EA1B28D9EA00BAE651 /* santad in CopyFiles */ = {isa = PBXBuildFile; fileRef = 0D9A7F3D1759330500035EB5 /* santad */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; };
 		0DC765EB1B28D9EA00BAE651 /* santactl in CopyFiles */ = {isa = PBXBuildFile; fileRef = 0D35BD9E18FD71CE00921A21 /* santactl */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; };
-		0DCA552718C95928002A7DAE /* SNTXPCConnection.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D6FDC9518C93A020044685C /* SNTXPCConnection.m */; };
 		0DCD5FBF1909D64A006B445C /* SNTCommandFileInfo.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DCD5FBE1909D64A006B445C /* SNTCommandFileInfo.m */; };
 		0DCD6042190ACCB8006B445C /* SNTFileInfo.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DCD6041190ACCB8006B445C /* SNTFileInfo.m */; };
 		0DCD6043190ACCB8006B445C /* SNTFileInfo.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DCD6041190ACCB8006B445C /* SNTFileInfo.m */; };
@@ -179,12 +174,12 @@
 		C7C721AE1E23FCB50051FAA6 /* SNTBundleService.m in Sources */ = {isa = PBXBuildFile; fileRef = C7C721AD1E23FCB50051FAA6 /* SNTBundleService.m */; };
 		C7C721B11E23FF300051FAA6 /* SNTXPCBundleServiceInterface.m in Sources */ = {isa = PBXBuildFile; fileRef = C7C721B01E23FF300051FAA6 /* SNTXPCBundleServiceInterface.m */; };
 		C7C721B21E23FF300051FAA6 /* SNTXPCBundleServiceInterface.m in Sources */ = {isa = PBXBuildFile; fileRef = C7C721B01E23FF300051FAA6 /* SNTXPCBundleServiceInterface.m */; };
-		C7C721B31E2400310051FAA6 /* SNTXPCConnection.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D6FDC9518C93A020044685C /* SNTXPCConnection.m */; };
 		C7C721B41E24042B0051FAA6 /* SNTStoredEvent.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DCD604A19105433006B445C /* SNTStoredEvent.m */; };
 		C7C721B51E2408BE0051FAA6 /* SNTFileInfo.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DCD6041190ACCB8006B445C /* SNTFileInfo.m */; };
 		C7C721B61E2408C30051FAA6 /* SNTLogging.m in Sources */ = {isa = PBXBuildFile; fileRef = 0DA73C9E1934F8100056D7C4 /* SNTLogging.m */; };
 		C7DA62F71E241938009BDF2C /* SNTXPCBundleServiceInterface.m in Sources */ = {isa = PBXBuildFile; fileRef = C7C721B01E23FF300051FAA6 /* SNTXPCBundleServiceInterface.m */; };
 		C7DA62F91E241A02009BDF2C /* SNTCommandBundleInfo.m in Sources */ = {isa = PBXBuildFile; fileRef = C7DA62F81E241A02009BDF2C /* SNTCommandBundleInfo.m */; };
+		C7EAF71820A0A20B00745126 /* DirectoryBundle in Resources */ = {isa = PBXBuildFile; fileRef = C7EAF71720A0A20B00745126 /* DirectoryBundle */; };
 		C7FB56F61DBFB480004E14EF /* SNTXPCSyncdInterface.m in Sources */ = {isa = PBXBuildFile; fileRef = C7FB56F51DBFB480004E14EF /* SNTXPCSyncdInterface.m */; };
 		C7FB56F71DBFB480004E14EF /* SNTXPCSyncdInterface.m in Sources */ = {isa = PBXBuildFile; fileRef = C7FB56F51DBFB480004E14EF /* SNTXPCSyncdInterface.m */; };
 		C7FB57001DBFC213004E14EF /* SNTSyncdQueue.m in Sources */ = {isa = PBXBuildFile; fileRef = C7FB56FF1DBFC213004E14EF /* SNTSyncdQueue.m */; };
@@ -328,7 +323,6 @@
 		0D385DED180DE51600418BC6 /* SNTMessageWindowController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTMessageWindowController.m; sourceTree = "<group>"; };
 		0D385DEE180DE51600418BC6 /* SNTNotificationManager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTNotificationManager.h; sourceTree = "<group>"; };
 		0D385DEF180DE51600418BC6 /* SNTNotificationManager.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTNotificationManager.m; sourceTree = "<group>"; };
-		0D3AFBE618FB32CB0087BCEE /* SNTXPCConnectionTest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTXPCConnectionTest.m; sourceTree = "<group>"; };
 		0D3AFBF718FB4C870087BCEE /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = System/Library/Frameworks/IOKit.framework; sourceTree = SDKROOT; };
 		0D4163FF191974F1006A356A /* SNTCommandSyncState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTCommandSyncState.h; sourceTree = "<group>"; };
 		0D416400191974F1006A356A /* SNTCommandSyncState.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTCommandSyncState.m; sourceTree = "<group>"; };
@@ -349,8 +343,6 @@
 		0D63DD5B1906FCB400D346C4 /* SNTDatabaseController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTDatabaseController.m; sourceTree = "<group>"; };
 		0D668E7F18D1121700E29A8B /* SNTMessageWindow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTMessageWindow.h; sourceTree = "<group>"; };
 		0D668E8018D1121700E29A8B /* SNTMessageWindow.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTMessageWindow.m; sourceTree = "<group>"; };
-		0D6FDC9418C93A020044685C /* SNTXPCConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTXPCConnection.h; sourceTree = "<group>"; };
-		0D6FDC9518C93A020044685C /* SNTXPCConnection.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTXPCConnection.m; sourceTree = "<group>"; };
 		0D7D01851774F93A005DBAB4 /* SNTDriverManager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTDriverManager.h; sourceTree = "<group>"; };
 		0D7D01861774F93A005DBAB4 /* SNTDriverManager.m */ = {isa = PBXFileReference; fileEncoding = 4; indentWidth = 2; lastKnownFileType = sourcecode.c.objc; path = SNTDriverManager.m; sourceTree = "<group>"; };
 		0D827E6619DF3C74006EC811 /* SNTCommandStatus.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTCommandStatus.m; sourceTree = "<group>"; };
@@ -451,6 +443,7 @@
 		C7C721AF1E23FF300051FAA6 /* SNTXPCBundleServiceInterface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTXPCBundleServiceInterface.h; sourceTree = "<group>"; };
 		C7C721B01E23FF300051FAA6 /* SNTXPCBundleServiceInterface.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTXPCBundleServiceInterface.m; sourceTree = "<group>"; };
 		C7DA62F81E241A02009BDF2C /* SNTCommandBundleInfo.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTCommandBundleInfo.m; sourceTree = "<group>"; };
+		C7EAF71720A0A20B00745126 /* DirectoryBundle */ = {isa = PBXFileReference; lastKnownFileType = folder; path = DirectoryBundle; sourceTree = "<group>"; };
 		C7FB56F41DBFB480004E14EF /* SNTXPCSyncdInterface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTXPCSyncdInterface.h; sourceTree = "<group>"; };
 		C7FB56F51DBFB480004E14EF /* SNTXPCSyncdInterface.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SNTXPCSyncdInterface.m; sourceTree = "<group>"; };
 		C7FB56FE1DBFC213004E14EF /* SNTSyncdQueue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SNTSyncdQueue.h; sourceTree = "<group>"; };
@@ -541,7 +534,6 @@
 				0DD0D490194F9947005F27EB /* SNTExecutionControllerTest.m */,
 				0DD0D48E194F78F8005F27EB /* SNTFileInfoTest.m */,
 				0DB537861AFD36EB00487F92 /* SNTRuleTableTest.m */,
-				0D3AFBE618FB32CB0087BCEE /* SNTXPCConnectionTest.m */,
 			);
 			path = LogicTests;
 			sourceTree = "<group>";
@@ -549,6 +541,7 @@
 		0D260DB018B68E12002A0B55 /* Resources */ = {
 			isa = PBXGroup;
 			children = (
+				C7EAF71720A0A20B00745126 /* DirectoryBundle */,
 				C74D6CC51EEB3B9B00BB5A33 /* BundleExample.app */,
 				0D536ED51B8E7A2E0039A26D /* bad_pagezero */,
 				0D2CD4601A81C7B100C9C910 /* dn.plist */,
@@ -744,8 +737,6 @@
 				0D42D2B419D1D98A00955F08 /* SNTSystemInfo.m */,
 				C7C721AF1E23FF300051FAA6 /* SNTXPCBundleServiceInterface.h */,
 				C7C721B01E23FF300051FAA6 /* SNTXPCBundleServiceInterface.m */,
-				0D6FDC9418C93A020044685C /* SNTXPCConnection.h */,
-				0D6FDC9518C93A020044685C /* SNTXPCConnection.m */,
 				0DCD605319115D17006B445C /* SNTXPCControlInterface.h */,
 				0DCD605419115D17006B445C /* SNTXPCControlInterface.m */,
 				0DC8C9E3180CC3BC00FCFB29 /* SNTXPCNotifierInterface.h */,
@@ -1059,7 +1050,7 @@
 		0D91BCA8174E8A6500131A7D /* Project object */ = {
 			isa = PBXProject;
 			attributes = {
-				LastUpgradeCheck = 0730;
+				LastUpgradeCheck = 0910;
 				TargetAttributes = {
 					0D260DAB18B68E12002A0B55 = {
 						TestTargetID = 0D385DB5180DE4A900418BC6;
@@ -1107,6 +1098,7 @@
 				0D2CD4611A81C7B100C9C910 /* dn.plist in Resources */,
 				0DEA5F7B1CF64C9200704398 /* sync_ruledownload_batch2.json in Resources */,
 				0DEA5F6C1CF6254900704398 /* sync_preflight_lockdown.json in Resources */,
+				C7EAF71820A0A20B00745126 /* DirectoryBundle in Resources */,
 				0D536ED81B8E7A2E0039A26D /* missing_pagezero in Resources */,
 				0D202D201CE4E90E00A88F16 /* sync_preflight_basic.json in Resources */,
 			);
@@ -1466,7 +1458,6 @@
 				0D202D191CDD2EE500A88F16 /* SNTCommandSyncTest.m in Sources */,
 				0D3AFBF018FB4C6C0087BCEE /* SNTDriverManager.m in Sources */,
 				0DCD6044190ACCB8006B445C /* SNTFileInfo.m in Sources */,
-				0D6FDC9718C93A020044685C /* SNTXPCConnection.m in Sources */,
 				0D3AFBEB18FB48E70087BCEE /* SNTDatabaseTable.m in Sources */,
 				0DD0D491194F9947005F27EB /* SNTExecutionControllerTest.m in Sources */,
 				0D3AFBEF18FB4C6C0087BCEE /* SNTExecutionController.m in Sources */,
@@ -1483,7 +1474,6 @@
 				0DE5B54C1C92722300C00603 /* SNTNotificationQueue.m in Sources */,
 				0DEA5F651CF6057D00704398 /* SNTCommandSyncEventUpload.m in Sources */,
 				0DB77FFB1CD7AC5A004DF060 /* SNTCommandSyncConstants.m in Sources */,
-				0D3AFBE718FB32CB0087BCEE /* SNTXPCConnectionTest.m in Sources */,
 				0D9184B91CD2F32D0004E859 /* SNTCommandSyncStage.m in Sources */,
 				0DCD605719115E54006B445C /* SNTDaemonControlController.m in Sources */,
 				0D2E1E631CEFA6C30039B2C4 /* SantaCacheTest.mm in Sources */,
@@ -1513,7 +1503,6 @@
 				0DE50F6C19130358007B2B0C /* SNTStoredEvent.m in Sources */,
 				0D9184B81CD2F32D0004E859 /* SNTCommandSyncStage.m in Sources */,
 				C776A1071DEE160500A56616 /* SNTCommandSyncManager.m in Sources */,
-				0D35BDC418FDA5D100921A21 /* SNTXPCConnection.m in Sources */,
 				0DCD605C19117A90006B445C /* SNTCommandSyncPreflight.m in Sources */,
 				0D41640519197AD7006A356A /* SNTCommandSyncEventUpload.m in Sources */,
 				0D42D2B919D2042900955F08 /* SNTConfigurator.m in Sources */,
@@ -1543,7 +1532,6 @@
 			isa = PBXSourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				0DCA552718C95928002A7DAE /* SNTXPCConnection.m in Sources */,
 				0D385DF1180DE51600418BC6 /* SNTAppDelegate.m in Sources */,
 				0D88680A1AC48A1200B86659 /* SNTSystemInfo.m in Sources */,
 				0D89310F1C931986002E8D74 /* SNTRule.m in Sources */,
@@ -1594,7 +1582,6 @@
 				0DC5D86D191AED220078A5C0 /* SNTRuleTable.m in Sources */,
 				0D7D01871774F93A005DBAB4 /* SNTDriverManager.m in Sources */,
 				0D8E18CD19107B56000F89B8 /* SNTDaemonControlController.m in Sources */,
-				0D6FDC9618C93A020044685C /* SNTXPCConnection.m in Sources */,
 				0D377C2A17A071B7008453DB /* SNTEventTable.m in Sources */,
 				0DE50F681912716A007B2B0C /* SNTRule.m in Sources */,
 				0DB77FD81CCE824A004DF060 /* SNTBlockMessage.m in Sources */,
@@ -1614,7 +1601,6 @@
 			buildActionMask = 2147483647;
 			files = (
 				C7C721B21E23FF300051FAA6 /* SNTXPCBundleServiceInterface.m in Sources */,
-				C7C721B31E2400310051FAA6 /* SNTXPCConnection.m in Sources */,
 				C7C721B61E2408C30051FAA6 /* SNTLogging.m in Sources */,
 				C7C721B41E24042B0051FAA6 /* SNTStoredEvent.m in Sources */,
 				C7C721B51E2408BE0051FAA6 /* SNTFileInfo.m in Sources */,
@@ -2000,11 +1986,34 @@
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_STRCPY = YES;
 				CLANG_CXX_LANGUAGE_STANDARD = "c++0x";
 				CLANG_ENABLE_MODULES = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
 				CLANG_WARN_CXX0X_EXTENSIONS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "Mac Developer";
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
 				GCC_C_LANGUAGE_STANDARD = c99;
+				GCC_NO_COMMON_BLOCKS = YES;
 				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
 				LLVM_LTO = NO;
 				MACOSX_DEPLOYMENT_TARGET = 10.9;
 				ONLY_ACTIVE_ARCH = YES;
@@ -2028,13 +2037,37 @@
 				CLANG_ANALYZER_SECURITY_INSECUREAPI_STRCPY = YES;
 				CLANG_CXX_LANGUAGE_STANDARD = "c++0x";
 				CLANG_ENABLE_MODULES = YES;
+				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
+				CLANG_WARN_BOOL_CONVERSION = YES;
+				CLANG_WARN_COMMA = YES;
+				CLANG_WARN_CONSTANT_CONVERSION = YES;
 				CLANG_WARN_CXX0X_EXTENSIONS = YES;
+				CLANG_WARN_EMPTY_BODY = YES;
+				CLANG_WARN_ENUM_CONVERSION = YES;
+				CLANG_WARN_INFINITE_RECURSION = YES;
+				CLANG_WARN_INT_CONVERSION = YES;
+				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
+				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
+				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
+				CLANG_WARN_STRICT_PROTOTYPES = YES;
+				CLANG_WARN_SUSPICIOUS_MOVE = YES;
+				CLANG_WARN_UNREACHABLE_CODE = YES;
+				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_IDENTITY = "Mac Developer";
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				GCC_C_LANGUAGE_STANDARD = c99;
+				GCC_NO_COMMON_BLOCKS = YES;
 				GCC_OPTIMIZATION_LEVEL = fast;
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES;
+				GCC_WARN_UNDECLARED_SELECTOR = YES;
+				GCC_WARN_UNINITIALIZED_AUTOS = YES;
+				GCC_WARN_UNUSED_FUNCTION = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
 				LLVM_LTO = YES;
 				MACOSX_DEPLOYMENT_TARGET = 10.9;
+				OTHER_CODE_SIGN_FLAGS = "-o library,kill";
 				PROVISIONING_PROFILE = "";
 				RUN_CLANG_STATIC_ANALYZER = YES;
 				SDKROOT = macosx;

Santa.xcodeproj/xcshareddata/xcschemes/All.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "0730"
+   LastUpgradeVersion = "0910"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
@@ -48,6 +48,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

Santa.xcodeproj/xcshareddata/xcschemes/KernelTests.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "0730"
+   LastUpgradeVersion = "0910"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
@@ -26,6 +26,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       shouldUseLaunchSchemeArgsEnv = "YES">
       <Testables>
       </Testables>
@@ -45,6 +46,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

Santa.xcodeproj/xcshareddata/xcschemes/LogicTests.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "0730"
+   LastUpgradeVersion = "0910"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
@@ -26,6 +26,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       shouldUseLaunchSchemeArgsEnv = "YES">
       <Testables>
          <TestableReference
@@ -55,6 +56,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

Santa.xcodeproj/xcshareddata/xcschemes/Santa.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "0730"
+   LastUpgradeVersion = "0910"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
@@ -26,6 +26,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       shouldUseLaunchSchemeArgsEnv = "YES">
       <Testables>
       </Testables>
@@ -45,6 +46,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

Santa.xcodeproj/xcshareddata/xcschemes/santa-driver.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "0730"
+   LastUpgradeVersion = "0910"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
@@ -26,6 +26,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       shouldUseLaunchSchemeArgsEnv = "YES">
       <Testables>
       </Testables>
@@ -36,6 +37,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

Santa.xcodeproj/xcshareddata/xcschemes/santabs.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "0730"
+   LastUpgradeVersion = "0910"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
@@ -26,6 +26,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       shouldUseLaunchSchemeArgsEnv = "YES">
       <Testables>
       </Testables>
@@ -36,6 +37,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

Santa.xcodeproj/xcshareddata/xcschemes/santactl.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "0730"
+   LastUpgradeVersion = "0910"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
@@ -26,6 +26,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       shouldUseLaunchSchemeArgsEnv = "YES">
       <Testables>
       </Testables>
@@ -45,6 +46,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

Santa.xcodeproj/xcshareddata/xcschemes/santad.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "0730"
+   LastUpgradeVersion = "0910"
    version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
@@ -26,6 +26,7 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+      language = ""
       shouldUseLaunchSchemeArgsEnv = "YES">
       <Testables>
       </Testables>
@@ -46,6 +47,7 @@
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
       debugAsWhichUser = "root"
+      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

Source/SantaGUI/Resources/MessageWindow.xib

@@ -1,9 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="16F73" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES">
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="13529" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES">
     <dependencies>
         <deployment identifier="macosx"/>
-        <development version="6300" identifier="xcode"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="13529"/>
+        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
+        <capability name="system font weights other than Regular or Bold" minToolsVersion="7.0"/>
     </dependencies>
     <objects>
         <customObject id="-2" userLabel="File's Owner" customClass="SNTMessageWindowController">
@@ -22,13 +23,14 @@
         <window title="Santa Blocked Execution" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" showsToolbarButton="NO" visibleAtLaunch="NO" animationBehavior="none" id="9Bq-yh-54f" customClass="SNTMessageWindow">
             <windowStyleMask key="styleMask" utility="YES"/>
             <rect key="contentRect" x="167" y="107" width="540" height="479"/>
-            <rect key="screenRect" x="0.0" y="0.0" width="2560" height="1417"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="3840" height="1578"/>
             <view key="contentView" id="Iwq-Lx-rLv">
                 <rect key="frame" x="0.0" y="0.0" width="540" height="479"/>
                 <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
                 <subviews>
                     <button focusRingType="none" verticalHuggingPriority="750" fixedFrame="YES" translatesAutoresizingMaskIntoConstraints="NO" id="kiB-jZ-69S">
                         <rect key="frame" x="16" y="451" width="37" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
                         <buttonCell key="cell" type="push" title="Hidden Button" alternateTitle="This button exists so neither of the other two buttons is pre-selected when the dialog opens." bezelStyle="rounded" alignment="center" borderStyle="border" focusRingType="none" transparent="YES" imageScaling="proportionallyDown" inset="2" id="XGa-Sl-F4t">
                             <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
                             <font key="font" metaFont="system"/>
@@ -40,20 +42,6 @@
                             <outlet property="nextKeyView" destination="7ua-5a-uSd" id="vl5-A8-O0H"/>
                         </connections>
                     </button>
-                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="t8c-Fx-e5h">
-                        <rect key="frame" x="228" y="408" width="85" height="41"/>
-                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" refusesFirstResponder="YES" sendsActionOnEndEditing="YES" title="Santa" id="7YA-iB-Zma">
-                            <font key="font" metaFont="systemUltraLight" size="34"/>
-                            <color key="textColor" red="0.20000000000000001" green="0.20000000000000001" blue="0.20000000000000001" alpha="1" colorSpace="calibratedRGB"/>
-                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
-                            <userDefinedRuntimeAttributes>
-                                <userDefinedRuntimeAttribute type="boolean" keyPath="accessibilityElement" value="NO"/>
-                            </userDefinedRuntimeAttributes>
-                        </textFieldCell>
-                        <connections>
-                            <outlet property="nextKeyView" destination="7ua-5a-uSd" id="z5y-RR-IEH"/>
-                        </connections>
-                    </textField>
                     <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" setsMaxLayoutWidthAtFirstLayout="YES" translatesAutoresizingMaskIntoConstraints="NO" id="cD5-Su-lXR" customClass="SNTAccessibleTextField">
                         <rect key="frame" x="43" y="369" width="454" height="17"/>
                         <constraints>
@@ -370,7 +358,7 @@ DQ
                             <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
                         </textFieldCell>
                     </textField>
-                    <box horizontalHuggingPriority="750" title="Line" boxType="custom" borderType="line" titlePosition="noTitle" translatesAutoresizingMaskIntoConstraints="NO" id="4Li-ul-zIi">
+                    <box horizontalHuggingPriority="750" boxType="custom" borderType="line" title="Line" titlePosition="noTitle" translatesAutoresizingMaskIntoConstraints="NO" id="4Li-ul-zIi">
                         <rect key="frame" x="168" y="132" width="1" height="207"/>
                         <constraints>
                             <constraint firstAttribute="width" constant="1" id="0o1-Jh-epf"/>
@@ -418,6 +406,20 @@ DQ
                             </binding>
                         </connections>
                     </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="t8c-Fx-e5h">
+                        <rect key="frame" x="229" y="408" width="82" height="41"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" refusesFirstResponder="YES" sendsActionOnEndEditing="YES" title="Santa" id="7YA-iB-Zma">
+                            <font key="font" metaFont="systemUltraLight" size="34"/>
+                            <color key="textColor" red="0.20000000000000001" green="0.20000000000000001" blue="0.20000000000000001" alpha="1" colorSpace="calibratedRGB"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                            <userDefinedRuntimeAttributes>
+                                <userDefinedRuntimeAttribute type="boolean" keyPath="accessibilityElement" value="NO"/>
+                            </userDefinedRuntimeAttributes>
+                        </textFieldCell>
+                        <connections>
+                            <outlet property="nextKeyView" destination="7ua-5a-uSd" id="z5y-RR-IEH"/>
+                        </connections>
+                    </textField>
                 </subviews>
                 <constraints>
                     <constraint firstItem="oFj-ol-xpL" firstAttribute="leading" secondItem="Iwq-Lx-rLv" secondAttribute="leading" constant="10" id="0AD-PS-5V1"/>

Source/SantaGUI/SNTAboutWindowController.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Cocoa;
+#import <Cocoa/Cocoa.h>
 
 @interface SNTAboutWindowController : NSWindowController
 

Source/SantaGUI/SNTAccessibleTextField.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Cocoa;
+#import <Cocoa/Cocoa.h>
 
 /**
    An NSTextField subclass that provides an accessiblity label equal to:

Source/SantaGUI/SNTAppDelegate.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Cocoa;
+#import <Cocoa/Cocoa.h>
 
 ///
 /// Initiates and manages the connection to santad

Source/SantaGUI/SNTAppDelegate.m

@@ -14,18 +14,19 @@
 
 #import "SNTAppDelegate.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTAboutWindowController.h"
 #import "SNTConfigurator.h"
 #import "SNTNotificationManager.h"
 #import "SNTStrengthify.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @interface SNTAppDelegate ()
 @property SNTAboutWindowController *aboutWindowController;
 @property SNTNotificationManager *notificationManager;
-@property SNTXPCConnection *daemonListener;
-@property SNTXPCConnection *bundleListener;
+@property MOLXPCConnection *daemonListener;
+@property MOLXPCConnection *bundleListener;
 @end
 
 @implementation SNTAppDelegate
@@ -45,12 +46,17 @@
     self.daemonListener.invalidationHandler = nil;
     [self.daemonListener invalidate];
     self.daemonListener = nil;
+
+    self.bundleListener.invalidationHandler = nil;
+    [self.bundleListener invalidate];
+    self.bundleListener = nil;
   }];
   [workspaceNotifications addObserverForName:NSWorkspaceSessionDidBecomeActiveNotification
                                       object:nil
                                        queue:[NSOperationQueue currentQueue]
                                   usingBlock:^(NSNotification *note) {
     [self attemptDaemonReconnection];
+    [self attemptBundleReconnection];
   }];
 
   [self createDaemonConnection];
@@ -72,7 +78,7 @@
 
   // Create listener for return connection from daemon.
   NSXPCListener *listener = [NSXPCListener anonymousListener];
-  self.daemonListener = [[SNTXPCConnection alloc] initServerWithListener:listener];
+  self.daemonListener = [[MOLXPCConnection alloc] initServerWithListener:listener];
   self.daemonListener.exportedInterface = [SNTXPCNotifierInterface notifierInterface];
   self.daemonListener.exportedObject = self.notificationManager;
   self.daemonListener.acceptedHandler = ^{
@@ -85,9 +91,10 @@
   [self.daemonListener resume];
 
   // Tell daemon to connect back to the above listener.
-  SNTXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
   [daemonConn resume];
   [[daemonConn remoteObjectProxy] setNotificationListener:listener.endpoint];
+  [daemonConn invalidate];
 
   // Now wait for the connection to come in.
   if (dispatch_semaphore_wait(sema, dispatch_time(DISPATCH_TIME_NOW, 5 * NSEC_PER_SEC))) {
@@ -96,6 +103,8 @@
 }
 
 - (void)attemptDaemonReconnection {
+  self.daemonListener.invalidationHandler = nil;
+  [self.daemonListener invalidate];
   [self performSelectorInBackground:@selector(createDaemonConnection) withObject:nil];
 }
 
@@ -106,7 +115,7 @@
 
   // Create listener for return connection from the bundle service.
   NSXPCListener *listener = [NSXPCListener anonymousListener];
-  self.bundleListener = [[SNTXPCConnection alloc] initServerWithListener:listener];
+  self.bundleListener = [[MOLXPCConnection alloc] initServerWithListener:listener];
   self.bundleListener.exportedInterface = [SNTXPCNotifierInterface bundleNotifierInterface];
   self.bundleListener.exportedObject = self.notificationManager;
   self.bundleListener.acceptedHandler = ^{
@@ -119,9 +128,10 @@
   [self.bundleListener resume];
 
   // Tell santabs to connect back to the above listener.
-  SNTXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
   [daemonConn resume];
   [[daemonConn remoteObjectProxy] setBundleNotificationListener:listener.endpoint];
+  [daemonConn invalidate];
 
   // Now wait for the connection to come in.
   if (dispatch_semaphore_wait(sema, dispatch_time(DISPATCH_TIME_NOW, 5 * NSEC_PER_SEC))) {
@@ -130,6 +140,8 @@
 }
 
 - (void)attemptBundleReconnection {
+  self.bundleListener.invalidationHandler = nil;
+  [self.bundleListener invalidate];
   [self performSelectorInBackground:@selector(createBundleConnection) withObject:nil];
 }
 

Source/SantaGUI/SNTMessageWindow.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Cocoa;
+#import <Cocoa/Cocoa.h>
 
 ///
 ///  An NSPanel that can become key/main and can fade in/out.

Source/SantaGUI/SNTMessageWindowController.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Cocoa;
+#import <Cocoa/Cocoa.h>
 
 @class SNTStoredEvent;
 

Source/SantaGUI/SNTMessageWindowController.m

@@ -14,7 +14,7 @@
 
 #import "SNTMessageWindowController.h"
 
-@import SecurityInterface.SFCertificatePanel;
+#import <SecurityInterface/SFCertificatePanel.h>
 
 #import <MOLCertificate/MOLCertificate.h>
 

Source/SantaGUI/SNTNotificationManager.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Cocoa;
+#import <Cocoa/Cocoa.h>
 
 #import "SNTMessageWindowController.h"
 #import "SNTXPCNotifierInterface.h"

Source/SantaGUI/SNTNotificationManager.m

@@ -14,12 +14,13 @@
 
 #import "SNTNotificationManager.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTBlockMessage.h"
 #import "SNTConfigurator.h"
 #import "SNTLogging.h"
 #import "SNTStoredEvent.h"
 #import "SNTStrengthify.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @interface SNTNotificationManager ()
@@ -31,7 +32,7 @@
 @property(readonly) NSMutableArray *pendingNotifications;
 
 ///  The connection to the bundle service
-@property SNTXPCConnection *bundleServiceConnection;
+@property MOLXPCConnection *bundleServiceConnection;
 
 ///  A semaphore to block bundle hashing until a connection is established
 @property dispatch_semaphore_t bundleServiceSema;
@@ -192,7 +193,7 @@ static NSString * const silencedNotificationsKey = @"SilencedNotifications";
 }
 
 - (void)setBundleServiceListener:(NSXPCListenerEndpoint *)listener {
-  SNTXPCConnection *c = [[SNTXPCConnection alloc] initClientWithListener:listener];
+  MOLXPCConnection *c = [[MOLXPCConnection alloc] initClientWithListener:listener];
   c.remoteInterface = [SNTXPCBundleServiceInterface bundleServiceInterface];
   [c resume];
   self.bundleServiceConnection = c;
@@ -203,6 +204,8 @@ static NSString * const silencedNotificationsKey = @"SilencedNotifications";
     if (self.currentWindowController) {
       [self updateBlockNotification:self.currentWindowController.event withBundleHash:nil];
     }
+    self.bundleServiceConnection.invalidationHandler = nil;
+    [self.bundleServiceConnection invalidate];
   };
 
   dispatch_semaphore_signal(self.bundleServiceSema);
@@ -245,9 +248,10 @@ static NSString * const silencedNotificationsKey = @"SilencedNotifications";
     }
 
     // Send the results to santad. It will decide if they need to be synced.
-    SNTXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
+    MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
     [daemonConn resume];
     [[daemonConn remoteObjectProxy] syncBundleEvent:event relatedEvents:events];
+    [daemonConn invalidate];
 
     // Update the UI with the bundle hash. Also make the openEventButton available.
     [self updateBlockNotification:event withBundleHash:bh];

Source/SantaGUI/main.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Cocoa;
+#import <Cocoa/Cocoa.h>
 
 #import "SNTAppDelegate.h"
 

Source/common/SNTBlockMessage.h

@@ -13,9 +13,9 @@
 ///    limitations under the License.
 
 #ifdef SANTAGUI
-@import Cocoa;
+#import <Cocoa/Cocoa.h>
 #else
-@import Foundation;
+#import <Foundation/Foundation.h>
 #endif
 
 @class SNTStoredEvent;

Source/common/SNTCommonEnums.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 ///
 ///  These enums are used in various places throughout the Santa client code.

Source/common/SNTConfigurator.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 

Source/common/SNTDropRootPrivs.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 ///
 ///  Simple function to check and drop root privileges.

Source/common/SNTFileInfo.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 @class MOLCodesignChecker;
 

Source/common/SNTFileInfo.m

@@ -24,7 +24,7 @@
 #include <sys/stat.h>
 #include <sys/xattr.h>
 
-#import <FMDB/FMDB.h>
+#import <fmdb/FMDB.h>
 
 // Simple class to hold the data of a mach_header and the offset within the file
 // in which that header was found.
@@ -317,6 +317,26 @@ extern NSString *const NSURLQuarantinePropertiesKey WEAK_IMPORT_ATTRIBUTE;
 
 #pragma mark Bundle Information
 
+///
+///  Directories with a "Contents/Info.plist" entry can be mistaken as a bundle. To be considered an
+///  ancestor, the bundle must have a valid extension.
+///
+- (NSSet *)allowedAncestorExtensions {
+  static NSSet *set;
+  static dispatch_once_t onceToken;
+  dispatch_once(&onceToken, ^{
+    set = [NSSet setWithArray:@[
+      @"app",
+      @"bundle",
+      @"framework",
+      @"kext",
+      @"xctest",
+      @"xpc",
+    ]];
+  });
+  return set;
+}
+
 ///
 ///  Try and determine the bundle that the represented executable is contained within, if any.
 ///
@@ -327,18 +347,21 @@ extern NSString *const NSURLQuarantinePropertiesKey WEAK_IMPORT_ATTRIBUTE;
 ///
 ///  This method walks up the path until a bundle is found, if any.
 ///
-///  @param ancestor YES this will return the highest NSBundle found in the tree. No will return the
-///                  the lowest.
+///  @param ancestor YES this will return the highest NSBundle, with a valid extension, found in the
+///                  tree. NO will return the the lowest NSBundle, without validating the extension.
 ///
--(NSBundle *)findBundleWithAncestor:(BOOL)ancestor {
+- (NSBundle *)findBundleWithAncestor:(BOOL)ancestor {
   NSBundle *bundle;
   NSMutableArray *pathComponents = [[self.path pathComponents] mutableCopy];
 
   // Ignore the root path "/", for some reason this is considered a bundle.
   while (pathComponents.count > 1) {
     NSBundle *bndl = [NSBundle bundleWithPath:[NSString pathWithComponents:pathComponents]];
-    if (bndl && [bndl objectForInfoDictionaryKey:@"CFBundleIdentifier"]) {
-      bundle = bndl;
+    if ([bndl objectForInfoDictionaryKey:@"CFBundleIdentifier"]) {
+      if (!ancestor ||
+          [[self allowedAncestorExtensions] containsObject:bndl.bundlePath.pathExtension]) {
+        bundle = bndl;
+      }
       if (!ancestor) break;
     }
     [pathComponents removeLastObject];

Source/common/SNTLogging.h

@@ -34,7 +34,7 @@
 
 #else  // KERNEL
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 typedef enum : NSUInteger {
   LOG_LEVEL_ERROR,

Source/common/SNTRule.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 

Source/common/SNTRule.m

@@ -32,6 +32,8 @@
 
 #pragma mark NSSecureCoding
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wobjc-literal-conversion"
 #define ENCODE(obj, key) if (obj) [coder encodeObject:obj forKey:key]
 #define DECODE(cls, key) [decoder decodeObjectOfClass:[cls class] forKey:key]
 
@@ -59,6 +61,7 @@
 
 #undef DECODE
 #undef ENCODE
+#pragma clang diagnostic pop
 
 - (BOOL)isEqual:(id)other {
   if (other == self) return YES;

Source/common/SNTStoredEvent.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 

Source/common/SNTStoredEvent.m

@@ -18,6 +18,9 @@
 
 @implementation SNTStoredEvent
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wobjc-literal-conversion"
+
 #define ENCODE(obj, key) if (obj) [coder encodeObject:obj forKey:key]
 #define DECODE(cls, key) [decoder decodeObjectOfClass:[cls class] forKey:key]
 #define DECODEARRAY(cls, key) \
@@ -129,4 +132,6 @@
       [NSString stringWithFormat:@"SNTStoredEvent[%@] with SHA-256: %@", self.idx, self.fileSHA256];
 }
 
+#pragma clang diagnostic pop
+
 @end

Source/common/SNTSystemInfo.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 ///
 ///  Simple class for fetching system information

Source/common/SNTXPCBundleServiceInterface.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 @class SNTStoredEvent;
 

Source/common/SNTXPCConnection.h

@@ -1,135 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-@import Foundation;
-
-/**
-  A wrapper around NSXPCListener and NSXPCConnection to provide client multiplexing, signature
-  validation of connecting clients and forced connection establishment.
-
-  Example server started by @c launchd where the @c launchd job has a @c MachServices key:
-
-  @code
-   SNTXPCConnection *conn = [[SNTXPCConnection alloc] initServerWithName:@"MyServer"];
-   conn.exportedInterface = [NSXPCInterface interfaceWithProtocol:@protocol(MyServerProtocol)];
-   conn.exportedObject = myObject;
-   [conn resume];
-  @endcode
-
-  Example client, connecting to above server:
-
-  @code
-   SNTXPCConnection *conn = [[SNTXPCConnection alloc] initClientWithName:"MyServer"
-                                                             withOptions:0];
-   conn.remoteInterface = [NSXPCInterface interfaceWithProtocol:@protocol(MyServerProtocol)];
-   conn.invalidationHandler = ^{ NSLog(@"Connection invalidated") };
-   [conn resume];
-  @endcode
-
-  The client can send a message to the server with:
-
-  @code
-   [conn.remoteObjectProxy selectorInRemoteInterface];
-  @endcode
-
-  One advantage of the way that SNTXPCConnection works over using NSXPCConnection directly is that
-  from the client-side once the resume method has finished, the connection is either valid or the
-  invalidation handler will be called. Ordinarily, the connection doesn't actually get made until
-  the first message is sent across it.
-
-  @note messages are always delivered on a background thread!
-*/
-@interface SNTXPCConnection : NSObject<NSXPCListenerDelegate>
-
-/**
-  Initialize a new server with a given listener, provided by `[NSXPCListener anonymousListener]`.
-*/
-- (nullable instancetype)initServerWithListener:(nonnull NSXPCListener *)listener;
-
-/**
-  Initializer for the 'server' side of the connection, started by launchd.
-
-  @param name MachService name, must match the MachServices key in the launchd.plist
-*/
-- (nullable instancetype)initServerWithName:(nonnull NSString *)name;
-
-/**
-  Initialize a new client to a service exported by a LaunchDaemon.
-
-  @param name MachService name
-  @param privileged Use YES if the server is running as root.
-*/
-- (nullable instancetype)initClientWithName:(nonnull NSString *)name privileged:(BOOL)privileged;
-
-/**
-  Initialize a new client to a service within a bundle.
-
-  @param name service name
-*/
-- (nullable instancetype)initClientWithServiceName:(nonnull NSString *)name;
-
-/**
-  Initialize a new client with a listener endpoint sent from another process.
-
-  @param listener An NSXPCListenerEndpoint to connect to.
-*/
-- (nullable instancetype)initClientWithListener:(nonnull NSXPCListenerEndpoint *)listener;
-
-/**
-  Call when the properties of the object have been set-up and you're ready for connections.
-
-  For clients, this call can take up to 2s to complete for connection to finish establishing though
-  in basically all cases it will actually complete in a few milliseconds.
-*/
-- (void)resume;
-
-/**
-  Invalidate the connection(s). This must be done before the object can be released.
-*/
-- (void)invalidate;
-
-/**
-  The interface the remote object should conform to. (client)
-*/
-@property(retain, nullable) NSXPCInterface *remoteInterface;
-
-/**
-  A proxy to the object at the other end of the connection. (client)
-
-  @note If the connection to the server failed, this will be nil, so you can safely send messages
-  and rely on the invalidationHandler for handling the failure.
-*/
-@property(readonly, nonatomic, nullable) id remoteObjectProxy;
-
-/**
-  The interface this object exports. (server)
-*/
-@property(retain, nullable) NSXPCInterface *exportedInterface;
-
-/**
-  The object that responds to messages from the other end. (server)
-*/
-@property(retain, nullable) id exportedObject;
-
-/**
-  A block to run when a/the connection is accepted and fully established.
-*/
-@property(copy, nullable) void (^acceptedHandler)(void);
-
-/**
-  A block to run when a/the connection is invalidated/interrupted/rejected.
-*/
-@property(copy, nullable) void (^invalidationHandler)(void);
-
-@end

Source/common/SNTXPCConnection.m

@@ -1,210 +0,0 @@
-/// Copyright 2015 Google Inc. All rights reserved.
-///
-/// Licensed under the Apache License, Version 2.0 (the "License");
-/// you may not use this file except in compliance with the License.
-/// You may obtain a copy of the License at
-///
-///    http://www.apache.org/licenses/LICENSE-2.0
-///
-///    Unless required by applicable law or agreed to in writing, software
-///    distributed under the License is distributed on an "AS IS" BASIS,
-///    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-///    See the License for the specific language governing permissions and
-///    limitations under the License.
-
-#import "SNTXPCConnection.h"
-
-#import <MOLCodesignChecker/MOLCodesignChecker.h>
-
-#import "SNTStrengthify.h"
-
-/**
-  Protocol used during connection establishment, @see SNTXPCConnectionInterface
-*/
-@protocol SNTXPCConnectionProtocol
-- (void)connectWithReply:(void (^)())reply;
-@end
-
-/**
-  Recipient object used during connection establishment. Each incoming connection
-  has one of these objects created which accept the message in the protocol
-  and call the block provided during creation before replying.
-
-  This allows the server to reset the connection's exported interface and
-  object to the correct values after the client has sent the establishment message.
-*/
-@interface SNTXPCConnectionInterface : NSObject<SNTXPCConnectionProtocol>
-@property(strong) void (^block)(void);
-@end
-
-@implementation SNTXPCConnectionInterface
-- (void)connectWithReply:(void (^)())reply {
-  if (self.block) self.block();
-  reply();
-}
-@end
-
-@interface SNTXPCConnection ()
-@property NSXPCInterface *validationInterface;
-
-/// The XPC listener (server only).
-@property NSXPCListener *listenerObject;
-
-/// The current connection object (client only).
-@property NSXPCConnection *currentConnection;
-@end
-
-@implementation SNTXPCConnection
-
-#pragma mark Initializers
-
-- (instancetype)initServerWithListener:(NSXPCListener *)listener {
-  self = [super init];
-  if (self) {
-    _listenerObject = listener;
-    _validationInterface =
-        [NSXPCInterface interfaceWithProtocol:@protocol(SNTXPCConnectionProtocol)];
-  }
-  return self;
-}
-
-- (instancetype)initServerWithName:(NSString *)name {
-  return [self initServerWithListener:[[NSXPCListener alloc] initWithMachServiceName:name]];
-}
-
-- (instancetype)initClientWithListener:(NSXPCListenerEndpoint *)listener {
-  self = [super init];
-  if (self) {
-    _currentConnection = [[NSXPCConnection alloc] initWithListenerEndpoint:listener];
-    if (!_currentConnection) return nil;
-    _validationInterface =
-        [NSXPCInterface interfaceWithProtocol:@protocol(SNTXPCConnectionProtocol)];
-  }
-  return self;
-}
-
-- (instancetype)initClientWithName:(NSString *)name privileged:(BOOL)privileged {
-  self = [super init];
-  if (self) {
-    NSXPCConnectionOptions options = (privileged ? NSXPCConnectionPrivileged : 0);
-    _currentConnection = [[NSXPCConnection alloc] initWithMachServiceName:name options:options];
-    if (!_currentConnection) return nil;
-    _validationInterface =
-        [NSXPCInterface interfaceWithProtocol:@protocol(SNTXPCConnectionProtocol)];
-  }
-  return self;
-}
-
-- (instancetype)initClientWithServiceName:(NSString *)name {
-  self = [super init];
-  if (self) {
-    _currentConnection = [[NSXPCConnection alloc] initWithServiceName:name];
-    if (!_currentConnection) return nil;
-    _validationInterface =
-        [NSXPCInterface interfaceWithProtocol:@protocol(SNTXPCConnectionProtocol)];
-  }
-  return self;
-}
-
-- (instancetype)init {
-  [self doesNotRecognizeSelector:_cmd];
-  return nil;
-}
-
-#pragma mark Connection set-up
-
-- (void)resume {
-  if (self.listenerObject) {
-    self.listenerObject.delegate = self;
-    [self.listenerObject resume];
-  } else {
-    WEAKIFY(self);
-
-    // Set-up the connection with the remote interface set to the validation interface,
-    // send a message to the listener to finish establishing the connection
-    dispatch_semaphore_t sema = dispatch_semaphore_create(0);
-    self.currentConnection.remoteObjectInterface = self.validationInterface;
-    self.currentConnection.interruptionHandler = self.currentConnection.invalidationHandler = ^{
-      STRONGIFY(self);
-      if (self.invalidationHandler) self.invalidationHandler();
-    };
-    [self.currentConnection resume];
-    [[self.currentConnection remoteObjectProxy] connectWithReply:^{
-      STRONGIFY(self);
-      // The connection is now established
-      [self.currentConnection suspend];
-      self.currentConnection.remoteObjectInterface = self.remoteInterface;
-      [self.currentConnection resume];
-      dispatch_semaphore_signal(sema);
-      if (self.acceptedHandler) self.acceptedHandler();
-    }];
-    if (dispatch_semaphore_wait(sema, dispatch_time(DISPATCH_TIME_NOW, 2 * NSEC_PER_SEC))) {
-      // This is unusual - as we're not inside a block - but necessary in case the caller sets an
-      // invalidation handler that causes this instance to be released (which is a reasonable
-      // approach). If establishing a connection fails, the invalidation handler will be called
-      // and then shortly after this bit of code will run causing a crash.
-      STRONGIFY(self);
-
-      // Connection was not established in a reasonable time, invalidate.
-      self.currentConnection.remoteObjectInterface = nil;  // ensure clients don't try to use it.
-      [self.currentConnection invalidate];
-    }
-  }
-}
-
-- (BOOL)listener:(NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)connection {
-  pid_t pid = connection.processIdentifier;
-  MOLCodesignChecker *otherCS = [[MOLCodesignChecker alloc] initWithPID:pid];
-  if (![otherCS signingInformationMatches:[[MOLCodesignChecker alloc] initWithSelf]]) {
-    return NO;
-  }
-
-  // The client passed the code signature check, now we need to resume the listener and
-  // return YES so that the client can send the connectWithReply message. Once the client does
-  // we reset the connection's exportedInterface and exportedObject.
-  SNTXPCConnectionInterface *ci = [[SNTXPCConnectionInterface alloc] init];
-  WEAKIFY(self);
-  WEAKIFY(connection);
-  ci.block = ^{
-    STRONGIFY(self)
-    STRONGIFY(connection);
-    [connection suspend];
-    connection.invalidationHandler = connection.interruptionHandler = ^{
-      if (self.invalidationHandler) self.invalidationHandler();
-    };
-    connection.exportedInterface = self.exportedInterface;
-    connection.exportedObject = self.exportedObject;
-    [connection resume];
-
-    // The connection is now established.
-    if (self.acceptedHandler) self.acceptedHandler();
-  };
-  connection.exportedInterface = self.validationInterface;
-  connection.exportedObject = ci;
-  [connection resume];
-
-  return YES;
-}
-
-- (id)remoteObjectProxy {
-  if (self.currentConnection.remoteObjectInterface &&
-      self.currentConnection.remoteObjectInterface != self.validationInterface) {
-    return [self.currentConnection remoteObjectProxyWithErrorHandler:^(NSError *error) {
-      [self.currentConnection invalidate];
-    }];
-  }
-  return nil;
-}
-
-#pragma mark Connection tear-down
-
-- (void)invalidate {
-  if (self.currentConnection) {
-    [self.currentConnection invalidate];
-    self.currentConnection = nil;
-  } else if (self.listenerObject) {
-    [self.listenerObject invalidate];
-  }
-}
-
-@end

Source/common/SNTXPCControlInterface.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import <MOLCertificate/MOLCertificate.h>
 
@@ -23,7 +23,7 @@
 
 @class SNTRule;
 @class SNTStoredEvent;
-@class SNTXPCConnection;
+@class MOLXPCConnection;
 
 ///
 ///  Protocol implemented by santad and utilized by santactl
@@ -72,19 +72,19 @@
 ///
 - (void)watchdogInfo:(void (^)(uint64_t, uint64_t, double, double))reply;
 - (void)clientMode:(void (^)(SNTClientMode))reply;
-- (void)setClientMode:(SNTClientMode)mode reply:(void (^)())reply;
+- (void)setClientMode:(SNTClientMode)mode reply:(void (^)(void))reply;
 - (void)xsrfToken:(void (^)(NSString *))reply;
-- (void)setXsrfToken:(NSString *)token reply:(void (^)())reply;
+- (void)setXsrfToken:(NSString *)token reply:(void (^)(void))reply;
 - (void)fullSyncLastSuccess:(void (^)(NSDate *))reply;
-- (void)setFullSyncLastSuccess:(NSDate *)date reply:(void (^)())reply;
+- (void)setFullSyncLastSuccess:(NSDate *)date reply:(void (^)(void))reply;
 - (void)ruleSyncLastSuccess:(void (^)(NSDate *))reply;
-- (void)setRuleSyncLastSuccess:(NSDate *)date reply:(void (^)())reply;
+- (void)setRuleSyncLastSuccess:(NSDate *)date reply:(void (^)(void))reply;
 - (void)syncCleanRequired:(void (^)(BOOL))reply;
-- (void)setSyncCleanRequired:(BOOL)cleanReqd reply:(void (^)())reply;
-- (void)setWhitelistPathRegex:(NSString *)pattern reply:(void (^)())reply;
-- (void)setBlacklistPathRegex:(NSString *)pattern reply:(void (^)())reply;
+- (void)setSyncCleanRequired:(BOOL)cleanReqd reply:(void (^)(void))reply;
+- (void)setWhitelistPathRegex:(NSString *)pattern reply:(void (^)(void))reply;
+- (void)setBlacklistPathRegex:(NSString *)pattern reply:(void (^)(void))reply;
 - (void)bundlesEnabled:(void (^)(BOOL))reply;
-- (void)setBundlesEnabled:(BOOL)bundlesEnabled reply:(void (^)())reply;
+- (void)setBundlesEnabled:(BOOL)bundlesEnabled reply:(void (^)(void))reply;
 
 ///
 ///  GUI Ops
@@ -97,7 +97,7 @@
 ///
 - (void)setSyncdListener:(NSXPCListenerEndpoint *)listener;
 - (void)pushNotifications:(void (^)(BOOL))reply;
-- (void)postRuleSyncNotificationWithCustomMessage:(NSString *)message reply:(void (^)())reply;
+- (void)postRuleSyncNotificationWithCustomMessage:(NSString *)message reply:(void (^)(void))reply;
 
 ///
 ///  Bundle Ops
@@ -121,9 +121,9 @@
 + (NSXPCInterface *)controlInterface;
 
 ///
-///  Retrieve a pre-configured SNTXPCConnection for communicating with santad.
+///  Retrieve a pre-configured MOLXPCConnection for communicating with santad.
 ///  Connections just needs any handlers set and then can be resumed and used.
 ///
-+ (SNTXPCConnection *)configuredConnection;
++ (MOLXPCConnection *)configuredConnection;
 
 @end

Source/common/SNTXPCControlInterface.m

@@ -14,9 +14,10 @@
 
 #import "SNTXPCControlInterface.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTRule.h"
 #import "SNTStoredEvent.h"
-#import "SNTXPCConnection.h"
 
 @implementation SNTXPCControlInterface
 
@@ -50,8 +51,8 @@
   return r;
 }
 
-+ (SNTXPCConnection *)configuredConnection {
-  SNTXPCConnection *c = [[SNTXPCConnection alloc] initClientWithName:[self serviceId]
++ (MOLXPCConnection *)configuredConnection {
+  MOLXPCConnection *c = [[MOLXPCConnection alloc] initClientWithName:[self serviceId]
                                                           privileged:YES];
   c.remoteInterface = [self controlInterface];
   return c;

Source/common/SNTXPCNotifierInterface.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 #import "SNTXPCBundleServiceInterface.h"

Source/common/SNTXPCSyncdInterface.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 

Source/santa-driver/SantaDecisionManager.cc

@@ -459,6 +459,11 @@ int SantaDecisionManager::VnodeCallback(const kauth_cred_t cred,
   if (vnode_hasdirtyblks(vp)) {
     RemoveFromCache(vnode_id);
     returnedAction = ACTION_RESPOND_DENY;
+
+    char path[MAXPATHLEN];
+    int len = MAXPATHLEN;
+    path[MAXPATHLEN - 1] = 0;
+    LOGW("file has dirty blocks: %s", vn_getpath(vp, path, &len) ? "unknown" : path);
   }
 
   switch (returnedAction) {
@@ -497,9 +502,7 @@ void SantaDecisionManager::FileOpCallback(
     auto vnode_id = GetVnodeIDForVnode(context, vp);
     vfs_context_rele(context);
 
-    if (action == KAUTH_FILEOP_CLOSE) {
-      RemoveFromCache(vnode_id);
-    } else if (action == KAUTH_FILEOP_EXEC) {
+    if (action == KAUTH_FILEOP_EXEC) {
       auto message = NewMessage(nullptr);
       message->vnode_id = vnode_id;
       message->action = ACTION_NOTIFY_EXEC;
@@ -615,8 +618,12 @@ extern "C" int vnode_scope_callback(
                                     reinterpret_cast<int *>(arg3));
     sdm->DecrementListenerInvocations();
     return result;
-  } else if (action & KAUTH_VNODE_WRITE_DATA) {
+  } else if (action & KAUTH_VNODE_WRITE_DATA || action & KAUTH_VNODE_APPEND_DATA) {
     sdm->IncrementListenerInvocations();
+    if (!(action & KAUTH_VNODE_ACCESS)) {
+      auto vnode_id = sdm->GetVnodeIDForVnode(reinterpret_cast<vfs_context_t>(arg0), vp);
+      sdm->RemoveFromCache(vnode_id);
+    }
     char path[MAXPATHLEN];
     int pathlen = MAXPATHLEN;
     vn_getpath(vp, path, &pathlen);

Source/santa-driver/SantaDecisionManager.h

@@ -115,6 +115,22 @@ class SantaDecisionManager : public OSObject {
   /// Decrements the count of active callbacks pending.
   void DecrementListenerInvocations();
 
+  /**
+   Fetches the vnode_id for a given vnode.
+
+   @param ctx The VFS context to use.
+   @param vp The Vnode to get the ID for
+   @return uint64_t The Vnode ID as a 64-bit unsigned int.
+   */
+  static inline uint64_t GetVnodeIDForVnode(const vfs_context_t ctx, const vnode_t vp) {
+    struct vnode_attr vap;
+    VATTR_INIT(&vap);
+    VATTR_WANTED(&vap, va_fsid);
+    VATTR_WANTED(&vap, va_fileid);
+    vnode_getattr(vp, &vap, ctx);
+    return (((uint64_t)vap.va_fsid << 32) | vap.va_fileid);
+  }
+
   /**
     Vnode Callback
 
@@ -214,23 +230,6 @@ class SantaDecisionManager : public OSObject {
   */
   bool PostToLogQueue(santa_message_t *message);
 
-  /**
-    Fetches the vnode_id for a given vnode.
-
-    @param ctx The VFS context to use.
-    @param vp The Vnode to get the ID for
-    @return uint64_t The Vnode ID as a 64-bit unsigned int.
-  */
-  static inline uint64_t GetVnodeIDForVnode(
-      const vfs_context_t ctx, const vnode_t vp) {
-    struct vnode_attr vap;
-    VATTR_INIT(&vap);
-    VATTR_WANTED(&vap, va_fsid);
-    VATTR_WANTED(&vap, va_fileid);
-    vnode_getattr(vp, &vap, ctx);
-    return (((uint64_t)vap.va_fsid << 32) | vap.va_fileid);
-  }
-
   /**
     Creates a new santa_message_t with some fields pre-filled.
 

Source/santabs/SNTBundleService.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTXPCBundleServiceInterface.h"
 

Source/santabs/SNTBundleService.m

@@ -18,15 +18,15 @@
 #import <pthread/pthread.h>
 
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
+#import <MOLXPCConnection/MOLXPCConnection.h>
 
 #import "SNTFileInfo.h"
 #import "SNTStoredEvent.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCNotifierInterface.h"
 
 @interface SNTBundleService ()
-@property SNTXPCConnection *notifierConnection;
-@property SNTXPCConnection *listener;
+@property MOLXPCConnection *notifierConnection;
+@property MOLXPCConnection *listener;
 @property(nonatomic) dispatch_queue_t queue;
 @end
 
@@ -48,7 +48,7 @@
 
   // Create listener for return connection from SantaGUI.
   NSXPCListener *listener = [NSXPCListener anonymousListener];
-  self.listener = [[SNTXPCConnection alloc] initServerWithListener:listener];
+  self.listener = [[MOLXPCConnection alloc] initServerWithListener:listener];
   self.listener.exportedInterface = [SNTXPCBundleServiceInterface bundleServiceInterface];
   self.listener.exportedObject = self;
   self.listener.acceptedHandler = ^{
@@ -80,7 +80,7 @@
 // Connect to the SantaGUI
 - (void)setBundleNotificationListener:(NSXPCListenerEndpoint *)listener {
   dispatch_async(dispatch_get_main_queue(), ^{
-    SNTXPCConnection *c = [[SNTXPCConnection alloc] initClientWithListener:listener];
+    MOLXPCConnection *c = [[MOLXPCConnection alloc] initClientWithListener:listener];
     c.remoteInterface = [SNTXPCNotifierInterface bundleNotifierInterface];
     [c resume];
     self.notifierConnection = c;

Source/santabs/main.m

@@ -12,15 +12,16 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
+
+#import <MOLXPCConnection/MOLXPCConnection.h>
 
 #import "SNTBundleService.h"
 #import "SNTXPCBundleServiceInterface.h"
-#import "SNTXPCConnection.h"
 
 int main(int argc, const char *argv[]) {
-  SNTXPCConnection *c =
-      [[SNTXPCConnection alloc] initServerWithListener:[NSXPCListener serviceListener]];
+  MOLXPCConnection *c =
+      [[MOLXPCConnection alloc] initServerWithListener:[NSXPCListener serviceListener]];
   c.exportedInterface = [SNTXPCBundleServiceInterface bundleServiceInterface];
   c.exportedObject = [[SNTBundleService alloc] init];
   [c resume];

Source/santactl/Commands/SNTCommandBundleInfo.m

@@ -15,10 +15,11 @@
 #import "SNTCommand.h"
 #import "SNTCommandController.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTFileInfo.h"
 #import "SNTLogging.h"
 #import "SNTStoredEvent.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @interface SNTCommandBundleInfo : SNTCommand<SNTCommandProtocol>

Source/santactl/Commands/SNTCommandCheckCache.m

@@ -12,13 +12,14 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommand.h"
 #import "SNTCommandController.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTLogging.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 #include <sys/stat.h>

Source/santactl/Commands/SNTCommandFileInfo.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommand.h"
 #import "SNTCommandController.h"
@@ -20,12 +20,12 @@
 #import <objc/runtime.h>
 #import <MOLCertificate/MOLCertificate.h>
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
+#import <MOLXPCConnection/MOLXPCConnection.h>
 
 #import "SNTCachedDecision.h"
 #import "SNTFileInfo.h"
 #import "SNTLogging.h"
 #import "SNTRule.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 // file info keys
@@ -192,7 +192,7 @@ REGISTER_COMMAND_NAME(@"fileinfo")
             kValidUntil ];
 }
 
-- (instancetype)initWithDaemonConnection:(SNTXPCConnection *)daemonConn {
+- (instancetype)initWithDaemonConnection:(MOLXPCConnection *)daemonConn {
   self = [super initWithDaemonConnection:daemonConn];
   if (self) {
     _dateFormatter = [[NSDateFormatter alloc] init];

Source/santactl/Commands/SNTCommandFlushCache.m

@@ -12,13 +12,14 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommand.h"
 #import "SNTCommandController.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTLogging.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @interface SNTCommandFlushCache : SNTCommand<SNTCommandProtocol>

Source/santactl/Commands/SNTCommandRule.m

@@ -12,20 +12,20 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommand.h"
 #import "SNTCommandController.h"
 
 #import <MOLCertificate/MOLCertificate.h>
 #import <MOLCodesignChecker/MOLCodesignChecker.h>
+#import <MOLXPCConnection/MOLXPCConnection.h>
 
 #import "SNTConfigurator.h"
 #import "SNTDropRootPrivs.h"
 #import "SNTFileInfo.h"
 #include "SNTLogging.h"
 #import "SNTRule.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @interface SNTCommandRule : SNTCommand<SNTCommandProtocol>
@@ -164,7 +164,7 @@ REGISTER_COMMAND_NAME(@"rule")
   }];
 }
 
-- (void)printStateOfRule:(SNTRule *)rule daemonConnection:(SNTXPCConnection *)daemonConn {
+- (void)printStateOfRule:(SNTRule *)rule daemonConnection:(MOLXPCConnection *)daemonConn {
   NSString *fileSHA256 = (rule.type == SNTRuleTypeBinary) ? rule.shasum : nil;
   NSString *certificateSHA256 = (rule.type == SNTRuleTypeCertificate) ? rule.shasum : nil;
   dispatch_group_t group = dispatch_group_create();

Source/santactl/Commands/SNTCommandStatus.m

@@ -12,13 +12,14 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommand.h"
 #import "SNTCommandController.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTConfigurator.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @interface SNTCommandStatus : SNTCommand<SNTCommandProtocol>

Source/santactl/Commands/SNTCommandVersion.m

@@ -12,16 +12,17 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
-@import IOKit.kext;
+#import <Foundation/Foundation.h>
+#import <IOKit/kext/KextManager.h>
 
 #import "SNTCommand.h"
 #import "SNTCommandController.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTCommonEnums.h"
 #import "SNTFileInfo.h"
 #import "SNTKernelCommon.h"
-#import "SNTXPCConnection.h"
 
 @interface SNTCommandVersion : SNTCommand<SNTCommandProtocol>
 @end

Source/santactl/Commands/sync/NSData+Zlib.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 /// Category on NSData providing the option of getting zlib or gzip compressed data.
 @interface NSData (Zlib)

Source/santactl/Commands/sync/SNTCommandSync.m

@@ -12,20 +12,21 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommand.h"
 #import "SNTCommandController.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTCommandSyncManager.h"
 #import "SNTConfigurator.h"
 #import "SNTDropRootPrivs.h"
 #import "SNTLogging.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @interface SNTCommandSync : SNTCommand<SNTCommandProtocol>
-@property SNTXPCConnection *listener;
+@property MOLXPCConnection *listener;
 @property SNTCommandSyncManager *syncManager;
 @end
 
@@ -48,7 +49,7 @@ REGISTER_COMMAND_NAME(@"sync")
 }
 
 + (NSString *)longHelpText {
-  return (@"If Santa is configured to synchronize with a a server, "
+  return (@"If Santa is configured to synchronize with a server, "
           @"this is the command used for syncing.\n\n"
           @"Options:\n"
           @"  --clean: Perform a clean sync, erasing all existing rules and requesting a"
@@ -84,12 +85,12 @@ REGISTER_COMMAND_NAME(@"sync")
 
 #pragma mark daemon methods
 
-- (void)syncdWithDaemonConnection:(SNTXPCConnection *)daemonConn {
+- (void)syncdWithDaemonConnection:(MOLXPCConnection *)daemonConn {
   dispatch_semaphore_t sema = dispatch_semaphore_create(0);
 
   // Create listener for return connection from daemon.
   NSXPCListener *listener = [NSXPCListener anonymousListener];
-  self.listener = [[SNTXPCConnection alloc] initServerWithListener:listener];
+  self.listener = [[MOLXPCConnection alloc] initServerWithListener:listener];
   self.listener.exportedInterface = [SNTXPCSyncdInterface syncdInterface];
   self.listener.exportedObject = self.syncManager;
   self.listener.acceptedHandler = ^{
@@ -108,6 +109,8 @@ REGISTER_COMMAND_NAME(@"sync")
 
   // Now wait for the connection to come in.
   if (dispatch_semaphore_wait(sema, dispatch_time(DISPATCH_TIME_NOW, 5 * NSEC_PER_SEC))) {
+    self.listener.invalidationHandler = nil;
+    [self.listener invalidate];
     [self performSelectorInBackground:@selector(syncdWithDaemonConnection:) withObject:daemonConn];
   }
 

Source/santactl/Commands/sync/SNTCommandSyncConstants.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 extern NSString *const kXSRFToken;
 

Source/santactl/Commands/sync/SNTCommandSyncEventUpload.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommandSyncStage.h"
 

Source/santactl/Commands/sync/SNTCommandSyncEventUpload.m

@@ -16,14 +16,14 @@
 
 #include "SNTLogging.h"
 
-#import "MOLCertificate.h"
-#import "MOLCodesignChecker.h"
+#import <MOLCertificate/MOLCertificate.h>
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "NSData+Zlib.h"
 #import "SNTCommandSyncConstants.h"
 #import "SNTCommandSyncState.h"
 #import "SNTFileInfo.h"
 #import "SNTStoredEvent.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @implementation SNTCommandSyncEventUpload
@@ -76,6 +76,8 @@
 }
 
 - (NSDictionary *)dictionaryForEvent:(SNTStoredEvent *)event {
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wobjc-literal-conversion"
 #define ADDKEY(dict, key, value) if (value) dict[key] = value
   NSMutableDictionary *newEvent = [NSMutableDictionary dictionary];
 
@@ -144,6 +146,7 @@
 
   return newEvent;
 #undef ADDKEY
+#pragma clang diagnostic pop
 }
 
 @end

Source/santactl/Commands/sync/SNTCommandSyncLogUpload.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommandSyncStage.h"
 

Source/santactl/Commands/sync/SNTCommandSyncManager.h

@@ -12,11 +12,11 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTXPCSyncdInterface.h"
 
-@class SNTXPCConnection;
+@class MOLXPCConnection;
 
 ///
 ///  Handles push notifications and periodic syncing with a sync server.
@@ -37,7 +37,7 @@
 ///  @param daemon Set to YES if periodic syncing should occur.
 ///                Set to NO if a single sync should be performed. NO is default.
 ///
-- (instancetype)initWithDaemonConnection:(SNTXPCConnection *)daemonConn
+- (instancetype)initWithDaemonConnection:(MOLXPCConnection *)daemonConn
                                 isDaemon:(BOOL)daemon NS_DESIGNATED_INITIALIZER;
 
 ///

Source/santactl/Commands/sync/SNTCommandSyncManager.m

@@ -14,10 +14,11 @@
 
 #import "SNTCommandSyncManager.h"
 
-@import SystemConfiguration;
+#import <SystemConfiguration/SystemConfiguration.h>
 
-#import <MOLAuthenticatingURLSession.h>
+#import <MOLAuthenticatingURLSession/MOLAuthenticatingURLSession.h>
 #import <MOLFCMClient/MOLFCMClient.h>
+#import <MOLXPCConnection/MOLXPCConnection.h>
 
 #import "SNTConfigurator.h"
 #import "SNTCommandSyncConstants.h"
@@ -31,7 +32,6 @@
 #import "SNTLogging.h"
 #import "SNTStoredEvent.h"
 #import "SNTStrengthify.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 #import "SNTXPCSyncdInterface.h"
 
@@ -63,7 +63,7 @@ static NSString *const kFCMTargetHostIDKey = @"target_host_id";
 
 @property MOLFCMClient *FCMClient;
 
-@property(nonatomic) SNTXPCConnection *daemonConn;
+@property(nonatomic) MOLXPCConnection *daemonConn;
 
 @property BOOL targetedRuleSync;
 
@@ -89,7 +89,7 @@ static void reachabilityHandler(
 
 #pragma mark init
 
-- (instancetype)initWithDaemonConnection:(SNTXPCConnection *)daemonConn isDaemon:(BOOL)daemon {
+- (instancetype)initWithDaemonConnection:(MOLXPCConnection *)daemonConn isDaemon:(BOOL)daemon {
   self = [super init];
   if (self) {
     _daemonConn = daemonConn;
@@ -420,7 +420,7 @@ static void reachabilityHandler(
 
 #pragma mark internal helpers
 
-- (dispatch_source_t)createSyncTimerWithBlock:(void (^)())block {
+- (dispatch_source_t)createSyncTimerWithBlock:(void (^)(void))block {
   dispatch_source_t timerQueue = dispatch_source_create(
       DISPATCH_SOURCE_TYPE_TIMER, 0, 0,
       dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_BACKGROUND, 0));

Source/santactl/Commands/sync/SNTCommandSyncPostflight.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommandSyncStage.h"
 

Source/santactl/Commands/sync/SNTCommandSyncPostflight.m

@@ -16,9 +16,10 @@
 
 #include "SNTLogging.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTCommandSyncConstants.h"
 #import "SNTCommandSyncState.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @implementation SNTCommandSyncPostflight
@@ -32,7 +33,7 @@
   [self performRequest:[self requestWithDictionary:nil]];
 
   dispatch_group_t group = dispatch_group_create();
-  void (^replyBlock)() = ^{
+  void (^replyBlock)(void) = ^{
     dispatch_group_leave(group);
   };
 

Source/santactl/Commands/sync/SNTCommandSyncPreflight.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommandSyncStage.h"
 

Source/santactl/Commands/sync/SNTCommandSyncPreflight.m

@@ -17,11 +17,12 @@
 #include "SNTKernelCommon.h"
 #include "SNTLogging.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTCommandSyncConstants.h"
 #import "SNTCommandSyncState.h"
 #import "SNTConfigurator.h"
 #import "SNTSystemInfo.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 @implementation SNTCommandSyncPreflight

Source/santactl/Commands/sync/SNTCommandSyncRuleDownload.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommandSyncStage.h"
 

Source/santactl/Commands/sync/SNTCommandSyncRuleDownload.m

@@ -14,10 +14,11 @@
 
 #import "SNTCommandSyncRuleDownload.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTCommandSyncConstants.h"
 #import "SNTCommandSyncState.h"
 #import "SNTRule.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 
 #include "SNTLogging.h"

Source/santactl/Commands/sync/SNTCommandSyncStage.h

@@ -12,16 +12,16 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 @class SNTCommandSyncState;
-@class SNTXPCConnection;
+@class MOLXPCConnection;
 
 @interface SNTCommandSyncStage : NSObject
 
 @property(readonly, nonnull) NSURLSession *urlSession;
 @property(readonly, nonnull) SNTCommandSyncState *syncState;
-@property(readonly, nonnull) SNTXPCConnection *daemonConn;
+@property(readonly, nonnull) MOLXPCConnection *daemonConn;
 
 /**
   Initialize this stage. Designated initializer.

Source/santactl/Commands/sync/SNTCommandSyncStage.m

@@ -14,18 +14,19 @@
 
 #import "SNTCommandSyncStage.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "NSData+Zlib.h"
 #import "SNTCommandSyncConstants.h"
 #import "SNTCommandSyncState.h"
 #import "SNTLogging.h"
 #import "SNTXPCControlInterface.h"
-#import "SNTXPCConnection.h"
 
 @interface SNTCommandSyncStage ()
 
 @property(readwrite) NSURLSession *urlSession;
 @property(readwrite) SNTCommandSyncState *syncState;
-@property(readwrite) SNTXPCConnection *daemonConn;
+@property(readwrite) MOLXPCConnection *daemonConn;
 @property BOOL xsrfFetched;
 
 @end

Source/santactl/Commands/sync/SNTCommandSyncState.h

@@ -12,12 +12,12 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 
 @class SNTCommandSyncManager;
-@class SNTXPCConnection;
+@class MOLXPCConnection;
 
 /// An instance of this class is passed to each stage of the sync process for storing data
 /// that might be needed in later stages.
@@ -27,7 +27,7 @@
 @property NSURLSession *session;
 
 /// Connection to the daemon control interface.
-@property SNTXPCConnection *daemonConn;
+@property MOLXPCConnection *daemonConn;
 
 /// The base API URL.
 @property NSURL *syncBaseURL;

Source/santactl/Resources/santactl-Info.plist

@@ -7,7 +7,7 @@
 	<key>NSHumanReadableCopyright</key>
 	<string>Google, Inc.</string>
 	<key>CFBundleIdentifier</key>
-	<string>com.google.${PRODUCT_NAME:rfc1034identifier}</string>
+	<string>com.google.santactl</string>
 	<key>CFBundleName</key>
 	<string>${PRODUCT_NAME}</string>
 	<key>CFBundleShortVersionString</key>

Source/santactl/SNTCommand.h

@@ -12,9 +12,9 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
-@class SNTXPCConnection;
+@class MOLXPCConnection;
 
 @protocol SNTCommandProtocol
 
@@ -50,16 +50,16 @@
 ///
 ///  @note This method (or one of the methods it calls) is responsible for calling exit().
 ///
-+ (void)runWithArguments:(NSArray *)arguments daemonConnection:(SNTXPCConnection *)daemonConn;
++ (void)runWithArguments:(NSArray *)arguments daemonConnection:(MOLXPCConnection *)daemonConn;
 
 @end
 
 @interface SNTCommand : NSObject<SNTCommandRunProtocol>
 
-@property(nonatomic,readonly) SNTXPCConnection *daemonConn;
+@property(nonatomic,readonly) MOLXPCConnection *daemonConn;
 
 ///  Designated initializer
-- (instancetype)initWithDaemonConnection:(SNTXPCConnection *)daemonConn;
+- (instancetype)initWithDaemonConnection:(MOLXPCConnection *)daemonConn;
 
 - (void)runWithArguments:(NSArray *)arguments;
 

Source/santactl/SNTCommand.m

@@ -16,12 +16,12 @@
 
 @implementation SNTCommand
 
-+ (void)runWithArguments:(NSArray *)arguments daemonConnection:(SNTXPCConnection *)daemonConn {
++ (void)runWithArguments:(NSArray *)arguments daemonConnection:(MOLXPCConnection *)daemonConn {
   id cmd = [[self alloc] initWithDaemonConnection:daemonConn];
   [cmd runWithArguments:arguments];
 }
 
-- (instancetype)initWithDaemonConnection:(SNTXPCConnection *)daemonConn {
+- (instancetype)initWithDaemonConnection:(MOLXPCConnection *)daemonConn {
   self = [super init];
   if (self) {
     _daemonConn = daemonConn;

Source/santactl/SNTCommandController.h

@@ -12,11 +12,11 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommand.h"
 
-@class SNTXPCConnection;
+@class MOLXPCConnection;
 
 ///
 ///  Responsible for maintaining the list of available commands by name, printing their help text

Source/santactl/SNTCommandController.m

@@ -14,7 +14,8 @@
 
 #import "SNTCommandController.h"
 
-#import "SNTXPCConnection.h"
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTXPCControlInterface.h"
 
 @implementation SNTCommandController
@@ -69,8 +70,8 @@ static NSMutableDictionary *registeredCommands;
   return nil;
 }
 
-+ (SNTXPCConnection *)connectToDaemonRequired:(BOOL)required {
-  SNTXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
++ (MOLXPCConnection *)connectToDaemonRequired:(BOOL)required {
+  MOLXPCConnection *daemonConn = [SNTXPCControlInterface configuredConnection];
 
   if (required) {
     daemonConn.invalidationHandler = ^{
@@ -94,7 +95,7 @@ static NSMutableDictionary *registeredCommands;
     exit(2);
   }
 
-  SNTXPCConnection *daemonConn = [self connectToDaemonRequired:[command requiresDaemonConn]];
+  MOLXPCConnection *daemonConn = [self connectToDaemonRequired:[command requiresDaemonConn]];
   [command runWithArguments:arguments daemonConnection:daemonConn];
 
   // The command is responsible for quitting.

Source/santactl/main.m

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommandController.h"
 

Source/santad/DataLayer/SNTDatabaseTable.h

@@ -12,11 +12,11 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 // This is imported in the header rather than implementation to save
 // classes that use this one from also having to import FMDB stuff.
-#import <FMDB/FMDB.h>
+#import <fmdb/FMDB.h>
 
 @interface SNTDatabaseTable : NSObject
 

Source/santad/DataLayer/SNTEventTable.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTDatabaseTable.h"
 

Source/santad/DataLayer/SNTEventTable.m

@@ -54,7 +54,7 @@
       }
 
       NSData *eventData;
-      NSNumber *idx = [rs objectForColumnName:@"idx"];
+      NSNumber *idx = [rs objectForColumn:@"idx"];
       @try {
         eventData = [NSKeyedArchiver archivedDataWithRootObject:se];
         [db executeUpdate:@"UPDATE events SET eventdata=? WHERE idx=?", eventData, idx];
@@ -141,7 +141,7 @@
       if (obj) {
         [pendingEvents addObject:obj];
       } else {
-        [db executeUpdate:@"DELETE FROM events WHERE idx=?", [rs objectForColumnName:@"idx"]];
+        [db executeUpdate:@"DELETE FROM events WHERE idx=?", [rs objectForColumn:@"idx"]];
       }
     }
 

Source/santad/DataLayer/SNTRuleTable.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 #import "SNTDatabaseTable.h"

Source/santad/DataLayer/SNTRuleTable.m

@@ -133,7 +133,8 @@
 
 #pragma mark Adding
 
-- (BOOL)addRules:(NSArray *)rules cleanSlate:(BOOL)cleanSlate error:(NSError **)error {
+- (BOOL)addRules:(NSArray *)rules cleanSlate:(BOOL)cleanSlate
+           error:(NSError * __autoreleasing *)error {
   if (!rules || rules.count < 1) {
     [self fillError:error code:SNTRuleTableErrorEmptyRuleArray message:nil];
     return NO;

Source/santad/Logs/SNTEventLog.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTKernelCommon.h"
 
@@ -40,7 +40,6 @@
 - (NSString *)diskImageForDevice:(NSString *)devPath;
 - (NSString *)nameForUID:(uid_t)uid;
 - (NSString *)nameForGID:(gid_t)gid;
-- (NSString *)sanitizeCString:(const char *)str ofLength:(NSUInteger)length;
 - (NSString *)sanitizeString:(NSString *)inStr;
 - (NSString *)serialForDevice:(NSString *)devPath;
 - (NSString *)originalPathForTranslocation:(santa_message_t)message;

Source/santad/Logs/SNTEventLog.m

@@ -114,6 +114,8 @@
   char *buf = NULL;
   BOOL shouldFree = NO;
 
+  if (length < 1) return @"";
+
   // Loop through the string one character at a time, looking for the characters
   // we want to remove.
   for (const char *p = str; (c = *p) != 0; ++p) {
@@ -366,9 +368,12 @@
 
   // SecTranslocateCreateOriginalPathForURL requires that our uid be the same as the user who
   // launched the executable.  So we temporarily drop from root down to this uid, then reset.
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated"
   pthread_setugid_np(message.uid, message.gid);
   NSURL *origURL = CFBridgingRelease(CreateOriginalPathForURL(cfExecURL, NULL));
   pthread_setugid_np(KAUTH_UID_NONE, KAUTH_GID_NONE);
+#pragma clang diagnostic pop
 
   return [origURL path];  // this will be nil if there was an error
 }

Source/santad/Resources/santad-Info.plist

@@ -7,7 +7,7 @@
 	<key>NSHumanReadableCopyright</key>
 	<string>Google, Inc.</string>
 	<key>CFBundleIdentifier</key>
-	<string>com.google.${PRODUCT_NAME:rfc1034identifier}</string>
+	<string>com.google.santad</string>
 	<key>CFBundleName</key>
 	<string>${PRODUCT_NAME}</string>
 	<key>CFBundleVersion</key>

Source/santad/SNTApplication.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 ///
 ///  The main controller class for santad

Source/santad/SNTApplication.m

@@ -14,7 +14,9 @@
 
 #import "SNTApplication.h"
 
-@import DiskArbitration;
+#import <DiskArbitration/DiskArbitration.h>
+
+#import <MOLXPCConnection/MOLXPCConnection.h>
 
 #import "SNTCommonEnums.h"
 #import "SNTConfigurator.h"
@@ -30,7 +32,6 @@
 #import "SNTRuleTable.h"
 #import "SNTSyncdQueue.h"
 #import "SNTSyslogEventLog.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCControlInterface.h"
 #import "SNTXPCNotifierInterface.h"
 
@@ -39,7 +40,7 @@
 @property SNTDriverManager *driverManager;
 @property SNTEventLog *eventLog;
 @property SNTExecutionController *execController;
-@property SNTXPCConnection *controlConnection;
+@property MOLXPCConnection *controlConnection;
 @property SNTNotificationQueue *notQueue;
 @property pid_t syncdPID;
 @end
@@ -115,7 +116,7 @@
                                                          eventLog:_eventLog];
 
     _controlConnection =
-        [[SNTXPCConnection alloc] initServerWithName:[SNTXPCControlInterface serviceId]];
+        [[MOLXPCConnection alloc] initServerWithName:[SNTXPCControlInterface serviceId]];
     _controlConnection.exportedInterface = [SNTXPCControlInterface controlInterface];
     _controlConnection.exportedObject = dc;
     [_controlConnection resume];

Source/santad/SNTCachedDecision.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 

Source/santad/SNTDaemonControlController.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTXPCControlInterface.h"
 

Source/santad/SNTDaemonControlController.m

@@ -14,6 +14,8 @@
 
 #import "SNTDaemonControlController.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTCachedDecision.h"
 #import "SNTCommonEnums.h"
 #import "SNTConfigurator.h"
@@ -30,7 +32,6 @@
 #import "SNTStrengthify.h"
 #import "SNTSyncdQueue.h"
 #import "SNTXPCBundleServiceInterface.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCNotifierInterface.h"
 #import "SNTXPCSyncdInterface.h"
 
@@ -145,7 +146,7 @@ double watchdogRAMPeak = 0;
   reply([[SNTConfigurator configurator] clientMode]);
 }
 
-- (void)setClientMode:(SNTClientMode)mode reply:(void (^)())reply {
+- (void)setClientMode:(SNTClientMode)mode reply:(void (^)(void))reply {
   [[SNTConfigurator configurator] setSyncServerClientMode:mode];
   reply();
 }
@@ -154,7 +155,7 @@ double watchdogRAMPeak = 0;
   reply(self._syncXsrfToken);
 }
 
-- (void)setXsrfToken:(NSString *)token reply:(void (^)())reply {
+- (void)setXsrfToken:(NSString *)token reply:(void (^)(void))reply {
   self._syncXsrfToken = token;
   reply();
 }
@@ -163,7 +164,7 @@ double watchdogRAMPeak = 0;
   reply([[SNTConfigurator configurator] fullSyncLastSuccess]);
 }
 
-- (void)setFullSyncLastSuccess:(NSDate *)date reply:(void (^)())reply {
+- (void)setFullSyncLastSuccess:(NSDate *)date reply:(void (^)(void))reply {
   [[SNTConfigurator configurator] setFullSyncLastSuccess:date];
   reply();
 }
@@ -172,7 +173,7 @@ double watchdogRAMPeak = 0;
   reply([[SNTConfigurator configurator] ruleSyncLastSuccess]);
 }
 
-- (void)setRuleSyncLastSuccess:(NSDate *)date reply:(void (^)())reply {
+- (void)setRuleSyncLastSuccess:(NSDate *)date reply:(void (^)(void))reply {
   [[SNTConfigurator configurator] setRuleSyncLastSuccess:date];
   reply();
 }
@@ -181,12 +182,12 @@ double watchdogRAMPeak = 0;
   reply([[SNTConfigurator configurator] syncCleanRequired]);
 }
 
-- (void)setSyncCleanRequired:(BOOL)cleanReqd reply:(void (^)())reply {
+- (void)setSyncCleanRequired:(BOOL)cleanReqd reply:(void (^)(void))reply {
   [[SNTConfigurator configurator] setSyncCleanRequired:cleanReqd];
   reply();
 }
 
-- (void)setWhitelistPathRegex:(NSString *)pattern reply:(void (^)())reply {
+- (void)setWhitelistPathRegex:(NSString *)pattern reply:(void (^)(void))reply {
   NSRegularExpression *re = [NSRegularExpression regularExpressionWithPattern:pattern
                                                                       options:0
                                                                         error:NULL];
@@ -194,7 +195,7 @@ double watchdogRAMPeak = 0;
   reply();
 }
 
-- (void)setBlacklistPathRegex:(NSString *)pattern reply:(void (^)())reply {
+- (void)setBlacklistPathRegex:(NSString *)pattern reply:(void (^)(void))reply {
   NSRegularExpression *re = [NSRegularExpression regularExpressionWithPattern:pattern
                                                                       options:0
                                                                         error:NULL];
@@ -206,7 +207,7 @@ double watchdogRAMPeak = 0;
   reply([SNTConfigurator configurator].bundlesEnabled);
 }
 
-- (void)setBundlesEnabled:(BOOL)bundlesEnabled reply:(void (^)())reply {
+- (void)setBundlesEnabled:(BOOL)bundlesEnabled reply:(void (^)(void))reply {
   [[SNTConfigurator configurator] setBundlesEnabled:bundlesEnabled];
   reply();
 }
@@ -214,14 +215,16 @@ double watchdogRAMPeak = 0;
 #pragma mark GUI Ops
 
 - (void)setNotificationListener:(NSXPCListenerEndpoint *)listener {
-  SNTXPCConnection *c = [[SNTXPCConnection alloc] initClientWithListener:listener];
+  // This will leak the underlying NSXPCConnection when "fast user switching" occurs.
+  // It is not worth the trouble to fix. Maybe future self will feel differently.
+  MOLXPCConnection *c = [[MOLXPCConnection alloc] initClientWithListener:listener];
   c.remoteInterface = [SNTXPCNotifierInterface notifierInterface];
   [c resume];
   self.notQueue.notifierConnection = c;
 }
 
 - (void)setBundleNotificationListener:(NSXPCListenerEndpoint *)listener {
-  SNTXPCConnection *bs = [[SNTXPCConnection alloc] initClientWithServiceName:@"com.google.santabs"];
+  MOLXPCConnection *bs = [[MOLXPCConnection alloc] initClientWithServiceName:@"com.google.santabs"];
   bs.remoteInterface = [SNTXPCBundleServiceInterface bundleServiceInterface];
   [bs resume];
   [[bs remoteObjectProxy] setBundleNotificationListener:listener];
@@ -233,12 +236,13 @@ double watchdogRAMPeak = 0;
 - (void)setSyncdListener:(NSXPCListenerEndpoint *)listener {
   // Only allow one active syncd connection
   if (self.syncdQueue.syncdConnection) return;
-  SNTXPCConnection *c = [[SNTXPCConnection alloc] initClientWithListener:listener];
+  MOLXPCConnection *c = [[MOLXPCConnection alloc] initClientWithListener:listener];
   c.remoteInterface = [SNTXPCSyncdInterface syncdInterface];
   c.invalidationHandler = ^{
     [self.syncdQueue stopSyncingEvents];
+    [self.syncdQueue.syncdConnection invalidate];
     self.syncdQueue.syncdConnection = nil;
-    self.syncdQueue.invalidationHandler();
+    if (self.syncdQueue.invalidationHandler) self.syncdQueue.invalidationHandler();
   };
   c.acceptedHandler = ^{
     [self.syncdQueue startSyncingEvents];
@@ -253,7 +257,7 @@ double watchdogRAMPeak = 0;
   }];
 }
 
-- (void)postRuleSyncNotificationWithCustomMessage:(NSString *)message reply:(void (^)())reply {
+- (void)postRuleSyncNotificationWithCustomMessage:(NSString *)message reply:(void (^)(void))reply {
   [[self.notQueue.notifierConnection remoteObjectProxy]
       postRuleSyncNotificationWithCustomMessage:message];
   reply();
@@ -275,8 +279,8 @@ double watchdogRAMPeak = 0;
 ///
 - (void)hashBundleBinariesForEvent:(SNTStoredEvent *)event
                              reply:(SNTBundleHashBlock)reply {
-  SNTXPCConnection *bs =
-      [[SNTXPCConnection alloc] initClientWithServiceName:[SNTXPCBundleServiceInterface serviceId]];
+  MOLXPCConnection *bs =
+      [[MOLXPCConnection alloc] initClientWithServiceName:[SNTXPCBundleServiceInterface serviceId]];
   bs.remoteInterface = [SNTXPCBundleServiceInterface bundleServiceInterface];
   [bs resume];
   [[bs remoteObjectProxy] hashBundleBinariesForEvent:event reply:reply];

Source/santad/SNTDatabaseController.h

@@ -12,11 +12,11 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 // This is imported in the header rather than implementation to saves
 // classes that use this one from also having to import FMDB stuff.
-#import <FMDB/FMDB.h>
+#import <fmdb/FMDB.h>
 
 @class SNTConfigTable;
 @class SNTEventTable;

Source/santad/SNTDriverManager.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #include "SNTKernelCommon.h"
 

Source/santad/SNTDriverManager.m

@@ -14,7 +14,8 @@
 
 #import "SNTDriverManager.h"
 
-@import IOKit.kext;
+#import <IOKit/IODataQueueClient.h>
+#import <IOKit/kext/KextManager.h>
 
 #include <mach/mach_port.h>
 

Source/santad/SNTExecutionController.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 #include "SNTKernelCommon.h"

Source/santad/SNTNotificationQueue.h

@@ -12,14 +12,14 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 @class SNTStoredEvent;
-@class SNTXPCConnection;
+@class MOLXPCConnection;
 
 @interface SNTNotificationQueue : NSObject
 
-@property(nonatomic) SNTXPCConnection *notifierConnection;
+@property(nonatomic) MOLXPCConnection *notifierConnection;
 
 - (void)addEvent:(SNTStoredEvent *)event customMessage:(NSString *)message;
 

Source/santad/SNTNotificationQueue.m

@@ -14,9 +14,10 @@
 
 #import "SNTNotificationQueue.h"
 
+#import <MOLXPCConnection/MOLXPCConnection.h>
+
 #import "SNTLogging.h"
 #import "SNTStoredEvent.h"
-#import "SNTXPCConnection.h"
 #import "SNTXPCNotifierInterface.h"
 
 static const int kMaximumNotifications = 10;
@@ -69,7 +70,7 @@ static const int kMaximumNotifications = 10;
   }
 }
 
-- (void)setNotifierConnection:(SNTXPCConnection *)notifierConnection {
+- (void)setNotifierConnection:(MOLXPCConnection *)notifierConnection {
   _notifierConnection = notifierConnection;
   [self flushQueue];
 }

Source/santad/SNTPolicyProcessor.h

@@ -12,7 +12,7 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 #import "SNTKernelCommon.h"

Source/santad/SNTSyncdQueue.h

@@ -12,18 +12,18 @@
 ///    See the License for the specific language governing permissions and
 ///    limitations under the License.
 
-@import Foundation;
+#import <Foundation/Foundation.h>
 
 #import "SNTCommonEnums.h"
 
 @class SNTStoredEvent;
-@class SNTXPCConnection;
+@class MOLXPCConnection;
 
 @interface SNTSyncdQueue : NSObject
 
-@property(nonatomic) SNTXPCConnection *syncdConnection;
-@property(copy) void (^invalidationHandler)();
-@property(copy) void (^acceptedHandler)();
+@property(nonatomic) MOLXPCConnection *syncdConnection;
+@property(copy) void (^invalidationHandler)(void);
+@property(copy) void (^acceptedHandler)(void);
 
 - (void)addEvents:(NSArray<SNTStoredEvent *> *)events isFromBundle:(BOOL)isFromBundle;
 - (void)addBundleEvent:(SNTStoredEvent *)event reply:(void (^)(SNTBundleEventAction))reply;