mirror of
https://github.com/google/santa.git
synced 2026-01-15 01:08:12 -05:00
3be45fd6c0
* WIP: UI: open cert modal, hookup silence checkbox. Add cert helper funcs. * Popup dialog on file access violation. Support config-based and custom messages. * Send message to TTY on file access rule violation * TTYWriter Write now takes an es_process_t. Fix async data lifespan issue. * Dedupe TTY message printing per process per rule * Some minor swift beautification * Remove main app from dock when showing file access dialog * Update header docs * Remove define guards for ObjC header file * Update Source/common/CertificateHelpers.h Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com> * Fix comment typo Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com> * Use #import for ObjC headers * Use #import for ObjC header Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com> * lint * Comment use of escape sequences --------- Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
100 lines
2.4 KiB
Objective-C
100 lines
2.4 KiB
Objective-C
/// Copyright 2023 Google LLC
|
|
///
|
|
/// Licensed under the Apache License, Version 2.0 (the "License");
|
|
/// you may not use this file except in compliance with the License.
|
|
/// You may obtain a copy of the License at
|
|
///
|
|
/// https://www.apache.org/licenses/LICENSE-2.0
|
|
///
|
|
/// Unless required by applicable law or agreed to in writing, software
|
|
/// distributed under the License is distributed on an "AS IS" BASIS,
|
|
/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
/// See the License for the specific language governing permissions and
|
|
/// limitations under the License.
|
|
|
|
#import <Foundation/Foundation.h>
|
|
|
|
#import <MOLCertificate/MOLCertificate.h>
|
|
|
|
///
|
|
/// Represents an event stored in the database.
|
|
///
|
|
@interface SNTFileAccessEvent : NSObject <NSSecureCoding>
|
|
|
|
///
|
|
/// The watched path that was accessed
|
|
///
|
|
@property NSString *accessedPath;
|
|
|
|
///
|
|
/// The rule version and name that were violated
|
|
///
|
|
@property NSString *ruleVersion;
|
|
@property NSString *ruleName;
|
|
|
|
///
|
|
/// The SHA256 of the process that accessed the path
|
|
///
|
|
@property NSString *fileSHA256;
|
|
|
|
///
|
|
/// The path of the process that accessed the watched path
|
|
///
|
|
@property NSString *filePath;
|
|
|
|
///
|
|
/// If the process is part of a bundle, the name of the application
|
|
///
|
|
@property NSString *application;
|
|
|
|
///
|
|
/// If the executed file was signed, this is the Team ID if present in the signature information.
|
|
///
|
|
@property NSString *teamID;
|
|
|
|
///
|
|
/// If the executed file was signed, this is the Signing ID if present in the signature information.
|
|
///
|
|
@property NSString *signingID;
|
|
|
|
///
|
|
/// The user who executed the binary.
|
|
///
|
|
@property NSString *executingUser;
|
|
|
|
///
|
|
/// The process ID of the binary being executed.
|
|
///
|
|
@property NSNumber *pid;
|
|
|
|
///
|
|
/// The parent process ID of the binary being executed.
|
|
///
|
|
@property NSNumber *ppid;
|
|
|
|
///
|
|
/// The name of the parent process.
|
|
///
|
|
@property NSString *parentName;
|
|
|
|
///
|
|
/// If the executed file was signed, this is an NSArray of MOLCertificate's
|
|
/// representing the signing chain.
|
|
///
|
|
@property NSArray<MOLCertificate *> *signingChain;
|
|
|
|
///
|
|
/// A string representing the publisher based on the signingChain
|
|
///
|
|
@property(readonly) NSString *publisherInfo;
|
|
|
|
///
|
|
/// Return an array of the underlying SecCertificateRef's of the signingChain
|
|
///
|
|
/// WARNING: If the refs need to be used for a long time be careful to properly
|
|
/// CFRetain/CFRelease the returned items.
|
|
///
|
|
@property(readonly) NSArray *signingChainCertRefs;
|
|
|
|
@end
|